add function X509_VERIFY_PARAM_get_purpose()

crypto/x509/x509_vpm.c

@@ -301,6 +301,11 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
     return X509_PURPOSE_set(&param->purpose, purpose);
 }
 
+int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param)
+{
+    return param->purpose;
+}
+
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
 {
     return X509_TRUST_set(&param->trust, trust);

doc/man3/X509_VERIFY_PARAM_set_flags.pod

@@ -4,6 +4,7 @@
 
 X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,
 X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose,
+X509_VERIFY_PARAM_get_purpose,
 X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags,
 X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
 X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,
@@ -35,6 +36,7 @@ X509_VERIFY_PARAM_set1_ip_asc
  uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
 
  int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+ int X509_VERIFY_PARAM_get_purpose(X509_VERIFY_PARAM *param);
  int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 
  void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
@@ -92,6 +94,8 @@ to B<purpose>. This determines the acceptable purpose of the certificate
 chain, for example B<X509_PURPOSE_SSL_CLIENT>.
 The purpose requirement is cleared if B<purpose> is 0.
 
+X509_VERIFY_PARAM_get_purpose() returns the purpose in B<param>.
+
 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
 B<trust>.
 
@@ -240,6 +244,8 @@ X509_VERIFY_PARAM_get_depth() returns the current verification depth.
 X509_VERIFY_PARAM_get_auth_level() returns the current authentication security
 level.
 
+X509_VERIFY_PARAM_get_purpose() returns the current purpose.
+
 =head1 VERIFICATION FLAGS
 
 The verification flags consists of zero or more of the following flags
@@ -405,6 +411,8 @@ The function X509_VERIFY_PARAM_add0_policy() was historically documented as
 enabling policy checking however the implementation has never done this.
 The documentation was changed to align with the implementation.
 
+The X509_VERIFY_PARAM_get_purpose() function was added in OpenSSL 3.5.
+
 =head1 COPYRIGHT
 
 Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.

include/openssl/x509_vfy.h.in

@@ -715,6 +715,7 @@ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
                                   unsigned long flags);
 unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
 void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);

util/libcrypto.num

@@ -5734,6 +5734,7 @@ EVP_CIPHER_CTX_get_algor                5861	3_4_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_algor_params           5862	3_4_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_algor_params           5863	3_4_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_algor                  5864	3_4_0	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_purpose           ?	3_5_0	EXIST::FUNCTION:
 d2i_OSSL_CRMF_ENCRYPTEDKEY              ?	3_5_0	EXIST::FUNCTION:CRMF
 i2d_OSSL_CRMF_ENCRYPTEDKEY              ?	3_5_0	EXIST::FUNCTION:CRMF
 OSSL_CRMF_ENCRYPTEDKEY_free             ?	3_5_0	EXIST::FUNCTION:CRMF