[krbdev.mit.edu #7889] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Mar 25 18:06:54 EDT 2014
Use anonymous OIDs in pkinit_crypto_openssl.c
Stop adding OIDs to the global OpenSSL table. It isn't thread-safe
(even with locking callbacks registered), and calling OBJ_cleanup
could break other uses of OpenSSL. Instead, use anonymous OIDs
created with OBJ_txt2oid. Anonymous OIDs need to be managed more
careful to avoid double-freeing, so create a copy before calling
PKCS7_add_signed_attribute, and don't free the result of
pkinit_pkcs7type2oid in cms_contentinfo_create.
https://github.com/krb5/krb5/commit/6b9e570a7e98470b806a26c5119e53b2145e2586
Author: Greg Hudson <ghudson at mit.edu>
Commit: 6b9e570a7e98470b806a26c5119e53b2145e2586
Branch: master
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 96 +++++++++-----------
1 files changed, 43 insertions(+), 53 deletions(-)
More information about the krb5-bugs
mailing list