From: Rajeev Ranjan Date: Tue, 5 Nov 2024 13:26:29 +0000 (+0100) Subject: Add function X509_VERIFY_PARAM_get_purpose() X-Git-Tag: openssl-3.5.0-alpha1~681 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24b7c27250b099d631d428d5b913f0828595cd05;p=thirdparty%2Fopenssl.git Add function X509_VERIFY_PARAM_get_purpose() Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25132) --- diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 8ed41b78673..2e25acb4a06 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -302,6 +302,11 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) return X509_PURPOSE_set(¶m->purpose, purpose); } +int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param) +{ + return param->purpose; +} + int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) { return X509_TRUST_set(¶m->trust, trust); diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index d35c2e2202e..8c32eb7c272 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -4,6 +4,7 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, +X509_VERIFY_PARAM_get_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, @@ -35,6 +36,7 @@ X509_VERIFY_PARAM_set1_ip_asc uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); + int X509_VERIFY_PARAM_get_purpose(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); @@ -92,6 +94,8 @@ to B. This determines the acceptable purpose of the certificate chain, for example B. The purpose requirement is cleared if B is X509_PURPOSE_DEFAULT_ANY. +X509_VERIFY_PARAM_get_purpose() returns the purpose in B. + X509_VERIFY_PARAM_set_trust() sets the trust setting in B to B. @@ -408,6 +412,8 @@ The function X509_VERIFY_PARAM_add0_policy() was historically documented as enabling policy checking however the implementation has never done this. The documentation was changed to align with the implementation. +The X509_VERIFY_PARAM_get_purpose() function was added in OpenSSL 3.5. + =head1 COPYRIGHT Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in index a396193b86d..ff919f49e70 100644 --- a/include/openssl/x509_vfy.h.in +++ b/include/openssl/x509_vfy.h.in @@ -715,6 +715,7 @@ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags); unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_get_purpose(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); diff --git a/util/libcrypto.num b/util/libcrypto.num index 6e9a8a121a3..2e2046f4129 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5734,6 +5734,7 @@ EVP_CIPHER_CTX_get_algor 5861 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_algor_params 5862 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_algor_params 5863 3_4_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_algor 5864 3_4_0 EXIST::FUNCTION: +X509_VERIFY_PARAM_get_purpose ? 3_5_0 EXIST::FUNCTION: d2i_OSSL_CRMF_ENCRYPTEDKEY ? 3_5_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_ENCRYPTEDKEY ? 3_5_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDKEY_free ? 3_5_0 EXIST::FUNCTION:CRMF