summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_trs.c
diff options
context:
space:
mode:
authortb <>2024-03-25 01:00:02 +0000
committertb <>2024-03-25 01:00:02 +0000
commit21bac5f71fbe0b73178f8c5bd627fdfa570a5822 (patch)
tree1172c424e6d961d11247afb80c7eec76e348fc84 /src/lib/libcrypto/x509/x509_trs.c
parent186b5fced9756283591facb6be815bffee027f63 (diff)
downloadopenbsd-21bac5f71fbe0b73178f8c5bd627fdfa570a5822.tar.gz
openbsd-21bac5f71fbe0b73178f8c5bd627fdfa570a5822.tar.bz2
openbsd-21bac5f71fbe0b73178f8c5bd627fdfa570a5822.zip
Pass the nid instead of the entire trust structure
This code is so ridiculously overengineered that it is an achievement even by early OpenSSL standards. ok beck
Diffstat (limited to 'src/lib/libcrypto/x509/x509_trs.c')
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 72238761c8..1cec0760f2 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_trs.c,v 1.49 2024/03/25 00:46:57 tb Exp $ */ 1/* $OpenBSD: x509_trs.c,v 1.50 2024/03/25 01:00:02 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -70,7 +70,7 @@
70 70
71typedef struct x509_trust_st { 71typedef struct x509_trust_st {
72 int trust; 72 int trust;
73 int (*check_trust)(struct x509_trust_st *, X509 *); 73 int (*check_trust)(int, X509 *);
74 int nid; 74 int nid;
75} X509_TRUST; 75} X509_TRUST;
76 76
@@ -102,7 +102,7 @@ obj_trust(int id, X509 *x)
102} 102}
103 103
104static int 104static int
105trust_compat(X509_TRUST *trust, X509 *x) 105trust_compat(int nid, X509 *x)
106{ 106{
107 /* Extensions already cached in X509_check_trust(). */ 107 /* Extensions already cached in X509_check_trust(). */
108 if (x->ex_flags & EXFLAG_SS) 108 if (x->ex_flags & EXFLAG_SS)
@@ -112,21 +112,21 @@ trust_compat(X509_TRUST *trust, X509 *x)
112} 112}
113 113
114static int 114static int
115trust_1oidany(X509_TRUST *trust, X509 *x) 115trust_1oidany(int nid, X509 *x)
116{ 116{
117 if (x->aux && (x->aux->trust || x->aux->reject)) 117 if (x->aux && (x->aux->trust || x->aux->reject))
118 return obj_trust(trust->nid, x); 118 return obj_trust(nid, x);
119 /* we don't have any trust settings: for compatibility 119 /* we don't have any trust settings: for compatibility
120 * we return trusted if it is self signed 120 * we return trusted if it is self signed
121 */ 121 */
122 return trust_compat(trust, x); 122 return trust_compat(NID_undef, x);
123} 123}
124 124
125static int 125static int
126trust_1oid(X509_TRUST *trust, X509 *x) 126trust_1oid(int nid, X509 *x)
127{ 127{
128 if (x->aux) 128 if (x->aux)
129 return obj_trust(trust->nid, x); 129 return obj_trust(nid, x);
130 return X509_TRUST_UNTRUSTED; 130 return X509_TRUST_UNTRUSTED;
131} 131}
132 132
@@ -208,7 +208,7 @@ X509_check_trust(X509 *x, int trust_id, int flags)
208 rv = obj_trust(NID_anyExtendedKeyUsage, x); 208 rv = obj_trust(NID_anyExtendedKeyUsage, x);
209 if (rv != X509_TRUST_UNTRUSTED) 209 if (rv != X509_TRUST_UNTRUSTED)
210 return rv; 210 return rv;
211 return trust_compat(NULL, x); 211 return trust_compat(NID_undef, x);
212 } 212 }
213 213
214 if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) 214 if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX)
@@ -217,6 +217,6 @@ X509_check_trust(X509 *x, int trust_id, int flags)
217 idx = trust_id - X509_TRUST_MIN; 217 idx = trust_id - X509_TRUST_MIN;
218 trust = &trstandard[idx]; 218 trust = &trstandard[idx];
219 219
220 return trust->check_trust((X509_TRUST *)trust, x); 220 return trust->check_trust(trust->nid, x);
221} 221}
222LCRYPTO_ALIAS(X509_check_trust); 222LCRYPTO_ALIAS(X509_check_trust);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 14:50:24 +0000