diff options
Diffstat (limited to 'src/crypto/x509/x509_vfy.c')
-rw-r--r-- | src/crypto/x509/x509_vfy.c | 40 |
1 files changed, 17 insertions, 23 deletions
diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c index 695793e..c62a6f5 100644 --- a/src/crypto/x509/x509_vfy.c +++ b/src/crypto/x509/x509_vfy.c @@ -141,7 +141,6 @@ static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *crl_path); static int internal_verify(X509_STORE_CTX *ctx); -const char X509_version[]="X.509"; static int null_callback(int ok, X509_STORE_CTX *e) @@ -205,22 +204,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx) OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; } + if (ctx->chain != NULL) + { + /* This X509_STORE_CTX has already been used to verify a + * cert. We cannot do another one. */ + OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } cb=ctx->verify_cb; /* first we make sure the chain we are going to build is * present and that the first entry is in place */ - if (ctx->chain == NULL) + ctx->chain = sk_X509_new_null(); + if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { - if ( ((ctx->chain=sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain,ctx->cert))) - { - OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); - goto end; - } - X509_up_ref(ctx->cert); - ctx->last_untrusted=1; + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); + goto end; } + X509_up_ref(ctx->cert); + ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL @@ -2093,14 +2096,14 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, return NULL; } -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { /* This function is (usually) called only once, by * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ int index; if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, - new_func, dup_func, free_func)) + dup_func, free_func)) { return -1; } @@ -2267,19 +2270,13 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { int ret = 1; - int ex_data_allocated = 0; memset(ctx, 0, sizeof(X509_STORE_CTX)); ctx->ctx=store; ctx->cert=x509; ctx->untrusted=chain; - if(!CRYPTO_new_ex_data(&g_ex_data_class, ctx, - &ctx->ex_data)) - { - goto err; - } - ex_data_allocated = 1; + CRYPTO_new_ex_data(&ctx->ex_data); ctx->param = X509_VERIFY_PARAM_new(); if (!ctx->param) @@ -2363,10 +2360,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, return 1; err: - if (ex_data_allocated) - { - CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data); - } + CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data); if (ctx->param != NULL) { X509_VERIFY_PARAM_free(ctx->param); |