Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack

This simplifies many usages Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14040)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-12-23 19:33:03 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-02-04 07:28:11 +0100
commit: d53b437f9992f974c1623e9b9b9bdf053aefbcc3 (patch)
tree: 12b15a5d0a6e885be5e9118c5b4542c6234039f0 /crypto/ocsp
parent: b91a13f429570512bfee290e8ec50096b0667e45 (diff)
1 files changed, 4 insertions, 6 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index f49f651007..56b9261640 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -113,10 +113,9 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
         goto end;
     if ((flags & OCSP_NOVERIFY) == 0) {
         ret = -1;
-        if ((flags & OCSP_NOCHAIN) != 0) {
-            untrusted = NULL;
-        } else if (bs->certs != NULL && certs != NULL) {
-            untrusted = sk_X509_dup(bs->certs);
+        if ((flags & OCSP_NOCHAIN) == 0) {
+            if ((untrusted = sk_X509_dup(bs->certs)) == NULL)
+                goto end;
             if (!X509_add_certs(untrusted, certs, X509_ADD_FLAG_DEFAULT))
                 goto end;
         } else if (certs != NULL) {
@@ -159,8 +158,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
 
  end:
     sk_X509_pop_free(chain, X509_free);
-    if (bs->certs && certs)
-        sk_X509_free(untrusted);
+    sk_X509_free(untrusted);
     return ret;
 }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-12-23 19:33:03 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-02-04 07:28:11 +0100
commit	d53b437f9992f974c1623e9b9b9bdf053aefbcc3 (patch)
tree	12b15a5d0a6e885be5e9118c5b4542c6234039f0 /crypto/ocsp
parent	b91a13f429570512bfee290e8ec50096b0667e45 (diff)