Add some checks of OCSP functions

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8308)
This commit is contained in:
Dmitry Belyavskiy 2019-02-22 16:58:55 +03:00 committed by Matt Caswell
parent cc6d92619f
commit 72b89b8e20

View file

@ -641,8 +641,10 @@ redo_accept:
goto end; goto end;
} }
if (req != NULL && add_nonce) if (req != NULL && add_nonce) {
OCSP_request_add1_nonce(req, NULL, -1); if (!OCSP_request_add1_nonce(req, NULL, -1))
goto end;
}
if (signfile != NULL) { if (signfile != NULL) {
if (keyfile == NULL) if (keyfile == NULL)
@ -1245,7 +1247,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
goto end; goto end;
} }
} }
OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags); if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) {
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
goto end;
}
if (badsig) { if (badsig) {
const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);