[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Dec 3 09:32:14 UTC 2019
The branch master has been updated
via 59ae04d74a57cf791af510a717b5822950a0f875 (commit)
from be3acd799bfd0fb09ea934e4984ec9eda19d8b8f (commit)
- Log -----------------------------------------------------------------
commit 59ae04d74a57cf791af510a717b5822950a0f875
Author: raja-ashok <rashok.svks at gmail.com>
Date: Tue Dec 3 19:31:49 2019 +1000
Set argument only after successful dup on CMP APIs
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10511)
-----------------------------------------------------------------------
Summary of changes:
crypto/cmp/cmp_ctx.c | 23 ++++++++++++++++++-----
crypto/cmp/cmp_util.c | 8 +++++---
2 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 4a70b33ee7..89ecab1413 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -68,14 +68,21 @@ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx)
*/
int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
{
+ STACK_OF(X509) *untrusted_certs;
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 0;
}
- sk_X509_pop_free(ctx->untrusted_certs, X509_free);
- if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL)
+ if ((untrusted_certs = sk_X509_new_null()) == NULL)
return 0;
- return ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, certs, 0, 1, 0);
+ if (ossl_cmp_sk_X509_add1_certs(untrusted_certs, certs, 0, 1, 0) != 1)
+ goto err;
+ sk_X509_pop_free(ctx->untrusted_certs, X509_free);
+ ctx->untrusted_certs = untrusted_certs;
+ return 1;
+err:
+ sk_X509_pop_free(untrusted_certs, X509_free);
+ return 0;
}
/*
@@ -373,13 +380,19 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
const int len)
{
+ ASN1_OCTET_STRING *secretValue = NULL;
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (ctx->secretValue != NULL)
+ if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1)
+ return 0;
+ if (ctx->secretValue != NULL) {
OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length);
- return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->secretValue, sec, len);
+ ASN1_OCTET_STRING_free(ctx->secretValue);
+ }
+ ctx->secretValue = secretValue;
+ return 1;
}
/*
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index 9490496cbe..0390c23e66 100644
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -408,21 +408,23 @@ STACK_OF(X509) *ossl_cmp_build_cert_chain(STACK_OF(X509) *certs, X509 *cert)
int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
const ASN1_OCTET_STRING *src)
{
+ ASN1_OCTET_STRING *new;
if (tgt == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 0;
}
if (*tgt == src) /* self-assignment */
return 1;
- ASN1_OCTET_STRING_free(*tgt);
if (src != NULL) {
- if ((*tgt = ASN1_OCTET_STRING_dup(src)) == NULL)
+ if ((new = ASN1_OCTET_STRING_dup(src)) == NULL)
return 0;
} else {
- *tgt = NULL;
+ new = NULL;
}
+ ASN1_OCTET_STRING_free(*tgt);
+ *tgt = new;
return 1;
}
More information about the openssl-commits
mailing list