Merge branch 'master' into ex-leak

sfackler · Nov 23, 2023 · b0a1da5 · b0a1da5
2 parents a92c237 + f456b60
commit b0a1da5
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 1 deletion.
diff --git a/openssl-sys/src/handwritten/x509.rs b/openssl-sys/src/handwritten/x509.rs
@@ -644,6 +644,8 @@ const_ptr_api! {
     extern "C" {
         #[cfg(any(ossl110, libressl270))]
         pub fn X509_STORE_get0_objects(ctx: #[const_ptr_if(ossl300)] X509_STORE) -> *mut stack_st_X509_OBJECT;
+        #[cfg(ossl300)]
+        pub fn X509_STORE_get1_all_certs(ctx: *mut X509_STORE) -> *mut stack_st_X509;
     }
 }
 

diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs
@@ -696,6 +696,27 @@ impl Crypter {
         self.ctx.cipher_update(input, Some(output))
     }
 
+    /// Feeds data from `input` through the cipher, writing encrypted/decrypted
+    /// bytes into `output`.
+    ///
+    /// The number of bytes written to `output` is returned. Note that this may
+    /// not be equal to the length of `input`.
+    ///
+    /// # Safety
+    ///
+    /// The caller must provide an `output` buffer large enough to contain
+    /// correct number of bytes. For streaming ciphers the output buffer size
+    /// should be at least as big as the input buffer. For block ciphers the
+    /// size of the output buffer depends on the state of partially updated
+    /// blocks.
+    pub unsafe fn update_unchecked(
+        &mut self,
+        input: &[u8],
+        output: &mut [u8],
+    ) -> Result<usize, ErrorStack> {
+        self.ctx.cipher_update_unchecked(input, Some(output))
+    }
+
     /// Finishes the encryption/decryption process, writing any remaining data
     /// to `output`.
     ///

diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs
@@ -42,12 +42,14 @@
 //! ```
 
 use cfg_if::cfg_if;
-use foreign_types::ForeignTypeRef;
+use foreign_types::{ForeignType, ForeignTypeRef};
 use std::mem;
 
 use crate::error::ErrorStack;
 #[cfg(not(boringssl))]
 use crate::ssl::SslFiletype;
+#[cfg(ossl300)]
+use crate::stack::Stack;
 use crate::stack::StackRef;
 #[cfg(any(ossl102, libressl261))]
 use crate::x509::verify::{X509VerifyFlags, X509VerifyParamRef};
@@ -260,10 +262,24 @@ foreign_type_and_impl_send_sync! {
 
 impl X509StoreRef {
     /// Get a reference to the cache of certificates in this store.
+    ///
+    /// This method is deprecated. It is **unsound** and will be removed in a
+    /// future version of rust-openssl. `X509StoreRef::all_certificates`
+    /// should be used instead.
+    #[deprecated(
+        note = "This method is unsound, and will be removed in a future version of rust-openssl. X509StoreRef::all_certificates should be used instead."
+    )]
     #[corresponds(X509_STORE_get0_objects)]
     pub fn objects(&self) -> &StackRef<X509Object> {
         unsafe { StackRef::from_ptr(X509_STORE_get0_objects(self.as_ptr())) }
     }
+
+    /// Returns a stack of all the certificates in this store.
+    #[corresponds(X509_STORE_get1_all_certs)]
+    #[cfg(ossl300)]
+    pub fn all_certificates(&self) -> Stack<X509> {
+        unsafe { Stack::from_ptr(ffi::X509_STORE_get1_all_certs(self.as_ptr())) }
+    }
 }
 
 cfg_if! {

diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
@@ -1177,3 +1177,18 @@ fn test_dist_point_null() {
     let cert = X509::from_pem(cert).unwrap();
     assert!(cert.crl_distribution_points().is_none());
 }
+
+#[test]
+#[cfg(ossl300)]
+fn test_store_all_certificates() {
+    let cert = include_bytes!("../../test/cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+
+    let store = {
+        let mut b = X509StoreBuilder::new().unwrap();
+        b.add_cert(cert).unwrap();
+        b.build()
+    };
+
+    assert_eq!(store.all_certificates().len(), 1);
+}