diff options
author | Geoff Thorpe <geoff@openssl.org> | 2001-09-01 20:02:13 +0000 |
---|---|---|
committer | Geoff Thorpe <geoff@openssl.org> | 2001-09-01 20:02:13 +0000 |
commit | 79aa04ef27f69a1149d4d0e72d2d2953b6241ef0 (patch) | |
tree | 28eb317ea6bcd7f391cffe2fe694e92224ce1ff8 /crypto/pkcs7 | |
parent | 3a0799977bcb154d044828e96a25a01eb478de51 (diff) |
Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
Diffstat (limited to 'crypto/pkcs7')
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 6 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 15 |
2 files changed, 17 insertions, 4 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index e2c82a2a6c..4ff021e323 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -663,7 +663,11 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, } /* Lets verify */ - X509_STORE_CTX_init(ctx,cert_store,x509,cert); + if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) + { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); + goto err; + } X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); i=X509_verify_cert(ctx); if (i <= 0) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 348ec1dbbe..f0d071e282 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -201,11 +201,20 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { signer = sk_X509_value (signers, k); if (!(flags & PKCS7_NOCHAIN)) { - X509_STORE_CTX_init(&cert_ctx, store, signer, - p7->d.sign->cert); + if(!X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert)) + { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_SMIME_SIGN); - } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL); + } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } i = X509_verify_cert(&cert_ctx); if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); X509_STORE_CTX_cleanup(&cert_ctx); |