Comment side-effect only calls of X509_check_purpose

Reviewed-by: Rich Salz <rsalz@openssl.org>
2025-04-06 20:20:50 +08:00 · 2016-01-27 21:54:09 -05:00 · 2016-01-27 21:54:09 -05:00 · 109f8b5dec
commit 109f8b5dec
parent b4f35e5e07
5 changed files with 8 additions and 1 deletions
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@ -280,6 +280,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
    si = M_ASN1_new_of(CMS_SignerInfo);
    if (!si)
        goto merr;
+    /* Call for side-effect of computing hash and caching extensions */
    X509_check_purpose(signer, -1, -1);

    CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@ -793,6 +793,7 @@ static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed)
    GENERAL_NAME *name = NULL;
    unsigned char cert_sha1[SHA_DIGEST_LENGTH];

+    /* Call for side-effect of computing hash and caching extensions */
    X509_check_purpose(cert, -1, 0);
    if ((cid = ESS_CERT_ID_new()) == NULL)
        goto err;
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@ -283,6 +283,7 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)

 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
+    /* Call for side-effect of computing hash and caching extensions */
    X509_check_purpose(x, -1, 0);
    if (x->ex_flags & EXFLAG_SS)
        return X509_TRUST_TRUSTED;
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@ -186,7 +186,6 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
        uint32_t ex_flags;
        x = sk_X509_value(certs, i);
        ex_flags = X509_get_extension_flags(x);
-        X509_check_purpose(x, -1, -1);
        cache = policy_cache_set(x);
        /* If cache NULL something bad happened: return immediately */
        if (cache == NULL)
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@ -132,6 +132,7 @@ int X509_check_purpose(X509 *x, int id, int ca)
        x509v3_cache_extensions(x);
        CRYPTO_w_unlock(CRYPTO_LOCK_X509);
    }
+    /* Return if side-effect only call */
    if (id == -1)
        return 1;
    idx = X509_PURPOSE_get_by_id(id);
@ -850,12 +851,14 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)

 uint32_t X509_get_extension_flags(X509 *x)
 {
+    /* Call for side-effect of computing hash and caching extensions */
    X509_check_purpose(x, -1, -1);
    return x->ex_flags;
 }

 uint32_t X509_get_key_usage(X509 *x)
 {
+    /* Call for side-effect of computing hash and caching extensions */
    X509_check_purpose(x, -1, -1);
    if (x->ex_flags & EXFLAG_KUSAGE)
        return x->ex_kusage;
@ -864,6 +867,7 @@ uint32_t X509_get_key_usage(X509 *x)

 uint32_t X509_get_extended_key_usage(X509 *x)
 {
+    /* Call for side-effect of computing hash and caching extensions */
    X509_check_purpose(x, -1, -1);
    if (x->ex_flags & EXFLAG_XKUSAGE)
        return x->ex_xkusage;
@ -872,6 +876,7 @@ uint32_t X509_get_extended_key_usage(X509 *x)

 const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
 {
+    /* Call for side-effect of computing hash and caching extensions */
    X509_check_purpose(x, -1, -1);
    return x->skid;
 }