sk_X509_OBJECT_num()

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

sk_X509_OBJECT_num()

Jason Schultz
Hello-

I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm confused about the function in the subject line as well as other, related sk_X509_* functions. 

My code has always used these functions, and currently my code compiles and runs successfully against 1.1.1. I was sort of doing an audit of my code, evaluating the API calls that have changed vs not changed when I noticed these functions. I searched for them in the 1.1.1 source. They don't exist, except where called in x509_lu.c. In the 1.0.2 code base, they are called in the same file, as well as are defined in a header, /include/openssl/safestack.h.

My question is, how are those symbols in my application being resolved since they are no longer found in the safestack.h header file? 

My system previously had OpenSSL 1.0.2 installed when I installed 1.1.1, but I don't think I have any old headers around that are being found when I compile and link. But for some reason this works. They obviously work within the OpenSSL 1.1.1 code also. 

I'm thinking I could be missing something basic about the compile/link process that explains this. Any ideas? 

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: sk_X509_OBJECT_num()

Dave Coombs
Hi,

They're macros, defined in SKM_DEFINE_STACK_OF() in safestack.h.  If you DEFINE_STACK_OF(Foo), you'll automatically end up with a sk_Foo_num() macro.

Cheers,
  -Dave


> On Nov 13, 2019, at 12:20, Jason Schultz <[hidden email]> wrote:
>
> Hello-
>
> I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm confused about the function in the subject line as well as other, related sk_X509_* functions.
>
> My code has always used these functions, and currently my code compiles and runs successfully against 1.1.1. I was sort of doing an audit of my code, evaluating the API calls that have changed vs not changed when I noticed these functions. I searched for them in the 1.1.1 source. They don't exist, except where called in x509_lu.c. In the 1.0.2 code base, they are called in the same file, as well as are defined in a header, /include/openssl/safestack.h.
>
> My question is, how are those symbols in my application being resolved since they are no longer found in the safestack.h header file?
>
> My system previously had OpenSSL 1.0.2 installed when I installed 1.1.1, but I don't think I have any old headers around that are being found when I compile and link. But for some reason this works. They obviously work within the OpenSSL 1.1.1 code also.
>
> I'm thinking I could be missing something basic about the compile/link process that explains this. Any ideas?
>
> Thanks in advance.


smime.p7s (12K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: sk_X509_OBJECT_num()

Matt Caswell-2
In reply to this post by Jason Schultz


On 13/11/2019 17:20, Jason Schultz wrote:

> Hello-
>
> I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in
> preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm
> confused about the function in the subject line as well as other,
> related sk_X509_* functions. 
>
> My code has always used these functions, and currently my code compiles
> and runs successfully against 1.1.1. I was sort of doing an audit of my
> code, evaluating the API calls that have changed vs not changed when I
> noticed these functions. I searched for them in the 1.1.1 source. They
> don't exist, except where called in x509_lu.c. In the 1.0.2 code base,
> they are called in the same file, as well as are defined in a header,
> /include/openssl/safestack.h.
>
> My question is, how are those symbols in my application being resolved
> since they are no longer found in the safestack.h header file? 
>
> My system previously had OpenSSL 1.0.2 installed when I installed 1.1.1,
> but I don't think I have any old headers around that are being found
> when I compile and link. But for some reason this works. They obviously
> work within the OpenSSL 1.1.1 code also. 
>
> I'm thinking I could be missing something basic about the compile/link
> process that explains this. Any ideas? 
>

In the header file openssl/x509_vfy.h you will see this line:

DEFINE_STACK_OF(X509_OBJECT)

That macro is defined inside safestack.h and generates all the sk_*_*()
functions (as inline functions).

Matt


> Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: sk_X509_OBJECT_num()

Jason Schultz
In reply to this post by Dave Coombs
That makes sense. Thanks to everyone for the responses.

Jason



From: Dave Coombs <[hidden email]>
Sent: Wednesday, November 13, 2019 5:30 PM
To: Jason Schultz <[hidden email]>
Cc: [hidden email] <[hidden email]>
Subject: Re: sk_X509_OBJECT_num()
 
Hi,

They're macros, defined in SKM_DEFINE_STACK_OF() in safestack.h.  If you DEFINE_STACK_OF(Foo), you'll automatically end up with a sk_Foo_num() macro.

Cheers,
  -Dave


> On Nov 13, 2019, at 12:20, Jason Schultz <[hidden email]> wrote:
>
> Hello-
>
> I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm confused about the function in the subject line as well as other, related sk_X509_* functions.
>
> My code has always used these functions, and currently my code compiles and runs successfully against 1.1.1. I was sort of doing an audit of my code, evaluating the API calls that have changed vs not changed when I noticed these functions. I searched for them in the 1.1.1 source. They don't exist, except where called in x509_lu.c. In the 1.0.2 code base, they are called in the same file, as well as are defined in a header, /include/openssl/safestack.h.
>
> My question is, how are those symbols in my application being resolved since they are no longer found in the safestack.h header file?
>
> My system previously had OpenSSL 1.0.2 installed when I installed 1.1.1, but I don't think I have any old headers around that are being found when I compile and link. But for some reason this works. They obviously work within the OpenSSL 1.1.1 code also.
>
> I'm thinking I could be missing something basic about the compile/link process that explains this. Any ideas?
>
> Thanks in advance.