Const-correct and simplify X509_VERIFY_PARAM_set1_policies.
That loop is just sk_ASN1_OBJECT_deep_copy.
Change-Id: Idc9db7f8e0ac28c853415813f49b1441b646c246
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55746
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index e594033..21ad5e0 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -395,41 +395,31 @@
if (!sk_ASN1_OBJECT_push(param->policies, policy)) {
return 0;
}
+ // TODO(davidben): This does not set |X509_V_FLAG_POLICY_CHECK|, while
+ // |X509_VERIFY_PARAM_set1_policies| does. Is this a bug?
return 1;
}
+static ASN1_OBJECT *dup_object(ASN1_OBJECT *obj) { return OBJ_dup(obj); }
+
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
- STACK_OF(ASN1_OBJECT) *policies) {
- size_t i;
- ASN1_OBJECT *oid, *doid;
+ const STACK_OF(ASN1_OBJECT) *policies) {
if (!param) {
return 0;
}
- if (param->policies) {
- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
- }
+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
if (!policies) {
param->policies = NULL;
return 1;
}
- param->policies = sk_ASN1_OBJECT_new_null();
+ param->policies =
+ sk_ASN1_OBJECT_deep_copy(policies, dup_object, ASN1_OBJECT_free);
if (!param->policies) {
return 0;
}
- for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
- oid = sk_ASN1_OBJECT_value(policies, i);
- doid = OBJ_dup(oid);
- if (!doid) {
- return 0;
- }
- if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
- ASN1_OBJECT_free(doid);
- return 0;
- }
- }
param->flags |= X509_V_FLAG_POLICY_CHECK;
return 1;
}
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index e3369d9..ee103ca 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -2808,7 +2808,7 @@
OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
ASN1_OBJECT *policy);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
- X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies);
+ X509_VERIFY_PARAM *param, const STACK_OF(ASN1_OBJECT) *policies);
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
const char *name,