A bunch more scopers. Change-Id: I5c8dbfec4a404d8d1501725a90b383eb3e05c664 Reviewed-on: https://boringssl-review.googlesource.com/29591 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc index 421b30a..4842974 100644 --- a/ssl/ssl_cert.cc +++ b/ssl/ssl_cert.cc
@@ -656,11 +656,11 @@ } bool ssl_has_client_CAs(const SSL_CONFIG *cfg) { - STACK_OF(CRYPTO_BUFFER) *names = cfg->client_CA; - if (names == NULL) { - names = cfg->ssl->ctx->client_CA; + const STACK_OF(CRYPTO_BUFFER) *names = cfg->client_CA.get(); + if (names == nullptr) { + names = cfg->ssl->ctx->client_CA.get(); } - if (names == NULL) { + if (names == nullptr) { return false; } return sk_CRYPTO_BUFFER_num(names) > 0; @@ -672,9 +672,9 @@ return 0; } - STACK_OF(CRYPTO_BUFFER) *names = hs->config->client_CA; + const STACK_OF(CRYPTO_BUFFER) *names = hs->config->client_CA.get(); if (names == NULL) { - names = hs->ssl->ctx->client_CA; + names = hs->ssl->ctx->client_CA.get(); } if (names == NULL) { return CBB_flush(cbb); @@ -760,14 +760,14 @@ if (!ssl->config) { return 0; } - return cert_set_chain_and_key(ssl->config->cert, certs, num_certs, privkey, - privkey_method); + return cert_set_chain_and_key(ssl->config->cert.get(), certs, num_certs, + privkey, privkey_method); } int SSL_CTX_set_chain_and_key(SSL_CTX *ctx, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method) { - return cert_set_chain_and_key(ctx->cert, certs, num_certs, privkey, + return cert_set_chain_and_key(ctx->cert.get(), certs, num_certs, privkey, privkey_method); } @@ -778,7 +778,7 @@ return 0; } - return ssl_set_cert(ctx->cert, std::move(buffer)); + return ssl_set_cert(ctx->cert.get(), std::move(buffer)); } int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) { @@ -787,19 +787,19 @@ return 0; } - return ssl_set_cert(ssl->config->cert, std::move(buffer)); + return ssl_set_cert(ssl->config->cert.get(), std::move(buffer)); } void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg), void *arg) { - ssl_cert_set_cert_cb(ctx->cert, cb, arg); + ssl_cert_set_cert_cb(ctx->cert.get(), cb, arg); } void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) { if (!ssl->config) { return; } - ssl_cert_set_cert_cb(ssl->config->cert, cb, arg); + ssl_cert_set_cert_cb(ssl->config->cert.get(), cb, arg); } const STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) { @@ -834,7 +834,7 @@ int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, const uint8_t *list, size_t list_len) { - return set_signed_cert_timestamp_list(ctx->cert, list, list_len); + return set_signed_cert_timestamp_list(ctx->cert.get(), list, list_len); } int SSL_set_signed_cert_timestamp_list(SSL *ssl, const uint8_t *list, @@ -842,7 +842,8 @@ if (!ssl->config) { return 0; } - return set_signed_cert_timestamp_list(ssl->config->cert, list, list_len); + return set_signed_cert_timestamp_list(ssl->config->cert.get(), list, + list_len); } int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, const uint8_t *response, @@ -864,8 +865,7 @@ void SSL_CTX_set0_client_CAs(SSL_CTX *ctx, STACK_OF(CRYPTO_BUFFER) *name_list) { ctx->x509_method->ssl_ctx_flush_cached_client_CA(ctx); - sk_CRYPTO_BUFFER_pop_free(ctx->client_CA, CRYPTO_BUFFER_free); - ctx->client_CA = name_list; + ctx->client_CA.reset(name_list); } void SSL_set0_client_CAs(SSL *ssl, STACK_OF(CRYPTO_BUFFER) *name_list) { @@ -873,6 +873,5 @@ return; } ssl->ctx->x509_method->ssl_flush_cached_client_CA(ssl->config.get()); - sk_CRYPTO_BUFFER_pop_free(ssl->config->client_CA, CRYPTO_BUFFER_free); - ssl->config->client_CA = name_list; + ssl->config->client_CA.reset(name_list); }