From: Richard Levitte <levitte@openssl.org>
Date: Wed, 30 Apr 2025 12:37:12 +0000 (+0200)
Subject: Drop "by store"'s by_store_subject_ex()
X-Git-Tag: openssl-3.4.2~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76fb0e24867f63f17567bf64a41d01d6fe3e87a4;p=thirdparty%2Fopenssl.git

Drop "by store"'s by_store_subject_ex()

It was used to pass libctx and propq, which would override the
corresponding values passed to by_store_ctrl_ex().  This wasn't
really reasonable to do either way, as it could potentially be a
surprise to the user, who can reasonably expect that the URI is
opened with the libctx and propq that was passed with the URI, and
not with those passed later.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27550)
---

diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c
index 75d08a346b1..def06be1fe8 100644
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -190,8 +190,7 @@ static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,
 }
 
 static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret,
-                    OSSL_LIB_CTX *libctx, const char *propq)
+                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret)
 {
     STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
     int i;
@@ -207,13 +206,12 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                               const X509_NAME *name, X509_OBJECT *ret,
-                               OSSL_LIB_CTX *libctx, const char *propq)
+static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                            const X509_NAME *name, X509_OBJECT *ret)
 {
     OSSL_STORE_SEARCH *criterion =
         OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
-    int ok = by_store(ctx, type, criterion, ret, libctx, propq);
+    int ok = by_store(ctx, type, criterion, ret);
     STACK_OF(X509_OBJECT) *store_objects =
         X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx));
     X509_OBJECT *tmp = NULL;
@@ -261,12 +259,6 @@ static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                            const X509_NAME *name, X509_OBJECT *ret)
-{
-    return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
-}
-
 /*
  * We lack the implementations for get_by_issuer_serial, get_by_fingerprint
  * and get_by_alias.  There's simply not enough support in the X509_LOOKUP
@@ -284,7 +276,7 @@ static X509_LOOKUP_METHOD x509_store_lookup = {
     NULL,                        /* get_by_issuer_serial */
     NULL,                        /* get_by_fingerprint */
     NULL,                        /* get_by_alias */
-    by_store_subject_ex,
+    NULL,                        /* get_by_subject_ex */
     by_store_ctrl_ex
 };