Remove X509_STORE_CTX_purpose_inherit X509_STORE_CTX_purpose_inherit's behavior is even more bizarre than X509_STORE_CTX_set_purpose and X509_STORE_CTX_set_trust. Remove it and reimplement X509_STORE_CTX_set_purpose and X509_STORE_CTX_set_trust's behaviors directly. Change-Id: Icc6a4a84ee8fa38e2fe70a4cfa06e74dee186d29 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65208 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 929d2b3..a6f6215 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c
@@ -1480,62 +1480,40 @@ } int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) { - return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); + // If |purpose| is zero, this function historically silently did nothing. + if (purpose == 0) { + return 1; + } + + int idx = X509_PURPOSE_get_by_id(purpose); + if (idx == -1) { + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); + return 0; + } + + int trust = X509_PURPOSE_get_trust(X509_PURPOSE_get0(idx)); + if (!X509_STORE_CTX_set_trust(ctx, trust)) { + return 0; + } + + if (ctx->param->purpose == 0) { + ctx->param->purpose = purpose; + } + return 1; } int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) { - return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); -} - -// This function is used to set the X509_STORE_CTX purpose and trust values. -// This is intended to be used when another structure has its own trust and -// purpose values which (if set) will be inherited by the ctx. If they aren't -// set then we will usually have a default purpose in mind which should then -// be used to set the trust value. An example of this is SSL use: an SSL -// structure will have its own purpose and trust settings which the -// application can set: if they aren't set then we use the default of SSL -// client/server. - -int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust) { - int idx; - // If purpose not set use default - if (!purpose) { - purpose = def_purpose; - } - // If we have a purpose then check it is valid - if (purpose) { - idx = X509_PURPOSE_get_by_id(purpose); - if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); - return 0; - } - const X509_PURPOSE *ptmp = X509_PURPOSE_get0(idx); - if (ptmp->trust == X509_TRUST_DEFAULT) { - idx = X509_PURPOSE_get_by_id(def_purpose); - if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); - return 0; - } - ptmp = X509_PURPOSE_get0(idx); - } - // If trust not set then get from purpose default - if (!trust) { - trust = ptmp->trust; - } - } - if (trust) { - idx = X509_TRUST_get_by_id(trust); - if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID); - return 0; - } + // If |trust| is zero, this function historically silently did nothing. + if (trust == 0) { + return 1; } - if (purpose && !ctx->param->purpose) { - ctx->param->purpose = purpose; + if (X509_TRUST_get_by_id(trust) == -1) { + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID); + return 0; } - if (trust && !ctx->param->trust) { + + if (ctx->param->trust == 0) { ctx->param->trust = trust; } return 1;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 29a4930..ff18c48 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -4289,12 +4289,6 @@ OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); -// X509_STORE_CTX_purpose_inherit is an internal implementation detail that will -// shortly be removed. -OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, - int def_purpose, int purpose, - int trust); - // X509_STORE_CTX_set_flags enables all values in |flags| in |ctx|'s // verification flags. |flags| should be a combination of |X509_V_FLAG_*| // constants.