Skip to content

Commit

Permalink
Merge branch 'master' into ex-leak
Browse files Browse the repository at this point in the history
  • Loading branch information
sfackler authored Nov 23, 2023
2 parents a92c237 + f456b60 commit b0a1da5
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 1 deletion.
2 changes: 2 additions & 0 deletions openssl-sys/src/handwritten/x509.rs
Original file line number Diff line number Diff line change
Expand Up @@ -644,6 +644,8 @@ const_ptr_api! {
extern "C" {
#[cfg(any(ossl110, libressl270))]
pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT;
#[cfg(ossl300)]
pub fn X509_STORE_get1_all_certs(ctx: *mut X509_STORE) -> *mut stack_st_X509;
}
}

Expand Down
21 changes: 21 additions & 0 deletions openssl/src/symm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -696,6 +696,27 @@ impl Crypter {
self.ctx.cipher_update(input, Some(output))
}

/// Feeds data from `input` through the cipher, writing encrypted/decrypted
/// bytes into `output`.
///
/// The number of bytes written to `output` is returned. Note that this may
/// not be equal to the length of `input`.
///
/// # Safety
///
/// The caller must provide an `output` buffer large enough to contain
/// correct number of bytes. For streaming ciphers the output buffer size
/// should be at least as big as the input buffer. For block ciphers the
/// size of the output buffer depends on the state of partially updated
/// blocks.
pub unsafe fn update_unchecked(
&mut self,
input: &[u8],
output: &mut [u8],
) -> Result<usize, ErrorStack> {
self.ctx.cipher_update_unchecked(input, Some(output))
}

/// Finishes the encryption/decryption process, writing any remaining data
/// to `output`.
///
Expand Down
18 changes: 17 additions & 1 deletion openssl/src/x509/store.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,14 @@
//! ```
use cfg_if::cfg_if;
use foreign_types::ForeignTypeRef;
use foreign_types::{ForeignType, ForeignTypeRef};
use std::mem;

use crate::error::ErrorStack;
#[cfg(not(boringssl))]
use crate::ssl::SslFiletype;
#[cfg(ossl300)]
use crate::stack::Stack;
use crate::stack::StackRef;
#[cfg(any(ossl102, libressl261))]
use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
Expand Down Expand Up @@ -260,10 +262,24 @@ foreign_type_and_impl_send_sync! {

impl X509StoreRef {
/// Get a reference to the cache of certificates in this store.
///
/// This method is deprecated. It is **unsound** and will be removed in a
/// future version of rust-openssl. `X509StoreRef::all_certificates`
/// should be used instead.
#[deprecated(
note = "This method is unsound, and will be removed in a future version of rust-openssl. X509StoreRef::all_certificates should be used instead."
)]
#[corresponds(X509_STORE_get0_objects)]
pub fn objects(&self) -> &StackRef<X509Object> {
unsafe { StackRef::from_ptr(X509_STORE_get0_objects(self.as_ptr())) }
}

/// Returns a stack of all the certificates in this store.
#[corresponds(X509_STORE_get1_all_certs)]
#[cfg(ossl300)]
pub fn all_certificates(&self) -> Stack<X509> {
unsafe { Stack::from_ptr(ffi::X509_STORE_get1_all_certs(self.as_ptr())) }
}
}

cfg_if! {
Expand Down
15 changes: 15 additions & 0 deletions openssl/src/x509/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1177,3 +1177,18 @@ fn test_dist_point_null() {
let cert = X509::from_pem(cert).unwrap();
assert!(cert.crl_distribution_points().is_none());
}

#[test]
#[cfg(ossl300)]
fn test_store_all_certificates() {
let cert = include_bytes!("../../test/cert.pem");
let cert = X509::from_pem(cert).unwrap();

let store = {
let mut b = X509StoreBuilder::new().unwrap();
b.add_cert(cert).unwrap();
b.build()
};

assert_eq!(store.all_certificates().len(), 1);
}

0 comments on commit b0a1da5

Please sign in to comment.