diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-12-18 16:15:49 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-12-21 12:11:49 +0100 |
commit | 79b2a2f2eedb9d6b24a3f6748332328cf54568fb (patch) | |
tree | 31d61a9636cccc6a378871407b11fc1fc89aa8c6 /crypto | |
parent | 0d4c52320d245be80bd69346fdda4b12b4961eae (diff) |
add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cmp/cmp_client.c | 2 | ||||
-rw-r--r-- | crypto/cmp/cmp_ctx.c | 21 | ||||
-rw-r--r-- | crypto/cmp/cmp_server.c | 4 | ||||
-rw-r--r-- | crypto/cmp/cmp_vfy.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_lib.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_smime.c | 4 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 2 | ||||
-rw-r--r-- | crypto/pkcs12/p12_kiss.c | 2 | ||||
-rw-r--r-- | crypto/store/store_result.c | 2 | ||||
-rw-r--r-- | crypto/ts/ts_conf.c | 4 | ||||
-rw-r--r-- | crypto/ts/ts_rsp_sign.c | 4 | ||||
-rw-r--r-- | crypto/ts/ts_rsp_verify.c | 2 | ||||
-rw-r--r-- | crypto/ts/ts_verify_ctx.c | 2 | ||||
-rw-r--r-- | crypto/x509/t_x509.c | 7 | ||||
-rw-r--r-- | crypto/x509/x509_lu.c | 4 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 8 |
16 files changed, 37 insertions, 35 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index c7674ce088..4a7a87ff74 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -514,7 +514,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, "success building approximate chain for newly enrolled cert"); } (void)ossl_cmp_ctx_set1_newChain(ctx, chain); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); return fail_info; } diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 8b53a8a237..75418a60b8 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -61,9 +61,6 @@ DEFINE_OSSL_set0_NAME(OSSL_CMP_CTX, trustedStore, trusted, X509_STORE) /* Get current list of non-trusted intermediate certs */ DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509)) -#define X509_STACK_free(certs) \ - sk_X509_pop_free(certs, X509_free) - /* * Set untrusted certificates for path construction in authentication of * the CMP server and potentially others (TLS server, newly enrolled cert). @@ -79,11 +76,11 @@ int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) if (!ossl_x509_add_certs_new(&untrusted, certs, X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) goto err; - X509_STACK_free(ctx->untrusted); + OSSL_STACK_OF_X509_free(ctx->untrusted); ctx->untrusted = untrusted; return 1; err: - X509_STACK_free(untrusted); + OSSL_STACK_OF_X509_free(untrusted); return 0; } @@ -202,10 +199,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) X509_free(ctx->validatedSrvCert); X509_NAME_free(ctx->expected_sender); X509_STORE_free(ctx->trusted); - X509_STACK_free(ctx->untrusted); + OSSL_STACK_OF_X509_free(ctx->untrusted); X509_free(ctx->cert); - X509_STACK_free(ctx->chain); + OSSL_STACK_OF_X509_free(ctx->chain); EVP_PKEY_free(ctx->pkey); ASN1_OCTET_STRING_free(ctx->referenceValue); if (ctx->secretValue != NULL) @@ -219,7 +216,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) ASN1_OCTET_STRING_free(ctx->senderNonce); ASN1_OCTET_STRING_free(ctx->recipNonce); OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs); - X509_STACK_free(ctx->extraCertsOut); + OSSL_STACK_OF_X509_free(ctx->extraCertsOut); EVP_PKEY_free(ctx->newPkey); X509_NAME_free(ctx->issuer); @@ -234,9 +231,9 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) OSSL_CMP_PKIFREETEXT_free(ctx->statusString); X509_free(ctx->newCert); - X509_STACK_free(ctx->newChain); - X509_STACK_free(ctx->caPubs); - X509_STACK_free(ctx->extraCertsIn); + OSSL_STACK_OF_X509_free(ctx->newChain); + OSSL_STACK_OF_X509_free(ctx->caPubs); + OSSL_STACK_OF_X509_free(ctx->extraCertsIn); OPENSSL_free(ctx); } @@ -469,7 +466,7 @@ int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) \ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ return 0; \ } \ - X509_STACK_free(ctx->FIELD); \ + OSSL_STACK_OF_X509_free(ctx->FIELD); \ ctx->FIELD = NULL; \ return certs == NULL || (ctx->FIELD = X509_chain_up_ref(certs)) != NULL; \ } diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index c32737d0e3..bf5c5fdb57 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -234,8 +234,8 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, err: OSSL_CMP_PKISI_free(si); X509_free(certOut); - sk_X509_pop_free(chainOut, X509_free); - sk_X509_pop_free(caPubs, X509_free); + OSSL_STACK_OF_X509_free(chainOut); + OSSL_STACK_OF_X509_free(caPubs); return msg; } diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index bea7e506b6..e5ca1083d7 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -432,7 +432,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, : "certs in trusted store", msg->extraCerts, ctx->untrusted, msg, mode_3gpp); - sk_X509_pop_free(trusted, X509_free); + OSSL_STACK_OF_X509_free(trusted); } return ret; } diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 4ad9302910..0b25bc234e 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -634,7 +634,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) if (cch->type == 0) { if (!ossl_x509_add_cert_new(&certs, cch->d.certificate, X509_ADD_FLAG_UP_REF)) { - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); return NULL; } } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 4e80a13b4d..b82eee32cb 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -478,10 +478,10 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, err2: if (si_chains != NULL) { for (i = 0; i < scount; ++i) - sk_X509_pop_free(si_chains[i], X509_free); + OSSL_STACK_OF_X509_free(si_chains[i]); OPENSSL_free(si_chains); } - sk_X509_pop_free(cms_certs, X509_free); + OSSL_STACK_OF_X509_free(cms_certs); sk_X509_CRL_pop_free(crls, X509_CRL_free); return ret; diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 7a4a45d537..ceefafc2a6 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -153,7 +153,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } end: - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); sk_X509_free(untrusted); return ret; } diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 229b34cf64..ed1105cee4 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -125,7 +125,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, *cert = NULL; } X509_free(x); - sk_X509_pop_free(ocerts, X509_free); + OSSL_STACK_OF_X509_free(ocerts); return 0; } diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 3a0dc9dfba..3f21c904f4 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -603,7 +603,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, } EVP_PKEY_free(pkey); X509_free(cert); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); OSSL_STORE_INFO_free(osi_pkey); OSSL_STORE_INFO_free(osi_cert); OSSL_STORE_INFO_free(osi_ca); diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index fd2ad90754..c415839995 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -78,7 +78,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file) if (xi->x509 != NULL) { if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) { - sk_X509_pop_free(othercerts, X509_free); + OSSL_STACK_OF_X509_free(othercerts); othercerts = NULL; goto end; } @@ -233,7 +233,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, end: ret = 1; err: - sk_X509_pop_free(certs_obj, X509_free); + OSSL_STACK_OF_X509_free(certs_obj); return ret; } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 8937bb2d66..cf3e5443de 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -147,7 +147,7 @@ void TS_RESP_CTX_free(TS_RESP_CTX *ctx) OPENSSL_free(ctx->propq); X509_free(ctx->signer_cert); EVP_PKEY_free(ctx->signer_key); - sk_X509_pop_free(ctx->certs, X509_free); + OSSL_STACK_OF_X509_free(ctx->certs); sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); ASN1_OBJECT_free(ctx->default_policy); sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ @@ -197,7 +197,7 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy) int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) { - sk_X509_pop_free(ctx->certs, X509_free); + OSSL_STACK_OF_X509_free(ctx->certs); ctx->certs = NULL; return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 792a27ce57..410f688255 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -158,7 +158,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, err: BIO_free_all(p7bio); sk_X509_free(untrusted); - sk_X509_pop_free(chain, X509_free); + OSSL_STACK_OF_X509_free(chain); sk_X509_free(signers); return ret; diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 2f6f00c0cc..127e35623e 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -82,7 +82,7 @@ void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) return; X509_STORE_free(ctx->store); - sk_X509_pop_free(ctx->certs, X509_free); + OSSL_STACK_OF_X509_free(ctx->certs); ASN1_OBJECT_free(ctx->policy); diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 13ccb35508..3e022ccbcb 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -17,6 +17,11 @@ #include "crypto/asn1.h" #include "crypto/x509.h" +void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs) +{ + sk_X509_pop_free(certs, X509_free); +} + #ifndef OPENSSL_NO_STDIO int X509_print_fp(FILE *fp, X509 *x) { @@ -456,7 +461,7 @@ static int print_store_certs(BIO *bio, X509_STORE *store) STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store); int ret = print_certs(bio, certs); - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); return ret; } else { return BIO_printf(bio, " (no trusted store)\n") >= 0; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 3b76b92f71..34bc7417ac 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -567,7 +567,7 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store) err: X509_STORE_unlock(store); - sk_X509_pop_free(sk, X509_free); + OSSL_STACK_OF_X509_free(sk); return NULL; } @@ -615,7 +615,7 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, x = obj->data.x509; if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) { X509_STORE_unlock(store); - sk_X509_pop_free(sk, X509_free); + OSSL_STACK_OF_X509_free(sk); return NULL; } } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8ab6381daf..8a7f1ba8e8 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -138,7 +138,7 @@ static int lookup_cert_match(X509 **result, X509_STORE_CTX *ctx, X509 *x) else *result = xtmp; } - sk_X509_pop_free(certs, X509_free); + OSSL_STACK_OF_X509_free(certs); return ret; } @@ -385,7 +385,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) { - sk_X509_pop_free(sk, X509_free); + OSSL_STACK_OF_X509_free(sk); ctx->error = X509_V_ERR_OUT_OF_MEM; return NULL; } @@ -2484,7 +2484,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) } X509_policy_tree_free(ctx->tree); ctx->tree = NULL; - sk_X509_pop_free(ctx->chain, X509_free); + OSSL_STACK_OF_X509_free(ctx->chain); ctx->chain = NULL; CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); @@ -2523,7 +2523,7 @@ void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) { - sk_X509_pop_free(ctx->chain, X509_free); + OSSL_STACK_OF_X509_free(ctx->chain); ctx->chain = sk; } |