From 584eddee0266a22992253736a43572fad492b89f Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 20 Dec 2024 15:47:21 +0100 Subject: [PATCH] fixup! fixup! fix X509_PURPOSE_add() to take |sname| as primary key and handle |id| in a backwd compat way for new purpose --- CHANGES.md | 4 ++-- crypto/x509/v3_purp.c | 2 +- doc/man3/X509_check_purpose.pod | 3 ++- include/openssl/x509v3.h.in | 2 +- test/x509_internal_test.c | 3 ++- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index f2832acfaa477..bf56691dce393 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -70,8 +70,8 @@ OpenSSL 3.5 *David von Oheimb* - * `X509_PURPOSE_add()` has been fixed to take as the primary purpose identifier - not the `id` but the `sname` parameter. + * `X509_PURPOSE_add()` has been modified + to take `sname` instead of `id` as the primary purpose identifier. For its convenient use, `X509_PURPOSE_get_unused_id()` has been added. This work was sponsored by Siemens AG. diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index b4b3e87d2044f..3e3f4e95c1c9c 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -121,7 +121,7 @@ int X509_PURPOSE_get_count(void) } /* find smallest identifier not yet taken - note there might be gaps */ -int X509_PURPOSE_get_unused_id(void) +int X509_PURPOSE_get_unused_id(ossl_unused OSSL_LIB_CTX *libctx) { int id = X509_PURPOSE_MAX + 1; diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod index b5b3641d01768..6c84de9cf3260 100644 --- a/doc/man3/X509_check_purpose.pod +++ b/doc/man3/X509_check_purpose.pod @@ -23,7 +23,7 @@ X509_PURPOSE_set - functions related to checking the purpose of a certificate int X509_check_purpose(X509 *x, int id, int ca); int X509_PURPOSE_get_count(void); - int X509_PURPOSE_get_unused_id(void); + int X509_PURPOSE_get_unused_id(OSSL_LIB_CTX *libctx); int X509_PURPOSE_get_by_sname(const char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, @@ -65,6 +65,7 @@ keyUsage, extendedKeyUsage, and basicConstraints. X509_PURPOSE_get_count() returns the number of currently defined purposes. X509_PURPOSE_get_unused_id() returns the smallest purpose id not yet used. +The I parameter should be used to provide the library context. X509_PURPOSE_get_by_sname() returns the index of the purpose with the given short name or -1 if not found. diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in index a92efcd801ee1..025caff00f68d 100644 --- a/include/openssl/x509v3.h.in +++ b/include/openssl/x509v3.h.in @@ -741,7 +741,7 @@ const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); int X509_PURPOSE_get_count(void); -int X509_PURPOSE_get_unused_id(void); +int X509_PURPOSE_get_unused_id(OSSL_LIB_CTX *libctx); int X509_PURPOSE_get_by_sname(const char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index 07837e54fe0c7..e2d3910eeb1fe 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -180,6 +180,7 @@ static int ck_purp(ossl_unused const X509_PURPOSE *purpose, static int tests_X509_PURPOSE(void) { + OSSL_LIB_CTX *libctx = NULL; int id, idx, *p; X509_PURPOSE *xp; @@ -189,7 +190,7 @@ static int tests_X509_PURPOSE(void) #define SN "SN_test" #undef ARGS #define ARGS(id, sn) id, X509_TRUST_MAX, 0, ck_purp, LN, sn, NULL - return TEST_int_gt((id = X509_PURPOSE_get_unused_id()), X509_PURPOSE_MAX) + return TEST_int_gt((id = X509_PURPOSE_get_unused_id(libctx)), X509_PURPOSE_MAX) && TEST_int_eq(X509_PURPOSE_get_count() + 1, id) && TEST_int_eq(X509_PURPOSE_get_by_id(id), -1) && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), -1)