X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=crypto%2Fx509%2Fx509_lu.c;h=7e38544e5f2399fdd29e6779e253f8b4baeeb669;hb=cab6de03a2b721c89baffde254a4d3482f93c524;hp=35a8e351c0274c70183d9df29909f219db441199;hpb=4d50a2b4d6ae7618844380c1ebd5437226286db7;p=oweals%2Fopenssl.git

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 35a8e351c0..7e38544e5f 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -196,9 +196,17 @@ X509_STORE *X509_STORE_new(void)
 	ret->get_crl = 0;
 	ret->check_crl = 0;
 	ret->cert_crl = 0;
+	ret->lookup_certs = 0;
+	ret->lookup_crls = 0;
 	ret->cleanup = 0;
 
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+		{
+		sk_X509_OBJECT_free(ret->objs);
+		OPENSSL_free(ret);
+		return NULL;
+		}
+
 	ret->references=1;
 	return ret;
 	}
@@ -288,7 +296,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
 
 	tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
 
-	if (tmp == NULL)
+	if (tmp == NULL || type == X509_LU_CRL)
 		{
 		for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
 			{
@@ -452,9 +460,9 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
 		for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++)
 			{
 			tobj = sk_X509_OBJECT_value(h, tidx);
-			if (!x509_object_cmp(&tobj, &pstmp))
+			if (x509_object_cmp(&tobj, &pstmp))
 				break;
-			*pnmatch++;
+			(*pnmatch)++;
 			}
 		}
 	return idx;
@@ -476,7 +484,7 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
 	return sk_X509_OBJECT_value(h, idx);
 }
 
-STACK_OF(X509)* X509_STORE_get_certs(X509_STORE *st, X509_NAME *nm)
+STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
 	{
 	int i, idx, cnt;
 	STACK_OF(X509) *sk;
@@ -484,16 +492,32 @@ STACK_OF(X509)* X509_STORE_get_certs(X509_STORE *st, X509_NAME *nm)
 	X509_OBJECT *obj;
 	sk = sk_X509_new_null();
 	CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
-	idx = x509_object_idx_cnt(st->objs, X509_LU_X509, nm, &cnt);
+	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
 	if (idx < 0)
 		{
+		/* Nothing found in cache: do lookup to possibly add new
+		 * objects to cache
+		 */
+		X509_OBJECT xobj;
 		CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
-		sk_X509_free(sk);
-		return NULL;
+		if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj))
+			{
+			sk_X509_free(sk);
+			return NULL;
+			}
+		X509_OBJECT_free_contents(&xobj);
+		CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+		idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt);
+		if (idx < 0)
+			{
+			CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+			sk_X509_free(sk);
+			return NULL;
+			}
 		}
 	for (i = 0; i < cnt; i++, idx++)
 		{
-		obj = sk_X509_OBJECT_value(st->objs, i);
+		obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
 		x = obj->data.x509;
 		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
 		if (!sk_X509_push(sk, x))
@@ -509,24 +533,38 @@ STACK_OF(X509)* X509_STORE_get_certs(X509_STORE *st, X509_NAME *nm)
 
 	}
 
-STACK_OF(X509_CRL)* X509_STORE_get_crls(X509_STORE *st, X509_NAME *nm)
+STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
 	{
 	int i, idx, cnt;
 	STACK_OF(X509_CRL) *sk;
 	X509_CRL *x;
-	X509_OBJECT *obj;
+	X509_OBJECT *obj, xobj;
 	sk = sk_X509_CRL_new_null();
 	CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
-	idx = x509_object_idx_cnt(st->objs, X509_LU_CRL, nm, &cnt);
+	/* Check cache first */
+	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
+
+	/* Always do lookup to possibly add new CRLs to cache
+	 */
+	CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+	if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj))
+		{
+		sk_X509_CRL_free(sk);
+		return NULL;
+		}
+	X509_OBJECT_free_contents(&xobj);
+	CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+	idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt);
 	if (idx < 0)
 		{
 		CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
 		sk_X509_CRL_free(sk);
 		return NULL;
 		}
+
 	for (i = 0; i < cnt; i++, idx++)
 		{
-		obj = sk_X509_OBJECT_value(st->objs, i);
+		obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
 		x = obj->data.crl;
 		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
 		if (!sk_X509_CRL_push(sk, x))
@@ -663,5 +701,11 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
 	return X509_VERIFY_PARAM_set1(ctx->param, param);
 	}
 
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+				  int (*verify_cb)(int, X509_STORE_CTX *))
+	{
+	ctx->verify_cb = verify_cb;
+	}
+
 IMPLEMENT_STACK_OF(X509_LOOKUP)
 IMPLEMENT_STACK_OF(X509_OBJECT)