From: Dr. Stephen Henson Date: Wed, 26 Dec 2012 16:04:03 +0000 (+0000) Subject: New function X509_chain_up_ref to dup and up the reference count of X-Git-Tag: OpenSSL_1_0_2-beta1~502 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8d2dbe6ac077279e6a957356245d6bd138e03705;p=oweals%2Fopenssl.git New function X509_chain_up_ref to dup and up the reference count of a STACK_OF(X509): replace equivalent functionality in several places by the equivalent call. (backport from HEAD) --- diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index b0f023c9d2..df09e17834 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -233,7 +233,6 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) { - int i; if (ctx->certs) { @@ -241,16 +240,11 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) ctx->certs = NULL; } if (!certs) return 1; - if (!(ctx->certs = sk_X509_dup(certs))) + if (!(ctx->certs = X509_chain_up_ref(certs))) { TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); return 0; } - for (i = 0; i < sk_X509_num(ctx->certs); ++i) - { - X509 *cert = sk_X509_value(ctx->certs, i); - CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509); - } return 1; } diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 4f18a1bcdd..7b294b1d5e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -310,6 +310,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) return x->cert_info->key->public_key; } + int X509_check_private_key(X509 *x, EVP_PKEY *k) { EVP_PKEY *xk; @@ -464,4 +465,19 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); return check_suite_b(pk, sign_nid, &flags); } - +/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference + * count but it has the same effect by duping the STACK and upping the ref + * of each X509 structure. + */ +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) + { + STACK_OF(X509) *ret; + int i; + ret = sk_X509_dup(chain); + for (i = 0; i < sk_X509_num(ret); i++) + { + X509 *x = sk_X509_value(ret, i); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } + return ret; + } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index eb41cfda93..470ac17098 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -321,18 +321,12 @@ CERT *ssl_cert_dup(CERT *cert) if (cpk->chain) { - int j; - rpk->chain = sk_X509_dup(cpk->chain); + rpk->chain = X509_chain_up_ref(cpk->chain); if (!rpk->chain) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); goto err; } - for (j = 0; j < sk_X509_num(rpk->chain); j++) - { - X509 *x = sk_X509_value(rpk->chain, j); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } } rpk->valid_flags = 0; if (cert->pkeys[i].authz != NULL) @@ -562,18 +556,11 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain) { STACK_OF(X509) *dchain; - X509 *x; - int i; if (!chain) return ssl_cert_set0_chain(c, NULL); - dchain = sk_X509_dup(chain); + dchain = X509_chain_up_ref(chain); if (!dchain) return 0; - for (i = 0; i < sk_X509_num(dchain); i++) - { - x = sk_X509_value(dchain, i); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } if (!ssl_cert_set0_chain(c, dchain)) { sk_X509_pop_free(dchain, X509_free);