X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509%2Fx509_lu.c;h=b8845f1e64fcd5811ec5ecce5e2eef2118ca7528;hp=282adb4e8f5da3bed0751b5ee222fd5d70f4f1ce;hb=f32b0abe26285c6ba2ff258512c08e8f2fbcbdc9;hpb=0946a19886b0e7b8213db6559eb8b8eb63fc1503

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 282adb4e8f..b8845f1e64 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/lhash.h>
+#include "internal/refcount.h"
 #include <openssl/x509.h>
 #include "internal/x509_int.h"
 #include <openssl/x509v3.h>
@@ -85,7 +85,7 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                            X509_NAME *name, X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-        return X509_LU_FAIL;
+        return 0;
     if (ctx->skip)
         return 0;
     return ctx->method->get_by_subject(ctx, type, name, ret);
@@ -96,24 +96,24 @@ int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                                  X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
-        return X509_LU_FAIL;
+        return 0;
     return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
 }
 
 int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                               unsigned char *bytes, int len,
+                               const unsigned char *bytes, int len,
                                X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-        return X509_LU_FAIL;
+        return 0;
     return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
 }
 
 int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                         char *str, int len, X509_OBJECT *ret)
+                         const char *str, int len, X509_OBJECT *ret)
 {
     if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-        return X509_LU_FAIL;
+        return 0;
     return ctx->method->get_by_alias(ctx, type, str, len, ret);
 }
 
@@ -132,7 +132,7 @@ static int x509_object_cmp(const X509_OBJECT *const *a,
     case X509_LU_CRL:
         ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
         break;
-    default:
+    case X509_LU_NONE:
         /* abort(); */
         return 0;
     }
@@ -172,21 +172,6 @@ err:
     return NULL;
 }
 
-static void cleanup(X509_OBJECT *a)
-{
-    if (!a)
-        return;
-    if (a->type == X509_LU_X509) {
-        X509_free(a->data.x509);
-    } else if (a->type == X509_LU_CRL) {
-        X509_CRL_free(a->data.crl);
-    } else {
-        /* abort(); */
-    }
-
-    OPENSSL_free(a);
-}
-
 void X509_STORE_free(X509_STORE *vfy)
 {
     int i;
@@ -196,7 +181,7 @@ void X509_STORE_free(X509_STORE *vfy)
     if (vfy == NULL)
         return;
 
-    CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock);
+    CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
     REF_PRINT_COUNT("X509_STORE", vfy);
     if (i > 0)
         return;
@@ -209,7 +194,7 @@ void X509_STORE_free(X509_STORE *vfy)
         X509_LOOKUP_free(lu);
     }
     sk_X509_LOOKUP_free(sk);
-    sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
+    sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
     X509_VERIFY_PARAM_free(vfy->param);
@@ -221,7 +206,7 @@ int X509_STORE_up_ref(X509_STORE *vfy)
 {
     int i;
 
-    if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0)
+    if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
         return 0;
 
     REF_PRINT_COUNT("X509_STORE", a);
@@ -305,26 +290,29 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
     return 1;
 }
 
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
-{
+static int x509_store_add(X509_STORE *ctx, void *x, int crl) {
     X509_OBJECT *obj;
-    int ret = 1, added = 1;
+    int ret = 0, added = 0;
 
     if (x == NULL)
         return 0;
     obj = X509_OBJECT_new();
     if (obj == NULL)
         return 0;
-    obj->type = X509_LU_X509;
-    obj->data.x509 = x;
+
+    if (crl) {
+        obj->type = X509_LU_CRL;
+        obj->data.crl = (X509_CRL *)x;
+    } else {
+        obj->type = X509_LU_X509;
+        obj->data.x509 = (X509 *)x;
+    }
     X509_OBJECT_up_ref_count(obj);
 
     CRYPTO_THREAD_write_lock(ctx->lock);
 
     if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-        X509err(X509_F_X509_STORE_ADD_CERT,
-                X509_R_CERT_ALREADY_IN_HASH_TABLE);
-        ret = 0;
+        ret = 1;
     } else {
         added = sk_X509_OBJECT_push(ctx->objs, obj);
         ret = added != 0;
@@ -332,52 +320,34 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
 
     CRYPTO_THREAD_unlock(ctx->lock);
 
-    if (!ret)                   /* obj not pushed */
+    if (added == 0)             /* obj not pushed */
         X509_OBJECT_free(obj);
-    if (!added)                 /* on push failure */
-        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
 
     return ret;
 }
 
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
 {
-    X509_OBJECT *obj;
-    int ret = 1, added = 1;
-
-    if (x == NULL)
-        return 0;
-    obj = X509_OBJECT_new();
-    if (obj == NULL)
+    if (!x509_store_add(ctx, x, 0)) {
+        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
         return 0;
-    obj->type = X509_LU_CRL;
-    obj->data.crl = x;
-    X509_OBJECT_up_ref_count(obj);
-
-    CRYPTO_THREAD_write_lock(ctx->lock);
-
-    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
-        X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
-        ret = 0;
-    } else {
-        added = sk_X509_OBJECT_push(ctx->objs, obj);
-        ret = added != 0;
     }
+    return 1;
+}
 
-    CRYPTO_THREAD_unlock(ctx->lock);
-
-    if (!ret)                   /* obj not pushed */
-        X509_OBJECT_free(obj);
-    if (!added)                 /* on push failure */
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+{
+    if (!x509_store_add(ctx, x, 1)) {
         X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
-
-    return ret;
+        return 0;
+    }
+    return 1;
 }
 
 int X509_OBJECT_up_ref_count(X509_OBJECT *a)
 {
     switch (a->type) {
-    default:
+    case X509_LU_NONE:
         break;
     case X509_LU_X509:
         return X509_up_ref(a->data.x509);
@@ -414,7 +384,7 @@ X509_OBJECT *X509_OBJECT_new()
         X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    ret->type = X509_LU_FAIL;
+    ret->type = X509_LU_NONE;
     return ret;
 }
 
@@ -424,7 +394,7 @@ void X509_OBJECT_free(X509_OBJECT *a)
     if (a == NULL)
         return;
     switch (a->type) {
-    default:
+    case X509_LU_NONE:
         break;
     case X509_LU_X509:
         X509_free(a->data.x509);
@@ -454,7 +424,7 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
         stmp.data.crl = &crl_s;
         crl_s.crl.issuer = name;
         break;
-    default:
+    case X509_LU_NONE:
         /* abort(); */
         return -1;
     }
@@ -633,16 +603,8 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
     *issuer = NULL;
     xn = X509_get_issuer_name(x);
     ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
-    if (ok != X509_LU_X509) {
+    if (ok != 1) {
         X509_OBJECT_free(obj);
-        if (ok == X509_LU_RETRY) {
-            X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
-            return -1;
-        }
-        if (ok != X509_LU_FAIL) {
-            /* not good :-(, break anyway */
-            return -1;
-        }
         return 0;
     }
     /* If certificate matches all OK */