early-access version 2698
This commit is contained in:
pineappleEA
24
externals/libressl/crypto/ocsp/ocsp_vfy.c
vendored
24
externals/libressl/crypto/ocsp/ocsp_vfy.c
vendored
@@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
|
||||
/* $OpenBSD: ocsp_vfy.c,v 1.21 2022/01/22 00:33:02 inoguchi Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2000.
|
||||
*/
|
||||
@@ -60,6 +60,9 @@
|
||||
#include <openssl/err.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "ocsp_local.h"
|
||||
#include "x509_lcl.h"
|
||||
|
||||
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
|
||||
STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags);
|
||||
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
|
||||
@@ -94,10 +97,9 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
|
||||
if (!(flags & OCSP_NOSIGS)) {
|
||||
EVP_PKEY *skey;
|
||||
|
||||
skey = X509_get_pubkey(signer);
|
||||
skey = X509_get0_pubkey(signer);
|
||||
if (skey) {
|
||||
ret = OCSP_BASICRESP_verify(bs, skey, 0);
|
||||
EVP_PKEY_free(skey);
|
||||
}
|
||||
if (!skey || ret <= 0) {
|
||||
OCSPerror(OCSP_R_SIGNATURE_FAILURE);
|
||||
@@ -118,8 +120,11 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
} else
|
||||
} else if (certs != NULL) {
|
||||
untrusted = certs;
|
||||
} else {
|
||||
untrusted = bs->certs;
|
||||
}
|
||||
init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
|
||||
if (!init_res) {
|
||||
ret = -1;
|
||||
@@ -179,6 +184,13 @@ end:
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
|
||||
STACK_OF(X509) *extra_certs)
|
||||
{
|
||||
return ocsp_find_signer(signer, bs, extra_certs, NULL, 0) > 0;
|
||||
}
|
||||
|
||||
static int
|
||||
ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
|
||||
X509_STORE *st, unsigned long flags)
|
||||
@@ -395,9 +407,9 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
|
||||
if (!(flags & OCSP_NOSIGS)) {
|
||||
EVP_PKEY *skey;
|
||||
|
||||
skey = X509_get_pubkey(signer);
|
||||
if ((skey = X509_get0_pubkey(signer)) == NULL)
|
||||
return 0;
|
||||
ret = OCSP_REQUEST_verify(req, skey);
|
||||
EVP_PKEY_free(skey);
|
||||
if (ret <= 0) {
|
||||
OCSPerror(OCSP_R_SIGNATURE_FAILURE);
|
||||
return 0;
|
||||
|
||||
Reference in New Issue
Block a user