diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2024-01-13 19:57:39 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-01-13 19:57:39 +0000 |
| commit | 6e2f4b48cec0dca9241d3a2f8ca63dcfe1c37df0 (patch) | |
| tree | 86a3f8356abd4f50d043fe27865382b8828ae63b | |
| parent | 59cea637876ec579cb7515ee70483040e00bbb37 (diff) | |
Prepare for removing most of the X509_TRUST API
X509_check_trust() is of course used by the verifier. Unfortunately
M2Crypto exposes it. The only other part of the X509_TRUST API that
are still needed are the X509_TRUST_* macros in x509.h, as they are
used via *_set_trust and indirectly via the purpose stuff. The rest
will be removed.
X509_TRUST_add() was defanged recently, in particular it no longer
hangs strdup()'ed strings off the global struct. Nothing ever cleaned
these up. TRUST_cleanup() attempted to do so, but since it checked
the dynamic/dynamic strings flags in the wrong order, that cleanup
call ended up doing nothing, so that code was removed at some point.
As a consequence, the struct can now be made const. Use a CTASSERT()
to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and
X509_TRUST_MIN hold true.
Remove the global variable underlying X509_TRUST_set_default()'s
functionality and move its accessor down to all the other functions
that will be deleted.
Inline a few things in X509_check_trust(), so we can excise the
internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the
default trust function can no longer be changed, call obj_trust()
directly.
ok jsing
| -rw-r--r-- | lib/libcrypto/x509/x509_trs.c | 76 |
1 files changed, 35 insertions, 41 deletions
diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index efa648c9ebb..a6fc4d61c54 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.39 2024/01/10 21:34:53 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.40 2024/01/13 19:57:38 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "crypto_internal.h" #include "x509_local.h" static int @@ -129,7 +130,7 @@ trust_1oid(X509_TRUST *trust, X509 *x, int flags) * value to get an index into the table */ -static X509_TRUST trstandard[] = { +static const X509_TRUST trstandard[] = { { .trust = X509_TRUST_COMPAT, .check_trust = trust_compat, @@ -181,27 +182,17 @@ static X509_TRUST trstandard[] = { #define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0])) -static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; +CTASSERT(X509_TRUST_MIN == 1 && X509_TRUST_MAX == X509_TRUST_COUNT); int -(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) -{ - int (*oldtrust)(int , X509 *, int); - - oldtrust = default_trust; - default_trust = trust; - return oldtrust; -} -LCRYPTO_ALIAS(X509_TRUST_set_default); - -int -X509_check_trust(X509 *x, int id, int flags) +X509_check_trust(X509 *x, int trust_id, int flags) { - X509_TRUST *pt; + const X509_TRUST *trust; int idx; - if (id == -1) + if (trust_id == -1) return 1; + /* * XXX beck/jsing This enables self signed certs to be trusted for * an unspecified id/trust flag value (this is NOT the @@ -211,21 +202,36 @@ X509_check_trust(X509 *x, int id, int flags) * This should be revisited, but changing the default "not default" * may break things. */ - if (id == 0) { + if (trust_id == 0) { int rv; rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); if (rv != X509_TRUST_UNTRUSTED) return rv; return trust_compat(NULL, x, 0); } - idx = X509_TRUST_get_by_id(id); - if (idx == -1) - return default_trust(id, x, flags); - pt = X509_TRUST_get0(idx); - return pt->check_trust(pt, x, flags); + + if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) + return obj_trust(trust_id, x, flags); + + idx = trust_id - X509_TRUST_MIN; + trust = &trstandard[idx]; + + return trust->check_trust((X509_TRUST *)trust, x, flags); } LCRYPTO_ALIAS(X509_check_trust); +/* + * Remove all the functions below in the next bump. + */ + +int +(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) +{ + X509error(ERR_R_DISABLED); + return NULL; +} +LCRYPTO_ALIAS(X509_TRUST_set_default); + int X509_TRUST_get_count(void) { @@ -236,36 +242,24 @@ LCRYPTO_ALIAS(X509_TRUST_get_count); X509_TRUST * X509_TRUST_get0(int idx) { - if (idx < 0 || (size_t)idx >= X509_TRUST_COUNT) - return NULL; - - return &trstandard[idx]; + X509error(ERR_R_DISABLED); + return NULL; } LCRYPTO_ALIAS(X509_TRUST_get0); int X509_TRUST_get_by_id(int id) { - /* - * Ensure the trust identifier is between MIN and MAX inclusive. - * If so, translate it into an index into the trstandard[] table. - */ - if (id < X509_TRUST_MIN || id > X509_TRUST_MAX) - return -1; - - return id - X509_TRUST_MIN; + X509error(ERR_R_DISABLED); + return -1; } LCRYPTO_ALIAS(X509_TRUST_get_by_id); int X509_TRUST_set(int *t, int trust) { - if (X509_TRUST_get_by_id(trust) == -1) { - X509error(X509_R_INVALID_TRUST); - return 0; - } - *t = trust; - return 1; + X509error(ERR_R_DISABLED); + return 0; } LCRYPTO_ALIAS(X509_TRUST_set); |