fixup! fix X509_PURPOSE_add() to take |sname| as primary key and hand…

…le |id| in a backwd compat way for new purpose
siemens · Dec 20, 2024 · a37a1d4 · a37a1d4
1 parent 90e18c9
commit a37a1d4
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 12 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -72,7 +72,7 @@ OpenSSL 3.5
 
  * `X509_PURPOSE_add()` has been fixed to take as the primary purpose identifier
    not the `id` but the `sname` parameter.
-   For its convenient use, `X509_PURPOSE_get_fresh_id()` has been added.
+   For its convenient use, `X509_PURPOSE_get_unused_id()` has been added.
 
    This work was sponsored by Siemens AG.
 

diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
@@ -121,7 +121,7 @@ int X509_PURPOSE_get_count(void)
 }
 
 /* find smallest identifier not yet taken - note there might be gaps */
-int X509_PURPOSE_get_fresh_id(void)
+int X509_PURPOSE_get_unused_id(void)
 {
     int id = X509_PURPOSE_MAX + 1;
 

diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod
@@ -4,7 +4,7 @@
 
 X509_check_purpose,
 X509_PURPOSE_get_count,
-X509_PURPOSE_get_fresh_id,
+X509_PURPOSE_get_unused_id,
 X509_PURPOSE_get_by_sname,
 X509_PURPOSE_get_by_id,
 X509_PURPOSE_add,
@@ -23,7 +23,7 @@ X509_PURPOSE_set - functions related to checking the purpose of a certificate
  int X509_check_purpose(X509 *x, int id, int ca);
 
  int X509_PURPOSE_get_count(void);
- int X509_PURPOSE_get_fresh_id(void);
+ int X509_PURPOSE_get_unused_id(void);
  int X509_PURPOSE_get_by_sname(const char *sname);
  int X509_PURPOSE_get_by_id(int id);
  int X509_PURPOSE_add(int id, int trust, int flags,
@@ -64,7 +64,7 @@ keyUsage, extendedKeyUsage, and basicConstraints.
 
 X509_PURPOSE_get_count() returns the number of currently defined purposes.
 
-X509_PURPOSE_get_fresh_id() returns the smallest purpose id not yet used.
+X509_PURPOSE_get_unused_id() returns the smallest purpose id not yet used.
 
 X509_PURPOSE_get_by_sname() returns the index of
 the purpose with the given short name or -1 if not found.
@@ -74,7 +74,7 @@ the purpose with the given id or -1 if not found.
 
 X509_PURPOSE_add() adds or modifies a purpose entry identified by I<sname>.
 Unless the id stays the same for an existing entry, I<id> must be fresh,
-which can be achieved by using the result of X509_PURPOSE_get_fresh_id().
+which can be achieved by using the result of X509_PURPOSE_get_unused_id().
 The function also sets in the entry the trust id I<trust>, the given I<flags>,
 the purpose (long) name I<name>, the short name I<sname>, the purpose checking
 funktion I<ck> of type B<int (*) (const X509_PURPOSE *, const X509 *, int)>,
@@ -134,7 +134,7 @@ For CA checks the below integers could be returned with the following meanings:
 
 X509_PURPOSE_get_count() returns the number of currently defined purposes.
 
-X509_PURPOSE_get_fresh_id() returns the smallest purpose id not yet used.
+X509_PURPOSE_get_unused_id() returns the smallest purpose id not yet used.
 
 X509_PURPOSE_get_by_sname() returns the index of
 the purpose with the given short name or -1 if not found.
@@ -160,7 +160,7 @@ X509_PURPOSE_set() returns 1 on success, 0 on error.
 
 =head1 HISTORY
 
-X509_PURPOSE_get_fresh_id() was added in OpensSL 3.5.
+X509_PURPOSE_get_unused_id() was added in OpensSL 3.5.
 
 =head1 COPYRIGHT
 

diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
@@ -477,7 +477,6 @@ typedef struct x509_purpose_st {
     generate_stack_macros("X509_PURPOSE");
 -}
 
-
 # define X509_PURPOSE_DEFAULT_ANY        0
 # define X509_PURPOSE_SSL_CLIENT         1
 # define X509_PURPOSE_SSL_SERVER         2
@@ -742,7 +741,7 @@ const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
 
 int X509_PURPOSE_get_count(void);
-int X509_PURPOSE_get_fresh_id(void);
+int X509_PURPOSE_get_unused_id(void);
 int X509_PURPOSE_get_by_sname(const char *sname);
 int X509_PURPOSE_get_by_id(int id);
 int X509_PURPOSE_add(int id, int trust, int flags,

diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c
@@ -189,7 +189,7 @@ static int tests_X509_PURPOSE(void)
 #define SN "SN_test"
 #undef ARGS
 #define ARGS(id, sn) id, X509_TRUST_MAX, 0, ck_purp, LN, sn, NULL
-    return TEST_int_gt((id = X509_PURPOSE_get_fresh_id()), X509_PURPOSE_MAX)
+    return TEST_int_gt((id = X509_PURPOSE_get_unused_id()), X509_PURPOSE_MAX)
         && TEST_int_eq(X509_PURPOSE_get_count() + 1, id)
         && TEST_int_eq(X509_PURPOSE_get_by_id(id), -1)
         && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), -1)

diff --git a/util/libcrypto.num b/util/libcrypto.num
@@ -5735,7 +5735,7 @@ EVP_PKEY_CTX_set_algor_params           5862	3_4_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_algor_params           5863	3_4_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_algor                  5864	3_4_0	EXIST::FUNCTION:
 EVP_get1_default_properties             ?	3_5_0	EXIST::FUNCTION:
-X509_PURPOSE_get_fresh_id               ?	3_5_0	EXIST::FUNCTION:
+X509_PURPOSE_get_unused_id              ?	3_5_0	EXIST::FUNCTION:
 d2i_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX  ?	3_5_0	EXIST::FUNCTION:
 i2d_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX  ?	3_5_0	EXIST::FUNCTION:
 OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_free ?	3_5_0	EXIST::FUNCTION: