use deepcopy and make buffer_up_ref available internally in ssl

aws · Feb 17, 2025 · 540c98a · 540c98a
1 parent dfc0e4f
commit 540c98a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 13 deletions.
diff --git a/ssl/internal.h b/ssl/internal.h
@@ -3406,6 +3406,8 @@ bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
                                         const EVP_PKEY *privkey);
 bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
 
+CRYPTO_BUFFER *buffer_up_ref(const CRYPTO_BUFFER *buffer);
+
 // ssl_cert_check_cert_private_keys_usage returns true if |cert_private_keys|
 // in |cert| has a valid index and a sufficient amount of slots.
 bool ssl_cert_check_cert_private_keys_usage(const CERT *cert);

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
@@ -145,7 +145,7 @@ CERT::CERT(const SSL_X509_METHOD *x509_method_arg)
 
 CERT::~CERT() { x509_method->cert_free(this); }
 
-static CRYPTO_BUFFER *buffer_up_ref(const CRYPTO_BUFFER *buffer) {
+CRYPTO_BUFFER *buffer_up_ref(const CRYPTO_BUFFER *buffer) {
   CRYPTO_BUFFER_up_ref(const_cast<CRYPTO_BUFFER *>(buffer));
   return const_cast<CRYPTO_BUFFER *>(buffer);
 }
@@ -296,17 +296,12 @@ static int cert_set_chain_and_key(
       break;
   }
 
-  UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs_sk(sk_CRYPTO_BUFFER_new_null());
+  UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs_sk(sk_CRYPTO_BUFFER_deep_copy(
+      certs->get(), buffer_up_ref, CRYPTO_BUFFER_free));
   if (!certs_sk) {
     return 0;
   }
 
-  for (size_t i = 0; i < num_certs; i++) {
-    if (!PushToStack(certs_sk.get(), UpRef(sk_CRYPTO_BUFFER_value(certs->get(), i)))) {
-      return 0;
-    }
-  }
-
   if (!ssl_cert_check_cert_private_keys_usage(cert)) {
     return 0;
   }

diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
@@ -214,12 +214,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
     }
   }
   if (session->certs != nullptr) {
-    auto buf_up_ref = [](const CRYPTO_BUFFER *buf) {
-      CRYPTO_BUFFER_up_ref(const_cast<CRYPTO_BUFFER *>(buf));
-      return const_cast<CRYPTO_BUFFER*>(buf);
-    };
     new_session->certs.reset(sk_CRYPTO_BUFFER_deep_copy(
-        session->certs.get(), buf_up_ref, CRYPTO_BUFFER_free));
+        session->certs.get(), buffer_up_ref, CRYPTO_BUFFER_free));
     if (new_session->certs == nullptr) {
       return nullptr;
     }