Update to OpenSSL 1.0.2.o

2018-04-13 17:29:45 +00:00
parent ccd3ab4aff
commit 4933cd8231
386 changed files with 5623 additions and 2984 deletions
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -402,6 +402,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
            if (!hent) {
                hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
                if (hent == NULL) {
+                    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
                    goto finish;
                }
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -92,12 +92,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
                        long argl, char **ret)
 {
    int ok = 0;
-    char *file;
+    const char *file;

    switch (cmd) {
    case X509_L_FILE_LOAD:
        if (argl == X509_FILETYPE_DEFAULT) {
-            file = (char *)getenv(X509_get_default_cert_file_env());
+            file = getenv(X509_get_default_cert_file_env());
            if (file)
                ok = (X509_load_cert_crl_file(ctx, file,
                                              X509_FILETYPE_PEM) != 0);
@@ -140,7 +140,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)

    if (type == X509_FILETYPE_PEM) {
        for (;;) {
-            x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
+            x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
            if (x == NULL) {
                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
                     PEM_R_NO_START_LINE) && (count > 0)) {
@@ -199,7 +199,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)

    if (type == X509_FILETYPE_PEM) {
        for (;;) {
-            x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+            x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
            if (x == NULL) {
                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
                     PEM_R_NO_START_LINE) && (count > 0)) {
@@ -253,7 +253,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
        return 0;
    }
-    inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+    inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
    BIO_free(in);
    if (!inf) {
        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -185,14 +185,16 @@ X509_STORE *X509_STORE_new(void)

    if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
        return NULL;
-    ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
+    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
+        goto err0;
    ret->cache = 1;
-    ret->get_cert_methods = sk_X509_LOOKUP_new_null();
+    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
+        goto err1;
    ret->verify = 0;
    ret->verify_cb = 0;

    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
-        return NULL;
+        goto err2;

    ret->get_issuer = 0;
    ret->check_issued = 0;
@@ -204,14 +206,21 @@ X509_STORE *X509_STORE_new(void)
    ret->lookup_crls = 0;
    ret->cleanup = 0;

-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
-        sk_X509_OBJECT_free(ret->objs);
-        OPENSSL_free(ret);
-        return NULL;
-    }
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+       goto err3;

    ret->references = 1;
    return ret;
+
+ err3:
+    X509_VERIFY_PARAM_free(ret->param);
+ err2:
+    sk_X509_LOOKUP_free(ret->get_cert_methods);
+ err1:
+    sk_X509_OBJECT_free(ret->objs);
+ err0:
+    OPENSSL_free(ret);
+    return NULL;
 }

 static void cleanup(X509_OBJECT *a)
@@ -360,8 +369,12 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
        X509err(X509_F_X509_STORE_ADD_CERT,
                X509_R_CERT_ALREADY_IN_HASH_TABLE);
        ret = 0;
-    } else
-        sk_X509_OBJECT_push(ctx->objs, obj);
+    } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) {
+        X509_OBJECT_free_contents(obj);
+        OPENSSL_free(obj);
+        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+        ret = 0;
+    }

    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

@@ -392,8 +405,12 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
        OPENSSL_free(obj);
        X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
        ret = 0;
-    } else
-        sk_X509_OBJECT_push(ctx->objs, obj);
+    } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) {
+        X509_OBJECT_free_contents(obj);
+        OPENSSL_free(obj);
+        X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        ret = 0;
+    }

    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -212,7 +212,7 @@ const char *X509_verify_cert_error_string(long n)
        return ("proxy subject name violation");

    default:
-        BIO_snprintf(buf, sizeof buf, "error number %ld", n);
+        BIO_snprintf(buf, sizeof(buf), "error number %ld", n);
        return (buf);
    }
 }
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -177,7 +177,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
 err2:
    if (new_ex != NULL)
        X509_EXTENSION_free(new_ex);
-    if (sk != NULL)
+    if (x != NULL && *x == NULL && sk != NULL)
        sk_X509_EXTENSION_free(sk);
    return (NULL);
 }
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -173,7 +173,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
    X509_VERIFY_PARAM *param;
    X509_VERIFY_PARAM_ID *paramid;

-    param = OPENSSL_malloc(sizeof *param);
+    param = OPENSSL_malloc(sizeof(*param));
    if (!param)
        return NULL;
    memset(param, 0, sizeof(*param));