Fix some X509_STORE macros

Some X509_STORE macros do not work since the type was made opaque. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-29 17:44:46 +01:00 · 2016-04-29 17:44:46 +01:00 · 7cafbb4bd3
commit 7cafbb4bd3
parent 77076dc944
4 changed files with 39 additions and 4 deletions
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@ -750,6 +750,11 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
    ctx->verify_cb = verify_cb;
 }

+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify)
+{
+    ctx->verify = verify;
+}
+
 void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
                                   STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
                                                              *ctx,
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@ -47,6 +47,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
 X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify verify);

+ void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);

 =head1 DESCRIPTION

@ -115,6 +116,23 @@ find an appropriate set of parameters from B<name>.
 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
 that were used in building the chain following a call to X509_verify_cert().

+X509_STORE_CTX_set_verify() provides the capability for overriding the default
+verify function. This function is responsible for verifying chain signatures and
+expiration times. X509_STORE_CTX_get_verify() obtains the current verify
+function being used.
+
+X509_STORE_set_verify() works in the same way as for X509_STORE_CTX_set_verify()
+but sets the default verify function to be used by all X509_STORE_CTX objects
+created for this X509_STORE.
+
+A verify function is defined as an X509_STORE_CTX_verify type which has the
+following signature:
+
+ int (*verify)(X509_STORE_CTX *); 
+
+This function should receive the current X509_STORE_CTX as a parameter and
+return 1 on success or 0 on failure.
+
 =head1 NOTES

 The certificates and CRLs in a store are used internally and should B<not>
@ -147,6 +165,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
 used.

+X509_STORE_CTX_get_verify() returns the current verify function in use for this
+X509_STORE_CTX.
+
 =head1 SEE ALSO

 L<X509_verify_cert(3)>
@ -156,5 +177,8 @@ L<X509_VERIFY_PARAM_set_flags(3)>

 X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
 X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
+X509_STORE_set_verify() wsa first added to OpenSSL 1.1.0. It was previously
+available as a macro X509_STORE_set_verify_func(). This macro still exists but
+simply calls this function.

 =cut
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@ -104,8 +104,15 @@ DEFINE_STACK_OF(X509_VERIFY_PARAM)

 int X509_STORE_set_depth(X509_STORE *store, int depth);

-# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-# define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+            X509_STORE_set_verify_cb((ctx),(func))
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+            X509_STORE_set_verify((ctx),(func))

 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);

@ -314,8 +321,6 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
 STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
-typedef int (*X509_STORE_CTX_verify)(X509_STORE_CTX *);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
                                  X509_STORE_CTX_verify_cb verify);
 X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@ -4212,3 +4212,4 @@ X509_STORE_get_ex_data                  4085	1_1_0	EXIST::FUNCTION:
 X509_STORE_get0_objects                 4086	1_1_0	EXIST::FUNCTION:
 X509_STORE_get0_param                   4087	1_1_0	EXIST::FUNCTION:
 X509_OBJECT_get_type                    4088	1_1_0	EXIST::FUNCTION:
+X509_STORE_set_verify                   4089	1_1_0	EXIST::FUNCTION: