diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-28 21:33:09 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-04-20 10:47:24 +0200 |
| commit | 1c0eede9827b0962f1d752fa4ab5d436fa039da4 (patch) | |
| tree | 87f7f312c5ca6351cb0aac262d7a02c976e5f8eb /crypto/x509 | |
| parent | a78c7c0bfe56d67022ca18cfabefc73926dde0ae (diff) | |
| download | openssl-1c0eede9827b0962f1d752fa4ab5d436fa039da4.tar.gz | |
Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14128)
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509_vfy.c | 42 | ||||
| -rw-r--r-- | crypto/x509/x_x509.c | 2 |
2 files changed, 43 insertions, 1 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 01871b9090..cb541084df 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3322,6 +3322,48 @@ static int build_chain(X509_STORE_CTX *ctx) return -1; } +STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs, + X509_STORE *store, int with_self_signed, + OSSL_LIB_CTX *libctx, const char *propq) +{ + int finish_chain = store != NULL; + X509_STORE_CTX *ctx; + int flags = X509_ADD_FLAG_UP_REF; + STACK_OF(X509) *result = NULL; + + if (target == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + if ((ctx = X509_STORE_CTX_new_ex(libctx, propq)) == NULL) + return NULL; + if (!X509_STORE_CTX_init(ctx, store, target, finish_chain ? certs : NULL)) + goto err; + if (!finish_chain) + X509_STORE_CTX_set0_trusted_stack(ctx, certs); + if (!ossl_x509_add_cert_new(&ctx->chain, target, X509_ADD_FLAG_UP_REF)) { + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto err; + } + ctx->num_untrusted = 1; + + if (!build_chain(ctx) && finish_chain) + goto err; + + /* result list to store the up_ref'ed certificates */ + if (sk_X509_num(ctx->chain) > 1 && !with_self_signed) + flags |= X509_ADD_FLAG_NO_SS; + if (!ossl_x509_add_certs_new(&result, ctx->chain, flags)) { + sk_X509_free(result); + result = NULL; + } + + err: + X509_STORE_CTX_free(ctx); + return result; +} + static const int minbits_table[] = { 80, 112, 128, 192, 256 }; static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index a4a169a97e..529d701bbb 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -129,7 +129,7 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len) cert = (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (X509_it())); /* Only cache the extensions if the cert object was passed in */ - if (cert != NULL && a != NULL) { + if (cert != NULL && a != NULL) { /* then cert == *a */ if (!ossl_x509v3_cache_extensions(cert)) { if (free_on_error) X509_free(cert); |