File: Revert-Drop-by-store-s-by_store_subject_ex.patch

package info (click to toggle)
openssl 3.0.17-1~deb12u3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 66,480 kB
  • sloc: ansic: 473,090; perl: 192,620; asm: 6,546; sh: 1,185; makefile: 231; pascal: 43; lisp: 35; python: 29; ruby: 14; cpp: 10; sed: 6
file content (66 lines) | stat: -rw-r--r-- 2,730 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Mon, 4 Aug 2025 20:02:29 +0200
Subject: Revert "Drop "by store"'s by_store_subject_ex()"

This reverts commit 7141330fb98ce ("Drop "by store"'s by_store_subject_ex()").

Avoid crashes in users, see https://bugs.debian.org/1110254

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
 crypto/x509/by_store.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c
index e486fb0a9d94..fc6942a17855 100644
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -202,7 +202,8 @@ static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,
 }
 
 static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret)
+                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret,
+                    OSSL_LIB_CTX *libctx, const char *propq)
 {
     STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
     int i;
@@ -218,12 +219,13 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                            const X509_NAME *name, X509_OBJECT *ret)
+static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const X509_NAME *name, X509_OBJECT *ret,
+                               OSSL_LIB_CTX *libctx, const char *propq)
 {
     OSSL_STORE_SEARCH *criterion =
         OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
-    int ok = by_store(ctx, type, criterion, ret);
+    int ok = by_store(ctx, type, criterion, ret, libctx, propq);
     STACK_OF(X509_OBJECT) *store_objects =
         X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx));
     X509_OBJECT *tmp = NULL;
@@ -271,6 +273,12 @@ static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
+static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                            const X509_NAME *name, X509_OBJECT *ret)
+{
+    return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
+}
+
 /*
  * We lack the implementations for get_by_issuer_serial, get_by_fingerprint
  * and get_by_alias.  There's simply not enough support in the X509_LOOKUP
@@ -288,7 +296,7 @@ static X509_LOOKUP_METHOD x509_store_lookup = {
     NULL,                        /* get_by_issuer_serial */
     NULL,                        /* get_by_fingerprint */
     NULL,                        /* get_by_alias */
-    NULL,                        /* get_by_subject_ex */
+    by_store_subject_ex,
     by_store_ctrl_ex
 };