X509_STORE_CTX_cleanup(): Use internally so no need to call explicitly

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14088)
author: Dr. David von Oheimb <dev@ddvo.net> 2021-02-05 21:52:01 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-02-11 21:34:27 +0100
commit: c926a5ecb7a855c2ca1716e4c408410d2b2adccd (patch)
tree: 8dec479af59e8bdc9892ba60635375d70365a360 /crypto
parent: f1923a2147cdbfbc67ab54dfc15d2c6c4611ea9c (diff)
3 files changed, 9 insertions, 6 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index e962e93688..a979544aeb 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1053,10 +1053,8 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
     i = X509_verify_cert(ctx);
     if (i <= 0) {
         ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
-        X509_STORE_CTX_cleanup(ctx);
         goto err;
     }
-    X509_STORE_CTX_cleanup(ctx);
 
     return PKCS7_signatureVerify(bio, p7, si, x509);
  err:
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 8d89f7fd44..f6853513e0 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -289,7 +289,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
             i = X509_verify_cert(cert_ctx);
             if (i <= 0)
                 j = X509_STORE_CTX_get_error(cert_ctx);
-            X509_STORE_CTX_cleanup(cert_ctx);
             if (i <= 0) {
                 ERR_raise_data(ERR_LIB_PKCS7, PKCS7_R_CERTIFICATE_VERIFY_ERROR,
                                "Verify error: %s",
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index a0bf50a708..58598bbf1f 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1317,7 +1317,7 @@ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
  */
 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
 {
-    X509_STORE_CTX crl_ctx;
+    X509_STORE_CTX crl_ctx = {0};
     int ret;
 
     /* Don't allow recursive CRL path validation */
@@ -2313,6 +2313,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 {
     int ret = 1;
 
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    X509_STORE_CTX_cleanup(ctx);
+
     ctx->store = store;
     ctx->cert = x509;
     ctx->untrusted = chain;
@@ -2340,7 +2346,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
     if (store != NULL)
         ctx->cleanup = store->cleanup;
     else
-        ctx->cleanup = 0;
+        ctx->cleanup = NULL;
 
     if (store != NULL && store->check_issued != NULL)
         ctx->check_issued = store->check_issued;
@@ -2463,7 +2469,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
      * calls cleanup() for the same object twice!  Thus we must zero the
      * pointers below after they're freed!
      */
-    /* Seems to always be 0 in OpenSSL, do this at most once. */
+    /* Seems to always be NULL in OpenSSL, do this at most once. */
     if (ctx->cleanup != NULL) {
         ctx->cleanup(ctx);
         ctx->cleanup = NULL;
author	Dr. David von Oheimb <dev@ddvo.net>	2021-02-05 21:52:01 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-02-11 21:34:27 +0100
commit	c926a5ecb7a855c2ca1716e4c408410d2b2adccd (patch)
tree	8dec479af59e8bdc9892ba60635375d70365a360 /crypto
parent	f1923a2147cdbfbc67ab54dfc15d2c6c4611ea9c (diff)