[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

2016-01-04 Thread Viktor Dukhovni 
The branch OpenSSL_1_0_1-stable has been updated
   via  737d57d0725551e473d4da176c3c431f1f9d36df (commit)
  from  b5dbbebbc226181585760c8caa1ce8990acab2e7 (commit)


- Log -
commit 737d57d0725551e473d4da176c3c431f1f9d36df
Author: Viktor Dukhovni 
Date:   Fri Jan 1 00:51:12 2016 -0500

Fix X509_STORE_CTX_cleanup()

Reviewed-by: Dr. Stephen Henson 

---

Summary of changes:
 apps/pkcs12.c | 42 --
 crypto/ts/ts_rsp_verify.c |  3 ++-
 crypto/x509/x509_vfy.c| 39 ---
 crypto/x509/x509_vfy.h|  2 +-
 4 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index e41b445..cbb75b7 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
 # define CLCERTS 0x8
 # define CACERTS 0x10
 
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+  STACK_OF(X509) **chain);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
 int options, char *pempass);
 int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
 vret = get_cert_chain(ucert, store, );
 X509_STORE_free(store);
 
-if (!vret) {
+if (vret == X509_V_OK) {
 /* Exclude verified certificate */
 for (i = 1; i < sk_X509_num(chain2); i++)
 sk_X509_push(certs, sk_X509_value(chain2, i));
@@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
 X509_free(sk_X509_value(chain2, 0));
 sk_X509_free(chain2);
 } else {
-if (vret >= 0)
+if (vret != X509_V_ERR_UNSPECIFIED)
 BIO_printf(bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
 else
@@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, 
char *pass,
 
 /* Given a single certificate return a verified chain or NULL if error */
 
-/* Hope this is OK  */
-
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+  STACK_OF(X509) **chain)
 {
 X509_STORE_CTX store_ctx;
-STACK_OF(X509) *chn;
+STACK_OF(X509) *chn = NULL;
 int i = 0;
 
-/*
- * FIXME: Should really check the return status of X509_STORE_CTX_init
- * for an error, but how that fits into the return value of this function
- * is less obvious.
- */
-X509_STORE_CTX_init(_ctx, store, cert, NULL);
-if (X509_verify_cert(_ctx) <= 0) {
-i = X509_STORE_CTX_get_error(_ctx);
-if (i == 0)
-/*
- * avoid returning 0 if X509_verify_cert() did not set an
- * appropriate error value in the context
- */
-i = -1;
-chn = NULL;
-goto err;
-} else
+if (!X509_STORE_CTX_init(_ctx, store, cert, NULL)) {
+*chain = NULL;
+return X509_V_ERR_UNSPECIFIED;
+}
+
+if (X509_verify_cert(_ctx) > 0)
 chn = X509_STORE_CTX_get1_chain(_ctx);
- err:
+else if ((i = X509_STORE_CTX_get_error(_ctx)) == 0)
+i = X509_V_ERR_UNSPECIFIED;
+
 X509_STORE_CTX_cleanup(_ctx);
 *chain = chn;
-
 return i;
 }
 
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 1a3a7c5..e24b2d5 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -255,7 +255,8 @@ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) 
*untrusted,
 
 /* chain is an out argument. */
 *chain = NULL;
-X509_STORE_CTX_init(_ctx, store, signer, untrusted);
+if (!X509_STORE_CTX_init(_ctx, store, signer, untrusted))
+return 0;
 X509_STORE_CTX_set_purpose(_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
 i = X509_verify_cert(_ctx);
 if (i <= 0) {
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 7009ae6..3bad523 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2026,9 +2026,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE 
*store, X509 *x509,
 ctx->current_reasons = 0;
 ctx->tree = NULL;
 ctx->parent = NULL;
+/* Zero ex_data to make sure we're cleanup-safe */
+memset(>ex_data, 0, sizeof(ctx->ex_data));
 
 ctx->param = X509_VERIFY_PARAM_new();
-
 if (!ctx->param) {
 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
 return 0;
@@ -2037,7 +2038,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE 
*store, X509 *x509,
 /*
  *

[openssl-commits] Build failed: openssl master.317

2016-01-04 Thread AppVeyor 



Build openssl master.317 failed


Commit eafc75125b by Rich Salz on 9/1/2015 3:49 AM:

mem functions cleanup


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits