[openssl] master update
dev at ddvo.net
dev at ddvo.net
Tue Dec 21 11:13:01 UTC 2021
The branch master has been updated
via 79b2a2f2eedb9d6b24a3f6748332328cf54568fb (commit)
from 0d4c52320d245be80bd69346fdda4b12b4961eae (commit)
- Log -----------------------------------------------------------------
commit 79b2a2f2eedb9d6b24a3f6748332328cf54568fb
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Sat Dec 18 16:15:49 2021 +0100
add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 2 +-
apps/cmp.c | 8 ++++----
apps/cms.c | 6 +++---
apps/lib/apps.c | 12 ++++++------
apps/lib/cmp_mock_srv.c | 12 ++++++------
apps/lib/s_cb.c | 2 +-
apps/ocsp.c | 8 ++++----
apps/pkcs12.c | 6 +++---
apps/s_client.c | 2 +-
apps/s_server.c | 4 ++--
apps/smime.c | 4 ++--
apps/verify.c | 6 +++---
crypto/cmp/cmp_client.c | 2 +-
crypto/cmp/cmp_ctx.c | 21 +++++++++------------
crypto/cmp/cmp_server.c | 4 ++--
crypto/cmp/cmp_vfy.c | 2 +-
crypto/cms/cms_lib.c | 2 +-
crypto/cms/cms_smime.c | 4 ++--
crypto/ocsp/ocsp_vfy.c | 2 +-
crypto/pkcs12/p12_kiss.c | 2 +-
crypto/store/store_result.c | 2 +-
crypto/ts/ts_conf.c | 4 ++--
crypto/ts/ts_rsp_sign.c | 4 ++--
crypto/ts/ts_rsp_verify.c | 2 +-
crypto/ts/ts_verify_ctx.c | 2 +-
crypto/x509/t_x509.c | 7 ++++++-
crypto/x509/x509_lu.c | 4 ++--
crypto/x509/x509_vfy.c | 8 ++++----
demos/cms/cms_denc.c | 6 +++---
demos/cms/cms_enc.c | 6 +++---
demos/pkcs12/pkread.c | 2 +-
demos/smime/smenc.c | 6 +++---
doc/man3/X509_STORE_CTX_get_error.pod | 2 +-
doc/man3/X509_new.pod | 14 ++++++++++++--
engines/e_loader_attic.c | 2 +-
include/openssl/x509.h.in | 1 +
ssl/s3_lib.c | 2 +-
ssl/ssl_cert.c | 12 ++++++------
ssl/ssl_lib.c | 6 +++---
ssl/ssl_rsa.c | 2 +-
ssl/ssl_sess.c | 2 +-
ssl/statem/statem_clnt.c | 2 +-
ssl/statem/statem_srvr.c | 4 ++--
test/cmp_client_test.c | 2 +-
test/cmp_ctx_test.c | 2 +-
test/cmp_protect_test.c | 6 +++---
test/crltest.c | 2 +-
test/danetest.c | 4 ++--
test/sslapitest.c | 2 +-
test/testutil/load.c | 2 +-
test/verify_extra_test.c | 2 +-
util/libcrypto.num | 1 +
52 files changed, 125 insertions(+), 111 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 1e77bf50c5..a9d6c5c1a6 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1325,7 +1325,7 @@ end_of_options:
BIO_free_all(Sout);
BIO_free_all(out);
BIO_free_all(in);
- sk_X509_pop_free(cert_sk, X509_free);
+ OSSL_STACK_OF_X509_free(cert_sk);
cleanse(passin);
if (free_passin)
diff --git a/apps/cmp.c b/apps/cmp.c
index f994b83b18..0f810129b3 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -933,7 +933,7 @@ static int setup_certs(char *files, const char *desc, void *ctx,
if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL)
return 0;
ok = (*set1_fn)(ctx, certs);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
return ok;
}
@@ -1262,7 +1262,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) {
CMP_err1("unable to use client TLS certificate file '%s'",
opt_tls_cert);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
goto err;
}
for (i = 0; i < sk_X509_num(untrusted); i++) {
@@ -1441,7 +1441,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs);
}
X509_STORE_free(own_trusted);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
if (!ok)
return 0;
} else if (opt_own_trusted != NULL) {
@@ -2020,7 +2020,7 @@ static int save_free_certs(OSSL_CMP_CTX *ctx,
end:
BIO_free(bio);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
return n;
}
diff --git a/apps/cms.c b/apps/cms.c
index 18671fdc30..b49d1e3a68 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -909,7 +909,7 @@ int cms_main(int argc, char **argv)
ret = 5;
goto end;
}
- sk_X509_pop_free(allcerts, X509_free);
+ OSSL_STACK_OF_X509_free(allcerts);
}
}
@@ -1237,8 +1237,8 @@ int cms_main(int argc, char **argv)
end:
if (ret)
ERR_print_errors(bio_err);
- sk_X509_pop_free(encerts, X509_free);
- sk_X509_pop_free(other, X509_free);
+ OSSL_STACK_OF_X509_free(encerts);
+ OSSL_STACK_OF_X509_free(other);
X509_VERIFY_PARAM_free(vpm);
sk_OPENSSL_STRING_free(sksigners);
sk_OPENSSL_STRING_free(skkeys);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 6f697ab481..88c4f7b97a 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -696,7 +696,7 @@ int load_cert_certs(const char *uri,
warn_cert(uri, *pcert, 0, vpm);
warn_certs(uri, *pcerts, 1, vpm);
} else {
- sk_X509_pop_free(*pcerts, X509_free);
+ OSSL_STACK_OF_X509_free(*pcerts);
*pcerts = NULL;
}
return ret;
@@ -721,7 +721,7 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
if (!X509_add_certs(result, certs,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto oom;
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
certs = NULL;
files = next;
}
@@ -730,8 +730,8 @@ STACK_OF(X509) *load_certs_multifile(char *files, const char *pass,
oom:
BIO_printf(bio_err, "out of memory\n");
err:
- sk_X509_pop_free(certs, X509_free);
- sk_X509_pop_free(result, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
+ OSSL_STACK_OF_X509_free(result);
return NULL;
}
@@ -772,7 +772,7 @@ X509_STORE *load_certstore(char *input, const char *pass, const char *desc,
return NULL;
}
ok = (store = sk_X509_to_store(store, certs)) != NULL;
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
certs = NULL;
if (!ok)
return NULL;
@@ -794,7 +794,7 @@ int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs,
NULL, NULL, certs, NULL, NULL);
if (!ret && was_NULL) {
- sk_X509_pop_free(*certs, X509_free);
+ OSSL_STACK_OF_X509_free(*certs);
*certs = NULL;
}
return ret;
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 419b74ce6a..5cd2b23737 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -38,8 +38,8 @@ static void mock_srv_ctx_free(mock_srv_ctx *ctx)
OSSL_CMP_PKISI_free(ctx->statusOut);
X509_free(ctx->certOut);
- sk_X509_pop_free(ctx->chainOut, X509_free);
- sk_X509_pop_free(ctx->caPubsOut, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chainOut);
+ OSSL_STACK_OF_X509_free(ctx->caPubsOut);
OSSL_CMP_MSG_free(ctx->certReq);
OPENSSL_free(ctx);
}
@@ -91,7 +91,7 @@ int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
}
if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL)
return 0;
- sk_X509_pop_free(ctx->chainOut, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chainOut);
ctx->chainOut = chain_copy;
return 1;
}
@@ -108,7 +108,7 @@ int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
}
if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL)
return 0;
- sk_X509_pop_free(ctx->caPubsOut, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->caPubsOut);
ctx->caPubsOut = caPubs_copy;
return 1;
}
@@ -252,9 +252,9 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
err:
X509_free(*certOut);
*certOut = NULL;
- sk_X509_pop_free(*chainOut, X509_free);
+ OSSL_STACK_OF_X509_free(*chainOut);
*chainOut = NULL;
- sk_X509_pop_free(*caPubs, X509_free);
+ OSSL_STACK_OF_X509_free(*caPubs);
*caPubs = NULL;
return NULL;
}
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 50bf00f671..77ddbc9d7b 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -992,7 +992,7 @@ void ssl_excert_free(SSL_EXCERT *exc)
while (exc) {
X509_free(exc->cert);
EVP_PKEY_free(exc->key);
- sk_X509_pop_free(exc->chain, X509_free);
+ OSSL_STACK_OF_X509_free(exc->chain);
curr = exc;
exc = exc->next;
OPENSSL_free(curr);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index b0d030a940..d8e45ccd43 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -855,9 +855,9 @@ redo_accept:
EVP_MD_free(rsign_md);
EVP_MD_free(resp_certid_md);
X509_free(cert);
- sk_X509_pop_free(issuers, X509_free);
+ OSSL_STACK_OF_X509_free(issuers);
X509_free(rsigner);
- sk_X509_pop_free(rca_cert, X509_free);
+ OSSL_STACK_OF_X509_free(rca_cert);
free_index(rdb);
BIO_free_all(cbio);
BIO_free_all(acbio);
@@ -867,8 +867,8 @@ redo_accept:
OCSP_BASICRESP_free(bs);
sk_OPENSSL_STRING_free(reqnames);
sk_OCSP_CERTID_free(ids);
- sk_X509_pop_free(sign_other, X509_free);
- sk_X509_pop_free(verify_other, X509_free);
+ OSSL_STACK_OF_X509_free(sign_other);
+ OSSL_STACK_OF_X509_free(verify_other);
sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
OPENSSL_free(thost);
OPENSSL_free(tport);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 65dcdad38a..44b53b0b54 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -610,7 +610,7 @@ int pkcs12_main(int argc, char **argv)
/* Add the remaining certs (except for duplicates) */
add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
| X509_ADD_FLAG_NO_DUP);
- sk_X509_pop_free(chain2, X509_free);
+ OSSL_STACK_OF_X509_free(chain2);
if (!add_certs)
goto export_end;
} else {
@@ -697,8 +697,8 @@ int pkcs12_main(int argc, char **argv)
EVP_PKEY_free(key);
EVP_MD_free(macmd);
- sk_X509_pop_free(certs, X509_free);
- sk_X509_pop_free(untrusted_certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
+ OSSL_STACK_OF_X509_free(untrusted_certs);
X509_free(ee_cert);
ERR_print_errors(bio_err);
diff --git a/apps/s_client.c b/apps/s_client.c
index b905fbd3ec..cdff15a1b6 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3048,7 +3048,7 @@ int s_client_main(int argc, char **argv)
X509_free(cert);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
EVP_PKEY_free(key);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
OPENSSL_free(pass);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
diff --git a/apps/s_server.c b/apps/s_server.c
index e0a52287ee..9f05cb120a 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2240,8 +2240,8 @@ int s_server_main(int argc, char *argv[])
X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
- sk_X509_pop_free(s_chain, X509_free);
- sk_X509_pop_free(s_dchain, X509_free);
+ OSSL_STACK_OF_X509_free(s_chain);
+ OSSL_STACK_OF_X509_free(s_dchain);
OPENSSL_free(pass);
OPENSSL_free(dpass);
OPENSSL_free(host);
diff --git a/apps/smime.c b/apps/smime.c
index 6cf6ab3a45..9677f056ed 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -651,8 +651,8 @@ int smime_main(int argc, char **argv)
end:
if (ret)
ERR_print_errors(bio_err);
- sk_X509_pop_free(encerts, X509_free);
- sk_X509_pop_free(other, X509_free);
+ OSSL_STACK_OF_X509_free(encerts);
+ OSSL_STACK_OF_X509_free(other);
X509_VERIFY_PARAM_free(vpm);
sk_OPENSSL_STRING_free(sksigners);
sk_OPENSSL_STRING_free(skkeys);
diff --git a/apps/verify.c b/apps/verify.c
index acf80c65c4..24bbebf3f3 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -234,8 +234,8 @@ int verify_main(int argc, char **argv)
end:
X509_VERIFY_PARAM_free(vpm);
X509_STORE_free(store);
- sk_X509_pop_free(untrusted, X509_free);
- sk_X509_pop_free(trusted, X509_free);
+ OSSL_STACK_OF_X509_free(untrusted);
+ OSSL_STACK_OF_X509_free(trusted);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_OPENSSL_STRING_free(vfyopts);
release_engine(e);
@@ -307,7 +307,7 @@ static int check(X509_STORE *ctx, const char *file,
BIO_printf(bio_out, " (untrusted)");
BIO_printf(bio_out, "\n");
}
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
} else {
BIO_printf(bio_err,
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index c7674ce088..4a7a87ff74 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -514,7 +514,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
"success building approximate chain for newly enrolled cert");
}
(void)ossl_cmp_ctx_set1_newChain(ctx, chain);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
return fail_info;
}
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 8b53a8a237..75418a60b8 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -61,9 +61,6 @@ DEFINE_OSSL_set0_NAME(OSSL_CMP_CTX, trustedStore, trusted, X509_STORE)
/* Get current list of non-trusted intermediate certs */
DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509))
-#define X509_STACK_free(certs) \
- sk_X509_pop_free(certs, X509_free)
-
/*
* Set untrusted certificates for path construction in authentication of
* the CMP server and potentially others (TLS server, newly enrolled cert).
@@ -79,11 +76,11 @@ int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
if (!ossl_x509_add_certs_new(&untrusted, certs,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto err;
- X509_STACK_free(ctx->untrusted);
+ OSSL_STACK_OF_X509_free(ctx->untrusted);
ctx->untrusted = untrusted;
return 1;
err:
- X509_STACK_free(untrusted);
+ OSSL_STACK_OF_X509_free(untrusted);
return 0;
}
@@ -202,10 +199,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
X509_free(ctx->validatedSrvCert);
X509_NAME_free(ctx->expected_sender);
X509_STORE_free(ctx->trusted);
- X509_STACK_free(ctx->untrusted);
+ OSSL_STACK_OF_X509_free(ctx->untrusted);
X509_free(ctx->cert);
- X509_STACK_free(ctx->chain);
+ OSSL_STACK_OF_X509_free(ctx->chain);
EVP_PKEY_free(ctx->pkey);
ASN1_OCTET_STRING_free(ctx->referenceValue);
if (ctx->secretValue != NULL)
@@ -219,7 +216,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
ASN1_OCTET_STRING_free(ctx->senderNonce);
ASN1_OCTET_STRING_free(ctx->recipNonce);
OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs);
- X509_STACK_free(ctx->extraCertsOut);
+ OSSL_STACK_OF_X509_free(ctx->extraCertsOut);
EVP_PKEY_free(ctx->newPkey);
X509_NAME_free(ctx->issuer);
@@ -234,9 +231,9 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
OSSL_CMP_PKIFREETEXT_free(ctx->statusString);
X509_free(ctx->newCert);
- X509_STACK_free(ctx->newChain);
- X509_STACK_free(ctx->caPubs);
- X509_STACK_free(ctx->extraCertsIn);
+ OSSL_STACK_OF_X509_free(ctx->newChain);
+ OSSL_STACK_OF_X509_free(ctx->caPubs);
+ OSSL_STACK_OF_X509_free(ctx->extraCertsIn);
OPENSSL_free(ctx);
}
@@ -469,7 +466,7 @@ int PREFIX##_set1_##FIELD(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) \
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
return 0; \
} \
- X509_STACK_free(ctx->FIELD); \
+ OSSL_STACK_OF_X509_free(ctx->FIELD); \
ctx->FIELD = NULL; \
return certs == NULL || (ctx->FIELD = X509_chain_up_ref(certs)) != NULL; \
}
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index c32737d0e3..bf5c5fdb57 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -234,8 +234,8 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
err:
OSSL_CMP_PKISI_free(si);
X509_free(certOut);
- sk_X509_pop_free(chainOut, X509_free);
- sk_X509_pop_free(caPubs, X509_free);
+ OSSL_STACK_OF_X509_free(chainOut);
+ OSSL_STACK_OF_X509_free(caPubs);
return msg;
}
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index bea7e506b6..e5ca1083d7 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -432,7 +432,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
: "certs in trusted store",
msg->extraCerts, ctx->untrusted,
msg, mode_3gpp);
- sk_X509_pop_free(trusted, X509_free);
+ OSSL_STACK_OF_X509_free(trusted);
}
return ret;
}
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 4ad9302910..0b25bc234e 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -634,7 +634,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
if (cch->type == 0) {
if (!ossl_x509_add_cert_new(&certs, cch->d.certificate,
X509_ADD_FLAG_UP_REF)) {
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
return NULL;
}
}
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 4e80a13b4d..b82eee32cb 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -478,10 +478,10 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
err2:
if (si_chains != NULL) {
for (i = 0; i < scount; ++i)
- sk_X509_pop_free(si_chains[i], X509_free);
+ OSSL_STACK_OF_X509_free(si_chains[i]);
OPENSSL_free(si_chains);
}
- sk_X509_pop_free(cms_certs, X509_free);
+ OSSL_STACK_OF_X509_free(cms_certs);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 7a4a45d537..ceefafc2a6 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -153,7 +153,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
end:
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
sk_X509_free(untrusted);
return ret;
}
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 229b34cf64..ed1105cee4 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -125,7 +125,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
*cert = NULL;
}
X509_free(x);
- sk_X509_pop_free(ocerts, X509_free);
+ OSSL_STACK_OF_X509_free(ocerts);
return 0;
}
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 3a0dc9dfba..3f21c904f4 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -603,7 +603,7 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
}
EVP_PKEY_free(pkey);
X509_free(cert);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
OSSL_STORE_INFO_free(osi_pkey);
OSSL_STORE_INFO_free(osi_cert);
OSSL_STORE_INFO_free(osi_ca);
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index fd2ad90754..c415839995 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -78,7 +78,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
if (xi->x509 != NULL) {
if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) {
- sk_X509_pop_free(othercerts, X509_free);
+ OSSL_STACK_OF_X509_free(othercerts);
othercerts = NULL;
goto end;
}
@@ -233,7 +233,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
end:
ret = 1;
err:
- sk_X509_pop_free(certs_obj, X509_free);
+ OSSL_STACK_OF_X509_free(certs_obj);
return ret;
}
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 8937bb2d66..cf3e5443de 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -147,7 +147,7 @@ void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
OPENSSL_free(ctx->propq);
X509_free(ctx->signer_cert);
EVP_PKEY_free(ctx->signer_key);
- sk_X509_pop_free(ctx->certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->certs);
sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
ASN1_OBJECT_free(ctx->default_policy);
sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */
@@ -197,7 +197,7 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
- sk_X509_pop_free(ctx->certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->certs);
ctx->certs = NULL;
return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL;
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 792a27ce57..410f688255 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -158,7 +158,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
err:
BIO_free_all(p7bio);
sk_X509_free(untrusted);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
sk_X509_free(signers);
return ret;
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 2f6f00c0cc..127e35623e 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -82,7 +82,7 @@ void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
return;
X509_STORE_free(ctx->store);
- sk_X509_pop_free(ctx->certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->certs);
ASN1_OBJECT_free(ctx->policy);
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 13ccb35508..3e022ccbcb 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -17,6 +17,11 @@
#include "crypto/asn1.h"
#include "crypto/x509.h"
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs)
+{
+ sk_X509_pop_free(certs, X509_free);
+}
+
#ifndef OPENSSL_NO_STDIO
int X509_print_fp(FILE *fp, X509 *x)
{
@@ -456,7 +461,7 @@ static int print_store_certs(BIO *bio, X509_STORE *store)
STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store);
int ret = print_certs(bio, certs);
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
return ret;
} else {
return BIO_printf(bio, " (no trusted store)\n") >= 0;
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 3b76b92f71..34bc7417ac 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -567,7 +567,7 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
err:
X509_STORE_unlock(store);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
return NULL;
}
@@ -615,7 +615,7 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx,
x = obj->data.x509;
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
X509_STORE_unlock(store);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
return NULL;
}
}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8ab6381daf..8a7f1ba8e8 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -138,7 +138,7 @@ static int lookup_cert_match(X509 **result, X509_STORE_CTX *ctx, X509 *x)
else
*result = xtmp;
}
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
return ret;
}
@@ -385,7 +385,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx,
x = sk_X509_value(ctx->other_ctx, i);
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
ctx->error = X509_V_ERR_OUT_OF_MEM;
return NULL;
}
@@ -2484,7 +2484,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
}
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
- sk_X509_pop_free(ctx->chain, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chain);
ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
@@ -2523,7 +2523,7 @@ void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
{
- sk_X509_pop_free(ctx->chain, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chain);
ctx->chain = sk;
}
diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c
index 60b0aa192b..4a2219dee3 100644
--- a/demos/cms/cms_denc.c
+++ b/demos/cms/cms_denc.c
@@ -46,8 +46,8 @@ int main(int argc, char **argv)
goto err;
/*
- * sk_X509_pop_free will free up recipient STACK and its contents so set
- * rcert to NULL so it isn't freed up twice.
+ * OSSL_STACK_OF_X509_free() free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
@@ -88,7 +88,7 @@ int main(int argc, char **argv)
CMS_ContentInfo_free(cms);
X509_free(rcert);
- sk_X509_pop_free(recips, X509_free);
+ OSSL_STACK_OF_X509_free(recips);
BIO_free(in);
BIO_free(out);
BIO_free(dout);
diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c
index 9ef7a39558..ff5632a714 100644
--- a/demos/cms/cms_enc.c
+++ b/demos/cms/cms_enc.c
@@ -47,8 +47,8 @@ int main(int argc, char **argv)
goto err;
/*
- * sk_X509_pop_free will free up recipient STACK and its contents so set
- * rcert to NULL so it isn't freed up twice.
+ * OSSL_STACK_OF_X509_free() will free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
@@ -84,7 +84,7 @@ int main(int argc, char **argv)
CMS_ContentInfo_free(cms);
X509_free(rcert);
- sk_X509_pop_free(recips, X509_free);
+ OSSL_STACK_OF_X509_free(recips);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c
index 3b153f8edf..7deeef9ef0 100644
--- a/demos/pkcs12/pkread.c
+++ b/demos/pkcs12/pkread.c
@@ -105,7 +105,7 @@ int main(int argc, char **argv)
OPENSSL_free(name);
X509_free(cert);
EVP_PKEY_free(pkey);
- sk_X509_pop_free(ca, X509_free);
+ OSSL_STACK_OF_X509_free(ca);
return ret;
}
diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c
index 0714dddfd2..ab44a22bb3 100644
--- a/demos/smime/smenc.c
+++ b/demos/smime/smenc.c
@@ -47,8 +47,8 @@ int main(int argc, char **argv)
goto err;
/*
- * sk_X509_pop_free will free up recipient STACK and its contents so set
- * rcert to NULL so it isn't freed up twice.
+ * OSSL_STACK_OF_X509_free() will free up recipient STACK and its contents
+ * so set rcert to NULL so it isn't freed up twice.
*/
rcert = NULL;
@@ -82,7 +82,7 @@ int main(int argc, char **argv)
}
PKCS7_free(p7);
X509_free(rcert);
- sk_X509_pop_free(recips, X509_free);
+ OSSL_STACK_OF_X509_free(recips);
BIO_free(in);
BIO_free(out);
BIO_free(tbio);
diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod
index 04005f3ecd..901113c917 100644
--- a/doc/man3/X509_STORE_CTX_get_error.pod
+++ b/doc/man3/X509_STORE_CTX_get_error.pod
@@ -72,7 +72,7 @@ verification is successful. Otherwise the returned chain may be incomplete or
invalid. The returned chain persists after the I<ctx> structure is freed.
When it is no longer needed it should be free up using:
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
X509_verify_cert_error_string() returns a human readable error string for
verification error I<n>.
diff --git a/doc/man3/X509_new.pod b/doc/man3/X509_new.pod
index ea2b3a2cc9..f1d07bf79e 100644
--- a/doc/man3/X509_new.pod
+++ b/doc/man3/X509_new.pod
@@ -4,7 +4,9 @@
X509_new, X509_new_ex,
X509_free, X509_up_ref,
-X509_chain_up_ref - X509 certificate ASN1 allocation functions
+X509_chain_up_ref,
+OSSL_STACK_OF_X509_free
+- X509 certificate ASN1 allocation and deallocation functions
=head1 SYNOPSIS
@@ -15,6 +17,7 @@ X509_chain_up_ref - X509 certificate ASN1 allocation functions
void X509_free(X509 *a);
int X509_up_ref(X509 *a);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
+ void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
=head1 DESCRIPTION
@@ -40,6 +43,9 @@ X509_up_ref() increments the reference count of B<a>.
X509_chain_up_ref() increases the reference count of all certificates in
chain B<x> and returns a copy of the stack, or an empty stack if B<a> is NULL.
+OSSL_STACK_OF_X509_free() deallocates the given list of pointers to
+certificates after calling X509_free() on all its elements.
+
=head1 NOTES
The function X509_up_ref() if useful if a certificate structure is being
@@ -61,6 +67,8 @@ X509_up_ref() returns 1 for success and 0 for failure.
X509_chain_up_ref() returns a copy of the stack or NULL if an error occurred.
+OSSL_STACK_OF_X509_free() has no return value.
+
=head1 SEE ALSO
L<d2i_X509(3)>,
@@ -82,7 +90,9 @@ L<X509_verify_cert(3)>
=head1 HISTORY
-The function X509_new_ex() was added in OpenSSL 3.0.
+X509_new_ex() was added in OpenSSL 3.0.
+
+OSSL_STACK_OF_X509_free() was added in OpenSSL 3.1.
=head1 COPYRIGHT
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index e675b006a8..e2a5474c1c 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -375,7 +375,7 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
}
EVP_PKEY_free(pkey);
X509_free(cert);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
store_info_free(osi_pkey);
store_info_free(osi_cert);
store_info_free(osi_ca);
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index b4efbb55dd..aee3a44dc2 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -763,6 +763,7 @@ int X509_chain_check_suiteb(int *perror_depth,
X509 *x, STACK_OF(X509) *chain,
unsigned long flags);
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+void OSSL_STACK_OF_X509_free(STACK_OF(X509) *certs);
STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 874b36fad0..120b5cedeb 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3956,7 +3956,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
- sk_X509_pop_free(ctx->extra_certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->extra_certs);
ctx->extra_certs = NULL;
break;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 82028ec5b7..4cfd005ebe 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -212,7 +212,7 @@ void ssl_cert_clear_certs(CERT *c)
cpk->x509 = NULL;
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = NULL;
OPENSSL_free(cpk->serverinfo);
cpk->serverinfo = NULL;
@@ -264,7 +264,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 0;
}
}
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = chain;
return 1;
}
@@ -278,7 +278,7 @@ int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
if (!dchain)
return 0;
if (!ssl_cert_set0_chain(s, ctx, dchain)) {
- sk_X509_pop_free(dchain, X509_free);
+ OSSL_STACK_OF_X509_free(dchain);
return 0;
}
return 1;
@@ -440,7 +440,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
}
s->verify_result = X509_STORE_CTX_get_error(ctx);
- sk_X509_pop_free(s->verified_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->verified_chain);
s->verified_chain = NULL;
if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
@@ -940,12 +940,12 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
rv = ssl_security_cert(s, ctx, x, 0, 0);
if (rv != 1) {
ERR_raise(ERR_LIB_SSL, rv);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
rv = 0;
goto err;
}
}
- sk_X509_pop_free(cpk->chain, X509_free);
+ OSSL_STACK_OF_X509_free(cpk->chain);
cpk->chain = chain;
if (rv == 0)
rv = 1;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index dc5f7d2173..20fe8bc786 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -172,7 +172,7 @@ static void dane_final(SSL_DANE *dane)
sk_danetls_record_pop_free(dane->trecs, tlsa_free);
dane->trecs = NULL;
- sk_X509_pop_free(dane->certs, X509_free);
+ OSSL_STACK_OF_X509_free(dane->certs);
dane->certs = NULL;
X509_free(dane->mcert);
@@ -1243,7 +1243,7 @@ void SSL_free(SSL *s)
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
- sk_X509_pop_free(s->verified_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->verified_chain);
if (s->method != NULL)
s->method->ssl_free(s);
@@ -3430,7 +3430,7 @@ void SSL_CTX_free(SSL_CTX *a)
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
- sk_X509_pop_free(a->extra_certs, X509_free);
+ OSSL_STACK_OF_X509_free(a->extra_certs);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 5509389aa2..bba0051437 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -955,7 +955,7 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
}
}
- sk_X509_pop_free(c->pkeys[i].chain, X509_free);
+ OSSL_STACK_OF_X509_free(c->pkeys[i].chain);
c->pkeys[i].chain = dup_chain;
X509_free(c->pkeys[i].x509);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 0e756c37c1..765ae89916 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -828,7 +828,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
X509_free(ss->peer);
- sk_X509_pop_free(ss->peer_chain, X509_free);
+ OSSL_STACK_OF_X509_free(ss->peer_chain);
OPENSSL_free(ss->ext.hostname);
OPENSSL_free(ss->ext.tick);
#ifndef OPENSSL_NO_PSK
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 12f77690cd..10e778d681 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1841,7 +1841,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
err:
X509_free(x);
- sk_X509_pop_free(s->session->peer_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->session->peer_chain);
s->session->peer_chain = NULL;
return MSG_PROCESS_ERROR;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 271f5b4400..cda9b32156 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3554,7 +3554,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
s->session->peer = sk_X509_shift(sk);
s->session->verify_result = s->verify_result;
- sk_X509_pop_free(s->session->peer_chain, X509_free);
+ OSSL_STACK_OF_X509_free(s->session->peer_chain);
s->session->peer_chain = sk;
sk = NULL;
@@ -3589,7 +3589,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
err:
X509_free(x);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
return ret;
}
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index f4f664a49e..70543b3b01 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -116,7 +116,7 @@ static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture)
STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx);
int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0);
- sk_X509_pop_free(caPubs, X509_free);
+ OSSL_STACK_OF_X509_free(caPubs);
return ret;
}
return 1;
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index 71fa679ff4..1e0d6db538 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -59,7 +59,7 @@ static STACK_OF(X509) *sk_X509_new_1(void)
static void sk_X509_pop_X509_free(STACK_OF(X509) *sk)
{
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
}
static int execute_CTX_reinit_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture)
diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c
index 9111b89423..a24acace2c 100644
--- a/test/cmp_protect_test.c
+++ b/test/cmp_protect_test.c
@@ -340,7 +340,7 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
if (TEST_ptr(chain)) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
if (!ret)
return 0;
@@ -355,7 +355,7 @@ static int execute_cmp_build_cert_chain_test(CMP_PROTECT_TEST_FIXTURE *fixture)
if (ret && chain != NULL) {
/* Check whether chain built is equal to the expected one */
ret = TEST_int_eq(0, STACK_OF_X509_cmp(chain, fixture->chain));
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
}
}
X509_STORE_free(store);
@@ -475,7 +475,7 @@ static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
res = 1;
err:
X509_STORE_free(store);
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
return res;
}
diff --git a/test/crltest.c b/test/crltest.c
index 5d255d368a..3b76f4f0ae 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -264,7 +264,7 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
status = X509_verify_cert(ctx) == 1 ? X509_V_OK
: X509_STORE_CTX_get_error(ctx);
err:
- sk_X509_pop_free(roots, X509_free);
+ OSSL_STACK_OF_X509_free(roots);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
X509_VERIFY_PARAM_free(param);
X509_STORE_CTX_free(ctx);
diff --git a/test/danetest.c b/test/danetest.c
index 0ed460039d..d7ef87b6d2 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -143,7 +143,7 @@ err:
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
return NULL;
}
@@ -344,7 +344,7 @@ static int test_tlsafile(SSL_CTX *ctx, const char *base_name,
}
ok = verify_chain(ssl, chain);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
err = SSL_get_verify_result(ssl);
/*
* Peek under the hood, normally TLSA match data is hidden when
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 29c125004a..6e0da6299a 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8038,7 +8038,7 @@ static int cert_cb(SSL *s, void *arg)
EVP_PKEY_free(pkey);
X509_free(x509);
X509_free(rootx);
- sk_X509_pop_free(chain, X509_free);
+ OSSL_STACK_OF_X509_free(chain);
return ret;
}
diff --git a/test/testutil/load.c b/test/testutil/load.c
index d776a7f167..982e0a39a9 100644
--- a/test/testutil/load.c
+++ b/test/testutil/load.c
@@ -49,7 +49,7 @@ STACK_OF(X509) *load_certs_pem(const char *file)
do {
x = PEM_read_bio_X509(bio, NULL, 0, NULL);
if (x != NULL && !sk_X509_push(certs, x)) {
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
BIO_free(bio);
return NULL;
} else if (x == NULL) {
diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index 6ab779671f..d03dc0c71d 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -94,7 +94,7 @@ static int test_alt_chains_cert_forgery(void)
err:
X509_STORE_CTX_free(sctx);
X509_free(x);
- sk_X509_pop_free(untrusted, X509_free);
+ OSSL_STACK_OF_X509_free(untrusted);
X509_STORE_free(store);
return ret;
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 10b4e57d79..681cbf31b0 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5425,3 +5425,4 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+OSSL_STACK_OF_X509_free ? 3_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list