int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
- int i;
if (ctx->certs)
{
ctx->certs = NULL;
}
if (!certs) return 1;
- if (!(ctx->certs = sk_X509_dup(certs)))
+ if (!(ctx->certs = X509_chain_up_ref(certs)))
{
TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
return 0;
}
- for (i = 0; i < sk_X509_num(ctx->certs); ++i)
- {
- X509 *cert = sk_X509_value(ctx->certs, i);
- CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
- }
return 1;
}
int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-int X509_check_suiteb_chain(int *perror_depth,
+int X509_chain_check_suiteb(int *perror_depth,
X509 *x, STACK_OF(X509) *chain,
unsigned long flags);
-int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk,
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,
unsigned long flags);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
unsigned long X509_issuer_and_serial_hash(X509 *a);
return x->cert_info->key->public_key;
}
+
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk;
return X509_V_OK;
}
-int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
unsigned long flags)
{
int rv, i, sign_nid;
return rv;
}
-int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
{
int sign_nid;
if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
return check_suite_b(pk, sign_nid, &flags);
}
-
+/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref
+ * of each X509 structure.
+ */
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+ {
+ STACK_OF(X509) *ret;
+ int i;
+ ret = sk_X509_dup(chain);
+ for (i = 0; i < sk_X509_num(ret); i++)
+ {
+ X509 *x = sk_X509_value(ret, i);
+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ }
+ return ret;
+ }
ok = ctx->check_revocation(ctx);
if(!ok) goto end;
- i = X509_check_suiteb_chain(&ctx->error_depth, NULL, ctx->chain,
+ i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
ctx->param->flags);
if (i != X509_V_OK)
{
else
{
int rv;
- rv = X509_check_suiteb_crl(crl, ikey, ctx->param->flags);
+ rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
if (rv != X509_V_OK)
{
ctx->error=rv;
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
{
- int i;
- X509 *x;
- STACK_OF(X509) *chain;
- if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
- for (i = 0; i < sk_X509_num(chain); i++)
- {
- x = sk_X509_value(chain, i);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
- return chain;
+ if (!ctx->chain)
+ return NULL;
+ return X509_chain_up_ref(ctx->chain);
}
X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
if (cpk->chain)
{
- int j;
- rpk->chain = sk_X509_dup(cpk->chain);
+ rpk->chain = X509_chain_up_ref(cpk->chain);
if (!rpk->chain)
{
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
goto err;
}
- for (j = 0; j < sk_X509_num(rpk->chain); j++)
- {
- X509 *x = sk_X509_value(rpk->chain, j);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
}
rpk->valid_flags = 0;
if (cert->pkeys[i].authz != NULL)
int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain)
{
STACK_OF(X509) *dchain;
- X509 *x;
- int i;
if (!chain)
return ssl_cert_set0_chain(c, NULL);
- dchain = sk_X509_dup(chain);
+ dchain = X509_chain_up_ref(chain);
if (!dchain)
return 0;
- for (i = 0; i < sk_X509_num(dchain); i++)
- {
- x = sk_X509_value(dchain, i);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
if (!ssl_cert_set0_chain(c, dchain))
{
sk_X509_pop_free(dchain, X509_free);
projects / oweals / openssl.git / commitdiff