From 7e06a6758bef584deabc9cb4b0d21b3e664b25c9 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Sat, 4 Jan 2020 15:54:53 +0100 Subject: Fix error handling in x509v3_cache_extensions and related functions Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10755) --- crypto/ess/ess_lib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'crypto/ess') diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 17c0ea56c6..a2d6bfe7a9 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,8 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; - X509_digest(cert, EVP_sha1(), cert_sha1, NULL); + if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) + goto err; if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) goto err; -- cgit v1.2.3