diff options
| author |   miod <miod@openbsd.org> | 2016-11-05 15:19:07 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2016-11-05 15:19:07 +0000 |
| commit | 3ccc3b0a6448466d11e5f457d1d7ccc3e73eceee (patch) | |
| tree | 0d8e9b5d7d1d7a9e0d0c44fdf50af0bfc7977421 /lib | |
| parent | bump minors for symbol addition for ocsp and x25519 symbol additions (diff) | |
| download | wireguard-openbsd-3ccc3b0a6448466d11e5f457d1d7ccc3e73eceee.tar.xz wireguard-openbsd-3ccc3b0a6448466d11e5f457d1d7ccc3e73eceee.zip | |
More X509_STORE_CTX_set_*() return value checks.
ok beck@ jsing@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/pkcs7/pk7_doit.c | 13 | ||||
| -rw-r--r-- | lib/libcrypto/pkcs7/pk7_smime.c | 9 | ||||
| -rw-r--r-- | lib/libcrypto/ts/ts_rsp_verify.c | 6 |
3 files changed, 16 insertions, 12 deletions
diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 50e4fe39c1c..bd873143c1f 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.38 2015/09/30 18:41:06 jsing Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.39 2016/11/05 15:19:07 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -811,11 +811,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) j = OBJ_obj2nid(si->digest_alg->algorithm); - btmp = bio; - - btmp = PKCS7_find_digest(&mdc, btmp, j); - - if (btmp == NULL) + if ((btmp = PKCS7_find_digest(&mdc, bio, j)) == NULL) goto err; /* We now have the EVP_MD_CTX, lets do the @@ -997,7 +993,10 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); goto err; } - X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); + if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) { + X509_STORE_CTX_cleanup(ctx); + goto err; + } i = X509_verify_cert(ctx); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); diff --git a/lib/libcrypto/pkcs7/pk7_smime.c b/lib/libcrypto/pkcs7/pk7_smime.c index 1c00e5914a6..a2f23b37f3b 100644 --- a/lib/libcrypto/pkcs7/pk7_smime.c +++ b/lib/libcrypto/pkcs7/pk7_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_smime.c,v 1.20 2015/02/07 14:21:41 doug Exp $ */ +/* $OpenBSD: pk7_smime.c,v 1.21 2016/11/05 15:19:07 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -324,8 +324,11 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, sk_X509_free(signers); return 0; } - X509_STORE_CTX_set_default(&cert_ctx, - "smime_sign"); + if (X509_STORE_CTX_set_default(&cert_ctx, + "smime_sign") == 0) { + sk_X509_free(signers); + return 0; + } } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); diff --git a/lib/libcrypto/ts/ts_rsp_verify.c b/lib/libcrypto/ts/ts_rsp_verify.c index 204c6a9df8b..020658bb025 100644 --- a/lib/libcrypto/ts/ts_rsp_verify.c +++ b/lib/libcrypto/ts/ts_rsp_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_verify.c,v 1.16 2015/07/19 18:25:59 miod Exp $ */ +/* $OpenBSD: ts_rsp_verify.c,v 1.17 2016/11/05 15:19:07 miod Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -244,7 +244,9 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, TSerr(TS_F_TS_VERIFY_CERT, ERR_R_X509_LIB); goto err; } - X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN); + if (X509_STORE_CTX_set_purpose(&cert_ctx, + X509_PURPOSE_TIMESTAMP_SIGN) == 0) + goto err; i = X509_verify_cert(&cert_ctx); if (i <= 0) { int j = X509_STORE_CTX_get_error(&cert_ctx); |