Add APIs for custom X509_LOOKUP_METHOD creation

OpenSSL 1.1.0 made the X509_LOOKUP_METHOD structure opaque, so
applications that were previously able to define a custom lookup method
are not able to be ported.

This commit adds getters and setters for each of the current fields of
X509_LOOKUP_METHOD, along with getters and setters on several associated
opaque types (such as X509_LOOKUP and X509_OBJECT).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6152)

7 files changed, 218 insertions, 6 deletions

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 89e5ceb144..62e798a4b2 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1685,6 +1685,7 @@ X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters
 X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file
 X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file
 X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file
+X509_F_X509_LOOKUP_METH_NEW:160:X509_LOOKUP_meth_new
 X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new
 X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry
 X509_F_X509_NAME_CANON:156:x509_name_canon
diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 7fc4b45048..afd0b6134e 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\
         x509_obj.c x509_req.c x509spki.c x509_vfy.c \
         x509_set.c x509cset.c x509rset.c x509_err.c \
         x509name.c x509_v3.c x509_ext.c x509_att.c \
-        x509type.c x509_lu.c x_all.c x509_txt.c \
+        x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \
         x509_trs.c by_file.c by_dir.c x509_vpm.c \
         x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
         x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index ae9670c6a0..9d5a571c59 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -110,7 +110,7 @@ static int new_dir(X509_LOOKUP *lu)
         X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    lu->method_data = (char *)a;
+    lu->method_data = a;
     return 1;
 
  err:
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 5027df4cb2..739708e24f 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -61,6 +61,8 @@ static const ERR_STRING_DATA X509_str_functs[] = {
      "X509_load_cert_file"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0),
      "X509_load_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0),
+     "X509_LOOKUP_meth_new"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0),
      "X509_NAME_add_entry"},
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 401f2e9f55..abd639aeca 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -69,7 +69,7 @@ struct x509_crl_method_st {
 };
 
 struct x509_lookup_method_st {
-    const char *name;
+    char *name;
     int (*new_item) (X509_LOOKUP *ctx);
     void (*free) (X509_LOOKUP *ctx);
     int (*init) (X509_LOOKUP *ctx);
@@ -93,7 +93,7 @@ struct x509_lookup_st {
     int init;                   /* have we been started */
     int skip;                   /* don't use us. */
     X509_LOOKUP_METHOD *method; /* the functions */
-    char *method_data;          /* method data */
+    void *method_data;          /* method data */
     X509_STORE *store_ctx;      /* who owns us */
 };
 
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 639a3df095..e7b1b8521c 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -118,6 +118,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ctx->method->get_by_alias(ctx, type, str, len, ret);
 }
 
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data)
+{
+    ctx->method_data = data;
+    return 1;
+}
+
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx)
+{
+    return ctx->method_data;
+}
+
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx)
+{
+    return ctx->store_ctx;
+}
+
+
 static int x509_object_cmp(const X509_OBJECT *const *a,
                            const X509_OBJECT *const *b)
 {
@@ -403,8 +420,7 @@ X509_OBJECT *X509_OBJECT_new(void)
     return ret;
 }
 
-
-void X509_OBJECT_free(X509_OBJECT *a)
+static void x509_object_free_internal(X509_OBJECT *a)
 {
     if (a == NULL)
         return;
@@ -418,6 +434,33 @@ void X509_OBJECT_free(X509_OBJECT *a)
         X509_CRL_free(a->data.crl);
         break;
     }
+}
+
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj)
+{
+    if (a == NULL || !X509_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_X509;
+    a->data.x509 = obj;
+    return 1;
+}
+
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj)
+{
+    if (a == NULL || !X509_CRL_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_CRL;
+    a->data.crl = obj;
+    return 1;
+}
+
+void X509_OBJECT_free(X509_OBJECT *a)
+{
+    x509_object_free_internal(a);
     OPENSSL_free(a);
 }
 
diff --git a/crypto/x509/x509_meth.c b/crypto/x509/x509_meth.c
new file mode 100644
index 0000000000..05ed4bf863
--- /dev/null
+++ b/crypto/x509/x509_meth.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/ossl_typ.h>
+#include "x509_lcl.h"
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name)
+{
+    X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD));
+
+    if (method != NULL) {
+        method->name = OPENSSL_strdup(name);
+        if (method->name == NULL) {
+            X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return method;
+
+err:
+    OPENSSL_free(method);
+    return NULL;
+}
+
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method)
+{
+    if (method != NULL)
+        OPENSSL_free(method->name);
+    OPENSSL_free(method);
+}
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx))
+{
+    method->new_item = new_item;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->new_item;
+}
+
+int X509_LOOKUP_meth_set_free(
+    X509_LOOKUP_METHOD *method,
+    void (*free) (X509_LOOKUP *ctx))
+{
+    method->free = free;
+    return 1;
+}
+
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->free;
+}
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx))
+{
+    method->init = init;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->init;
+}
+
+int X509_LOOKUP_meth_set_shutdown(
+    X509_LOOKUP_METHOD *method,
+    int (*shutdown) (X509_LOOKUP *ctx))
+{
+    method->shutdown = shutdown;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->shutdown;
+}
+
+int X509_LOOKUP_meth_set_ctrl(
+    X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_ctrl_fn ctrl)
+{
+    method->ctrl = ctrl;
+    return 1;
+}
+
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method)
+{
+    return method->ctrl;
+}
+
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_subject_fn get_by_subject)
+{
+    method->get_by_subject = get_by_subject;
+    return 1;
+}
+
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_subject;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial)
+{
+    method->get_by_issuer_serial = get_by_issuer_serial;
+    return 1;
+}
+
+X509_LOOKUP_get_by_issuer_serial_fn
+    X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_issuer_serial;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint)
+{
+    method->get_by_fingerprint = get_by_fingerprint;
+    return 1;
+}
+
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_fingerprint;
+}
+
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+                                      X509_LOOKUP_get_by_alias_fn get_by_alias)
+{
+    method->get_by_alias = get_by_alias;
+    return 1;
+}
+
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_alias;
+}
+