Fix the horrible and undocumented behaviour of X509_check_trust

Of allowing you to pass in a NID directly, instead of a trust_id, and have it work, as long as the trust_id's and the NID's did not overlap. This screwball behaviour was depended upon by the OCSP code that called X509_check_trust with the NID, instead of the trust id, so let's fix that. We also rename the confusingly named X509_TRUST_DEFAULT to X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill this to remove the confusingly named static functions. This will shortly be follwed up by making this function private, so we have not bothered to fix the amazingly obtuse man page as it will be taken behind the barn at that time. ok tb@
author: beck <> 2024-07-12 18:15:10 +0000
committer: beck <> 2024-07-12 18:15:10 +0000
commit: d694a3319273a6e59cc84d958713e0342bfc206d (patch)
tree: caf914a4a8067bbc8e5b4712e3e4fbf8ffc4c380 /src
parent: a41114b964f05026c5489e35fb584a9f78de8fce (diff)
download: openbsd-d694a3319273a6e59cc84d958713e0342bfc206d.tar.gz
openbsd-d694a3319273a6e59cc84d958713e0342bfc206d.tar.bz2
openbsd-d694a3319273a6e59cc84d958713e0342bfc206d.zip
4 files changed, 73 insertions, 54 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index d197fe4ea7..27d2283ea7 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_vfy.c,v 1.23 2023/07/08 10:44:00 beck Exp $ */
+/* $OpenBSD: ocsp_vfy.c,v 1.24 2024/07/12 18:15:10 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -168,8 +168,8 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
                        goto end;
                x = sk_X509_value(chain, sk_X509_num(chain) - 1);
-                if (X509_check_trust(x, NID_OCSP_sign, 0) !=
+                if (X509_check_trust(x, X509_TRUST_OCSP_SIGN, 0) !=
-                        X509_TRUST_TRUSTED) {
+                    X509_TRUST_TRUSTED) {
                        OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED);
                        goto end;
                }
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
index 5b74b0d1bd..6b72678e7a 100644
--- a/src/lib/libcrypto/x509/x509_local.h
+++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_local.h,v 1.24 2024/04/08 23:46:21 beck Exp $ */
+/*      $OpenBSD: x509_local.h,v 1.25 2024/07/12 18:15:10 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2013.
 */
@@ -71,6 +71,14 @@ __BEGIN_HIDDEN_DECLS
 #define X509_CRL_HASH_EVP       EVP_sha512()
 #define X509_CRL_HASH_LEN       SHA512_DIGEST_LENGTH
+/*
+ * Used internally instead of the confusing X509_TRUST_DEFAULT,
+ * which is not the default for X509_check_trust.
+ * XXX Make X509_check_trust internal, and move the other
+ * X509_TRUST values here to clean up this mess.
+ */
+#define X509_TRUST_ACCEPT_ALL   -1
 struct X509_pubkey_st {
        X509_ALGOR *algor;
        ASN1_BIT_STRING *public_key;
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index d2e9277013..619a4b890a 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.42 2024/05/15 18:10:03 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.43 2024/07/12 18:15:10 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -150,7 +150,7 @@ static const X509_PURPOSE xstandard[] = {
        },
        {
                .purpose = X509_PURPOSE_ANY,
-                .trust = X509_TRUST_DEFAULT,
+                .trust = X509_TRUST_ACCEPT_ALL,
                .check_purpose = no_check,
                .name = "Any Purpose",
                .sname = "any",
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 78eb29555e..9ba8194ee0 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.56 2024/07/12 15:53:51 beck Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.57 2024/07/12 18:15:10 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -67,6 +67,23 @@
 #include "x509_local.h"
 static int
+trust_if_self_signed(const X509 *x)
+{
+        /* Extensions already cached in X509_check_trust(). */
+        if ((x->ex_flags & EXFLAG_SS) != 0)
+                return X509_TRUST_TRUSTED;
+        return X509_TRUST_UNTRUSTED;
+}
+static int
+trust_was_set(const X509 *x)
+{
+        return x->aux != NULL && (x->aux->trust != NULL ||
+            x->aux->reject != NULL);
+}
+static int
 obj_trust(int id, const X509 *x)
 {
        const X509_CERT_AUX *aux;
@@ -94,33 +111,31 @@ obj_trust(int id, const X509 *x)
 }
 static int
-trust_if_self_signed(const X509 *x)
+nid_from_trust_id(int trust_id)
-{
-        /* Extensions already cached in X509_check_trust(). */
-        if ((x->ex_flags & EXFLAG_SS) != 0)
-                return X509_TRUST_TRUSTED;
-        return X509_TRUST_UNTRUSTED;
-}
-static int
-trust_1oidany(int nid, const X509 *x)
 {
-        /* Inspect the certificate's trust settings if there are any. */
+        OPENSSL_assert(trust_id == 0 ||
-        if (x->aux != NULL && (x->aux->trust != NULL || x->aux->reject != NULL))
+            (trust_id >= X509_TRUST_MIN && trust_id <= X509_TRUST_MAX));
-                return obj_trust(nid, x);
-        /* For compatibility we return trusted if the cert is self signed. */
-        return trust_if_self_signed(x);
-}
-static int
+        switch (trust_id) {
-trust_1oid(int nid, const X509 *x)
+        case X509_TRUST_COMPAT:
-{
+                return NID_undef;
-        if (x->aux != NULL)
+        case X509_TRUST_SSL_CLIENT:
-                return obj_trust(nid, x);
+                return NID_client_auth;
+        case X509_TRUST_SSL_SERVER:
-        return X509_TRUST_UNTRUSTED;
+                return NID_server_auth;
+        case X509_TRUST_EMAIL:
+                return NID_email_protect;
+        case X509_TRUST_OBJECT_SIGN:
+                return NID_code_sign;
+        case X509_TRUST_OCSP_SIGN:
+                return NID_OCSP_sign;
+        case X509_TRUST_OCSP_REQUEST:
+                return NID_ad_OCSP;
+        case X509_TRUST_TSA:
+                return NID_time_stamp;
+        default:
+                return NID_undef;
+        }
 }
 int
@@ -128,40 +143,36 @@ X509_check_trust(X509 *x, int trust_id, int flags)
 {
        int rv;
-        if (trust_id == -1)
-                return 1;
        /* Call early so the trust handlers don't need to modify the certs. */
        if (!x509v3_cache_extensions(x))
                return X509_TRUST_UNTRUSTED;
+        /*
+         * XXX make X509_TRUST_ACCEPT_ALL a real boy once it does not
+         * need to have the same -1 value as X509_TRUST_DEFAULT
+         */
+        if (trust_id == X509_TRUST_ACCEPT_ALL)
+                return 1;
        switch (trust_id) {
-        case 0: /*
-                 * The default behaviour: If the certificate has EKU any, or it
-                 * is self-signed, it is trusted. Otherwise it is untrusted.
-                 */
-                rv = obj_trust(NID_anyExtendedKeyUsage, x);
-                if (rv != X509_TRUST_UNTRUSTED)
-                        return rv;
-                return trust_if_self_signed(x);
        case X509_TRUST_COMPAT:
                return trust_if_self_signed(x);
-        case X509_TRUST_SSL_CLIENT:
-                return trust_1oidany(NID_client_auth, x);
-        case X509_TRUST_SSL_SERVER:
-                return trust_1oidany(NID_server_auth, x);
        case X509_TRUST_EMAIL:
-                return trust_1oidany(NID_email_protect, x);
        case X509_TRUST_OBJECT_SIGN:
-                return trust_1oidany(NID_code_sign, x);
+        case X509_TRUST_SSL_SERVER:
+        case X509_TRUST_SSL_CLIENT:
+        case X509_TRUST_TSA:
+                if (trust_was_set(x))
+                        return obj_trust(nid_from_trust_id(trust_id), x);
+                return trust_if_self_signed(x);
        case X509_TRUST_OCSP_SIGN:
-                return trust_1oid(NID_OCSP_sign, x);
        case X509_TRUST_OCSP_REQUEST:
-                return trust_1oid(NID_ad_OCSP, x);
+                return obj_trust(nid_from_trust_id(trust_id), x);
-        case X509_TRUST_TSA:
-                return trust_1oidany(NID_time_stamp, x);
        default:
-                return obj_trust(trust_id, x);
+                rv = obj_trust(NID_anyExtendedKeyUsage, x);
+                if (rv != X509_TRUST_UNTRUSTED)
+                        return rv;
+                return trust_if_self_signed(x);
        }
 }
 LCRYPTO_ALIAS(X509_check_trust);
author	beck <>	2024-07-12 18:15:10 +0000
committer	beck <>	2024-07-12 18:15:10 +0000
commit	d694a3319273a6e59cc84d958713e0342bfc206d (patch)
tree	caf914a4a8067bbc8e5b4712e3e4fbf8ffc4c380 /src
parent	a41114b964f05026c5489e35fb584a9f78de8fce (diff)
download	openbsd-d694a3319273a6e59cc84d958713e0342bfc206d.tar.gz openbsd-d694a3319273a6e59cc84d958713e0342bfc206d.tar.bz2 openbsd-d694a3319273a6e59cc84d958713e0342bfc206d.zip

diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c index d197fe4ea7..27d2283ea7 100644 --- a/src/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocsp_vfy.c,v 1.23 2023/07/08 10:44:00 beck Exp $ */	1	/* $OpenBSD: ocsp_vfy.c,v 1.24 2024/07/12 18:15:10 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -168,8 +168,8 @@ OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs, X509_STORE *st,
168	goto end;	168	goto end;
169		169
170	x = sk_X509_value(chain, sk_X509_num(chain) - 1);	170	x = sk_X509_value(chain, sk_X509_num(chain) - 1);
171	if (X509_check_trust(x, NID_OCSP_sign, 0) !=	171	if (X509_check_trust(x, X509_TRUST_OCSP_SIGN, 0) !=
172	X509_TRUST_TRUSTED) {	172	X509_TRUST_TRUSTED) {
173	OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED);	173	OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED);
174	goto end;	174	goto end;
175	}	175	}


diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h index 5b74b0d1bd..6b72678e7a 100644 --- a/src/lib/libcrypto/x509/x509_local.h +++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_local.h,v 1.24 2024/04/08 23:46:21 beck Exp $ */	1	/* $OpenBSD: x509_local.h,v 1.25 2024/07/12 18:15:10 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2013.	3	* project 2013.
4	*/	4	*/
@@ -71,6 +71,14 @@ __BEGIN_HIDDEN_DECLS
71	#define X509_CRL_HASH_EVP EVP_sha512()	71	#define X509_CRL_HASH_EVP EVP_sha512()
72	#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH	72	#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH
73		73
		74	/*
		75	* Used internally instead of the confusing X509_TRUST_DEFAULT,
		76	* which is not the default for X509_check_trust.
		77	* XXX Make X509_check_trust internal, and move the other
		78	* X509_TRUST values here to clean up this mess.
		79	*/
		80	#define X509_TRUST_ACCEPT_ALL -1
		81
74	struct X509_pubkey_st {	82	struct X509_pubkey_st {
75	X509_ALGOR *algor;	83	X509_ALGOR *algor;
76	ASN1_BIT_STRING *public_key;	84	ASN1_BIT_STRING *public_key;


diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c index d2e9277013..619a4b890a 100644 --- a/src/lib/libcrypto/x509/x509_purp.c +++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_purp.c,v 1.42 2024/05/15 18:10:03 tb Exp $ */	1	/* $OpenBSD: x509_purp.c,v 1.43 2024/07/12 18:15:10 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.	3	* project 2001.
4	*/	4	*/
@@ -150,7 +150,7 @@ static const X509_PURPOSE xstandard[] = {
150	},	150	},
151	{	151	{
152	.purpose = X509_PURPOSE_ANY,	152	.purpose = X509_PURPOSE_ANY,
153	.trust = X509_TRUST_DEFAULT,	153	.trust = X509_TRUST_ACCEPT_ALL,
154	.check_purpose = no_check,	154	.check_purpose = no_check,
155	.name = "Any Purpose",	155	.name = "Any Purpose",
156	.sname = "any",	156	.sname = "any",


diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 78eb29555e..9ba8194ee0 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_trs.c,v 1.56 2024/07/12 15:53:51 beck Exp $ */	1	/* $OpenBSD: x509_trs.c,v 1.57 2024/07/12 18:15:10 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -67,6 +67,23 @@
67	#include "x509_local.h"	67	#include "x509_local.h"
68		68
69	static int	69	static int
		70	trust_if_self_signed(const X509 *x)
		71	{
		72	/* Extensions already cached in X509_check_trust(). */
		73	if ((x->ex_flags & EXFLAG_SS) != 0)
		74	return X509_TRUST_TRUSTED;
		75
		76	return X509_TRUST_UNTRUSTED;
		77	}
		78
		79	static int
		80	trust_was_set(const X509 *x)
		81	{
		82	return x->aux != NULL && (x->aux->trust != NULL \|\|
		83	x->aux->reject != NULL);
		84	}
		85
		86	static int
70	obj_trust(int id, const X509 *x)	87	obj_trust(int id, const X509 *x)
71	{	88	{
72	const X509_CERT_AUX *aux;	89	const X509_CERT_AUX *aux;
@@ -94,33 +111,31 @@ obj_trust(int id, const X509 *x)
94	}	111	}
95		112
96	static int	113	static int
97	trust_if_self_signed(const X509 *x)	114	nid_from_trust_id(int trust_id)
98	{
99	/* Extensions already cached in X509_check_trust(). */
100	if ((x->ex_flags & EXFLAG_SS) != 0)
101	return X509_TRUST_TRUSTED;
102
103	return X509_TRUST_UNTRUSTED;
104	}
105
106	static int
107	trust_1oidany(int nid, const X509 *x)
108	{	115	{
109	/* Inspect the certificate's trust settings if there are any. */	116	OPENSSL_assert(trust_id == 0 \|\|
110	if (x->aux != NULL && (x->aux->trust != NULL \|\| x->aux->reject != NULL))	117	(trust_id >= X509_TRUST_MIN && trust_id <= X509_TRUST_MAX));
111	return obj_trust(nid, x);
112
113	/* For compatibility we return trusted if the cert is self signed. */
114	return trust_if_self_signed(x);
115	}
116		118
117	static int	119	switch (trust_id) {
118	trust_1oid(int nid, const X509 *x)	120	case X509_TRUST_COMPAT:
119	{	121	return NID_undef;
120	if (x->aux != NULL)	122	case X509_TRUST_SSL_CLIENT:
121	return obj_trust(nid, x);	123	return NID_client_auth;
122		124	case X509_TRUST_SSL_SERVER:
123	return X509_TRUST_UNTRUSTED;	125	return NID_server_auth;
		126	case X509_TRUST_EMAIL:
		127	return NID_email_protect;
		128	case X509_TRUST_OBJECT_SIGN:
		129	return NID_code_sign;
		130	case X509_TRUST_OCSP_SIGN:
		131	return NID_OCSP_sign;
		132	case X509_TRUST_OCSP_REQUEST:
		133	return NID_ad_OCSP;
		134	case X509_TRUST_TSA:
		135	return NID_time_stamp;
		136	default:
		137	return NID_undef;
		138	}
124	}	139	}
125		140
126	int	141	int
@@ -128,40 +143,36 @@ X509_check_trust(X509 *x, int trust_id, int flags)
128	{	143	{
129	int rv;	144	int rv;
130		145
131	if (trust_id == -1)
132	return 1;
133
134	/* Call early so the trust handlers don't need to modify the certs. */	146	/* Call early so the trust handlers don't need to modify the certs. */
135	if (!x509v3_cache_extensions(x))	147	if (!x509v3_cache_extensions(x))
136	return X509_TRUST_UNTRUSTED;	148	return X509_TRUST_UNTRUSTED;
137		149
		150	/*
		151	* XXX make X509_TRUST_ACCEPT_ALL a real boy once it does not
		152	* need to have the same -1 value as X509_TRUST_DEFAULT
		153	*/
		154	if (trust_id == X509_TRUST_ACCEPT_ALL)
		155	return 1;
		156
138	switch (trust_id) {	157	switch (trust_id) {
139	case 0: /*
140	* The default behaviour: If the certificate has EKU any, or it
141	* is self-signed, it is trusted. Otherwise it is untrusted.
142	*/
143	rv = obj_trust(NID_anyExtendedKeyUsage, x);
144	if (rv != X509_TRUST_UNTRUSTED)
145	return rv;
146	return trust_if_self_signed(x);
147	case X509_TRUST_COMPAT:	158	case X509_TRUST_COMPAT:
148	return trust_if_self_signed(x);	159	return trust_if_self_signed(x);
149	case X509_TRUST_SSL_CLIENT:
150	return trust_1oidany(NID_client_auth, x);
151	case X509_TRUST_SSL_SERVER:
152	return trust_1oidany(NID_server_auth, x);
153	case X509_TRUST_EMAIL:	160	case X509_TRUST_EMAIL:
154	return trust_1oidany(NID_email_protect, x);
155	case X509_TRUST_OBJECT_SIGN:	161	case X509_TRUST_OBJECT_SIGN:
156	return trust_1oidany(NID_code_sign, x);	162	case X509_TRUST_SSL_SERVER:
		163	case X509_TRUST_SSL_CLIENT:
		164	case X509_TRUST_TSA:
		165	if (trust_was_set(x))
		166	return obj_trust(nid_from_trust_id(trust_id), x);
		167	return trust_if_self_signed(x);
157	case X509_TRUST_OCSP_SIGN:	168	case X509_TRUST_OCSP_SIGN:
158	return trust_1oid(NID_OCSP_sign, x);
159	case X509_TRUST_OCSP_REQUEST:	169	case X509_TRUST_OCSP_REQUEST:
160	return trust_1oid(NID_ad_OCSP, x);	170	return obj_trust(nid_from_trust_id(trust_id), x);
161	case X509_TRUST_TSA:
162	return trust_1oidany(NID_time_stamp, x);
163	default:	171	default:
164	return obj_trust(trust_id, x);	172	rv = obj_trust(NID_anyExtendedKeyUsage, x);
		173	if (rv != X509_TRUST_UNTRUSTED)
		174	return rv;
		175	return trust_if_self_signed(x);
165	}	176	}
166	}	177	}
167	LCRYPTO_ALIAS(X509_check_trust);	178	LCRYPTO_ALIAS(X509_check_trust);