From 3067095e8a2cca3d33fa0af77788bc45da68b76b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 7 Jul 2016 23:55:34 +0200 Subject: [PATCH] Add X509_STORE lock and unlock functions Since there are a number of function pointers in X509_STORE that might lead to user code, it makes sense for them to be able to lock the store while they do their work. Reviewed-by: Rich Salz --- crypto/x509/x509_lu.c | 10 ++++++++++ doc/crypto/X509_STORE_new.pod | 14 +++++++++++--- include/openssl/x509_vfy.h | 2 ++ util/libcrypto.num | 2 ++ 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 337482dee3..6f5f269232 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -40,6 +40,16 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx) OPENSSL_free(ctx); } +int X509_STORE_lock(X509_STORE *s) +{ + return CRYPTO_THREAD_write_lock(s->lock); +} + +int X509_STORE_unlock(X509_STORE *s) +{ + return CRYPTO_THREAD_unlock(s->lock); +} + int X509_LOOKUP_init(X509_LOOKUP *ctx) { if (ctx->method == NULL) diff --git a/doc/crypto/X509_STORE_new.pod b/doc/crypto/X509_STORE_new.pod index 0d0656f2de..f7a5c81416 100644 --- a/doc/crypto/X509_STORE_new.pod +++ b/doc/crypto/X509_STORE_new.pod @@ -2,7 +2,8 @@ =head1 NAME -X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and freeing functions +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, +X509_STORE_unlock - X509_STORE allocation, freeing and locking functions =head1 SYNOPSIS @@ -10,6 +11,8 @@ X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and f X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); + int X509_STORE_lock(X509_STORE *v); + int X509_STORE_unlock(X509_STORE *v); int X509_STORE_up_ref(X509_STORE *v); =head1 DESCRIPTION @@ -19,13 +22,17 @@ The X509_STORE_new() function returns a new X509_STORE. X509_STORE_up_ref() increments the reference count associated with the X509_STORE object. +X509_STORE_lock() locks the store from modification by other threads, +X509_STORE_unlock() locks it. + X509_STORE_free() frees up a single X509_STORE object. =head1 RETURN VALUES X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails. -X509_STORE_up_ref() returns 1 for success and 0 for failure. +X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return +1 for success and 0 for failure. X509_STORE_free() does not return values. @@ -36,7 +43,8 @@ L =head1 HISTORY -The B function was added in OpenSSL 1.1.0 +The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() +functions were added in OpenSSL 1.1.0 =head1 COPYRIGHT diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index dc72652475..5cb2a40511 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -255,6 +255,8 @@ X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); +int X509_STORE_lock(X509_STORE *ctx); +int X509_STORE_unlock(X509_STORE *ctx); int X509_STORE_up_ref(X509_STORE *v); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); diff --git a/util/libcrypto.num b/util/libcrypto.num index 42b63bcd65..0a793790d8 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4185,3 +4185,5 @@ X509_STORE_CTX_get_check_revocation 4129 1_1_0 EXIST::FUNCTION: X509_STORE_get_verify_cb 4130 1_1_0 EXIST::FUNCTION: X509_STORE_CTX_get_lookup_crls 4131 1_1_0 EXIST::FUNCTION: X509_STORE_get_verify 4132 1_1_0 EXIST::FUNCTION: +X509_STORE_unlock 4133 1_1_0 EXIST::FUNCTION: +X509_STORE_lock 4134 1_1_0 EXIST::FUNCTION: -- 2.25.1