[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Sun May 30 23:44:23 UTC 2021
The branch master has been updated
via 99be8ed331d884e77f658bb404b67a42405703e6 (commit)
from e43dc9b2438892f2adb7375ce9147e84b791ab97 (commit)
- Log -----------------------------------------------------------------
commit 99be8ed331d884e77f658bb404b67a42405703e6
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 21 16:45:58 2021 +0100
Fix cert creation in the store
When we create a cert in the store, make sure we do so with the libctx
and propq associated.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15523)
-----------------------------------------------------------------------
Summary of changes:
crypto/store/store_result.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 82ec046763..7c48d182a8 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -442,8 +442,6 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
{
if (data->object_type == OSSL_OBJECT_UNKNOWN
|| data->object_type == OSSL_OBJECT_CERT) {
- X509 *cert;
-
/*
* In most cases, we can try to interpret the serialized
* data as a trusted cert (X509 + X509_AUX) and fall back
@@ -454,31 +452,32 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
* or not (0).
*/
int ignore_trusted = 1;
+ X509 *cert = X509_new_ex(libctx, propq);
+
+ if (cert == NULL)
+ return 0;
/* If we have a data type, it should be a PEM name */
if (data->data_type != NULL
&& (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0))
ignore_trusted = 0;
- cert = d2i_X509_AUX(NULL, (const unsigned char **)&data->octet_data,
- data->octet_data_size);
- if (cert == NULL && ignore_trusted)
- cert = d2i_X509(NULL, (const unsigned char **)&data->octet_data,
- data->octet_data_size);
-
- if (cert != NULL)
- /* We determined the object type */
- data->object_type = OSSL_OBJECT_CERT;
-
- if (cert != NULL && !ossl_x509_set0_libctx(cert, libctx, propq)) {
+ if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data,
+ data->octet_data_size) == NULL
+ && (!ignore_trusted
+ || d2i_X509(&cert, (const unsigned char **)&data->octet_data,
+ data->octet_data_size) == NULL)) {
X509_free(cert);
cert = NULL;
}
- if (cert != NULL)
+ if (cert != NULL) {
+ /* We determined the object type */
+ data->object_type = OSSL_OBJECT_CERT;
*v = OSSL_STORE_INFO_new_CERT(cert);
- if (*v == NULL)
- X509_free(cert);
+ if (*v == NULL)
+ X509_free(cert);
+ }
}
return 1;
More information about the openssl-commits
mailing list