Add X509_STORE lock and unlock functions

Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.

Reviewed-by: Rich Salz <rsalz@openssl.org>

crypto/x509/x509_lu.c

@@ -40,6 +40,16 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
     OPENSSL_free(ctx);
 }
 
+int X509_STORE_lock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_write_lock(s->lock);
+}
+
+int X509_STORE_unlock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_unlock(s->lock);
+}
+
 int X509_LOOKUP_init(X509_LOOKUP *ctx)
 {
     if (ctx->method == NULL)

doc/crypto/X509_STORE_new.pod

@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and freeing functions
+X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock,
+X509_STORE_unlock - X509_STORE allocation, freeing and locking functions
 
 =head1 SYNOPSIS
 
@@ -10,6 +11,8 @@ X509_STORE_new, X509_STORE_up_ref, X509_STORE_free - X509_STORE allocation and f
 
  X509_STORE *X509_STORE_new(void);
  void X509_STORE_free(X509_STORE *v);
+ int X509_STORE_lock(X509_STORE *v);
+ int X509_STORE_unlock(X509_STORE *v);
  int X509_STORE_up_ref(X509_STORE *v);
 
 =head1 DESCRIPTION
@@ -19,13 +22,17 @@ The X509_STORE_new() function returns a new X509_STORE.
 X509_STORE_up_ref() increments the reference count associated with the
 X509_STORE object.
 
+X509_STORE_lock() locks the store from modification by other threads,
+X509_STORE_unlock() locks it.
+
 X509_STORE_free() frees up a single X509_STORE object.
 
 =head1 RETURN VALUES
 
 X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.
 
-X509_STORE_up_ref() returns 1 for success and 0 for failure.
+X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return
+1 for success and 0 for failure.
 
 X509_STORE_free() does not return values.
 
@@ -36,7 +43,8 @@ L<X509_STORE_get0_param(3)>
 
 =head1 HISTORY
 
-The B<X509_STORE_up_ref> function was added in OpenSSL 1.1.0
+The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock()
+functions were added in OpenSSL 1.1.0
 
 =head1 COPYRIGHT
 

include/openssl/x509_vfy.h

@@ -255,6 +255,8 @@ X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
 X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void);
 void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *ctx);
+int X509_STORE_unlock(X509_STORE *ctx);
 int X509_STORE_up_ref(X509_STORE *v);
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
 

util/libcrypto.num

@@ -4185,3 +4185,5 @@ X509_STORE_CTX_get_check_revocation     4129	1_1_0	EXIST::FUNCTION:
 X509_STORE_get_verify_cb                4130	1_1_0	EXIST::FUNCTION:
 X509_STORE_CTX_get_lookup_crls          4131	1_1_0	EXIST::FUNCTION:
 X509_STORE_get_verify                   4132	1_1_0	EXIST::FUNCTION:
+X509_STORE_unlock                       4133	1_1_0	EXIST::FUNCTION:
+X509_STORE_lock                         4134	1_1_0	EXIST::FUNCTION: