Re: [openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?

Sat, 07 May 2016 01:31:54 -0700 

Hi Rich,

Scope of my request is "use of a lookup method".

Salz, Rich wrote:

You need

(1)
I test port to current openssl code with following definitions X509_OBJECT_new() and X509_OBJECT_get0_X509_CRL. : 
....
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ff64821..8547b0d 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -450,6 +450,12 @@ int X509_OBJECT_get_type(X509_OBJECT *a)
     return a->type;
 }

+X509_OBJECT *X509_OBJECT_new()
+{
+    X509_OBJECT *ret;
+    return OPENSSL_malloc(sizeof (*ret));
+}
+
 void X509_OBJECT_free(X509_OBJECT *a)
 {
     if (a == NULL)
....
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index c4ca619..ff64821 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -433,9 +433,18 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)

 X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
 {
+    if (a == NULL) return NULL;
+    if (a->type != X509_LU_X509) return NULL;
     return a->data.x509;
 }

+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
+{
+    if (a == NULL) return NULL;
+    if (a->type != X509_LU_CRL) return NULL;
+    return a->data.crl;
+}
+
 int X509_OBJECT_get_type(X509_OBJECT *a)
 {
     return a->type;
....

After port I note that two new functions (see bellow) will simplify code:

(2)

     X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs,
X509_NAME *name)
     X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs,
X509_NAME *name) And replace the existing
"X509_STORE_get_X509_by_subject"


This is my request - to define:
- X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, X509_NAME *name)
- X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs, X509_NAME *name) ( Side effect is that with functions from (2) program code will avoid use of functions from (1) ) 



We also need X590_OBJECT_new() and X509_OBJECT_free and X509_CRL
*X509_OBJECT_get0_X509_CRL(X509_OBJECT *a).

It is good to have:
- X590_OBJECT_new()
- X509_CRL* X509_OBJECT_get0_X509_CRL(X509_OBJECT *)
- int X509_OBJECT_set0_X509_CRL(X509_OBJECT*, X509_CRL*)
- int X509_OBJECT_set0_X509(X509_OBJECT*, X509* )
but this is out of scope for now.
It is related to API for X509_LOOKUP_METHOD. Lets to discuss separately when accessors for X509_LOOKUP_METHOD are defined. 


Make sure the memory issues are addressed and avoid double-free.

Right?

"You need" is misleading.  These are new accessors needed  because the 
X509_OBJECT was made opaque.  In other words we did it :)


Regards,
Roumen
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to