[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Thu Mar 28 10:16:11 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 0db8f86a18925bd239600a4e3cd5dc31de31258f (commit)
from edfd50d8db3ae20c1cba1667f861a25cbe6c31f2 (commit)
- Log -----------------------------------------------------------------
commit 0db8f86a18925bd239600a4e3cd5dc31de31258f
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Fri Feb 22 16:58:55 2019 +0300
Add some checks of OCSP functions
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8308)
(cherry picked from commit 72b89b8e201d17dea0219b4b92df7af7e17f183a)
-----------------------------------------------------------------------
Summary of changes:
apps/ocsp.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index e8aeb11..066a2e4 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -641,8 +641,10 @@ redo_accept:
goto end;
}
- if (req != NULL && add_nonce)
- OCSP_request_add1_nonce(req, NULL, -1);
+ if (req != NULL && add_nonce) {
+ if (!OCSP_request_add1_nonce(req, NULL, -1))
+ goto end;
+ }
if (signfile != NULL) {
if (keyfile == NULL)
@@ -1245,7 +1247,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
goto end;
}
}
- OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags);
+ if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) {
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
+ goto end;
+ }
if (badsig) {
const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
More information about the openssl-commits
mailing list