diff options
| author | tb <> | 2022-07-24 18:51:16 +0000 |
|---|---|---|
| committer | tb <> | 2022-07-24 18:51:16 +0000 |
| commit | 1f56551c7c7b6373e4d78b855d94f1d97f1de9e2 (patch) | |
| tree | a9e64f0c743dd54bf36f3cf55bd68bf51cc88c13 | |
| parent | d927a606e3bbf4b570e6a2e6758d82ddd5f0d13d (diff) | |
| download | openbsd-1f56551c7c7b6373e4d78b855d94f1d97f1de9e2.tar.gz openbsd-1f56551c7c7b6373e4d78b855d94f1d97f1de9e2.tar.bz2 openbsd-1f56551c7c7b6373e4d78b855d94f1d97f1de9e2.zip | |
Minor fixes in PKCS12_parse()
Pull up clearing of output parameters before first return
(OpenSSL 524fdd51 by Bernd Edlinger), explicit comparisons
against NULL, '\0', etc.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_kiss.c | 47 |
1 files changed, 23 insertions, 24 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c index 1e221f4436..6bbfa2aeef 100644 --- a/src/lib/libcrypto/pkcs12/p12_kiss.c +++ b/src/lib/libcrypto/pkcs12/p12_kiss.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_kiss.c,v 1.22 2022/05/20 08:00:05 tb Exp $ */ | 1 | /* $OpenBSD: p12_kiss.c,v 1.23 2022/07/24 18:51:16 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -84,18 +84,17 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | |||
| 84 | { | 84 | { |
| 85 | STACK_OF(X509) *ocerts = NULL; | 85 | STACK_OF(X509) *ocerts = NULL; |
| 86 | X509 *x = NULL; | 86 | X509 *x = NULL; |
| 87 | /* Check for NULL PKCS12 structure */ | ||
| 88 | 87 | ||
| 89 | if (!p12) { | 88 | if (pkey != NULL) |
| 90 | PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); | ||
| 91 | return 0; | ||
| 92 | } | ||
| 93 | |||
| 94 | if (pkey) | ||
| 95 | *pkey = NULL; | 89 | *pkey = NULL; |
| 96 | if (cert) | 90 | if (cert != NULL) |
| 97 | *cert = NULL; | 91 | *cert = NULL; |
| 98 | 92 | ||
| 93 | if (p12 == NULL) { | ||
| 94 | PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); | ||
| 95 | goto err; | ||
| 96 | } | ||
| 97 | |||
| 99 | /* Check the mac */ | 98 | /* Check the mac */ |
| 100 | 99 | ||
| 101 | /* If password is zero length or NULL then try verifying both cases | 100 | /* If password is zero length or NULL then try verifying both cases |
| @@ -104,7 +103,7 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | |||
| 104 | * password are two different things... | 103 | * password are two different things... |
| 105 | */ | 104 | */ |
| 106 | 105 | ||
| 107 | if (!pass || !*pass) { | 106 | if (pass == NULL || *pass == '\0') { |
| 108 | if (PKCS12_verify_mac(p12, NULL, 0)) | 107 | if (PKCS12_verify_mac(p12, NULL, 0)) |
| 109 | pass = NULL; | 108 | pass = NULL; |
| 110 | else if (PKCS12_verify_mac(p12, "", 0)) | 109 | else if (PKCS12_verify_mac(p12, "", 0)) |
| @@ -119,10 +118,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | |||
| 119 | } | 118 | } |
| 120 | 119 | ||
| 121 | /* Allocate stack for other certificates */ | 120 | /* Allocate stack for other certificates */ |
| 122 | ocerts = sk_X509_new_null(); | 121 | if ((ocerts = sk_X509_new_null()) == NULL) { |
| 123 | if (!ocerts) { | ||
| 124 | PKCS12error(ERR_R_MALLOC_FAILURE); | 122 | PKCS12error(ERR_R_MALLOC_FAILURE); |
| 125 | return 0; | 123 | goto err; |
| 126 | } | 124 | } |
| 127 | 125 | ||
| 128 | if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { | 126 | if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { |
| @@ -130,8 +128,9 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | |||
| 130 | goto err; | 128 | goto err; |
| 131 | } | 129 | } |
| 132 | 130 | ||
| 133 | while ((x = sk_X509_pop(ocerts))) { | 131 | while ((x = sk_X509_pop(ocerts)) != NULL) { |
| 134 | if (pkey && *pkey && cert && !*cert) { | 132 | if (pkey != NULL && *pkey != NULL && |
| 133 | cert != NULL && *cert == NULL) { | ||
| 135 | ERR_set_mark(); | 134 | ERR_set_mark(); |
| 136 | if (X509_check_private_key(x, *pkey)) { | 135 | if (X509_check_private_key(x, *pkey)) { |
| 137 | *cert = x; | 136 | *cert = x; |
| @@ -140,31 +139,31 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | |||
| 140 | ERR_pop_to_mark(); | 139 | ERR_pop_to_mark(); |
| 141 | } | 140 | } |
| 142 | 141 | ||
| 143 | if (ca && x) { | 142 | if (ca != NULL && x != NULL) { |
| 144 | if (!*ca) | 143 | if (*ca == NULL) |
| 145 | *ca = sk_X509_new_null(); | 144 | *ca = sk_X509_new_null(); |
| 146 | if (!*ca) | 145 | if (*ca == NULL) |
| 147 | goto err; | 146 | goto err; |
| 148 | if (!sk_X509_push(*ca, x)) | 147 | if (!sk_X509_push(*ca, x)) |
| 149 | goto err; | 148 | goto err; |
| 150 | x = NULL; | 149 | x = NULL; |
| 151 | } | 150 | } |
| 152 | X509_free(x); | 151 | X509_free(x); |
| 152 | x = NULL; | ||
| 153 | } | 153 | } |
| 154 | 154 | ||
| 155 | if (ocerts) | 155 | sk_X509_pop_free(ocerts, X509_free); |
| 156 | sk_X509_pop_free(ocerts, X509_free); | ||
| 157 | 156 | ||
| 158 | return 1; | 157 | return 1; |
| 159 | 158 | ||
| 160 | err: | 159 | err: |
| 161 | if (pkey && *pkey) | 160 | if (pkey != NULL) |
| 162 | EVP_PKEY_free(*pkey); | 161 | EVP_PKEY_free(*pkey); |
| 163 | if (cert) | 162 | if (cert != NULL) |
| 164 | X509_free(*cert); | 163 | X509_free(*cert); |
| 165 | X509_free(x); | 164 | X509_free(x); |
| 166 | if (ocerts) | 165 | sk_X509_pop_free(ocerts, X509_free); |
| 167 | sk_X509_pop_free(ocerts, X509_free); | 166 | |
| 168 | return 0; | 167 | return 0; |
| 169 | } | 168 | } |
| 170 | 169 | ||