diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-12-03 17:22:58 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-12-03 17:22:58 +0000 |
| commit | 737d7e8d3945c206c037e139055821aa0c64bb8e (patch) | |
| tree | b0284af4e4144e27eb9f39e88c53868060774b16 /crypto/x509 | |
| parent | e9fcefce9bb70f20c272a996443928c5f6ab8cd8 (diff) | |
| download | src-737d7e8d3945c206c037e139055821aa0c64bb8e.tar.gz src-737d7e8d3945c206c037e139055821aa0c64bb8e.zip | |
Import OpenSSL 1.0.2e.vendor/openssl/1.0.2e
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=291707
svn path=/vendor-crypto/openssl/1.0.2e/; revision=291708; tag=vendor/openssl/1.0.2e
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509_lu.c | 2 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 11 | ||||
| -rw-r--r-- | crypto/x509/x509_vpm.c | 15 |
3 files changed, 19 insertions, 9 deletions
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b0d653903ff5..50120a4d70c6 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -536,8 +536,6 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_OBJECT *obj, xobj; sk = sk_X509_CRL_new_null(); CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - /* Check cache first */ - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); /* * Always do lookup to possibly add new CRLs to cache diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index a2f1dbefe352..ab94948f0135 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -249,7 +249,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) - return ok; + goto end; /* * If successful for now free up cert so it will be picked up * again later. @@ -347,14 +347,15 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) - return ok; + goto end; if (ok == 0) break; x = xtmp; if (!sk_X509_push(ctx->chain, x)) { X509_free(xtmp); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - return 0; + ok = 0; + goto end; } num++; } @@ -752,6 +753,10 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) int n = sk_OPENSSL_STRING_num(id->hosts); char *name; + if (id->peername != NULL) { + OPENSSL_free(id->peername); + id->peername = NULL; + } for (i = 0; i < n; ++i) { name = sk_OPENSSL_STRING_value(id->hosts, i); if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 1ea0c69f5743..592a8a5f6a5c 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -155,6 +155,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) } if (paramid->peername) OPENSSL_free(paramid->peername); + paramid->peername = NULL; if (paramid->email) { OPENSSL_free(paramid->email); paramid->email = NULL; @@ -165,7 +166,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) paramid->ip = NULL; paramid->iplen = 0; } - } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) @@ -176,13 +176,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) param = OPENSSL_malloc(sizeof *param); if (!param) return NULL; - paramid = OPENSSL_malloc(sizeof *paramid); + memset(param, 0, sizeof(*param)); + + paramid = OPENSSL_malloc(sizeof(*paramid)); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof *param); - memset(paramid, 0, sizeof *paramid); + memset(paramid, 0, sizeof(*paramid)); + /* Exotic platforms may have non-zero bit representation of NULL */ + paramid->hosts = NULL; + paramid->peername = NULL; + paramid->email = NULL; + paramid->ip = NULL; + param->id = paramid; x509_verify_param_zero(param); return param; |