diff options
| author | raja-ashok <rashok.svks@gmail.com> | 2019-12-03 19:31:49 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2019-12-03 19:31:49 +1000 |
| commit | 59ae04d74a57cf791af510a717b5822950a0f875 (patch) | |
| tree | d368236e64b414068280e5bfb9aae929e35fe8d0 /crypto/cmp/cmp_ctx.c | |
| parent | be3acd799bfd0fb09ea934e4984ec9eda19d8b8f (diff) | |
Set argument only after successful dup on CMP APIs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10511)
Diffstat (limited to 'crypto/cmp/cmp_ctx.c')
| -rw-r--r-- | crypto/cmp/cmp_ctx.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 4a70b33ee7..89ecab1413 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -68,14 +68,21 @@ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx) */ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) { + STACK_OF(X509) *untrusted_certs; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } - sk_X509_pop_free(ctx->untrusted_certs, X509_free); - if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL) + if ((untrusted_certs = sk_X509_new_null()) == NULL) return 0; - return ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, certs, 0, 1, 0); + if (ossl_cmp_sk_X509_add1_certs(untrusted_certs, certs, 0, 1, 0) != 1) + goto err; + sk_X509_pop_free(ctx->untrusted_certs, X509_free); + ctx->untrusted_certs = untrusted_certs; + return 1; +err: + sk_X509_pop_free(untrusted_certs, X509_free); + return 0; } /* @@ -373,13 +380,19 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, const int len) { + ASN1_OCTET_STRING *secretValue = NULL; if (ctx == NULL) { CMPerr(0, CMP_R_NULL_ARGUMENT); return 0; } - if (ctx->secretValue != NULL) + if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1) + return 0; + if (ctx->secretValue != NULL) { OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length); - return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->secretValue, sec, len); + ASN1_OCTET_STRING_free(ctx->secretValue); + } + ctx->secretValue = secretValue; + return 1; } /* |