From: Dr. Stephen Henson Date: Fri, 3 Aug 2012 15:58:15 +0000 (+0000) Subject: Rename Suite B functions for consistency. X-Git-Tag: master-post-reformat~1738 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=3b0648ebc9fb2f27ccd0cb61f290911bbf0f482a Rename Suite B functions for consistency. New function X509_chain_up_ref to dup and up the reference count of a STACK_OF(X509): replace equivalent functionality in several places by the equivalent call. --- diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index b0f023c9d2..df09e17834 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -233,7 +233,6 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) { - int i; if (ctx->certs) { @@ -241,16 +240,11 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) ctx->certs = NULL; } if (!certs) return 1; - if (!(ctx->certs = sk_X509_dup(certs))) + if (!(ctx->certs = X509_chain_up_ref(certs))) { TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); return 0; } - for (i = 0; i < sk_X509_num(ctx->certs); ++i) - { - X509 *cert = sk_X509_value(ctx->certs, i); - CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509); - } return 1; } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 88e5b4a475..078ced8b4c 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -966,11 +966,12 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); -int X509_check_suiteb_chain(int *perror_depth, +int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags); -int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 74e076c7ba..7b294b1d5e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -310,6 +310,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) return x->cert_info->key->public_key; } + int X509_check_private_key(X509 *x, EVP_PKEY *k) { EVP_PKEY *xk; @@ -383,7 +384,7 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) return X509_V_OK; } -int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain, +int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags) { int rv, i, sign_nid; @@ -456,7 +457,7 @@ int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain, return rv; } -int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) { int sign_nid; if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) @@ -464,4 +465,19 @@ int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); return check_suite_b(pk, sign_nid, &flags); } - +/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference + * count but it has the same effect by duping the STACK and upping the ref + * of each X509 structure. + */ +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) + { + STACK_OF(X509) *ret; + int i; + ret = sk_X509_dup(chain); + for (i = 0; i < sk_X509_num(ret); i++) + { + X509 *x = sk_X509_value(ret, i); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } + return ret; + } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 508e4bd79e..a4e31f71e7 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -387,7 +387,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->check_revocation(ctx); if(!ok) goto end; - i = X509_check_suiteb_chain(&ctx->error_depth, NULL, ctx->chain, + i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, ctx->param->flags); if (i != X509_V_OK) { @@ -1486,7 +1486,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) else { int rv; - rv = X509_check_suiteb_crl(crl, ikey, ctx->param->flags); + rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); if (rv != X509_V_OK) { ctx->error=rv; @@ -1934,16 +1934,9 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) { - int i; - X509 *x; - STACK_OF(X509) *chain; - if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; - for (i = 0; i < sk_X509_num(chain); i++) - { - x = sk_X509_value(chain, i); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } - return chain; + if (!ctx->chain) + return NULL; + return X509_chain_up_ref(ctx->chain); } X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index eb41cfda93..470ac17098 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -321,18 +321,12 @@ CERT *ssl_cert_dup(CERT *cert) if (cpk->chain) { - int j; - rpk->chain = sk_X509_dup(cpk->chain); + rpk->chain = X509_chain_up_ref(cpk->chain); if (!rpk->chain) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); goto err; } - for (j = 0; j < sk_X509_num(rpk->chain); j++) - { - X509 *x = sk_X509_value(rpk->chain, j); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } } rpk->valid_flags = 0; if (cert->pkeys[i].authz != NULL) @@ -562,18 +556,11 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) { STACK_OF(X509) *dchain; - X509 *x; - int i; if (!chain) return ssl_cert_set0_chain(c, NULL); - dchain = sk_X509_dup(chain); + dchain = X509_chain_up_ref(chain); if (!dchain) return 0; - for (i = 0; i < sk_X509_num(dchain); i++) - { - x = sk_X509_value(dchain, i); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } if (!ssl_cert_set0_chain(c, dchain)) { sk_X509_pop_free(dchain, X509_free);