From 860b359f53e3ca7a3d433c170a891c3d97880625 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 13 Jan 2024 19:57:38 +0000 Subject: [PATCH] Prepare for removing most of the X509_TRUST API X509_check_trust() is of course used by the verifier. Unfortunately M2Crypto exposes it. The only other part of the X509_TRUST API that are still needed are the X509_TRUST_* macros in x509.h, as they are used via *_set_trust and indirectly via the purpose stuff. The rest will be removed. X509_TRUST_add() was defanged recently, in particular it no longer hangs strdup()'ed strings off the global struct. Nothing ever cleaned these up. TRUST_cleanup() attempted to do so, but since it checked the dynamic/dynamic strings flags in the wrong order, that cleanup call ended up doing nothing, so that code was removed at some point. As a consequence, the struct can now be made const. Use a CTASSERT() to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and X509_TRUST_MIN hold true. Remove the global variable underlying X509_TRUST_set_default()'s functionality and move its accessor down to all the other functions that will be deleted. Inline a few things in X509_check_trust(), so we can excise the internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the default trust function can no longer be changed, call obj_trust() directly. ok jsing --- lib/libcrypto/x509/x509_trs.c | 76 ++++++++++++++++------------------- 1 file changed, 35 insertions(+), 41 deletions(-) diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index efa648c9ebb..a6fc4d61c54 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.39 2024/01/10 21:34:53 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.40 2024/01/13 19:57:38 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,7 @@ #include #include +#include "crypto_internal.h" #include "x509_local.h" static int @@ -129,7 +130,7 @@ trust_1oid(X509_TRUST *trust, X509 *x, int flags) * value to get an index into the table */ -static X509_TRUST trstandard[] = { +static const X509_TRUST trstandard[] = { { .trust = X509_TRUST_COMPAT, .check_trust = trust_compat, @@ -181,27 +182,17 @@ static X509_TRUST trstandard[] = { #define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0])) -static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; +CTASSERT(X509_TRUST_MIN == 1 && X509_TRUST_MAX == X509_TRUST_COUNT); int -(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) -{ - int (*oldtrust)(int , X509 *, int); - - oldtrust = default_trust; - default_trust = trust; - return oldtrust; -} -LCRYPTO_ALIAS(X509_TRUST_set_default); - -int -X509_check_trust(X509 *x, int id, int flags) +X509_check_trust(X509 *x, int trust_id, int flags) { - X509_TRUST *pt; + const X509_TRUST *trust; int idx; - if (id == -1) + if (trust_id == -1) return 1; + /* * XXX beck/jsing This enables self signed certs to be trusted for * an unspecified id/trust flag value (this is NOT the @@ -211,21 +202,36 @@ X509_check_trust(X509 *x, int id, int flags) * This should be revisited, but changing the default "not default" * may break things. */ - if (id == 0) { + if (trust_id == 0) { int rv; rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); if (rv != X509_TRUST_UNTRUSTED) return rv; return trust_compat(NULL, x, 0); } - idx = X509_TRUST_get_by_id(id); - if (idx == -1) - return default_trust(id, x, flags); - pt = X509_TRUST_get0(idx); - return pt->check_trust(pt, x, flags); + + if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) + return obj_trust(trust_id, x, flags); + + idx = trust_id - X509_TRUST_MIN; + trust = &trstandard[idx]; + + return trust->check_trust((X509_TRUST *)trust, x, flags); } LCRYPTO_ALIAS(X509_check_trust); +/* + * Remove all the functions below in the next bump. + */ + +int +(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) +{ + X509error(ERR_R_DISABLED); + return NULL; +} +LCRYPTO_ALIAS(X509_TRUST_set_default); + int X509_TRUST_get_count(void) { @@ -236,36 +242,24 @@ LCRYPTO_ALIAS(X509_TRUST_get_count); X509_TRUST * X509_TRUST_get0(int idx) { - if (idx < 0 || (size_t)idx >= X509_TRUST_COUNT) - return NULL; - - return &trstandard[idx]; + X509error(ERR_R_DISABLED); + return NULL; } LCRYPTO_ALIAS(X509_TRUST_get0); int X509_TRUST_get_by_id(int id) { - /* - * Ensure the trust identifier is between MIN and MAX inclusive. - * If so, translate it into an index into the trstandard[] table. - */ - if (id < X509_TRUST_MIN || id > X509_TRUST_MAX) - return -1; - - return id - X509_TRUST_MIN; + X509error(ERR_R_DISABLED); + return -1; } LCRYPTO_ALIAS(X509_TRUST_get_by_id); int X509_TRUST_set(int *t, int trust) { - if (X509_TRUST_get_by_id(trust) == -1) { - X509error(X509_R_INVALID_TRUST); - return 0; - } - *t = trust; - return 1; + X509error(ERR_R_DISABLED); + return 0; } LCRYPTO_ALIAS(X509_TRUST_set); -- 2.20.1