/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <stdio.h>
#include "internal/cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/refcount.h"
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include <openssl/x509v3.h>
X509_NAME *name, X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
- return X509_LU_FAIL;
+ return 0;
if (ctx->skip)
return 0;
return ctx->method->get_by_subject(ctx, type, name, ret);
X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
- return X509_LU_FAIL;
+ return 0;
return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
}
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- unsigned char *bytes, int len,
+ const unsigned char *bytes, int len,
X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
- return X509_LU_FAIL;
+ return 0;
return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
}
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- char *str, int len, X509_OBJECT *ret)
+ const char *str, int len, X509_OBJECT *ret)
{
if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
- return X509_LU_FAIL;
+ return 0;
return ctx->method->get_by_alias(ctx, type, str, len, ret);
}
case X509_LU_CRL:
ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
break;
- default:
+ case X509_LU_NONE:
/* abort(); */
return 0;
}
return NULL;
}
-static void cleanup(X509_OBJECT *a)
-{
- if (!a)
- return;
- if (a->type == X509_LU_X509) {
- X509_free(a->data.x509);
- } else if (a->type == X509_LU_CRL) {
- X509_CRL_free(a->data.crl);
- } else {
- /* abort(); */
- }
-
- OPENSSL_free(a);
-}
-
void X509_STORE_free(X509_STORE *vfy)
{
int i;
if (vfy == NULL)
return;
- CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock);
+ CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
REF_PRINT_COUNT("X509_STORE", vfy);
if (i > 0)
return;
X509_LOOKUP_free(lu);
}
sk_X509_LOOKUP_free(sk);
- sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
+ sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
X509_VERIFY_PARAM_free(vfy->param);
{
int i;
- if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0)
+ if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
return 0;
REF_PRINT_COUNT("X509_STORE", a);
return 1;
}
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
-{
+static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
X509_OBJECT *obj;
- int ret = 1, added = 1;
+ int ret = 0, added = 0;
if (x == NULL)
return 0;
obj = X509_OBJECT_new();
if (obj == NULL)
return 0;
- obj->type = X509_LU_X509;
- obj->data.x509 = x;
+
+ if (crl) {
+ obj->type = X509_LU_CRL;
+ obj->data.crl = (X509_CRL *)x;
+ } else {
+ obj->type = X509_LU_X509;
+ obj->data.x509 = (X509 *)x;
+ }
X509_OBJECT_up_ref_count(obj);
CRYPTO_THREAD_write_lock(ctx->lock);
if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
- X509err(X509_F_X509_STORE_ADD_CERT,
- X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret = 0;
+ ret = 1;
} else {
added = sk_X509_OBJECT_push(ctx->objs, obj);
ret = added != 0;
CRYPTO_THREAD_unlock(ctx->lock);
- if (!ret) /* obj not pushed */
+ if (added == 0) /* obj not pushed */
X509_OBJECT_free(obj);
- if (!added) /* on push failure */
- X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
return ret;
}
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
{
- X509_OBJECT *obj;
- int ret = 1, added = 1;
-
- if (x == NULL)
- return 0;
- obj = X509_OBJECT_new();
- if (obj == NULL)
+ if (!x509_store_add(ctx, x, 0)) {
+ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
return 0;
- obj->type = X509_LU_CRL;
- obj->data.crl = x;
- X509_OBJECT_up_ref_count(obj);
-
- CRYPTO_THREAD_write_lock(ctx->lock);
-
- if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
- X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret = 0;
- } else {
- added = sk_X509_OBJECT_push(ctx->objs, obj);
- ret = added != 0;
}
+ return 1;
+}
- CRYPTO_THREAD_unlock(ctx->lock);
-
- if (!ret) /* obj not pushed */
- X509_OBJECT_free(obj);
- if (!added) /* on push failure */
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+{
+ if (!x509_store_add(ctx, x, 1)) {
X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
-
- return ret;
+ return 0;
+ }
+ return 1;
}
int X509_OBJECT_up_ref_count(X509_OBJECT *a)
{
switch (a->type) {
- default:
+ case X509_LU_NONE:
break;
case X509_LU_X509:
return X509_up_ref(a->data.x509);
X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
- ret->type = X509_LU_FAIL;
+ ret->type = X509_LU_NONE;
return ret;
}
if (a == NULL)
return;
switch (a->type) {
- default:
+ case X509_LU_NONE:
break;
case X509_LU_X509:
X509_free(a->data.x509);
stmp.data.crl = &crl_s;
crl_s.crl.issuer = name;
break;
- default:
+ case X509_LU_NONE:
/* abort(); */
return -1;
}
*issuer = NULL;
xn = X509_get_issuer_name(x);
ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
- if (ok != X509_LU_X509) {
+ if (ok != 1) {
X509_OBJECT_free(obj);
- if (ok == X509_LU_RETRY) {
- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
- return -1;
- }
- if (ok != X509_LU_FAIL) {
- /* not good :-(, break anyway */
- return -1;
- }
return 0;
}
/* If certificate matches all OK */