/src/libressl/crypto/x509/by_dir.c

Source (jump to first uncovered line)
/* $OpenBSD: by_dir.c,v 1.41 2021/11/10 14:34:21 schwarze Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <sys/stat.h>
#include <sys/types.h>

#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <unistd.h>

#include <openssl/opensslconf.h>

#include <openssl/err.h>
#include <openssl/x509.h>

#include "x509_lcl.h"

typedef struct lookup_dir_hashes_st {
  unsigned long hash;
  int suffix;
} BY_DIR_HASH;

typedef struct lookup_dir_entry_st {
  char *dir;
  int dir_type;
  STACK_OF(BY_DIR_HASH) *hashes;
} BY_DIR_ENTRY;

typedef struct lookup_dir_st {
  BUF_MEM *buffer;
  STACK_OF(BY_DIR_ENTRY) *dirs;
} BY_DIR;

DECLARE_STACK_OF(BY_DIR_HASH)
DECLARE_STACK_OF(BY_DIR_ENTRY)

static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
    char **ret);
static int new_dir(X509_LOOKUP *lu);
static void free_dir(X509_LOOKUP *lu);
static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
    X509_OBJECT *ret);

static X509_LOOKUP_METHOD x509_dir_lookup = {
  .name = "Load certs from files in a directory",
  .new_item = new_dir,
  .free = free_dir,
  .init = NULL,
  .shutdown = NULL,
  .ctrl = dir_ctrl,
  .get_by_subject = get_cert_by_subject,
  .get_by_issuer_serial = NULL,
  .get_by_fingerprint = NULL,
  .get_by_alias = NULL,
};

X509_LOOKUP_METHOD *
X509_LOOKUP_hash_dir(void)
{
  return &x509_dir_lookup;
}

static int
dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
    char **retp)
{
  int ret = 0;
  BY_DIR *ld;

  ld = (BY_DIR *)ctx->method_data;

  switch (cmd) {
  case X509_L_ADD_DIR:
    if (argl == X509_FILETYPE_DEFAULT) {
      ret = add_cert_dir(ld, X509_get_default_cert_dir(),
          X509_FILETYPE_PEM);
      if (!ret) {
        X509error(X509_R_LOADING_CERT_DIR);
      }
    } else
      ret = add_cert_dir(ld, argp, (int)argl);
    break;
  }
  return ret;
}

static int
new_dir(X509_LOOKUP *lu)
{
  BY_DIR *a;

  if ((a = malloc(sizeof(*a))) == NULL) {
    X509error(ERR_R_MALLOC_FAILURE);
    return 0;
  }
  if ((a->buffer = BUF_MEM_new()) == NULL) {
    X509error(ERR_R_MALLOC_FAILURE);
    free(a);
    return 0;
  }
  a->dirs = NULL;
  lu->method_data = (char *)a;
  return 1;
}

static void
by_dir_hash_free(BY_DIR_HASH *hash)
{
  free(hash);
}

static int
by_dir_hash_cmp(const BY_DIR_HASH * const *a,
    const BY_DIR_HASH * const *b)
{
  if ((*a)->hash > (*b)->hash)
    return 1;
  if ((*a)->hash < (*b)->hash)
    return -1;
  return 0;
}

static void
by_dir_entry_free(BY_DIR_ENTRY *ent)
{
  free(ent->dir);
  sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
  free(ent);
}

static void
free_dir(X509_LOOKUP *lu)
{
  BY_DIR *a;

  a = (BY_DIR *)lu->method_data;
  sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
  BUF_MEM_free(a->buffer);
  free(a);
}

static int
add_cert_dir(BY_DIR *ctx, const char *dir, int type)
{
  int j;
  const char *s, *ss, *p;
  ptrdiff_t len;

  if (dir == NULL || !*dir) {
    X509error(X509_R_INVALID_DIRECTORY);
    return 0;
  }

  s = dir;
  p = s;
  do {
    if ((*p == ':') || (*p == '\0')) {
      BY_DIR_ENTRY *ent;

      ss = s;
      s = p + 1;
      len = p - ss;
      if (len == 0)
        continue;
      for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
        ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
        if (strlen(ent->dir) == (size_t)len &&
            strncmp(ent->dir, ss, (size_t)len) == 0)
          break;
      }
      if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
        continue;
      if (ctx->dirs == NULL) {
        ctx->dirs = sk_BY_DIR_ENTRY_new_null();
        if (ctx->dirs == NULL) {
          X509error(ERR_R_MALLOC_FAILURE);
          return 0;
        }
      }
      ent = malloc(sizeof(*ent));
      if (ent == NULL) {
        X509error(ERR_R_MALLOC_FAILURE);
        return 0;
      }
      ent->dir_type = type;
      ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
      ent->dir = strndup(ss, (size_t)len);
      if (ent->dir == NULL || ent->hashes == NULL) {
        X509error(ERR_R_MALLOC_FAILURE);
        by_dir_entry_free(ent);
        return 0;
      }
      if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
        X509error(ERR_R_MALLOC_FAILURE);
        by_dir_entry_free(ent);
        return 0;
      }
    }
  } while (*p++ != '\0');
  return 1;
}

static int
get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
    X509_OBJECT *ret)
{
  BY_DIR *ctx;
  union {
    struct  {
      X509 st_x509;
      X509_CINF st_x509_cinf;
    } x509;
    struct  {
      X509_CRL st_crl;
      X509_CRL_INFO st_crl_info;
    } crl;
  } data;
  int ok = 0;
  int i, j, k;
  unsigned long h;
  BUF_MEM *b = NULL;
  X509_OBJECT stmp, *tmp;
  const char *postfix="";

  if (name == NULL)
    return 0;

  stmp.type = type;
  if (type == X509_LU_X509) {
    data.x509.st_x509.cert_info = &data.x509.st_x509_cinf;
    data.x509.st_x509_cinf.subject = name;
    stmp.data.x509 = &data.x509.st_x509;
    postfix="";
  } else if (type == X509_LU_CRL) {
    data.crl.st_crl.crl = &data.crl.st_crl_info;
    data.crl.st_crl_info.issuer = name;
    stmp.data.crl = &data.crl.st_crl;
    postfix="r";
  } else {
    X509error(X509_R_WRONG_LOOKUP_TYPE);
    goto finish;
  }

  if ((b = BUF_MEM_new()) == NULL) {
    X509error(ERR_R_BUF_LIB);
    goto finish;
  }

  ctx = (BY_DIR *)xl->method_data;

  h = X509_NAME_hash(name);
  for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
    BY_DIR_ENTRY *ent;
    int idx;
    BY_DIR_HASH htmp, *hent;

    ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
    j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
    if (!BUF_MEM_grow(b, j)) {
      X509error(ERR_R_MALLOC_FAILURE);
      goto finish;
    }
    if (type == X509_LU_CRL) {
      htmp.hash = h;
      CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
      idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
      if (idx >= 0) {
        hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
        k = hent->suffix;
      } else {
        hent = NULL;
        k = 0;
      }
      CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
    } else {
      k = 0;
      hent = NULL;
    }
    for (;;) {
      (void) snprintf(b->data, b->max, "%s/%08lx.%s%d",
          ent->dir, h, postfix, k);

      {
        struct stat st;
        if (stat(b->data, &st) < 0)
          break;
      }
      /* found one. */
      if (type == X509_LU_X509) {
        if ((X509_load_cert_file(xl, b->data,
            ent->dir_type)) == 0)
          break;
      } else if (type == X509_LU_CRL) {
        if ((X509_load_crl_file(xl, b->data,
            ent->dir_type)) == 0)
          break;
      }
      /* else case will caught higher up */
      k++;
    }

    /* we have added it to the cache so now pull it out again */
    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
    j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
    tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

    /* If a CRL, update the last file suffix added for this */
    if (type == X509_LU_CRL) {
      CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
      /*
       * Look for entry again in case another thread added
       * an entry first.
       */
      if (hent == NULL) {
        htmp.hash = h;
        idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
        hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
      }
      if (hent == NULL) {
        hent = malloc(sizeof(*hent));
        if (hent == NULL) {
          X509error(ERR_R_MALLOC_FAILURE);
          CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
          ok = 0;
          goto finish;
        }
        hent->hash = h;
        hent->suffix = k;
        if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
          X509error(ERR_R_MALLOC_FAILURE);
          CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
          free(hent);
          ok = 0;
          goto finish;
        }
      } else if (hent->suffix < k)
        hent->suffix = k;

      CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);

    }

    if (tmp != NULL) {
      ok = 1;
      ret->type = tmp->type;
      memcpy(&ret->data, &tmp->data, sizeof(ret->data));
      goto finish;
    }
  }
finish:
  BUF_MEM_free(b);
  return ok;
}

Coverage Report

Created: 2022-08-24 06:31

Line	Count	Source (jump to first uncovered line)
1		/* $OpenBSD: by_dir.c,v 1.41 2021/11/10 14:34:21 schwarze Exp $ */
2		/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3		* All rights reserved.
4		*
5		* This package is an SSL implementation written
6		* by Eric Young (eay@cryptsoft.com).
7		* The implementation was written so as to conform with Netscapes SSL.
8		*
9		* This library is free for commercial and non-commercial use as long as
10		* the following conditions are aheared to. The following conditions
11		* apply to all code found in this distribution, be it the RC4, RSA,
12		* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13		* included with this distribution is covered by the same copyright terms
14		* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15		*
16		* Copyright remains Eric Young's, and as such any Copyright notices in
17		* the code are not to be removed.
18		* If this package is used in a product, Eric Young should be given attribution
19		* as the author of the parts of the library used.
20		* This can be in the form of a textual message at program startup or
21		* in documentation (online or textual) provided with the package.
22		*
23		* Redistribution and use in source and binary forms, with or without
24		* modification, are permitted provided that the following conditions
25		* are met:
26		* 1. Redistributions of source code must retain the copyright
27		* notice, this list of conditions and the following disclaimer.
28		* 2. Redistributions in binary form must reproduce the above copyright
29		* notice, this list of conditions and the following disclaimer in the
30		* documentation and/or other materials provided with the distribution.
31		* 3. All advertising materials mentioning features or use of this software
32		* must display the following acknowledgement:
33		* "This product includes cryptographic software written by
34		* Eric Young (eay@cryptsoft.com)"
35		* The word 'cryptographic' can be left out if the rouines from the library
36		* being used are not cryptographic related :-).
37		* 4. If you include any Windows specific code (or a derivative thereof) from
38		* the apps directory (application code) you must include an acknowledgement:
39		* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40		*
41		* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44		* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51		* SUCH DAMAGE.
52		*
53		* The licence and distribution terms for any publically available version or
54		* derivative of this code cannot be changed. i.e. this code cannot simply be
55		* copied and put under another distribution licence
56		* [including the GNU Public Licence.]
57		*/
58
59		#include <sys/stat.h>
60		#include <sys/types.h>
61
62		#include <errno.h>
63		#include <stdio.h>
64		#include <string.h>
65		#include <time.h>
66		#include <unistd.h>
67
68		#include <openssl/opensslconf.h>
69
70		#include <openssl/err.h>
71		#include <openssl/x509.h>
72
73		#include "x509_lcl.h"
74
75		typedef struct lookup_dir_hashes_st {
76		unsigned long hash;
77		int suffix;
78		} BY_DIR_HASH;
79
80		typedef struct lookup_dir_entry_st {
81		char *dir;
82		int dir_type;
83		STACK_OF(BY_DIR_HASH) *hashes;
84		} BY_DIR_ENTRY;
85
86		typedef struct lookup_dir_st {
87		BUF_MEM *buffer;
88		STACK_OF(BY_DIR_ENTRY) *dirs;
89		} BY_DIR;
90
91		DECLARE_STACK_OF(BY_DIR_HASH)
92		DECLARE_STACK_OF(BY_DIR_ENTRY)
93
94		static int dir_ctrl(X509_LOOKUP ctx, int cmd, const char argp, long argl,
95		char **ret);
96		static int new_dir(X509_LOOKUP *lu);
97		static void free_dir(X509_LOOKUP *lu);
98		static int add_cert_dir(BY_DIR ctx, const char dir, int type);
99		static int get_cert_by_subject(X509_LOOKUP xl, int type, X509_NAME name,
100		X509_OBJECT *ret);
101
102		static X509_LOOKUP_METHOD x509_dir_lookup = {
103		.name = "Load certs from files in a directory",
104		.new_item = new_dir,
105		.free = free_dir,
106		.init = NULL,
107		.shutdown = NULL,
108		.ctrl = dir_ctrl,
109		.get_by_subject = get_cert_by_subject,
110		.get_by_issuer_serial = NULL,
111		.get_by_fingerprint = NULL,
112		.get_by_alias = NULL,
113		};
114
115		X509_LOOKUP_METHOD *
116		X509_LOOKUP_hash_dir(void)
117	0	{
118	0	return &x509_dir_lookup;
119	0	}
120
121		static int
122		dir_ctrl(X509_LOOKUP ctx, int cmd, const char argp, long argl,
123		char **retp)
124	0	{
125	0	int ret = 0;
126	0	BY_DIR *ld;
127
128	0	ld = (BY_DIR *)ctx->method_data;
129
130	0	switch (cmd) {
131	0	case X509_L_ADD_DIR:
132	0	if (argl == X509_FILETYPE_DEFAULT) {
133	0	ret = add_cert_dir(ld, X509_get_default_cert_dir(),
134	0	X509_FILETYPE_PEM);
135	0	if (!ret) {
136	0	X509error(X509_R_LOADING_CERT_DIR);
137	0	}
138	0	} else
139	0	ret = add_cert_dir(ld, argp, (int)argl);
140	0	break;
141	0	}
142	0	return ret;
143	0	}
144
145		static int
146		new_dir(X509_LOOKUP *lu)
147	0	{
148	0	BY_DIR *a;
149
150	0	if ((a = malloc(sizeof(*a))) == NULL) {
151	0	X509error(ERR_R_MALLOC_FAILURE);
152	0	return 0;
153	0	}
154	0	if ((a->buffer = BUF_MEM_new()) == NULL) {
155	0	X509error(ERR_R_MALLOC_FAILURE);
156	0	free(a);
157	0	return 0;
158	0	}
159	0	a->dirs = NULL;
160	0	lu->method_data = (char *)a;
161	0	return 1;
162	0	}
163
164		static void
165		by_dir_hash_free(BY_DIR_HASH *hash)
166	0	{
167	0	free(hash);
168	0	}
169
170		static int
171		by_dir_hash_cmp(const BY_DIR_HASH * const *a,
172		const BY_DIR_HASH * const *b)
173	0	{
174	0	if ((a)->hash > (b)->hash)
175	0	return 1;
176	0	if ((a)->hash < (b)->hash)
177	0	return -1;
178	0	return 0;
179	0	}
180
181		static void
182		by_dir_entry_free(BY_DIR_ENTRY *ent)
183	0	{
184	0	free(ent->dir);
185	0	sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
186	0	free(ent);
187	0	}
188
189		static void
190		free_dir(X509_LOOKUP *lu)
191	0	{
192	0	BY_DIR *a;
193
194	0	a = (BY_DIR *)lu->method_data;
195	0	sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
196	0	BUF_MEM_free(a->buffer);
197	0	free(a);
198	0	}
199
200		static int
201		add_cert_dir(BY_DIR ctx, const char dir, int type)
202	0	{
203	0	int j;
204	0	const char s, ss, *p;
205	0	ptrdiff_t len;
206
207	0	if (dir == NULL \|\| !*dir) {
208	0	X509error(X509_R_INVALID_DIRECTORY);
209	0	return 0;
210	0	}
211
212	0	s = dir;
213	0	p = s;
214	0	do {
215	0	if ((p == ':') \|\| (p == '\0')) {
216	0	BY_DIR_ENTRY *ent;
217
218	0	ss = s;
219	0	s = p + 1;
220	0	len = p - ss;
221	0	if (len == 0)
222	0	continue;
223	0	for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
224	0	ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
225	0	if (strlen(ent->dir) == (size_t)len &&
226	0	strncmp(ent->dir, ss, (size_t)len) == 0)
227	0	break;
228	0	}
229	0	if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
230	0	continue;
231	0	if (ctx->dirs == NULL) {
232	0	ctx->dirs = sk_BY_DIR_ENTRY_new_null();
233	0	if (ctx->dirs == NULL) {
234	0	X509error(ERR_R_MALLOC_FAILURE);
235	0	return 0;
236	0	}
237	0	}
238	0	ent = malloc(sizeof(*ent));
239	0	if (ent == NULL) {
240	0	X509error(ERR_R_MALLOC_FAILURE);
241	0	return 0;
242	0	}
243	0	ent->dir_type = type;
244	0	ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
245	0	ent->dir = strndup(ss, (size_t)len);
246	0	if (ent->dir == NULL \|\| ent->hashes == NULL) {
247	0	X509error(ERR_R_MALLOC_FAILURE);
248	0	by_dir_entry_free(ent);
249	0	return 0;
250	0	}
251	0	if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
252	0	X509error(ERR_R_MALLOC_FAILURE);
253	0	by_dir_entry_free(ent);
254	0	return 0;
255	0	}
256	0	}
257	0	} while (*p++ != '\0');
258	0	return 1;
259	0	}
260
261		static int
262		get_cert_by_subject(X509_LOOKUP xl, int type, X509_NAME name,
263		X509_OBJECT *ret)
264	0	{
265	0	BY_DIR *ctx;
266	0	union {
267	0	struct {
268	0	X509 st_x509;
269	0	X509_CINF st_x509_cinf;
270	0	} x509;
271	0	struct {
272	0	X509_CRL st_crl;
273	0	X509_CRL_INFO st_crl_info;
274	0	} crl;
275	0	} data;
276	0	int ok = 0;
277	0	int i, j, k;
278	0	unsigned long h;
279	0	BUF_MEM *b = NULL;
280	0	X509_OBJECT stmp, *tmp;
281	0	const char *postfix="";
282
283	0	if (name == NULL)
284	0	return 0;
285
286	0	stmp.type = type;
287	0	if (type == X509_LU_X509) {
288	0	data.x509.st_x509.cert_info = &data.x509.st_x509_cinf;
289	0	data.x509.st_x509_cinf.subject = name;
290	0	stmp.data.x509 = &data.x509.st_x509;
291	0	postfix="";
292	0	} else if (type == X509_LU_CRL) {
293	0	data.crl.st_crl.crl = &data.crl.st_crl_info;
294	0	data.crl.st_crl_info.issuer = name;
295	0	stmp.data.crl = &data.crl.st_crl;
296	0	postfix="r";
297	0	} else {
298	0	X509error(X509_R_WRONG_LOOKUP_TYPE);
299	0	goto finish;
300	0	}
301
302	0	if ((b = BUF_MEM_new()) == NULL) {
303	0	X509error(ERR_R_BUF_LIB);
304	0	goto finish;
305	0	}
306
307	0	ctx = (BY_DIR *)xl->method_data;
308
309	0	h = X509_NAME_hash(name);
310	0	for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
311	0	BY_DIR_ENTRY *ent;
312	0	int idx;
313	0	BY_DIR_HASH htmp, *hent;
314
315	0	ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
316	0	j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
317	0	if (!BUF_MEM_grow(b, j)) {
318	0	X509error(ERR_R_MALLOC_FAILURE);
319	0	goto finish;
320	0	}
321	0	if (type == X509_LU_CRL) {
322	0	htmp.hash = h;
323	0	CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
324	0	idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
325	0	if (idx >= 0) {
326	0	hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
327	0	k = hent->suffix;
328	0	} else {
329	0	hent = NULL;
330	0	k = 0;
331	0	}
332	0	CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
333	0	} else {
334	0	k = 0;
335	0	hent = NULL;
336	0	}
337	0	for (;;) {
338	0	(void) snprintf(b->data, b->max, "%s/%08lx.%s%d",
339	0	ent->dir, h, postfix, k);
340
341	0	{
342	0	struct stat st;
343	0	if (stat(b->data, &st) < 0)
344	0	break;
345	0	}
346		/* found one. */
347	0	if (type == X509_LU_X509) {
348	0	if ((X509_load_cert_file(xl, b->data,
349	0	ent->dir_type)) == 0)
350	0	break;
351	0	} else if (type == X509_LU_CRL) {
352	0	if ((X509_load_crl_file(xl, b->data,
353	0	ent->dir_type)) == 0)
354	0	break;
355	0	}
356		/* else case will caught higher up */
357	0	k++;
358	0	}
359
360		/* we have added it to the cache so now pull it out again */
361	0	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
362	0	j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
363	0	tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
364	0	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
365
366		/* If a CRL, update the last file suffix added for this */
367	0	if (type == X509_LU_CRL) {
368	0	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
369		/*
370		* Look for entry again in case another thread added
371		* an entry first.
372		*/
373	0	if (hent == NULL) {
374	0	htmp.hash = h;
375	0	idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
376	0	hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
377	0	}
378	0	if (hent == NULL) {
379	0	hent = malloc(sizeof(*hent));
380	0	if (hent == NULL) {
381	0	X509error(ERR_R_MALLOC_FAILURE);
382	0	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
383	0	ok = 0;
384	0	goto finish;
385	0	}
386	0	hent->hash = h;
387	0	hent->suffix = k;
388	0	if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
389	0	X509error(ERR_R_MALLOC_FAILURE);
390	0	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
391	0	free(hent);
392	0	ok = 0;
393	0	goto finish;
394	0	}
395	0	} else if (hent->suffix < k)
396	0	hent->suffix = k;
397
398	0	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
399
400	0	}
401
402	0	if (tmp != NULL) {
403	0	ok = 1;
404	0	ret->type = tmp->type;
405	0	memcpy(&ret->data, &tmp->data, sizeof(ret->data));
406	0	goto finish;
407	0	}
408	0	}
409	0	finish:
410	0	BUF_MEM_free(b);
411	0	return ok;
412	0	}