Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
52 files changed:
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
- sk_X509_pop_free(cert_sk, X509_free);
+ OSSL_STACK_OF_X509_free(cert_sk);
cleanse(passin);
if (free_passin)
cleanse(passin);
if (free_passin)
if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL)
return 0;
ok = (*set1_fn)(ctx, certs);
if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL)
return 0;
ok = (*set1_fn)(ctx, certs);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) {
CMP_err1("unable to use client TLS certificate file '%s'",
opt_tls_cert);
if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) {
CMP_err1("unable to use client TLS certificate file '%s'",
opt_tls_cert);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
goto err;
}
for (i = 0; i < sk_X509_num(untrusted); i++) {
goto err;
}
for (i = 0; i < sk_X509_num(untrusted); i++) {
ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs);
}
X509_STORE_free(own_trusted);
ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs);
}
X509_STORE_free(own_trusted);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
if (!ok)
return 0;
} else if (opt_own_trusted != NULL) {
if (!ok)
return 0;
} else if (opt_own_trusted != NULL) {
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
- sk_X509_pop_free(allcerts, X509_free);
+ OSSL_STACK_OF_X509_free(allcerts);
end:
if (ret)
ERR_print_errors(bio_err);
end:
if (ret)
ERR_print_errors(bio_err);
- sk_X509_pop_free(encerts, X509_free);
- sk_X509_pop_free(other, X509_free);
+ OSSL_STACK_OF_X509_free(encerts);
+ OSSL_STACK_OF_X509_free(other);
X509_VERIFY_PARAM_free(vpm);
sk_OPENSSL_STRING_free(sksigners);
sk_OPENSSL_STRING_free(skkeys);
X509_VERIFY_PARAM_free(vpm);
sk_OPENSSL_STRING_free(sksigners);
sk_OPENSSL_STRING_free(skkeys);
warn_cert(uri, *pcert, 0, vpm);
warn_certs(uri, *pcerts, 1, vpm);
} else {
warn_cert(uri, *pcert, 0, vpm);
warn_certs(uri, *pcerts, 1, vpm);
} else {
- sk_X509_pop_free(*pcerts, X509_free);
+ OSSL_STACK_OF_X509_free(*pcerts);
*pcerts = NULL;
}
return ret;
*pcerts = NULL;
}
return ret;
if (!X509_add_certs(result, certs,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto oom;
if (!X509_add_certs(result, certs,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto oom;
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
certs = NULL;
files = next;
}
certs = NULL;
files = next;
}
oom:
BIO_printf(bio_err, "out of memory\n");
err:
oom:
BIO_printf(bio_err, "out of memory\n");
err:
- sk_X509_pop_free(certs, X509_free);
- sk_X509_pop_free(result, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
+ OSSL_STACK_OF_X509_free(result);
return NULL;
}
ok = (store = sk_X509_to_store(store, certs)) != NULL;
return NULL;
}
ok = (store = sk_X509_to_store(store, certs)) != NULL;
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
certs = NULL;
if (!ok)
return NULL;
certs = NULL;
if (!ok)
return NULL;
NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
- sk_X509_pop_free(*certs, X509_free);
+ OSSL_STACK_OF_X509_free(*certs);
*certs = NULL;
}
return ret;
*certs = NULL;
}
return ret;
OSSL_CMP_PKISI_free(ctx->statusOut);
X509_free(ctx->certOut);
OSSL_CMP_PKISI_free(ctx->statusOut);
X509_free(ctx->certOut);
- sk_X509_pop_free(ctx->chainOut, X509_free);
- sk_X509_pop_free(ctx->caPubsOut, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chainOut);
+ OSSL_STACK_OF_X509_free(ctx->caPubsOut);
OSSL_CMP_MSG_free(ctx->certReq);
OPENSSL_free(ctx);
}
OSSL_CMP_MSG_free(ctx->certReq);
OPENSSL_free(ctx);
}
}
if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL)
return 0;
}
if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL)
return 0;
- sk_X509_pop_free(ctx->chainOut, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chainOut);
ctx->chainOut = chain_copy;
return 1;
}
ctx->chainOut = chain_copy;
return 1;
}
}
if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL)
return 0;
}
if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL)
return 0;
- sk_X509_pop_free(ctx->caPubsOut, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->caPubsOut);
ctx->caPubsOut = caPubs_copy;
return 1;
}
ctx->caPubsOut = caPubs_copy;
return 1;
}
err:
X509_free(*certOut);
*certOut = NULL;
err:
X509_free(*certOut);
*certOut = NULL;
- sk_X509_pop_free(*chainOut, X509_free);
+ OSSL_STACK_OF_X509_free(*chainOut);
- sk_X509_pop_free(*caPubs, X509_free);
+ OSSL_STACK_OF_X509_free(*caPubs);
*caPubs = NULL;
return NULL;
}
*caPubs = NULL;
return NULL;
}
while (exc) {
X509_free(exc->cert);
EVP_PKEY_free(exc->key);
while (exc) {
X509_free(exc->cert);
EVP_PKEY_free(exc->key);
- sk_X509_pop_free(exc->chain, X509_free);
+ OSSL_STACK_OF_X509_free(exc->chain);
curr = exc;
exc = exc->next;
OPENSSL_free(curr);
curr = exc;
exc = exc->next;
OPENSSL_free(curr);
EVP_MD_free(rsign_md);
EVP_MD_free(resp_certid_md);
X509_free(cert);
EVP_MD_free(rsign_md);
EVP_MD_free(resp_certid_md);
X509_free(cert);
- sk_X509_pop_free(issuers, X509_free);
+ OSSL_STACK_OF_X509_free(issuers);
- sk_X509_pop_free(rca_cert, X509_free);
+ OSSL_STACK_OF_X509_free(rca_cert);
free_index(rdb);
BIO_free_all(cbio);
BIO_free_all(acbio);
free_index(rdb);
BIO_free_all(cbio);
BIO_free_all(acbio);
OCSP_BASICRESP_free(bs);
sk_OPENSSL_STRING_free(reqnames);
sk_OCSP_CERTID_free(ids);
OCSP_BASICRESP_free(bs);
sk_OPENSSL_STRING_free(reqnames);
sk_OCSP_CERTID_free(ids);
- sk_X509_pop_free(sign_other, X509_free);
- sk_X509_pop_free(verify_other, X509_free);
+ OSSL_STACK_OF_X509_free(sign_other);
+ OSSL_STACK_OF_X509_free(verify_other);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
OPENSSL_free(thost);
OPENSSL_free(tport);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
OPENSSL_free(thost);
OPENSSL_free(tport);
/* Add the remaining certs (except for duplicates) */
add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
| X509_ADD_FLAG_NO_DUP);
/* Add the remaining certs (except for duplicates) */
add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
| X509_ADD_FLAG_NO_DUP);
- sk_X509_pop_free(chain2, X509_free);
+ OSSL_STACK_OF_X509_free(chain2);
if (!add_certs)
goto export_end;
} else {
if (!add_certs)
goto export_end;
} else {
EVP_PKEY_free(key);
EVP_MD_free(macmd);
EVP_PKEY_free(key);
EVP_MD_free(macmd);
- sk_X509_pop_free(certs, X509_free);
- sk_X509_pop_free(untrusted_certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
+ OSSL_STACK_OF_X509_free(untrusted_certs);
X509_free(ee_cert);
ERR_print_errors(bio_err);
X509_free(ee_cert);
ERR_print_errors(bio_err);
X509_free(cert);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
EVP_PKEY_free(key);
X509_free(cert);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
EVP_PKEY_free(key);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
OPENSSL_free(pass);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
OPENSSL_free(pass);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
- sk_X509_pop_free(s_chain, X509_free);
- sk_X509_pop_free(s_dchain, X509_free);
+ OSSL_STACK_OF_X509_free(s_chain);
+ OSSL_STACK_OF_X509_free(s_dchain);
OPENSSL_free(pass);
OPENSSL_free(dpass);
OPENSSL_free(host);
OPENSSL_free(pass);
OPENSSL_free(dpass);
OPENSSL_free(host);
end:
if (ret)
ERR_print_errors(bio_err);
end:
if (ret)
ERR_print_errors(bio_err);
- sk_X509_pop_free(encerts, X509_free);
- sk_X509_pop_free(other, X509_free);
+ OSSL_STACK_OF_X509_free(encerts);
+ OSSL_STACK_OF_X509_free(other);
X509_VERIFY_PARAM_free(vpm);
sk_OPENSSL_STRING_free(sksigners);
sk_OPENSSL_STRING_free(skkeys);
X509_VERIFY_PARAM_free(vpm);
sk_OPENSSL_STRING_free(sksigners);
sk_OPENSSL_STRING_free(skkeys);
end:
X509_VERIFY_PARAM_free(vpm);
X509_STORE_free(store);
end:
X509_VERIFY_PARAM_free(vpm);
X509_STORE_free(store);
- sk_X509_pop_free(untrusted, X509_free);
- sk_X509_pop_free(trusted, X509_free);
+ OSSL_STACK_OF_X509_free(untrusted);
+ OSSL_STACK_OF_X509_free(trusted);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_OPENSSL_STRING_free(vfyopts);
release_engine(e);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_OPENSSL_STRING_free(vfyopts);
release_engine(e);
BIO_printf(bio_out, " (untrusted)");
BIO_printf(bio_out, "\n");
}
BIO_printf(bio_out, " (untrusted)");
BIO_printf(bio_out, "\n");
}
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
} else {
BIO_printf(bio_err,
}
} else {
BIO_printf(bio_err,
"success building approximate chain for newly enrolled cert");
}
(void)ossl_cmp_ctx_set1_newChain(ctx, chain);
"success building approximate chain for newly enrolled cert");
}
(void)ossl_cmp_ctx_set1_newChain(ctx, chain);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
/* Get current list of non-trusted intermediate certs */
DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509))
/* Get current list of non-trusted intermediate certs */
DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509))
-#define X509_STACK_free(certs) \
- sk_X509_pop_free(certs, X509_free)
-
/*
* Set untrusted certificates for path construction in authentication of
* the CMP server and potentially others (TLS server, newly enrolled cert).
/*
* Set untrusted certificates for path construction in authentication of
* the CMP server and potentially others (TLS server, newly enrolled cert).
if (!ossl_x509_add_certs_new(&untrusted, certs,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto err;
if (!ossl_x509_add_certs_new(&untrusted, certs,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto err;
- X509_STACK_free(ctx->untrusted);
+ OSSL_STACK_OF_X509_free(ctx->untrusted);
ctx->untrusted = untrusted;
return 1;
err:
ctx->untrusted = untrusted;
return 1;
err:
- X509_STACK_free(untrusted);
+ OSSL_STACK_OF_X509_free(untrusted);
X509_free(ctx->validatedSrvCert);
X509_NAME_free(ctx->expected_sender);
X509_STORE_free(ctx->trusted);
X509_free(ctx->validatedSrvCert);
X509_NAME_free(ctx->expected_sender);
X509_STORE_free(ctx->trusted);
- X509_STACK_free(ctx->untrusted);
+ OSSL_STACK_OF_X509_free(ctx->untrusted);
- X509_STACK_free(ctx->chain);
+ OSSL_STACK_OF_X509_free(ctx->chain);
EVP_PKEY_free(ctx->pkey);
ASN1_OCTET_STRING_free(ctx->referenceValue);
if (ctx->secretValue != NULL)
EVP_PKEY_free(ctx->pkey);
ASN1_OCTET_STRING_free(ctx->referenceValue);
if (ctx->secretValue != NULL)
ASN1_OCTET_STRING_free(ctx->senderNonce);
ASN1_OCTET_STRING_free(ctx->recipNonce);
OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs);
ASN1_OCTET_STRING_free(ctx->senderNonce);
ASN1_OCTET_STRING_free(ctx->recipNonce);
OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs);
- X509_STACK_free(ctx->extraCertsOut);
+ OSSL_STACK_OF_X509_free(ctx->extraCertsOut);
EVP_PKEY_free(ctx->newPkey);
X509_NAME_free(ctx->issuer);
EVP_PKEY_free(ctx->newPkey);
X509_NAME_free(ctx->issuer);
OSSL_CMP_PKIFREETEXT_free(ctx->statusString);
X509_free(ctx->newCert);
OSSL_CMP_PKIFREETEXT_free(ctx->statusString);
X509_free(ctx->newCert);
- X509_STACK_free(ctx->newChain);
- X509_STACK_free(ctx->caPubs);
- X509_STACK_free(ctx->extraCertsIn);
+ OSSL_STACK_OF_X509_free(ctx->newChain);
+ OSSL_STACK_OF_X509_free(ctx->caPubs);
+ OSSL_STACK_OF_X509_free(ctx->extraCertsIn);
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
return 0; \
} \
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
return 0; \
} \
- X509_STACK_free(ctx->FIELD); \
+ OSSL_STACK_OF_X509_free(ctx->FIELD); \
ctx->FIELD = NULL; \
return certs == NULL || (ctx->FIELD = X509_chain_up_ref(certs)) != NULL; \
}
ctx->FIELD = NULL; \
return certs == NULL || (ctx->FIELD = X509_chain_up_ref(certs)) != NULL; \
}
err:
OSSL_CMP_PKISI_free(si);
X509_free(certOut);
err:
OSSL_CMP_PKISI_free(si);
X509_free(certOut);
- sk_X509_pop_free(chainOut, X509_free);
- sk_X509_pop_free(caPubs, X509_free);
+ OSSL_STACK_OF_X509_free(chainOut);
+ OSSL_STACK_OF_X509_free(caPubs);
: "certs in trusted store",
msg->extraCerts, ctx->untrusted,
msg, mode_3gpp);
: "certs in trusted store",
msg->extraCerts, ctx->untrusted,
msg, mode_3gpp);
- sk_X509_pop_free(trusted, X509_free);
+ OSSL_STACK_OF_X509_free(trusted);
if (cch->type == 0) {
if (!ossl_x509_add_cert_new(&certs, cch->d.certificate,
X509_ADD_FLAG_UP_REF)) {
if (cch->type == 0) {
if (!ossl_x509_add_cert_new(&certs, cch->d.certificate,
X509_ADD_FLAG_UP_REF)) {
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
err2:
if (si_chains != NULL) {
for (i = 0; i < scount; ++i)
err2:
if (si_chains != NULL) {
for (i = 0; i < scount; ++i)
- sk_X509_pop_free(si_chains[i], X509_free);
+ OSSL_STACK_OF_X509_free(si_chains[i]);
OPENSSL_free(si_chains);
}
OPENSSL_free(si_chains);
}
- sk_X509_pop_free(cms_certs, X509_free);
+ OSSL_STACK_OF_X509_free(cms_certs);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
sk_X509_free(untrusted);
return ret;
}
sk_X509_free(untrusted);
return ret;
}
*cert = NULL;
}
X509_free(x);
*cert = NULL;
}
X509_free(x);
- sk_X509_pop_free(ocerts, X509_free);
+ OSSL_STACK_OF_X509_free(ocerts);
}
EVP_PKEY_free(pkey);
X509_free(cert);
}
EVP_PKEY_free(pkey);
X509_free(cert);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
OSSL_STORE_INFO_free(osi_pkey);
OSSL_STORE_INFO_free(osi_cert);
OSSL_STORE_INFO_free(osi_ca);
OSSL_STORE_INFO_free(osi_pkey);
OSSL_STORE_INFO_free(osi_cert);
OSSL_STORE_INFO_free(osi_ca);
if (xi->x509 != NULL) {
if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) {
if (xi->x509 != NULL) {
if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) {
- sk_X509_pop_free(othercerts, X509_free);
+ OSSL_STACK_OF_X509_free(othercerts);
othercerts = NULL;
goto end;
}
othercerts = NULL;
goto end;
}
- sk_X509_pop_free(certs_obj, X509_free);
+ OSSL_STACK_OF_X509_free(certs_obj);
OPENSSL_free(ctx->propq);
X509_free(ctx->signer_cert);
EVP_PKEY_free(ctx->signer_key);
OPENSSL_free(ctx->propq);
X509_free(ctx->signer_cert);
EVP_PKEY_free(ctx->signer_key);
- sk_X509_pop_free(ctx->certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->certs);
sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
ASN1_OBJECT_free(ctx->default_policy);
sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */
sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
ASN1_OBJECT_free(ctx->default_policy);
sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
- sk_X509_pop_free(ctx->certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->certs);
ctx->certs = NULL;
return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL;
ctx->certs = NULL;
return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL;
err:
BIO_free_all(p7bio);
sk_X509_free(untrusted);
err:
BIO_free_all(p7bio);
sk_X509_free(untrusted);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
sk_X509_free(signers);
return ret;
sk_X509_free(signers);
return ret;
return;
X509_STORE_free(ctx->store);
return;
X509_STORE_free(ctx->store);
- sk_X509_pop_free(ctx->certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->certs);
ASN1_OBJECT_free(ctx->policy);
ASN1_OBJECT_free(ctx->policy);
#include "crypto/asn1.h"
#include "crypto/x509.h"
#include "crypto/asn1.h"
#include "crypto/x509.h"
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs)
+{
+ sk_X509_pop_free(certs, X509_free);
+}
+
#ifndef OPENSSL_NO_STDIO
int X509_print_fp(FILE *fp, X509 *x)
{
#ifndef OPENSSL_NO_STDIO
int X509_print_fp(FILE *fp, X509 *x)
{
STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store);
int ret = print_certs(bio, certs);
STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store);
int ret = print_certs(bio, certs);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
return ret;
} else {
return BIO_printf(bio, " (no trusted store)\n") >= 0;
return ret;
} else {
return BIO_printf(bio, " (no trusted store)\n") >= 0;
err:
X509_STORE_unlock(store);
err:
X509_STORE_unlock(store);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
x = obj->data.x509;
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
X509_STORE_unlock(store);
x = obj->data.x509;
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
X509_STORE_unlock(store);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
x = sk_X509_value(ctx->other_ctx, i);
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
x = sk_X509_value(ctx->other_ctx, i);
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
ctx->error = X509_V_ERR_OUT_OF_MEM;
return NULL;
}
ctx->error = X509_V_ERR_OUT_OF_MEM;
return NULL;
}
}
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
}
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
- sk_X509_pop_free(ctx->chain, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chain);
ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
{
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
{
- sk_X509_pop_free(ctx->chain, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chain);
- * sk_X509_pop_free will free up recipient STACK and its contents so set
- * rcert to NULL so it isn't freed up twice.
+ * OSSL_STACK_OF_X509_free() free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
CMS_ContentInfo_free(cms);
X509_free(rcert);
CMS_ContentInfo_free(cms);
X509_free(rcert);
- sk_X509_pop_free(recips, X509_free);
+ OSSL_STACK_OF_X509_free(recips);
BIO_free(in);
BIO_free(out);
BIO_free(dout);
BIO_free(in);
BIO_free(out);
BIO_free(dout);
- * sk_X509_pop_free will free up recipient STACK and its contents so set
- * rcert to NULL so it isn't freed up twice.
+ * OSSL_STACK_OF_X509_free() will free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
CMS_ContentInfo_free(cms);
X509_free(rcert);
CMS_ContentInfo_free(cms);
X509_free(rcert);
- sk_X509_pop_free(recips, X509_free);
+ OSSL_STACK_OF_X509_free(recips);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
OPENSSL_free(name);
X509_free(cert);
EVP_PKEY_free(pkey);
OPENSSL_free(name);
X509_free(cert);
EVP_PKEY_free(pkey);
- sk_X509_pop_free(ca, X509_free);
+ OSSL_STACK_OF_X509_free(ca);
- * sk_X509_pop_free will free up recipient STACK and its contents so set
- * rcert to NULL so it isn't freed up twice.
+ * OSSL_STACK_OF_X509_free() will free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
}
PKCS7_free(p7);
X509_free(rcert);
}
PKCS7_free(p7);
X509_free(rcert);
- sk_X509_pop_free(recips, X509_free);
+ OSSL_STACK_OF_X509_free(recips);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
invalid. The returned chain persists after the I<ctx> structure is freed.
When it is no longer needed it should be free up using:
invalid. The returned chain persists after the I<ctx> structure is freed.
When it is no longer needed it should be free up using:
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
X509_verify_cert_error_string() returns a human readable error string for
verification error I<n>.
X509_verify_cert_error_string() returns a human readable error string for
verification error I<n>.
X509_new, X509_new_ex,
X509_free, X509_up_ref,
X509_new, X509_new_ex,
X509_free, X509_up_ref,
-X509_chain_up_ref - X509 certificate ASN1 allocation functions
+X509_chain_up_ref,
+OSSL_STACK_OF_X509_free
+- X509 certificate ASN1 allocation and deallocation functions
void X509_free(X509 *a);
int X509_up_ref(X509 *a);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
void X509_free(X509 *a);
int X509_up_ref(X509 *a);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
+ void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
X509_chain_up_ref() increases the reference count of all certificates in
chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL.
X509_chain_up_ref() increases the reference count of all certificates in
chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL.
+OSSL_STACK_OF_X509_free() deallocates the given list of pointers to
+certificates after calling X509_free() on all its elements.
+
=head1 NOTES
The function X509_up_ref() if useful if a certificate structure is being
=head1 NOTES
The function X509_up_ref() if useful if a certificate structure is being
X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.
X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.
+OSSL_STACK_OF_X509_free() has no return value.
+
=head1 SEE ALSO
L<d2i_X509(3)>,
=head1 SEE ALSO
L<d2i_X509(3)>,
-The function X509_new_ex() was added in OpenSSL 3.0.
+X509_new_ex() was added in OpenSSL 3.0.
+
+OSSL_STACK_OF_X509_free() was added in OpenSSL 3.1.
}
EVP_PKEY_free(pkey);
X509_free(cert);
}
EVP_PKEY_free(pkey);
X509_free(cert);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
store_info_free(osi_pkey);
store_info_free(osi_cert);
store_info_free(osi_ca);
store_info_free(osi_pkey);
store_info_free(osi_cert);
store_info_free(osi_ca);
X509 *x, STACK_OF(X509) *chain,
unsigned long flags);
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
X509 *x, STACK_OF(X509) *chain,
unsigned long flags);
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
- sk_X509_pop_free(ctx->extra_certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->extra_certs);
ctx->extra_certs = NULL;
break;
ctx->extra_certs = NULL;
break;
cpk->x509 = NULL;
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
cpk->x509 = NULL;
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = NULL;
OPENSSL_free(cpk->serverinfo);
cpk->serverinfo = NULL;
cpk->chain = NULL;
OPENSSL_free(cpk->serverinfo);
cpk->serverinfo = NULL;
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = chain;
return 1;
}
cpk->chain = chain;
return 1;
}
if (!dchain)
return 0;
if (!ssl_cert_set0_chain(s, ctx, dchain)) {
if (!dchain)
return 0;
if (!ssl_cert_set0_chain(s, ctx, dchain)) {
- sk_X509_pop_free(dchain, X509_free);
+ OSSL_STACK_OF_X509_free(dchain);
}
s->verify_result = X509_STORE_CTX_get_error(ctx);
}
s->verify_result = X509_STORE_CTX_get_error(ctx);
- sk_X509_pop_free(s->verified_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->verified_chain);
s->verified_chain = NULL;
if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
s->verified_chain = NULL;
if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
rv = ssl_security_cert(s, ctx, x, 0, 0);
if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv);
rv = ssl_security_cert(s, ctx, x, 0, 0);
if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = chain;
if (rv == 0)
rv = 1;
cpk->chain = chain;
if (rv == 0)
rv = 1;
sk_danetls_record_pop_free(dane->trecs, tlsa_free);
dane->trecs = NULL;
sk_danetls_record_pop_free(dane->trecs, tlsa_free);
dane->trecs = NULL;
- sk_X509_pop_free(dane->certs, X509_free);
+ OSSL_STACK_OF_X509_free(dane->certs);
dane->certs = NULL;
X509_free(dane->mcert);
dane->certs = NULL;
X509_free(dane->mcert);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
- sk_X509_pop_free(s->verified_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->verified_chain);
if (s->method != NULL)
s->method->ssl_free(s);
if (s->method != NULL)
s->method->ssl_free(s);
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
- sk_X509_pop_free(a->extra_certs, X509_free);
+ OSSL_STACK_OF_X509_free(a->extra_certs);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
- sk_X509_pop_free(c->pkeys[i].chain, X509_free);
+ OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
c->pkeys[i].chain = dup_chain;
X509_free(c->pkeys[i].x509);
c->pkeys[i].chain = dup_chain;
X509_free(c->pkeys[i].x509);
OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
X509_free(ss->peer);
OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
X509_free(ss->peer);
- sk_X509_pop_free(ss->peer_chain, X509_free);
+ OSSL_STACK_OF_X509_free(ss->peer_chain);
OPENSSL_free(ss->ext.hostname);
OPENSSL_free(ss->ext.tick);
#ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->ext.hostname);
OPENSSL_free(ss->ext.tick);
#ifndef OPENSSL_NO_PSK
- sk_X509_pop_free(s->session->peer_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->session->peer_chain);
s->session->peer_chain = NULL;
return MSG_PROCESS_ERROR;
}
s->session->peer_chain = NULL;
return MSG_PROCESS_ERROR;
}
s->session->peer = sk_X509_shift(sk);
s->session->verify_result = s->verify_result;
s->session->peer = sk_X509_shift(sk);
s->session->verify_result = s->verify_result;
- sk_X509_pop_free(s->session->peer_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->session->peer_chain);
s->session->peer_chain = sk;
sk = NULL;
s->session->peer_chain = sk;
sk = NULL;
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx);
int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0);
STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx);
int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0);
- sk_X509_pop_free(caPubs, X509_free);
+ OSSL_STACK_OF_X509_free(caPubs);
static void sk_X509_pop_X509_free(STACK_OF(X509) *sk)
{
static void sk_X509_pop_X509_free(STACK_OF(X509) *sk)
{
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
}
static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture)
}
static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture)
if (TEST_ptr(chain)) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
if (TEST_ptr(chain)) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
if (ret && chain != NULL) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
if (ret && chain != NULL) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
}
X509_STORE_free(store);
}
}
X509_STORE_free(store);
res = 1;
err:
X509_STORE_free(store);
res = 1;
err:
X509_STORE_free(store);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
status = X509_verify_cert(ctx) == 1 ? X509_V_OK
: X509_STORE_CTX_get_error(ctx);
err:
status = X509_verify_cert(ctx) == 1 ? X509_V_OK
: X509_STORE_CTX_get_error(ctx);
err:
- sk_X509_pop_free(roots, X509_free);
+ OSSL_STACK_OF_X509_free(roots);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
X509_VERIFY_PARAM_free(param);
X509_STORE_CTX_free(ctx);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
X509_VERIFY_PARAM_free(param);
X509_STORE_CTX_free(ctx);
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
ok = verify_chain(ssl, chain);
}
ok = verify_chain(ssl, chain);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
err = SSL_get_verify_result(ssl);
/*
* Peek under the hood, normally TLSA match data is hidden when
err = SSL_get_verify_result(ssl);
/*
* Peek under the hood, normally TLSA match data is hidden when
EVP_PKEY_free(pkey);
X509_free(x509);
X509_free(rootx);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_free(rootx);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
do {
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (x != NULL && !sk_X509_push(certs, x)) {
do {
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (x != NULL && !sk_X509_push(certs, x)) {
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
BIO_free(bio);
return NULL;
} else if (x == NULL) {
BIO_free(bio);
return NULL;
} else if (x == NULL) {
err:
X509_STORE_CTX_free(sctx);
X509_free(x);
err:
X509_STORE_CTX_free(sctx);
X509_free(x);
- sk_X509_pop_free(untrusted, X509_free);
+ OSSL_STACK_OF_X509_free(untrusted);
X509_STORE_free(store);
return ret;
}
X509_STORE_free(store);
return ret;
}
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+OSSL_STACK_OF_X509_free ? 3_1_0 EXIST::FUNCTION: