summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509/x509_vfy.c
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2017-01-03 05:52:29 +0000
committerBob Beck <beck@cvs.openbsd.org>2017-01-03 05:52:29 +0000
commit7c6aa02930644e7eebcab8d5abc7b3960addeaad (patch)
tree96e0a68a7a6b2b199d021e3bf16cd3d0228af7fe /lib/libcrypto/x509/x509_vfy.c
parentf73635e9601be04fc5a12934299e485688f1ef17 (diff)
Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctx
and X509_verify_cert - We at least make it so an an init'ed ctx is not "valid" until X509_verify_cert has actually been called, And we make it impossible to return success without having the error set to ERR_V_OK. ok jsing@
Diffstat (limited to 'lib/libcrypto/x509/x509_vfy.c')
-rw-r--r--lib/libcrypto/x509/x509_vfy.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index 3d4121ed2af..f5559415875 100644
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.53 2017/01/03 05:34:48 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.54 2017/01/03 05:52:28 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -242,6 +242,16 @@ X509_verify_cert(X509_STORE_CTX *ctx)
ctx->error = X509_V_ERR_INVALID_CALL;
return -1;
}
+ if (ctx->error != X509_V_ERR_UNSPECIFIED) {
+ /*
+ * This X509_STORE_CTX has not been properly initialized.
+ */
+ X509err(X509_F_X509_VERIFY_CERT,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ctx->error = X509_V_ERR_INVALID_CALL;
+ return -1;
+ }
+ ctx->error = X509_V_OK; /* Initialize to OK */
cb = ctx->verify_cb;
@@ -538,7 +548,9 @@ X509_verify_cert(X509_STORE_CTX *ctx)
/* Safety net, error returns must set ctx->error */
if (ok <= 0 && ctx->error == X509_V_OK)
ctx->error = X509_V_ERR_UNSPECIFIED;
- return ok;
+
+ /* Ensure we only return success with ctx->error of X509_V_OK */
+ return (ctx->error == X509_V_OK);
}
/* Given a STACK_OF(X509) find the issuer of cert (if any)
@@ -2168,6 +2180,12 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
memset(ctx, 0, sizeof(*ctx));
/*
+ * Start with this set to not valid - it will be set to valid
+ * in X509_verify_cert.
+ */
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+
+ /*
* Set values other than 0. Keep this in the same order as
* X509_STORE_CTX except for values that may fail. All fields that
* may fail should go last to make sure 'ctx' is as consistent as