Rename Suite B functions for consistency.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 3 Aug 2012 15:58:15 +0000 (15:58 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 3 Aug 2012 15:58:15 +0000 (15:58 +0000)
New function X509_chain_up_ref to dup and up the reference count of
a STACK_OF(X509): replace equivalent functionality in several places
by the equivalent call.

crypto/ts/ts_rsp_sign.c
crypto/x509/x509.h
crypto/x509/x509_cmp.c
crypto/x509/x509_vfy.c
ssl/ssl_cert.c

index b0f023c..df09e17 100644 (file)
@@ -233,7 +233,6 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
 
 int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
        {
-       int i;
 
        if (ctx->certs)
                {
@@ -241,16 +240,11 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
                ctx->certs = NULL;
                }
        if (!certs) return 1;
-       if (!(ctx->certs = sk_X509_dup(certs))) 
+       if (!(ctx->certs = X509_chain_up_ref(certs))) 
                {
                TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
                return 0;
                }
-       for (i = 0; i < sk_X509_num(ctx->certs); ++i)
-               {
-               X509 *cert = sk_X509_value(ctx->certs, i);
-               CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
-               }
 
        return 1;
        }
index 88e5b4a..078ced8 100644 (file)
@@ -966,11 +966,12 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
 int            X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
 
 int            X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-int            X509_check_suiteb_chain(int *perror_depth,
+int            X509_chain_check_suiteb(int *perror_depth,
                                                X509 *x, STACK_OF(X509) *chain,
                                                unsigned long flags);
-int            X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk,
+int            X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,
                                                unsigned long flags);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 int            X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
 unsigned long  X509_issuer_and_serial_hash(X509 *a);
index 74e076c..7b294b1 100644 (file)
@@ -310,6 +310,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
        return x->cert_info->key->public_key;
        }
 
+
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
        {
        EVP_PKEY *xk;
@@ -383,7 +384,7 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
        return X509_V_OK;
        }
 
-int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
                                                        unsigned long flags)
        {
        int rv, i, sign_nid;
@@ -456,7 +457,7 @@ int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
        return rv;
        }
 
-int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
        {
        int sign_nid;
        if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
@@ -464,4 +465,19 @@ int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
        sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
        return check_suite_b(pk, sign_nid, &flags);
        }
-
+/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref
+ * of each X509 structure.
+ */
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+       {
+       STACK_OF(X509) *ret;
+       int i;
+       ret = sk_X509_dup(chain);
+       for (i = 0; i < sk_X509_num(ret); i++)
+               {
+               X509 *x = sk_X509_value(ret, i);
+               CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+               }
+       return ret;
+       }
index 508e4bd..a4e31f7 100644 (file)
@@ -387,7 +387,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        ok = ctx->check_revocation(ctx);
        if(!ok) goto end;
 
-       i = X509_check_suiteb_chain(&ctx->error_depth, NULL, ctx->chain,
+       i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
                                                        ctx->param->flags);
        if (i != X509_V_OK)
                {
@@ -1486,7 +1486,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
                else
                        {
                        int rv;
-                       rv = X509_check_suiteb_crl(crl, ikey, ctx->param->flags);
+                       rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
                        if (rv != X509_V_OK)
                                {
                                ctx->error=rv;
@@ -1934,16 +1934,9 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
 
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
        {
-       int i;
-       X509 *x;
-       STACK_OF(X509) *chain;
-       if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
-       for (i = 0; i < sk_X509_num(chain); i++)
-               {
-               x = sk_X509_value(chain, i);
-               CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-               }
-       return chain;
+       if (!ctx->chain)
+               return NULL;
+       return X509_chain_up_ref(ctx->chain);
        }
 
 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
index eb41cfd..470ac17 100644 (file)
@@ -321,18 +321,12 @@ CERT *ssl_cert_dup(CERT *cert)
 
                if (cpk->chain)
                        {
-                       int j;
-                       rpk->chain = sk_X509_dup(cpk->chain);
+                       rpk->chain = X509_chain_up_ref(cpk->chain);
                        if (!rpk->chain)
                                {
                                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
-                       for (j = 0; j < sk_X509_num(rpk->chain); j++)
-                               {
-                               X509 *x = sk_X509_value(rpk->chain, j);
-                               CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-                               }
                        }
                rpk->valid_flags = 0;
                 if (cert->pkeys[i].authz != NULL)
@@ -562,18 +556,11 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain)
 int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain)
        {
        STACK_OF(X509) *dchain;
-       X509 *x;
-       int i;
        if (!chain)
                return ssl_cert_set0_chain(c, NULL);
-       dchain = sk_X509_dup(chain);
+       dchain = X509_chain_up_ref(chain);
        if (!dchain)
                return 0;
-       for (i = 0; i < sk_X509_num(dchain); i++)
-               {
-               x = sk_X509_value(dchain, i);
-               CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-               }
        if (!ssl_cert_set0_chain(c, dchain))
                {
                sk_X509_pop_free(dchain, X509_free);