-/* crypto/x509/x509_lu.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#include "internal/cryptlib.h"
#include <openssl/lhash.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include <openssl/x509v3.h>
#include "x509_lcl.h"
{
X509_LOOKUP *ret;
- ret = OPENSSL_malloc(sizeof(*ret));
+ ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL)
return NULL;
- ret->init = 0;
- ret->skip = 0;
ret->method = method;
- ret->method_data = NULL;
- ret->store_ctx = NULL;
if ((method->new_item != NULL) && !method->new_item(ret)) {
OPENSSL_free(ret);
return NULL;
{
X509_STORE *ret;
- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+ if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
return NULL;
- ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
+ if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
+ goto err;
ret->cache = 1;
- ret->get_cert_methods = sk_X509_LOOKUP_new_null();
- ret->verify = 0;
- ret->verify_cb = 0;
+ if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
+ goto err;
if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
- return NULL;
+ goto err;
- ret->get_issuer = 0;
- ret->check_issued = 0;
- ret->check_revocation = 0;
- ret->get_crl = 0;
- ret->check_crl = 0;
- ret->cert_crl = 0;
- ret->lookup_certs = 0;
- ret->lookup_crls = 0;
- ret->cleanup = 0;
-
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
- sk_X509_OBJECT_free(ret->objs);
- OPENSSL_free(ret);
- return NULL;
- }
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+ goto err;
+
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL)
+ goto err;
ret->references = 1;
return ret;
+
+err:
+ X509_VERIFY_PARAM_free(ret->param);
+ sk_X509_OBJECT_free(ret->objs);
+ sk_X509_LOOKUP_free(ret->get_cert_methods);
+ OPENSSL_free(ret);
+ return NULL;
}
static void cleanup(X509_OBJECT *a)
if (vfy == NULL)
return;
- i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE);
-#ifdef REF_PRINT
- REF_PRINT("X509_STORE", vfy);
-#endif
+ CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock);
+ REF_PRINT_COUNT("X509_STORE", vfy);
if (i > 0)
return;
-#ifdef REF_CHECK
- if (i < 0) {
- fprintf(stderr, "X509_STORE_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
+ REF_ASSERT_ISNT(i < 0);
sk = vfy->get_cert_methods;
for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
X509_VERIFY_PARAM_free(vfy->param);
+ CRYPTO_THREAD_lock_free(vfy->lock);
OPENSSL_free(vfy);
}
+int X509_STORE_up_ref(X509_STORE *vfy)
+{
+ int i;
+
+ if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0)
+ return 0;
+
+ REF_PRINT_COUNT("X509_STORE", a);
+ REF_ASSERT_ISNT(i < 2);
+ return ((i > 1) ? 1 : 0);
+}
+
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
{
int i;
}
}
+X509_OBJECT *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, int type,
+ X509_NAME *name)
+{
+ X509_OBJECT *ret;
+
+ ret = OPENSSL_malloc(sizeof (*ret));
+ if (ret == NULL) {
+ X509err(X509_F_X509_STORE_GET_X509_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!X509_STORE_get_by_subject(vs, type, name, ret)) {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
X509_NAME *name, X509_OBJECT *ret)
{
X509_OBJECT stmp, *tmp;
int i, j;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->lock);
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->lock);
if (tmp == NULL || type == X509_LU_CRL) {
for (i = vs->current_method;
obj->type = X509_LU_X509;
obj->data.x509 = x;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->lock);
X509_OBJECT_up_ref_count(obj);
} else
sk_X509_OBJECT_push(ctx->objs, obj);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->lock);
return ret;
}
obj->type = X509_LU_CRL;
obj->data.crl = x;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->lock);
X509_OBJECT_up_ref_count(obj);
} else
sk_X509_OBJECT_push(ctx->objs, obj);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->lock);
return ret;
}
default:
break;
case X509_LU_X509:
- CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(a->data.x509);
break;
case X509_LU_CRL:
X509_CRL_up_ref(a->data.crl);
}
}
+X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
+{
+ return a->data.x509;
+}
+
+int X509_OBJECT_get_type(X509_OBJECT *a)
+{
+ return a->type;
+}
+
+void X509_OBJECT_free(X509_OBJECT *a)
+{
+ if (a == NULL)
+ return;
+ X509_OBJECT_free_contents(a);
+ OPENSSL_free(a);
+}
+
void X509_OBJECT_free_contents(X509_OBJECT *a)
{
- if (!a)
+ if (a == NULL)
return;
switch (a->type) {
default:
{
X509_OBJECT stmp;
X509 x509_s;
- X509_CINF cinf_s;
X509_CRL crl_s;
- X509_CRL_INFO crl_info_s;
int idx;
stmp.type = type;
switch (type) {
case X509_LU_X509:
stmp.data.x509 = &x509_s;
- x509_s.cert_info = &cinf_s;
- cinf_s.subject = name;
+ x509_s.cert_info.subject = name;
break;
case X509_LU_CRL:
stmp.data.crl = &crl_s;
- crl_s.crl = &crl_info_s;
- crl_info_s.issuer = name;
+ crl_s.crl.issuer = name;
break;
default:
/* abort(); */
return sk_X509_OBJECT_value(h, idx);
}
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
+{
+ return v->objs;
+}
+
STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
{
int i, idx, cnt;
X509 *x;
X509_OBJECT *obj;
sk = sk_X509_new_null();
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
/*
* cache
*/
X509_OBJECT xobj;
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
sk_X509_free(sk);
return NULL;
}
X509_OBJECT_free_contents(&xobj);
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
sk_X509_free(sk);
return NULL;
}
for (i = 0; i < cnt; i++, idx++) {
obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
x = obj->data.x509;
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(x);
if (!sk_X509_push(sk, x)) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_free(x);
sk_X509_pop_free(sk, X509_free);
return NULL;
}
}
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
return sk;
}
X509_CRL *x;
X509_OBJECT *obj, xobj;
sk = sk_X509_CRL_new_null();
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- /* Check cache first */
- idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
/*
* Always do lookup to possibly add new CRLs to cache
*/
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
sk_X509_CRL_free(sk);
return NULL;
}
X509_OBJECT_free_contents(&xobj);
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
if (idx < 0) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
sk_X509_CRL_free(sk);
return NULL;
}
x = obj->data.crl;
X509_CRL_up_ref(x);
if (!sk_X509_CRL_push(sk, x)) {
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
X509_CRL_free(x);
sk_X509_CRL_pop_free(sk, X509_CRL_free);
return NULL;
}
}
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
return sk;
}
X509_NAME *xn;
X509_OBJECT obj, *pobj;
int i, ok, idx, ret;
+
*issuer = NULL;
xn = X509_get_issuer_name(x);
ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
}
/* If certificate matches all OK */
if (ctx->check_issued(ctx, x, obj.data.x509)) {
- if (x509_check_cert_time(ctx, obj.data.x509, 1)) {
+ if (x509_check_cert_time(ctx, obj.data.x509, -1)) {
*issuer = obj.data.x509;
return 1;
}
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_write_lock(ctx->ctx->lock);
idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
if (idx != -1) { /* should be true as we've had at least one
* match */
* match if no certificate time is OK.
*/
- if (x509_check_cert_time(ctx, *issuer, 1))
+ if (x509_check_cert_time(ctx, *issuer, -1))
break;
}
}
}
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ CRYPTO_THREAD_unlock(ctx->ctx->lock);
if (*issuer)
- CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(*issuer);
return ret;
}
return X509_VERIFY_PARAM_set1(ctx->param, param);
}
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
+{
+ return ctx->param;
+}
+
void X509_STORE_set_verify_cb(X509_STORE *ctx,
int (*verify_cb) (int, X509_STORE_CTX *))
{
ctx->lookup_crls = cb;
}
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
+{
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
+{
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
{
return ctx->ctx;