summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2024-03-25 01:00:02 +0000
committertb <>2024-03-25 01:00:02 +0000
commit21bac5f71fbe0b73178f8c5bd627fdfa570a5822 (patch)
tree1172c424e6d961d11247afb80c7eec76e348fc84
parent186b5fced9756283591facb6be815bffee027f63 (diff)
downloadopenbsd-21bac5f71fbe0b73178f8c5bd627fdfa570a5822.tar.gz
openbsd-21bac5f71fbe0b73178f8c5bd627fdfa570a5822.tar.bz2
openbsd-21bac5f71fbe0b73178f8c5bd627fdfa570a5822.zip
Pass the nid instead of the entire trust structure
This code is so ridiculously overengineered that it is an achievement even by early OpenSSL standards. ok beck
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 72238761c8..1cec0760f2 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_trs.c,v 1.49 2024/03/25 00:46:57 tb Exp $ */ 1/* $OpenBSD: x509_trs.c,v 1.50 2024/03/25 01:00:02 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -70,7 +70,7 @@
70 70
71typedef struct x509_trust_st { 71typedef struct x509_trust_st {
72 int trust; 72 int trust;
73 int (*check_trust)(struct x509_trust_st *, X509 *); 73 int (*check_trust)(int, X509 *);
74 int nid; 74 int nid;
75} X509_TRUST; 75} X509_TRUST;
76 76
@@ -102,7 +102,7 @@ obj_trust(int id, X509 *x)
102} 102}
103 103
104static int 104static int
105trust_compat(X509_TRUST *trust, X509 *x) 105trust_compat(int nid, X509 *x)
106{ 106{
107 /* Extensions already cached in X509_check_trust(). */ 107 /* Extensions already cached in X509_check_trust(). */
108 if (x->ex_flags & EXFLAG_SS) 108 if (x->ex_flags & EXFLAG_SS)
@@ -112,21 +112,21 @@ trust_compat(X509_TRUST *trust, X509 *x)
112} 112}
113 113
114static int 114static int
115trust_1oidany(X509_TRUST *trust, X509 *x) 115trust_1oidany(int nid, X509 *x)
116{ 116{
117 if (x->aux && (x->aux->trust || x->aux->reject)) 117 if (x->aux && (x->aux->trust || x->aux->reject))
118 return obj_trust(trust->nid, x); 118 return obj_trust(nid, x);
119 /* we don't have any trust settings: for compatibility 119 /* we don't have any trust settings: for compatibility
120 * we return trusted if it is self signed 120 * we return trusted if it is self signed
121 */ 121 */
122 return trust_compat(trust, x); 122 return trust_compat(NID_undef, x);
123} 123}
124 124
125static int 125static int
126trust_1oid(X509_TRUST *trust, X509 *x) 126trust_1oid(int nid, X509 *x)
127{ 127{
128 if (x->aux) 128 if (x->aux)
129 return obj_trust(trust->nid, x); 129 return obj_trust(nid, x);
130 return X509_TRUST_UNTRUSTED; 130 return X509_TRUST_UNTRUSTED;
131} 131}
132 132
@@ -208,7 +208,7 @@ X509_check_trust(X509 *x, int trust_id, int flags)
208 rv = obj_trust(NID_anyExtendedKeyUsage, x); 208 rv = obj_trust(NID_anyExtendedKeyUsage, x);
209 if (rv != X509_TRUST_UNTRUSTED) 209 if (rv != X509_TRUST_UNTRUSTED)
210 return rv; 210 return rv;
211 return trust_compat(NULL, x); 211 return trust_compat(NID_undef, x);
212 } 212 }
213 213
214 if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) 214 if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX)
@@ -217,6 +217,6 @@ X509_check_trust(X509 *x, int trust_id, int flags)
217 idx = trust_id - X509_TRUST_MIN; 217 idx = trust_id - X509_TRUST_MIN;
218 trust = &trstandard[idx]; 218 trust = &trstandard[idx];
219 219
220 return trust->check_trust((X509_TRUST *)trust, x); 220 return trust->check_trust(trust->nid, x);
221} 221}
222LCRYPTO_ALIAS(X509_check_trust); 222LCRYPTO_ALIAS(X509_check_trust);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:02:10 +0000