Browse Source

Add X509_STORE_CTX_new_with_libctx()

Make it possible to create an X509_STORE_CTX with an associated libctx
and propq.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
master
Matt Caswell 2 years ago
parent
commit
1143c27be1
4 changed files with 30 additions and 2 deletions
  1. +24
    -2
      crypto/x509/x509_vfy.c
  2. +3
    -0
      include/crypto/x509.h
  3. +2
    -0
      include/openssl/x509_vfy.h
  4. +1
    -0
      util/libcrypto.num

+ 24
- 2
crypto/x509/x509_vfy.c View File

@ -2208,23 +2208,45 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
return 1;
}
X509_STORE_CTX *X509_STORE_CTX_new(void)
X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
const char *propq)
{
X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL) {
X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
X509err(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
ctx->libctx = libctx;
if (propq != NULL) {
ctx->propq = OPENSSL_strdup(propq);
if (ctx->propq == NULL) {
OPENSSL_free(ctx);
X509err(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
}
return ctx;
}
X509_STORE_CTX *X509_STORE_CTX_new(void)
{
return X509_STORE_CTX_new_with_libctx(NULL, NULL);
}
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
if (ctx == NULL)
return;
X509_STORE_CTX_cleanup(ctx);
/* libctx and propq survive X509_STORE_CTX_cleanup() */
OPENSSL_free(ctx->propq);
OPENSSL_free(ctx);
}


+ 3
- 0
include/crypto/x509.h View File

@ -262,6 +262,9 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */
SSL_DANE *dane;
/* signed via bare TA public key, rather than CA certificate */
int bare_ta_signed;
OPENSSL_CTX *libctx;
char *propq;
};
/* PKCS#8 private key info structure */


+ 2
- 0
include/openssl/x509_vfy.h View File

@ -352,6 +352,8 @@ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
const char *propq);
X509_STORE_CTX *X509_STORE_CTX_new(void);
int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);


+ 1
- 0
util/libcrypto.num View File

@ -5040,3 +5040,4 @@ EVP_PKEY_get_octet_string_param ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_is_a ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_can_sign ? 3_0_0 EXIST::FUNCTION:
evp_pkey_get_EC_KEY_curve_nid ? 3_0_0 EXIST::FUNCTION:EC
X509_STORE_CTX_new_with_libctx ? 3_0_0 EXIST::FUNCTION:

Loading…
Cancel
Save