[openssl-dev] use of X.509 lookup methods, X509_OBJECT internal or opaque?
Roumen Petrov
openssl at roumenpetrov.info
Sat May 7 08:30:56 UTC 2016
Hi Rich,
Scope of my request is "use of a lookup method".
Salz, Rich wrote:
>> You need
(1)
I test port to current openssl code with following definitions
X509_OBJECT_new() and X509_OBJECT_get0_X509_CRL. :
....
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ff64821..8547b0d 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -450,6 +450,12 @@ int X509_OBJECT_get_type(X509_OBJECT *a)
return a->type;
}
+X509_OBJECT *X509_OBJECT_new()
+{
+ X509_OBJECT *ret;
+ return OPENSSL_malloc(sizeof (*ret));
+}
+
void X509_OBJECT_free(X509_OBJECT *a)
{
if (a == NULL)
....
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index c4ca619..ff64821 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -433,9 +433,18 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
X509 *X509_OBJECT_get0_X509(X509_OBJECT *a)
{
+ if (a == NULL) return NULL;
+ if (a->type != X509_LU_X509) return NULL;
return a->data.x509;
}
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
+{
+ if (a == NULL) return NULL;
+ if (a->type != X509_LU_CRL) return NULL;
+ return a->data.crl;
+}
+
int X509_OBJECT_get_type(X509_OBJECT *a)
{
return a->type;
....
After port I note that two new functions (see bellow) will simplify code:
(2)
>> X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs,
>> X509_NAME *name)
>> X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs,
>> X509_NAME *name) And replace the existing
>> "X509_STORE_get_X509_by_subject"
This is my request - to define:
- X509 *X509_STORE_get_X509_by_subject(X509_STORE_CTX *vs, X509_NAME *name)
- X509_CRL *X509_STORE_get_X509_CRL_by_subject(X509_STORE_CTX *vs,
X509_NAME *name)
( Side effect is that with functions from (2) program code will avoid
use of functions from (1) )
>> We also need X590_OBJECT_new() and X509_OBJECT_free and X509_CRL
>> *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a).
It is good to have:
- X590_OBJECT_new()
- X509_CRL* X509_OBJECT_get0_X509_CRL(X509_OBJECT *)
- int X509_OBJECT_set0_X509_CRL(X509_OBJECT*, X509_CRL*)
- int X509_OBJECT_set0_X509(X509_OBJECT*, X509* )
but this is out of scope for now.
It is related to API for X509_LOOKUP_METHOD. Lets to discuss separately
when accessors for X509_LOOKUP_METHOD are defined.
>> Make sure the memory issues are addressed and avoid double-free.
>>
>> Right?
> "You need" is misleading. These are new accessors needed because the X509_OBJECT was made opaque. In other words we did it :)
Regards,
Roumen
More information about the openssl-dev
mailing list