diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-27 21:54:09 -0500 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-27 22:16:12 -0500 |
| commit | 109f8b5dec6aa3f46c1df79c8d5f8e8aba10474b (patch) | |
| tree | a3b829adb790d377a5fa820d7d1acc9510485168 | |
| parent | b4f35e5e07afa2df7125b814b45242648b33e39e (diff) | |
Comment side-effect only calls of X509_check_purpose
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rw-r--r-- | crypto/cms/cms_sd.c | 1 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_sign.c | 1 | ||||
| -rw-r--r-- | crypto/x509/x509_trs.c | 1 | ||||
| -rw-r--r-- | crypto/x509v3/pcy_tree.c | 1 | ||||
| -rw-r--r-- | crypto/x509v3/v3_purp.c | 5 |
5 files changed, 8 insertions, 1 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 444af0b08b..288db480ca 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -280,6 +280,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si = M_ASN1_new_of(CMS_SignerInfo); if (!si) goto merr; + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(signer, -1, -1); CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index e85c4b467d..0ad6f100d6 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -793,6 +793,7 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) GENERAL_NAME *name = NULL; unsigned char cert_sha1[SHA_DIGEST_LENGTH]; + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(cert, -1, 0); if ((cid = ESS_CERT_ID_new()) == NULL) goto err; diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 58e7d54339..72c8110313 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -283,6 +283,7 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) static int trust_compat(X509_TRUST *trust, X509 *x, int flags) { + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, 0); if (x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 6cf6f4e089..850d488460 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -186,7 +186,6 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, uint32_t ex_flags; x = sk_X509_value(certs, i); ex_flags = X509_get_extension_flags(x); - X509_check_purpose(x, -1, -1); cache = policy_cache_set(x); /* If cache NULL something bad happened: return immediately */ if (cache == NULL) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2d5a29fbc8..e5231b3231 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -132,6 +132,7 @@ int X509_check_purpose(X509 *x, int id, int ca) x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } + /* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -850,12 +851,14 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) uint32_t X509_get_extension_flags(X509 *x) { + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); return x->ex_flags; } uint32_t X509_get_key_usage(X509 *x) { + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); if (x->ex_flags & EXFLAG_KUSAGE) return x->ex_kusage; @@ -864,6 +867,7 @@ uint32_t X509_get_key_usage(X509 *x) uint32_t X509_get_extended_key_usage(X509 *x) { + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); if (x->ex_flags & EXFLAG_XKUSAGE) return x->ex_xkusage; @@ -872,6 +876,7 @@ uint32_t X509_get_extended_key_usage(X509 *x) const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) { + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(x, -1, -1); return x->skid; } |