Prepare addition of X509_STORE_CTX_get1_{certs,crls}(3)

X509_STORE_get1_{certs,crls}(3) was added to the OpenSSL 1.1 API with the
usual care. At some point later it was noticed that they didn't deal with
an X509_STORE at all, but rather with an X509_STORE_CTX, so were misnamed.
The fact that X509_STORE_CTX and X509_STORE have their roles reversed when
compared to other FOO vs FOO_CTX in this API may or may not be related.

Anyway, the X509_STORE versions will be demoted to compat defines and the
X509_STORE_CTX will be added to match OpenSSL 1.1 API more closely. This
was pointed out by schwarze a long time ago and missed in a few bumps.
Hopefully we'll manage to do it this time around.

ok jsing

diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index 65d11d9..584251d 100644 (file)
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.58 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.59 2023/04/16 08:30:21 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -593,8 +593,13 @@ X509_get1_certs_from_cache(X509_STORE *store, X509_NAME *name)
        return NULL;
 }
 
+#if defined(LIBRESSL_NEXT_API)
+STACK_OF(X509) *
+X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *name)
+#else
 STACK_OF(X509) *
 X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *name)
+#endif
 {
        X509_STORE *store = ctx->store;
        STACK_OF(X509) *sk;
@@ -614,10 +619,19 @@ X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *name)
 
        return X509_get1_certs_from_cache(store, name);
 }
+#if defined(LIBRESSL_NEXT_API)
+LCRYPTO_ALIAS(X509_STORE_CTX_get1_certs);
+#else
 LCRYPTO_ALIAS(X509_STORE_get1_certs);
+#endif
 
+#if defined(LIBRESSL_NEXT_API)
+STACK_OF(X509_CRL) *
+X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *name)
+#else
 STACK_OF(X509_CRL) *
 X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *name)
+#endif
 {
        X509_STORE *store = ctx->store;
        STACK_OF(X509_CRL) *sk = NULL;
@@ -665,7 +679,11 @@ X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *name)
        sk_X509_CRL_pop_free(sk, X509_CRL_free);
        return NULL;
 }
+#if defined(LIBRESSL_NEXT_API)
+LCRYPTO_ALIAS(X509_STORE_CTX_get1_crls);
+#else
 LCRYPTO_ALIAS(X509_STORE_get1_crls);
+#endif
 
 X509_OBJECT *
 X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)

diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index f5b103a..3eb92b0 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.59 2023/04/16 08:21:12 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.60 2023/04/16 08:30:21 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -285,8 +285,15 @@ X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo);
 X509_STORE *X509_STORE_new(void);
 void X509_STORE_free(X509_STORE *v);
 int X509_STORE_up_ref(X509_STORE *x);
+#if defined(LIBRESSL_NEXT_API)
+#define X509_STORE_get1_certs X509_STORE_CTX_get1_certs
+#define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+#else
 STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+#endif
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
 void *X509_STORE_get_ex_data(X509_STORE *xs, int idx);
 int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);