Getters and setters for the check_issued() callback

Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along with X509_STORE_{get,set}_check_issued(). As you would expect, they all return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const in OpenSSL 1.1, but they now are in OpenSSL 3... These will be made available in the next minor bump and will ship in the stable release of LibreSSL 3.7 Part of OpenSSL commit 1060a50b See also https://github.com/libressl-portable/portable/issues/748 ok beck jsing
author: tb <> 2022-12-01 05:16:08 +0000
committer: tb <> 2022-12-01 05:16:08 +0000
commit: 28ef9c3d0b11cd813f139ffe30994a5008042bf8 (patch)
tree: b0ff60335c6fcd3f996c1795a3f7a071108f7e85 /src
parent: 6b167b264a00d811a6f14daa45c93de7e0679e9d (diff)
download: openbsd-28ef9c3d0b11cd813f139ffe30994a5008042bf8.tar.gz
openbsd-28ef9c3d0b11cd813f139ffe30994a5008042bf8.tar.bz2
openbsd-28ef9c3d0b11cd813f139ffe30994a5008042bf8.zip
3 files changed, 39 insertions, 3 deletions
diff --git a/src/lib/libcrypto/hidden/openssl/x509_vfy.h b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
index 3a52206b45..a8e172ad2d 100644
--- a/src/lib/libcrypto/hidden/openssl/x509_vfy.h
+++ b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.1 2022/11/14 17:48:49 beck Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.2 2022/12/01 05:16:08 tb Exp $ */
 /*
 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
 *
@@ -47,6 +47,9 @@ LCRYPTO_USED(X509_STORE_set1_param);
 LCRYPTO_USED(X509_STORE_get0_param);
 LCRYPTO_USED(X509_STORE_get_verify_cb);
 LCRYPTO_USED(X509_STORE_set_verify_cb);
+LCRYPTO_USED(X509_STORE_get_check_issued);
+LCRYPTO_USED(X509_STORE_set_check_issued);
+LCRYPTO_USED(X509_STORE_CTX_get_check_issued);
 LCRYPTO_USED(X509_STORE_CTX_new);
 LCRYPTO_USED(X509_STORE_CTX_get1_issuer);
 LCRYPTO_USED(X509_STORE_CTX_free);
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9b7f371cea..675aba4322 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.107 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.108 2022/12/01 05:16:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2587,6 +2587,28 @@ X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, int (*verify)(X509_STORE_CTX *))
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set_verify)
+X509_STORE_CTX_check_issued_fn
+X509_STORE_get_check_issued(X509_STORE *store)
+{
+        return store->check_issued;
+}
+LCRYPTO_ALIAS(X509_STORE_get_check_issued)
+void
+X509_STORE_set_check_issued(X509_STORE *store,
+    X509_STORE_CTX_check_issued_fn check_issued)
+{
+        store->check_issued = check_issued;
+}
+LCRYPTO_ALIAS(X509_STORE_set_check_issued)
+X509_STORE_CTX_check_issued_fn
+X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
+{
+        return ctx->check_issued;
+}
+LCRYPTO_ALIAS(X509_STORE_CTX_get_check_issued)
 X509 *
 X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
 {
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 98b1cf5e92..e00db3a7af 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.55 2022/12/01 05:16:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -310,6 +310,17 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
 #define X509_STORE_set_verify_cb_func(ctx, func) \
    X509_STORE_set_verify_cb((ctx), (func))
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+    X509 *subject, X509 *issuer);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *store);
+void X509_STORE_set_check_issued(X509_STORE *store,
+    X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn
+    X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+#endif
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
author	tb <>	2022-12-01 05:16:08 +0000
committer	tb <>	2022-12-01 05:16:08 +0000
commit	28ef9c3d0b11cd813f139ffe30994a5008042bf8 (patch)
tree	b0ff60335c6fcd3f996c1795a3f7a071108f7e85 /src
parent	6b167b264a00d811a6f14daa45c93de7e0679e9d (diff)
download	openbsd-28ef9c3d0b11cd813f139ffe30994a5008042bf8.tar.gz openbsd-28ef9c3d0b11cd813f139ffe30994a5008042bf8.tar.bz2 openbsd-28ef9c3d0b11cd813f139ffe30994a5008042bf8.zip

diff --git a/src/lib/libcrypto/hidden/openssl/x509_vfy.h b/src/lib/libcrypto/hidden/openssl/x509_vfy.h index 3a52206b45..a8e172ad2d 100644 --- a/src/lib/libcrypto/hidden/openssl/x509_vfy.h +++ b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.1 2022/11/14 17:48:49 beck Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.2 2022/12/01 05:16:08 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -47,6 +47,9 @@ LCRYPTO_USED(X509_STORE_set1_param);
47	LCRYPTO_USED(X509_STORE_get0_param);	47	LCRYPTO_USED(X509_STORE_get0_param);
48	LCRYPTO_USED(X509_STORE_get_verify_cb);	48	LCRYPTO_USED(X509_STORE_get_verify_cb);
49	LCRYPTO_USED(X509_STORE_set_verify_cb);	49	LCRYPTO_USED(X509_STORE_set_verify_cb);
		50	LCRYPTO_USED(X509_STORE_get_check_issued);
		51	LCRYPTO_USED(X509_STORE_set_check_issued);
		52	LCRYPTO_USED(X509_STORE_CTX_get_check_issued);
50	LCRYPTO_USED(X509_STORE_CTX_new);	53	LCRYPTO_USED(X509_STORE_CTX_new);
51	LCRYPTO_USED(X509_STORE_CTX_get1_issuer);	54	LCRYPTO_USED(X509_STORE_CTX_get1_issuer);
52	LCRYPTO_USED(X509_STORE_CTX_free);	55	LCRYPTO_USED(X509_STORE_CTX_free);


diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 9b7f371cea..675aba4322 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.107 2022/11/26 16:08:55 tb Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.108 2022/12/01 05:16:08 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2587,6 +2587,28 @@ X509_STORE_CTX_set_verify(X509_STORE_CTX ctx, int (verify)(X509_STORE_CTX *))
2587	}	2587	}
2588	LCRYPTO_ALIAS(X509_STORE_CTX_set_verify)	2588	LCRYPTO_ALIAS(X509_STORE_CTX_set_verify)
2589		2589
		2590	X509_STORE_CTX_check_issued_fn
		2591	X509_STORE_get_check_issued(X509_STORE *store)
		2592	{
		2593	return store->check_issued;
		2594	}
		2595	LCRYPTO_ALIAS(X509_STORE_get_check_issued)
		2596
		2597	void
		2598	X509_STORE_set_check_issued(X509_STORE *store,
		2599	X509_STORE_CTX_check_issued_fn check_issued)
		2600	{
		2601	store->check_issued = check_issued;
		2602	}
		2603	LCRYPTO_ALIAS(X509_STORE_set_check_issued)
		2604
		2605	X509_STORE_CTX_check_issued_fn
		2606	X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
		2607	{
		2608	return ctx->check_issued;
		2609	}
		2610	LCRYPTO_ALIAS(X509_STORE_CTX_get_check_issued)
		2611
2590	X509 *	2612	X509 *
2591	X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)	2613	X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
2592	{	2614	{


diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 98b1cf5e92..e00db3a7af 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.55 2022/12/01 05:16:08 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -310,6 +310,17 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
310	#define X509_STORE_set_verify_cb_func(ctx, func) \	310	#define X509_STORE_set_verify_cb_func(ctx, func) \
311	X509_STORE_set_verify_cb((ctx), (func))	311	X509_STORE_set_verify_cb((ctx), (func))
312		312
		313	#if defined(LIBRESSL_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
		314	typedef int (X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX ctx,
		315	X509 subject, X509 issuer);
		316
		317	X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *store);
		318	void X509_STORE_set_check_issued(X509_STORE *store,
		319	X509_STORE_CTX_check_issued_fn check_issued);
		320	X509_STORE_CTX_check_issued_fn
		321	X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
		322	#endif
		323
313	X509_STORE_CTX *X509_STORE_CTX_new(void);	324	X509_STORE_CTX *X509_STORE_CTX_new(void);
314		325
315	int X509_STORE_CTX_get1_issuer(X509 *issuer, X509_STORE_CTX ctx, X509 *x);	326	int X509_STORE_CTX_get1_issuer(X509 *issuer, X509_STORE_CTX ctx, X509 *x);