1 files changed, 5 insertions, 58 deletions

diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index b8b0076e03..5982035c45 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -46,67 +46,14 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
     return 1;
 }
 
-/*
-    First, get the ESS_SIGNING_CERT(V2) signed attribute from |si|.
-    Then check matching of each cert of trust |chain| with one of 
-    the |cert_ids|(Hash+IssuerID) list from this ESS_SIGNING_CERT.
-    Derived from ts_check_signing_certs()
-*/
-int ossl_ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain)
+int ossl_cms_check_signing_certs(const CMS_SignerInfo *si,
+                                 const STACK_OF(X509) *chain)
 {
     ESS_SIGNING_CERT *ss = NULL;
     ESS_SIGNING_CERT_V2 *ssv2 = NULL;
-    X509 *cert;
-    int i = 0, ret = 0;
-
-    if (ossl_cms_signerinfo_get_signing_cert(si, &ss) > 0
-            && ss->cert_ids != NULL) {
-        STACK_OF(ESS_CERT_ID) *cert_ids = ss->cert_ids;
-
-        cert = sk_X509_value(chain, 0);
-        if (ossl_ess_find_cert(cert_ids, cert) != 0)
-            goto err;
-
-        /*
-         * Check the other certificates of the chain.
-         * Fail if no signing certificate ids found for each certificate.
-         */
-        if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
-            /* for each chain cert, try to find its cert id */
-            for (i = 1; i < sk_X509_num(chain); ++i) {
-                cert = sk_X509_value(chain, i);
-                if (ossl_ess_find_cert(cert_ids, cert) < 0)
-                    goto err;
-            }
-        }
-    } else if (ossl_cms_signerinfo_get_signing_cert_v2(si, &ssv2) > 0
-                   && ssv2->cert_ids!= NULL) {
-        STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = ssv2->cert_ids;
-
-        cert = sk_X509_value(chain, 0);
-        if (ossl_ess_find_cert_v2(cert_ids_v2, cert) != 0)
-            goto err;
-
-        /*
-         * Check the other certificates of the chain.
-         * Fail if no signing certificate ids found for each certificate.
-         */
-        if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
-            /* for each chain cert, try to find its cert id */
-            for (i = 1; i < sk_X509_num(chain); ++i) {
-                cert = sk_X509_value(chain, i);
-                if (ossl_ess_find_cert_v2(cert_ids_v2, cert) < 0)
-                    goto err;
-            }
-        }
-    } else {
-        ERR_raise(ERR_LIB_CMS, CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE);
-        return 0;
-    }
-    ret = 1;
- err:
-    if (!ret)
-        ERR_raise(ERR_LIB_CMS, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR);
+    int ret = ossl_cms_signerinfo_get_signing_cert(si, &ss) >= 0
+        && ossl_cms_signerinfo_get_signing_cert_v2(si, &ssv2) >= 0
+        && ossl_ess_check_signing_certs(ss, ssv2, chain, 1);
 
     ESS_SIGNING_CERT_free(ss);
     ESS_SIGNING_CERT_V2_free(ssv2);