From 99be8ed331d884e77f658bb404b67a42405703e6 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 21 May 2021 16:45:58 +0100 Subject: Fix cert creation in the store When we create a cert in the store, make sure we do so with the libctx and propq associated. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15523) --- crypto/store/store_result.c | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 82ec046763..7c48d182a8 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -442,8 +442,6 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, { if (data->object_type == OSSL_OBJECT_UNKNOWN || data->object_type == OSSL_OBJECT_CERT) { - X509 *cert; - /* * In most cases, we can try to interpret the serialized * data as a trusted cert (X509 + X509_AUX) and fall back @@ -454,31 +452,32 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, * or not (0). */ int ignore_trusted = 1; + X509 *cert = X509_new_ex(libctx, propq); + + if (cert == NULL) + return 0; /* If we have a data type, it should be a PEM name */ if (data->data_type != NULL && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) ignore_trusted = 0; - cert = d2i_X509_AUX(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); - if (cert == NULL && ignore_trusted) - cert = d2i_X509(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); - - if (cert != NULL) - /* We determined the object type */ - data->object_type = OSSL_OBJECT_CERT; - - if (cert != NULL && !ossl_x509_set0_libctx(cert, libctx, propq)) { + if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, + data->octet_data_size) == NULL + && (!ignore_trusted + || d2i_X509(&cert, (const unsigned char **)&data->octet_data, + data->octet_data_size) == NULL)) { X509_free(cert); cert = NULL; } - if (cert != NULL) + if (cert != NULL) { + /* We determined the object type */ + data->object_type = OSSL_OBJECT_CERT; *v = OSSL_STORE_INFO_new_CERT(cert); - if (*v == NULL) - X509_free(cert); + if (*v == NULL) + X509_free(cert); + } } return 1; -- cgit v1.2.1