Add X509_STORE lock and unlock functions

Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 337482dee3dfe4cd9027fad9121d9e746cef5753..6f5f269232b05ba1dfccb65943b250097f884412 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -40,6 +40,16 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
     OPENSSL_free(ctx);
 }
 
+int X509_STORE_lock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_write_lock(s->lock);
+}
+
+int X509_STORE_unlock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_unlock(s->lock);
+}
+
 int X509_LOOKUP_init(X509_LOOKUP *ctx)
 {
     if (ctx->method == NULL)

diff --git a/doc/crypto/X509_STORE_new.pod b/doc/crypto/X509_STORE_new.pod
index 0d0656f2de8c7c0d735a3fc1277dc4b8787a2383..f7a5c81416b321734598ea7eae1033c2747aad33 100644 (file)
--- a/doc/crypto/X509_STORE_new.pod
+++ b/doc/crypto/X509_STORE_new.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and freeing functions
+X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock,
+X509_STORE_unlock - X509_STORE allocation, freeing and locking functions
 
 =head1 SYNOPSIS
 
@@ -10,6 +11,8 @@ X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and f
 
  X509_STORE *X509_STORE_new(void);
  void X509_STORE_free(X509_STORE *v);
+ int X509_STORE_lock(X509_STORE *v);
+ int X509_STORE_unlock(X509_STORE *v);
  int X509_STORE_up_ref(X509_STORE *v);
 
 =head1 DESCRIPTION
@@ -19,13 +22,17 @@ The X509_STORE_new() function returns a new X509_STORE.
 X509_STORE_up_ref() increments the reference count associated with the
 X509_STORE object.
 
+X509_STORE_lock() locks the store from modification by other threads,
+X509_STORE_unlock() locks it.
+
 X509_STORE_free() frees up a single X509_STORE object.
 
 =head1 RETURN VALUES
 
 X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.
 
-X509_STORE_up_ref() returns 1 for success and 0 for failure.
+X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return
+1 for success and 0 for failure.
 
 X509_STORE_free() does not return values.
 
@@ -36,7 +43,8 @@ L<X509_STORE_get0_param(3)>
 
 =head1 HISTORY
 
-The B<X509_STORE_up_ref> function was added in OpenSSL 1.1.0
+The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock()
+functions were added in OpenSSL 1.1.0
 
 =head1 COPYRIGHT
 

diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index dc726524751ca685e536cc9d5dac1405114dc33f..5cb2a40511958db6fd6bc47dacc4d2a9b5522527 100644 (file)
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -255,6 +255,8 @@ X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
 X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void);
 void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *ctx);
+int X509_STORE_unlock(X509_STORE *ctx);
 int X509_STORE_up_ref(X509_STORE *v);
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
 

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 42b63bcd65df49b094a445255a14ea094e423299..0a793790d85d7a21487c803d62add0affe20ac23 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4185,3 +4185,5 @@ X509_STORE_CTX_get_check_revocation     4129      1_1_0   EXIST::FUNCTION:
 X509_STORE_get_verify_cb                4130   1_1_0   EXIST::FUNCTION:
 X509_STORE_CTX_get_lookup_crls          4131   1_1_0   EXIST::FUNCTION:
 X509_STORE_get_verify                   4132   1_1_0   EXIST::FUNCTION:
+X509_STORE_unlock                       4133   1_1_0   EXIST::FUNCTION:
+X509_STORE_lock                         4134   1_1_0   EXIST::FUNCTION: