diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h index b610c57239..09b3544e41 100644 --- a/crypto/x509/internal.h +++ b/crypto/x509/internal.h @@ -361,6 +361,8 @@ struct x509_store_ctx_st { CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */; +void X509_OBJECT_free_contents(X509_OBJECT *a); + ASN1_TYPE *ASN1_generate_v3(const char *str, const X509V3_CTX *cnf); int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b1e4ca033b..6da873aaf8 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -279,7 +279,7 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) { } } -int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT *ret) { X509_STORE *ctx = vs->ctx; X509_LOOKUP *lu; @@ -359,6 +359,15 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) { return x509_store_add(ctx, x, /*is_crl=*/1); } +X509_OBJECT *X509_OBJECT_new(void) { + X509_OBJECT *ret = OPENSSL_malloc(sizeof(X509_OBJECT)); + if (ret == NULL) { + return NULL; + } + OPENSSL_memset(ret, 0, sizeof(X509_OBJECT)); + return ret; +} + int X509_OBJECT_up_ref_count(X509_OBJECT *a) { switch (a->type) { case X509_LU_X509: @@ -382,6 +391,11 @@ void X509_OBJECT_free_contents(X509_OBJECT *a) { } } +void X509_OBJECT_free(X509_OBJECT *a) { + X509_OBJECT_free_contents(a); + OPENSSL_free(a); +} + int X509_OBJECT_get_type(const X509_OBJECT *a) { return a->type; } X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) { @@ -478,7 +492,7 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) { // cache X509_OBJECT xobj; CRYPTO_MUTEX_unlock_write(&ctx->ctx->objs_lock); - if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { + if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { sk_X509_free(sk); return NULL; } @@ -516,7 +530,7 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { } // Always do lookup to possibly add new CRLs to cache. - if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { + if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { sk_X509_CRL_free(sk); return NULL; } @@ -585,7 +599,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { int idx, ret; size_t i; xn = X509_get_issuer_name(x); - if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj)) { + if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, &obj)) { return 0; } // If certificate matches all OK diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc index 5be6083771..bba2871740 100644 --- a/crypto/x509/x509_test.cc +++ b/crypto/x509/x509_test.cc @@ -6629,3 +6629,9 @@ TEST(X509Test, TestDecode) { ASSERT_TRUE(pkey2); ASSERT_TRUE(X509_verify(cert.get(), pkey2.get())); } + +TEST(X509Test, X509_OBJECT_heap) { + X509_OBJECT *x509_object = X509_OBJECT_new(); + ASSERT_TRUE(x509_object); + X509_OBJECT_free(x509_object); +} diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 1c8e8b6926..283df48fed 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -2778,6 +2778,12 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); (X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | \ X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP) +// X509_OBJECT_new allocates an |X509_OBJECT| on the heap. +OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_new(void); + +// X509_OBJECT_free frees an |X509_OBJECT| from the heap. +OPENSSL_EXPORT void X509_OBJECT_free(X509_OBJECT *a); + OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name); OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject( @@ -2785,7 +2791,6 @@ OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject( OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a); -OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a); OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a); OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); // X509_OBJECT_get0_X509_CRL returns the |X509_CRL| associated with |a| @@ -2901,9 +2906,6 @@ OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void); OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); -OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, - X509_NAME *name, X509_OBJECT *ret); - OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); @@ -2997,6 +2999,19 @@ OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +// X509_STORE_get_by_subject is an alias to |X509_STORE_CTX_get_by_subject| in +// OpenSSL 1.1.1. +#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject + +// X509_STORE_CTX_get_by_subject tries to find an object of a given type, which +// may be |X509_LU_X509| or |X509_LU_CRL|, and the subject name from the store +// in |vs|. If found and |ret| is not NULL, it increments the reference count +// and stores the object in |ret|. +OPENSSL_EXPORT int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, + int type, + X509_NAME *name, + X509_OBJECT *ret); + // X509_VERIFY_PARAM functions OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);