3 files changed, 39 insertions, 3 deletions
diff --git a/src/lib/libcrypto/hidden/openssl/x509_vfy.h b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
index 3a52206b45..a8e172ad2d 100644
--- a/src/lib/libcrypto/hidden/openssl/x509_vfy.h
+++ b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.1 2022/11/14 17:48:49 beck Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.2 2022/12/01 05:16:08 tb Exp $ */
 /*
 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
 *
@@ -47,6 +47,9 @@ LCRYPTO_USED(X509_STORE_set1_param);
 LCRYPTO_USED(X509_STORE_get0_param);
 LCRYPTO_USED(X509_STORE_get_verify_cb);
 LCRYPTO_USED(X509_STORE_set_verify_cb);
+LCRYPTO_USED(X509_STORE_get_check_issued);
+LCRYPTO_USED(X509_STORE_set_check_issued);
+LCRYPTO_USED(X509_STORE_CTX_get_check_issued);
 LCRYPTO_USED(X509_STORE_CTX_new);
 LCRYPTO_USED(X509_STORE_CTX_get1_issuer);
 LCRYPTO_USED(X509_STORE_CTX_free);
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9b7f371cea..675aba4322 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.107 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.108 2022/12/01 05:16:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2587,6 +2587,28 @@ X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, int (*verify)(X509_STORE_CTX *))
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set_verify)
+X509_STORE_CTX_check_issued_fn
+X509_STORE_get_check_issued(X509_STORE *store)
+{
+        return store->check_issued;
+}
+LCRYPTO_ALIAS(X509_STORE_get_check_issued)
+void
+X509_STORE_set_check_issued(X509_STORE *store,
+    X509_STORE_CTX_check_issued_fn check_issued)
+{
+        store->check_issued = check_issued;
+}
+LCRYPTO_ALIAS(X509_STORE_set_check_issued)
+X509_STORE_CTX_check_issued_fn
+X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
+{
+        return ctx->check_issued;
+}
+LCRYPTO_ALIAS(X509_STORE_CTX_get_check_issued)
 X509 *
 X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
 {
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 98b1cf5e92..e00db3a7af 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.55 2022/12/01 05:16:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -310,6 +310,17 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
 #define X509_STORE_set_verify_cb_func(ctx, func) \
    X509_STORE_set_verify_cb((ctx), (func))
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+    X509 *subject, X509 *issuer);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *store);
+void X509_STORE_set_check_issued(X509_STORE *store,
+    X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn
+    X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+#endif
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);

diff --git a/src/lib/libcrypto/hidden/openssl/x509_vfy.h b/src/lib/libcrypto/hidden/openssl/x509_vfy.h index 3a52206b45..a8e172ad2d 100644 --- a/src/lib/libcrypto/hidden/openssl/x509_vfy.h +++ b/src/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.1 2022/11/14 17:48:49 beck Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.2 2022/12/01 05:16:08 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -47,6 +47,9 @@ LCRYPTO_USED(X509_STORE_set1_param);
47	LCRYPTO_USED(X509_STORE_get0_param);	47	LCRYPTO_USED(X509_STORE_get0_param);
48	LCRYPTO_USED(X509_STORE_get_verify_cb);	48	LCRYPTO_USED(X509_STORE_get_verify_cb);
49	LCRYPTO_USED(X509_STORE_set_verify_cb);	49	LCRYPTO_USED(X509_STORE_set_verify_cb);
		50	LCRYPTO_USED(X509_STORE_get_check_issued);
		51	LCRYPTO_USED(X509_STORE_set_check_issued);
		52	LCRYPTO_USED(X509_STORE_CTX_get_check_issued);
50	LCRYPTO_USED(X509_STORE_CTX_new);	53	LCRYPTO_USED(X509_STORE_CTX_new);
51	LCRYPTO_USED(X509_STORE_CTX_get1_issuer);	54	LCRYPTO_USED(X509_STORE_CTX_get1_issuer);
52	LCRYPTO_USED(X509_STORE_CTX_free);	55	LCRYPTO_USED(X509_STORE_CTX_free);


diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 9b7f371cea..675aba4322 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.107 2022/11/26 16:08:55 tb Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.108 2022/12/01 05:16:08 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2587,6 +2587,28 @@ X509_STORE_CTX_set_verify(X509_STORE_CTX ctx, int (verify)(X509_STORE_CTX *))
2587	}	2587	}
2588	LCRYPTO_ALIAS(X509_STORE_CTX_set_verify)	2588	LCRYPTO_ALIAS(X509_STORE_CTX_set_verify)
2589		2589
		2590	X509_STORE_CTX_check_issued_fn
		2591	X509_STORE_get_check_issued(X509_STORE *store)
		2592	{
		2593	return store->check_issued;
		2594	}
		2595	LCRYPTO_ALIAS(X509_STORE_get_check_issued)
		2596
		2597	void
		2598	X509_STORE_set_check_issued(X509_STORE *store,
		2599	X509_STORE_CTX_check_issued_fn check_issued)
		2600	{
		2601	store->check_issued = check_issued;
		2602	}
		2603	LCRYPTO_ALIAS(X509_STORE_set_check_issued)
		2604
		2605	X509_STORE_CTX_check_issued_fn
		2606	X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
		2607	{
		2608	return ctx->check_issued;
		2609	}
		2610	LCRYPTO_ALIAS(X509_STORE_CTX_get_check_issued)
		2611
2590	X509 *	2612	X509 *
2591	X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)	2613	X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
2592	{	2614	{


diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 98b1cf5e92..e00db3a7af 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.55 2022/12/01 05:16:08 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -310,6 +310,17 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
310	#define X509_STORE_set_verify_cb_func(ctx, func) \	310	#define X509_STORE_set_verify_cb_func(ctx, func) \
311	X509_STORE_set_verify_cb((ctx), (func))	311	X509_STORE_set_verify_cb((ctx), (func))
312		312
		313	#if defined(LIBRESSL_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
		314	typedef int (X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX ctx,
		315	X509 subject, X509 issuer);
		316
		317	X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *store);
		318	void X509_STORE_set_check_issued(X509_STORE *store,
		319	X509_STORE_CTX_check_issued_fn check_issued);
		320	X509_STORE_CTX_check_issued_fn
		321	X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
		322	#endif
		323
313	X509_STORE_CTX *X509_STORE_CTX_new(void);	324	X509_STORE_CTX *X509_STORE_CTX_new(void);
314		325
315	int X509_STORE_CTX_get1_issuer(X509 *issuer, X509_STORE_CTX ctx, X509 *x);	326	int X509_STORE_CTX_get1_issuer(X509 *issuer, X509_STORE_CTX ctx, X509 *x);