From 05f0fb9f6acc34c82a082d7668572828925694e7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 31 Aug 2015 20:29:57 +0100 Subject: [PATCH] Add X509_up_ref function. Reviewed-by: Rich Salz --- crypto/cms/cms_env.c | 2 +- crypto/cms/cms_lib.c | 4 ++-- crypto/cms/cms_sd.c | 4 ++-- crypto/ocsp/ocsp_cl.c | 2 +- crypto/ocsp/ocsp_srv.c | 2 +- crypto/pkcs7/pk7_lib.c | 4 ++-- crypto/store/str_lib.c | 8 +++----- crypto/ts/ts_rsp_sign.c | 2 +- crypto/ts/ts_rsp_verify.c | 2 +- crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_lu.c | 6 +++--- crypto/x509/x509_set.c | 5 +++++ crypto/x509/x509_vfy.c | 8 ++++---- crypto/x509v3/pcy_tree.c | 2 +- include/openssl/x509.h | 1 + ssl/s3_clnt.c | 2 +- ssl/ssl_cert.c | 4 ++-- ssl/ssl_lib.c | 2 +- ssl/ssl_rsa.c | 2 +- ssl/ssl_sess.c | 2 +- 20 files changed, 35 insertions(+), 31 deletions(-) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 5c86dd9972..f677a9bc4d 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -206,7 +206,7 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype)) return 0; - CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(recip); CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); ktri->pkey = pk; ktri->recip = recip; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index e698c006bf..0bfad69f27 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -457,7 +457,7 @@ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) int r; r = CMS_add0_cert(cms, cert); if (r > 0) - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return r; } @@ -542,7 +542,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) sk_X509_pop_free(certs, X509_free); return NULL; } - CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cch->d.certificate); } } return certs; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index ab574fc334..338e515358 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -285,7 +285,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509_check_purpose(signer, -1, -1); CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); - CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(signer); si->pkey = pk; si->signer = signer; @@ -485,7 +485,7 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) { if (signer) { - CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(signer); EVP_PKEY_free(si->pkey); si->pkey = X509_get_pubkey(signer); } diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index ef8ff30031..8143389873 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -138,7 +138,7 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) if (!sk_X509_push(sig->certs, cert)) return 0; - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return 1; } diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 740b11c5a0..948eff9864 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -213,7 +213,7 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) if (!sk_X509_push(resp->certs, cert)) return 0; - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return 1; } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index d8347419f4..b116f5a806 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -308,7 +308,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); return 0; } - CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x509); if (!sk_X509_push(*sk, x509)) { X509_free(x509); return 0; @@ -545,7 +545,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) EVP_PKEY_free(pkey); - CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x509); p7i->cert = x509; return 1; diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 585752add1..3201da9536 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -251,8 +251,7 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], STORE_R_FAILED_GETTING_CERTIFICATE); return 0; } - CRYPTO_add(&object->data.x509.certificate->references, 1, - CRYPTO_LOCK_X509); + X509_up_ref(object->data.x509.certificate); #ifdef REF_PRINT REF_PRINT("X509", data); #endif @@ -276,7 +275,7 @@ int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], return 0; } - CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(data); #ifdef REF_PRINT REF_PRINT("X509", data); #endif @@ -378,8 +377,7 @@ X509 *STORE_list_certificate_next(STORE *s, void *handle) STORE_R_FAILED_LISTING_CERTIFICATES); return 0; } - CRYPTO_add(&object->data.x509.certificate->references, 1, - CRYPTO_LOCK_X509); + X509_up_ref(object->data.x509.certificate); #ifdef REF_PRINT REF_PRINT("X509", data); #endif diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index d90d33ffea..f0fc503aff 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -209,7 +209,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) } X509_free(ctx->signer_cert); ctx->signer_cert = signer; - CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); + X509_up_ref(ctx->signer_cert); return 1; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 342c524c7c..5784e3dc5a 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -212,7 +212,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, /* Return the signer certificate if needed. */ if (signer_out) { *signer_out = signer; - CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(signer); } ret = 1; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 9308249570..47791c73d3 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -487,7 +487,7 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) ret = sk_X509_dup(chain); for (i = 0; i < sk_X509_num(ret); i++) { X509 *x = sk_X509_value(ret, i); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); } return ret; } diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index d8ba14c39a..3dae7fa41a 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -406,7 +406,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a) default: break; case X509_LU_X509: - CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(a->data.x509); break; case X509_LU_CRL: X509_CRL_up_ref(a->data.crl); @@ -521,7 +521,7 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < cnt; i++, idx++) { obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); x = obj->data.x509; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); if (!sk_X509_push(sk, x)) { CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); X509_free(x); @@ -676,7 +676,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); if (*issuer) - CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(*issuer); return ret; } diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 486e90acea..1ccfdb9d9c 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -150,3 +150,8 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) return (0); return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); } + +void X509_up_ref(X509 *x) +{ + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); +} diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 332a8c0f6c..7d770c52ab 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -172,7 +172,7 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) break; } if (i < sk_X509_num(certs)) - CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(xtmp); else xtmp = NULL; sk_X509_pop_free(certs, X509_free); @@ -212,7 +212,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); goto end; } - CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(ctx->cert); ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ @@ -262,7 +262,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); goto end; } - CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(xtmp); (void)sk_X509_delete_ptr(sktmp, xtmp); ctx->last_untrusted++; x = xtmp; @@ -566,7 +566,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); if (*issuer) { - CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(*issuer); return 1; } else return 0; diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index e7ab7cd8b1..4b0ea15b6d 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -249,7 +249,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, level++; x = sk_X509_value(certs, i); cache = policy_cache_set(x); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); level->cert = x; if (!cache->anyPolicy) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index a77f2ba334..4e816ea3c7 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -798,6 +798,7 @@ X509_NAME *X509_get_subject_name(X509 *a); int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +void X509_up_ref(X509 *x); EVP_PKEY *X509_get_pubkey(X509 *x); ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e7bbfc90ed..ba35fb9ca5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1359,7 +1359,7 @@ int ssl3_get_server_certificate(SSL *s) s->session->peer_type = i; X509_free(s->session->peer); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); s->session->peer = x; s->session->verify_result = s->verify_result; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 5e9b8ffe7a..11839612f2 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -250,7 +250,7 @@ CERT *ssl_cert_dup(CERT *cert) CERT_PKEY *rpk = ret->pkeys + i; if (cpk->x509 != NULL) { rpk->x509 = cpk->x509; - CRYPTO_add(&rpk->x509->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(rpk->x509); } if (cpk->privatekey != NULL) { @@ -463,7 +463,7 @@ int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x) { if (!ssl_cert_add0_chain_cert(s, ctx, x)) return 0; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); return 1; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2a2eb7827c..fd1561e52d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -825,7 +825,7 @@ X509 *SSL_get_peer_certificate(const SSL *s) if (r == NULL) return (r); - CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(r); return (r); } diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index f4851266a1..6772441d10 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -415,7 +415,7 @@ static int ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_free(pkey); X509_free(c->pkeys[i].x509); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x); c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 26a3c43f24..69e6d7fea5 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -266,7 +266,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->references = 1; if (src->peer != NULL) - CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(src->peer); if (src->peer_chain != NULL) { dest->peer_chain = X509_chain_up_ref(src->peer_chain); -- 2.39.2