diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-12-18 16:15:49 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-12-21 12:11:49 +0100 |
commit | 79b2a2f2eedb9d6b24a3f6748332328cf54568fb (patch) | |
tree | 31d61a9636cccc6a378871407b11fc1fc89aa8c6 | |
parent | 0d4c52320d245be80bd69346fdda4b12b4961eae (diff) |
add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
52 files changed, 125 insertions, 111 deletions
@@ -1325,7 +1325,7 @@ end_of_options: BIO_free_all(Sout); BIO_free_all(out); BIO_free_all(in); - sk_X509_pop_free(cert_sk, X509_free); + OSSL_STACK_OF_X509_free(cert_sk); cleanse(passin); if (free_passin) diff --git a/apps/cmp.c b/apps/cmp.c index f994b83b18..0f810129b3 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -933,7 +933,7 @@ static int setup_certs(char *files, const char *desc, void *ctx, if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL) return 0; ok = (*set1_fn)(ctx, certs); - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); return ok; } @@ -1262,7 +1262,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) { CMP_err1("unable to use client TLS certificate file '%s'", opt_tls_cert); - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); goto err; } for (i = 0; i < sk_X509_num(untrusted); i++) { @@ -1441,7 +1441,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs); } X509_STORE_free(own_trusted); - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); if (!ok) return 0; } else if (opt_own_trusted != NULL) { @@ -2020,7 +2020,7 @@ static int save_free_certs(OSSL_CMP_CTX *ctx, end: BIO_free(bio); - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); return n; } diff --git a/apps/cms.c b/apps/cms.c index 18671fdc30..b49d1e3a68 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -909,7 +909,7 @@ int cms_main(int argc, char **argv) ret = 5; goto end; } - sk_X509_pop_free(allcerts, X509_free); + OSSL_STACK_OF_X509_free(allcerts); } } @@ -1237,8 +1237,8 @@ int cms_main(int argc, char **argv) end: if (ret) ERR_print_errors(bio_err); - sk_X509_pop_free(encerts, X509_free); - sk_X509_pop_free(other, X509_free); + OSSL_STACK_OF_X509_free(encerts); + OSSL_STACK_OF_X509_free(other); X509_VERIFY_PARAM_free(vpm); sk_OPENSSL_STRING_free(sksigners); sk_OPENSSL_STRING_free(skkeys); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6f697ab481..88c4f7b97a 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -696,7 +696,7 @@ int load_cert_certs(const char *uri, warn_cert(uri, *pcert, 0, vpm); warn_certs(uri, *pcerts, 1, vpm); } else { - sk_X509_pop_free(*pcerts, X509_free); + OSSL_STACK_OF_X509_free(*pcerts); *pcerts = NULL; } return ret; @@ -721,7 +721,7 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, if (!X509_add_certs(result, certs, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto oom; - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); certs = NULL; files = next; } @@ -730,8 +730,8 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, oom: BIO_printf(bio_err, "out of memory\n"); err: - sk_X509_pop_free(certs, X509_free); - sk_X509_pop_free(result, X509_free); + OSSL_STACK_OF_X509_free(certs); + OSSL_STACK_OF_X509_free(result); return NULL; } @@ -772,7 +772,7 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc, return NULL; } ok = (store = sk_X509_to_store(store, certs)) != NULL; - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); certs = NULL; if (!ok) return NULL; @@ -794,7 +794,7 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, NULL, NULL, certs, NULL, NULL); if (!ret && was_NULL) { - sk_X509_pop_free(*certs, X509_free); + OSSL_STACK_OF_X509_free(*certs); *certs = NULL; } return ret; diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c index 419b74ce6a..5cd2b23737 100644 --- a/apps/lib/cmp_mock_srv.c +++ b/apps/lib/cmp_mock_srv.c @@ -38,8 +38,8 @@ static void mock_srv_ctx_free(mock_srv_ctx *ctx) OSSL_CMP_PKISI_free(ctx->statusOut); X509_free(ctx->certOut); - sk_X509_pop_free(ctx->chainOut, X509_free); - sk_X509_pop_free(ctx->caPubsOut, X509_free); + OSSL_STACK_OF_X509_free(ctx->chainOut); + OSSL_STACK_OF_X509_free(ctx->caPubsOut); OSSL_CMP_MSG_free(ctx->certReq); OPENSSL_free(ctx); } @@ -91,7 +91,7 @@ int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, } if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL) return 0; - sk_X509_pop_free(ctx->chainOut, X509_free); + OSSL_STACK_OF_X509_free(ctx->chainOut); ctx->chainOut = chain_copy; return 1; } @@ -108,7 +108,7 @@ int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx, } if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL) return 0; - sk_X509_pop_free(ctx->caPubsOut, X509_free); + OSSL_STACK_OF_X509_free(ctx->caPubsOut); ctx->caPubsOut = caPubs_copy; return 1; } @@ -252,9 +252,9 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, err: X509_free(*certOut); *certOut = NULL; - sk_X509_pop_free(*chainOut, X509_free); + OSSL_STACK_OF_X509_free(*chainOut); *chainOut = NULL; - sk_X509_pop_free(*caPubs, X509_free); + OSSL_STACK_OF_X509_free(*caPubs); *caPubs = NULL; return NULL; } diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 50bf00f671..77ddbc9d7b 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -992,7 +992,7 @@ void ssl_excert_free(SSL_EXCERT *exc) while (exc) { X509_free(exc->cert); EVP_PKEY_free(exc->key); - sk_X509_pop_free(exc->chain, X509_free); + OSSL_STACK_OF_X509_free(exc->chain); curr = exc; exc = exc->next; OPENSSL_free(curr); diff --git a/apps/ocsp.c b/apps/ocsp.c index b0d030a940..d8e45ccd43 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -855,9 +855,9 @@ redo_accept: EVP_MD_free(rsign_md); EVP_MD_free(resp_certid_md); X509_free(cert); - sk_X509_pop_free(issuers, X509_free); + OSSL_STACK_OF_X509_free(issuers); X509_free(rsigner); - sk_X509_pop_free(rca_cert, X509_free); + OSSL_STACK_OF_X509_free(rca_cert); free_index(rdb); BIO_free_all(cbio); BIO_free_all(acbio); @@ -867,8 +867,8 @@ redo_accept: OCSP_BASICRESP_free(bs); sk_OPENSSL_STRING_free(reqnames); sk_OCSP_CERTID_free(ids); - sk_X509_pop_free(sign_other, X509_free); - sk_X509_pop_free(verify_other, X509_free); + OSSL_STACK_OF_X509_free(sign_other); + OSSL_STACK_OF_X509_free(verify_other); sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); OPENSSL_free(thost); OPENSSL_free(tport); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 65dcdad38a..44b53b0b54 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -610,7 +610,7 @@ int pkcs12_main(int argc, char **argv) /* Add the remaining certs (except for duplicates) */ add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP); - sk_X509_pop_free(chain2, X509_free); + OSSL_STACK_OF_X509_free(chain2); if (!add_certs) goto export_end; } else { @@ -697,8 +697,8 @@ int pkcs12_main(int argc, char **argv) EVP_PKEY_free(key); EVP_MD_free(macmd); - sk_X509_pop_free(certs, X509_free); - sk_X509_pop_free(untrusted_certs, X509_free); + OSSL_STACK_OF_X509_free(certs); + OSSL_STACK_OF_X509_free(untrusted_certs); X509_free(ee_cert); ERR_print_errors(bio_err); diff --git a/apps/s_client.c b/apps/s_client.c index b905fbd3ec..cdff15a1b6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -3048,7 +3048,7 @@ int s_client_main(int argc, char **argv) X509_free(cert); sk_X509_CRL_pop_free(crls, X509_CRL_free); EVP_PKEY_free(key); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); OPENSSL_free(pass); #ifndef OPENSSL_NO_SRP OPENSSL_free(srp_arg.srppassin); diff --git a/apps/s_server.c b/apps/s_server.c index e0a52287ee..9f05cb120a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2240,8 +2240,8 @@ int s_server_main(int argc, char *argv[]) X509_free(s_dcert); EVP_PKEY_free(s_key); EVP_PKEY_free(s_dkey); - sk_X509_pop_free(s_chain, X509_free); - sk_X509_pop_free(s_dchain, X509_free); + OSSL_STACK_OF_X509_free(s_chain); + OSSL_STACK_OF_X509_free(s_dchain); OPENSSL_free(pass); OPENSSL_free(dpass); OPENSSL_free(host); diff --git a/apps/smime.c b/apps/smime.c index 6cf6ab3a45..9677f056ed 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -651,8 +651,8 @@ int smime_main(int argc, char **argv) end: if (ret) ERR_print_errors(bio_err); - sk_X509_pop_free(encerts, X509_free); - sk_X509_pop_free(other, X509_free); + OSSL_STACK_OF_X509_free(encerts); + OSSL_STACK_OF_X509_free(other); X509_VERIFY_PARAM_free(vpm); sk_OPENSSL_STRING_free(sksigners); sk_OPENSSL_STRING_free(skkeys); diff --git a/apps/verify.c b/apps/verify.c index acf80c65c4..24bbebf3f3 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -234,8 +234,8 @@ int verify_main(int argc, char **argv) end: X509_VERIFY_PARAM_free(vpm); X509_STORE_free(store); - sk_X509_pop_free(untrusted, X509_free); - sk_X509_pop_free(trusted, X509_free); + OSSL_STACK_OF_X509_free(untrusted); + OSSL_STACK_OF_X509_free(trusted); sk_X509_CRL_pop_free(crls, X509_CRL_free); sk_OPENSSL_STRING_free(vfyopts); release_engine(e); @@ -307,7 +307,7 @@ static int check(X509_STORE *ctx, const char *file, BIO_printf(bio_out, " (untrusted)"); BIO_printf(bio_out, "\n"); } - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); } } else { BIO_printf(bio_err, diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index c7674ce088..4a7a87ff74 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -514,7 +514,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, "success building approximate chain for newly enrolled cert"); } (void)ossl_cmp_ctx_set1_newChain(ctx, chain); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); return fail_info; } diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 8b53a8a237..75418a60b8 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -61,9 +61,6 @@ DEFINE_OSSL_set0_NAME(OSSL_CMP_CTX, trustedStore, trusted, X509_STORE) /* Get current list of non-trusted intermediate certs */ DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509)) -#define X509_STACK_free(certs) \ - sk_X509_pop_free(certs, X509_free) - /* * Set untrusted certificates for path construction in authentication of * the CMP server and potentially others (TLS server, newly enrolled cert). @@ -79,11 +76,11 @@ int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) if (!ossl_x509_add_certs_new(&untrusted, certs, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto err; - X509_STACK_free(ctx->untrusted); + OSSL_STACK_OF_X509_free(ctx->untrusted); ctx->untrusted = untrusted; return 1; err: - X509_STACK_free(untrusted); + OSSL_STACK_OF_X509_free(untrusted); return 0; } @@ -202,10 +199,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) X509_free(ctx->validatedSrvCert); X509_NAME_free(ctx->expected_sender); X509_STORE_free(ctx->trusted); - X509_STACK_free(ctx->untrusted); + OSSL_STACK_OF_X509_free(ctx->untrusted); X509_free(ctx->cert); - X509_STACK_free(ctx->chain); + OSSL_STACK_OF_X509_free(ctx->chain); EVP_PKEY_free(ctx->pkey); ASN1_OCTET_STRING_free(ctx->referenceValue); if (ctx->secretValue != NULL) @@ -219,7 +216,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) ASN1_OCTET_STRING_free(ctx->senderNonce); ASN1_OCTET_STRING_free(ctx->recipNonce); OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs); - X509_STACK_free(ctx->extraCertsOut); + OSSL_STACK_OF_X509_free(ctx->extraCertsOut); EVP_PKEY_free(ctx->newPkey); X509_NAME_free(ctx->issuer); @@ -234,9 +231,9 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) OSSL_CMP_PKIFREETEXT_free(ctx->statusString); X509_free(ctx->newCert); - X509_STACK_free(ctx->newChain); - X509_STACK_free(ctx->caPubs); - X509_STACK_free(ctx->extraCertsIn); + OSSL_STACK_OF_X509_free(ctx->newChain); + OSSL_STACK_OF_X509_free(ctx->caPubs); + OSSL_STACK_OF_X509_free(ctx->extraCertsIn); OPENSSL_free(ctx); } @@ -469,7 +466,7 @@ int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) \ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ return 0; \ } \ - X509_STACK_free(ctx->FIELD); \ + OSSL_STACK_OF_X509_free(ctx->FIELD); \ ctx->FIELD = NULL; \ return certs == NULL || (ctx->FIELD = X509_chain_up_ref(certs)) != NULL; \ } diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index c32737d0e3..bf5c5fdb57 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -234,8 +234,8 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, err: OSSL_CMP_PKISI_free(si); X509_free(certOut); - sk_X509_pop_free(chainOut, X509_free); - sk_X509_pop_free(caPubs, X509_free); + OSSL_STACK_OF_X509_free(chainOut); + OSSL_STACK_OF_X509_free(caPubs); return msg; } diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index bea7e506b6..e5ca1083d7 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -432,7 +432,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, : "certs in trusted store", msg->extraCerts, ctx->untrusted, msg, mode_3gpp); - sk_X509_pop_free(trusted, X509_free); + OSSL_STACK_OF_X509_free(trusted); } return ret; } diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 4ad9302910..0b25bc234e 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -634,7 +634,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) if (cch->type == 0) { if (!ossl_x509_add_cert_new(&certs, cch->d.certificate, X509_ADD_FLAG_UP_REF)) { - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); return NULL; } } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 4e80a13b4d..b82eee32cb 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -478,10 +478,10 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, err2: if (si_chains != NULL) { for (i = 0; i < scount; ++i) - sk_X509_pop_free(si_chains[i], X509_free); + OSSL_STACK_OF_X509_free(si_chains[i]); OPENSSL_free(si_chains); } - sk_X509_pop_free(cms_certs, X509_free); + OSSL_STACK_OF_X509_free(cms_certs); sk_X509_CRL_pop_free(crls, X509_CRL_free); return ret; diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 7a4a45d537..ceefafc2a6 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -153,7 +153,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } end: - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); sk_X509_free(untrusted); return ret; } diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 229b34cf64..ed1105cee4 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -125,7 +125,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, *cert = NULL; } X509_free(x); - sk_X509_pop_free(ocerts, X509_free); + OSSL_STACK_OF_X509_free(ocerts); return 0; } diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 3a0dc9dfba..3f21c904f4 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -603,7 +603,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, } EVP_PKEY_free(pkey); X509_free(cert); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); OSSL_STORE_INFO_free(osi_pkey); OSSL_STORE_INFO_free(osi_cert); OSSL_STORE_INFO_free(osi_ca); diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index fd2ad90754..c415839995 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -78,7 +78,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file) if (xi->x509 != NULL) { if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) { - sk_X509_pop_free(othercerts, X509_free); + OSSL_STACK_OF_X509_free(othercerts); othercerts = NULL; goto end; } @@ -233,7 +233,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, end: ret = 1; err: - sk_X509_pop_free(certs_obj, X509_free); + OSSL_STACK_OF_X509_free(certs_obj); return ret; } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 8937bb2d66..cf3e5443de 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -147,7 +147,7 @@ void TS_RESP_CTX_free(TS_RESP_CTX *ctx) OPENSSL_free(ctx->propq); X509_free(ctx->signer_cert); EVP_PKEY_free(ctx->signer_key); - sk_X509_pop_free(ctx->certs, X509_free); + OSSL_STACK_OF_X509_free(ctx->certs); sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); ASN1_OBJECT_free(ctx->default_policy); sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ @@ -197,7 +197,7 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy) int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) { - sk_X509_pop_free(ctx->certs, X509_free); + OSSL_STACK_OF_X509_free(ctx->certs); ctx->certs = NULL; return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 792a27ce57..410f688255 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -158,7 +158,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, err: BIO_free_all(p7bio); sk_X509_free(untrusted); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); sk_X509_free(signers); return ret; diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 2f6f00c0cc..127e35623e 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c< |