From 7922d92f725a12fafc8177d16fef629aee4265a6 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 8 May 2023 14:51:00 +0000 Subject: [PATCH] Rename the other_ctx in X509_STORE_CTX into trusted The other_ctx is a strong contender for the worst name of a struct member in OpenSSL. It's a void * member whose only purpose ever was to be set to a STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously a setter, why do you ask?) and then to be used by the get_issuer() callback (which of course isn't there to find any old issuer, but only to look for issuers among the 'trusted' certs). Anyway, we may want to rename untrusted into intermediates and trusted into roots later on, but for now let's match the lovely public API. While there rename get_issuer_sk() into get_trusted_issuer() which is a more accurate and slightly less silly name. ok jsing --- lib/libcrypto/x509/x509_local.h | 4 ++-- lib/libcrypto/x509/x509_vfy.c | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h index 374cba3d58a..9ce1b58ed14 100644 --- a/lib/libcrypto/x509/x509_local.h +++ b/lib/libcrypto/x509/x509_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_local.h,v 1.7 2023/04/28 16:30:14 tb Exp $ */ +/* $OpenBSD: x509_local.h,v 1.8 2023/05/08 14:51:00 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -327,10 +327,10 @@ struct x509_store_ctx_st { /* The following are set by the caller */ X509 *cert; /* The cert to check */ STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ + STACK_OF(X509) *trusted; /* trusted stack for use with get_issuer() */ STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ X509_VERIFY_PARAM *param; - void *other_ctx; /* Other info for use with get_issuer() */ /* Callbacks for various operations */ int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 461e1d2ef26..2410d39b86f 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.121 2023/05/08 05:37:36 tb Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.122 2023/05/08 14:51:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -144,7 +144,7 @@ static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter); static int internal_verify(X509_STORE_CTX *ctx); -static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); +static int get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err); @@ -694,12 +694,12 @@ check_issued(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer) return X509_check_issued(issuer, subject) == X509_V_OK; } -/* Alternative lookup method: look from a STACK stored in other_ctx */ +/* Alternative lookup method: look from a STACK stored in ctx->trusted */ static int -get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { - *issuer = find_issuer(ctx, ctx->other_ctx, x, 1); + *issuer = find_issuer(ctx, ctx->trusted, x, 1); if (*issuer) { CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); return 1; @@ -2434,17 +2434,17 @@ LCRYPTO_ALIAS(X509_STORE_CTX_init); */ void -X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted) { - ctx->other_ctx = sk; - ctx->get_issuer = get_issuer_sk; + X509_STORE_CTX_set0_trusted_stack(ctx, trusted); } LCRYPTO_ALIAS(X509_STORE_CTX_trusted_stack); void -X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted) { - X509_STORE_CTX_trusted_stack(ctx, sk); + ctx->trusted = trusted; + ctx->get_issuer = get_trusted_issuer; } LCRYPTO_ALIAS(X509_STORE_CTX_set0_trusted_stack); -- 2.20.1