Add X509_up_ref function.

Reviewed-by: Rich Salz <rsalz@openssl.org>

crypto/cms/cms_env.c

@@ -206,7 +206,7 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
     if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
         return 0;
 
-    CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(recip);
     CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
     ktri->pkey = pk;
     ktri->recip = recip;

crypto/cms/cms_lib.c

@@ -457,7 +457,7 @@ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
     int r;
     r = CMS_add0_cert(cms, cert);
     if (r > 0)
-        CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(cert);
     return r;
 }
 
@@ -542,7 +542,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
                 sk_X509_pop_free(certs, X509_free);
                 return NULL;
             }
-            CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509);
+            X509_up_ref(cch->d.certificate);
         }
     }
     return certs;

crypto/cms/cms_sd.c

@@ -285,7 +285,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
     X509_check_purpose(signer, -1, -1);
 
     CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
-    CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(signer);
 
     si->pkey = pk;
     si->signer = signer;
@@ -485,7 +485,7 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
 {
     if (signer) {
-        CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(signer);
         EVP_PKEY_free(si->pkey);
         si->pkey = X509_get_pubkey(signer);
     }

crypto/ocsp/ocsp_cl.c

@@ -138,7 +138,7 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
 
     if (!sk_X509_push(sig->certs, cert))
         return 0;
-    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(cert);
     return 1;
 }
 

crypto/ocsp/ocsp_srv.c

@@ -213,7 +213,7 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
 
     if (!sk_X509_push(resp->certs, cert))
         return 0;
-    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(cert);
     return 1;
 }
 

crypto/pkcs7/pk7_lib.c

@@ -308,7 +308,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
         PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x509);
     if (!sk_X509_push(*sk, x509)) {
         X509_free(x509);
         return 0;
@@ -545,7 +545,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
 
     EVP_PKEY_free(pkey);
 
-    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x509);
     p7i->cert = x509;
 
     return 1;

crypto/store/str_lib.c

@@ -251,8 +251,7 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
                  STORE_R_FAILED_GETTING_CERTIFICATE);
         return 0;
     }
-    CRYPTO_add(&object->data.x509.certificate->references, 1,
-               CRYPTO_LOCK_X509);
+    X509_up_ref(object->data.x509.certificate);
 #ifdef REF_PRINT
     REF_PRINT("X509", data);
 #endif
@@ -276,7 +275,7 @@ int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
         return 0;
     }
 
-    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(data);
 #ifdef REF_PRINT
     REF_PRINT("X509", data);
 #endif
@@ -378,8 +377,7 @@ X509 *STORE_list_certificate_next(STORE *s, void *handle)
                  STORE_R_FAILED_LISTING_CERTIFICATES);
         return 0;
     }
-    CRYPTO_add(&object->data.x509.certificate->references, 1,
-               CRYPTO_LOCK_X509);
+    X509_up_ref(object->data.x509.certificate);
 #ifdef REF_PRINT
     REF_PRINT("X509", data);
 #endif

crypto/ts/ts_rsp_sign.c

@@ -209,7 +209,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
     }
     X509_free(ctx->signer_cert);
     ctx->signer_cert = signer;
-    CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
+    X509_up_ref(ctx->signer_cert);
     return 1;
 }
 

crypto/ts/ts_rsp_verify.c

@@ -212,7 +212,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
     /* Return the signer certificate if needed. */
     if (signer_out) {
         *signer_out = signer;
-        CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(signer);
     }
 
     ret = 1;

crypto/x509/x509_cmp.c

@@ -487,7 +487,7 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
     ret = sk_X509_dup(chain);
     for (i = 0; i < sk_X509_num(ret); i++) {
         X509 *x = sk_X509_value(ret, i);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(x);
     }
     return ret;
 }

crypto/x509/x509_lu.c

@@ -406,7 +406,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
     default:
         break;
     case X509_LU_X509:
-        CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(a->data.x509);
         break;
     case X509_LU_CRL:
         X509_CRL_up_ref(a->data.crl);
@@ -521,7 +521,7 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
     for (i = 0; i < cnt; i++, idx++) {
         obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
         x = obj->data.x509;
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(x);
         if (!sk_X509_push(sk, x)) {
             CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
             X509_free(x);
@@ -676,7 +676,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
     }
     CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
     if (*issuer)
-        CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(*issuer);
     return ret;
 }
 

crypto/x509/x509_set.c

@@ -150,3 +150,8 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
         return (0);
     return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
 }
+
+void X509_up_ref(X509 *x)
+{
+    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+}

crypto/x509/x509_vfy.c

@@ -172,7 +172,7 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
             break;
     }
     if (i < sk_X509_num(certs))
-        CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(xtmp);
     else
         xtmp = NULL;
     sk_X509_pop_free(certs, X509_free);
@@ -212,7 +212,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
         goto end;
     }
-    CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(ctx->cert);
     ctx->last_untrusted = 1;
 
     /* We use a temporary STACK so we can chop and hack at it */
@@ -262,7 +262,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                     X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
                     goto end;
                 }
-                CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
+                X509_up_ref(xtmp);
                 (void)sk_X509_delete_ptr(sktmp, xtmp);
                 ctx->last_untrusted++;
                 x = xtmp;
@@ -566,7 +566,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
     *issuer = find_issuer(ctx, ctx->other_ctx, x);
     if (*issuer) {
-        CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(*issuer);
         return 1;
     } else
         return 0;

crypto/x509v3/pcy_tree.c

@@ -249,7 +249,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
         level++;
         x = sk_X509_value(certs, i);
         cache = policy_cache_set(x);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(x);
         level->cert = x;
 
         if (!cache->anyPolicy)

include/openssl/x509.h

@@ -798,6 +798,7 @@ X509_NAME *X509_get_subject_name(X509 *a);
 int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
 int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+void X509_up_ref(X509 *x);
 EVP_PKEY *X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
 int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );

ssl/s3_clnt.c

@@ -1359,7 +1359,7 @@ int ssl3_get_server_certificate(SSL *s)
     s->session->peer_type = i;
 
     X509_free(s->session->peer);
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     s->session->peer = x;
     s->session->verify_result = s->verify_result;
 

ssl/ssl_cert.c

@@ -250,7 +250,7 @@ CERT *ssl_cert_dup(CERT *cert)
         CERT_PKEY *rpk = ret->pkeys + i;
         if (cpk->x509 != NULL) {
             rpk->x509 = cpk->x509;
-            CRYPTO_add(&rpk->x509->references, 1, CRYPTO_LOCK_X509);
+            X509_up_ref(rpk->x509);
         }
 
         if (cpk->privatekey != NULL) {
@@ -463,7 +463,7 @@ int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
 {
     if (!ssl_cert_add0_chain_cert(s, ctx, x))
         return 0;
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     return 1;
 }
 

ssl/ssl_lib.c

@@ -825,7 +825,7 @@ X509 *SSL_get_peer_certificate(const SSL *s)
     if (r == NULL)
         return (r);
 
-    CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(r);
 
     return (r);
 }

ssl/ssl_rsa.c

@@ -415,7 +415,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
     EVP_PKEY_free(pkey);
 
     X509_free(c->pkeys[i].x509);
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     c->pkeys[i].x509 = x;
     c->key = &(c->pkeys[i]);
 

ssl/ssl_sess.c

@@ -266,7 +266,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
     dest->references = 1;
 
     if (src->peer != NULL)
-        CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+        X509_up_ref(src->peer);
 
     if (src->peer_chain != NULL) {
         dest->peer_chain = X509_chain_up_ref(src->peer_chain);