diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 2dfdce20f..f41ae6e13 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -190,8 +190,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509_VERIFY_PARAM *param = ctx->param; int depth, i, ok = 0; int num, j, retry, trust; - int (*cb) (int xok, X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp = NULL; + if (ctx->cert == NULL) { OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); ctx->error = X509_V_ERR_INVALID_CALL; @@ -207,8 +207,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return -1; } - cb = ctx->verify_cb; - /* * first we make sure the chain we are going to build is present and that * the first entry is in place @@ -331,7 +329,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ok == 1) X509_free(xtmp); bad_chain = 1; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } else { @@ -457,7 +455,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ctx->error_depth = num - 1; bad_chain = 1; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -487,7 +485,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (err != X509_V_OK) { ctx->error = err; ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -577,11 +575,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) { int i, ok = 0, plen = 0; X509 *x; - int (*cb) (int xok, X509_STORE_CTX *xctx); int proxy_path_length = 0; int purpose; int allow_proxy_certs; - cb = ctx->verify_cb; enum { // ca_or_leaf allows either type of certificate so that direct use of @@ -612,7 +608,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; ctx->error_depth = i; ctx->current_cert = x; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -620,7 +616,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; ctx->error_depth = i; ctx->current_cert = x; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -651,7 +647,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) if (ret == 0) { ctx->error_depth = i; ctx->current_cert = x; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -662,7 +658,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_INVALID_PURPOSE; ctx->error_depth = i; ctx->current_cert = x; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -674,7 +670,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; ctx->current_cert = x; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -691,7 +687,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; ctx->current_cert = x; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } @@ -859,8 +855,6 @@ static int check_trust(X509_STORE_CTX *ctx) size_t i; int ok; X509 *x = NULL; - int (*cb) (int xok, X509_STORE_CTX *xctx); - cb = ctx->verify_cb; /* Check all trusted certificates in chain */ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { x = sk_X509_value(ctx->chain, i); @@ -876,7 +870,7 @@ static int check_trust(X509_STORE_CTX *ctx) ctx->error_depth = i; ctx->current_cert = x; ctx->error = X509_V_ERR_CERT_REJECTED; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) return X509_TRUST_REJECTED; } @@ -1792,9 +1786,6 @@ static int internal_verify(X509_STORE_CTX *ctx) int ok = 0, n; X509 *xs, *xi; EVP_PKEY *pkey = NULL; - int (*cb) (int xok, X509_STORE_CTX *xctx); - - cb = ctx->verify_cb; n = sk_X509_num(ctx->chain); ctx->error_depth = n - 1; @@ -1811,7 +1802,7 @@ static int internal_verify(X509_STORE_CTX *ctx) if (n <= 0) { ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; ctx->current_cert = xi; - ok = cb(0, ctx); + ok = ctx->verify_cb(0, ctx); goto end; } else { n--; @@ -1833,13 +1824,13 @@ static int internal_verify(X509_STORE_CTX *ctx) if ((pkey = X509_get_pubkey(xi)) == NULL) { ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ctx->current_cert = xi; - ok = (*cb) (0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) goto end; } else if (X509_verify(xs, pkey) <= 0) { ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert = xs; - ok = (*cb) (0, ctx); + ok = ctx->verify_cb(0, ctx); if (!ok) { EVP_PKEY_free(pkey); goto end; @@ -1857,7 +1848,7 @@ static int internal_verify(X509_STORE_CTX *ctx) /* The last error (if any) is still in the error value */ ctx->current_issuer = xi; ctx->current_cert = xs; - ok = (*cb) (1, ctx); + ok = ctx->verify_cb(1, ctx); if (!ok) goto end;