X509_STORE_CTX_set_default(): improve error handling, also in its use

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)

(cherry picked from commit 4fdc16af05d5e1e79ffebbae2b427f3a388227e3)

diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index cc5f0b33e88b3d802689928d3784474f0f7dd409..4593da8f5b4148982d37f925f59391a7cee75915 100644 (file)
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -280,7 +280,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                     ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
                     goto err;
                 }
-                X509_STORE_CTX_set_default(cert_ctx, "smime_sign");
+                if (!X509_STORE_CTX_set_default(cert_ctx, "smime_sign"))
+                    goto err;
             } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) {
                 ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
                 goto err;

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 62d6991ec9045a8f2bbe01a025a0d2a440e1469a..9384f1da9bad9e104550ff270d9ae8dc61da073d 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2313,8 +2313,6 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
                         STACK_OF(X509) *chain)
 {
-    int ret = 1;
-
     if (ctx == NULL) {
         ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
@@ -2412,19 +2410,13 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
     }
 
     /* Inherit callbacks and flags from X509_STORE if not set use defaults. */
-    if (store != NULL)
-        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
-    else
+    if (store == NULL)
         ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+    else if (X509_VERIFY_PARAM_inherit(ctx->param, store->param) == 0)
+        goto err;
 
-    if (ret)
-        ret = X509_VERIFY_PARAM_inherit(ctx->param,
-                                        X509_VERIFY_PARAM_lookup("default"));
-
-    if (ret == 0) {
-        ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
+    if (!X509_STORE_CTX_set_default(ctx, "default"))
         goto err;
-    }
 
     /*
      * XXX: For now, continue to inherit trust from VPM, but infer from the
@@ -2626,8 +2618,10 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
     const X509_VERIFY_PARAM *param;
 
     param = X509_VERIFY_PARAM_lookup(name);
-    if (param == NULL)
+    if (param == NULL) {
+        ERR_raise_data(ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID, "name=%s", name);
         return 0;
+    }
     return X509_VERIFY_PARAM_inherit(ctx->param, param);
 }