Introduce an internal version of X509_check_issued()

The internal version is library context aware.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11507)

2 files changed, 10 insertions, 4 deletions

diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index bee8210bfc..687d065303 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -811,14 +811,15 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
  * codes for X509_verify_cert()
  */
 
-int X509_check_issued(X509 *issuer, X509 *subject)
+int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx,
+                          const char *propq)
 {
     if (X509_NAME_cmp(X509_get_subject_name(issuer),
                       X509_get_issuer_name(subject)))
         return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
 
-    if (!X509v3_cache_extensions(issuer, NULL, NULL)
-            || !X509v3_cache_extensions(subject, NULL, NULL))
+    if (!X509v3_cache_extensions(issuer, libctx, propq)
+            || !X509v3_cache_extensions(subject, libctx, propq))
         return X509_V_ERR_UNSPECIFIED;
 
     if (subject->akid) {
@@ -853,6 +854,11 @@ int X509_check_issued(X509 *issuer, X509 *subject)
     return X509_V_OK;
 }
 
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+    return x509_check_issued_int(issuer, subject, NULL, NULL);
+}
+
 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
 {
 
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index c3eb261b94..99479444e6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -334,7 +334,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
         return ss;
     }
 
-    ret = X509_check_issued(issuer, x);
+    ret = x509_check_issued_int(issuer, x, ctx->libctx, ctx->propq);
     if (ret == X509_V_OK) {
         int i;
         X509 *ch;