Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()

as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types

This will fix the X509_STORE_set_verify_func macro which is currently
broken, as pointed out by schwarze.

ok inoguchi jsing

diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index ca96edf..9400aec 100644 (file)
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.53 2021/11/19 07:49:27 schwarze Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.54 2022/01/05 20:18:19 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -821,8 +821,25 @@ X509_STORE_get0_param(X509_STORE *ctx)
 }
 
 void
-X509_STORE_set_verify_cb(X509_STORE *ctx,
-    int (*verify_cb)(int, X509_STORE_CTX *))
+X509_STORE_set_verify(X509_STORE *store, X509_STORE_CTX_verify_fn verify)
 {
-       ctx->verify_cb = verify_cb;
+       store->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn
+X509_STORE_get_verify(X509_STORE *store)
+{
+       return store->verify;
+}
+
+void
+X509_STORE_set_verify_cb(X509_STORE *store, X509_STORE_CTX_verify_cb verify_cb)
+{
+       store->verify_cb = verify_cb;
+}
+
+X509_STORE_CTX_verify_cb
+X509_STORE_get_verify_cb(X509_STORE *store)
+{
+       return store->verify_cb;
 }

diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index 34fb913..a02ef94 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.47 2021/11/19 16:35:10 schwarze Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.48 2022/01/05 20:18:19 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -297,6 +297,12 @@ int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
 X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
 
+#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_CRYPTO_INTERNAL)
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *);
+#endif
+
 void X509_STORE_set_verify_cb(X509_STORE *ctx,
     int (*verify_cb)(int, X509_STORE_CTX *));
 #define X509_STORE_set_verify_cb_func(ctx, func) \
@@ -388,12 +394,19 @@ void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 int (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *);
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
     int (*verify)(X509_STORE_CTX *));
-#define X509_STORE_set_verify_func(ctx, func) \
-    X509_STORE_set_verify((ctx), (func))
 int (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
                                  int (*verify_cb)(int, X509_STORE_CTX *));
 
+#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_CRYPTO_INTERNAL)
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
+#endif
+#define X509_STORE_set_verify_func(ctx, func) \
+    X509_STORE_set_verify((ctx), (func))
+
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);