Remove X509_STORE_set_get_issuer
This is unused. Removing it removes a codepath where callers may
inadvertently break internal invariants of the verifier.
It also removes an attractive nuisance: pyca/cryptograpy at one point
intended to use this callback for AIA fetching. They are lucky they
never did because that would have been a security bug. Certificates
returned by this callback are "trusted" which means, if they satisfy the
X509_TRUST criteria (e.g. are self-signed), they would become trust
anchors!
Also remove the getters for the callbacks, as no one is using them. Not
much good can be done by extracting callbacks. Either it is your
X509_STORE, in which case you know your own callbacks, or it is someone
else's, in which case it probably depends on some application-specific
state that you don't know about.
Update-Note: Removed a handful of unused functions.
Change-Id: Ic95db40186a9107e2a3f44028aa28a335653c25a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64987
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index cc40ee5..bb256e5 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -342,13 +342,14 @@
// Callbacks for various operations
X509_STORE_CTX_verify_cb verify_cb; // error callback
- X509_STORE_CTX_get_issuer_fn get_issuer; // get issuers cert from ctx
X509_STORE_CTX_get_crl_fn get_crl; // retrieve CRL
X509_STORE_CTX_check_crl_fn check_crl; // Check CRL validity
CRYPTO_refcount_t references;
} /* X509_STORE */;
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
+ X509 *x);
// This is the functions plus an instance of the local variables.
struct x509_lookup_st {
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 7139ace..1c10891 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -581,35 +581,14 @@
ctx->verify_cb = verify_cb;
}
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx) {
- return ctx->verify_cb;
-}
-
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
- X509_STORE_CTX_get_issuer_fn get_issuer) {
- ctx->get_issuer = get_issuer;
-}
-
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx) {
- return ctx->get_issuer;
-}
-
void X509_STORE_set_get_crl(X509_STORE *ctx,
X509_STORE_CTX_get_crl_fn get_crl) {
ctx->get_crl = get_crl;
}
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx) {
- return ctx->get_crl;
-}
-
void X509_STORE_set_check_crl(X509_STORE *ctx,
X509_STORE_CTX_check_crl_fn check_crl) {
ctx->check_crl = check_crl;
}
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx) {
- return ctx->check_crl;
-}
-
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) { return ctx->ctx; }
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 9b01388..68effaf 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1668,11 +1668,9 @@
goto err;
}
- if (store->get_issuer) {
- ctx->get_issuer = store->get_issuer;
- } else {
- ctx->get_issuer = X509_STORE_CTX_get1_issuer;
- }
+ // TODO(davidben): Remove this pointer. It only exists to be overwritten by
+ // X509_STORE_CTX_set0_trusted_stack.
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
if (store->verify_cb) {
ctx->verify_cb = store->verify_cb;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index b3a988b..ba4d6a2 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -3524,8 +3524,6 @@
DEFINE_STACK_OF(X509_OBJECT)
typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
-typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
- X509 *x);
typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl,
X509 *x);
typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
@@ -3764,20 +3762,10 @@
X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb);
#define X509_STORE_set_verify_cb_func(ctx, func) \
X509_STORE_set_verify_cb((ctx), (func))
-OPENSSL_EXPORT X509_STORE_CTX_verify_cb
-X509_STORE_get_verify_cb(X509_STORE *ctx);
-OPENSSL_EXPORT void X509_STORE_set_get_issuer(
- X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer);
-OPENSSL_EXPORT X509_STORE_CTX_get_issuer_fn
-X509_STORE_get_get_issuer(X509_STORE *ctx);
OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx,
X509_STORE_CTX_get_crl_fn get_crl);
-OPENSSL_EXPORT X509_STORE_CTX_get_crl_fn
-X509_STORE_get_get_crl(X509_STORE *ctx);
OPENSSL_EXPORT void X509_STORE_set_check_crl(
X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl);
-OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn
-X509_STORE_get_check_crl(X509_STORE *ctx);
// X509_STORE_CTX_new returns a newly-allocated, empty |X509_STORE_CTX|, or NULL
// on error.
