[openssl-commits] [openssl] master update
Viktor Dukhovni
viktor at openssl.org
Thu Jan 28 03:16:25 UTC 2016
The branch master has been updated
via 109f8b5dec6aa3f46c1df79c8d5f8e8aba10474b (commit)
from b4f35e5e07afa2df7125b814b45242648b33e39e (commit)
- Log -----------------------------------------------------------------
commit 109f8b5dec6aa3f46c1df79c8d5f8e8aba10474b
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: Wed Jan 27 21:54:09 2016 -0500
Comment side-effect only calls of X509_check_purpose
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_sd.c | 1 +
crypto/ts/ts_rsp_sign.c | 1 +
crypto/x509/x509_trs.c | 1 +
crypto/x509v3/pcy_tree.c | 1 -
crypto/x509v3/v3_purp.c | 5 +++++
5 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 444af0b..288db48 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -280,6 +280,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
si = M_ASN1_new_of(CMS_SignerInfo);
if (!si)
goto merr;
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(signer, -1, -1);
CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index e85c4b4..0ad6f10 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -793,6 +793,7 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed)
GENERAL_NAME *name = NULL;
unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(cert, -1, 0);
if ((cid = ESS_CERT_ID_new()) == NULL)
goto err;
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 58e7d54..72c8110 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -283,6 +283,7 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
{
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(x, -1, 0);
if (x->ex_flags & EXFLAG_SS)
return X509_TRUST_TRUSTED;
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 6cf6f4e..850d488 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -186,7 +186,6 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
uint32_t ex_flags;
x = sk_X509_value(certs, i);
ex_flags = X509_get_extension_flags(x);
- X509_check_purpose(x, -1, -1);
cache = policy_cache_set(x);
/* If cache NULL something bad happened: return immediately */
if (cache == NULL)
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 2d5a29f..e5231b3 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -132,6 +132,7 @@ int X509_check_purpose(X509 *x, int id, int ca)
x509v3_cache_extensions(x);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
+ /* Return if side-effect only call */
if (id == -1)
return 1;
idx = X509_PURPOSE_get_by_id(id);
@@ -850,12 +851,14 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
uint32_t X509_get_extension_flags(X509 *x)
{
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(x, -1, -1);
return x->ex_flags;
}
uint32_t X509_get_key_usage(X509 *x)
{
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(x, -1, -1);
if (x->ex_flags & EXFLAG_KUSAGE)
return x->ex_kusage;
@@ -864,6 +867,7 @@ uint32_t X509_get_key_usage(X509 *x)
uint32_t X509_get_extended_key_usage(X509 *x)
{
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(x, -1, -1);
if (x->ex_flags & EXFLAG_XKUSAGE)
return x->ex_xkusage;
@@ -872,6 +876,7 @@ uint32_t X509_get_extended_key_usage(X509 *x)
const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
{
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(x, -1, -1);
return x->skid;
}
More information about the openssl-commits
mailing list