diff options
| author | tb <> | 2024-01-13 19:57:38 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-13 19:57:38 +0000 |
| commit | 747351e7dead16f2802a622ac2490e737ae2b3b6 (patch) | |
| tree | a585997b4310f31a5697f4ff3bac553b8ea7a394 /src | |
| parent | e813b47beeda7c1bd4dfbe3de4469807858cd579 (diff) | |
| download | openbsd-747351e7dead16f2802a622ac2490e737ae2b3b6.tar.gz openbsd-747351e7dead16f2802a622ac2490e737ae2b3b6.tar.bz2 openbsd-747351e7dead16f2802a622ac2490e737ae2b3b6.zip | |
Prepare for removing most of the X509_TRUST API
X509_check_trust() is of course used by the verifier. Unfortunately
M2Crypto exposes it. The only other part of the X509_TRUST API that
are still needed are the X509_TRUST_* macros in x509.h, as they are
used via *_set_trust and indirectly via the purpose stuff. The rest
will be removed.
X509_TRUST_add() was defanged recently, in particular it no longer
hangs strdup()'ed strings off the global struct. Nothing ever cleaned
these up. TRUST_cleanup() attempted to do so, but since it checked
the dynamic/dynamic strings flags in the wrong order, that cleanup
call ended up doing nothing, so that code was removed at some point.
As a consequence, the struct can now be made const. Use a CTASSERT()
to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and
X509_TRUST_MIN hold true.
Remove the global variable underlying X509_TRUST_set_default()'s
functionality and move its accessor down to all the other functions
that will be deleted.
Inline a few things in X509_check_trust(), so we can excise the
internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the
default trust function can no longer be changed, call obj_trust()
directly.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 76 |
1 files changed, 35 insertions, 41 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index efa648c9eb..a6fc4d61c5 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.39 2024/01/10 21:34:53 tb Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.40 2024/01/13 19:57:38 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -64,6 +64,7 @@ | |||
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 65 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
| 66 | 66 | ||
| 67 | #include "crypto_internal.h" | ||
| 67 | #include "x509_local.h" | 68 | #include "x509_local.h" |
| 68 | 69 | ||
| 69 | static int | 70 | static int |
| @@ -129,7 +130,7 @@ trust_1oid(X509_TRUST *trust, X509 *x, int flags) | |||
| 129 | * value to get an index into the table | 130 | * value to get an index into the table |
| 130 | */ | 131 | */ |
| 131 | 132 | ||
| 132 | static X509_TRUST trstandard[] = { | 133 | static const X509_TRUST trstandard[] = { |
| 133 | { | 134 | { |
| 134 | .trust = X509_TRUST_COMPAT, | 135 | .trust = X509_TRUST_COMPAT, |
| 135 | .check_trust = trust_compat, | 136 | .check_trust = trust_compat, |
| @@ -181,27 +182,17 @@ static X509_TRUST trstandard[] = { | |||
| 181 | 182 | ||
| 182 | #define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0])) | 183 | #define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0])) |
| 183 | 184 | ||
| 184 | static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; | 185 | CTASSERT(X509_TRUST_MIN == 1 && X509_TRUST_MAX == X509_TRUST_COUNT); |
| 185 | 186 | ||
| 186 | int | 187 | int |
| 187 | (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) | 188 | X509_check_trust(X509 *x, int trust_id, int flags) |
| 188 | { | ||
| 189 | int (*oldtrust)(int , X509 *, int); | ||
| 190 | |||
| 191 | oldtrust = default_trust; | ||
| 192 | default_trust = trust; | ||
| 193 | return oldtrust; | ||
| 194 | } | ||
| 195 | LCRYPTO_ALIAS(X509_TRUST_set_default); | ||
| 196 | |||
| 197 | int | ||
| 198 | X509_check_trust(X509 *x, int id, int flags) | ||
| 199 | { | 189 | { |
| 200 | X509_TRUST *pt; | 190 | const X509_TRUST *trust; |
| 201 | int idx; | 191 | int idx; |
| 202 | 192 | ||
| 203 | if (id == -1) | 193 | if (trust_id == -1) |
| 204 | return 1; | 194 | return 1; |
| 195 | |||
| 205 | /* | 196 | /* |
| 206 | * XXX beck/jsing This enables self signed certs to be trusted for | 197 | * XXX beck/jsing This enables self signed certs to be trusted for |
| 207 | * an unspecified id/trust flag value (this is NOT the | 198 | * an unspecified id/trust flag value (this is NOT the |
| @@ -211,21 +202,36 @@ X509_check_trust(X509 *x, int id, int flags) | |||
| 211 | * This should be revisited, but changing the default "not default" | 202 | * This should be revisited, but changing the default "not default" |
| 212 | * may break things. | 203 | * may break things. |
| 213 | */ | 204 | */ |
| 214 | if (id == 0) { | 205 | if (trust_id == 0) { |
| 215 | int rv; | 206 | int rv; |
| 216 | rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); | 207 | rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); |
| 217 | if (rv != X509_TRUST_UNTRUSTED) | 208 | if (rv != X509_TRUST_UNTRUSTED) |
| 218 | return rv; | 209 | return rv; |
| 219 | return trust_compat(NULL, x, 0); | 210 | return trust_compat(NULL, x, 0); |
| 220 | } | 211 | } |
| 221 | idx = X509_TRUST_get_by_id(id); | 212 | |
| 222 | if (idx == -1) | 213 | if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) |
| 223 | return default_trust(id, x, flags); | 214 | return obj_trust(trust_id, x, flags); |
| 224 | pt = X509_TRUST_get0(idx); | 215 | |
| 225 | return pt->check_trust(pt, x, flags); | 216 | idx = trust_id - X509_TRUST_MIN; |
| 217 | trust = &trstandard[idx]; | ||
| 218 | |||
| 219 | return trust->check_trust((X509_TRUST *)trust, x, flags); | ||
| 226 | } | 220 | } |
| 227 | LCRYPTO_ALIAS(X509_check_trust); | 221 | LCRYPTO_ALIAS(X509_check_trust); |
| 228 | 222 | ||
| 223 | /* | ||
| 224 | * Remove all the functions below in the next bump. | ||
| 225 | */ | ||
| 226 | |||
| 227 | int | ||
| 228 | (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) | ||
| 229 | { | ||
| 230 | X509error(ERR_R_DISABLED); | ||
| 231 | return NULL; | ||
| 232 | } | ||
| 233 | LCRYPTO_ALIAS(X509_TRUST_set_default); | ||
| 234 | |||
| 229 | int | 235 | int |
| 230 | X509_TRUST_get_count(void) | 236 | X509_TRUST_get_count(void) |
| 231 | { | 237 | { |
| @@ -236,36 +242,24 @@ LCRYPTO_ALIAS(X509_TRUST_get_count); | |||
| 236 | X509_TRUST * | 242 | X509_TRUST * |
| 237 | X509_TRUST_get0(int idx) | 243 | X509_TRUST_get0(int idx) |
| 238 | { | 244 | { |
| 239 | if (idx < 0 || (size_t)idx >= X509_TRUST_COUNT) | 245 | X509error(ERR_R_DISABLED); |
| 240 | return NULL; | 246 | return NULL; |
| 241 | |||
| 242 | return &trstandard[idx]; | ||
| 243 | } | 247 | } |
| 244 | LCRYPTO_ALIAS(X509_TRUST_get0); | 248 | LCRYPTO_ALIAS(X509_TRUST_get0); |
| 245 | 249 | ||
| 246 | int | 250 | int |
| 247 | X509_TRUST_get_by_id(int id) | 251 | X509_TRUST_get_by_id(int id) |
| 248 | { | 252 | { |
| 249 | /* | 253 | X509error(ERR_R_DISABLED); |
| 250 | * Ensure the trust identifier is between MIN and MAX inclusive. | 254 | return -1; |
| 251 | * If so, translate it into an index into the trstandard[] table. | ||
| 252 | */ | ||
| 253 | if (id < X509_TRUST_MIN || id > X509_TRUST_MAX) | ||
| 254 | return -1; | ||
| 255 | |||
| 256 | return id - X509_TRUST_MIN; | ||
| 257 | } | 255 | } |
| 258 | LCRYPTO_ALIAS(X509_TRUST_get_by_id); | 256 | LCRYPTO_ALIAS(X509_TRUST_get_by_id); |
| 259 | 257 | ||
| 260 | int | 258 | int |
| 261 | X509_TRUST_set(int *t, int trust) | 259 | X509_TRUST_set(int *t, int trust) |
| 262 | { | 260 | { |
| 263 | if (X509_TRUST_get_by_id(trust) == -1) { | 261 | X509error(ERR_R_DISABLED); |
| 264 | X509error(X509_R_INVALID_TRUST); | 262 | return 0; |
| 265 | return 0; | ||
| 266 | } | ||
| 267 | *t = trust; | ||
| 268 | return 1; | ||
| 269 | } | 263 | } |
| 270 | LCRYPTO_ALIAS(X509_TRUST_set); | 264 | LCRYPTO_ALIAS(X509_TRUST_set); |
| 271 | 265 | ||