Conversation
|
This add-on will help integrate STORE with other parts of libcrypto, such as X509_LOOKUP / X509_STORE. |
levitte
force-pushed
the
store2-search-capability
branch
from
697e40f to
7b2c451
Compare
levitte
force-pushed
the
store2-search-capability
branch
5 times, most recently
from
94cf9d2 to
3cbc9d8
Compare
levitte
force-pushed
the
store2-search-capability
branch
8 times, most recently
from
360c969 to
126055b
Compare
levitte
force-pushed
the
store2-search-capability
branch
8 times, most recently
from
e277603 to
1a096d4
Compare
levitte
force-pushed
the
store2-search-capability
branch
2 times, most recently
from
1781a5f to
ceaf118
Compare
[extended tests]
levitte
force-pushed
the
store2-search-capability
branch
from
2f6266a to
e2f5ff7
Compare
|
Everything that needed squashing is now squashed. Just for kicks, I also triggered a extended tests. Final review, please? |
| return NULL; | ||
| } | ||
|
|
||
| if (digest != NULL && len != (size_t)EVP_MD_size(digest)) { |
There was a problem hiding this comment.
EVP_MD_size can return -1. Actually this only happens (at the moment) if digest == NULL which you explicitly check for. But are we entitled to expect that never to change? I.e. could it return -1 in other circumstances in the future? I kind of think we should do an explicit check for a < 0 result.
There was a problem hiding this comment.
I think that when the day comes and that happens, we deal with it then. In my mind, that would be a terrible breach of the EVP_MD API, or someone has created a terribly bad EVP_MD instance. Either way, that would lead to breakage all over the place, not just here, and I suspect we'd see the test suite go up in flames at least in places.
So, errrr, I don't think there's a great risk, and see no reason for such a check
There was a problem hiding this comment.
Ok. I'm not sure I agree with you, but I don't think it is important enough to hold this up.
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
[extended tests] Reviewed-by: Matt Caswell <[email protected]> (Merged from #2688)
4 participants
Checklist
Description of change
This is an add-on to #3542, to give the possibility to extract specific data from a store. Two new capabilities are added, one is to get back a specific data type (cert, CRL, key, ...), the other is to search for data given specific criteria (X.509 name, issuer+serial, ...).