Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctx

and X509_verify_cert - We at least make it so an an init'ed ctx is not "valid" until X509_verify_cert has actually been called, And we make it impossible to return success without having the error set to ERR_V_OK. ok jsing@
author: beck <> 2017-01-03 05:52:28 +0000
committer: beck <> 2017-01-03 05:52:28 +0000
commit: 7c4fda9bd5fd1be6973d8426ddab4363bb069235 (patch)
tree: ca77bf39189ed4f78a6245a0d5c82dc4ceb77f8d /src/lib
parent: 9f4657d603430aebe13903d7dbdb5cd15e512f95 (diff)
download: openbsd-7c4fda9bd5fd1be6973d8426ddab4363bb069235.tar.gz
openbsd-7c4fda9bd5fd1be6973d8426ddab4363bb069235.tar.bz2
openbsd-7c4fda9bd5fd1be6973d8426ddab4363bb069235.zip
1 files changed, 20 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 3d4121ed2a..f555941587 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.53 2017/01/03 05:34:48 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.54 2017/01/03 05:52:28 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -242,6 +242,16 @@ X509_verify_cert(X509_STORE_CTX *ctx)
                ctx->error = X509_V_ERR_INVALID_CALL;
                return -1;
        }
+        if (ctx->error != X509_V_ERR_UNSPECIFIED) {
+                /*
+                 * This X509_STORE_CTX has not been properly initialized.
+                 */
+                X509err(X509_F_X509_VERIFY_CERT,
+                    ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ctx->error = X509_V_ERR_INVALID_CALL;
+                return -1;
+        }
+        ctx->error = X509_V_OK; /* Initialize to OK */
        cb = ctx->verify_cb;
@@ -538,7 +548,9 @@ X509_verify_cert(X509_STORE_CTX *ctx)
        /* Safety net, error returns must set ctx->error */
        if (ok <= 0 && ctx->error == X509_V_OK)
                ctx->error = X509_V_ERR_UNSPECIFIED;
-        return ok;
+        /* Ensure we only return success with ctx->error of X509_V_OK */
+        return (ctx->error == X509_V_OK);
 }
 /* Given a STACK_OF(X509) find the issuer of cert (if any)
@@ -2168,6 +2180,12 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        memset(ctx, 0, sizeof(*ctx));
        /*
+         * Start with this set to not valid - it will be set to valid
+         * in X509_verify_cert.
+         */
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        /*
         * Set values other than 0.  Keep this in the same order as
         * X509_STORE_CTX except for values that may fail.  All fields that
         * may fail should go last to make sure 'ctx' is as consistent as
author	beck <>	2017-01-03 05:52:28 +0000
committer	beck <>	2017-01-03 05:52:28 +0000
commit	7c4fda9bd5fd1be6973d8426ddab4363bb069235 (patch)
tree	ca77bf39189ed4f78a6245a0d5c82dc4ceb77f8d /src/lib
parent	9f4657d603430aebe13903d7dbdb5cd15e512f95 (diff)
download	openbsd-7c4fda9bd5fd1be6973d8426ddab4363bb069235.tar.gz openbsd-7c4fda9bd5fd1be6973d8426ddab4363bb069235.tar.bz2 openbsd-7c4fda9bd5fd1be6973d8426ddab4363bb069235.zip

diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 3d4121ed2a..f555941587 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.53 2017/01/03 05:34:48 beck Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.54 2017/01/03 05:52:28 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -242,6 +242,16 @@ X509_verify_cert(X509_STORE_CTX *ctx)
242	ctx->error = X509_V_ERR_INVALID_CALL;	242	ctx->error = X509_V_ERR_INVALID_CALL;
243	return -1;	243	return -1;
244	}	244	}
		245	if (ctx->error != X509_V_ERR_UNSPECIFIED) {
		246	/*
		247	* This X509_STORE_CTX has not been properly initialized.
		248	*/
		249	X509err(X509_F_X509_VERIFY_CERT,
		250	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
		251	ctx->error = X509_V_ERR_INVALID_CALL;
		252	return -1;
		253	}
		254	ctx->error = X509_V_OK; /* Initialize to OK */
245		255
246	cb = ctx->verify_cb;	256	cb = ctx->verify_cb;
247		257
@@ -538,7 +548,9 @@ X509_verify_cert(X509_STORE_CTX *ctx)
538	/* Safety net, error returns must set ctx->error */	548	/* Safety net, error returns must set ctx->error */
539	if (ok <= 0 && ctx->error == X509_V_OK)	549	if (ok <= 0 && ctx->error == X509_V_OK)
540	ctx->error = X509_V_ERR_UNSPECIFIED;	550	ctx->error = X509_V_ERR_UNSPECIFIED;
541	return ok;	551
		552	/* Ensure we only return success with ctx->error of X509_V_OK */
		553	return (ctx->error == X509_V_OK);
542	}	554	}
543		555
544	/* Given a STACK_OF(X509) find the issuer of cert (if any)	556	/* Given a STACK_OF(X509) find the issuer of cert (if any)
@@ -2168,6 +2180,12 @@ X509_STORE_CTX_init(X509_STORE_CTX ctx, X509_STORE store, X509 *x509,
2168	memset(ctx, 0, sizeof(*ctx));	2180	memset(ctx, 0, sizeof(*ctx));
2169		2181
2170	/*	2182	/*
		2183	* Start with this set to not valid - it will be set to valid
		2184	* in X509_verify_cert.
		2185	*/
		2186	ctx->error = X509_V_ERR_UNSPECIFIED;
		2187
		2188	/*
2171	* Set values other than 0. Keep this in the same order as	2189	* Set values other than 0. Keep this in the same order as
2172	* X509_STORE_CTX except for values that may fail. All fields that	2190	* X509_STORE_CTX except for values that may fail. All fields that
2173	* may fail should go last to make sure 'ctx' is as consistent as	2191	* may fail should go last to make sure 'ctx' is as consistent as