Fix error handling in x509v3_cache_extensions and related functions

Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10755)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2020-01-04 15:54:53 +0100
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2020-03-21 18:46:36 +0100
commit: 7e06a6758bef584deabc9cb4b0d21b3e664b25c9 (patch)
tree: 8c0c5b3fbc427eb8f8b82570d3f88a1fa7032b3b /crypto/ess
parent: d3b2f8760a56da3e70c30e5614181f3798e4ad54 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index 17c0ea56c6..a2d6bfe7a9 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -59,7 +59,8 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
     X509_check_purpose(cert, -1, 0);
     if ((cid = ESS_CERT_ID_new()) == NULL)
         goto err;
-    X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+    if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL))
+        goto err;
     if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
         goto err;
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2020-01-04 15:54:53 +0100
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2020-03-21 18:46:36 +0100
commit	7e06a6758bef584deabc9cb4b0d21b3e664b25c9 (patch)
tree	8c0c5b3fbc427eb8f8b82570d3f88a1fa7032b3b /crypto/ess
parent	d3b2f8760a56da3e70c30e5614181f3798e4ad54 (diff)