From: Matt Caswell <matt@openssl.org>
Date: Wed, 1 Apr 2020 15:03:44 +0000 (+0100)
Subject: Add X509_STORE_CTX_new_with_libctx()
X-Git-Tag: openssl-3.0.0-alpha1~138
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1143c27be1dafe954b72bff5069795c83f9d423c;p=oweals%2Fopenssl.git

Add X509_STORE_CTX_new_with_libctx()

Make it possible to create an X509_STORE_CTX with an associated libctx
and propq.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
---

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 510b4f1109..dee219eb38 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2208,23 +2208,45 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
     return 1;
 }
 
-X509_STORE_CTX *X509_STORE_CTX_new(void)
+X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
+                                               const char *propq)
 {
     X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
     if (ctx == NULL) {
-        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        X509err(0, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
+
+    ctx->libctx = libctx;
+    if (propq != NULL) {
+        ctx->propq = OPENSSL_strdup(propq);
+        if (ctx->propq == NULL) {
+            OPENSSL_free(ctx);
+            X509err(0, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+
     return ctx;
 }
 
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+    return X509_STORE_CTX_new_with_libctx(NULL, NULL);
+}
+
+
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 {
     if (ctx == NULL)
         return;
 
     X509_STORE_CTX_cleanup(ctx);
+
+    /* libctx and propq survive X509_STORE_CTX_cleanup() */
+    OPENSSL_free(ctx->propq);
+
     OPENSSL_free(ctx);
 }
 
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index d68150ff98..560f3abb76 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -262,6 +262,9 @@ struct x509_store_ctx_st {      /* X509_STORE_CTX */
     SSL_DANE *dane;
     /* signed via bare TA public key, rather than CA certificate */
     int bare_ta_signed;
+
+    OPENSSL_CTX *libctx;
+    char *propq;
 };
 
 /* PKCS#8 private key info structure */
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 99c3ab2048..08f17384c3 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -352,6 +352,8 @@ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
 int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
 void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
 
+X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
+                                               const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 73d70efe99..60050c1830 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5040,3 +5040,4 @@ EVP_PKEY_get_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_is_a                           ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_can_sign                       ?	3_0_0	EXIST::FUNCTION:
 evp_pkey_get_EC_KEY_curve_nid           ?	3_0_0	EXIST::FUNCTION:EC
+X509_STORE_CTX_new_with_libctx          ?	3_0_0	EXIST::FUNCTION: