From: Nikola Pajkovsky <nikolap@openssl.org>
Date: Thu, 18 Sep 2025 09:36:15 +0000 (+0200)
Subject: Deprecate X509_STORE_get0_objects()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09280480f986d9725f1ddaa301ceb99776b79f53;p=thirdparty%2Fopenssl.git

Deprecate X509_STORE_get0_objects()

Resolves https://github.com/openssl/project/issues/1369
Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28599)
---

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index f724bf1e2d5..99d77e95889 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -747,6 +747,7 @@ static int obj_ht_foreach_object(HT_VALUE *v, void *arg)
     return 0;
 }
 
+#ifndef OPENSSL_NO_DEPRECATED_4_0
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs)
 {
     X509_STORE *store = (X509_STORE *)xs;
@@ -759,6 +760,7 @@ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs)
 
     return xs->objs;
 }
+#endif
 
 STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *store)
 {
diff --git a/doc/man3/X509_STORE_get0_param.pod b/doc/man3/X509_STORE_get0_param.pod
index 95a1725bc38..d9cab04d1c8 100644
--- a/doc/man3/X509_STORE_get0_param.pod
+++ b/doc/man3/X509_STORE_get0_param.pod
@@ -28,11 +28,17 @@ X509_STORE_get1_objects() returns a snapshot of all objects in the store's X509
 cache. The cache contains B<X509> and B<X509_CRL> objects. The caller is
 responsible for freeing the returned list.
 
-X509_STORE_get0_objects() retrieves an internal pointer to the store's
-X509 object cache. The cache contains B<X509> and B<X509_CRL> objects. The
-returned pointer must not be freed by the calling application. If the store is
-shared across multiple threads, it is not safe to use the result of this
-function. Use X509_STORE_get1_objects() instead, which avoids this problem.
+X509_STORE_get0_objects() was deprecated in OpenSSL 4.0. Applications
+should instead use X509_STORE_get1_objects() to avoid potential
+issues associated with X509_STORE_get0_objects(). The
+X509_STORE_get0_objects() returns an internal pointer to the
+store's cache of X509 and X509_CRL objects. This pointer
+references internal data structures and must not be freed by the
+application. Since the returned pointer exposes shared internal state, its use in
+multithreaded contexts is inherently unsafe without external
+synchronisation. When a store is shared across threads, callers are
+required to acquire the store lock via X509_STORE_lock() before
+invoking X509_STORE_get0_objects().
 
 X509_STORE_get1_all_certs() returns a list of all certificates in the store.
 The caller is responsible for freeing the returned list.
diff --git a/include/openssl/macros.h b/include/openssl/macros.h
index 159805384ac..9e4e77f2c1b 100644
--- a/include/openssl/macros.h
+++ b/include/openssl/macros.h
@@ -169,6 +169,7 @@
  * 'no-deprecated'.
  */
 
+# undef OPENSSL_NO_DEPRECATED_4_0
 # undef OPENSSL_NO_DEPRECATED_3_6
 # undef OPENSSL_NO_DEPRECATED_3_4
 # undef OPENSSL_NO_DEPRECATED_3_1
@@ -180,6 +181,17 @@
 # undef OPENSSL_NO_DEPRECATED_1_0_0
 # undef OPENSSL_NO_DEPRECATED_0_9_8
 
+# if OPENSSL_API_LEVEL >= 40000
+#  ifndef OPENSSL_NO_DEPRECATED
+#   define OSSL_DEPRECATEDIN_4_0                OSSL_DEPRECATED(4.0)
+#   define OSSL_DEPRECATEDIN_4_0_FOR(msg)       OSSL_DEPRECATED_FOR(4.0, msg)
+#  else
+#   define OPENSSL_NO_DEPRECATED_4_0
+#  endif
+# else
+#  define OSSL_DEPRECATEDIN_4_0
+#  define OSSL_DEPRECATEDIN_4_0_FOR(msg)
+# endif
 # if OPENSSL_API_LEVEL >= 30600
 #  ifndef OPENSSL_NO_DEPRECATED
 #   define OSSL_DEPRECATEDIN_3_6                OSSL_DEPRECATED(3.6)
diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in
index f23f94afd9b..52ff2607b6c 100644
--- a/include/openssl/x509_vfy.h.in
+++ b/include/openssl/x509_vfy.h.in
@@ -414,7 +414,10 @@ void X509_STORE_free(X509_STORE *xs);
 int X509_STORE_lock(X509_STORE *xs);
 int X509_STORE_unlock(X509_STORE *xs);
 int X509_STORE_up_ref(X509_STORE *xs);
+# ifndef OPENSSL_NO_DEPRECATED_4_0
+OSSL_DEPRECATEDIN_4_0_FOR("Use X509_STORE_get1_objects")
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+# endif
 STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs);
 STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
 STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
diff --git a/test/x509_load_cert_file_test.c b/test/x509_load_cert_file_test.c
index 2e6920b26b6..05ab39aca67 100644
--- a/test/x509_load_cert_file_test.c
+++ b/test/x509_load_cert_file_test.c
@@ -87,8 +87,10 @@ static int test_load_cert_file(void)
         || !TEST_true(X509_load_cert_file(lookup, chain, X509_FILETYPE_PEM))
         || !TEST_ptr(certs = X509_STORE_get1_all_certs(store))
         || !TEST_int_eq(sk_X509_num(certs), 4)
+#ifndef OPENSSL_NO_DEPRECATED_4_0
         || !TEST_ptr(objs = X509_STORE_get0_objects(store))
         || !TEST_int_eq(sk_X509_OBJECT_num(objs), 4)
+#endif
         || !TEST_ptr(objs = X509_STORE_get1_objects(store))
         || !TEST_int_eq(sk_X509_OBJECT_num(objs), 4))
         goto err;
@@ -122,7 +124,9 @@ static int test_load_same_cn_certs(void)
     int ret = 0;
     X509_STORE *store = NULL;
     X509_STORE_CTX *s_ctx = NULL;
+#ifndef OPENSSL_NO_DEPRECATED_4_0
     STACK_OF(X509_OBJECT) *objs = NULL;
+#endif
     STACK_OF(X509_CRL) *sk_x509_crl = NULL;
     STACK_OF(X509) *sk_x509 = NULL;
     X509_NAME *nm = NULL;
@@ -143,8 +147,10 @@ static int test_load_same_cn_certs(void)
         || !TEST_true(X509_STORE_add_crl(store, crl2))
         || !TEST_true(X509_STORE_add_cert(store, cert2))
         /* deliberately not taking lock in a single thread */
+#ifndef OPENSSL_NO_DEPRECATED_4_0
         || !TEST_ptr(objs = X509_STORE_get0_objects(store))
         || !TEST_int_eq(sk_X509_OBJECT_num(objs), 3)
+#endif
         || !TEST_ptr(sk_x509 = X509_STORE_CTX_get1_certs(s_ctx, nm))
         || !TEST_int_eq(sk_X509_num(sk_x509), 2)
         || !TEST_ptr(sk_x509_crl = X509_STORE_CTX_get1_crls(s_ctx, nm))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 5b7e8241eeb..c1f4432ec9f 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -3991,7 +3991,7 @@ X509_STORE_CTX_set0_untrusted           4082	4_0_0	EXIST::FUNCTION:
 OPENSSL_hexchar2int                     4083	4_0_0	EXIST::FUNCTION:
 X509_STORE_set_ex_data                  4084	4_0_0	EXIST::FUNCTION:
 X509_STORE_get_ex_data                  4085	4_0_0	EXIST::FUNCTION:
-X509_STORE_get0_objects                 4086	4_0_0	EXIST::FUNCTION:
+X509_STORE_get0_objects                 4086	4_0_0	EXIST::FUNCTION:DEPRECATEDIN_4_0
 X509_OBJECT_get_type                    4087	4_0_0	EXIST::FUNCTION:
 X509_STORE_set_verify                   4088	4_0_0	EXIST::FUNCTION:
 X509_OBJECT_new                         4089	4_0_0	EXIST::FUNCTION: