2 files changed, 79 insertions, 2 deletions
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h
index 3c6baf82e0..83bd6829ae 100644
--- a/src/lib/libcrypto/ts/ts.h
+++ b/src/lib/libcrypto/ts/ts.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.h,v 1.16 2022/07/24 19:25:36 tb Exp $ */
+/* $OpenBSD: ts.h,v 1.17 2022/07/24 19:54:46 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
 * project 2002, 2003, 2004.
 */
@@ -682,6 +682,19 @@ void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
 void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
 void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
+#if defined(LIBRESSL_INTERNAL)
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags);
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags);
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio);
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *store);
+/* R$ special */
+#define TS_VERIFY_CTS_set_certs TS_VERIFY_CTX_set_certs
+STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
+    STACK_OF(X509) *certs);
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+    unsigned char *imprint, long imprint_len);
+#endif
 /*
 * If ctx is NULL, it allocates and returns a new object, otherwise
 * it returns ctx. It initialises all the members as follows:
diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c
index 83ef54a894..ef0ec6ca7f 100644
--- a/src/lib/libcrypto/ts/ts_verify_ctx.c
+++ b/src/lib/libcrypto/ts/ts_verify_ctx.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_verify_ctx.c,v 1.10 2022/07/24 08:16:47 tb Exp $ */
+/* $OpenBSD: ts_verify_ctx.c,v 1.11 2022/07/24 19:54:46 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2003.
 */
@@ -114,6 +114,70 @@ TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
        TS_VERIFY_CTX_init(ctx);
 }
+/*
+ * XXX: The following accessors demonstrate the amount of care and thought that
+ * went into OpenSSL 1.1 API design and the review thereof: for whatever reason
+ * these functions return what was passed in. Correct memory management is left
+ * as an exercise for the reader... Unfortunately, careful consumers like
+ * openssl-ruby assume this behavior, so we're stuck with this insanity. The
+ * cherry on top is the TS_VERIFY_CTS_set_certs() [sic!] function that made it
+ * into the public API.
+ *
+ * Outstanding job, R$ and tjh, A+.
+ */
+int
+TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags)
+{
+        ctx->flags |= flags;
+        return ctx->flags;
+}
+int
+TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags)
+{
+        ctx->flags = flags;
+        return ctx->flags;
+}
+BIO *
+TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio)
+{
+        ctx->data = bio;
+        return ctx->data;
+}
+X509_STORE *
+TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *store)
+{
+        ctx->store = store;
+        return ctx->store;
+}
+STACK_OF(X509) *
+TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs)
+{
+        ctx->certs = certs;
+        return ctx->certs;
+}
+unsigned char *
+TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *imprint,
+    long imprint_len)
+{
+        free(ctx->imprint);
+        ctx->imprint = imprint;
+        ctx->imprint_len = imprint_len;
+        return ctx->imprint;
+}
 TS_VERIFY_CTX *
 TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
 {

diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h index 3c6baf82e0..83bd6829ae 100644 --- a/src/lib/libcrypto/ts/ts.h +++ b/src/lib/libcrypto/ts/ts.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ts.h,v 1.16 2022/07/24 19:25:36 tb Exp $ */	1	/* $OpenBSD: ts.h,v 1.17 2022/07/24 19:54:46 tb Exp $ */
2	/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL	2	/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
3	* project 2002, 2003, 2004.	3	* project 2002, 2003, 2004.
4	*/	4	*/
@@ -682,6 +682,19 @@ void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
682	void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);	682	void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
683	void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);	683	void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
684		684
		685	#if defined(LIBRESSL_INTERNAL)
		686	int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags);
		687	int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags);
		688	BIO TS_VERIFY_CTX_set_data(TS_VERIFY_CTX ctx, BIO *bio);
		689	X509_STORE TS_VERIFY_CTX_set_store(TS_VERIFY_CTX ctx, X509_STORE *store);
		690	/* R$ special */
		691	#define TS_VERIFY_CTS_set_certs TS_VERIFY_CTX_set_certs
		692	STACK_OF(X509) TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX ctx,
		693	STACK_OF(X509) *certs);
		694	unsigned char TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX ctx,
		695	unsigned char *imprint, long imprint_len);
		696	#endif
		697
685	/*	698	/*
686	* If ctx is NULL, it allocates and returns a new object, otherwise	699	* If ctx is NULL, it allocates and returns a new object, otherwise
687	* it returns ctx. It initialises all the members as follows:	700	* it returns ctx. It initialises all the members as follows:


diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c index 83ef54a894..ef0ec6ca7f 100644 --- a/src/lib/libcrypto/ts/ts_verify_ctx.c +++ b/src/lib/libcrypto/ts/ts_verify_ctx.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ts_verify_ctx.c,v 1.10 2022/07/24 08:16:47 tb Exp $ */	1	/* $OpenBSD: ts_verify_ctx.c,v 1.11 2022/07/24 19:54:46 tb Exp $ */
2	/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL	2	/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3	* project 2003.	3	* project 2003.
4	*/	4	*/
@@ -114,6 +114,70 @@ TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
114	TS_VERIFY_CTX_init(ctx);	114	TS_VERIFY_CTX_init(ctx);
115	}	115	}
116		116
		117	/*
		118	* XXX: The following accessors demonstrate the amount of care and thought that
		119	* went into OpenSSL 1.1 API design and the review thereof: for whatever reason
		120	* these functions return what was passed in. Correct memory management is left
		121	* as an exercise for the reader... Unfortunately, careful consumers like
		122	* openssl-ruby assume this behavior, so we're stuck with this insanity. The
		123	* cherry on top is the TS_VERIFY_CTS_set_certs() [sic!] function that made it
		124	* into the public API.
		125	*
		126	* Outstanding job, R$ and tjh, A+.
		127	*/
		128
		129	int
		130	TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags)
		131	{
		132	ctx->flags \|= flags;
		133
		134	return ctx->flags;
		135	}
		136
		137	int
		138	TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags)
		139	{
		140	ctx->flags = flags;
		141
		142	return ctx->flags;
		143	}
		144
		145	BIO *
		146	TS_VERIFY_CTX_set_data(TS_VERIFY_CTX ctx, BIO bio)
		147	{
		148	ctx->data = bio;
		149
		150	return ctx->data;
		151	}
		152
		153	X509_STORE *
		154	TS_VERIFY_CTX_set_store(TS_VERIFY_CTX ctx, X509_STORE store)
		155	{
		156	ctx->store = store;
		157
		158	return ctx->store;
		159	}
		160
		161	STACK_OF(X509) *
		162	TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX ctx, STACK_OF(X509) certs)
		163	{
		164	ctx->certs = certs;
		165
		166	return ctx->certs;
		167	}
		168
		169	unsigned char *
		170	TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX ctx, unsigned char imprint,
		171	long imprint_len)
		172	{
		173	free(ctx->imprint);
		174
		175	ctx->imprint = imprint;
		176	ctx->imprint_len = imprint_len;
		177
		178	return ctx->imprint;
		179	}
		180
117	TS_VERIFY_CTX *	181	TS_VERIFY_CTX *
118	TS_REQ_to_TS_VERIFY_CTX(TS_REQ req, TS_VERIFY_CTX ctx)	182	TS_REQ_to_TS_VERIFY_CTX(TS_REQ req, TS_VERIFY_CTX ctx)
119	{	183	{