fixup! x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_C…

…TX_get1_issuer(), etc.
siemens · Nov 15, 2024 · 205564f · 205564f
1 parent 1ebcc6c
commit 205564f
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 24 deletions.
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
@@ -651,12 +651,10 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
 
 /*-
  * Collect from |ctx->store| all certs with subject matching |nm|.
- * Caller must free on ret == 1 the resulting list |*certs|.
- * Caller must also free its entries if up_refs != 0.
  * Returns NULL on internal/fatal error, empty stack if not found.
  */
-STACK_OF(X509) *ossl_x509_store_ctx_get_certs(X509_STORE_CTX *ctx,
-                                              const X509_NAME *nm, int up_refs)
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx,
+                                          const X509_NAME *nm)
 {
     int i, idx, cnt;
     STACK_OF(X509) *sk = NULL;
@@ -693,12 +691,9 @@ STACK_OF(X509) *ossl_x509_store_ctx_get_certs(X509_STORE_CTX *ctx,
     for (i = 0; i < cnt; i++, idx++) {
         obj = sk_X509_OBJECT_value(store->objs, idx);
         x = obj->data.x509;
-        if (!X509_add_cert(sk, x, up_refs ? X509_ADD_FLAG_UP_REF : 0)) {
+        if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
             X509_STORE_unlock(store);
-            if (up_refs)
-                OSSL_STACK_OF_X509_free(sk);
-            else
-                sk_X509_free(sk);
+            OSSL_STACK_OF_X509_free(sk);
             return NULL;
         }
     }
@@ -707,13 +702,6 @@ STACK_OF(X509) *ossl_x509_store_ctx_get_certs(X509_STORE_CTX *ctx,
     return sk;
 }
 
-/* Returns NULL on internal/fatal error, empty stack if not found */
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx,
-                                          const X509_NAME *nm)
-{
-    return ossl_x509_store_ctx_get_certs(ctx, nm, 1 /* up_refs */);
-}
-
 /* Returns NULL on internal/fatal error, empty stack if not found */
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *ctx,
                                              const X509_NAME *nm)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
@@ -423,16 +423,16 @@ static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int trusted,
  */
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
-    const X509_NAME *xn = X509_get_issuer_name(x);
-    STACK_OF(X509) *certs = ossl_x509_store_ctx_get_certs(ctx, xn, 0);
+    STACK_OF(X509) *certs = X509_STORE_CTX_get1_certs(ctx, X509_get_issuer_name(x));
+    int ret = 0;
 
     if (certs == NULL)
         return -1;
     *issuer = get0_best_issuer_sk(ctx, 1 /* trusted */, 0, certs, x);
-    sk_X509_free(certs);
-    if (*issuer == NULL)
-        return 0;
-    return X509_up_ref(*issuer) ? 1 : -1;
+    if (*issuer != NULL)
+        ret = X509_up_ref(*issuer) ? 1 : -1;
+    OSSL_STACK_OF_X509_free(certs);
+    return ret;
 }
 
 /* Check that the given certificate |x| is issued by the certificate |issuer| */

diff --git a/include/crypto/x509.h b/include/crypto/x509.h
@@ -312,8 +312,6 @@ int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc);
 int ossl_x509_set1_time(int *modified, ASN1_TIME **ptm, const ASN1_TIME *tm);
 int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
 int ossl_x509v3_cache_extensions(X509 *x);
-STACK_OF(X509) *ossl_x509_store_ctx_get_certs(X509_STORE_CTX *ctx,
-                                              const X509_NAME *nm, int up_refs);
 int ossl_x509_init_sig_info(X509 *x);
 
 int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);