Commit 3b0648eb authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Rename Suite B functions for consistency. 

New function X509_chain_up_ref to dup and up the reference count of
a STACK_OF(X509): replace equivalent functionality in several places
by the equivalent call.
parent 3ad344a5

crypto/ts/ts_rsp_sign.c

+1 −7
Original line number Diff line number Diff line
@@ -233,7 +233,6 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) 


int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)

	{

	int i;



	if (ctx->certs)

		{
@@ -241,16 +240,11 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) 
		ctx->certs = NULL;

		}

	if (!certs) return 1;

	if (!(ctx->certs = sk_X509_dup(certs))) 

	if (!(ctx->certs = X509_chain_up_ref(certs))) 

		{

		TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);

		return 0;

		}

	for (i = 0; i < sk_X509_num(ctx->certs); ++i)

		{

		X509 *cert = sk_X509_value(ctx->certs, i);

		CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);

		}



	return 1;

	}

crypto/x509/x509.h

+3 −2
Original line number Diff line number Diff line
@@ -966,11 +966,12 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); 
int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);



int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);

int 		X509_check_suiteb_chain(int *perror_depth,

int 		X509_chain_check_suiteb(int *perror_depth,

						X509 *x, STACK_OF(X509) *chain,

						unsigned long flags);

int 		X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk,

int 		X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,

						unsigned long flags);

STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);



int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);

unsigned long	X509_issuer_and_serial_hash(X509 *a);

crypto/x509/x509_cmp.c

+19 −3
Original line number Diff line number Diff line
@@ -310,6 +310,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) 
	return x->cert_info->key->public_key;

	}





int X509_check_private_key(X509 *x, EVP_PKEY *k)

	{

	EVP_PKEY *xk;
@@ -383,7 +384,7 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) 
	return X509_V_OK;

	}



int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain,

int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,

							unsigned long flags)

	{

	int rv, i, sign_nid;
@@ -456,7 +457,7 @@ int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain, 
	return rv;

	}



int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)

int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)

	{

	int sign_nid;

	if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
@@ -464,4 +465,19 @@ int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) 
	sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);

	return check_suite_b(pk, sign_nid, &flags);

	}

/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference

 * count but it has the same effect by duping the STACK and upping the ref

 * of each X509 structure.

 */

STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)

	{

	STACK_OF(X509) *ret;

	int i;

	ret = sk_X509_dup(chain);

	for (i = 0; i < sk_X509_num(ret); i++)

		{

		X509 *x = sk_X509_value(ret, i);

		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

		}

	return ret;

	}

crypto/x509/x509_vfy.c

+5 −12
Original line number Diff line number Diff line
@@ -387,7 +387,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) 
	ok = ctx->check_revocation(ctx);

	if(!ok) goto end;



	i = X509_check_suiteb_chain(&ctx->error_depth, NULL, ctx->chain,

	i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,

							ctx->param->flags);

	if (i != X509_V_OK)

		{
@@ -1486,7 +1486,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 
		else

			{

			int rv;

			rv = X509_check_suiteb_crl(crl, ikey, ctx->param->flags);

			rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);

			if (rv != X509_V_OK)

				{

				ctx->error=rv;
@@ -1934,16 +1934,9 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 


STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)

	{

	int i;

	X509 *x;

	STACK_OF(X509) *chain;

	if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;

	for (i = 0; i < sk_X509_num(chain); i++)

		{

		x = sk_X509_value(chain, i);

		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

		}

	return chain;

	if (!ctx->chain)

		return NULL;

	return X509_chain_up_ref(ctx->chain);

	}



X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)

ssl/ssl_cert.c

+2 −15
Original line number Diff line number Diff line
@@ -321,18 +321,12 @@ CERT *ssl_cert_dup(CERT *cert) 


		if (cpk->chain)

			{

			int j;

			rpk->chain = sk_X509_dup(cpk->chain);

			rpk->chain = X509_chain_up_ref(cpk->chain);

			if (!rpk->chain)

				{

				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);

				goto err;

				}

			for (j = 0; j < sk_X509_num(rpk->chain); j++)

				{

				X509 *x = sk_X509_value(rpk->chain, j);

				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

				}

			}

		rpk->valid_flags = 0;

                if (cert->pkeys[i].authz != NULL)
@@ -562,18 +556,11 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain) 
int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain)

	{

	STACK_OF(X509) *dchain;

	X509 *x;

	int i;

	if (!chain)

		return ssl_cert_set0_chain(c, NULL);

	dchain = sk_X509_dup(chain);

	dchain = X509_chain_up_ref(chain);

	if (!dchain)

		return 0;

	for (i = 0; i < sk_X509_num(dchain); i++)

		{

		x = sk_X509_value(dchain, i);

		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);

		}

	if (!ssl_cert_set0_chain(c, dchain))

		{

		sk_X509_pop_free(dchain, X509_free);