diff options
| author | tb <> | 2023-08-18 08:42:41 +0000 |
|---|---|---|
| committer | tb <> | 2023-08-18 08:42:41 +0000 |
| commit | a423f849cdbd330b704f84d929dceca2b4889824 (patch) | |
| tree | 9a871a3a4d9d0117a5265b771f1f9f8df07581c2 | |
| parent | 654345db098bd7b2d7fe8b6781e89d5ae0752791 (diff) | |
| download | openbsd-a423f849cdbd330b704f84d929dceca2b4889824.tar.gz openbsd-a423f849cdbd330b704f84d929dceca2b4889824.tar.bz2 openbsd-a423f849cdbd330b704f84d929dceca2b4889824.zip | |
Check X509_digest() return in x509v3_cache_extensions()
On failure invalidate the cert with EXFLAG_INVALID. It's unlikely that
a cert would make it through to the end of this function without setting
the flag, but it's bad style anyway.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/x509/x509_purp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c index f2c4f1dd57..0c92dfb19c 100644 --- a/src/lib/libcrypto/x509/x509_purp.c +++ b/src/lib/libcrypto/x509/x509_purp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_purp.c,v 1.28 2023/07/02 17:12:17 tb Exp $ */ | 1 | /* $OpenBSD: x509_purp.c,v 1.29 2023/08/18 08:42:41 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| @@ -550,7 +550,8 @@ x509v3_cache_extensions_internal(X509 *x) | |||
| 550 | if (x->ex_flags & EXFLAG_SET) | 550 | if (x->ex_flags & EXFLAG_SET) |
| 551 | return; | 551 | return; |
| 552 | 552 | ||
| 553 | X509_digest(x, X509_CERT_HASH_EVP, x->hash, NULL); | 553 | if (!X509_digest(x, X509_CERT_HASH_EVP, x->hash, NULL)) |
| 554 | x->ex_flags |= EXFLAG_INVALID; | ||
| 554 | 555 | ||
| 555 | version = X509_get_version(x); | 556 | version = X509_get_version(x); |
| 556 | if (version < 0 || version > 2) | 557 | if (version < 0 || version > 2) |