From e47c05633e71982af8dbe4e462e45b7240890e95 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 21 Nov 2023 23:24:55 -0500 Subject: [PATCH] Tidy up x509_lu.c functions a little Change-Id: I0345ab008002ec13e21b315117a73f2b906b6d97 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64247 Reviewed-by: Bob Beck Commit-Queue: David Benjamin (cherry picked from commit 46a7b4dea1895a50f022868f62f671b2fa2c47b1) --- crypto/x509/x509_lu.c | 129 ++++++++++++++---------------------------- 1 file changed, 42 insertions(+), 87 deletions(-) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index d679493f70..1923867441 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -73,17 +73,20 @@ static X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); static int X509_OBJECT_up_ref_count(X509_OBJECT *a); -static X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); +static X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method, + X509_STORE *store); static int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, X509_OBJECT *ret); -static X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { +static X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method, + X509_STORE *store) { X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(X509_LOOKUP)); if (ret == NULL) { return NULL; } ret->method = method; + ret->store_ctx = store; if ((method->new_item != NULL) && !method->new_item(ret)) { OPENSSL_free(ret); return NULL; @@ -147,42 +150,24 @@ static int x509_object_cmp_sk(const X509_OBJECT *const *a, } X509_STORE *X509_STORE_new(void) { - X509_STORE *ret; - - if ((ret = (X509_STORE *)OPENSSL_zalloc(sizeof(X509_STORE))) == NULL) { + X509_STORE *ret = OPENSSL_zalloc(sizeof(X509_STORE)); + if (ret == NULL) { return NULL; } + + ret->references = 1; CRYPTO_MUTEX_init(&ret->objs_lock); ret->objs = sk_X509_OBJECT_new(x509_object_cmp_sk); - if (ret->objs == NULL) { - goto err; - } ret->get_cert_methods = sk_X509_LOOKUP_new_null(); - if (ret->get_cert_methods == NULL) { - goto err; - } ret->param = X509_VERIFY_PARAM_new(); - if (ret->param == NULL) { - goto err; + if (ret->objs == NULL || + ret->get_cert_methods == NULL || + ret->param == NULL) { + X509_STORE_free(ret); + return NULL; } - ret->references = 1; return ret; -err: - if (ret) { - CRYPTO_MUTEX_cleanup(&ret->objs_lock); - if (ret->param) { - X509_VERIFY_PARAM_free(ret->param); - } - if (ret->get_cert_methods) { - sk_X509_LOOKUP_free(ret->get_cert_methods); - } - if (ret->objs) { - sk_X509_OBJECT_free(ret->objs); - } - OPENSSL_free(ret); - } - return NULL; } int X509_STORE_lock(X509_STORE *v) { @@ -207,10 +192,6 @@ int X509_STORE_up_ref(X509_STORE *store) { } void X509_STORE_free(X509_STORE *vfy) { - size_t j; - STACK_OF(X509_LOOKUP) *sk; - X509_LOOKUP *lu; - if (vfy == NULL) { return; } @@ -220,62 +201,41 @@ void X509_STORE_free(X509_STORE *vfy) { } CRYPTO_MUTEX_cleanup(&vfy->objs_lock); - - sk = vfy->get_cert_methods; - for (j = 0; j < sk_X509_LOOKUP_num(sk); j++) { - lu = sk_X509_LOOKUP_value(sk, j); - X509_LOOKUP_free(lu); - } - sk_X509_LOOKUP_free(sk); + sk_X509_LOOKUP_pop_free(vfy->get_cert_methods, X509_LOOKUP_free); sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free); - - if (vfy->param) { - X509_VERIFY_PARAM_free(vfy->param); - } + X509_VERIFY_PARAM_free(vfy->param); OPENSSL_free(vfy); } X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) { - size_t i; - STACK_OF(X509_LOOKUP) *sk; - X509_LOOKUP *lu; - - sk = v->get_cert_methods; - for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { - lu = sk_X509_LOOKUP_value(sk, i); + STACK_OF(X509_LOOKUP) *sk = v->get_cert_methods; + for (size_t i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + X509_LOOKUP *lu = sk_X509_LOOKUP_value(sk, i); if (m == lu->method) { return lu; } } - // a new one - lu = X509_LOOKUP_new(m); - if (lu == NULL) { + + X509_LOOKUP *lu = X509_LOOKUP_new(m, v); + if (lu == NULL || !sk_X509_LOOKUP_push(v->get_cert_methods, lu)) { + X509_LOOKUP_free(lu); return NULL; - } else { - lu->store_ctx = v; - if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) { - return lu; - } else { - X509_LOOKUP_free(lu); - return NULL; - } } + + return lu; } int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT *ret) { X509_STORE *ctx = vs->ctx; - X509_LOOKUP *lu; - X509_OBJECT stmp, *tmp; - int i; - + X509_OBJECT stmp; CRYPTO_MUTEX_lock_write(&ctx->objs_lock); - tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); + X509_OBJECT *tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_MUTEX_unlock_write(&ctx->objs_lock); if (tmp == NULL || type == X509_LU_CRL) { - for (i = 0; i < (int)sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { - lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + for (size_t i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + X509_LOOKUP *lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); if (X509_LOOKUP_by_subject(lu, type, name, &stmp)) { tmp = &stmp; break; @@ -481,16 +441,13 @@ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st) { } STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) { - int i, idx, cnt; - STACK_OF(X509) *sk; - X509 *x; - X509_OBJECT *obj; - sk = sk_X509_new_null(); + int cnt; + STACK_OF(X509) *sk = sk_X509_new_null(); if (sk == NULL) { return NULL; } CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + int idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { // Nothing found in cache: do lookup to possibly add new objects to // cache @@ -509,9 +466,9 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) { return NULL; } } - for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); - x = obj->data.x509; + for (int i = 0; i < cnt; i++, idx++) { + X509_OBJECT *obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + X509 *x = obj->data.x509; if (!sk_X509_push(sk, x)) { CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock); sk_X509_pop_free(sk, X509_free); @@ -524,11 +481,9 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) { } STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { - int i, idx, cnt; - STACK_OF(X509_CRL) *sk; - X509_CRL *x; - X509_OBJECT *obj, xobj; - sk = sk_X509_CRL_new_null(); + int cnt; + X509_OBJECT xobj; + STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); if (sk == NULL) { return NULL; } @@ -540,16 +495,16 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { } X509_OBJECT_free_contents(&xobj); CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); - idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + int idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock); sk_X509_CRL_free(sk); return NULL; } - for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); - x = obj->data.crl; + for (int i = 0; i < cnt; i++, idx++) { + X509_OBJECT *obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + X509_CRL *x = obj->data.crl; X509_CRL_up_ref(x); if (!sk_X509_CRL_push(sk, x)) { CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock);