diff options
| author | miod <> | 2016-11-05 13:27:53 +0000 |
|---|---|---|
| committer | miod <> | 2016-11-05 13:27:53 +0000 |
| commit | 5074288f0801a2b426584402e81b5953f706a44f (patch) | |
| tree | c0cbd43d701327840b4645826eafc90f49b7a6d2 /src/lib/libcrypto/ocsp | |
| parent | 7f9071cab071a0d27937f32c7ab76f019b3d8135 (diff) | |
| download | openbsd-5074288f0801a2b426584402e81b5953f706a44f.tar.gz openbsd-5074288f0801a2b426584402e81b5953f706a44f.tar.bz2 openbsd-5074288f0801a2b426584402e81b5953f706a44f.zip | |
X509_STORE_CTX_set_*() may fail, so check for errors.
ok beck@
Diffstat (limited to 'src/lib/libcrypto/ocsp')
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_vfy.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c index f28571b92f..80dd54e958 100644 --- a/src/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocsp_vfy.c,v 1.13 2016/07/05 00:21:47 beck Exp $ */ | 1 | /* $OpenBSD: ocsp_vfy.c,v 1.14 2016/11/05 13:27:53 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -130,7 +130,12 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 130 | goto end; | 130 | goto end; |
| 131 | } | 131 | } |
| 132 | 132 | ||
| 133 | X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); | 133 | if (X509_STORE_CTX_set_purpose(&ctx, |
| 134 | X509_PURPOSE_OCSP_HELPER) == 0) { | ||
| 135 | X509_STORE_CTX_cleanup(&ctx); | ||
| 136 | ret = -1; | ||
| 137 | goto end; | ||
| 138 | } | ||
| 134 | ret = X509_verify_cert(&ctx); | 139 | ret = X509_verify_cert(&ctx); |
| 135 | chain = X509_STORE_CTX_get1_chain(&ctx); | 140 | chain = X509_STORE_CTX_get1_chain(&ctx); |
| 136 | X509_STORE_CTX_cleanup(&ctx); | 141 | X509_STORE_CTX_cleanup(&ctx); |
| @@ -423,8 +428,13 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 423 | return 0; | 428 | return 0; |
| 424 | } | 429 | } |
| 425 | 430 | ||
| 426 | X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); | 431 | if (X509_STORE_CTX_set_purpose(&ctx, |
| 427 | X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); | 432 | X509_PURPOSE_OCSP_HELPER) == 0 || |
| 433 | X509_STORE_CTX_set_trust(&ctx, | ||
| 434 | X509_TRUST_OCSP_REQUEST) == 0) { | ||
| 435 | X509_STORE_CTX_cleanup(&ctx); | ||
| 436 | return 0; | ||
| 437 | } | ||
| 428 | ret = X509_verify_cert(&ctx); | 438 | ret = X509_verify_cert(&ctx); |
| 429 | X509_STORE_CTX_cleanup(&ctx); | 439 | X509_STORE_CTX_cleanup(&ctx); |
| 430 | if (ret <= 0) { | 440 | if (ret <= 0) { |