Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions

They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
index 3c8411c0e427348987674ff3ed3c2d2cd90db25e..8bc9133fbfa71ae6faf1033a98dcbf7c538ad2c6 100644 (file)
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -35,16 +35,20 @@ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
     OPENSSL_free(ctx);
 }
 

-void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)

 {
 {

-    if (X509_up_ref(cert))
-        ctx->cert = cert;
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;

 }
 
 }
 

-void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)

 {
 {

-    if (X509_up_ref(issuer))
-        ctx->issuer = issuer;
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;

 }
 
 void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
 }
 
 void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,

diff --git a/include/openssl/ct.h b/include/openssl/ct.h
index 52ea6a269ac835ea00f30557720d4bf5a3fcb39e..e753fc94b8ba403aa79ef4bc149a97bab73767d8 100644 (file)
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -70,14 +70,22 @@ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
 /* Gets the peer certificate that the SCTs are for */
 X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
 
 /* Gets the peer certificate that the SCTs are for */
 X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
 

-/* Sets the certificate associated with the received SCTs */
-void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+/*
+ * Sets the certificate associated with the received SCTs.
+ * Incremenets the reference count of cert.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);

 
 /* Gets the issuer of the aforementioned certificate */
 X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
 
 
 /* Gets the issuer of the aforementioned certificate */
 X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
 

-/* Sets the issuer of the certificate associated with the received SCTs */
-void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+/*
+ * Sets the issuer of the certificate associated with the received SCTs.
+ * Increments the reference count of issuer.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);

 
 /* Gets the CT logs that are trusted sources of SCTs */
 const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
 
 /* Gets the CT logs that are trusted sources of SCTs */
 const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);