mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

X509_STORE_CTX_set_default(): improve error handling, also in its use

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
This commit is contained in:
David von Oheimb 2022-07-31 07:15:40 +02:00 committed by Dr. David von Oheimb
parent fcff5bd43c
commit 4fdc16af05
2 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/pkcs7/pk7_smime.c
View File

@ -281,7 +281,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
goto err;
}
X509_STORE_CTX_set_default(cert_ctx, "smime_sign");
if (!X509_STORE_CTX_set_default(cert_ctx, "smime_sign"))
goto err;
} else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) {
ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
goto err;

22
crypto/x509/x509_vfy.c
View File

@ -2327,8 +2327,6 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
STACK_OF(X509) *chain)
{
int ret = 1;
if (ctx == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
@ -2426,19 +2424,13 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
}
/* Inherit callbacks and flags from X509_STORE if not set use defaults. */
if (store != NULL)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
if (store == NULL)
ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
if (ret)
ret = X509_VERIFY_PARAM_inherit(ctx->param,
X509_VERIFY_PARAM_lookup("default"));
if (ret == 0) {
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
else if (X509_VERIFY_PARAM_inherit(ctx->param, store->param) == 0)
goto err;
if (!X509_STORE_CTX_set_default(ctx, "default"))
goto err;
}
/*
* XXX: For now, continue to inherit trust from VPM, but infer from the
@ -2640,8 +2632,10 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
const X509_VERIFY_PARAM *param;
param = X509_VERIFY_PARAM_lookup(name);
if (param == NULL)
if (param == NULL) {
ERR_raise_data(ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID, "name=%s", name);
return 0;
}
return X509_VERIFY_PARAM_inherit(ctx->param, param);
}