[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Fri Jan 15 22:38:45 UTC 2016
The branch master has been updated
via 25be7a0feacdbd3326774f0da8aaeb966c1f57f8 (commit)
via c864e7611f7bf0011fd0cb64b3fdfc42eb15e807 (commit)
from 9f9a39267f6c752af0905d77062b00671b1b60c6 (commit)
- Log -----------------------------------------------------------------
commit 25be7a0feacdbd3326774f0da8aaeb966c1f57f8
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Jan 14 22:13:37 2016 +0000
free up gost ciphers
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
commit c864e7611f7bf0011fd0cb64b3fdfc42eb15e807
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Jan 14 23:56:50 2016 +0000
Add lookup_certs for a trusted stack.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 21 +++++++++++++++++++++
engines/ccgost/gost_crypt.c | 8 ++++++++
engines/ccgost/gost_eng.c | 1 +
engines/ccgost/gost_lcl.h | 1 +
4 files changed, 31 insertions(+)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 972760c..48d9367 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -344,6 +344,26 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
return 0;
}
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+ STACK_OF(X509) *sk = NULL;
+ X509 *x;
+ int i;
+ for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
+ x = sk_X509_value(ctx->other_ctx, i);
+ if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
+ if (sk == NULL)
+ sk = sk_X509_new_null();
+ if (sk == NULL || sk_X509_push(sk, x) == 0) {
+ sk_X509_pop_free(sk, X509_free);
+ return NULL;
+ }
+ X509_up_ref(x);
+ }
+ }
+ return sk;
+}
+
/*
* Check a certificate chains extensions for consistency with the supplied
* purpose
@@ -2226,6 +2246,7 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
{
ctx->other_ctx = sk;
ctx->get_issuer = get_issuer_sk;
+ ctx->lookup_certs = lookup_certs_sk;
}
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c
index 9c6dcc5..63009a2 100644
--- a/engines/ccgost/gost_crypt.c
+++ b/engines/ccgost/gost_crypt.c
@@ -109,6 +109,14 @@ const EVP_CIPHER *cipher_gost_cpacnt(void)
return _hidden_gost89_cnt;
}
+void cipher_gost_destroy(void)
+{
+ EVP_CIPHER_meth_free(_hidden_Gost28147_89_cipher);
+ _hidden_Gost28147_89_cipher = NULL;
+ EVP_CIPHER_meth_free(_hidden_gost89_cnt);
+ _hidden_gost89_cnt = NULL;
+}
+
/* Implementation of GOST 28147-89 in MAC (imitovstavka) mode */
/* Init functions which set specific parameters */
static int gost_imit_init_cpa(EVP_MD_CTX *ctx);
diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c
index bc43848..38ed25c 100644
--- a/engines/ccgost/gost_eng.c
+++ b/engines/ccgost/gost_eng.c
@@ -77,6 +77,7 @@ static int gost_engine_finish(ENGINE *e)
static int gost_engine_destroy(ENGINE *e)
{
digest_gost_destroy();
+ cipher_gost_destroy();
imit_gost_cpa_destroy();
gost_param_free();
diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h
index 895e2d6..61f657c 100644
--- a/engines/ccgost/gost_lcl.h
+++ b/engines/ccgost/gost_lcl.h
@@ -145,6 +145,7 @@ struct ossl_gost_digest_ctx {
/* EVP_MD structure for GOST R 34.11 */
EVP_MD *digest_gost(void);
void digest_gost_destroy(void);
+void cipher_gost_destroy(void);
/* EVP_MD structure for GOST 28147 in MAC mode */
const EVP_MD *imit_gost_cpa(void);
void imit_gost_cpa_destroy(void);
More information about the openssl-commits
mailing list