Add X509_STORE_CTX_new_with_libctx()

Make it possible to create an X509_STORE_CTX with an associated libctx
and propq.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 510b4f1109caa96c8be0040d00a8233c1b501622..dee219eb38a1874ec535fb1cd93d4c31756b2a5e 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2208,23 +2208,45 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
     return 1;
 }
 
-X509_STORE_CTX *X509_STORE_CTX_new(void)
+X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
+                                               const char *propq)
 {
     X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
     if (ctx == NULL) {
-        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        X509err(0, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
+
+    ctx->libctx = libctx;
+    if (propq != NULL) {
+        ctx->propq = OPENSSL_strdup(propq);
+        if (ctx->propq == NULL) {
+            OPENSSL_free(ctx);
+            X509err(0, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+
     return ctx;
 }
 
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+    return X509_STORE_CTX_new_with_libctx(NULL, NULL);
+}
+
+
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 {
     if (ctx == NULL)
         return;
 
     X509_STORE_CTX_cleanup(ctx);
+
+    /* libctx and propq survive X509_STORE_CTX_cleanup() */
+    OPENSSL_free(ctx->propq);
+
     OPENSSL_free(ctx);
 }
 

diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index d68150ff98f42f5fd73b7f6abb368063d5d57ebd..560f3abb76eefb1a7cfe1bc20d86882c50b10906 100644 (file)
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -262,6 +262,9 @@ struct x509_store_ctx_st {      /* X509_STORE_CTX */
     SSL_DANE *dane;
     /* signed via bare TA public key, rather than CA certificate */
     int bare_ta_signed;
+
+    OPENSSL_CTX *libctx;
+    char *propq;
 };
 
 /* PKCS#8 private key info structure */

diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 99c3ab2048e28f0168a8fdf7459ceef2276be26a..08f17384c34c29335e162cd020155641b737433e 100644 (file)
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -352,6 +352,8 @@ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
 int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
 void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
 
+X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
+                                               const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 73d70efe9990aababb6f89e2113991fa05692239..60050c183070db9c6dcf6d811e803c4eb7d50722 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5040,3 +5040,4 @@ EVP_PKEY_get_octet_string_param         ? 3_0_0   EXIST::FUNCTION:
 EVP_PKEY_is_a                           ?      3_0_0   EXIST::FUNCTION:
 EVP_PKEY_can_sign                       ?      3_0_0   EXIST::FUNCTION:
 evp_pkey_get_EC_KEY_curve_nid           ?      3_0_0   EXIST::FUNCTION:EC
+X509_STORE_CTX_new_with_libctx          ?      3_0_0   EXIST::FUNCTION: