diff options
Diffstat (limited to 'src/lib/libcrypto/x509')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_verify.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 7 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vpm.c | 4 |
3 files changed, 10 insertions, 5 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 0c32cd04b7..be70ff8372 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */ | 1 | /* $OpenBSD: x509_verify.c,v 1.13.4.1 2021/02/03 07:06:13 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -81,7 +81,7 @@ x509_verify_chain_dup(struct x509_verify_chain *chain) | |||
| 81 | { | 81 | { |
| 82 | struct x509_verify_chain *new_chain; | 82 | struct x509_verify_chain *new_chain; |
| 83 | 83 | ||
| 84 | if ((new_chain = x509_verify_chain_new()) == NULL) | 84 | if ((new_chain = calloc(1, sizeof(*chain))) == NULL) |
| 85 | goto err; | 85 | goto err; |
| 86 | if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL) | 86 | if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL) |
| 87 | goto err; | 87 | goto err; |
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index fe1431ce49..931adb84bc 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.81 2020/09/26 02:06:28 deraadt Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.81.4.1 2021/02/03 07:06:13 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1794,6 +1794,11 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx) | |||
| 1794 | 1794 | ||
| 1795 | if (ctx->parent) | 1795 | if (ctx->parent) |
| 1796 | return 1; | 1796 | return 1; |
| 1797 | |||
| 1798 | /* X509_policy_check always allocates a new tree. */ | ||
| 1799 | X509_policy_tree_free(ctx->tree); | ||
| 1800 | ctx->tree = NULL; | ||
| 1801 | |||
| 1797 | ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, | 1802 | ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, |
| 1798 | ctx->param->policies, ctx->param->flags); | 1803 | ctx->param->policies, ctx->param->flags); |
| 1799 | if (ret == 0) { | 1804 | if (ret == 0) { |
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c index 448ee20984..d4715228dc 100644 --- a/src/lib/libcrypto/x509/x509_vpm.c +++ b/src/lib/libcrypto/x509/x509_vpm.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vpm.c,v 1.22 2020/09/14 08:10:04 beck Exp $ */ | 1 | /* $OpenBSD: x509_vpm.c,v 1.22.4.1 2021/02/03 07:06:13 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2004. | 3 | * project 2004. |
| 4 | */ | 4 | */ |
| @@ -177,7 +177,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param) | |||
| 177 | param->trust = 0; | 177 | param->trust = 0; |
| 178 | /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ | 178 | /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ |
| 179 | param->inh_flags = 0; | 179 | param->inh_flags = 0; |
| 180 | param->flags = 0; | 180 | param->flags = X509_V_FLAG_LEGACY_VERIFY; |
| 181 | param->depth = -1; | 181 | param->depth = -1; |
| 182 | if (param->policies) { | 182 | if (param->policies) { |
| 183 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); | 183 | sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); |