4 files changed, 73 insertions, 3 deletions
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index 62d6b5a3ad..bcd5b84ba6 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -525,6 +525,7 @@ _libre_X509_STORE_new
 _libre_X509_STORE_free
 _libre_X509_STORE_up_ref
 _libre_X509_STORE_get0_objects
+_libre_X509_STORE_get1_objects
 _libre_X509_STORE_get_ex_data
 _libre_X509_STORE_set_ex_data
 _libre_X509_STORE_set_flags
diff --git a/src/lib/libcrypto/hidden/openssl/x509_vfy.h b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
index b5f2ac1a85..3502492133 100644
--- a/src/lib/libcrypto/hidden/openssl/x509_vfy.h
+++ b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.6 2023/07/05 21:14:54 bcook Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.7 2024/02/23 10:39:07 tb Exp $ */
 /*
 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
 *
@@ -40,6 +40,7 @@ LCRYPTO_USED(X509_STORE_new);
 LCRYPTO_USED(X509_STORE_free);
 LCRYPTO_USED(X509_STORE_up_ref);
 LCRYPTO_USED(X509_STORE_get0_objects);
+LCRYPTO_USED(X509_STORE_get1_objects);
 LCRYPTO_USED(X509_STORE_get_ex_data);
 LCRYPTO_USED(X509_STORE_set_ex_data);
 LCRYPTO_USED(X509_STORE_set_flags);
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 6bdae0f5c4..7e7a5dedd0 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.62 2023/12/27 01:55:25 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.63 2024/02/23 10:39:07 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -246,6 +246,24 @@ X509_OBJECT_free(X509_OBJECT *a)
 }
 LCRYPTO_ALIAS(X509_OBJECT_free);
+static X509_OBJECT *
+x509_object_dup(const X509_OBJECT *obj)
+{
+        X509_OBJECT *copy;
+        if ((copy = X509_OBJECT_new()) == NULL) {
+                X509error(ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        copy->type = obj->type;
+        copy->data = obj->data;
+        X509_OBJECT_up_ref_count(copy);
+        return copy;
+}
 void
 X509_STORE_free(X509_STORE *store)
 {
@@ -785,6 +803,53 @@ X509_STORE_get0_objects(X509_STORE *xs)
 }
 LCRYPTO_ALIAS(X509_STORE_get0_objects);
+static STACK_OF(X509_OBJECT) *
+sk_X509_OBJECT_deep_copy(const STACK_OF(X509_OBJECT) *objs)
+{
+        STACK_OF(X509_OBJECT) *copy = NULL;
+        X509_OBJECT *obj = NULL;
+        int i;
+        if ((copy = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+                X509error(ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
+                if ((obj = x509_object_dup(sk_X509_OBJECT_value(objs, i))) == NULL)
+                        goto err;
+                if (!sk_X509_OBJECT_push(copy, obj))
+                        goto err;
+                obj = NULL;
+        }
+        return copy;
+ err:
+        X509_OBJECT_free(obj);
+        sk_X509_OBJECT_pop_free(copy, X509_OBJECT_free);
+        return NULL;
+}
+STACK_OF(X509_OBJECT) *
+X509_STORE_get1_objects(X509_STORE *store)
+{
+        STACK_OF(X509_OBJECT) *objs;
+        if (store == NULL) {
+                X509error(ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+        }
+        CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+        objs = sk_X509_OBJECT_deep_copy(store->objs);
+        CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+        return objs;
+}
+LCRYPTO_ALIAS(X509_STORE_get1_objects);
 void *
 X509_STORE_get_ex_data(X509_STORE *xs, int idx)
 {
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 1aa29abd3d..d7657a51f0 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.64 2023/05/28 05:25:24 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.65 2024/02/23 10:39:07 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -293,6 +293,9 @@ int X509_STORE_up_ref(X509_STORE *x);
 STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs);
+#endif
 void *X509_STORE_get_ex_data(X509_STORE *xs, int idx);
 int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);

diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace index 62d6b5a3ad..bcd5b84ba6 100644 --- a/src/lib/libcrypto/Symbols.namespace +++ b/src/lib/libcrypto/Symbols.namespace
@@ -525,6 +525,7 @@ _libre_X509_STORE_new
525	_libre_X509_STORE_free	525	_libre_X509_STORE_free
526	_libre_X509_STORE_up_ref	526	_libre_X509_STORE_up_ref
527	_libre_X509_STORE_get0_objects	527	_libre_X509_STORE_get0_objects
		528	_libre_X509_STORE_get1_objects
528	_libre_X509_STORE_get_ex_data	529	_libre_X509_STORE_get_ex_data
529	_libre_X509_STORE_set_ex_data	530	_libre_X509_STORE_set_ex_data
530	_libre_X509_STORE_set_flags	531	_libre_X509_STORE_set_flags


diff --git a/src/lib/libcrypto/hidden/openssl/x509_vfy.h b/src/lib/libcrypto/hidden/openssl/x509_vfy.h index b5f2ac1a85..3502492133 100644 --- a/src/lib/libcrypto/hidden/openssl/x509_vfy.h +++ b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.6 2023/07/05 21:14:54 bcook Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.7 2024/02/23 10:39:07 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -40,6 +40,7 @@ LCRYPTO_USED(X509_STORE_new);
40	LCRYPTO_USED(X509_STORE_free);	40	LCRYPTO_USED(X509_STORE_free);
41	LCRYPTO_USED(X509_STORE_up_ref);	41	LCRYPTO_USED(X509_STORE_up_ref);
42	LCRYPTO_USED(X509_STORE_get0_objects);	42	LCRYPTO_USED(X509_STORE_get0_objects);
		43	LCRYPTO_USED(X509_STORE_get1_objects);
43	LCRYPTO_USED(X509_STORE_get_ex_data);	44	LCRYPTO_USED(X509_STORE_get_ex_data);
44	LCRYPTO_USED(X509_STORE_set_ex_data);	45	LCRYPTO_USED(X509_STORE_set_ex_data);
45	LCRYPTO_USED(X509_STORE_set_flags);	46	LCRYPTO_USED(X509_STORE_set_flags);


diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index 6bdae0f5c4..7e7a5dedd0 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_lu.c,v 1.62 2023/12/27 01:55:25 tb Exp $ */	1	/* $OpenBSD: x509_lu.c,v 1.63 2024/02/23 10:39:07 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -246,6 +246,24 @@ X509_OBJECT_free(X509_OBJECT *a)
246	}	246	}
247	LCRYPTO_ALIAS(X509_OBJECT_free);	247	LCRYPTO_ALIAS(X509_OBJECT_free);
248		248
		249	static X509_OBJECT *
		250	x509_object_dup(const X509_OBJECT *obj)
		251	{
		252	X509_OBJECT *copy;
		253
		254	if ((copy = X509_OBJECT_new()) == NULL) {
		255	X509error(ERR_R_MALLOC_FAILURE);
		256	return NULL;
		257	}
		258
		259	copy->type = obj->type;
		260	copy->data = obj->data;
		261
		262	X509_OBJECT_up_ref_count(copy);
		263
		264	return copy;
		265	}
		266
249	void	267	void
250	X509_STORE_free(X509_STORE *store)	268	X509_STORE_free(X509_STORE *store)
251	{	269	{
@@ -785,6 +803,53 @@ X509_STORE_get0_objects(X509_STORE *xs)
785	}	803	}
786	LCRYPTO_ALIAS(X509_STORE_get0_objects);	804	LCRYPTO_ALIAS(X509_STORE_get0_objects);
787		805
		806	static STACK_OF(X509_OBJECT) *
		807	sk_X509_OBJECT_deep_copy(const STACK_OF(X509_OBJECT) *objs)
		808	{
		809	STACK_OF(X509_OBJECT) *copy = NULL;
		810	X509_OBJECT *obj = NULL;
		811	int i;
		812
		813	if ((copy = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
		814	X509error(ERR_R_MALLOC_FAILURE);
		815	goto err;
		816	}
		817
		818	for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
		819	if ((obj = x509_object_dup(sk_X509_OBJECT_value(objs, i))) == NULL)
		820	goto err;
		821	if (!sk_X509_OBJECT_push(copy, obj))
		822	goto err;
		823	obj = NULL;
		824	}
		825
		826	return copy;
		827
		828	err:
		829	X509_OBJECT_free(obj);
		830	sk_X509_OBJECT_pop_free(copy, X509_OBJECT_free);
		831
		832	return NULL;
		833	}
		834
		835	STACK_OF(X509_OBJECT) *
		836	X509_STORE_get1_objects(X509_STORE *store)
		837	{
		838	STACK_OF(X509_OBJECT) *objs;
		839
		840	if (store == NULL) {
		841	X509error(ERR_R_PASSED_NULL_PARAMETER);
		842	return NULL;
		843	}
		844
		845	CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
		846	objs = sk_X509_OBJECT_deep_copy(store->objs);
		847	CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
		848
		849	return objs;
		850	}
		851	LCRYPTO_ALIAS(X509_STORE_get1_objects);
		852
788	void *	853	void *
789	X509_STORE_get_ex_data(X509_STORE *xs, int idx)	854	X509_STORE_get_ex_data(X509_STORE *xs, int idx)
790	{	855	{


diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 1aa29abd3d..d7657a51f0 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.64 2023/05/28 05:25:24 tb Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.65 2024/02/23 10:39:07 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -293,6 +293,9 @@ int X509_STORE_up_ref(X509_STORE *x);
293	STACK_OF(X509) X509_STORE_CTX_get1_certs(X509_STORE_CTX st, X509_NAME *nm);	293	STACK_OF(X509) X509_STORE_CTX_get1_certs(X509_STORE_CTX st, X509_NAME *nm);
294	STACK_OF(X509_CRL) X509_STORE_CTX_get1_crls(X509_STORE_CTX st, X509_NAME *nm);	294	STACK_OF(X509_CRL) X509_STORE_CTX_get1_crls(X509_STORE_CTX st, X509_NAME *nm);
295	STACK_OF(X509_OBJECT) X509_STORE_get0_objects(X509_STORE xs);	295	STACK_OF(X509_OBJECT) X509_STORE_get0_objects(X509_STORE xs);
		296	#if defined(LIBRESSL_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
		297	STACK_OF(X509_OBJECT) X509_STORE_get1_objects(X509_STORE xs);
		298	#endif
296	void X509_STORE_get_ex_data(X509_STORE xs, int idx);	299	void X509_STORE_get_ex_data(X509_STORE xs, int idx);
297	int X509_STORE_set_ex_data(X509_STORE xs, int idx, void data);	300	int X509_STORE_set_ex_data(X509_STORE xs, int idx, void data);
298		301