summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509/x509_verify.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index fdde098df7..74316cb941 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_verify.c,v 1.14 2020/10/26 11:56:36 tb Exp $ */ 1/* $OpenBSD: x509_verify.c,v 1.15 2020/10/26 11:59:16 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -858,13 +858,13 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
858 858
859 if (ctx->roots == NULL || ctx->max_depth == 0) { 859 if (ctx->roots == NULL || ctx->max_depth == 0) {
860 ctx->error = X509_V_ERR_INVALID_CALL; 860 ctx->error = X509_V_ERR_INVALID_CALL;
861 return 0; 861 goto err;
862 } 862 }
863 863
864 if (ctx->xsc != NULL) { 864 if (ctx->xsc != NULL) {
865 if (leaf != NULL || name != NULL) { 865 if (leaf != NULL || name != NULL) {
866 ctx->error = X509_V_ERR_INVALID_CALL; 866 ctx->error = X509_V_ERR_INVALID_CALL;
867 return 0; 867 goto err;
868 } 868 }
869 leaf = ctx->xsc->cert; 869 leaf = ctx->xsc->cert;
870 870
@@ -877,34 +877,34 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
877 */ 877 */
878 if ((ctx->xsc->chain = sk_X509_new_null()) == NULL) { 878 if ((ctx->xsc->chain = sk_X509_new_null()) == NULL) {
879 ctx->error = X509_V_ERR_OUT_OF_MEM; 879 ctx->error = X509_V_ERR_OUT_OF_MEM;
880 return 0; 880 goto err;
881 } 881 }
882 if (!X509_up_ref(leaf)) { 882 if (!X509_up_ref(leaf)) {
883 ctx->error = X509_V_ERR_OUT_OF_MEM; 883 ctx->error = X509_V_ERR_OUT_OF_MEM;
884 return 0; 884 goto err;
885 } 885 }
886 if (!sk_X509_push(ctx->xsc->chain, leaf)) { 886 if (!sk_X509_push(ctx->xsc->chain, leaf)) {
887 X509_free(leaf); 887 X509_free(leaf);
888 ctx->error = X509_V_ERR_OUT_OF_MEM; 888 ctx->error = X509_V_ERR_OUT_OF_MEM;
889 return 0; 889 goto err;
890 } 890 }
891 ctx->xsc->error_depth = 0; 891 ctx->xsc->error_depth = 0;
892 ctx->xsc->current_cert = leaf; 892 ctx->xsc->current_cert = leaf;
893 } 893 }
894 894
895 if (!x509_verify_cert_valid(ctx, leaf, NULL)) 895 if (!x509_verify_cert_valid(ctx, leaf, NULL))
896 return 0; 896 goto err;
897 897
898 if (!x509_verify_cert_hostname(ctx, leaf, name)) 898 if (!x509_verify_cert_hostname(ctx, leaf, name))
899 return 0; 899 goto err;
900 900
901 if ((current_chain = x509_verify_chain_new()) == NULL) { 901 if ((current_chain = x509_verify_chain_new()) == NULL) {
902 ctx->error = X509_V_ERR_OUT_OF_MEM; 902 ctx->error = X509_V_ERR_OUT_OF_MEM;
903 return 0; 903 goto err;
904 } 904 }
905 if (!x509_verify_chain_append(current_chain, leaf, &ctx->error)) { 905 if (!x509_verify_chain_append(current_chain, leaf, &ctx->error)) {
906 x509_verify_chain_free(current_chain); 906 x509_verify_chain_free(current_chain);
907 return 0; 907 goto err;
908 } 908 }
909 if (x509_verify_ctx_cert_is_root(ctx, leaf)) 909 if (x509_verify_ctx_cert_is_root(ctx, leaf))
910 x509_verify_ctx_add_chain(ctx, current_chain); 910 x509_verify_ctx_add_chain(ctx, current_chain);
@@ -930,4 +930,9 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
930 return ctx->xsc->verify_cb(ctx->chains_count, ctx->xsc); 930 return ctx->xsc->verify_cb(ctx->chains_count, ctx->xsc);
931 } 931 }
932 return (ctx->chains_count); 932 return (ctx->chains_count);
933
934 err:
935 if (ctx->xsc != NULL)
936 ctx->xsc->error = ctx->error;
937 return 0;
933} 938}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 04:44:36 +0000