add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
This commit is contained in:
Dr. David von Oheimb
Dr. David von Oheimb
parent
0d4c52320d
commit
79b2a2f2ee
@ -1325,7 +1325,7 @@ end_of_options:
|
|||||||
BIO_free_all(Sout);
|
BIO_free_all(Sout);
|
||||||
BIO_free_all(out);
|
BIO_free_all(out);
|
||||||
BIO_free_all(in);
|
BIO_free_all(in);
|
||||||
sk_X509_pop_free(cert_sk, X509_free);
|
OSSL_STACK_OF_X509_free(cert_sk);
|
||||||
|
|
||||||
cleanse(passin);
|
cleanse(passin);
|
||||||
if (free_passin)
|
if (free_passin)
|
||||||
|
|||||||
@ -933,7 +933,7 @@ static int setup_certs(char *files, const char *desc, void *ctx,
|
|||||||
if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL)
|
if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
ok = (*set1_fn)(ctx, certs);
|
ok = (*set1_fn)(ctx, certs);
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
return ok;
|
return ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1262,7 +1262,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
|
|||||||
if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) {
|
if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) {
|
||||||
CMP_err1("unable to use client TLS certificate file '%s'",
|
CMP_err1("unable to use client TLS certificate file '%s'",
|
||||||
opt_tls_cert);
|
opt_tls_cert);
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
for (i = 0; i < sk_X509_num(untrusted); i++) {
|
for (i = 0; i < sk_X509_num(untrusted); i++) {
|
||||||
@ -1441,7 +1441,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||||||
ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs);
|
ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs);
|
||||||
}
|
}
|
||||||
X509_STORE_free(own_trusted);
|
X509_STORE_free(own_trusted);
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
if (!ok)
|
if (!ok)
|
||||||
return 0;
|
return 0;
|
||||||
} else if (opt_own_trusted != NULL) {
|
} else if (opt_own_trusted != NULL) {
|
||||||
@ -2020,7 +2020,7 @@ static int save_free_certs(OSSL_CMP_CTX *ctx,
|
|||||||
|
|
||||||
end:
|
end:
|
||||||
BIO_free(bio);
|
BIO_free(bio);
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -909,7 +909,7 @@ int cms_main(int argc, char **argv)
|
|||||||
ret = 5;
|
ret = 5;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
sk_X509_pop_free(allcerts, X509_free);
|
OSSL_STACK_OF_X509_free(allcerts);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1237,8 +1237,8 @@ int cms_main(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
if (ret)
|
if (ret)
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
sk_X509_pop_free(encerts, X509_free);
|
OSSL_STACK_OF_X509_free(encerts);
|
||||||
sk_X509_pop_free(other, X509_free);
|
OSSL_STACK_OF_X509_free(other);
|
||||||
X509_VERIFY_PARAM_free(vpm);
|
X509_VERIFY_PARAM_free(vpm);
|
||||||
sk_OPENSSL_STRING_free(sksigners);
|
sk_OPENSSL_STRING_free(sksigners);
|
||||||
sk_OPENSSL_STRING_free(skkeys);
|
sk_OPENSSL_STRING_free(skkeys);
|
||||||
|
|||||||
@ -696,7 +696,7 @@ int load_cert_certs(const char *uri,
|
|||||||
warn_cert(uri, *pcert, 0, vpm);
|
warn_cert(uri, *pcert, 0, vpm);
|
||||||
warn_certs(uri, *pcerts, 1, vpm);
|
warn_certs(uri, *pcerts, 1, vpm);
|
||||||
} else {
|
} else {
|
||||||
sk_X509_pop_free(*pcerts, X509_free);
|
OSSL_STACK_OF_X509_free(*pcerts);
|
||||||
*pcerts = NULL;
|
*pcerts = NULL;
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
@ -721,7 +721,7 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
|
|||||||
if (!X509_add_certs(result, certs,
|
if (!X509_add_certs(result, certs,
|
||||||
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
|
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
|
||||||
goto oom;
|
goto oom;
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
certs = NULL;
|
certs = NULL;
|
||||||
files = next;
|
files = next;
|
||||||
}
|
}
|
||||||
@ -730,8 +730,8 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
|
|||||||
oom:
|
oom:
|
||||||
BIO_printf(bio_err, "out of memory\n");
|
BIO_printf(bio_err, "out of memory\n");
|
||||||
err:
|
err:
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
sk_X509_pop_free(result, X509_free);
|
OSSL_STACK_OF_X509_free(result);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -772,7 +772,7 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
ok = (store = sk_X509_to_store(store, certs)) != NULL;
|
ok = (store = sk_X509_to_store(store, certs)) != NULL;
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
certs = NULL;
|
certs = NULL;
|
||||||
if (!ok)
|
if (!ok)
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -794,7 +794,7 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
|
|||||||
NULL, NULL, certs, NULL, NULL);
|
NULL, NULL, certs, NULL, NULL);
|
||||||
|
|
||||||
if (!ret && was_NULL) {
|
if (!ret && was_NULL) {
|
||||||
sk_X509_pop_free(*certs, X509_free);
|
OSSL_STACK_OF_X509_free(*certs);
|
||||||
*certs = NULL;
|
*certs = NULL;
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@ -38,8 +38,8 @@ static void mock_srv_ctx_free(mock_srv_ctx *ctx)
|
|||||||
|
|
||||||
OSSL_CMP_PKISI_free(ctx->statusOut);
|
OSSL_CMP_PKISI_free(ctx->statusOut);
|
||||||
X509_free(ctx->certOut);
|
X509_free(ctx->certOut);
|
||||||
sk_X509_pop_free(ctx->chainOut, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->chainOut);
|
||||||
sk_X509_pop_free(ctx->caPubsOut, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->caPubsOut);
|
||||||
OSSL_CMP_MSG_free(ctx->certReq);
|
OSSL_CMP_MSG_free(ctx->certReq);
|
||||||
OPENSSL_free(ctx);
|
OPENSSL_free(ctx);
|
||||||
}
|
}
|
||||||
@ -91,7 +91,7 @@ int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
}
|
}
|
||||||
if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL)
|
if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
sk_X509_pop_free(ctx->chainOut, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->chainOut);
|
||||||
ctx->chainOut = chain_copy;
|
ctx->chainOut = chain_copy;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -108,7 +108,7 @@ int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
}
|
}
|
||||||
if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL)
|
if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
sk_X509_pop_free(ctx->caPubsOut, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->caPubsOut);
|
||||||
ctx->caPubsOut = caPubs_copy;
|
ctx->caPubsOut = caPubs_copy;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -252,9 +252,9 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
err:
|
err:
|
||||||
X509_free(*certOut);
|
X509_free(*certOut);
|
||||||
*certOut = NULL;
|
*certOut = NULL;
|
||||||
sk_X509_pop_free(*chainOut, X509_free);
|
OSSL_STACK_OF_X509_free(*chainOut);
|
||||||
*chainOut = NULL;
|
*chainOut = NULL;
|
||||||
sk_X509_pop_free(*caPubs, X509_free);
|
OSSL_STACK_OF_X509_free(*caPubs);
|
||||||
*caPubs = NULL;
|
*caPubs = NULL;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -992,7 +992,7 @@ void ssl_excert_free(SSL_EXCERT *exc)
|
|||||||
while (exc) {
|
while (exc) {
|
||||||
X509_free(exc->cert);
|
X509_free(exc->cert);
|
||||||
EVP_PKEY_free(exc->key);
|
EVP_PKEY_free(exc->key);
|
||||||
sk_X509_pop_free(exc->chain, X509_free);
|
OSSL_STACK_OF_X509_free(exc->chain);
|
||||||
curr = exc;
|
curr = exc;
|
||||||
exc = exc->next;
|
exc = exc->next;
|
||||||
OPENSSL_free(curr);
|
OPENSSL_free(curr);
|
||||||
|
|||||||
@ -855,9 +855,9 @@ redo_accept:
|
|||||||
EVP_MD_free(rsign_md);
|
EVP_MD_free(rsign_md);
|
||||||
EVP_MD_free(resp_certid_md);
|
EVP_MD_free(resp_certid_md);
|
||||||
X509_free(cert);
|
X509_free(cert);
|
||||||
sk_X509_pop_free(issuers, X509_free);
|
OSSL_STACK_OF_X509_free(issuers);
|
||||||
X509_free(rsigner);
|
X509_free(rsigner);
|
||||||
sk_X509_pop_free(rca_cert, X509_free);
|
OSSL_STACK_OF_X509_free(rca_cert);
|
||||||
free_index(rdb);
|
free_index(rdb);
|
||||||
BIO_free_all(cbio);
|
BIO_free_all(cbio);
|
||||||
BIO_free_all(acbio);
|
BIO_free_all(acbio);
|
||||||
@ -867,8 +867,8 @@ redo_accept:
|
|||||||
OCSP_BASICRESP_free(bs);
|
OCSP_BASICRESP_free(bs);
|
||||||
sk_OPENSSL_STRING_free(reqnames);
|
sk_OPENSSL_STRING_free(reqnames);
|
||||||
sk_OCSP_CERTID_free(ids);
|
sk_OCSP_CERTID_free(ids);
|
||||||
sk_X509_pop_free(sign_other, X509_free);
|
OSSL_STACK_OF_X509_free(sign_other);
|
||||||
sk_X509_pop_free(verify_other, X509_free);
|
OSSL_STACK_OF_X509_free(verify_other);
|
||||||
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
|
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
|
||||||
OPENSSL_free(thost);
|
OPENSSL_free(thost);
|
||||||
OPENSSL_free(tport);
|
OPENSSL_free(tport);
|
||||||
|
|||||||
@ -610,7 +610,7 @@ int pkcs12_main(int argc, char **argv)
|
|||||||
/* Add the remaining certs (except for duplicates) */
|
/* Add the remaining certs (except for duplicates) */
|
||||||
add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
|
add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
|
||||||
| X509_ADD_FLAG_NO_DUP);
|
| X509_ADD_FLAG_NO_DUP);
|
||||||
sk_X509_pop_free(chain2, X509_free);
|
OSSL_STACK_OF_X509_free(chain2);
|
||||||
if (!add_certs)
|
if (!add_certs)
|
||||||
goto export_end;
|
goto export_end;
|
||||||
} else {
|
} else {
|
||||||
@ -697,8 +697,8 @@ int pkcs12_main(int argc, char **argv)
|
|||||||
|
|
||||||
EVP_PKEY_free(key);
|
EVP_PKEY_free(key);
|
||||||
EVP_MD_free(macmd);
|
EVP_MD_free(macmd);
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
sk_X509_pop_free(untrusted_certs, X509_free);
|
OSSL_STACK_OF_X509_free(untrusted_certs);
|
||||||
X509_free(ee_cert);
|
X509_free(ee_cert);
|
||||||
|
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
|
|||||||
@ -3048,7 +3048,7 @@ int s_client_main(int argc, char **argv)
|
|||||||
X509_free(cert);
|
X509_free(cert);
|
||||||
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
||||||
EVP_PKEY_free(key);
|
EVP_PKEY_free(key);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
OPENSSL_free(pass);
|
OPENSSL_free(pass);
|
||||||
#ifndef OPENSSL_NO_SRP
|
#ifndef OPENSSL_NO_SRP
|
||||||
OPENSSL_free(srp_arg.srppassin);
|
OPENSSL_free(srp_arg.srppassin);
|
||||||
|
|||||||
@ -2240,8 +2240,8 @@ int s_server_main(int argc, char *argv[])
|
|||||||
X509_free(s_dcert);
|
X509_free(s_dcert);
|
||||||
EVP_PKEY_free(s_key);
|
EVP_PKEY_free(s_key);
|
||||||
EVP_PKEY_free(s_dkey);
|
EVP_PKEY_free(s_dkey);
|
||||||
sk_X509_pop_free(s_chain, X509_free);
|
OSSL_STACK_OF_X509_free(s_chain);
|
||||||
sk_X509_pop_free(s_dchain, X509_free);
|
OSSL_STACK_OF_X509_free(s_dchain);
|
||||||
OPENSSL_free(pass);
|
OPENSSL_free(pass);
|
||||||
OPENSSL_free(dpass);
|
OPENSSL_free(dpass);
|
||||||
OPENSSL_free(host);
|
OPENSSL_free(host);
|
||||||
|
|||||||
@ -651,8 +651,8 @@ int smime_main(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
if (ret)
|
if (ret)
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
sk_X509_pop_free(encerts, X509_free);
|
OSSL_STACK_OF_X509_free(encerts);
|
||||||
sk_X509_pop_free(other, X509_free);
|
OSSL_STACK_OF_X509_free(other);
|
||||||
X509_VERIFY_PARAM_free(vpm);
|
X509_VERIFY_PARAM_free(vpm);
|
||||||
sk_OPENSSL_STRING_free(sksigners);
|
sk_OPENSSL_STRING_free(sksigners);
|
||||||
sk_OPENSSL_STRING_free(skkeys);
|
sk_OPENSSL_STRING_free(skkeys);
|
||||||
|
|||||||
@ -234,8 +234,8 @@ int verify_main(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
X509_VERIFY_PARAM_free(vpm);
|
X509_VERIFY_PARAM_free(vpm);
|
||||||
X509_STORE_free(store);
|
X509_STORE_free(store);
|
||||||
sk_X509_pop_free(untrusted, X509_free);
|
OSSL_STACK_OF_X509_free(untrusted);
|
||||||
sk_X509_pop_free(trusted, X509_free);
|
OSSL_STACK_OF_X509_free(trusted);
|
||||||
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
||||||
sk_OPENSSL_STRING_free(vfyopts);
|
sk_OPENSSL_STRING_free(vfyopts);
|
||||||
release_engine(e);
|
release_engine(e);
|
||||||
@ -307,7 +307,7 @@ static int check(X509_STORE *ctx, const char *file,
|
|||||||
BIO_printf(bio_out, " (untrusted)");
|
BIO_printf(bio_out, " (untrusted)");
|
||||||
BIO_printf(bio_out, "\n");
|
BIO_printf(bio_out, "\n");
|
||||||
}
|
}
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
|
|||||||
@ -514,7 +514,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
|
|||||||
"success building approximate chain for newly enrolled cert");
|
"success building approximate chain for newly enrolled cert");
|
||||||
}
|
}
|
||||||
(void)ossl_cmp_ctx_set1_newChain(ctx, chain);
|
(void)ossl_cmp_ctx_set1_newChain(ctx, chain);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
|
|
||||||
return fail_info;
|
return fail_info;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -61,9 +61,6 @@ DEFINE_OSSL_set0_NAME(OSSL_CMP_CTX, trustedStore, trusted, X509_STORE)
|
|||||||
/* Get current list of non-trusted intermediate certs */
|
/* Get current list of non-trusted intermediate certs */
|
||||||
DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509))
|
DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509))
|
||||||
|
|
||||||
#define X509_STACK_free(certs) \
|
|
||||||
sk_X509_pop_free(certs, X509_free)
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set untrusted certificates for path construction in authentication of
|
* Set untrusted certificates for path construction in authentication of
|
||||||
* the CMP server and potentially others (TLS server, newly enrolled cert).
|
* the CMP server and potentially others (TLS server, newly enrolled cert).
|
||||||
@ -79,11 +76,11 @@ int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
|
|||||||
if (!ossl_x509_add_certs_new(&untrusted, certs,
|
if (!ossl_x509_add_certs_new(&untrusted, certs,
|
||||||
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
|
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
|
||||||
goto err;
|
goto err;
|
||||||
X509_STACK_free(ctx->untrusted);
|
OSSL_STACK_OF_X509_free(ctx->untrusted);
|
||||||
ctx->untrusted = untrusted;
|
ctx->untrusted = untrusted;
|
||||||
return 1;
|
return 1;
|
||||||
err:
|
err:
|
||||||
X509_STACK_free(untrusted);
|
OSSL_STACK_OF_X509_free(untrusted);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -202,10 +199,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
|
|||||||
X509_free(ctx->validatedSrvCert);
|
X509_free(ctx->validatedSrvCert);
|
||||||
X509_NAME_free(ctx->expected_sender);
|
X509_NAME_free(ctx->expected_sender);
|
||||||
X509_STORE_free(ctx->trusted);
|
X509_STORE_free(ctx->trusted);
|
||||||
X509_STACK_free(ctx->untrusted);
|
OSSL_STACK_OF_X509_free(ctx->untrusted);
|
||||||
|
|
||||||
X509_free(ctx->cert);
|
X509_free(ctx->cert);
|
||||||
X509_STACK_free(ctx->chain);
|
OSSL_STACK_OF_X509_free(ctx->chain);
|
||||||
EVP_PKEY_free(ctx->pkey);
|
EVP_PKEY_free(ctx->pkey);
|
||||||
ASN1_OCTET_STRING_free(ctx->referenceValue);
|
ASN1_OCTET_STRING_free(ctx->referenceValue);
|
||||||
if (ctx->secretValue != NULL)
|
if (ctx->secretValue != NULL)
|
||||||
@ -219,7 +216,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
|
|||||||
ASN1_OCTET_STRING_free(ctx->senderNonce);
|
ASN1_OCTET_STRING_free(ctx->senderNonce);
|
||||||
ASN1_OCTET_STRING_free(ctx->recipNonce);
|
ASN1_OCTET_STRING_free(ctx->recipNonce);
|
||||||
OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs);
|
OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs);
|
||||||
X509_STACK_free(ctx->extraCertsOut);
|
OSSL_STACK_OF_X509_free(ctx->extraCertsOut);
|
||||||
|
|
||||||
EVP_PKEY_free(ctx->newPkey);
|
EVP_PKEY_free(ctx->newPkey);
|
||||||
X509_NAME_free(ctx->issuer);
|
X509_NAME_free(ctx->issuer);
|
||||||
@ -234,9 +231,9 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
|
|||||||
|
|
||||||
OSSL_CMP_PKIFREETEXT_free(ctx->statusString);
|
OSSL_CMP_PKIFREETEXT_free(ctx->statusString);
|
||||||
X509_free(ctx->newCert);
|
X509_free(ctx->newCert);
|
||||||
X509_STACK_free(ctx->newChain);
|
OSSL_STACK_OF_X509_free(ctx->newChain);
|
||||||
X509_STACK_free(ctx->caPubs);
|
OSSL_STACK_OF_X509_free(ctx->caPubs);
|
||||||
X509_STACK_free(ctx->extraCertsIn);
|
OSSL_STACK_OF_X509_free(ctx->extraCertsIn);
|
||||||
|
|
||||||
OPENSSL_free(ctx);
|
OPENSSL_free(ctx);
|
||||||
}
|
}
|
||||||
@ -469,7 +466,7 @@ int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) \
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
|
||||||
return 0; \
|
return 0; \
|
||||||
} \
|
} \
|
||||||
X509_STACK_free(ctx->FIELD); \
|
OSSL_STACK_OF_X509_free(ctx->FIELD); \
|
||||||
ctx->FIELD = NULL; \
|
ctx->FIELD = NULL; \
|
||||||
return certs == NULL || (ctx->FIELD = X509_chain_up_ref(certs)) != NULL; \
|
return certs == NULL || (ctx->FIELD = X509_chain_up_ref(certs)) != NULL; \
|
||||||
}
|
}
|
||||||
|
|||||||
@ -234,8 +234,8 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
err:
|
err:
|
||||||
OSSL_CMP_PKISI_free(si);
|
OSSL_CMP_PKISI_free(si);
|
||||||
X509_free(certOut);
|
X509_free(certOut);
|
||||||
sk_X509_pop_free(chainOut, X509_free);
|
OSSL_STACK_OF_X509_free(chainOut);
|
||||||
sk_X509_pop_free(caPubs, X509_free);
|
OSSL_STACK_OF_X509_free(caPubs);
|
||||||
return msg;
|
return msg;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -432,7 +432,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||||||
: "certs in trusted store",
|
: "certs in trusted store",
|
||||||
msg->extraCerts, ctx->untrusted,
|
msg->extraCerts, ctx->untrusted,
|
||||||
msg, mode_3gpp);
|
msg, mode_3gpp);
|
||||||
sk_X509_pop_free(trusted, X509_free);
|
OSSL_STACK_OF_X509_free(trusted);
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -634,7 +634,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
|
|||||||
if (cch->type == 0) {
|
if (cch->type == 0) {
|
||||||
if (!ossl_x509_add_cert_new(&certs, cch->d.certificate,
|
if (!ossl_x509_add_cert_new(&certs, cch->d.certificate,
|
||||||
X509_ADD_FLAG_UP_REF)) {
|
X509_ADD_FLAG_UP_REF)) {
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -478,10 +478,10 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
|
|||||||
err2:
|
err2:
|
||||||
if (si_chains != NULL) {
|
if (si_chains != NULL) {
|
||||||
for (i = 0; i < scount; ++i)
|
for (i = 0; i < scount; ++i)
|
||||||
sk_X509_pop_free(si_chains[i], X509_free);
|
OSSL_STACK_OF_X509_free(si_chains[i]);
|
||||||
OPENSSL_free(si_chains);
|
OPENSSL_free(si_chains);
|
||||||
}
|
}
|
||||||
sk_X509_pop_free(cms_certs, X509_free);
|
OSSL_STACK_OF_X509_free(cms_certs);
|
||||||
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@ -153,7 +153,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
|
|||||||
}
|
}
|
||||||
|
|
||||||
end:
|
end:
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
sk_X509_free(untrusted);
|
sk_X509_free(untrusted);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -125,7 +125,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
|||||||
*cert = NULL;
|
*cert = NULL;
|
||||||
}
|
}
|
||||||
X509_free(x);
|
X509_free(x);
|
||||||
sk_X509_pop_free(ocerts, X509_free);
|
OSSL_STACK_OF_X509_free(ocerts);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -603,7 +603,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
|
|||||||
}
|
}
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
X509_free(cert);
|
X509_free(cert);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
OSSL_STORE_INFO_free(osi_pkey);
|
OSSL_STORE_INFO_free(osi_pkey);
|
||||||
OSSL_STORE_INFO_free(osi_cert);
|
OSSL_STORE_INFO_free(osi_cert);
|
||||||
OSSL_STORE_INFO_free(osi_ca);
|
OSSL_STORE_INFO_free(osi_ca);
|
||||||
|
|||||||
@ -78,7 +78,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
|
|||||||
|
|
||||||
if (xi->x509 != NULL) {
|
if (xi->x509 != NULL) {
|
||||||
if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) {
|
if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) {
|
||||||
sk_X509_pop_free(othercerts, X509_free);
|
OSSL_STACK_OF_X509_free(othercerts);
|
||||||
othercerts = NULL;
|
othercerts = NULL;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
@ -233,7 +233,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
|
|||||||
end:
|
end:
|
||||||
ret = 1;
|
ret = 1;
|
||||||
err:
|
err:
|
||||||
sk_X509_pop_free(certs_obj, X509_free);
|
OSSL_STACK_OF_X509_free(certs_obj);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -147,7 +147,7 @@ void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
|
|||||||
OPENSSL_free(ctx->propq);
|
OPENSSL_free(ctx->propq);
|
||||||
X509_free(ctx->signer_cert);
|
X509_free(ctx->signer_cert);
|
||||||
EVP_PKEY_free(ctx->signer_key);
|
EVP_PKEY_free(ctx->signer_key);
|
||||||
sk_X509_pop_free(ctx->certs, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->certs);
|
||||||
sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
|
sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
|
||||||
ASN1_OBJECT_free(ctx->default_policy);
|
ASN1_OBJECT_free(ctx->default_policy);
|
||||||
sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */
|
sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */
|
||||||
@ -197,7 +197,7 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
|
|||||||
|
|
||||||
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
|
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
|
||||||
{
|
{
|
||||||
sk_X509_pop_free(ctx->certs, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->certs);
|
||||||
ctx->certs = NULL;
|
ctx->certs = NULL;
|
||||||
|
|
||||||
return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL;
|
return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL;
|
||||||
|
|||||||
@ -158,7 +158,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
|
|||||||
err:
|
err:
|
||||||
BIO_free_all(p7bio);
|
BIO_free_all(p7bio);
|
||||||
sk_X509_free(untrusted);
|
sk_X509_free(untrusted);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
sk_X509_free(signers);
|
sk_X509_free(signers);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@ -82,7 +82,7 @@ void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
X509_STORE_free(ctx->store);
|
X509_STORE_free(ctx->store);
|
||||||
sk_X509_pop_free(ctx->certs, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->certs);
|
||||||
|
|
||||||
ASN1_OBJECT_free(ctx->policy);
|
ASN1_OBJECT_free(ctx->policy);
|
||||||
|
|
||||||
|
|||||||
@ -17,6 +17,11 @@
|
|||||||
#include "crypto/asn1.h"
|
#include "crypto/asn1.h"
|
||||||
#include "crypto/x509.h"
|
#include "crypto/x509.h"
|
||||||
|
|
||||||
|
void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs)
|
||||||
|
{
|
||||||
|
sk_X509_pop_free(certs, X509_free);
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_STDIO
|
#ifndef OPENSSL_NO_STDIO
|
||||||
int X509_print_fp(FILE *fp, X509 *x)
|
int X509_print_fp(FILE *fp, X509 *x)
|
||||||
{
|
{
|
||||||
@ -456,7 +461,7 @@ static int print_store_certs(BIO *bio, X509_STORE *store)
|
|||||||
STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store);
|
STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store);
|
||||||
int ret = print_certs(bio, certs);
|
int ret = print_certs(bio, certs);
|
||||||
|
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
return ret;
|
return ret;
|
||||||
} else {
|
} else {
|
||||||
return BIO_printf(bio, " (no trusted store)\n") >= 0;
|
return BIO_printf(bio, " (no trusted store)\n") >= 0;
|
||||||
|
|||||||
@ -567,7 +567,7 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
|
|||||||
|
|
||||||
err:
|
err:
|
||||||
X509_STORE_unlock(store);
|
X509_STORE_unlock(store);
|
||||||
sk_X509_pop_free(sk, X509_free);
|
OSSL_STACK_OF_X509_free(sk);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -615,7 +615,7 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx,
|
|||||||
x = obj->data.x509;
|
x = obj->data.x509;
|
||||||
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
|
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
|
||||||
X509_STORE_unlock(store);
|
X509_STORE_unlock(store);
|
||||||
sk_X509_pop_free(sk, X509_free);
|
OSSL_STACK_OF_X509_free(sk);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -138,7 +138,7 @@ static int lookup_cert_match(X509 **result, X509_STORE_CTX *ctx, X509 *x)
|
|||||||
else
|
else
|
||||||
*result = xtmp;
|
*result = xtmp;
|
||||||
}
|
}
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -385,7 +385,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx,
|
|||||||
x = sk_X509_value(ctx->other_ctx, i);
|
x = sk_X509_value(ctx->other_ctx, i);
|
||||||
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
|
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
|
||||||
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
|
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
|
||||||
sk_X509_pop_free(sk, X509_free);
|
OSSL_STACK_OF_X509_free(sk);
|
||||||
ctx->error = X509_V_ERR_OUT_OF_MEM;
|
ctx->error = X509_V_ERR_OUT_OF_MEM;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@ -2484,7 +2484,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
|
|||||||
}
|
}
|
||||||
X509_policy_tree_free(ctx->tree);
|
X509_policy_tree_free(ctx->tree);
|
||||||
ctx->tree = NULL;
|
ctx->tree = NULL;
|
||||||
sk_X509_pop_free(ctx->chain, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->chain);
|
||||||
ctx->chain = NULL;
|
ctx->chain = NULL;
|
||||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
|
||||||
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
|
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
|
||||||
@ -2523,7 +2523,7 @@ void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
|
|||||||
|
|
||||||
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
|
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
|
||||||
{
|
{
|
||||||
sk_X509_pop_free(ctx->chain, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->chain);
|
||||||
ctx->chain = sk;
|
ctx->chain = sk;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -46,8 +46,8 @@ int main(int argc, char **argv)
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* sk_X509_pop_free will free up recipient STACK and its contents so set
|
* OSSL_STACK_OF_X509_free() free up recipient STACK and its contents
|
||||||
* rcert to NULL so it isn't freed up twice.
|
* so set rcert to NULL so it isn't freed up twice.
|
||||||
*/
|
*/
|
||||||
rcert = NULL;
|
rcert = NULL;
|
||||||
|
|
||||||
@ -88,7 +88,7 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
CMS_ContentInfo_free(cms);
|
CMS_ContentInfo_free(cms);
|
||||||
X509_free(rcert);
|
X509_free(rcert);
|
||||||
sk_X509_pop_free(recips, X509_free);
|
OSSL_STACK_OF_X509_free(recips);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free(out);
|
||||||
BIO_free(dout);
|
BIO_free(dout);
|
||||||
|
|||||||
@ -47,8 +47,8 @@ int main(int argc, char **argv)
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* sk_X509_pop_free will free up recipient STACK and its contents so set
|
* OSSL_STACK_OF_X509_free() will free up recipient STACK and its contents
|
||||||
* rcert to NULL so it isn't freed up twice.
|
* so set rcert to NULL so it isn't freed up twice.
|
||||||
*/
|
*/
|
||||||
rcert = NULL;
|
rcert = NULL;
|
||||||
|
|
||||||
@ -84,7 +84,7 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
CMS_ContentInfo_free(cms);
|
CMS_ContentInfo_free(cms);
|
||||||
X509_free(rcert);
|
X509_free(rcert);
|
||||||
sk_X509_pop_free(recips, X509_free);
|
OSSL_STACK_OF_X509_free(recips);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free(out);
|
||||||
BIO_free(tbio);
|
BIO_free(tbio);
|
||||||
|
|||||||
@ -105,7 +105,7 @@ int main(int argc, char **argv)
|
|||||||
OPENSSL_free(name);
|
OPENSSL_free(name);
|
||||||
X509_free(cert);
|
X509_free(cert);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
sk_X509_pop_free(ca, X509_free);
|
OSSL_STACK_OF_X509_free(ca);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -47,8 +47,8 @@ int main(int argc, char **argv)
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* sk_X509_pop_free will free up recipient STACK and its contents so set
|
* OSSL_STACK_OF_X509_free() will free up recipient STACK and its contents
|
||||||
* rcert to NULL so it isn't freed up twice.
|
* so set rcert to NULL so it isn't freed up twice.
|
||||||
*/
|
*/
|
||||||
rcert = NULL;
|
rcert = NULL;
|
||||||
|
|
||||||
@ -82,7 +82,7 @@ int main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
PKCS7_free(p7);
|
PKCS7_free(p7);
|
||||||
X509_free(rcert);
|
X509_free(rcert);
|
||||||
sk_X509_pop_free(recips, X509_free);
|
OSSL_STACK_OF_X509_free(recips);
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
BIO_free(out);
|
BIO_free(out);
|
||||||
BIO_free(tbio);
|
BIO_free(tbio);
|
||||||
|
|||||||
@ -72,7 +72,7 @@ verification is successful. Otherwise the returned chain may be incomplete or
|
|||||||
invalid. The returned chain persists after the I<ctx> structure is freed.
|
invalid. The returned chain persists after the I<ctx> structure is freed.
|
||||||
When it is no longer needed it should be free up using:
|
When it is no longer needed it should be free up using:
|
||||||
|
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
|
|
||||||
X509_verify_cert_error_string() returns a human readable error string for
|
X509_verify_cert_error_string() returns a human readable error string for
|
||||||
verification error I<n>.
|
verification error I<n>.
|
||||||
|
|||||||
@ -4,7 +4,9 @@
|
|||||||
|
|
||||||
X509_new, X509_new_ex,
|
X509_new, X509_new_ex,
|
||||||
X509_free, X509_up_ref,
|
X509_free, X509_up_ref,
|
||||||
X509_chain_up_ref - X509 certificate ASN1 allocation functions
|
X509_chain_up_ref,
|
||||||
|
OSSL_STACK_OF_X509_free
|
||||||
|
- X509 certificate ASN1 allocation and deallocation functions
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
@ -15,6 +17,7 @@ X509_chain_up_ref - X509 certificate ASN1 allocation functions
|
|||||||
void X509_free(X509 *a);
|
void X509_free(X509 *a);
|
||||||
int X509_up_ref(X509 *a);
|
int X509_up_ref(X509 *a);
|
||||||
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
|
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
|
||||||
|
void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
@ -40,6 +43,9 @@ X509_up_ref() increments the reference count of B<a>.
|
|||||||
X509_chain_up_ref() increases the reference count of all certificates in
|
X509_chain_up_ref() increases the reference count of all certificates in
|
||||||
chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL.
|
chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL.
|
||||||
|
|
||||||
|
OSSL_STACK_OF_X509_free() deallocates the given list of pointers to
|
||||||
|
certificates after calling X509_free() on all its elements.
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
The function X509_up_ref() if useful if a certificate structure is being
|
The function X509_up_ref() if useful if a certificate structure is being
|
||||||
@ -61,6 +67,8 @@ X509_up_ref() returns 1 for success and 0 for failure.
|
|||||||
|
|
||||||
X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.
|
X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.
|
||||||
|
|
||||||
|
OSSL_STACK_OF_X509_free() has no return value.
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<d2i_X509(3)>,
|
L<d2i_X509(3)>,
|
||||||
@ -82,7 +90,9 @@ L<X509_verify_cert(3)>
|
|||||||
|
|
||||||
=head1 HISTORY
|
=head1 HISTORY
|
||||||
|
|
||||||
The function X509_new_ex() was added in OpenSSL 3.0.
|
X509_new_ex() was added in OpenSSL 3.0.
|
||||||
|
|
||||||
|
OSSL_STACK_OF_X509_free() was added in OpenSSL 3.1.
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
|
|||||||
@ -375,7 +375,7 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
|
|||||||
}
|
}
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
X509_free(cert);
|
X509_free(cert);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
store_info_free(osi_pkey);
|
store_info_free(osi_pkey);
|
||||||
store_info_free(osi_cert);
|
store_info_free(osi_cert);
|
||||||
store_info_free(osi_ca);
|
store_info_free(osi_ca);
|
||||||
|
|||||||
@ -763,6 +763,7 @@ int X509_chain_check_suiteb(int *perror_depth,
|
|||||||
X509 *x, STACK_OF(X509) *chain,
|
X509 *x, STACK_OF(X509) *chain,
|
||||||
unsigned long flags);
|
unsigned long flags);
|
||||||
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
|
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
|
||||||
|
void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
|
||||||
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
|
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
|
||||||
|
|
||||||
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
|
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
|
||||||
|
|||||||
@ -3956,7 +3956,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
|
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
|
||||||
sk_X509_pop_free(ctx->extra_certs, X509_free);
|
OSSL_STACK_OF_X509_free(ctx->extra_certs);
|
||||||
ctx->extra_certs = NULL;
|
ctx->extra_certs = NULL;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
@ -212,7 +212,7 @@ void ssl_cert_clear_certs(CERT *c)
|
|||||||
cpk->x509 = NULL;
|
cpk->x509 = NULL;
|
||||||
EVP_PKEY_free(cpk->privatekey);
|
EVP_PKEY_free(cpk->privatekey);
|
||||||
cpk->privatekey = NULL;
|
cpk->privatekey = NULL;
|
||||||
sk_X509_pop_free(cpk->chain, X509_free);
|
OSSL_STACK_OF_X509_free(cpk->chain);
|
||||||
cpk->chain = NULL;
|
cpk->chain = NULL;
|
||||||
OPENSSL_free(cpk->serverinfo);
|
OPENSSL_free(cpk->serverinfo);
|
||||||
cpk->serverinfo = NULL;
|
cpk->serverinfo = NULL;
|
||||||
@ -264,7 +264,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
sk_X509_pop_free(cpk->chain, X509_free);
|
OSSL_STACK_OF_X509_free(cpk->chain);
|
||||||
cpk->chain = chain;
|
cpk->chain = chain;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -278,7 +278,7 @@ int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
|
|||||||
if (!dchain)
|
if (!dchain)
|
||||||
return 0;
|
return 0;
|
||||||
if (!ssl_cert_set0_chain(s, ctx, dchain)) {
|
if (!ssl_cert_set0_chain(s, ctx, dchain)) {
|
||||||
sk_X509_pop_free(dchain, X509_free);
|
OSSL_STACK_OF_X509_free(dchain);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@ -440,7 +440,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
|
|||||||
}
|
}
|
||||||
|
|
||||||
s->verify_result = X509_STORE_CTX_get_error(ctx);
|
s->verify_result = X509_STORE_CTX_get_error(ctx);
|
||||||
sk_X509_pop_free(s->verified_chain, X509_free);
|
OSSL_STACK_OF_X509_free(s->verified_chain);
|
||||||
s->verified_chain = NULL;
|
s->verified_chain = NULL;
|
||||||
if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
|
if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
|
||||||
s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
|
s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
|
||||||
@ -940,12 +940,12 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
|
|||||||
rv = ssl_security_cert(s, ctx, x, 0, 0);
|
rv = ssl_security_cert(s, ctx, x, 0, 0);
|
||||||
if (rv != 1) {
|
if (rv != 1) {
|
||||||
ERR_raise(ERR_LIB_SSL, rv);
|
ERR_raise(ERR_LIB_SSL, rv);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
rv = 0;
|
rv = 0;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
sk_X509_pop_free(cpk->chain, X509_free);
|
OSSL_STACK_OF_X509_free(cpk->chain);
|
||||||
cpk->chain = chain;
|
cpk->chain = chain;
|
||||||
if (rv == 0)
|
if (rv == 0)
|
||||||
rv = 1;
|
rv = 1;
|
||||||
|
|||||||
@ -172,7 +172,7 @@ static void dane_final(SSL_DANE *dane)
|
|||||||
sk_danetls_record_pop_free(dane->trecs, tlsa_free);
|
sk_danetls_record_pop_free(dane->trecs, tlsa_free);
|
||||||
dane->trecs = NULL;
|
dane->trecs = NULL;
|
||||||
|
|
||||||
sk_X509_pop_free(dane->certs, X509_free);
|
OSSL_STACK_OF_X509_free(dane->certs);
|
||||||
dane->certs = NULL;
|
dane->certs = NULL;
|
||||||
|
|
||||||
X509_free(dane->mcert);
|
X509_free(dane->mcert);
|
||||||
@ -1243,7 +1243,7 @@ void SSL_free(SSL *s)
|
|||||||
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
|
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
|
||||||
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
|
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
|
||||||
|
|
||||||
sk_X509_pop_free(s->verified_chain, X509_free);
|
OSSL_STACK_OF_X509_free(s->verified_chain);
|
||||||
|
|
||||||
if (s->method != NULL)
|
if (s->method != NULL)
|
||||||
s->method->ssl_free(s);
|
s->method->ssl_free(s);
|
||||||
@ -3430,7 +3430,7 @@ void SSL_CTX_free(SSL_CTX *a)
|
|||||||
ssl_cert_free(a->cert);
|
ssl_cert_free(a->cert);
|
||||||
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
|
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
|
||||||
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
|
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
|
||||||
sk_X509_pop_free(a->extra_certs, X509_free);
|
OSSL_STACK_OF_X509_free(a->extra_certs);
|
||||||
a->comp_methods = NULL;
|
a->comp_methods = NULL;
|
||||||
#ifndef OPENSSL_NO_SRTP
|
#ifndef OPENSSL_NO_SRTP
|
||||||
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
|
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
|
||||||
|
|||||||
@ -955,7 +955,7 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sk_X509_pop_free(c->pkeys[i].chain, X509_free);
|
OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
|
||||||
c->pkeys[i].chain = dup_chain;
|
c->pkeys[i].chain = dup_chain;
|
||||||
|
|
||||||
X509_free(c->pkeys[i].x509);
|
X509_free(c->pkeys[i].x509);
|
||||||
|
|||||||
@ -828,7 +828,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
|
|||||||
OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
|
OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
|
||||||
OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
|
OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
|
||||||
X509_free(ss->peer);
|
X509_free(ss->peer);
|
||||||
sk_X509_pop_free(ss->peer_chain, X509_free);
|
OSSL_STACK_OF_X509_free(ss->peer_chain);
|
||||||
OPENSSL_free(ss->ext.hostname);
|
OPENSSL_free(ss->ext.hostname);
|
||||||
OPENSSL_free(ss->ext.tick);
|
OPENSSL_free(ss->ext.tick);
|
||||||
#ifndef OPENSSL_NO_PSK
|
#ifndef OPENSSL_NO_PSK
|
||||||
|
|||||||
@ -1841,7 +1841,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
|
|||||||
|
|
||||||
err:
|
err:
|
||||||
X509_free(x);
|
X509_free(x);
|
||||||
sk_X509_pop_free(s->session->peer_chain, X509_free);
|
OSSL_STACK_OF_X509_free(s->session->peer_chain);
|
||||||
s->session->peer_chain = NULL;
|
s->session->peer_chain = NULL;
|
||||||
return MSG_PROCESS_ERROR;
|
return MSG_PROCESS_ERROR;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3554,7 +3554,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
|
|||||||
s->session->peer = sk_X509_shift(sk);
|
s->session->peer = sk_X509_shift(sk);
|
||||||
s->session->verify_result = s->verify_result;
|
s->session->verify_result = s->verify_result;
|
||||||
|
|
||||||
sk_X509_pop_free(s->session->peer_chain, X509_free);
|
OSSL_STACK_OF_X509_free(s->session->peer_chain);
|
||||||
s->session->peer_chain = sk;
|
s->session->peer_chain = sk;
|
||||||
sk = NULL;
|
sk = NULL;
|
||||||
|
|
||||||
@ -3589,7 +3589,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
|
|||||||
|
|
||||||
err:
|
err:
|
||||||
X509_free(x);
|
X509_free(x);
|
||||||
sk_X509_pop_free(sk, X509_free);
|
OSSL_STACK_OF_X509_free(sk);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -116,7 +116,7 @@ static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture)
|
|||||||
STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx);
|
STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx);
|
||||||
int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0);
|
int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0);
|
||||||
|
|
||||||
sk_X509_pop_free(caPubs, X509_free);
|
OSSL_STACK_OF_X509_free(caPubs);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
@ -59,7 +59,7 @@ static STACK_OF(X509) *sk_X509_new_1(void)
|
|||||||
|
|
||||||
static void sk_X509_pop_X509_free(STACK_OF(X509) *sk)
|
static void sk_X509_pop_X509_free(STACK_OF(X509) *sk)
|
||||||
{
|
{
|
||||||
sk_X509_pop_free(sk, X509_free);
|
OSSL_STACK_OF_X509_free(sk);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture)
|
static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture)
|
||||||
|
|||||||
@ -340,7 +340,7 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
|
|||||||
if (TEST_ptr(chain)) {
|
if (TEST_ptr(chain)) {
|
||||||
/* Check whether chain built is equal to the expected one */
|
/* Check whether chain built is equal to the expected one */
|
||||||
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
|
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
}
|
}
|
||||||
if (!ret)
|
if (!ret)
|
||||||
return 0;
|
return 0;
|
||||||
@ -355,7 +355,7 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
|
|||||||
if (ret && chain != NULL) {
|
if (ret && chain != NULL) {
|
||||||
/* Check whether chain built is equal to the expected one */
|
/* Check whether chain built is equal to the expected one */
|
||||||
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
|
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
X509_STORE_free(store);
|
X509_STORE_free(store);
|
||||||
@ -475,7 +475,7 @@ static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
|
|||||||
res = 1;
|
res = 1;
|
||||||
err:
|
err:
|
||||||
X509_STORE_free(store);
|
X509_STORE_free(store);
|
||||||
sk_X509_pop_free(sk, X509_free);
|
OSSL_STACK_OF_X509_free(sk);
|
||||||
return res;
|
return res;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -264,7 +264,7 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
|
|||||||
status = X509_verify_cert(ctx) == 1 ? X509_V_OK
|
status = X509_verify_cert(ctx) == 1 ? X509_V_OK
|
||||||
: X509_STORE_CTX_get_error(ctx);
|
: X509_STORE_CTX_get_error(ctx);
|
||||||
err:
|
err:
|
||||||
sk_X509_pop_free(roots, X509_free);
|
OSSL_STACK_OF_X509_free(roots);
|
||||||
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
||||||
X509_VERIFY_PARAM_free(param);
|
X509_VERIFY_PARAM_free(param);
|
||||||
X509_STORE_CTX_free(ctx);
|
X509_STORE_CTX_free(ctx);
|
||||||
|
|||||||
@ -143,7 +143,7 @@ err:
|
|||||||
OPENSSL_free(name);
|
OPENSSL_free(name);
|
||||||
OPENSSL_free(header);
|
OPENSSL_free(header);
|
||||||
OPENSSL_free(data);
|
OPENSSL_free(data);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -344,7 +344,7 @@ static int test_tlsafile(SSL_CTX *ctx, const char *base_name,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ok = verify_chain(ssl, chain);
|
ok = verify_chain(ssl, chain);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
err = SSL_get_verify_result(ssl);
|
err = SSL_get_verify_result(ssl);
|
||||||
/*
|
/*
|
||||||
* Peek under the hood, normally TLSA match data is hidden when
|
* Peek under the hood, normally TLSA match data is hidden when
|
||||||
|
|||||||
@ -8038,7 +8038,7 @@ static int cert_cb(SSL *s, void *arg)
|
|||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
X509_free(x509);
|
X509_free(x509);
|
||||||
X509_free(rootx);
|
X509_free(rootx);
|
||||||
sk_X509_pop_free(chain, X509_free);
|
OSSL_STACK_OF_X509_free(chain);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -49,7 +49,7 @@ STACK_OF(X509) *load_certs_pem(const char *file)
|
|||||||
do {
|
do {
|
||||||
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
|
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
|
||||||
if (x != NULL && !sk_X509_push(certs, x)) {
|
if (x != NULL && !sk_X509_push(certs, x)) {
|
||||||
sk_X509_pop_free(certs, X509_free);
|
OSSL_STACK_OF_X509_free(certs);
|
||||||
BIO_free(bio);
|
BIO_free(bio);
|
||||||
return NULL;
|
return NULL;
|
||||||
} else if (x == NULL) {
|
} else if (x == NULL) {
|
||||||
|
|||||||
@ -94,7 +94,7 @@ static int test_alt_chains_cert_forgery(void)
|
|||||||
err:
|
err:
|
||||||
X509_STORE_CTX_free(sctx);
|
X509_STORE_CTX_free(sctx);
|
||||||
X509_free(x);
|
X509_free(x);
|
||||||
sk_X509_pop_free(untrusted, X509_free);
|
OSSL_STACK_OF_X509_free(untrusted);
|
||||||
X509_STORE_free(store);
|
X509_STORE_free(store);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5425,3 +5425,4 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION:
|
|||||||
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
|
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
|
||||||
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
|
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
|
||||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
||||||
|
OSSL_STACK_OF_X509_free ? 3_1_0 EXIST::FUNCTION:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user