fixup! Extend X509_STORE_CTX_set_purpose to override existing settings

PHOENIXCONTACT · Jul 18, 2023 · 06e041a · 06e041a
1 parent be61c41
commit 06e041a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 17 deletions.
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
@@ -2302,32 +2302,22 @@ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
 }
 
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
-{
-    return X509_STORE_CTX_set_purpose_ex(ctx, purpose, 0);
-}
-
-int X509_STORE_CTX_set_purpose_ex(X509_STORE_CTX *ctx, int purpose, int override)
 {
     /*
      * XXX: Why isn't this function always used to set the associated trust?
      * Should there even be a VPM->trust field at all?  Or should the trust
      * always be inferred from the purpose by X509_STORE_CTX_init().
      */
-    return X509_STORE_CTX_purpose_inherit_ex(ctx, 0, purpose, 0, override);
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
 }
 
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
-{
-    return X509_STORE_CTX_set_trust_ex(ctx, trust, 0);
-}
-
-int X509_STORE_CTX_set_trust_ex(X509_STORE_CTX *ctx, int trust, int override)
 {
     /*
      * XXX: See above, this function would only be needed when the default
      * trust for the purpose needs an override in a corner case.
      */
-    return X509_STORE_CTX_purpose_inherit_ex(ctx, 0, 0, trust, override);
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
 }
 
 /*

diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in
@@ -673,10 +673,11 @@ void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
-int X509_STORE_CTX_set_purpose_ex(X509_STORE_CTX *ctx, int purpose,
-                                  int override);
+#define X509_STORE_CTX_set_purpose_ex(ctx, purpose, override) \
+                X509_STORE_CTX_purpose_inherit_ex(ctx, 0, purpose, 0, override)
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
-int X509_STORE_CTX_set_trust_ex(X509_STORE_CTX *ctx, int trust, int override);
+#define X509_STORE_CTX_set_trust_ex(ctx, trust, override) \
+                X509_STORE_CTX_purpose_inherit_ex(ctx, 0, 0, trust, 0, override)
 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                                    int purpose, int trust);
 int X509_STORE_CTX_purpose_inherit_ex(X509_STORE_CTX *ctx, int def_purpose,

diff --git a/util/libcrypto.num b/util/libcrypto.num
@@ -5524,5 +5524,3 @@ OSSL_ERR_STATE_save                     ?	3_2_0	EXIST::FUNCTION:
 OSSL_ERR_STATE_restore                  ?	3_2_0	EXIST::FUNCTION:
 OSSL_ERR_STATE_free                     ?	3_2_0	EXIST::FUNCTION:
 X509_STORE_CTX_purpose_inherit_ex       ?	3_2_0	EXIST::FUNCTION:
-X509_STORE_CTX_set_purpose_ex           ?	3_2_0	EXIST::FUNCTION:
-X509_STORE_CTX_set_trust_ex             ?	3_2_0	EXIST::FUNCTION: