fix X509_PURPOSE_set() to support clearing the purpose requirement as…

… needed for X509_VERIFY_PARAM_set_purpose()
siemens · Dec 20, 2024 · 313b8ca · 313b8ca
1 parent 53b3456
commit 313b8ca
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
@@ -100,9 +100,10 @@ int X509_check_purpose(X509 *x, int id, int non_leaf)
     return pt->check_purpose(pt, x, non_leaf);
 }
 
+/* resets to default (any) purpose if |purpose| == 0 */
 int X509_PURPOSE_set(int *p, int purpose)
 {
-    if (X509_PURPOSE_get_by_id(purpose) == -1) {
+    if (purpose != 0 && X509_PURPOSE_get_by_id(purpose) == -1) {
         ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_PURPOSE);
         return 0;
     }

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
@@ -296,6 +296,7 @@ int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
     return 1;
 }
 
+/* resets to default (any) purpose if |purpose| == 0 */
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
 {
     return X509_PURPOSE_set(&param->purpose, purpose);