From a37a1d496a9a3e29ec5f3632dcc3eea64c2ec903 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 20 Dec 2024 15:20:52 +0100 Subject: [PATCH] fixup! fix X509_PURPOSE_add() to take |sname| as primary key and handle |id| in a backwd compat way for new purpose --- CHANGES.md | 2 +- crypto/x509/v3_purp.c | 2 +- doc/man3/X509_check_purpose.pod | 12 ++++++------ include/openssl/x509v3.h.in | 3 +-- test/x509_internal_test.c | 2 +- util/libcrypto.num | 2 +- 6 files changed, 11 insertions(+), 12 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 274f4ac042bd4..f2832acfaa477 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -72,7 +72,7 @@ OpenSSL 3.5 * `X509_PURPOSE_add()` has been fixed to take as the primary purpose identifier not the `id` but the `sname` parameter. - For its convenient use, `X509_PURPOSE_get_fresh_id()` has been added. + For its convenient use, `X509_PURPOSE_get_unused_id()` has been added. This work was sponsored by Siemens AG. diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 1eb4c36fc19f3..b4b3e87d2044f 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -121,7 +121,7 @@ int X509_PURPOSE_get_count(void) } /* find smallest identifier not yet taken - note there might be gaps */ -int X509_PURPOSE_get_fresh_id(void) +int X509_PURPOSE_get_unused_id(void) { int id = X509_PURPOSE_MAX + 1; diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod index 01a0d99762380..b5b3641d01768 100644 --- a/doc/man3/X509_check_purpose.pod +++ b/doc/man3/X509_check_purpose.pod @@ -4,7 +4,7 @@ X509_check_purpose, X509_PURPOSE_get_count, -X509_PURPOSE_get_fresh_id, +X509_PURPOSE_get_unused_id, X509_PURPOSE_get_by_sname, X509_PURPOSE_get_by_id, X509_PURPOSE_add, @@ -23,7 +23,7 @@ X509_PURPOSE_set - functions related to checking the purpose of a certificate int X509_check_purpose(X509 *x, int id, int ca); int X509_PURPOSE_get_count(void); - int X509_PURPOSE_get_fresh_id(void); + int X509_PURPOSE_get_unused_id(void); int X509_PURPOSE_get_by_sname(const char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, @@ -64,7 +64,7 @@ keyUsage, extendedKeyUsage, and basicConstraints. X509_PURPOSE_get_count() returns the number of currently defined purposes. -X509_PURPOSE_get_fresh_id() returns the smallest purpose id not yet used. +X509_PURPOSE_get_unused_id() returns the smallest purpose id not yet used. X509_PURPOSE_get_by_sname() returns the index of the purpose with the given short name or -1 if not found. @@ -74,7 +74,7 @@ the purpose with the given id or -1 if not found. X509_PURPOSE_add() adds or modifies a purpose entry identified by I. Unless the id stays the same for an existing entry, I must be fresh, -which can be achieved by using the result of X509_PURPOSE_get_fresh_id(). +which can be achieved by using the result of X509_PURPOSE_get_unused_id(). The function also sets in the entry the trust id I, the given I, the purpose (long) name I, the short name I, the purpose checking funktion I of type B, @@ -134,7 +134,7 @@ For CA checks the below integers could be returned with the following meanings: X509_PURPOSE_get_count() returns the number of currently defined purposes. -X509_PURPOSE_get_fresh_id() returns the smallest purpose id not yet used. +X509_PURPOSE_get_unused_id() returns the smallest purpose id not yet used. X509_PURPOSE_get_by_sname() returns the index of the purpose with the given short name or -1 if not found. @@ -160,7 +160,7 @@ X509_PURPOSE_set() returns 1 on success, 0 on error. =head1 HISTORY -X509_PURPOSE_get_fresh_id() was added in OpensSL 3.5. +X509_PURPOSE_get_unused_id() was added in OpensSL 3.5. =head1 COPYRIGHT diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in index 21c628a7856e4..a92efcd801ee1 100644 --- a/include/openssl/x509v3.h.in +++ b/include/openssl/x509v3.h.in @@ -477,7 +477,6 @@ typedef struct x509_purpose_st { generate_stack_macros("X509_PURPOSE"); -} - # define X509_PURPOSE_DEFAULT_ANY 0 # define X509_PURPOSE_SSL_CLIENT 1 # define X509_PURPOSE_SSL_SERVER 2 @@ -742,7 +741,7 @@ const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); int X509_PURPOSE_get_count(void); -int X509_PURPOSE_get_fresh_id(void); +int X509_PURPOSE_get_unused_id(void); int X509_PURPOSE_get_by_sname(const char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index ea5e3172617ea..07837e54fe0c7 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -189,7 +189,7 @@ static int tests_X509_PURPOSE(void) #define SN "SN_test" #undef ARGS #define ARGS(id, sn) id, X509_TRUST_MAX, 0, ck_purp, LN, sn, NULL - return TEST_int_gt((id = X509_PURPOSE_get_fresh_id()), X509_PURPOSE_MAX) + return TEST_int_gt((id = X509_PURPOSE_get_unused_id()), X509_PURPOSE_MAX) && TEST_int_eq(X509_PURPOSE_get_count() + 1, id) && TEST_int_eq(X509_PURPOSE_get_by_id(id), -1) && TEST_int_eq(X509_PURPOSE_get_by_sname(SN), -1) diff --git a/util/libcrypto.num b/util/libcrypto.num index fc9ec34f5427e..524a93f71b5db 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5735,7 +5735,7 @@ EVP_PKEY_CTX_set_algor_params 5862 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_algor_params 5863 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_algor 5864 3_4_0 EXIST::FUNCTION: EVP_get1_default_properties ? 3_5_0 EXIST::FUNCTION: -X509_PURPOSE_get_fresh_id ? 3_5_0 EXIST::FUNCTION: +X509_PURPOSE_get_unused_id ? 3_5_0 EXIST::FUNCTION: d2i_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX ? 3_5_0 EXIST::FUNCTION: i2d_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX ? 3_5_0 EXIST::FUNCTION: OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_free ? 3_5_0 EXIST::FUNCTION: