Restore OCSP_basic_verify() error return semantics

/* ====================================================================

 * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

    {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"},

    {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},

    {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},

    {ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"},

    {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),

     "private key does not match certificate"},

    {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"},

 * 2000.

 */

/* ====================================================================

 * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 2000-2016 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

    if (!ret) {

        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,

                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);

        goto err;

        goto end;

    }

    ctx = X509_STORE_CTX_new();

    if (ctx == NULL) {

        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);

        goto err;

        goto f_err;

    }

    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))

        flags |= OCSP_NOVERIFY;

    if (!(flags & OCSP_NOSIGS)) {

        EVP_PKEY *skey;

        skey = X509_get0_pubkey(signer);

        if (skey)

        if (skey == NULL) {

            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);

            goto err;

        }

        ret = OCSP_BASICRESP_verify(bs, skey, 0);

        if (!skey || ret <= 0) {

        if (ret <= 0) {

            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);

            goto err;

            goto end;

        }

    }

    if (!(flags & OCSP_NOVERIFY)) {

            for (i = 0; i < sk_X509_num(certs); i++) {

                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {

                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);

                    goto err;

                    goto f_err;

                }

            }

        } else {

        init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);

        if (!init_res) {

            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);

            goto err;

            goto f_err;

        }

        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);

                    OCSP_R_CERTIFICATE_VERIFY_ERROR);

            ERR_add_error_data(2, "Verify error:",

                               X509_verify_cert_error_string(i));

            goto err;

            goto end;

        }

        if (flags & OCSP_NOCHECKS) {

            ret = 1;

        }

        ret = 1;

    }

    goto end;

 err:

    ret = 0;

 end:

    X509_STORE_CTX_free(ctx);

    sk_X509_pop_free(chain, X509_free);

    if (bs->certs && certs)

        sk_X509_free(untrusted);

    return ret;

    goto end;

 err:

    ret = 0;

    goto end;

 f_err:

    ret = -1;

    goto end;

}

static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,

# define OCSP_R_NO_PUBLIC_KEY                             107

# define OCSP_R_NO_RESPONSE_DATA                          108

# define OCSP_R_NO_REVOKED_TIME                           109

# define OCSP_R_NO_SIGNER_KEY                             130

# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110

# define OCSP_R_REQUEST_NOT_SIGNED                        128

# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111