diff options
author | Rich Salz <rsalz@openssl.org> | 2016-04-14 23:59:26 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-04-15 13:21:43 -0400 |
commit | f0e0fd51fd8307f6eae64862ad9aaea113f1177a (patch) | |
tree | b00de87cb2fd4dc437de5994d3c8028dd9262460 /crypto/pkcs7 | |
parent | 34da11b39d2421f546ec568f355875eec353844c (diff) |
Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'crypto/pkcs7')
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 8027640de3..b146f68137 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -257,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, X509 *signer; STACK_OF(PKCS7_SIGNER_INFO) *sinfos; PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; + X509_STORE_CTX *cert_ctx = NULL; char *buf = NULL; int i, j = 0, k, ret = 0; BIO *p7bio = NULL; @@ -306,26 +306,28 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, /* Now verify the certificates */ + cert_ctx = X509_STORE_CTX_new(); + if (cert_ctx == NULL) + goto err; if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { signer = sk_X509_value(signers, k); if (!(flags & PKCS7_NOCHAIN)) { - if (!X509_STORE_CTX_init(&cert_ctx, store, signer, + if (!X509_STORE_CTX_init(cert_ctx, store, signer, p7->d.sign->cert)) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); goto err; } - X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); - } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { + X509_STORE_CTX_set_default(cert_ctx, "smime_sign"); + } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); goto err; } if (!(flags & PKCS7_NOCRL)) - X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); - i = X509_verify_cert(&cert_ctx); + X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl); + i = X509_verify_cert(cert_ctx); if (i <= 0) - j = X509_STORE_CTX_get_error(&cert_ctx); - X509_STORE_CTX_cleanup(&cert_ctx); + j = X509_STORE_CTX_get_error(cert_ctx); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CERTIFICATE_VERIFY_ERROR); @@ -404,6 +406,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ret = 1; err: + X509_STORE_CTX_free(cert_ctx); OPENSSL_free(buf); if (tmpin == indata) { if (indata) |