diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-08-03 15:58:15 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-08-03 15:58:15 +0000 |
| commit | 3b0648ebc9fb2f27ccd0cb61f290911bbf0f482a (patch) | |
| tree | 4293cef6c2722e01c851d3bb521ed61b2b28abe5 /crypto/x509 | |
| parent | 3ad344a5171c55511adddb96c805e037f2c061be (diff) | |
Rename Suite B functions for consistency.
New function X509_chain_up_ref to dup and up the reference count of
a STACK_OF(X509): replace equivalent functionality in several places
by the equivalent call.
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509.h | 5 | ||||
| -rw-r--r-- | crypto/x509/x509_cmp.c | 22 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 17 |
3 files changed, 27 insertions, 17 deletions
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 88e5b4a475..078ced8b4c 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -966,11 +966,12 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); -int X509_check_suiteb_chain(int *perror_depth, +int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags); -int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 74e076c7ba..7b294b1d5e 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -310,6 +310,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) return x->cert_info->key->public_key; } + int X509_check_private_key(X509 *x, EVP_PKEY *k) { EVP_PKEY *xk; @@ -383,7 +384,7 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) return X509_V_OK; } -int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain, +int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags) { int rv, i, sign_nid; @@ -456,7 +457,7 @@ int X509_check_suiteb_chain(int *perror_depth, X509 *x, STACK_OF(X509) *chain, return rv; } -int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) +int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) { int sign_nid; if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) @@ -464,4 +465,19 @@ int X509_check_suiteb_crl(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); return check_suite_b(pk, sign_nid, &flags); } - +/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference + * count but it has the same effect by duping the STACK and upping the ref + * of each X509 structure. + */ +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) + { + STACK_OF(X509) *ret; + int i; + ret = sk_X509_dup(chain); + for (i = 0; i < sk_X509_num(ret); i++) + { + X509 *x = sk_X509_value(ret, i); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } + return ret; + } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 508e4bd79e..a4e31f71e7 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -387,7 +387,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->check_revocation(ctx); if(!ok) goto end; - i = X509_check_suiteb_chain(&ctx->error_depth, NULL, ctx->chain, + i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, ctx->param->flags); if (i != X509_V_OK) { @@ -1486,7 +1486,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) else { int rv; - rv = X509_check_suiteb_crl(crl, ikey, ctx->param->flags); + rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); if (rv != X509_V_OK) { ctx->error=rv; @@ -1934,16 +1934,9 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) { - int i; - X509 *x; - STACK_OF(X509) *chain; - if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; - for (i = 0; i < sk_X509_num(chain); i++) - { - x = sk_X509_value(chain, i); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } - return chain; + if (!ctx->chain) + return NULL; + return X509_chain_up_ref(ctx->chain); } X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) |