From 128c387f0b01e293e47a16442ef8dbc76c736192 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Thu, 22 Feb 2018 17:22:02 +0000
Subject: [PATCH] Provide X509_chain_up_ref().

From BoringSSL.
---
 lib/libcrypto/Symbols.list    |  1 +
 lib/libcrypto/x509/x509.h     |  3 ++-
 lib/libcrypto/x509/x509_cmp.c | 20 +++++++++++++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 3fdce4de5ac..4d108831231 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -2940,6 +2940,7 @@ X509_add_ext
 X509_alias_get0
 X509_alias_set1
 X509_certificate_type
+X509_chain_up_ref
 X509_check_akid
 X509_check_ca
 X509_check_email
diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index 92f012ea6d2..f2df12f248b 100644
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.40 2018/02/22 17:09:28 jsing Exp $ */
+/* $OpenBSD: x509.h,v 1.41 2018/02/22 17:22:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1309,6 +1309,7 @@ char *X509_TRUST_get0_name(X509_TRUST *xp);
 int X509_TRUST_get_trust(X509_TRUST *xp);
 
 int X509_up_ref(X509 *x);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c
index 440467521b9..001f98e61a4 100644
--- a/lib/libcrypto/x509/x509_cmp.c
+++ b/lib/libcrypto/x509/x509_cmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cmp.c,v 1.28 2018/02/22 17:05:35 jsing Exp $ */
+/* $OpenBSD: x509_cmp.c,v 1.29 2018/02/22 17:22:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -370,3 +370,21 @@ X509_check_private_key(X509 *x, EVP_PKEY *k)
 		return 1;
 	return 0;
 }
+
+/*
+ * Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref of
+ * each X509 structure.
+ */
+STACK_OF(X509) *
+X509_chain_up_ref(STACK_OF(X509) *chain)
+{
+	STACK_OF(X509) *ret;
+	size_t i;
+
+	ret = sk_X509_dup(chain);
+	for (i = 0; i < sk_X509_num(ret); i++)
+		X509_up_ref(sk_X509_value(ret, i));
+
+	return ret;
+}
-- 
2.20.1