Kill X509_TRUST

After peeling off enough layers, the entire wacky abstraction turns out to be nothing but dispatching from a trust_id to a trust handler and passing the appropriate nid and the cert. ok beck jsing
author: tb <> 2024-03-25 03:57:13 +0000
committer: tb <> 2024-03-25 03:57:13 +0000
commit: 6c7df18da074bcefc29113218417b2749fca4fc0 (patch)
tree: 6d2f4e8f159d4b4105f62b306819960eb876e93c
parent: 3a5ecf615999de2ca423f35d445edcac87059b45 (diff)
download: openbsd-6c7df18da074bcefc29113218417b2749fca4fc0.tar.gz
openbsd-6c7df18da074bcefc29113218417b2749fca4fc0.tar.bz2
openbsd-6c7df18da074bcefc29113218417b2749fca4fc0.zip
1 files changed, 31 insertions, 79 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 3466268940..f0f99931eb 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.52 2024/03/25 02:18:35 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.53 2024/03/25 03:57:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -68,12 +68,6 @@
 #include "x509_internal.h"
 #include "x509_local.h"
-typedef struct x509_trust_st {
-        int trust;
-        int (*check_trust)(int, const X509 *);
-        int nid;
-} X509_TRUST;
 static int
 obj_trust(int id, const X509 *x)
 {
@@ -130,62 +124,10 @@ trust_1oid(int nid, const X509 *x)
        return X509_TRUST_UNTRUSTED;
 }
-/* WARNING: the following table should be kept in order of trust
- * and without any gaps so we can just subtract the minimum trust
- * value to get an index into the table
- */
-static const X509_TRUST trstandard[] = {
-        {
-                .trust = X509_TRUST_COMPAT,
-                .check_trust = trust_compat,
-        },
-        {
-                .trust = X509_TRUST_SSL_CLIENT,
-                .check_trust = trust_1oidany,
-                .nid = NID_client_auth,
-        },
-        {
-                .trust = X509_TRUST_SSL_SERVER,
-                .check_trust = trust_1oidany,
-                .nid = NID_server_auth,
-        },
-        {
-                .trust = X509_TRUST_EMAIL,
-                .check_trust = trust_1oidany,
-                .nid = NID_email_protect,
-        },
-        {
-                .trust = X509_TRUST_OBJECT_SIGN,
-                .check_trust = trust_1oidany,
-                .nid = NID_code_sign,
-        },
-        {
-                .trust = X509_TRUST_OCSP_SIGN,
-                .check_trust = trust_1oid,
-                .nid = NID_OCSP_sign,
-        },
-        {
-                .trust = X509_TRUST_OCSP_REQUEST,
-                .check_trust = trust_1oid,
-                .nid = NID_ad_OCSP,
-        },
-        {
-                .trust = X509_TRUST_TSA,
-                .check_trust = trust_1oidany,
-                .nid = NID_time_stamp,
-        },
-};
-#define X509_TRUST_COUNT        (sizeof(trstandard) / sizeof(trstandard[0]))
-CTASSERT(X509_TRUST_MIN == 1 && X509_TRUST_MAX == X509_TRUST_COUNT);
 int
 X509_check_trust(X509 *x, int trust_id, int flags)
 {
-        const X509_TRUST *trust;
+        int rv;
-        int idx;
        if (trust_id == -1)
                return 1;
@@ -194,29 +136,39 @@ X509_check_trust(X509 *x, int trust_id, int flags)
        if (!x509v3_cache_extensions(x))
                return X509_TRUST_UNTRUSTED;
-        /*
+        switch (trust_id) {
-         * XXX beck/jsing This enables self signed certs to be trusted for
+        case 0:
-         * an unspecified id/trust flag value (this is NOT the
+                /*
-         * X509_TRUST_DEFAULT), which was the longstanding
+                 * XXX beck/jsing This enables self signed certs to be trusted
-         * openssl behaviour. boringssl does not have this behaviour.
+                 * for an unspecified id/trust flag value (this is NOT the
-         *
+                 * X509_TRUST_DEFAULT), which was the longstanding openssl
-         * This should be revisited, but changing the default "not default"
+                 * behaviour. boringssl does not have this behaviour.
-         * may break things.
+                 *
-         */
+                 * This should be revisited, but changing the default
-        if (trust_id == 0) {
+                 * "not default" may break things.
-                int rv;
+                 */
                rv = obj_trust(NID_anyExtendedKeyUsage, x);
                if (rv != X509_TRUST_UNTRUSTED)
                        return rv;
                return trust_compat(NID_undef, x);
-        }
+        case X509_TRUST_COMPAT:
+                return trust_compat(NID_undef, x);
-        if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX)
+        case X509_TRUST_SSL_CLIENT:
+                return trust_1oidany(NID_client_auth, x);
+        case X509_TRUST_SSL_SERVER:
+                return trust_1oidany(NID_server_auth, x);
+        case X509_TRUST_EMAIL:
+                return trust_1oidany(NID_email_protect, x);
+        case X509_TRUST_OBJECT_SIGN:
+                return trust_1oidany(NID_code_sign, x);
+        case X509_TRUST_OCSP_SIGN:
+                return trust_1oid(NID_OCSP_sign, x);
+        case X509_TRUST_OCSP_REQUEST:
+                return trust_1oid(NID_ad_OCSP, x);
+        case X509_TRUST_TSA:
+                return trust_1oidany(NID_time_stamp, x);
+        default:
                return obj_trust(trust_id, x);
+        }
-        idx = trust_id - X509_TRUST_MIN;
-        trust = &trstandard[idx];
-        return trust->check_trust(trust->nid, x);
 }
 LCRYPTO_ALIAS(X509_check_trust);
author	tb <>	2024-03-25 03:57:13 +0000
committer	tb <>	2024-03-25 03:57:13 +0000
commit	6c7df18da074bcefc29113218417b2749fca4fc0 (patch)
tree	6d2f4e8f159d4b4105f62b306819960eb876e93c
parent	3a5ecf615999de2ca423f35d445edcac87059b45 (diff)
download	openbsd-6c7df18da074bcefc29113218417b2749fca4fc0.tar.gz openbsd-6c7df18da074bcefc29113218417b2749fca4fc0.tar.bz2 openbsd-6c7df18da074bcefc29113218417b2749fca4fc0.zip

diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 3466268940..f0f99931eb 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_trs.c,v 1.52 2024/03/25 02:18:35 tb Exp $ */	1	/* $OpenBSD: x509_trs.c,v 1.53 2024/03/25 03:57:13 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -68,12 +68,6 @@
68	#include "x509_internal.h"	68	#include "x509_internal.h"
69	#include "x509_local.h"	69	#include "x509_local.h"
70		70
71	typedef struct x509_trust_st {
72	int trust;
73	int (check_trust)(int, const X509 );
74	int nid;
75	} X509_TRUST;
76
77	static int	71	static int
78	obj_trust(int id, const X509 *x)	72	obj_trust(int id, const X509 *x)
79	{	73	{
@@ -130,62 +124,10 @@ trust_1oid(int nid, const X509 *x)
130	return X509_TRUST_UNTRUSTED;	124	return X509_TRUST_UNTRUSTED;
131	}	125	}
132		126
133	/* WARNING: the following table should be kept in order of trust
134	* and without any gaps so we can just subtract the minimum trust
135	* value to get an index into the table
136	*/
137
138	static const X509_TRUST trstandard[] = {
139	{
140	.trust = X509_TRUST_COMPAT,
141	.check_trust = trust_compat,
142	},
143	{
144	.trust = X509_TRUST_SSL_CLIENT,
145	.check_trust = trust_1oidany,
146	.nid = NID_client_auth,
147	},
148	{
149	.trust = X509_TRUST_SSL_SERVER,
150	.check_trust = trust_1oidany,
151	.nid = NID_server_auth,
152	},
153	{
154	.trust = X509_TRUST_EMAIL,
155	.check_trust = trust_1oidany,
156	.nid = NID_email_protect,
157	},
158	{
159	.trust = X509_TRUST_OBJECT_SIGN,
160	.check_trust = trust_1oidany,
161	.nid = NID_code_sign,
162	},
163	{
164	.trust = X509_TRUST_OCSP_SIGN,
165	.check_trust = trust_1oid,
166	.nid = NID_OCSP_sign,
167	},
168	{
169	.trust = X509_TRUST_OCSP_REQUEST,
170	.check_trust = trust_1oid,
171	.nid = NID_ad_OCSP,
172	},
173	{
174	.trust = X509_TRUST_TSA,
175	.check_trust = trust_1oidany,
176	.nid = NID_time_stamp,
177	},
178	};
179
180	#define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0]))
181
182	CTASSERT(X509_TRUST_MIN == 1 && X509_TRUST_MAX == X509_TRUST_COUNT);
183
184	int	127	int
185	X509_check_trust(X509 *x, int trust_id, int flags)	128	X509_check_trust(X509 *x, int trust_id, int flags)
186	{	129	{
187	const X509_TRUST *trust;	130	int rv;
188	int idx;
189		131
190	if (trust_id == -1)	132	if (trust_id == -1)
191	return 1;	133	return 1;
@@ -194,29 +136,39 @@ X509_check_trust(X509 *x, int trust_id, int flags)
194	if (!x509v3_cache_extensions(x))	136	if (!x509v3_cache_extensions(x))
195	return X509_TRUST_UNTRUSTED;	137	return X509_TRUST_UNTRUSTED;
196		138
197	/*	139	switch (trust_id) {
198	* XXX beck/jsing This enables self signed certs to be trusted for	140	case 0:
199	* an unspecified id/trust flag value (this is NOT the	141	/*
200	* X509_TRUST_DEFAULT), which was the longstanding	142	* XXX beck/jsing This enables self signed certs to be trusted
201	* openssl behaviour. boringssl does not have this behaviour.	143	* for an unspecified id/trust flag value (this is NOT the
202	*	144	* X509_TRUST_DEFAULT), which was the longstanding openssl
203	* This should be revisited, but changing the default "not default"	145	* behaviour. boringssl does not have this behaviour.
204	* may break things.	146	*
205	*/	147	* This should be revisited, but changing the default
206	if (trust_id == 0) {	148	* "not default" may break things.
207	int rv;	149	*/
208	rv = obj_trust(NID_anyExtendedKeyUsage, x);	150	rv = obj_trust(NID_anyExtendedKeyUsage, x);
209	if (rv != X509_TRUST_UNTRUSTED)	151	if (rv != X509_TRUST_UNTRUSTED)
210	return rv;	152	return rv;
211	return trust_compat(NID_undef, x);	153	return trust_compat(NID_undef, x);
212	}	154	case X509_TRUST_COMPAT:
213		155	return trust_compat(NID_undef, x);
214	if (trust_id < X509_TRUST_MIN \|\| trust_id > X509_TRUST_MAX)	156	case X509_TRUST_SSL_CLIENT:
		157	return trust_1oidany(NID_client_auth, x);
		158	case X509_TRUST_SSL_SERVER:
		159	return trust_1oidany(NID_server_auth, x);
		160	case X509_TRUST_EMAIL:
		161	return trust_1oidany(NID_email_protect, x);
		162	case X509_TRUST_OBJECT_SIGN:
		163	return trust_1oidany(NID_code_sign, x);
		164	case X509_TRUST_OCSP_SIGN:
		165	return trust_1oid(NID_OCSP_sign, x);
		166	case X509_TRUST_OCSP_REQUEST:
		167	return trust_1oid(NID_ad_OCSP, x);
		168	case X509_TRUST_TSA:
		169	return trust_1oidany(NID_time_stamp, x);
		170	default:
215	return obj_trust(trust_id, x);	171	return obj_trust(trust_id, x);
216		172	}
217	idx = trust_id - X509_TRUST_MIN;
218	trust = &trstandard[idx];
219
220	return trust->check_trust(trust->nid, x);
221	}	173	}
222	LCRYPTO_ALIAS(X509_check_trust);	174	LCRYPTO_ALIAS(X509_check_trust);