fixup! fixup! fix X509_PURPOSE_add() to take |sname| as primary key a…

…nd handle |id| in a backwd compat way for new purpose
siemens · Dec 20, 2024 · 584edde · 584edde
1 parent a37a1d4
commit 584edde
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 6 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -70,8 +70,8 @@ OpenSSL 3.5
 
    *David von Oheimb*
 
- * `X509_PURPOSE_add()` has been fixed to take as the primary purpose identifier
-   not the `id` but the `sname` parameter.
+ * `X509_PURPOSE_add()` has been modified
+   to take `sname` instead of `id` as the primary purpose identifier.
    For its convenient use, `X509_PURPOSE_get_unused_id()` has been added.
 
    This work was sponsored by Siemens AG.

diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
@@ -121,7 +121,7 @@ int X509_PURPOSE_get_count(void)
 }
 
 /* find smallest identifier not yet taken - note there might be gaps */
-int X509_PURPOSE_get_unused_id(void)
+int X509_PURPOSE_get_unused_id(ossl_unused OSSL_LIB_CTX *libctx)
 {
     int id = X509_PURPOSE_MAX + 1;
 

diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod
@@ -23,7 +23,7 @@ X509_PURPOSE_set - functions related to checking the purpose of a certificate
  int X509_check_purpose(X509 *x, int id, int ca);
 
  int X509_PURPOSE_get_count(void);
- int X509_PURPOSE_get_unused_id(void);
+ int X509_PURPOSE_get_unused_id(OSSL_LIB_CTX *libctx);
  int X509_PURPOSE_get_by_sname(const char *sname);
  int X509_PURPOSE_get_by_id(int id);
  int X509_PURPOSE_add(int id, int trust, int flags,
@@ -65,6 +65,7 @@ keyUsage, extendedKeyUsage, and basicConstraints.
 X509_PURPOSE_get_count() returns the number of currently defined purposes.
 
 X509_PURPOSE_get_unused_id() returns the smallest purpose id not yet used.
+The I<libctx> parameter should be used to provide the library context.
 
 X509_PURPOSE_get_by_sname() returns the index of
 the purpose with the given short name or -1 if not found.

diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
@@ -741,7 +741,7 @@ const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
 
 int X509_PURPOSE_get_count(void);
-int X509_PURPOSE_get_unused_id(void);
+int X509_PURPOSE_get_unused_id(OSSL_LIB_CTX *libctx);
 int X509_PURPOSE_get_by_sname(const char *sname);
 int X509_PURPOSE_get_by_id(int id);
 int X509_PURPOSE_add(int id, int trust, int flags,

diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c
@@ -180,6 +180,7 @@ static int ck_purp(ossl_unused const X509_PURPOSE *purpose,
 
 static int tests_X509_PURPOSE(void)
 {
+    OSSL_LIB_CTX *libctx = NULL;
     int id, idx, *p;
     X509_PURPOSE *xp;
 
@@ -189,7 +190,7 @@ static int tests_X509_PURPOSE(void)
 #define SN "SN_test"
 #undef ARGS
 #define ARGS(id, sn) id, X509_TRUST_MAX, 0, ck_purp, LN, sn, NULL
-    return TEST_int_gt((id = X509_PURPOSE_get_unused_id()), X509_PURPOSE_MAX)
+    return TEST_int_gt((id = X509_PURPOSE_get_unused_id(libctx)), X509_PURPOSE_MAX)
         && TEST_int_eq(X509_PURPOSE_get_count() + 1, id)
         && TEST_int_eq(X509_PURPOSE_get_by_id(id), -1)
         && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), -1)