1 files changed, 77 insertions, 66 deletions
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 695252fc87..9c18c16eeb 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.47 2021/11/05 20:35:14 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.48 2021/11/05 21:39:45 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -533,102 +533,113 @@ X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo)
 }
 STACK_OF(X509) *
-X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *name)
 {
-        int i, idx, cnt;
+        X509_STORE *store = ctx->ctx;
        STACK_OF(X509) *sk;
-        X509 *x;
+        X509 *x = NULL;
        X509_OBJECT *obj;
+        int i, idx, cnt;
-        if (ctx->ctx == NULL)
+        if (store == NULL)
                return NULL;
-        sk = sk_X509_new_null();
-        if (sk == NULL)
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        idx = x509_object_idx_cnt(store->objs, X509_LU_X509, name, &cnt);
+        if (idx >= 0)
+                goto found;
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        /* Nothing found: do lookup to possibly add new objects to cache. */
+        obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name);
+        if (obj == NULL)
                return NULL;
+        X509_OBJECT_free(obj);
+        obj = NULL;
        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
+        idx = x509_object_idx_cnt(store->objs, X509_LU_X509, name, &cnt);
-        if (idx < 0) {
+        if (idx >= 0)
-                /* Nothing found in cache: do lookup to possibly add new
+                goto found;
-                 * objects to cache
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-                 */
-                X509_OBJECT xobj;
+        return NULL;
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-                if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {
+ found:
-                        sk_X509_free(sk);
+        if ((sk = sk_X509_new_null()) == NULL)
-                        return NULL;
+                goto err;
-                }
-                X509_OBJECT_free_contents(&xobj);
-                CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-                idx = x509_object_idx_cnt(ctx->ctx->objs,
-                    X509_LU_X509, nm, &cnt);
-                if (idx < 0) {
-                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-                        sk_X509_free(sk);
-                        return NULL;
-                }
-        }
        for (i = 0; i < cnt; i++, idx++) {
-                obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+                obj = sk_X509_OBJECT_value(store->objs, idx);
                x = obj->data.x509;
-                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+                if (!X509_up_ref(x)) {
-                if (!sk_X509_push(sk, x)) {
+                        x = NULL;
-                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        goto err;
-                        X509_free(x);
-                        sk_X509_pop_free(sk, X509_free);
-                        return NULL;
                }
+                if (!sk_X509_push(sk, x))
+                        goto err;
        }
        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
        return sk;
+ err:
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        sk_X509_pop_free(sk, X509_free);
+        X509_free(x);
+        return NULL;
 }
 STACK_OF(X509_CRL) *
-X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *name)
 {
+        X509_STORE *store = ctx->ctx;
+        STACK_OF(X509_CRL) *sk = NULL;
+        X509_CRL *x = NULL;
+        X509_OBJECT *obj = NULL;
        int i, idx, cnt;
-        STACK_OF(X509_CRL) *sk;
-        X509_CRL *x;
-        X509_OBJECT *obj, xobj;
-        if (ctx->ctx == NULL)
+        if (store == NULL)
-                return NULL;
-        sk = sk_X509_CRL_new_null();
-        if (sk == NULL)
                return NULL;
-        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-        /* Check cache first */
-        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
-        /* Always do lookup to possibly add new CRLs to cache
+        /* Always do lookup to possibly add new CRLs to cache */
-         */
+        obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_CRL, name);
-        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        if (obj == NULL)
-        if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
-                sk_X509_CRL_free(sk);
                return NULL;
-        }
-        X509_OBJECT_free_contents(&xobj);
+        X509_OBJECT_free(obj);
+        obj = NULL;
        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
+        idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, name, &cnt);
-        if (idx < 0) {
+        if (idx < 0)
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                goto err;
-                sk_X509_CRL_free(sk);
-                return NULL;
+        if ((sk = sk_X509_CRL_new_null()) == NULL)
-        }
+                goto err;
        for (i = 0; i < cnt; i++, idx++) {
-                obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+                obj = sk_X509_OBJECT_value(store->objs, idx);
                x = obj->data.crl;
-                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
+                if (!X509_CRL_up_ref(x)) {
-                if (!sk_X509_CRL_push(sk, x)) {
+                        x = NULL;
-                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        goto err;
-                        X509_CRL_free(x);
-                        sk_X509_CRL_pop_free(sk, X509_CRL_free);
-                        return NULL;
                }
+                if (!sk_X509_CRL_push(sk, x))
+                        goto err;
        }
        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
        return sk;
+ err:
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        X509_CRL_free(x);
+        sk_X509_CRL_pop_free(sk, X509_CRL_free);
+        return NULL;
 }
 X509_OBJECT *

diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index 695252fc87..9c18c16eeb 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_lu.c,v 1.47 2021/11/05 20:35:14 tb Exp $ */	1	/* $OpenBSD: x509_lu.c,v 1.48 2021/11/05 21:39:45 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -533,102 +533,113 @@ X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo)
533	}	533	}
534		534
535	STACK_OF(X509) *	535	STACK_OF(X509) *
536	X509_STORE_get1_certs(X509_STORE_CTX ctx, X509_NAME nm)	536	X509_STORE_get1_certs(X509_STORE_CTX ctx, X509_NAME name)
537	{	537	{
538	int i, idx, cnt;	538	X509_STORE *store = ctx->ctx;
539	STACK_OF(X509) *sk;	539	STACK_OF(X509) *sk;
540	X509 *x;	540	X509 *x = NULL;
541	X509_OBJECT *obj;	541	X509_OBJECT *obj;
		542	int i, idx, cnt;
542		543
543	if (ctx->ctx == NULL)	544	if (store == NULL)
544	return NULL;	545	return NULL;
545	sk = sk_X509_new_null();	546
546	if (sk == NULL)	547	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
		548	idx = x509_object_idx_cnt(store->objs, X509_LU_X509, name, &cnt);
		549	if (idx >= 0)
		550	goto found;
		551	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
		552
		553	/* Nothing found: do lookup to possibly add new objects to cache. */
		554	obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name);
		555	if (obj == NULL)
547	return NULL;	556	return NULL;
		557
		558	X509_OBJECT_free(obj);
		559	obj = NULL;
		560
548	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);	561	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
549	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);	562	idx = x509_object_idx_cnt(store->objs, X509_LU_X509, name, &cnt);
550	if (idx < 0) {	563	if (idx >= 0)
551	/* Nothing found in cache: do lookup to possibly add new	564	goto found;
552	* objects to cache	565	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
553	*/	566
554	X509_OBJECT xobj;	567	return NULL;
555	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);	568
556	if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) {	569	found:
557	sk_X509_free(sk);	570	if ((sk = sk_X509_new_null()) == NULL)
558	return NULL;	571	goto err;
559	}	572
560	X509_OBJECT_free_contents(&xobj);
561	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
562	idx = x509_object_idx_cnt(ctx->ctx->objs,
563	X509_LU_X509, nm, &cnt);
564	if (idx < 0) {
565	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
566	sk_X509_free(sk);
567	return NULL;
568	}
569	}
570	for (i = 0; i < cnt; i++, idx++) {	573	for (i = 0; i < cnt; i++, idx++) {
571	obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);	574	obj = sk_X509_OBJECT_value(store->objs, idx);
		575
572	x = obj->data.x509;	576	x = obj->data.x509;
573	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);	577	if (!X509_up_ref(x)) {
574	if (!sk_X509_push(sk, x)) {	578	x = NULL;
575	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);	579	goto err;
576	X509_free(x);
577	sk_X509_pop_free(sk, X509_free);
578	return NULL;
579	}	580	}
		581	if (!sk_X509_push(sk, x))
		582	goto err;
580	}	583	}
		584
581	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);	585	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
582	return sk;	586	return sk;
583		587
		588	err:
		589	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
		590	sk_X509_pop_free(sk, X509_free);
		591	X509_free(x);
		592	return NULL;
584	}	593	}
585		594
586	STACK_OF(X509_CRL) *	595	STACK_OF(X509_CRL) *
587	X509_STORE_get1_crls(X509_STORE_CTX ctx, X509_NAME nm)	596	X509_STORE_get1_crls(X509_STORE_CTX ctx, X509_NAME name)
588	{	597	{
		598	X509_STORE *store = ctx->ctx;
		599	STACK_OF(X509_CRL) *sk = NULL;
		600	X509_CRL *x = NULL;
		601	X509_OBJECT *obj = NULL;
589	int i, idx, cnt;	602	int i, idx, cnt;
590	STACK_OF(X509_CRL) *sk;
591	X509_CRL *x;
592	X509_OBJECT *obj, xobj;
593		603
594	if (ctx->ctx == NULL)	604	if (store == NULL)
595	return NULL;
596	sk = sk_X509_CRL_new_null();
597	if (sk == NULL)
598	return NULL;	605	return NULL;
599	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
600	/* Check cache first */
601	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
602		606
603	/* Always do lookup to possibly add new CRLs to cache	607	/* Always do lookup to possibly add new CRLs to cache */
604	*/	608	obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_CRL, name);
605	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);	609	if (obj == NULL)
606	if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
607	sk_X509_CRL_free(sk);
608	return NULL;	610	return NULL;
609	}	611
610	X509_OBJECT_free_contents(&xobj);	612	X509_OBJECT_free(obj);
		613	obj = NULL;
		614
611	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);	615	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
612	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);	616	idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, name, &cnt);
613	if (idx < 0) {	617	if (idx < 0)
614	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);	618	goto err;
615	sk_X509_CRL_free(sk);	619
616	return NULL;	620	if ((sk = sk_X509_CRL_new_null()) == NULL)
617	}	621	goto err;
618		622
619	for (i = 0; i < cnt; i++, idx++) {	623	for (i = 0; i < cnt; i++, idx++) {
620	obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);	624	obj = sk_X509_OBJECT_value(store->objs, idx);
		625
621	x = obj->data.crl;	626	x = obj->data.crl;
622	CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);	627	if (!X509_CRL_up_ref(x)) {
623	if (!sk_X509_CRL_push(sk, x)) {	628	x = NULL;
624	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);	629	goto err;
625	X509_CRL_free(x);
626	sk_X509_CRL_pop_free(sk, X509_CRL_free);
627	return NULL;
628	}	630	}
		631	if (!sk_X509_CRL_push(sk, x))
		632	goto err;
629	}	633	}
		634
630	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);	635	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
631	return sk;	636	return sk;
		637
		638	err:
		639	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
		640	X509_CRL_free(x);
		641	sk_X509_CRL_pop_free(sk, X509_CRL_free);
		642	return NULL;
632	}	643	}
633		644
634	X509_OBJECT *	645	X509_OBJECT *