diff options
| author | Matt Caswell <matt@openssl.org> | 2020-04-01 16:03:44 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-04-08 23:56:27 +0100 |
| commit | 1143c27be1dafe954b72bff5069795c83f9d423c (patch) | |
| tree | 10abe2e770cf7f6081f52fc3291a05b5693f96c1 | |
| parent | afce590b74159f7df1452fb2c4aa990a52536c38 (diff) | |
| download | openssl-1143c27be1dafe954b72bff5069795c83f9d423c.tar.gz | |
Add X509_STORE_CTX_new_with_libctx()
Make it possible to create an X509_STORE_CTX with an associated libctx
and propq.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
| -rw-r--r-- | crypto/x509/x509_vfy.c | 26 | ||||
| -rw-r--r-- | include/crypto/x509.h | 3 | ||||
| -rw-r--r-- | include/openssl/x509_vfy.h | 2 | ||||
| -rw-r--r-- | util/libcrypto.num | 1 |
4 files changed, 30 insertions, 2 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 510b4f1109..dee219eb38 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2208,23 +2208,45 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, return 1; } -X509_STORE_CTX *X509_STORE_CTX_new(void) +X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx, + const char *propq) { X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { - X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); + X509err(0, ERR_R_MALLOC_FAILURE); return NULL; } + + ctx->libctx = libctx; + if (propq != NULL) { + ctx->propq = OPENSSL_strdup(propq); + if (ctx->propq == NULL) { + OPENSSL_free(ctx); + X509err(0, ERR_R_MALLOC_FAILURE); + return NULL; + } + } + return ctx; } +X509_STORE_CTX *X509_STORE_CTX_new(void) +{ + return X509_STORE_CTX_new_with_libctx(NULL, NULL); +} + + void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { if (ctx == NULL) return; X509_STORE_CTX_cleanup(ctx); + + /* libctx and propq survive X509_STORE_CTX_cleanup() */ + OPENSSL_free(ctx->propq); + OPENSSL_free(ctx); } diff --git a/include/crypto/x509.h b/include/crypto/x509.h index d68150ff98..560f3abb76 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -262,6 +262,9 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */ SSL_DANE *dane; /* signed via bare TA public key, rather than CA certificate */ int bare_ta_signed; + + OPENSSL_CTX *libctx; + char *propq; }; /* PKCS#8 private key info structure */ diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 99c3ab2048..08f17384c3 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -352,6 +352,8 @@ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx); int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx); +X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx, + const char *propq); X509_STORE_CTX *X509_STORE_CTX_new(void); int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); diff --git a/util/libcrypto.num b/util/libcrypto.num index 73d70efe99..60050c1830 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5040,3 +5040,4 @@ EVP_PKEY_get_octet_string_param ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_is_a ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_can_sign ? 3_0_0 EXIST::FUNCTION: evp_pkey_get_EC_KEY_curve_nid ? 3_0_0 EXIST::FUNCTION:EC +X509_STORE_CTX_new_with_libctx ? 3_0_0 EXIST::FUNCTION: |