X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fx509%2Fx509_lu.c;h=d3c1fef22cce0bbff03badd311f6c025aa0bf698;hb=e9a5932d04f6b7dd25b39a8ff9dc162d64a78c22;hp=7b33ebad73b3fa01f587c1b568a52766773f3311;hpb=e6e9170d6e28038768895e1af18e3aad8093bf4b;p=oweals%2Fopenssl.git diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 7b33ebad73..d3c1fef22c 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -17,14 +17,15 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { - X509_LOOKUP *ret; + X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret)); - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) + if (ret == NULL) { + X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } ret->method = method; - if ((method->new_item != NULL) && !method->new_item(ret)) { + if (method->new_item != NULL && method->new_item(ret) == 0) { OPENSSL_free(ret); return NULL; } @@ -117,6 +118,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, return ctx->method->get_by_alias(ctx, type, str, len, ret); } +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data) +{ + ctx->method_data = data; + return 1; +} + +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx) +{ + return ctx->method_data; +} + +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx) +{ + return ctx->store_ctx; +} + + static int x509_object_cmp(const X509_OBJECT *const *a, const X509_OBJECT *const *b) { @@ -141,25 +159,36 @@ static int x509_object_cmp(const X509_OBJECT *const *a, X509_STORE *X509_STORE_new(void) { - X509_STORE *ret; + X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) + if (ret == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); return NULL; - if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) + } + if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } ret->cache = 1; - if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) + if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } - if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) + if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + } + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) + if (ret->lock == NULL) { + X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); goto err; + } ret->references = 1; return ret; @@ -208,7 +237,7 @@ int X509_STORE_up_ref(X509_STORE *vfy) if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0) return 0; - REF_PRINT_COUNT("X509_STORE", a); + REF_PRINT_COUNT("X509_STORE", vfy); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -228,17 +257,18 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) } /* a new one */ lu = X509_LOOKUP_new(m); - if (lu == NULL) + if (lu == NULL) { + X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE); return NULL; - else { - lu->store_ctx = v; - if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) - return lu; - else { - X509_LOOKUP_free(lu); - return NULL; - } } + + lu->store_ctx = v; + if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) + return lu; + /* malloc failed */ + X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE); + X509_LOOKUP_free(lu); + return NULL; } X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, @@ -259,18 +289,25 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { - X509_STORE *ctx = vs->ctx; + X509_STORE *store = vs->ctx; X509_LOOKUP *lu; X509_OBJECT stmp, *tmp; int i, j; - CRYPTO_THREAD_write_lock(ctx->lock); - tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); - CRYPTO_THREAD_unlock(ctx->lock); + if (store == NULL) + return 0; + + stmp.type = X509_LU_NONE; + stmp.data.ptr = NULL; + + + X509_STORE_lock(store); + tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name); + X509_STORE_unlock(store); if (tmp == NULL || type == X509_LU_CRL) { - for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { - lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(store->get_cert_methods, i); j = X509_LOOKUP_by_subject(lu, type, name, &stmp); if (j) { tmp = &stmp; @@ -289,7 +326,7 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 1; } -static int x509_store_add(X509_STORE *ctx, void *x, int crl) { +static int x509_store_add(X509_STORE *store, void *x, int crl) { X509_OBJECT *obj; int ret = 0, added = 0; @@ -308,16 +345,14 @@ static int x509_store_add(X509_STORE *ctx, void *x, int crl) { } X509_OBJECT_up_ref_count(obj); - CRYPTO_THREAD_write_lock(ctx->lock); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { + X509_STORE_lock(store); + if (X509_OBJECT_retrieve_match(store->objs, obj)) { ret = 1; } else { - added = sk_X509_OBJECT_push(ctx->objs, obj); + added = sk_X509_OBJECT_push(store->objs, obj); ret = added != 0; } - - CRYPTO_THREAD_unlock(ctx->lock); + X509_STORE_unlock(store); if (added == 0) /* obj not pushed */ X509_OBJECT_free(obj); @@ -375,7 +410,7 @@ X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) return a->type; } -X509_OBJECT *X509_OBJECT_new() +X509_OBJECT *X509_OBJECT_new(void) { X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -387,8 +422,7 @@ X509_OBJECT *X509_OBJECT_new() return ret; } - -void X509_OBJECT_free(X509_OBJECT *a) +static void x509_object_free_internal(X509_OBJECT *a) { if (a == NULL) return; @@ -402,6 +436,33 @@ void X509_OBJECT_free(X509_OBJECT *a) X509_CRL_free(a->data.crl); break; } +} + +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) +{ + if (a == NULL || !X509_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_X509; + a->data.x509 = obj; + return 1; +} + +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) +{ + if (a == NULL || !X509_CRL_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_CRL; + a->data.crl = obj; + return 1; +} + +void X509_OBJECT_free(X509_OBJECT *a) +{ + x509_object_free_internal(a); OPENSSL_free(a); } @@ -472,9 +533,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509) *sk = NULL; X509 *x; X509_OBJECT *obj; + X509_STORE *store = ctx->ctx; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + if (store == NULL) + return NULL; + + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { /* * Nothing found in cache: do lookup to possibly add new objects to @@ -482,7 +547,8 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) */ X509_OBJECT *xobj = X509_OBJECT_new(); - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); + if (xobj == NULL) return NULL; if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { @@ -490,27 +556,27 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return NULL; } } sk = sk_X509_new_null(); for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.x509; X509_up_ref(x); if (!sk_X509_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_free(x); sk_X509_pop_free(sk, X509_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } @@ -520,52 +586,56 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); X509_CRL *x; X509_OBJECT *obj, *xobj = X509_OBJECT_new(); + X509_STORE *store = ctx->ctx; /* Always do lookup to possibly add new CRLs to cache */ - if (sk == NULL || xobj == NULL || - !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { + if (sk == NULL + || xobj == NULL + || store == NULL + || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { X509_OBJECT_free(xobj); sk_X509_CRL_free(sk); return NULL; } X509_OBJECT_free(xobj); - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + X509_STORE_lock(store); + idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); sk_X509_CRL_free(sk); return NULL; } for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.crl; X509_CRL_up_ref(x); if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); X509_CRL_free(x); sk_X509_CRL_pop_free(sk, X509_CRL_free); return NULL; } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); return sk; } X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) { - int idx, i; + int idx, i, num; X509_OBJECT *obj; + idx = sk_X509_OBJECT_find(h, x); - if (idx == -1) + if (idx < 0) return NULL; if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) return sk_X509_OBJECT_value(h, idx); - for (i = idx; i < sk_X509_OBJECT_num(h); i++) { + for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) { obj = sk_X509_OBJECT_value(h, i); - if (x509_object_cmp - ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) + if (x509_object_cmp((const X509_OBJECT **)&obj, + (const X509_OBJECT **)&x)) return NULL; if (x->type == X509_LU_X509) { if (!X509_cmp(obj->data.x509, x->data.x509)) @@ -595,6 +665,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; + X509_STORE *store = ctx->ctx; int i, ok, idx, ret; if (obj == NULL) @@ -617,15 +688,18 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } X509_OBJECT_free(obj); + if (store == NULL) + return 0; + /* Else find index of first cert accepted by 'check_issued' */ ret = 0; - CRYPTO_THREAD_write_lock(ctx->ctx->lock); - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + X509_STORE_lock(store); + idx = X509_OBJECT_idx_by_subject(store->objs, X509_LU_X509, xn); if (idx != -1) { /* should be true as we've had at least one * match */ /* Look through all matching certs for suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + for (i = idx; i < sk_X509_OBJECT_num(store->objs); i++) { + pobj = sk_X509_OBJECT_value(store->objs, i); /* See if we've run past the matches */ if (pobj->type != X509_LU_X509) break; @@ -646,7 +720,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } - CRYPTO_THREAD_unlock(ctx->ctx->lock); + X509_STORE_unlock(store); if (*issuer) X509_up_ref(*issuer); return ret;