Add a bunch of X509_STORE getters and setters.

These were added in OpenSSL 1.1.0.

Change-Id: I261e0e0ccf82544883c4a2ef5c5dc4a651c0c756
Reviewed-on: https://boringssl-review.googlesource.com/28329
Reviewed-by: Adam Langley <agl@google.com>

crypto/x509/x509_lu.c

@@ -708,17 +708,124 @@ X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
     return ctx->param;
 }
 
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
+{
+    return ctx->verify;
+}
+
 void X509_STORE_set_verify_cb(X509_STORE *ctx,
-                              int (*verify_cb) (int, X509_STORE_CTX *))
+                              X509_STORE_CTX_verify_cb verify_cb)
 {
     ctx->verify_cb = verify_cb;
 }
 
-void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-                                   STACK_OF (X509_CRL) *
-                                   (*cb) (X509_STORE_CTX *ctx, X509_NAME *nm))
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer)
+{
+    ctx->get_issuer = get_issuer;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
+{
+    return ctx->get_issuer;
+}
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued)
+{
+    ctx->check_issued = check_issued;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
+{
+    return ctx->check_issued;
+}
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation)
+{
+    ctx->check_revocation = check_revocation;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
+{
+    return ctx->check_revocation;
+}
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl)
+{
+    ctx->get_crl = get_crl;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
+{
+    return ctx->get_crl;
+}
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl)
+{
+    ctx->check_crl = check_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
+{
+    return ctx->check_crl;
+}
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl)
+{
+    ctx->cert_crl = cert_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
+{
+    return ctx->cert_crl;
+}
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs)
+{
+    ctx->lookup_certs = lookup_certs;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls)
+{
+    ctx->lookup_crls = lookup_crls;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn ctx_cleanup)
+{
+    ctx->cleanup = ctx_cleanup;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
 {
-    ctx->lookup_crls = cb;
+    return ctx->cleanup;
 }
 
 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)

crypto/x509/x509_vfy.c

@@ -2434,6 +2434,11 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
     X509_VERIFY_PARAM_set_time(ctx->param, t);
 }
 
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->cert;
+}
+
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
                                   int (*verify_cb) (int, X509_STORE_CTX *))
 {

include/openssl/x509_vfy.h

@@ -158,6 +158,25 @@ struct X509_VERIFY_PARAM_st
 
 DEFINE_STACK_OF(X509_VERIFY_PARAM)
 
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
  * function is then called to actually check the cert chain. */
@@ -175,26 +194,23 @@ struct x509_store_st
 	X509_VERIFY_PARAM *param;
 
 	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
+	X509_STORE_CTX_verify_fn verify;	/* called to verify a certificate */
+	X509_STORE_CTX_verify_cb verify_cb;	/* error callback */
+	X509_STORE_CTX_get_issuer_fn get_issuer;	/* get issuers cert from ctx */
+	X509_STORE_CTX_check_issued_fn check_issued; /* check issued */
+	X509_STORE_CTX_check_revocation_fn check_revocation; /* Check revocation status of chain */
+	X509_STORE_CTX_get_crl_fn get_crl; /* retrieve CRL */
+	X509_STORE_CTX_check_crl_fn check_crl; /* Check CRL validity */
+	X509_STORE_CTX_cert_crl_fn cert_crl; /* Check certificate against CRL */
+	X509_STORE_CTX_lookup_certs_fn lookup_certs;
+	X509_STORE_CTX_lookup_crls_fn lookup_crls;
+	X509_STORE_CTX_cleanup_fn cleanup;
 
 	CRYPTO_refcount_t references;
 	} /* X509_STORE */;
 
 OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
 
-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-#define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
-
 /* This is the functions plus an instance of the local variables. */
 struct x509_lookup_st
 	{
@@ -222,18 +238,18 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 	void *other_ctx;	/* Other info for use with get_issuer() */
 
 	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	int (*check_policy)(X509_STORE_CTX *ctx);
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
+	X509_STORE_CTX_verify_fn verify;	/* called to verify a certificate */
+	X509_STORE_CTX_verify_cb verify_cb;		/* error callback */
+	X509_STORE_CTX_get_issuer_fn get_issuer;	/* get issuers cert from ctx */
+	X509_STORE_CTX_check_issued_fn check_issued; /* check issued */
+	X509_STORE_CTX_check_revocation_fn check_revocation; /* Check revocation status of chain */
+	X509_STORE_CTX_get_crl_fn get_crl; /* retrieve CRL */
+	X509_STORE_CTX_check_crl_fn check_crl; /* Check CRL validity */
+	X509_STORE_CTX_cert_crl_fn cert_crl; /* Check certificate against CRL */
+	X509_STORE_CTX_check_policy_fn check_policy;
+	X509_STORE_CTX_lookup_certs_fn lookup_certs;
+	X509_STORE_CTX_lookup_crls_fn lookup_crls;
+	X509_STORE_CTX_cleanup_fn cleanup;
 
 	/* The following is built up */
 	int valid;		/* if 0, rebuild chain */
@@ -441,11 +457,58 @@ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
 OPENSSL_EXPORT void X509_STORE_set0_additional_untrusted(
     X509_STORE *ctx, STACK_OF(X509) *untrusted);
 
-OPENSSL_EXPORT void X509_STORE_set_verify_cb(X509_STORE *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *));
+OPENSSL_EXPORT void X509_STORE_set_verify(X509_STORE *ctx,
+                                          X509_STORE_CTX_verify_fn verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+  X509_STORE_set_verify((ctx), (func))
+OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                                              X509_STORE_CTX_verify_fn verify);
+OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_verify_cb(
+    X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb);
+#define X509_STORE_set_verify_cb_func(ctx, func) \
+  X509_STORE_set_verify_cb((ctx), (func))
+OPENSSL_EXPORT X509_STORE_CTX_verify_cb
+X509_STORE_get_verify_cb(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_get_issuer(
+    X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer);
+OPENSSL_EXPORT X509_STORE_CTX_get_issuer_fn
+X509_STORE_get_get_issuer(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_issued(
+    X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued);
+OPENSSL_EXPORT X509_STORE_CTX_check_issued_fn
+X509_STORE_get_check_issued(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_revocation(
+    X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation);
+OPENSSL_EXPORT X509_STORE_CTX_check_revocation_fn
+X509_STORE_get_check_revocation(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx,
+                                           X509_STORE_CTX_get_crl_fn get_crl);
+OPENSSL_EXPORT X509_STORE_CTX_get_crl_fn
+X509_STORE_get_get_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_crl(
+    X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl);
+OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn
+X509_STORE_get_check_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_cert_crl(
+    X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl);
+OPENSSL_EXPORT X509_STORE_CTX_cert_crl_fn
+X509_STORE_get_cert_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_lookup_certs(
+    X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs);
+OPENSSL_EXPORT X509_STORE_CTX_lookup_certs_fn
+X509_STORE_get_lookup_certs(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_lookup_crls(
+    X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls);
+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
+  X509_STORE_set_lookup_crls((ctx), (func))
+OPENSSL_EXPORT X509_STORE_CTX_lookup_crls_fn
+X509_STORE_get_lookup_crls(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_cleanup(X509_STORE *ctx,
+                                           X509_STORE_CTX_cleanup_fn cleanup);
+OPENSSL_EXPORT X509_STORE_CTX_cleanup_fn
+X509_STORE_get_cleanup(X509_STORE *ctx);
 
-OPENSSL_EXPORT void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
-		STACK_OF(X509_CRL)* (*cb)(X509_STORE_CTX *ctx, X509_NAME *nm));
 
 OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
 
@@ -459,6 +522,7 @@ OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X
 OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
 
 OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);