diff options
author | tb <> | 2021-11-07 15:51:23 +0000 |
---|---|---|
committer | tb <> | 2021-11-07 15:51:23 +0000 |
commit | 9a03e04c6f0b6f8a87ed2d3598d6890d034dad59 (patch) | |
tree | 115381a8e2b3bea723248bff78f7002ea1a9507f /src/lib/libcrypto/x509/x509_vfy.c | |
parent | 1b876ed700226e116dcaa299654f4ac0f43cfc81 (diff) | |
download | openbsd-9a03e04c6f0b6f8a87ed2d3598d6890d034dad59.tar.gz openbsd-9a03e04c6f0b6f8a87ed2d3598d6890d034dad59.tar.bz2 openbsd-9a03e04c6f0b6f8a87ed2d3598d6890d034dad59.zip |
In X509_STORE_CTX rename the misnamed last_untrusted to num_untrusted
ok jsing
Diffstat (limited to '')
-rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 3b0d6dfa35..aad9cf50c4 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_vfy.c,v 1.94 2021/11/04 23:52:34 beck Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.95 2021/11/07 15:51:23 tb Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -262,7 +262,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) | |||
262 | goto end; | 262 | goto end; |
263 | } | 263 | } |
264 | X509_up_ref(ctx->cert); | 264 | X509_up_ref(ctx->cert); |
265 | ctx->last_untrusted = 1; | 265 | ctx->num_untrusted = 1; |
266 | 266 | ||
267 | /* We use a temporary STACK so we can chop and hack at it */ | 267 | /* We use a temporary STACK so we can chop and hack at it */ |
268 | if (ctx->untrusted != NULL && | 268 | if (ctx->untrusted != NULL && |
@@ -336,7 +336,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) | |||
336 | } | 336 | } |
337 | X509_up_ref(xtmp); | 337 | X509_up_ref(xtmp); |
338 | (void)sk_X509_delete_ptr(sktmp, xtmp); | 338 | (void)sk_X509_delete_ptr(sktmp, xtmp); |
339 | ctx->last_untrusted++; | 339 | ctx->num_untrusted++; |
340 | x = xtmp; | 340 | x = xtmp; |
341 | num++; | 341 | num++; |
342 | /* | 342 | /* |
@@ -394,7 +394,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) | |||
394 | X509_free(x); | 394 | X509_free(x); |
395 | x = xtmp; | 395 | x = xtmp; |
396 | (void)sk_X509_set(ctx->chain, i - 1, x); | 396 | (void)sk_X509_set(ctx->chain, i - 1, x); |
397 | ctx->last_untrusted = 0; | 397 | ctx->num_untrusted = 0; |
398 | } | 398 | } |
399 | } else { | 399 | } else { |
400 | /* | 400 | /* |
@@ -402,7 +402,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) | |||
402 | * certificate for later use | 402 | * certificate for later use |
403 | */ | 403 | */ |
404 | chain_ss = sk_X509_pop(ctx->chain); | 404 | chain_ss = sk_X509_pop(ctx->chain); |
405 | ctx->last_untrusted--; | 405 | ctx->num_untrusted--; |
406 | num--; | 406 | num--; |
407 | j--; | 407 | j--; |
408 | x = sk_X509_value(ctx->chain, num - 1); | 408 | x = sk_X509_value(ctx->chain, num - 1); |
@@ -476,7 +476,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) | |||
476 | X509_free(xtmp); | 476 | X509_free(xtmp); |
477 | num--; | 477 | num--; |
478 | } | 478 | } |
479 | ctx->last_untrusted = sk_X509_num(ctx->chain); | 479 | ctx->num_untrusted = sk_X509_num(ctx->chain); |
480 | retry = 1; | 480 | retry = 1; |
481 | break; | 481 | break; |
482 | } | 482 | } |
@@ -491,7 +491,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) | |||
491 | */ | 491 | */ |
492 | if (trust != X509_TRUST_TRUSTED && !bad_chain) { | 492 | if (trust != X509_TRUST_TRUSTED && !bad_chain) { |
493 | if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { | 493 | if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { |
494 | if (ctx->last_untrusted >= num) | 494 | if (ctx->num_untrusted >= num) |
495 | ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; | 495 | ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; |
496 | else | 496 | else |
497 | ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; | 497 | ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; |
@@ -504,7 +504,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) | |||
504 | goto end; | 504 | goto end; |
505 | } | 505 | } |
506 | num++; | 506 | num++; |
507 | ctx->last_untrusted = num; | 507 | ctx->num_untrusted = num; |
508 | ctx->current_cert = chain_ss; | 508 | ctx->current_cert = chain_ss; |
509 | ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; | 509 | ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; |
510 | chain_ss = NULL; | 510 | chain_ss = NULL; |
@@ -749,7 +749,7 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) | |||
749 | } | 749 | } |
750 | 750 | ||
751 | /* Check all untrusted certificates */ | 751 | /* Check all untrusted certificates */ |
752 | for (i = 0; i < ctx->last_untrusted; i++) { | 752 | for (i = 0; i < ctx->num_untrusted; i++) { |
753 | int ret; | 753 | int ret; |
754 | x = sk_X509_value(ctx->chain, i); | 754 | x = sk_X509_value(ctx->chain, i); |
755 | if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && | 755 | if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && |
@@ -922,7 +922,7 @@ check_trust(X509_STORE_CTX *ctx) | |||
922 | 922 | ||
923 | cb = ctx->verify_cb; | 923 | cb = ctx->verify_cb; |
924 | /* Check all trusted certificates in chain */ | 924 | /* Check all trusted certificates in chain */ |
925 | for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { | 925 | for (i = ctx->num_untrusted; i < sk_X509_num(ctx->chain); i++) { |
926 | x = sk_X509_value(ctx->chain, i); | 926 | x = sk_X509_value(ctx->chain, i); |
927 | ok = X509_check_trust(x, ctx->param->trust, 0); | 927 | ok = X509_check_trust(x, ctx->param->trust, 0); |
928 | 928 | ||
@@ -948,14 +948,14 @@ check_trust(X509_STORE_CTX *ctx) | |||
948 | */ | 948 | */ |
949 | if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { | 949 | if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { |
950 | X509 *mx; | 950 | X509 *mx; |
951 | if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) | 951 | if (ctx->num_untrusted < (int)sk_X509_num(ctx->chain)) |
952 | return X509_TRUST_TRUSTED; | 952 | return X509_TRUST_TRUSTED; |
953 | x = sk_X509_value(ctx->chain, 0); | 953 | x = sk_X509_value(ctx->chain, 0); |
954 | mx = lookup_cert_match(ctx, x); | 954 | mx = lookup_cert_match(ctx, x); |
955 | if (mx) { | 955 | if (mx) { |
956 | (void)sk_X509_set(ctx->chain, 0, mx); | 956 | (void)sk_X509_set(ctx->chain, 0, mx); |
957 | X509_free(x); | 957 | X509_free(x); |
958 | ctx->last_untrusted = 0; | 958 | ctx->num_untrusted = 0; |
959 | return X509_TRUST_TRUSTED; | 959 | return X509_TRUST_TRUSTED; |
960 | } | 960 | } |
961 | } | 961 | } |
@@ -2567,7 +2567,7 @@ X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) | |||
2567 | int | 2567 | int |
2568 | X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) | 2568 | X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) |
2569 | { | 2569 | { |
2570 | return ctx->last_untrusted; /* XXX */ | 2570 | return ctx->num_untrusted; |
2571 | } | 2571 | } |
2572 | 2572 | ||
2573 | int | 2573 | int |