summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vfy.c')
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c48
1 files changed, 19 insertions, 29 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9dba97bbf8..b81387a237 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.59 2017/01/21 01:09:54 beck Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.60 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -228,8 +228,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
228 STACK_OF(X509) *sktmp = NULL; 228 STACK_OF(X509) *sktmp = NULL;
229 229
230 if (ctx->cert == NULL) { 230 if (ctx->cert == NULL) {
231 X509err(X509_F_X509_VERIFY_CERT, 231 X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
232 X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
233 ctx->error = X509_V_ERR_INVALID_CALL; 232 ctx->error = X509_V_ERR_INVALID_CALL;
234 return -1; 233 return -1;
235 } 234 }
@@ -238,8 +237,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
238 * This X509_STORE_CTX has already been used to verify 237 * This X509_STORE_CTX has already been used to verify
239 * a cert. We cannot do another one. 238 * a cert. We cannot do another one.
240 */ 239 */
241 X509err(X509_F_X509_VERIFY_CERT, 240 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
242 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
243 ctx->error = X509_V_ERR_INVALID_CALL; 241 ctx->error = X509_V_ERR_INVALID_CALL;
244 return -1; 242 return -1;
245 } 243 }
@@ -247,8 +245,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
247 /* 245 /*
248 * This X509_STORE_CTX has not been properly initialized. 246 * This X509_STORE_CTX has not been properly initialized.
249 */ 247 */
250 X509err(X509_F_X509_VERIFY_CERT, 248 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
251 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
252 ctx->error = X509_V_ERR_INVALID_CALL; 249 ctx->error = X509_V_ERR_INVALID_CALL;
253 return -1; 250 return -1;
254 } 251 }
@@ -262,7 +259,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
262 */ 259 */
263 ctx->chain = sk_X509_new_null(); 260 ctx->chain = sk_X509_new_null();
264 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { 261 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
265 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 262 X509error(ERR_R_MALLOC_FAILURE);
266 ctx->error = X509_V_ERR_OUT_OF_MEM; 263 ctx->error = X509_V_ERR_OUT_OF_MEM;
267 goto end; 264 goto end;
268 } 265 }
@@ -272,7 +269,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
272 /* We use a temporary STACK so we can chop and hack at it */ 269 /* We use a temporary STACK so we can chop and hack at it */
273 if (ctx->untrusted != NULL && 270 if (ctx->untrusted != NULL &&
274 (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 271 (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
275 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 272 X509error(ERR_R_MALLOC_FAILURE);
276 ctx->error = X509_V_ERR_OUT_OF_MEM; 273 ctx->error = X509_V_ERR_OUT_OF_MEM;
277 goto end; 274 goto end;
278 } 275 }
@@ -316,8 +313,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
316 xtmp = find_issuer(ctx, sktmp, x); 313 xtmp = find_issuer(ctx, sktmp, x);
317 if (xtmp != NULL) { 314 if (xtmp != NULL) {
318 if (!sk_X509_push(ctx->chain, xtmp)) { 315 if (!sk_X509_push(ctx->chain, xtmp)) {
319 X509err(X509_F_X509_VERIFY_CERT, 316 X509error(ERR_R_MALLOC_FAILURE);
320 ERR_R_MALLOC_FAILURE);
321 ctx->error = X509_V_ERR_OUT_OF_MEM; 317 ctx->error = X509_V_ERR_OUT_OF_MEM;
322 ok = 0; 318 ok = 0;
323 goto end; 319 goto end;
@@ -415,8 +411,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
415 x = xtmp; 411 x = xtmp;
416 if (!sk_X509_push(ctx->chain, x)) { 412 if (!sk_X509_push(ctx->chain, x)) {
417 X509_free(xtmp); 413 X509_free(xtmp);
418 X509err(X509_F_X509_VERIFY_CERT, 414 X509error(ERR_R_MALLOC_FAILURE);
419 ERR_R_MALLOC_FAILURE);
420 ctx->error = X509_V_ERR_OUT_OF_MEM; 415 ctx->error = X509_V_ERR_OUT_OF_MEM;
421 ok = 0; 416 ok = 0;
422 goto end; 417 goto end;
@@ -488,7 +483,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
488 } else { 483 } else {
489 if (!sk_X509_push(ctx->chain, chain_ss)) { 484 if (!sk_X509_push(ctx->chain, chain_ss)) {
490 X509_free(chain_ss); 485 X509_free(chain_ss);
491 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 486 X509error(ERR_R_MALLOC_FAILURE);
492 return 0; 487 return 0;
493 } 488 }
494 num++; 489 num++;
@@ -1669,7 +1664,7 @@ check_policy(X509_STORE_CTX *ctx)
1669 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1664 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1670 ctx->param->policies, ctx->param->flags); 1665 ctx->param->policies, ctx->param->flags);
1671 if (ret == 0) { 1666 if (ret == 0) {
1672 X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); 1667 X509error(ERR_R_MALLOC_FAILURE);
1673 return 0; 1668 return 0;
1674 } 1669 }
1675 /* Invalid or inconsistent extensions */ 1670 /* Invalid or inconsistent extensions */
@@ -1941,8 +1936,7 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
1941 for (i = 0; i < sk_X509_num(chain); i++) { 1936 for (i = 0; i < sk_X509_num(chain); i++) {
1942 ktmp = X509_get_pubkey(sk_X509_value(chain, i)); 1937 ktmp = X509_get_pubkey(sk_X509_value(chain, i));
1943 if (ktmp == NULL) { 1938 if (ktmp == NULL) {
1944 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, 1939 X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
1945 X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
1946 return 0; 1940 return 0;
1947 } 1941 }
1948 if (!EVP_PKEY_missing_parameters(ktmp)) 1942 if (!EVP_PKEY_missing_parameters(ktmp))
@@ -1953,8 +1947,7 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
1953 } 1947 }
1954 } 1948 }
1955 if (ktmp == NULL) { 1949 if (ktmp == NULL) {
1956 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, 1950 X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
1957 X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
1958 return 0; 1951 return 0;
1959 } 1952 }
1960 1953
@@ -2109,16 +2102,14 @@ X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2109 X509_PURPOSE *ptmp; 2102 X509_PURPOSE *ptmp;
2110 idx = X509_PURPOSE_get_by_id(purpose); 2103 idx = X509_PURPOSE_get_by_id(purpose);
2111 if (idx == -1) { 2104 if (idx == -1) {
2112 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2105 X509error(X509_R_UNKNOWN_PURPOSE_ID);
2113 X509_R_UNKNOWN_PURPOSE_ID);
2114 return 0; 2106 return 0;
2115 } 2107 }
2116 ptmp = X509_PURPOSE_get0(idx); 2108 ptmp = X509_PURPOSE_get0(idx);
2117 if (ptmp->trust == X509_TRUST_DEFAULT) { 2109 if (ptmp->trust == X509_TRUST_DEFAULT) {
2118 idx = X509_PURPOSE_get_by_id(def_purpose); 2110 idx = X509_PURPOSE_get_by_id(def_purpose);
2119 if (idx == -1) { 2111 if (idx == -1) {
2120 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2112 X509error(X509_R_UNKNOWN_PURPOSE_ID);
2121 X509_R_UNKNOWN_PURPOSE_ID);
2122 return 0; 2113 return 0;
2123 } 2114 }
2124 ptmp = X509_PURPOSE_get0(idx); 2115 ptmp = X509_PURPOSE_get0(idx);
@@ -2130,8 +2121,7 @@ X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2130 if (trust) { 2121 if (trust) {
2131 idx = X509_TRUST_get_by_id(trust); 2122 idx = X509_TRUST_get_by_id(trust);
2132 if (idx == -1) { 2123 if (idx == -1) {
2133 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2124 X509error(X509_R_UNKNOWN_TRUST_ID);
2134 X509_R_UNKNOWN_TRUST_ID);
2135 return 0; 2125 return 0;
2136 } 2126 }
2137 } 2127 }
@@ -2150,7 +2140,7 @@ X509_STORE_CTX_new(void)
2150 2140
2151 ctx = calloc(1, sizeof(X509_STORE_CTX)); 2141 ctx = calloc(1, sizeof(X509_STORE_CTX));
2152 if (!ctx) { 2142 if (!ctx) {
2153 X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); 2143 X509error(ERR_R_MALLOC_FAILURE);
2154 return NULL; 2144 return NULL;
2155 } 2145 }
2156 return ctx; 2146 return ctx;
@@ -2258,7 +2248,7 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2258 2248
2259 ctx->param = X509_VERIFY_PARAM_new(); 2249 ctx->param = X509_VERIFY_PARAM_new();
2260 if (!ctx->param) { 2250 if (!ctx->param) {
2261 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2251 X509error(ERR_R_MALLOC_FAILURE);
2262 return 0; 2252 return 0;
2263 } 2253 }
2264 2254
@@ -2275,13 +2265,13 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2275 X509_VERIFY_PARAM_lookup("default")); 2265 X509_VERIFY_PARAM_lookup("default"));
2276 2266
2277 if (param_ret == 0) { 2267 if (param_ret == 0) {
2278 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2268 X509error(ERR_R_MALLOC_FAILURE);
2279 return 0; 2269 return 0;
2280 } 2270 }
2281 2271
2282 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2272 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
2283 &(ctx->ex_data)) == 0) { 2273 &(ctx->ex_data)) == 0) {
2284 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2274 X509error(ERR_R_MALLOC_FAILURE);
2285 return 0; 2275 return 0;
2286 } 2276 }
2287 return 1; 2277 return 1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:35:12 +0000