diff options
| author | Matt Caswell <matt@openssl.org> | 2021-05-21 16:45:58 +0100 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2021-05-31 09:40:50 +1000 |
| commit | 99be8ed331d884e77f658bb404b67a42405703e6 (patch) | |
| tree | 36eaab1f86b0b42a05ee9f49cffb89d8386c9185 /crypto/store | |
| parent | e43dc9b2438892f2adb7375ce9147e84b791ab97 (diff) | |
| download | openssl-new-99be8ed331d884e77f658bb404b67a42405703e6.tar.gz | |
Fix cert creation in the store
When we create a cert in the store, make sure we do so with the libctx
and propq associated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15523)
Diffstat (limited to 'crypto/store')
| -rw-r--r-- | crypto/store/store_result.c | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 82ec046763..7c48d182a8 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -442,8 +442,6 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, { if (data->object_type == OSSL_OBJECT_UNKNOWN || data->object_type == OSSL_OBJECT_CERT) { - X509 *cert; - /* * In most cases, we can try to interpret the serialized * data as a trusted cert (X509 + X509_AUX) and fall back @@ -454,31 +452,32 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, * or not (0). */ int ignore_trusted = 1; + X509 *cert = X509_new_ex(libctx, propq); + + if (cert == NULL) + return 0; /* If we have a data type, it should be a PEM name */ if (data->data_type != NULL && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) ignore_trusted = 0; - cert = d2i_X509_AUX(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); - if (cert == NULL && ignore_trusted) - cert = d2i_X509(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); - - if (cert != NULL) - /* We determined the object type */ - data->object_type = OSSL_OBJECT_CERT; - - if (cert != NULL && !ossl_x509_set0_libctx(cert, libctx, propq)) { + if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, + data->octet_data_size) == NULL + && (!ignore_trusted + || d2i_X509(&cert, (const unsigned char **)&data->octet_data, + data->octet_data_size) == NULL)) { X509_free(cert); cert = NULL; } - if (cert != NULL) + if (cert != NULL) { + /* We determined the object type */ + data->object_type = OSSL_OBJECT_CERT; *v = OSSL_STORE_INFO_new_CERT(cert); - if (*v == NULL) - X509_free(cert); + if (*v == NULL) + X509_free(cert); + } } return 1; |