Dedup code in x509_verify_ctx_new_from_xsc().

Rather than duplicating code, have x509_verify_ctx_new_from_xsc() call x509_verify_ctx_new(), then handle the xsc specific parts. ok beck@
author: jsing <> 2020-09-16 05:47:01 +0000
committer: jsing <> 2020-09-16 05:47:01 +0000
commit: 295c92957de5d0482b34104958624cea0184cbf3 (patch)
tree: 89c3831955073126a3ad2a4852d26c5d7815f439 /src
parent: 11d8a3d204474a9a17954429910eba7f3a87c4ba (diff)
download: openbsd-295c92957de5d0482b34104958624cea0184cbf3.tar.gz
openbsd-295c92957de5d0482b34104958624cea0184cbf3.tar.bz2
openbsd-295c92957de5d0482b34104958624cea0184cbf3.zip
1 files changed, 7 insertions, 14 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 8b12f18bfb..967952ead0 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.8 2020/09/15 13:34:56 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.9 2020/09/16 05:47:01 jsing Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -688,31 +688,24 @@ struct x509_verify_ctx *
 x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc, STACK_OF(X509) *roots)
 {
        struct x509_verify_ctx *ctx;
+        size_t max_depth;
        if (xsc == NULL)
                return NULL;
-        if ((ctx = calloc(1, sizeof(struct x509_verify_ctx))) == NULL)
+        if ((ctx = x509_verify_ctx_new(roots)) == NULL)
                return NULL;
        ctx->xsc = xsc;
-        if ((ctx->roots = X509_chain_up_ref(roots)) == NULL)
-                goto err;
        if (xsc->untrusted &&
            (ctx->intermediates = X509_chain_up_ref(xsc->untrusted)) == NULL)
                goto err;
-        ctx->max_depth = xsc->param->depth;
+        max_depth = X509_VERIFY_MAX_CHAIN_CERTS;
-        if (ctx->max_depth == 0 || ctx->max_depth > X509_VERIFY_MAX_CHAIN_CERTS)
+        if (xsc->param->depth > 0 && xsc->param->depth < X509_VERIFY_MAX_CHAIN_CERTS)
-                ctx->max_depth = X509_VERIFY_MAX_CHAIN_CERTS;
+                max_depth = xsc->param->depth;
+        if (!x509_verify_ctx_set_max_depth(ctx, max_depth))
-        ctx->max_chains = X509_VERIFY_MAX_CHAINS;
-        ctx->max_sigs = X509_VERIFY_MAX_SIGCHECKS;
-        if ((ctx->chains = calloc(X509_VERIFY_MAX_CHAINS, sizeof(*ctx->chains))) ==
-            NULL)
                goto err;
        return ctx;
author	jsing <>	2020-09-16 05:47:01 +0000
committer	jsing <>	2020-09-16 05:47:01 +0000
commit	295c92957de5d0482b34104958624cea0184cbf3 (patch)
tree	89c3831955073126a3ad2a4852d26c5d7815f439 /src
parent	11d8a3d204474a9a17954429910eba7f3a87c4ba (diff)
download	openbsd-295c92957de5d0482b34104958624cea0184cbf3.tar.gz openbsd-295c92957de5d0482b34104958624cea0184cbf3.tar.bz2 openbsd-295c92957de5d0482b34104958624cea0184cbf3.zip

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 8b12f18bfb..967952ead0 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_verify.c,v 1.8 2020/09/15 13:34:56 beck Exp $ */	1	/* $OpenBSD: x509_verify.c,v 1.9 2020/09/16 05:47:01 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -688,31 +688,24 @@ struct x509_verify_ctx *
688	x509_verify_ctx_new_from_xsc(X509_STORE_CTX xsc, STACK_OF(X509) roots)	688	x509_verify_ctx_new_from_xsc(X509_STORE_CTX xsc, STACK_OF(X509) roots)
689	{	689	{
690	struct x509_verify_ctx *ctx;	690	struct x509_verify_ctx *ctx;
		691	size_t max_depth;
691		692
692	if (xsc == NULL)	693	if (xsc == NULL)
693	return NULL;	694	return NULL;
694		695
695	if ((ctx = calloc(1, sizeof(struct x509_verify_ctx))) == NULL)	696	if ((ctx = x509_verify_ctx_new(roots)) == NULL)
696	return NULL;	697	return NULL;
697		698
698	ctx->xsc = xsc;	699	ctx->xsc = xsc;
699		700
700	if ((ctx->roots = X509_chain_up_ref(roots)) == NULL)
701	goto err;
702
703	if (xsc->untrusted &&	701	if (xsc->untrusted &&
704	(ctx->intermediates = X509_chain_up_ref(xsc->untrusted)) == NULL)	702	(ctx->intermediates = X509_chain_up_ref(xsc->untrusted)) == NULL)
705	goto err;	703	goto err;
706		704
707	ctx->max_depth = xsc->param->depth;	705	max_depth = X509_VERIFY_MAX_CHAIN_CERTS;
708	if (ctx->max_depth == 0 \|\| ctx->max_depth > X509_VERIFY_MAX_CHAIN_CERTS)	706	if (xsc->param->depth > 0 && xsc->param->depth < X509_VERIFY_MAX_CHAIN_CERTS)
709	ctx->max_depth = X509_VERIFY_MAX_CHAIN_CERTS;	707	max_depth = xsc->param->depth;
710		708	if (!x509_verify_ctx_set_max_depth(ctx, max_depth))
711	ctx->max_chains = X509_VERIFY_MAX_CHAINS;
712	ctx->max_sigs = X509_VERIFY_MAX_SIGCHECKS;
713
714	if ((ctx->chains = calloc(X509_VERIFY_MAX_CHAINS, sizeof(*ctx->chains))) ==
715	NULL)
716	goto err;	709	goto err;
717		710
718	return ctx;	711	return ctx;