aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/x509
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2015-12-03 17:22:58 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-12-03 17:22:58 +0000
commit737d7e8d3945c206c037e139055821aa0c64bb8e (patch)
treeb0284af4e4144e27eb9f39e88c53868060774b16 /crypto/x509
parente9fcefce9bb70f20c272a996443928c5f6ab8cd8 (diff)
downloadsrc-737d7e8d3945c206c037e139055821aa0c64bb8e.tar.gz
src-737d7e8d3945c206c037e139055821aa0c64bb8e.zip
Import OpenSSL 1.0.2e.vendor/openssl/1.0.2e
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=291707 svn path=/vendor-crypto/openssl/1.0.2e/; revision=291708; tag=vendor/openssl/1.0.2e
Diffstat (limited to 'crypto/x509')
-rw-r--r--crypto/x509/x509_lu.c2
-rw-r--r--crypto/x509/x509_vfy.c11
-rw-r--r--crypto/x509/x509_vpm.c15
3 files changed, 19 insertions, 9 deletions
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index b0d653903ff5..50120a4d70c6 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -536,8 +536,6 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
X509_OBJECT *obj, xobj;
sk = sk_X509_CRL_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- /* Check cache first */
- idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
/*
* Always do lookup to possibly add new CRLs to cache
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index a2f1dbefe352..ab94948f0135 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -249,7 +249,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0)
- return ok;
+ goto end;
/*
* If successful for now free up cert so it will be picked up
* again later.
@@ -347,14 +347,15 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0)
- return ok;
+ goto end;
if (ok == 0)
break;
x = xtmp;
if (!sk_X509_push(ctx->chain, x)) {
X509_free(xtmp);
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
- return 0;
+ ok = 0;
+ goto end;
}
num++;
}
@@ -752,6 +753,10 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
int n = sk_OPENSSL_STRING_num(id->hosts);
char *name;
+ if (id->peername != NULL) {
+ OPENSSL_free(id->peername);
+ id->peername = NULL;
+ }
for (i = 0; i < n; ++i) {
name = sk_OPENSSL_STRING_value(id->hosts, i);
if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0)
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 1ea0c69f5743..592a8a5f6a5c 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -155,6 +155,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
}
if (paramid->peername)
OPENSSL_free(paramid->peername);
+ paramid->peername = NULL;
if (paramid->email) {
OPENSSL_free(paramid->email);
paramid->email = NULL;
@@ -165,7 +166,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
paramid->ip = NULL;
paramid->iplen = 0;
}
-
}
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
@@ -176,13 +176,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
param = OPENSSL_malloc(sizeof *param);
if (!param)
return NULL;
- paramid = OPENSSL_malloc(sizeof *paramid);
+ memset(param, 0, sizeof(*param));
+
+ paramid = OPENSSL_malloc(sizeof(*paramid));
if (!paramid) {
OPENSSL_free(param);
return NULL;
}
- memset(param, 0, sizeof *param);
- memset(paramid, 0, sizeof *paramid);
+ memset(paramid, 0, sizeof(*paramid));
+ /* Exotic platforms may have non-zero bit representation of NULL */
+ paramid->hosts = NULL;
+ paramid->peername = NULL;
+ paramid->email = NULL;
+ paramid->ip = NULL;
+
param->id = paramid;
x509_verify_param_zero(param);
return param;