Skip to content

Commit 0adb6eb

Browse files
authored
Merge pull request #8748 from ColtonWilley/pkcs7_x509_store_update
Update PKCS7 to use X509 STORE for internal verification
2 parents 9d1bf83 + 9e7a4f6 commit 0adb6eb

File tree

2 files changed

+21
-6
lines changed

2 files changed

+21
-6
lines changed

src/ssl_p7p12.c

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -772,6 +772,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
772772
int contTypeLen;
773773
WOLFSSL_X509* signer = NULL;
774774
WOLFSSL_STACK* signers = NULL;
775+
X509_STORE_CTX* ctx = NULL;
776+
775777

776778
WOLFSSL_ENTER("wolfSSL_PKCS7_verify");
777779

@@ -804,24 +806,37 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
804806
return WOLFSSL_FAILURE;
805807
}
806808

809+
ctx = X509_STORE_CTX_new();
810+
if (ctx == NULL) {
811+
WOLFSSL_MSG("Error allocating X509 Store Context");
812+
return WOLFSSL_FAILURE;
813+
}
814+
807815
signers = wolfSSL_PKCS7_get0_signers(pkcs7, certs, flags);
808816
if (signers == NULL) {
809817
WOLFSSL_MSG("No signers found to verify");
818+
wolfSSL_X509_STORE_CTX_free(ctx);
810819
return WOLFSSL_FAILURE;
811820
}
821+
812822
for (i = 0; i < wolfSSL_sk_X509_num(signers); i++) {
813823
signer = wolfSSL_sk_X509_value(signers, i);
814-
815-
if (wolfSSL_CertManagerVerifyBuffer(store->cm,
816-
signer->derCert->buffer,
817-
signer->derCert->length,
818-
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
824+
if (wolfSSL_X509_STORE_CTX_init(ctx, store, signer, NULL)
825+
!= WOLFSSL_SUCCESS) {
826+
WOLFSSL_MSG("Failed to initialize X509 STORE CTX");
827+
wolfSSL_sk_X509_pop_free(signers, NULL);
828+
wolfSSL_X509_STORE_CTX_free(ctx);
829+
return WOLFSSL_FAILURE;
830+
}
831+
if (wolfSSL_X509_verify_cert(ctx) != WOLFSSL_SUCCESS) {
819832
WOLFSSL_MSG("Failed to verify signer certificate");
820833
wolfSSL_sk_X509_pop_free(signers, NULL);
834+
wolfSSL_X509_STORE_CTX_free(ctx);
821835
return WOLFSSL_FAILURE;
822836
}
823837
}
824838
wolfSSL_sk_X509_pop_free(signers, NULL);
839+
wolfSSL_X509_STORE_CTX_free(ctx);
825840
}
826841

827842
if (flags & PKCS7_TEXT) {

src/x509_str.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -405,7 +405,7 @@ static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to,
405405
}
406406

407407
/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
408-
* returns 0 on success or < 0 on failure.
408+
* returns 1 on success or <= 0 on failure.
409409
*/
410410
int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
411411
{

0 commit comments

Comments
 (0)