sync with OpenBSD -current

lib/libcrypto/x509/x509_purp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.34 2024/01/06 17:17:08 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.35 2024/01/07 16:22:46 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -232,7 +232,10 @@ LCRYPTO_ALIAS(X509_PURPOSE_get_by_sname);
 int
 X509_PURPOSE_get_by_id(int purpose)
 {
-	/* X509_PURPOSE_MIN == 1, so the bounds are correct. */
+	/*
+	 * Ensure the purpose identifier is between MIN and MAX inclusive.
+	 * If so, translate it to an index into the xstandard[] table.
+	 */
 	if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX)
 		return -1;
 

lib/libcrypto/x509/x509_trs.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.35 2024/01/08 03:32:01 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -64,9 +64,6 @@
 
 #include "x509_local.h"
 
-static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b);
-static void trtable_free(X509_TRUST *p);
-
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
@@ -131,14 +128,6 @@ static X509_TRUST trstandard[] = {
 
 #define X509_TRUST_COUNT	(sizeof(trstandard) / sizeof(trstandard[0]))
 
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-static int
-tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b)
-{
-	return (*a)->trust - (*b)->trust;
-}
-
 int
 (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
 {
@@ -185,38 +174,31 @@ LCRYPTO_ALIAS(X509_check_trust);
 int
 X509_TRUST_get_count(void)
 {
-	if (!trtable)
-		return X509_TRUST_COUNT;
-	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+	return X509_TRUST_COUNT;
 }
 LCRYPTO_ALIAS(X509_TRUST_get_count);
 
 X509_TRUST *
 X509_TRUST_get0(int idx)
 {
-	if (idx < 0)
+	if (idx < 0 || (size_t)idx >= X509_TRUST_COUNT)
 		return NULL;
-	if (idx < (int)X509_TRUST_COUNT)
-		return trstandard + idx;
-	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+
+	return &trstandard[idx];
 }
 LCRYPTO_ALIAS(X509_TRUST_get0);
 
 int
 X509_TRUST_get_by_id(int id)
 {
-	X509_TRUST tmp;
-	int idx;
+	/*
+	 * Ensure the trust identifier is between MIN and MAX inclusive.
+	 * If so, translate it into an index into the trstandard[] table.
+	 */
+	if (id < X509_TRUST_MIN || id > X509_TRUST_MAX)
+		return -1;
 
-	if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
-		return id - X509_TRUST_MIN;
-	tmp.trust = id;
-	if (!trtable)
-		return -1;
-	idx = sk_X509_TRUST_find(trtable, &tmp);
-	if (idx == -1)
-		return -1;
-	return idx + X509_TRUST_COUNT;
+	return id - X509_TRUST_MIN;
 }
 LCRYPTO_ALIAS(X509_TRUST_get_by_id);
 
@@ -236,85 +218,14 @@ int
 X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
     const char *name, int arg1, void *arg2)
 {
-	int idx;
-	X509_TRUST *trtmp;
-	char *name_dup;
-
-	/* This is set according to what we change: application can't set it */
-	flags &= ~X509_TRUST_DYNAMIC;
-	/* This will always be set for application modified trust entries */
-	flags |= X509_TRUST_DYNAMIC_NAME;
-	/* Get existing entry if any */
-	idx = X509_TRUST_get_by_id(id);
-	/* Need a new entry */
-	if (idx == -1) {
-		if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
-			X509error(ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		trtmp->flags = X509_TRUST_DYNAMIC;
-	} else {
-		trtmp = X509_TRUST_get0(idx);
-		if (trtmp == NULL) {
-			X509error(X509_R_INVALID_TRUST);
-			return 0;
-		}
-	}
-
-	if ((name_dup = strdup(name)) == NULL)
-		goto err;
-
-	/* free existing name if dynamic */
-	if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
-		free(trtmp->name);
-	/* dup supplied name */
-	trtmp->name = name_dup;
-	/* Keep the dynamic flag of existing entry */
-	trtmp->flags &= X509_TRUST_DYNAMIC;
-	/* Set all other flags */
-	trtmp->flags |= flags;
-
-	trtmp->trust = id;
-	trtmp->check_trust = ck;
-	trtmp->arg1 = arg1;
-	trtmp->arg2 = arg2;
-
-	/* If it's a new entry, manage the dynamic table */
-	if (idx == -1) {
-		if (trtable == NULL &&
-		    (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL)
-			goto err;
-		if (sk_X509_TRUST_push(trtable, trtmp) == 0)
-			goto err;
-	}
-	return 1;
-
-err:
-	free(name_dup);
-	if (idx == -1)
-		free(trtmp);
-	X509error(ERR_R_MALLOC_FAILURE);
+	X509error(ERR_R_DISABLED);
 	return 0;
 }
 LCRYPTO_ALIAS(X509_TRUST_add);
 
-static void
-trtable_free(X509_TRUST *p)
-{
-	if (!p)
-		return;
-	if (p->flags & X509_TRUST_DYNAMIC) {
-		if (p->flags & X509_TRUST_DYNAMIC_NAME)
-			free(p->name);
-		free(p);
-	}
-}
-
 void
 X509_TRUST_cleanup(void)
 {
-	sk_X509_TRUST_pop_free(trtable, trtable_free);
-	trtable = NULL;
 }
 LCRYPTO_ALIAS(X509_TRUST_cleanup);
 

lib/libcrypto/x509/x509_vfy.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.135 2023/12/23 00:52:13 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.138 2024/01/09 07:25:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2163,7 +2163,8 @@ X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls);
 
-/* This function is used to set the X509_STORE_CTX purpose and trust
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust
  * values. This is intended to be used when another structure has its
  * own trust and purpose values which (if set) will be inherited by
  * the ctx. If they aren't set then we will usually have a default
@@ -2172,64 +2173,63 @@ LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls);
  * purpose and trust settings which the application can set: if they
  * aren't set then we use the default of SSL client/server.
  */
-
 int
 X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
     int purpose, int trust)
 {
-	int idx;
+	X509error(ERR_R_DISABLED);
+	return 0;
+}
+LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit);
 
-	/* If purpose not set use default */
-	if (!purpose)
-		purpose = def_purpose;
+static int
+x509_vfy_purpose_inherit(X509_STORE_CTX *ctx, int purpose, int trust)
+{
 	/* If we have a purpose then check it is valid */
-	if (purpose) {
-		X509_PURPOSE *ptmp;
-		idx = X509_PURPOSE_get_by_id(purpose);
-		if (idx == -1) {
+	if (purpose != 0) {
+		const X509_PURPOSE *purp;
+		int purpose_idx;
+
+		if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) {
 			X509error(X509_R_UNKNOWN_PURPOSE_ID);
 			return 0;
 		}
-		ptmp = X509_PURPOSE_get0(idx);
-		if (ptmp->trust == X509_TRUST_DEFAULT) {
-			idx = X509_PURPOSE_get_by_id(def_purpose);
-			if (idx == -1) {
-				X509error(X509_R_UNKNOWN_PURPOSE_ID);
-				return 0;
-			}
-			ptmp = X509_PURPOSE_get0(idx);
+		purpose_idx = purpose - X509_PURPOSE_MIN;
+		if ((purp = X509_PURPOSE_get0(purpose_idx)) == NULL) {
+			X509error(X509_R_UNKNOWN_PURPOSE_ID);
+			return 0;
 		}
-		/* If trust not set then get from purpose default */
-		if (!trust)
-			trust = ptmp->trust;
+
+		/* If trust is unset, use the purpose's trust. */
+		if (trust == 0)
+			trust = purp->trust;
 	}
-	if (trust) {
-		idx = X509_TRUST_get_by_id(trust);
-		if (idx == -1) {
+	if (trust != 0) {
+		if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) {
 			X509error(X509_R_UNKNOWN_TRUST_ID);
 			return 0;
 		}
 	}
 
-	if (purpose && !ctx->param->purpose)
+	if (purpose != 0 && ctx->param->purpose == 0)
 		ctx->param->purpose = purpose;
-	if (trust && !ctx->param->trust)
+	if (trust != 0 && ctx->param->trust == 0)
 		ctx->param->trust = trust;
+
 	return 1;
 }
-LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit);
 
 int
 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
 {
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+	return x509_vfy_purpose_inherit(ctx, purpose, 0);
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose);
 
 int
 X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
 {
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+	return x509_vfy_purpose_inherit(ctx, 0, trust);
 }
 LCRYPTO_ALIAS(X509_STORE_CTX_set_trust);
 

lib/libcrypto/x509/x509_vpm.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vpm.c,v 1.41 2023/12/14 12:02:10 tb Exp $ */
+/* $OpenBSD: x509_vpm.c,v 1.42 2024/01/08 09:51:09 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
@@ -61,6 +61,7 @@
 
 #include <openssl/buffer.h>
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 #include <openssl/lhash.h>
 #include <openssl/stack.h>
 #include <openssl/x509.h>
@@ -408,14 +409,26 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_flags);
 int
 X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
 {
-	return X509_PURPOSE_set(&param->purpose, purpose);
+	if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) {
+		X509V3error(X509V3_R_INVALID_PURPOSE);
+		return 0;
+	}
+
+	param->purpose = purpose;
+	return 1;
 }
 LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_purpose);
 
 int
 X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
 {
-	return X509_TRUST_set(&param->trust, trust);
+	if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) {
+		X509error(X509_R_INVALID_TRUST);
+		return 0;
+	}
+
+	param->trust = trust;
+	return 1;
 }
 LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_trust);