x509: sort stacks before finds

[openssl.git] / crypto / x509 / v3_lib.c

diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c
index a3bb8be8ecca632d823c7e10230158ab68aa0404..3f933ee8b9291b9a4bf352b42a166c038ea41e07 100644 (file)
--- a/crypto/x509/v3_lib.c
+++ b/crypto/x509/v3_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,9 +16,6 @@
 
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(X509V3_EXT_METHOD)
-DEFINE_STACK_OF(X509_EXTENSION)
-
 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 
 static int ext_cmp(const X509V3_EXT_METHOD *const *a,
@@ -29,11 +26,11 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 {
     if (ext_list == NULL
         && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) {
-        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
         return 0;
     }
     if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
-        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
         return 0;
     }
     return 1;
@@ -66,7 +63,10 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
         return *ret;
     if (!ext_list)
         return NULL;
+    /* Ideally, this would be done under a lock */
+    sk_X509V3_EXT_METHOD_sort(ext_list);
     idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+    /* A failure to locate the item is handled by the value method */
     return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
@@ -92,13 +92,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
     X509V3_EXT_METHOD *tmpext;
 
     if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) {
-        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND);
+        ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_NOT_FOUND);
         return 0;
     }
-    if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) {
-        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
+    if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL)
         return 0;
-    }
     *tmpext = *ext;
     tmpext->ext_nid = nid_to;
     tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
@@ -245,8 +243,10 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         }
         /* If delete, just delete it */
         if (ext_op == X509V3_ADD_DELETE) {
-            if (!sk_X509_EXTENSION_delete(*x, extidx))
+            extmp = sk_X509_EXTENSION_delete(*x, extidx);
+            if (extmp == NULL)
                 return -1;
+            X509_EXTENSION_free(extmp);
             return 1;
         }
     } else {
@@ -268,8 +268,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
     ext = X509V3_EXT_i2d(nid, crit, value);
 
     if (!ext) {
-        X509V3err(X509V3_F_X509V3_ADD1_I2D,
-                  X509V3_R_ERROR_CREATING_EXTENSION);
+        ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CREATING_EXTENSION);
         return 0;
     }
 
@@ -293,7 +292,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
     return 1;
 
  m_fail:
-    /* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */
+    /* ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); */
     if (ret != *x)
         sk_X509_EXTENSION_free(ret);
     X509_EXTENSION_free(ext);
@@ -301,6 +300,6 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
 
  err:
     if (!(flags & X509V3_ADD_SILENT))
-        X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+        ERR_raise(ERR_LIB_X509V3, errcode);
     return 0;
 }