diff options
| author | tb <> | 2024-01-10 17:31:28 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-10 17:31:28 +0000 |
| commit | 4727d280f7f2b3ef945bdccedd807691b37adf71 (patch) | |
| tree | 957b6cdb7630afb290d867ebba18eaeb4f705157 /src/lib | |
| parent | fbef5c2170a79b6796e612aabcc265b143bfa91e (diff) | |
| download | openbsd-4727d280f7f2b3ef945bdccedd807691b37adf71.tar.gz openbsd-4727d280f7f2b3ef945bdccedd807691b37adf71.tar.bz2 openbsd-4727d280f7f2b3ef945bdccedd807691b37adf71.zip | |
Rework X509_STORE_CTX_set_{purpose,trust}()
Split the two codepaths in x509_vfy_purpose_inherit() into its two callers.
What remains is gross, but at least a reader has a chance of following all
this nonsense without leaving a significant amount of hair behind.
In short, purpose and trust are only overridden if they're not already
set. Otherwise silently ignore valid purpose and trust identifiers that
were passed in and succeed. Error on almost all invalid trust or purpose
ids, except 0, because... well... who knows, really?
ok jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 71 |
1 files changed, 35 insertions, 36 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index ada8ec1248..60a37229b2 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.138 2024/01/09 07:25:57 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.139 2024/01/10 17:31:28 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2182,54 +2182,53 @@ X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | |||
| 2182 | } | 2182 | } |
| 2183 | LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); | 2183 | LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); |
| 2184 | 2184 | ||
| 2185 | static int | 2185 | int |
| 2186 | x509_vfy_purpose_inherit(X509_STORE_CTX *ctx, int purpose, int trust) | 2186 | X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose_id) |
| 2187 | { | 2187 | { |
| 2188 | /* If we have a purpose then check it is valid */ | 2188 | const X509_PURPOSE *purpose; |
| 2189 | if (purpose != 0) { | 2189 | int idx; |
| 2190 | const X509_PURPOSE *purp; | ||
| 2191 | int purpose_idx; | ||
| 2192 | 2190 | ||
| 2193 | if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) { | 2191 | /* XXX - Match wacky/documented behavior. Do we need to keep this? */ |
| 2194 | X509error(X509_R_UNKNOWN_PURPOSE_ID); | 2192 | if (purpose_id == 0) |
| 2195 | return 0; | 2193 | return 1; |
| 2196 | } | ||
| 2197 | purpose_idx = purpose - X509_PURPOSE_MIN; | ||
| 2198 | if ((purp = X509_PURPOSE_get0(purpose_idx)) == NULL) { | ||
| 2199 | X509error(X509_R_UNKNOWN_PURPOSE_ID); | ||
| 2200 | return 0; | ||
| 2201 | } | ||
| 2202 | 2194 | ||
| 2203 | /* If trust is unset, use the purpose's trust. */ | 2195 | if (purpose_id < X509_PURPOSE_MIN || purpose_id > X509_PURPOSE_MAX) { |
| 2204 | if (trust == 0) | 2196 | X509error(X509_R_UNKNOWN_PURPOSE_ID); |
| 2205 | trust = purp->trust; | 2197 | return 0; |
| 2206 | } | 2198 | } |
| 2207 | if (trust != 0) { | 2199 | idx = purpose_id - X509_PURPOSE_MIN; |
| 2208 | if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) { | 2200 | if ((purpose = X509_PURPOSE_get0(idx)) == NULL) { |
| 2209 | X509error(X509_R_UNKNOWN_TRUST_ID); | 2201 | X509error(X509_R_UNKNOWN_PURPOSE_ID); |
| 2210 | return 0; | 2202 | return 0; |
| 2211 | } | ||
| 2212 | } | 2203 | } |
| 2213 | 2204 | ||
| 2214 | if (purpose != 0 && ctx->param->purpose == 0) | 2205 | /* XXX - Succeeding while ignoring purpose_id and trust is awful. */ |
| 2215 | ctx->param->purpose = purpose; | 2206 | if (ctx->param->purpose == 0) |
| 2216 | if (trust != 0 && ctx->param->trust == 0) | 2207 | ctx->param->purpose = purpose_id; |
| 2217 | ctx->param->trust = trust; | 2208 | if (ctx->param->trust == 0) |
| 2209 | ctx->param->trust = purpose->trust; | ||
| 2218 | 2210 | ||
| 2219 | return 1; | 2211 | return 1; |
| 2220 | } | 2212 | } |
| 2221 | |||
| 2222 | int | ||
| 2223 | X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) | ||
| 2224 | { | ||
| 2225 | return x509_vfy_purpose_inherit(ctx, purpose, 0); | ||
| 2226 | } | ||
| 2227 | LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); | 2213 | LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); |
| 2228 | 2214 | ||
| 2229 | int | 2215 | int |
| 2230 | X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) | 2216 | X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust_id) |
| 2231 | { | 2217 | { |
| 2232 | return x509_vfy_purpose_inherit(ctx, 0, trust); | 2218 | /* XXX - Match wacky/documented behavior. Do we need to keep this? */ |
| 2219 | if (trust_id == 0) | ||
| 2220 | return 1; | ||
| 2221 | |||
| 2222 | if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) { | ||
| 2223 | X509error(X509_R_UNKNOWN_TRUST_ID); | ||
| 2224 | return 0; | ||
| 2225 | } | ||
| 2226 | |||
| 2227 | /* XXX - Succeeding while ignoring the trust_id is awful. */ | ||
| 2228 | if (ctx->param->trust == 0) | ||
| 2229 | ctx->param->trust = trust_id; | ||
| 2230 | |||
| 2231 | return 1; | ||
| 2233 | } | 2232 | } |
| 2234 | LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); | 2233 | LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); |
| 2235 | 2234 | ||