Update upstream source from tag 'upstream/15.3'debian/15.3-1

Update to upstream version '15.3'
with Debian dir 1b484f1c1ac270604a5a1451b34de4b0865c6211

2 files changed, 8 insertions, 3 deletions

diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
index 11e07634..2fa33823 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
@@ -131,6 +131,8 @@ int X509_check_trust(X509 *x, int id, int flags)
     if (idx == -1)
         return default_trust(id, x, flags);
     pt = X509_TRUST_get0(idx);
+    if (!pt)
+        return default_trust(id, x, flags);
     return pt->check_trust(pt, x, flags);
 }
 
@@ -195,8 +197,10 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
             return 0;
         }
         trtmp->flags = X509_TRUST_DYNAMIC;
-    } else
-        trtmp = X509_TRUST_get0(idx);
+    } else if (!(trtmp = X509_TRUST_get0(idx))) {
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
 
     /* OPENSSL_free existing name if dynamic */
     if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
index 5bf3f07a..96f306b2 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
@@ -984,7 +984,8 @@ static int check_cert(X509_STORE_CTX *ctx)
 {
     X509_CRL *crl = NULL, *dcrl = NULL;
     X509 *x;
-    int ok, cnum;
+    int ok = 0; /* current openssl sets 'ok' to zero here */
+    int cnum;
     unsigned int last_reasons;
     cnum = ctx->error_depth;
     x = sk_X509_value(ctx->chain, cnum);