Rename the other_ctx in X509_STORE_CTX into trusted

The other_ctx is a strong contender for the worst name of a struct member
in OpenSSL. It's a void * member whose only purpose ever was to be set to a
STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously
a setter, why do you ask?) and then to be used by the get_issuer() callback
(which of course isn't there to find any old issuer, but only to look for
issuers among the 'trusted' certs).

Anyway, we may want to rename untrusted into intermediates and trusted into
roots later on, but for now let's match the lovely public API. While there
rename get_issuer_sk() into get_trusted_issuer() which is a more accurate
and slightly less silly name.

ok jsing

diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h
index 374cba3..9ce1b58 100644 (file)
--- a/lib/libcrypto/x509/x509_local.h
+++ b/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509_local.h,v 1.7 2023/04/28 16:30:14 tb Exp $ */
+/*     $OpenBSD: x509_local.h,v 1.8 2023/05/08 14:51:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -327,10 +327,10 @@ struct x509_store_ctx_st {
        /* The following are set by the caller */
        X509 *cert;             /* The cert to check */
        STACK_OF(X509) *untrusted;      /* chain of X509s - untrusted - passed in */
+       STACK_OF(X509) *trusted;        /* trusted stack for use with get_issuer() */
        STACK_OF(X509_CRL) *crls;       /* set of CRLs passed in */
 
        X509_VERIFY_PARAM *param;
-       void *other_ctx;        /* Other info for use with get_issuer() */
 
        /* Callbacks for various operations */
        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */

diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index 461e1d2..2410d39 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.121 2023/05/08 05:37:36 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.122 2023/05/08 14:51:00 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -144,7 +144,7 @@ static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time,
     int clamp_notafter);
 
 static int internal_verify(X509_STORE_CTX *ctx);
-static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+static int get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
 static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err);
 
@@ -694,12 +694,12 @@ check_issued(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer)
        return X509_check_issued(issuer, subject) == X509_V_OK;
 }
 
-/* Alternative lookup method: look from a STACK stored in other_ctx */
+/* Alternative lookup method: look from a STACK stored in ctx->trusted */
 
 static int
-get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
-       *issuer = find_issuer(ctx, ctx->other_ctx, x, 1);
+       *issuer = find_issuer(ctx, ctx->trusted, x, 1);
        if (*issuer) {
                CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
                return 1;
@@ -2434,17 +2434,17 @@ LCRYPTO_ALIAS(X509_STORE_CTX_init);
  */
 
 void
-X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted)
 {
-       ctx->other_ctx = sk;
-       ctx->get_issuer = get_issuer_sk;
+       X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_trusted_stack);
 
 void
-X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted)
 {
-       X509_STORE_CTX_trusted_stack(ctx, sk);
+       ctx->trusted = trusted;
+       ctx->get_issuer = get_trusted_issuer;
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set0_trusted_stack);