diff options
| author | tb <> | 2024-01-08 10:06:50 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-08 10:06:50 +0000 |
| commit | c390b3b10d74554b4ac407b54a53224bf34f4f9c (patch) | |
| tree | 967cc444a255bd5326ac0e5ad68ac93abc1cf17f /src/lib | |
| parent | a8d2df2a35f302fe7d928b1f670b5ad61213b2f9 (diff) | |
| download | openbsd-c390b3b10d74554b4ac407b54a53224bf34f4f9c.tar.gz openbsd-c390b3b10d74554b4ac407b54a53224bf34f4f9c.tar.bz2 openbsd-c390b3b10d74554b4ac407b54a53224bf34f4f9c.zip | |
Disable X509_STORE_CTX_purpose_inherit()
Nothing uses this function, except two internal callers. So split its guts
temporarily into a helper function and disable the gross general case.
The internal helper can be simplified by observing that def_purpose == 0:
Overriding 0 by 0 doesn't do anything, so drop that bit. Rename ptmp into
purp, and inline X509_PURPOSE_get_by_id(), i.e., make appropriate checks and
subtract X509_PURPOSE_MIN. The fallback to X509_PURPOSE_get_by_id(0) will
always fail since X509_PURPOSE_MIN == 1. So ditch that call. In particular,
X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_ANY) fails in current because
of this. That's nonsense. So remove the purp->trust == X509_TRUST_DEFAULT
check as only change of behavior. This matches what OpenSSL do nowadays.
They now set def_purpose = purpose if purpose != 0 and def_purpose == 0,
so in all real-world uses of this function they will just fetch the same
purpose again and do not check for default trust the second time around.
Finally, X509_TRUST_get_by_id() is only used to ensure that a non-zero (or
overridden) trust is between X509_TRUST_MIN and X509_TRUST_MAX. So expand
that into its explicit form.
ok jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 92aa9dfc5b..3d6b68afee 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.136 2024/01/07 18:15:42 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.137 2024/01/08 10:06:50 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2177,35 +2177,35 @@ int | |||
| 2177 | X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | 2177 | X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, |
| 2178 | int purpose, int trust) | 2178 | int purpose, int trust) |
| 2179 | { | 2179 | { |
| 2180 | int idx; | 2180 | X509error(ERR_R_DISABLED); |
| 2181 | return 0; | ||
| 2182 | } | ||
| 2183 | LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); | ||
| 2181 | 2184 | ||
| 2182 | /* If purpose not set use default */ | 2185 | static int |
| 2183 | if (purpose == 0) | 2186 | x509_vfy_purpose_inherit(X509_STORE_CTX *ctx, int purpose, int trust) |
| 2184 | purpose = def_purpose; | 2187 | { |
| 2185 | /* If we have a purpose then check it is valid */ | 2188 | /* If we have a purpose then check it is valid */ |
| 2186 | if (purpose != 0) { | 2189 | if (purpose != 0) { |
| 2187 | X509_PURPOSE *ptmp; | 2190 | const X509_PURPOSE *purp; |
| 2188 | idx = X509_PURPOSE_get_by_id(purpose); | 2191 | int purpose_idx; |
| 2189 | if (idx == -1) { | 2192 | |
| 2193 | if (purpose < X509_PURPOSE_MIN || purpose > X509_TRUST_MAX) { | ||
| 2190 | X509error(X509_R_UNKNOWN_PURPOSE_ID); | 2194 | X509error(X509_R_UNKNOWN_PURPOSE_ID); |
| 2191 | return 0; | 2195 | return 0; |
| 2192 | } | 2196 | } |
| 2193 | ptmp = X509_PURPOSE_get0(idx); | 2197 | purpose_idx = purpose - X509_PURPOSE_MIN; |
| 2194 | if (ptmp->trust == X509_TRUST_DEFAULT) { | 2198 | if ((purp = X509_PURPOSE_get0(purpose_idx)) == NULL) { |
| 2195 | idx = X509_PURPOSE_get_by_id(def_purpose); | 2199 | X509error(X509_R_UNKNOWN_PURPOSE_ID); |
| 2196 | if (idx == -1) { | 2200 | return 0; |
| 2197 | X509error(X509_R_UNKNOWN_PURPOSE_ID); | ||
| 2198 | return 0; | ||
| 2199 | } | ||
| 2200 | ptmp = X509_PURPOSE_get0(idx); | ||
| 2201 | } | 2201 | } |
| 2202 | /* If trust not set then get from purpose default */ | 2202 | |
| 2203 | /* If trust is unset, use the purpose's trust. */ | ||
| 2203 | if (trust == 0) | 2204 | if (trust == 0) |
| 2204 | trust = ptmp->trust; | 2205 | trust = purp->trust; |
| 2205 | } | 2206 | } |
| 2206 | if (trust != 0) { | 2207 | if (trust != 0) { |
| 2207 | idx = X509_TRUST_get_by_id(trust); | 2208 | if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) { |
| 2208 | if (idx == -1) { | ||
| 2209 | X509error(X509_R_UNKNOWN_TRUST_ID); | 2209 | X509error(X509_R_UNKNOWN_TRUST_ID); |
| 2210 | return 0; | 2210 | return 0; |
| 2211 | } | 2211 | } |
| @@ -2218,19 +2218,18 @@ X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | |||
| 2218 | 2218 | ||
| 2219 | return 1; | 2219 | return 1; |
| 2220 | } | 2220 | } |
| 2221 | LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); | ||
| 2222 | 2221 | ||
| 2223 | int | 2222 | int |
| 2224 | X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) | 2223 | X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) |
| 2225 | { | 2224 | { |
| 2226 | return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); | 2225 | return x509_vfy_purpose_inherit(ctx, purpose, 0); |
| 2227 | } | 2226 | } |
| 2228 | LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); | 2227 | LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); |
| 2229 | 2228 | ||
| 2230 | int | 2229 | int |
| 2231 | X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) | 2230 | X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) |
| 2232 | { | 2231 | { |
| 2233 | return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); | 2232 | return x509_vfy_purpose_inherit(ctx, 0, trust); |
| 2234 | } | 2233 | } |
| 2235 | LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); | 2234 | LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); |
| 2236 | 2235 | ||