Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
a8397553
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
a8397553
编写于
2月 19, 2010
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix X509_STORE locking
上级
69582a59
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
51 addition
and
43 deletion
+51
-43
CHANGES
CHANGES
+5
-1
crypto/x509/by_dir.c
crypto/x509/by_dir.c
+2
-3
crypto/x509/x509_lu.c
crypto/x509/x509_lu.c
+44
-39
未找到文件。
CHANGES
浏览文件 @
a8397553
...
...
@@ -896,7 +896,11 @@
*) Change 'Configure' script to enable Camellia by default.
[NTT]
Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
Changes between 0.9.8l and 0.9.8m [xx XXX xxxx]
*) Fix X509_STORE locking: Every 'objs' access requires a lock (to
accommodate for stack sorting, always a write lock!).
[Bodo Moeller]
*) On some versions of WIN32 Heap32Next is very slow. This can cause
excessive delays in the RAND_poll(): over a minute. As a workaround
...
...
crypto/x509/by_dir.c
浏览文件 @
a8397553
...
...
@@ -420,11 +420,11 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
/* we have added it to the cache so now pull
* it out again */
CRYPTO_
r
_lock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_lock
(
CRYPTO_LOCK_X509_STORE
);
j
=
sk_X509_OBJECT_find
(
xl
->
store_ctx
->
objs
,
&
stmp
);
if
(
j
!=
-
1
)
tmp
=
sk_X509_OBJECT_value
(
xl
->
store_ctx
->
objs
,
j
);
else
tmp
=
NULL
;
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
/* If a CRL, update the last file suffix added for this */
...
...
@@ -480,4 +480,3 @@ finish:
if
(
b
!=
NULL
)
BUF_MEM_free
(
b
);
return
(
ok
);
}
crypto/x509/x509_lu.c
浏览文件 @
a8397553
...
...
@@ -294,7 +294,9 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
X509_OBJECT
stmp
,
*
tmp
;
int
i
,
j
;
CRYPTO_w_lock
(
CRYPTO_LOCK_X509_STORE
);
tmp
=
X509_OBJECT_retrieve_by_subject
(
ctx
->
objs
,
type
,
name
);
CRYPTO_w_unlock
(
CRYPTO_LOCK_X509_STORE
);
if
(
tmp
==
NULL
||
type
==
X509_LU_CRL
)
{
...
...
@@ -348,7 +350,6 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
X509_OBJECT_up_ref_count
(
obj
);
if
(
X509_OBJECT_retrieve_match
(
ctx
->
objs
,
obj
))
{
X509_OBJECT_free_contents
(
obj
);
...
...
@@ -477,12 +478,12 @@ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_OBJECT
*
X509_OBJECT_retrieve_by_subject
(
STACK_OF
(
X509_OBJECT
)
*
h
,
int
type
,
X509_NAME
*
name
)
{
{
int
idx
;
idx
=
X509_OBJECT_idx_by_subject
(
h
,
type
,
name
);
if
(
idx
==-
1
)
return
NULL
;
return
sk_X509_OBJECT_value
(
h
,
idx
);
}
}
STACK_OF
(
X509
)
*
X509_STORE_get1_certs
(
X509_STORE_CTX
*
ctx
,
X509_NAME
*
nm
)
{
...
...
@@ -491,7 +492,7 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
X509
*
x
;
X509_OBJECT
*
obj
;
sk
=
sk_X509_new_null
();
CRYPTO_
r
_lock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_lock
(
CRYPTO_LOCK_X509_STORE
);
idx
=
x509_object_idx_cnt
(
ctx
->
ctx
->
objs
,
X509_LU_X509
,
nm
,
&
cnt
);
if
(
idx
<
0
)
{
...
...
@@ -499,18 +500,18 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
* objects to cache
*/
X509_OBJECT
xobj
;
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
if
(
!
X509_STORE_get_by_subject
(
ctx
,
X509_LU_X509
,
nm
,
&
xobj
))
{
sk_X509_free
(
sk
);
return
NULL
;
}
X509_OBJECT_free_contents
(
&
xobj
);
CRYPTO_
r
_lock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_lock
(
CRYPTO_LOCK_X509_STORE
);
idx
=
x509_object_idx_cnt
(
ctx
->
ctx
->
objs
,
X509_LU_X509
,
nm
,
&
cnt
);
if
(
idx
<
0
)
{
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
sk_X509_free
(
sk
);
return
NULL
;
}
...
...
@@ -522,13 +523,13 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
CRYPTO_add
(
&
x
->
references
,
1
,
CRYPTO_LOCK_X509
);
if
(
!
sk_X509_push
(
sk
,
x
))
{
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
X509_free
(
x
);
sk_X509_pop_free
(
sk
,
X509_free
);
return
NULL
;
}
}
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
return
sk
;
}
...
...
@@ -540,24 +541,24 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
X509_CRL
*
x
;
X509_OBJECT
*
obj
,
xobj
;
sk
=
sk_X509_CRL_new_null
();
CRYPTO_
r
_lock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_lock
(
CRYPTO_LOCK_X509_STORE
);
/* Check cache first */
idx
=
x509_object_idx_cnt
(
ctx
->
ctx
->
objs
,
X509_LU_CRL
,
nm
,
&
cnt
);
/* Always do lookup to possibly add new CRLs to cache
*/
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
if
(
!
X509_STORE_get_by_subject
(
ctx
,
X509_LU_CRL
,
nm
,
&
xobj
))
{
sk_X509_CRL_free
(
sk
);
return
NULL
;
}
X509_OBJECT_free_contents
(
&
xobj
);
CRYPTO_
r
_lock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_lock
(
CRYPTO_LOCK_X509_STORE
);
idx
=
x509_object_idx_cnt
(
ctx
->
ctx
->
objs
,
X509_LU_CRL
,
nm
,
&
cnt
);
if
(
idx
<
0
)
{
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
sk_X509_CRL_free
(
sk
);
return
NULL
;
}
...
...
@@ -569,19 +570,18 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
CRYPTO_add
(
&
x
->
references
,
1
,
CRYPTO_LOCK_X509_CRL
);
if
(
!
sk_X509_CRL_push
(
sk
,
x
))
{
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
X509_CRL_free
(
x
);
sk_X509_CRL_pop_free
(
sk
,
X509_CRL_free
);
return
NULL
;
}
}
CRYPTO_
r
_unlock
(
CRYPTO_LOCK_X509_STORE
);
CRYPTO_
w
_unlock
(
CRYPTO_LOCK_X509_STORE
);
return
sk
;
}
X509_OBJECT
*
X509_OBJECT_retrieve_match
(
STACK_OF
(
X509_OBJECT
)
*
h
,
X509_OBJECT
*
x
)
{
{
int
idx
,
i
;
X509_OBJECT
*
obj
;
idx
=
sk_X509_OBJECT_find
(
h
,
x
);
...
...
@@ -607,13 +607,13 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
return
obj
;
}
return
NULL
;
}
}
/* Try to get issuer certificate from store. Due to limitations
* of the API this can only retrieve a single certificate matching
* a given subject name. However it will fill the cache with all
* matching certificates, so we can examine the cache for all
* matching certificates, so we can examine the cache for all
* matches.
*
* Return values are:
...
...
@@ -621,13 +621,11 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
* 0 certificate not found.
* -1 some other error.
*/
int
X509_STORE_CTX_get1_issuer
(
X509
**
issuer
,
X509_STORE_CTX
*
ctx
,
X509
*
x
)
{
{
X509_NAME
*
xn
;
X509_OBJECT
obj
,
*
pobj
;
int
i
,
ok
,
idx
;
int
i
,
ok
,
idx
,
ret
;
xn
=
X509_get_issuer_name
(
x
);
ok
=
X509_STORE_get_by_subject
(
ctx
,
X509_LU_X509
,
xn
,
&
obj
);
if
(
ok
!=
X509_LU_X509
)
...
...
@@ -653,27 +651,34 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
return
1
;
}
X509_OBJECT_free_contents
(
&
obj
);
/* Else find index of first matching cert */
idx
=
X509_OBJECT_idx_by_subject
(
ctx
->
ctx
->
objs
,
X509_LU_X509
,
xn
);
/* This shouldn't normally happen since we already have one match */
if
(
idx
==
-
1
)
return
0
;
/* Look through all matching certificates for a suitable issuer */
for
(
i
=
idx
;
i
<
sk_X509_OBJECT_num
(
ctx
->
ctx
->
objs
);
i
++
)
/* Else find index of first cert accepted by 'check_issued' */
ret
=
0
;
CRYPTO_w_lock
(
CRYPTO_LOCK_X509_STORE
);
idx
=
X509_OBJECT_idx_by_subject
(
ctx
->
ctx
->
objs
,
X509_LU_X509
,
xn
);
if
(
idx
!=
-
1
)
/* should be true as we've had at least one match */
{
pobj
=
sk_X509_OBJECT_value
(
ctx
->
ctx
->
objs
,
i
);
/* See if we've ran out of matches */
if
(
pobj
->
type
!=
X509_LU_X509
)
return
0
;
if
(
X509_NAME_cmp
(
xn
,
X509_get_subject_name
(
pobj
->
data
.
x509
)))
return
0
;
if
(
ctx
->
check_issued
(
ctx
,
x
,
pobj
->
data
.
x509
))
/* Look through all matching certs for suitable issuer */
for
(
i
=
idx
;
i
<
sk_X509_OBJECT_num
(
ctx
->
ctx
->
objs
);
i
++
)
{
*
issuer
=
pobj
->
data
.
x509
;
X509_OBJECT_up_ref_count
(
pobj
);
return
1
;
pobj
=
sk_X509_OBJECT_value
(
ctx
->
ctx
->
objs
,
i
);
/* See if we've run past the matches */
if
(
pobj
->
type
!=
X509_LU_X509
)
break
;
if
(
X509_NAME_cmp
(
xn
,
X509_get_subject_name
(
pobj
->
data
.
x509
)))
break
;
if
(
ctx
->
check_issued
(
ctx
,
x
,
pobj
->
data
.
x509
))
{
*
issuer
=
pobj
->
data
.
x509
;
X509_OBJECT_up_ref_count
(
pobj
);
ret
=
1
;
break
;
}
}
}
return
0
;
}
CRYPTO_w_unlock
(
CRYPTO_LOCK_X509_STORE
);
return
ret
;
}
int
X509_STORE_set_flags
(
X509_STORE
*
ctx
,
unsigned
long
flags
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录