[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Feb 11 17:19:38 UTC 2016
The branch master has been updated
via 7823d792d0cad3b44ad5389a8d3381becefe7f44 (commit)
from 84c15091ec4b694d7a10a3d0fa1c42a30e9d1b21 (commit)
- Log -----------------------------------------------------------------
commit 7823d792d0cad3b44ad5389a8d3381becefe7f44
Author: Toshikuni Fukaya <toshikuni-fukaya at cybozu.co.jp>
Date: Wed Feb 3 13:08:45 2016 -0500
RT3495: Add a hash for faster dup detection.
Updated for 1.1 by Rich Salz
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_cert.c | 42 +++++++++++++++++++++++++-----------------
1 file changed, 25 insertions(+), 17 deletions(-)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 68c8924..dc58e25 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1,6 +1,3 @@
-/*
- * ! \file ssl/ssl_cert.c
- */
/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
* All rights reserved.
*
@@ -124,7 +121,7 @@
#endif
#include "internal/o_dir.h"
-#include <openssl/objects.h>
+#include <openssl/lhash.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -642,11 +639,23 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
return (add_client_CA(&(ctx->client_CA), x));
}
-static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
{
return (X509_NAME_cmp(*a, *b));
}
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+ return X509_NAME_cmp(a, b);
+}
+
+static unsigned long xname_hash(const X509_NAME *a)
+{
+ return X509_NAME_hash((X509_NAME *)a);
+}
+
+DEFINE_LHASH_OF(X509_NAME);
+
/**
* Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
* it doesn't really have anything to do with clients (except that a common use
@@ -657,16 +666,14 @@ static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
*/
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
{
- BIO *in;
+ BIO *in = BIO_new(BIO_s_file());
X509 *x = NULL;
X509_NAME *xn = NULL;
- STACK_OF(X509_NAME) *ret = NULL, *sk;
-
- sk = sk_X509_NAME_new(xname_cmp);
+ STACK_OF(X509_NAME) *ret = NULL;
+ LHASH_OF(X509_NAME) *name_hash =
+ lh_X509_NAME_new(xname_hash, xname_cmp);
- in = BIO_new(BIO_s_file());
-
- if ((sk == NULL) || (in == NULL)) {
+ if ((name_hash == NULL) || (in == NULL)) {
SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -690,10 +697,11 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
xn = X509_NAME_dup(xn);
if (xn == NULL)
goto err;
- if (sk_X509_NAME_find(sk, xn) >= 0)
+ if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
+ /* Duplicate. */
X509_NAME_free(xn);
- else {
- sk_X509_NAME_push(sk, xn);
+ } else {
+ lh_X509_NAME_insert(name_hash, xn);
sk_X509_NAME_push(ret, xn);
}
}
@@ -703,9 +711,9 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
sk_X509_NAME_pop_free(ret, X509_NAME_free);
ret = NULL;
done:
- sk_X509_NAME_free(sk);
BIO_free(in);
X509_free(x);
+ lh_X509_NAME_free(name_hash);
if (ret != NULL)
ERR_clear_error();
return (ret);
@@ -729,7 +737,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
int ret = 1;
int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
- oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
+ oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
in = BIO_new(BIO_s_file());
More information about the openssl-commits
mailing list