Add misc. x509 un/lock and set1 functions

crypto/x509/x509_lu.c

@@ -200,6 +200,16 @@ X509_STORE *X509_STORE_new(void) {
   return NULL;
 }
 
+int X509_STORE_lock(X509_STORE *v) {
+    CRYPTO_MUTEX_lock_write(&v->objs_lock);
+    return 1;
+}
+
+int X509_STORE_unlock(X509_STORE *v) {
+    CRYPTO_MUTEX_unlock_write(&v->objs_lock);
+    return 1;
+}
+
 int X509_STORE_up_ref(X509_STORE *store) {
   CRYPTO_refcount_inc(&store->references);
   return 1;
@@ -410,6 +420,26 @@ X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a) {
   return a->data.crl;
 }
 
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) {
+    if (a == NULL || !X509_up_ref(obj)) {
+      return 0;
+    }
+
+    a->type = X509_LU_X509;
+    a->data.x509 = obj;
+    return 1;
+}
+
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) {
+    if (a == NULL || !X509_CRL_up_ref(obj)) {
+      return 0;
+    }
+
+    a->type = X509_LU_CRL;
+    a->data.crl = obj;
+    return 1;
+}
+
 static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
                                X509_NAME *name, int *pnmatch) {
   X509_OBJECT stmp;

crypto/x509/x509_test.cc

@@ -30,6 +30,7 @@
 #include <openssl/nid.h>
 #include <openssl/pem.h>
 #include <openssl/pool.h>
+#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -5022,12 +5023,39 @@ TEST(X509Test, AddDuplicates) {
   ASSERT_TRUE(a);
   ASSERT_TRUE(b);
 
+  // To begin, add the certs to the store. Subsequent adds will be duplicative.
   EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
   EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
-  EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
+
+  const size_t kNumThreads = 50;
+  std::vector<std::thread> threads;
+  for (size_t i = 0; i < kNumThreads; i++) {
+    threads.emplace_back([&] {
+      // Firstly, save off |i| in the thread's context.
+      const size_t idx = i;
+      uint8_t sleep_buf[1];
+      ASSERT_TRUE(RAND_bytes(sleep_buf, sizeof(sleep_buf)));
+      std::this_thread::sleep_for(std::chrono::milliseconds(sleep_buf[0] % 100));
+      // Half the threads add duplicate certs, the other half take a lock and
+      // look them up to exercise un/locking functions.
+      if (idx % 2 == 0) {
+        EXPECT_TRUE(X509_STORE_add_cert(store.get(), a.get()));
+        EXPECT_TRUE(X509_STORE_add_cert(store.get(), b.get()));
+      } else {
+        ASSERT_TRUE(X509_STORE_lock(store.get()));
+        EXPECT_TRUE(X509_OBJECT_retrieve_by_subject(
+          store->objs, X509_LU_X509, X509_get_subject_name(a.get())
+        ));
+        EXPECT_TRUE(X509_OBJECT_retrieve_by_subject(
+          store->objs, X509_LU_X509, X509_get_subject_name(b.get())
+        ));
+        ASSERT_TRUE(X509_STORE_unlock(store.get()));
+      }
+    });
+  }
+  for (auto &thread : threads) {
+    thread.join();
+  }
 
   EXPECT_EQ(sk_X509_OBJECT_num(X509_STORE_get0_objects(store.get())), 2u);
 }

include/openssl/x509.h

@@ -2800,7 +2800,11 @@ OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a);
 OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
 // X509_OBJECT_get0_X509_CRL returns the |X509_CRL| associated with |a|
 OPENSSL_EXPORT X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 OPENSSL_EXPORT X509_STORE *X509_STORE_new(void);
+OPENSSL_EXPORT int X509_STORE_lock(X509_STORE *v);
+OPENSSL_EXPORT int X509_STORE_unlock(X509_STORE *v);
 OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store);
 OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v);