Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions

They may fail if they cannot increment the reference count of the certificate they are storing a pointer for. They should return 0 if this occurs. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
author: Rob Percival <robpercival@google.com> 2016-08-15 14:47:02 +0100
committer: Rich Salz <rsalz@openssl.org> 2016-08-15 12:56:47 -0400
commit: 11c68ceaa6bd93f4c2de4ae34bb1852729447d45 (patch)
tree: ded9cefbc9fcba492dc90da87cd02882eab67cdf /crypto/ct
parent: a1bb7708cec057fe07d987398015c01e6090891f (diff)
1 files changed, 10 insertions, 6 deletions
diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
index 3c8411c0e4..8bc9133fbf 100644
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -35,16 +35,20 @@ void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
-void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
 {
-    if (X509_up_ref(cert))
-        ctx->cert = cert;
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;
 }
 
-void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
 {
-    if (X509_up_ref(issuer))
-        ctx->issuer = issuer;
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;
 }
 
 void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
author	Rob Percival <robpercival@google.com>	2016-08-15 14:47:02 +0100
committer	Rich Salz <rsalz@openssl.org>	2016-08-15 12:56:47 -0400
commit	11c68ceaa6bd93f4c2de4ae34bb1852729447d45 (patch)
tree	ded9cefbc9fcba492dc90da87cd02882eab67cdf /crypto/ct
parent	a1bb7708cec057fe07d987398015c01e6090891f (diff)