diff options
| author |   jsing <jsing@openbsd.org> | 2020-09-16 05:47:01 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-09-16 05:47:01 +0000 |
| commit | 2c940cf33ca427662413203155e8e054ca19b8a7 (patch) | |
| tree | 5e60aa2eed7e42e6ae524b8babb7951f3dacfc2b /lib | |
| parent | Remove unused buf, last user was removed when switching to the sshbuf API. (diff) | |
| download | wireguard-openbsd-2c940cf33ca427662413203155e8e054ca19b8a7.tar.xz wireguard-openbsd-2c940cf33ca427662413203155e8e054ca19b8a7.zip | |
Dedup code in x509_verify_ctx_new_from_xsc().
Rather than duplicating code, have x509_verify_ctx_new_from_xsc() call
x509_verify_ctx_new(), then handle the xsc specific parts.
ok beck@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 8b12f18bfbd..967952ead04 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.8 2020/09/15 13:34:56 beck Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.9 2020/09/16 05:47:01 jsing Exp $ */ /* * Copyright (c) 2020 Bob Beck <beck@openbsd.org> * @@ -688,31 +688,24 @@ struct x509_verify_ctx * x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc, STACK_OF(X509) *roots) { struct x509_verify_ctx *ctx; + size_t max_depth; if (xsc == NULL) return NULL; - if ((ctx = calloc(1, sizeof(struct x509_verify_ctx))) == NULL) + if ((ctx = x509_verify_ctx_new(roots)) == NULL) return NULL; ctx->xsc = xsc; - if ((ctx->roots = X509_chain_up_ref(roots)) == NULL) - goto err; - if (xsc->untrusted && (ctx->intermediates = X509_chain_up_ref(xsc->untrusted)) == NULL) goto err; - ctx->max_depth = xsc->param->depth; - if (ctx->max_depth == 0 || ctx->max_depth > X509_VERIFY_MAX_CHAIN_CERTS) - ctx->max_depth = X509_VERIFY_MAX_CHAIN_CERTS; - - ctx->max_chains = X509_VERIFY_MAX_CHAINS; - ctx->max_sigs = X509_VERIFY_MAX_SIGCHECKS; - - if ((ctx->chains = calloc(X509_VERIFY_MAX_CHAINS, sizeof(*ctx->chains))) == - NULL) + max_depth = X509_VERIFY_MAX_CHAIN_CERTS; + if (xsc->param->depth > 0 && xsc->param->depth < X509_VERIFY_MAX_CHAIN_CERTS) + max_depth = xsc->param->depth; + if (!x509_verify_ctx_set_max_depth(ctx, max_depth)) goto err; return ctx; |