diff options
author | David von Oheimb <dev@ddvo.net> | 2022-07-31 07:15:40 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-09-16 10:07:15 +0200 |
commit | 4fdc16af05d5e1e79ffebbae2b427f3a388227e3 (patch) | |
tree | 65739aaeaf3df49054961932093793fc2950d828 /crypto | |
parent | fcff5bd43c85418cc4aa8052e3dc3dba344d763e (diff) | |
download | openssl-4fdc16af05d5e1e79ffebbae2b427f3a388227e3.tar.gz |
X509_STORE_CTX_set_default(): improve error handling, also in its use
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 3 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 20 |
2 files changed, 9 insertions, 14 deletions
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 5dbf6bdc14..21a317446d 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -281,7 +281,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); goto err; } - X509_STORE_CTX_set_default(cert_ctx, "smime_sign"); + if (!X509_STORE_CTX_set_default(cert_ctx, "smime_sign")) + goto err; } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) { ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); goto err; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 42a7245706..d9158bd795 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2327,8 +2327,6 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { - int ret = 1; - if (ctx == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; @@ -2426,19 +2424,13 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, } /* Inherit callbacks and flags from X509_STORE if not set use defaults. */ - if (store != NULL) - ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); - else + if (store == NULL) ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; + else if (X509_VERIFY_PARAM_inherit(ctx->param, store->param) == 0) + goto err; - if (ret) - ret = X509_VERIFY_PARAM_inherit(ctx->param, - X509_VERIFY_PARAM_lookup("default")); - - if (ret == 0) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); + if (!X509_STORE_CTX_set_default(ctx, "default")) goto err; - } /* * XXX: For now, continue to inherit trust from VPM, but infer from the @@ -2640,8 +2632,10 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) const X509_VERIFY_PARAM *param; param = X509_VERIFY_PARAM_lookup(name); - if (param == NULL) + if (param == NULL) { + ERR_raise_data(ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID, "name=%s", name); return 0; + } return X509_VERIFY_PARAM_inherit(ctx->param, param); } |