GH784: Better variable name

[openssl.git] / crypto / x509 / x509_vpm.c

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 5d8c5f800a580a5c29b4acf7ab14440b76204cea..41b0fde4a55067ff2dbdf1390e015f48d97b79b1 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -1,4 +1,3 @@
-/* x509_vpm.c */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  * 2004.
@@ -83,7 +82,7 @@ static void str_free(char *s)
     OPENSSL_free(s);
 }
 
-static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
+static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
                                     const char *name, size_t namelen)
 {
     char *copy;
@@ -92,35 +91,35 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
      * Refuse names with embedded NUL bytes, except perhaps as final byte.
      * XXX: Do we need to push an error onto the error stack?
      */
-    if (namelen == 0)
+    if (namelen == 0 || name == NULL)
         namelen = name ? strlen(name) : 0;
     else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
         return 0;
-    if (name && name[namelen - 1] == '\0')
+    if (namelen > 0 && name[namelen - 1] == '\0')
         --namelen;
 
     if (mode == SET_HOST) {
-        sk_OPENSSL_STRING_pop_free(id->hosts, str_free);
-        id->hosts = NULL;
+        sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
+        vpm->hosts = NULL;
     }
     if (name == NULL || namelen == 0)
         return 1;
 
-    copy = BUF_strndup(name, namelen);
+    copy = OPENSSL_strndup(name, namelen);
     if (copy == NULL)
         return 0;
 
-    if (id->hosts == NULL &&
-        (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
+    if (vpm->hosts == NULL &&
+        (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
         OPENSSL_free(copy);
         return 0;
     }
 
-    if (!sk_OPENSSL_STRING_push(id->hosts, copy)) {
+    if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
         OPENSSL_free(copy);
-        if (sk_OPENSSL_STRING_num(id->hosts) == 0) {
-            sk_OPENSSL_STRING_free(id->hosts);
-            id->hosts = NULL;
+        if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
+            sk_OPENSSL_STRING_free(vpm->hosts);
+            vpm->hosts = NULL;
         }
         return 0;
     }
@@ -130,12 +129,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
 
 static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
 {
-    X509_VERIFY_PARAM_ID *paramid;
     if (!param)
         return;
     param->name = NULL;
     param->purpose = 0;
-    param->trust = 0;
+    param->trust = X509_TRUST_DEFAULT;
     /*
      * param->inh_flags = X509_VP_FLAG_DEFAULT;
      */
@@ -144,34 +142,25 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
     param->depth = -1;
     sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
     param->policies = NULL;
-    paramid = param->id;
-    sk_OPENSSL_STRING_pop_free(paramid->hosts, str_free);
-    paramid->hosts = NULL;
-    OPENSSL_free(paramid->peername);
-    OPENSSL_free(paramid->email);
-    paramid->email = NULL;
-    paramid->emaillen = 0;
-    OPENSSL_free(paramid->ip);
-    paramid->ip = NULL;
-    paramid->iplen = 0;
+    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
+    param->hosts = NULL;
+    OPENSSL_free(param->peername);
+    param->peername = NULL;
+    OPENSSL_free(param->email);
+    param->email = NULL;
+    param->emaillen = 0;
+    OPENSSL_free(param->ip);
+    param->ip = NULL;
+    param->iplen = 0;
 }
 
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 {
     X509_VERIFY_PARAM *param;
-    X509_VERIFY_PARAM_ID *paramid;
 
-    param = OPENSSL_malloc(sizeof(*param));
-    if (!param)
-        return NULL;
-    paramid = OPENSSL_malloc(sizeof(*paramid));
-    if (!paramid) {
-        OPENSSL_free(param);
+    param = OPENSSL_zalloc(sizeof(*param));
+    if (param == NULL)
         return NULL;
-    }
-    memset(param, 0, sizeof(*param));
-    memset(paramid, 0, sizeof(*paramid));
-    param->id = paramid;
     x509_verify_param_zero(param);
     return param;
 }
@@ -181,7 +170,6 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
     if (!param)
         return;
     x509_verify_param_zero(param);
-    OPENSSL_free(param->id);
     OPENSSL_free(param);
 }
 
@@ -223,11 +211,6 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
         (to_overwrite || \
                 ((src->field != def) && (to_default || (dest->field == def))))
 
-/* As above but for ID fields */
-
-#define test_x509_verify_param_copy_id(idf, def) \
-        test_x509_verify_param_copy(id->idf, def)
-
 /* Macro to test and copy a field if necessary */
 
 #define x509_verify_param_copy(field, def) \
@@ -239,10 +222,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 {
     unsigned long inh_flags;
     int to_default, to_overwrite;
-    X509_VERIFY_PARAM_ID *id;
     if (!src)
         return 1;
-    id = src->id;
     inh_flags = dest->inh_flags | src->inh_flags;
 
     if (inh_flags & X509_VP_FLAG_ONCE)
@@ -262,7 +243,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
         to_overwrite = 0;
 
     x509_verify_param_copy(purpose, 0);
-    x509_verify_param_copy(trust, 0);
+    x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
     x509_verify_param_copy(depth, -1);
 
     /* If overwrite or check time not set, copy across */
@@ -284,25 +265,25 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
     }
 
     /* Copy the host flags if and only if we're copying the host list */
-    if (test_x509_verify_param_copy_id(hosts, NULL)) {
-        sk_OPENSSL_STRING_pop_free(dest->id->hosts, str_free);
-        dest->id->hosts = NULL;
-        if (id->hosts) {
-            dest->id->hosts =
-                sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free);
-            if (dest->id->hosts == NULL)
+    if (test_x509_verify_param_copy(hosts, NULL)) {
+        sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
+        dest->hosts = NULL;
+        if (src->hosts) {
+            dest->hosts =
+                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
+            if (dest->hosts == NULL)
                 return 0;
-            dest->id->hostflags = id->hostflags;
+            dest->hostflags = src->hostflags;
         }
     }
 
-    if (test_x509_verify_param_copy_id(email, NULL)) {
-        if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen))
+    if (test_x509_verify_param_copy(email, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
             return 0;
     }
 
-    if (test_x509_verify_param_copy_id(ip, NULL)) {
-        if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen))
+    if (test_x509_verify_param_copy(ip, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
             return 0;
     }
 
@@ -326,10 +307,10 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
     void *tmp;
     if (src) {
         if (srclen == 0) {
-            tmp = BUF_strdup(src);
+            tmp = OPENSSL_strdup(src);
             srclen = strlen(src);
         } else
-            tmp = BUF_memdup(src, srclen);
+            tmp = OPENSSL_memdup(src, srclen);
         if (!tmp)
             return 0;
     } else {
@@ -346,7 +327,7 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
 {
     OPENSSL_free(param->name);
-    param->name = BUF_strdup(name);
+    param->name = OPENSSL_strdup(name);
     if (param->name)
         return 1;
     return 0;
@@ -442,30 +423,48 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
+    return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
 }
 
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
+    return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
 }
 
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                      unsigned int flags)
 {
-    param->id->hostflags = flags;
+    param->hostflags = flags;
 }
 
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
 {
-    return param->id->peername;
+    return param->peername;
+}
+
+/*
+ * Move peername from one param structure to another, freeing any name present
+ * at the target.  If the source is a NULL parameter structure, free and zero
+ * the target peername.
+ */
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
+                                     X509_VERIFY_PARAM *from)
+{
+    char *peername = (from != NULL) ? from->peername : NULL;
+
+    if (to->peername != peername) {
+        OPENSSL_free(to->peername);
+        to->peername = peername;
+    }
+    if (from)
+        from->peername = NULL;
 }
 
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
                                  const char *email, size_t emaillen)
 {
-    return int_x509_param_set1(&param->id->email, &param->id->emaillen,
+    return int_x509_param_set1(&param->email, &param->emaillen,
                                email, emaillen);
 }
 
@@ -474,7 +473,7 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 {
     if (iplen != 0 && iplen != 4 && iplen != 16)
         return 0;
-    return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
+    return int_x509_param_set1((char **)&param->ip, &param->iplen,
                                (char *)ip, iplen);
 }
 
@@ -499,9 +498,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
     return param->name;
 }
 
-static X509_VERIFY_PARAM_ID _empty_id = { NULL, 0U, NULL, NULL, 0, NULL, 0 };
-
-#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id
+#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
 
 /*
  * Default verify parameters: these are used for various applications and can
@@ -514,7 +511,7 @@ static const X509_VERIFY_PARAM default_table[] = {
      "default",                 /* X509 default parameters */
      0,                         /* Check time */
      0,                         /* internal flags */
-     0,                         /* flags */
+     X509_V_FLAG_TRUSTED_FIRST, /* flags */
      0,                         /* purpose */
      0,                         /* trust */
      100,                       /* depth */
@@ -582,9 +579,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
 {
     int idx;
     X509_VERIFY_PARAM *ptmp;
-    if (!param_table) {
+    if (param_table == NULL) {
         param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
-        if (!param_table)
+        if (param_table == NULL)
             return 0;
     } else {
         idx = sk_X509_VERIFY_PARAM_find(param_table, param);