diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2020-01-04 15:54:53 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2020-03-21 18:46:36 +0100 |
commit | 7e06a6758bef584deabc9cb4b0d21b3e664b25c9 (patch) | |
tree | 8c0c5b3fbc427eb8f8b82570d3f88a1fa7032b3b /crypto/ess | |
parent | d3b2f8760a56da3e70c30e5614181f3798e4ad54 (diff) |
Fix error handling in x509v3_cache_extensions and related functions
Basically we use EXFLAG_INVALID for all kinds of out of memory and
all kinds of parse errors in x509v3_cache_extensions.
[extended tests]
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10755)
Diffstat (limited to 'crypto/ess')
-rw-r--r-- | crypto/ess/ess_lib.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 17c0ea56c6..a2d6bfe7a9 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,8 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; - X509_digest(cert, EVP_sha1(), cert_sha1, NULL); + if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) + goto err; if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) goto err; |