summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vfy.c
diff options
context:
space:
mode:
authortb <>2021-11-07 15:51:23 +0000
committertb <>2021-11-07 15:51:23 +0000
commit9a03e04c6f0b6f8a87ed2d3598d6890d034dad59 (patch)
tree115381a8e2b3bea723248bff78f7002ea1a9507f /src/lib/libcrypto/x509/x509_vfy.c
parent1b876ed700226e116dcaa299654f4ac0f43cfc81 (diff)
downloadopenbsd-9a03e04c6f0b6f8a87ed2d3598d6890d034dad59.tar.gz
openbsd-9a03e04c6f0b6f8a87ed2d3598d6890d034dad59.tar.bz2
openbsd-9a03e04c6f0b6f8a87ed2d3598d6890d034dad59.zip
In X509_STORE_CTX rename the misnamed last_untrusted to num_untrusted
ok jsing
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 3b0d6dfa35..aad9cf50c4 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.94 2021/11/04 23:52:34 beck Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.95 2021/11/07 15:51:23 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -262,7 +262,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
262 goto end; 262 goto end;
263 } 263 }
264 X509_up_ref(ctx->cert); 264 X509_up_ref(ctx->cert);
265 ctx->last_untrusted = 1; 265 ctx->num_untrusted = 1;
266 266
267 /* We use a temporary STACK so we can chop and hack at it */ 267 /* We use a temporary STACK so we can chop and hack at it */
268 if (ctx->untrusted != NULL && 268 if (ctx->untrusted != NULL &&
@@ -336,7 +336,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
336 } 336 }
337 X509_up_ref(xtmp); 337 X509_up_ref(xtmp);
338 (void)sk_X509_delete_ptr(sktmp, xtmp); 338 (void)sk_X509_delete_ptr(sktmp, xtmp);
339 ctx->last_untrusted++; 339 ctx->num_untrusted++;
340 x = xtmp; 340 x = xtmp;
341 num++; 341 num++;
342 /* 342 /*
@@ -394,7 +394,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
394 X509_free(x); 394 X509_free(x);
395 x = xtmp; 395 x = xtmp;
396 (void)sk_X509_set(ctx->chain, i - 1, x); 396 (void)sk_X509_set(ctx->chain, i - 1, x);
397 ctx->last_untrusted = 0; 397 ctx->num_untrusted = 0;
398 } 398 }
399 } else { 399 } else {
400 /* 400 /*
@@ -402,7 +402,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
402 * certificate for later use 402 * certificate for later use
403 */ 403 */
404 chain_ss = sk_X509_pop(ctx->chain); 404 chain_ss = sk_X509_pop(ctx->chain);
405 ctx->last_untrusted--; 405 ctx->num_untrusted--;
406 num--; 406 num--;
407 j--; 407 j--;
408 x = sk_X509_value(ctx->chain, num - 1); 408 x = sk_X509_value(ctx->chain, num - 1);
@@ -476,7 +476,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
476 X509_free(xtmp); 476 X509_free(xtmp);
477 num--; 477 num--;
478 } 478 }
479 ctx->last_untrusted = sk_X509_num(ctx->chain); 479 ctx->num_untrusted = sk_X509_num(ctx->chain);
480 retry = 1; 480 retry = 1;
481 break; 481 break;
482 } 482 }
@@ -491,7 +491,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
491 */ 491 */
492 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 492 if (trust != X509_TRUST_TRUSTED && !bad_chain) {
493 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 493 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
494 if (ctx->last_untrusted >= num) 494 if (ctx->num_untrusted >= num)
495 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 495 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
496 else 496 else
497 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 497 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
@@ -504,7 +504,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
504 goto end; 504 goto end;
505 } 505 }
506 num++; 506 num++;
507 ctx->last_untrusted = num; 507 ctx->num_untrusted = num;
508 ctx->current_cert = chain_ss; 508 ctx->current_cert = chain_ss;
509 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 509 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
510 chain_ss = NULL; 510 chain_ss = NULL;
@@ -749,7 +749,7 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx)
749 } 749 }
750 750
751 /* Check all untrusted certificates */ 751 /* Check all untrusted certificates */
752 for (i = 0; i < ctx->last_untrusted; i++) { 752 for (i = 0; i < ctx->num_untrusted; i++) {
753 int ret; 753 int ret;
754 x = sk_X509_value(ctx->chain, i); 754 x = sk_X509_value(ctx->chain, i);
755 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 755 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
@@ -922,7 +922,7 @@ check_trust(X509_STORE_CTX *ctx)
922 922
923 cb = ctx->verify_cb; 923 cb = ctx->verify_cb;
924 /* Check all trusted certificates in chain */ 924 /* Check all trusted certificates in chain */
925 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { 925 for (i = ctx->num_untrusted; i < sk_X509_num(ctx->chain); i++) {
926 x = sk_X509_value(ctx->chain, i); 926 x = sk_X509_value(ctx->chain, i);
927 ok = X509_check_trust(x, ctx->param->trust, 0); 927 ok = X509_check_trust(x, ctx->param->trust, 0);
928 928
@@ -948,14 +948,14 @@ check_trust(X509_STORE_CTX *ctx)
948 */ 948 */
949 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 949 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
950 X509 *mx; 950 X509 *mx;
951 if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) 951 if (ctx->num_untrusted < (int)sk_X509_num(ctx->chain))
952 return X509_TRUST_TRUSTED; 952 return X509_TRUST_TRUSTED;
953 x = sk_X509_value(ctx->chain, 0); 953 x = sk_X509_value(ctx->chain, 0);
954 mx = lookup_cert_match(ctx, x); 954 mx = lookup_cert_match(ctx, x);
955 if (mx) { 955 if (mx) {
956 (void)sk_X509_set(ctx->chain, 0, mx); 956 (void)sk_X509_set(ctx->chain, 0, mx);
957 X509_free(x); 957 X509_free(x);
958 ctx->last_untrusted = 0; 958 ctx->num_untrusted = 0;
959 return X509_TRUST_TRUSTED; 959 return X509_TRUST_TRUSTED;
960 } 960 }
961 } 961 }
@@ -2567,7 +2567,7 @@ X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2567int 2567int
2568X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) 2568X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx)
2569{ 2569{
2570 return ctx->last_untrusted; /* XXX */ 2570 return ctx->num_untrusted;
2571} 2571}
2572 2572
2573int 2573int