1 /* $OpenBSD: x509_vfy.c,v 1.72 2019/03/06 05:06:58 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <errno.h> 60 #include <stdio.h> 61 #include <string.h> 62 #include <time.h> 63 #include <unistd.h> 64 65 #include <openssl/opensslconf.h> 66 67 #include <openssl/asn1.h> 68 #include <openssl/buffer.h> 69 #include <openssl/crypto.h> 70 #include <openssl/err.h> 71 #include <openssl/evp.h> 72 #include <openssl/lhash.h> 73 #include <openssl/objects.h> 74 #include <openssl/x509.h> 75 #include <openssl/x509v3.h> 76 #include "asn1_locl.h" 77 #include "vpm_int.h" 78 #include "x509_lcl.h" 79 80 /* CRL score values */ 81 82 /* No unhandled critical extensions */ 83 84 #define CRL_SCORE_NOCRITICAL 0x100 85 86 /* certificate is within CRL scope */ 87 88 #define CRL_SCORE_SCOPE 0x080 89 90 /* CRL times valid */ 91 92 #define CRL_SCORE_TIME 0x040 93 94 /* Issuer name matches certificate */ 95 96 #define CRL_SCORE_ISSUER_NAME 0x020 97 98 /* If this score or above CRL is probably valid */ 99 100 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 101 102 /* CRL issuer is certificate issuer */ 103 104 #define CRL_SCORE_ISSUER_CERT 0x018 105 106 /* CRL issuer is on certificate path */ 107 108 #define CRL_SCORE_SAME_PATH 0x008 109 110 /* CRL issuer matches CRL AKID */ 111 112 #define CRL_SCORE_AKID 0x004 113 114 /* Have a delta CRL with valid times */ 115 116 #define CRL_SCORE_TIME_DELTA 0x002 117 118 static int null_callback(int ok, X509_STORE_CTX *e); 119 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 120 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); 121 static int check_chain_extensions(X509_STORE_CTX *ctx); 122 static int check_name_constraints(X509_STORE_CTX *ctx); 123 static int check_trust(X509_STORE_CTX *ctx); 124 static int check_revocation(X509_STORE_CTX *ctx); 125 static int check_cert(X509_STORE_CTX *ctx); 126 static int check_policy(X509_STORE_CTX *ctx); 127 128 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 129 unsigned int *preasons, X509_CRL *crl, X509 *x); 130 static int get_crl_delta(X509_STORE_CTX *ctx, 131 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 132 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, 133 X509_CRL *base, STACK_OF(X509_CRL) *crls); 134 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 135 int *pcrl_score); 136 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 137 unsigned int *preasons); 138 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 139 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 140 STACK_OF(X509) *crl_path); 141 static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, 142 int clamp_notafter); 143 144 static int internal_verify(X509_STORE_CTX *ctx); 145 146 int ASN1_time_tm_clamp_notafter(struct tm *tm); 147 148 static int 149 null_callback(int ok, X509_STORE_CTX *e) 150 { 151 return ok; 152 } 153 154 #if 0 155 static int 156 x509_subject_cmp(X509 **a, X509 **b) 157 { 158 return X509_subject_name_cmp(*a, *b); 159 } 160 #endif 161 162 /* Return 1 if a certificate is self signed */ 163 static int 164 cert_self_signed(X509 *x) 165 { 166 X509_check_purpose(x, -1, 0); 167 if (x->ex_flags & EXFLAG_SS) 168 return 1; 169 else 170 return 0; 171 } 172 173 static int 174 check_id_error(X509_STORE_CTX *ctx, int errcode) 175 { 176 ctx->error = errcode; 177 ctx->current_cert = ctx->cert; 178 ctx->error_depth = 0; 179 return ctx->verify_cb(0, ctx); 180 } 181 182 static int 183 check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 184 { 185 size_t i, n; 186 char *name; 187 188 n = sk_OPENSSL_STRING_num(id->hosts); 189 free(id->peername); 190 id->peername = NULL; 191 192 for (i = 0; i < n; ++i) { 193 name = sk_OPENSSL_STRING_value(id->hosts, i); 194 if (X509_check_host(x, name, strlen(name), id->hostflags, 195 &id->peername) > 0) 196 return 1; 197 } 198 return n == 0; 199 } 200 201 static int 202 check_id(X509_STORE_CTX *ctx) 203 { 204 X509_VERIFY_PARAM *vpm = ctx->param; 205 X509_VERIFY_PARAM_ID *id = vpm->id; 206 X509 *x = ctx->cert; 207 208 if (id->hosts && check_hosts(x, id) <= 0) { 209 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 210 return 0; 211 } 212 if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0) 213 <= 0) { 214 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 215 return 0; 216 } 217 if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { 218 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 219 return 0; 220 } 221 return 1; 222 } 223 224 int 225 X509_verify_cert(X509_STORE_CTX *ctx) 226 { 227 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 228 int bad_chain = 0; 229 X509_VERIFY_PARAM *param = ctx->param; 230 int depth, i, ok = 0; 231 int num, j, retry, trust; 232 int (*cb) (int xok, X509_STORE_CTX *xctx); 233 STACK_OF(X509) *sktmp = NULL; 234 235 if (ctx->cert == NULL) { 236 X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 237 ctx->error = X509_V_ERR_INVALID_CALL; 238 return -1; 239 } 240 if (ctx->chain != NULL) { 241 /* 242 * This X509_STORE_CTX has already been used to verify 243 * a cert. We cannot do another one. 244 */ 245 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 246 ctx->error = X509_V_ERR_INVALID_CALL; 247 return -1; 248 } 249 if (ctx->param->id->poisoned) { 250 /* 251 * This X509_STORE_CTX had failures setting 252 * up verify parameters. We can not use it. 253 */ 254 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 255 ctx->error = X509_V_ERR_INVALID_CALL; 256 return -1; 257 } 258 if (ctx->error != X509_V_ERR_INVALID_CALL) { 259 /* 260 * This X509_STORE_CTX has not been properly initialized. 261 */ 262 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 263 ctx->error = X509_V_ERR_INVALID_CALL; 264 return -1; 265 } 266 ctx->error = X509_V_OK; /* Initialize to OK */ 267 268 cb = ctx->verify_cb; 269 270 /* 271 * First we make sure the chain we are going to build is 272 * present and that the first entry is in place. 273 */ 274 ctx->chain = sk_X509_new_null(); 275 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { 276 X509error(ERR_R_MALLOC_FAILURE); 277 ctx->error = X509_V_ERR_OUT_OF_MEM; 278 goto end; 279 } 280 X509_up_ref(ctx->cert); 281 ctx->last_untrusted = 1; 282 283 /* We use a temporary STACK so we can chop and hack at it */ 284 if (ctx->untrusted != NULL && 285 (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 286 X509error(ERR_R_MALLOC_FAILURE); 287 ctx->error = X509_V_ERR_OUT_OF_MEM; 288 goto end; 289 } 290 291 num = sk_X509_num(ctx->chain); 292 x = sk_X509_value(ctx->chain, num - 1); 293 depth = param->depth; 294 295 for (;;) { 296 /* If we have enough, we break */ 297 /* FIXME: If this happens, we should take 298 * note of it and, if appropriate, use the 299 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 300 * later. 301 */ 302 if (depth < num) 303 break; 304 /* If we are self signed, we break */ 305 if (cert_self_signed(x)) 306 break; 307 /* 308 * If asked see if we can find issuer in trusted store first 309 */ 310 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 311 ok = ctx->get_issuer(&xtmp, ctx, x); 312 if (ok < 0) { 313 ctx->error = X509_V_ERR_STORE_LOOKUP; 314 goto end; 315 } 316 /* 317 * If successful for now free up cert so it 318 * will be picked up again later. 319 */ 320 if (ok > 0) { 321 X509_free(xtmp); 322 break; 323 } 324 } 325 /* If we were passed a cert chain, use it first */ 326 if (ctx->untrusted != NULL) { 327 xtmp = find_issuer(ctx, sktmp, x); 328 if (xtmp != NULL) { 329 if (!sk_X509_push(ctx->chain, xtmp)) { 330 X509error(ERR_R_MALLOC_FAILURE); 331 ctx->error = X509_V_ERR_OUT_OF_MEM; 332 ok = 0; 333 goto end; 334 } 335 X509_up_ref(xtmp); 336 (void)sk_X509_delete_ptr(sktmp, xtmp); 337 ctx->last_untrusted++; 338 x = xtmp; 339 num++; 340 /* 341 * reparse the full chain for the next one 342 */ 343 continue; 344 } 345 } 346 break; 347 } 348 /* Remember how many untrusted certs we have */ 349 j = num; 350 351 /* 352 * At this point, chain should contain a list of untrusted 353 * certificates. We now need to add at least one trusted one, 354 * if possible, otherwise we complain. 355 */ 356 357 do { 358 /* 359 * Examine last certificate in chain and see if it is 360 * self signed. 361 */ 362 i = sk_X509_num(ctx->chain); 363 x = sk_X509_value(ctx->chain, i - 1); 364 if (cert_self_signed(x)) { 365 /* we have a self signed certificate */ 366 if (i == 1) { 367 /* 368 * We have a single self signed 369 * certificate: see if we can find it 370 * in the store. We must have an exact 371 * match to avoid possible 372 * impersonation. 373 */ 374 ok = ctx->get_issuer(&xtmp, ctx, x); 375 if ((ok <= 0) || X509_cmp(x, xtmp)) { 376 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 377 ctx->current_cert = x; 378 ctx->error_depth = i - 1; 379 if (ok == 1) 380 X509_free(xtmp); 381 bad_chain = 1; 382 ok = cb(0, ctx); 383 if (!ok) 384 goto end; 385 } else { 386 /* 387 * We have a match: replace 388 * certificate with store 389 * version so we get any trust 390 * settings. 391 */ 392 X509_free(x); 393 x = xtmp; 394 (void)sk_X509_set(ctx->chain, i - 1, x); 395 ctx->last_untrusted = 0; 396 } 397 } else { 398 /* 399 * extract and save self signed 400 * certificate for later use 401 */ 402 chain_ss = sk_X509_pop(ctx->chain); 403 ctx->last_untrusted--; 404 num--; 405 j--; 406 x = sk_X509_value(ctx->chain, num - 1); 407 } 408 } 409 /* We now lookup certs from the certificate store */ 410 for (;;) { 411 /* If we have enough, we break */ 412 if (depth < num) 413 break; 414 /* If we are self signed, we break */ 415 if (cert_self_signed(x)) 416 break; 417 ok = ctx->get_issuer(&xtmp, ctx, x); 418 419 if (ok < 0) { 420 ctx->error = X509_V_ERR_STORE_LOOKUP; 421 goto end; 422 } 423 if (ok == 0) 424 break; 425 x = xtmp; 426 if (!sk_X509_push(ctx->chain, x)) { 427 X509_free(xtmp); 428 X509error(ERR_R_MALLOC_FAILURE); 429 ctx->error = X509_V_ERR_OUT_OF_MEM; 430 ok = 0; 431 goto end; 432 } 433 num++; 434 } 435 436 /* we now have our chain, lets check it... */ 437 trust = check_trust(ctx); 438 439 /* If explicitly rejected error */ 440 if (trust == X509_TRUST_REJECTED) { 441 ok = 0; 442 goto end; 443 } 444 /* 445 * If it's not explicitly trusted then check if there 446 * is an alternative chain that could be used. We only 447 * do this if we haven't already checked via 448 * TRUSTED_FIRST and the user hasn't switched off 449 * alternate chain checking 450 */ 451 retry = 0; 452 if (trust != X509_TRUST_TRUSTED && 453 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && 454 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 455 while (j-- > 1) { 456 xtmp2 = sk_X509_value(ctx->chain, j - 1); 457 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 458 if (ok < 0) 459 goto end; 460 /* Check if we found an alternate chain */ 461 if (ok > 0) { 462 /* 463 * Free up the found cert 464 * we'll add it again later 465 */ 466 X509_free(xtmp); 467 /* 468 * Dump all the certs above 469 * this point - we've found an 470 * alternate chain 471 */ 472 while (num > j) { 473 xtmp = sk_X509_pop(ctx->chain); 474 X509_free(xtmp); 475 num--; 476 } 477 ctx->last_untrusted = sk_X509_num(ctx->chain); 478 retry = 1; 479 break; 480 } 481 } 482 } 483 } while (retry); 484 485 /* 486 * If not explicitly trusted then indicate error unless it's a single 487 * self signed certificate in which case we've indicated an error already 488 * and set bad_chain == 1 489 */ 490 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 491 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 492 if (ctx->last_untrusted >= num) 493 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 494 else 495 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 496 ctx->current_cert = x; 497 } else { 498 if (!sk_X509_push(ctx->chain, chain_ss)) { 499 X509error(ERR_R_MALLOC_FAILURE); 500 ctx->error = X509_V_ERR_OUT_OF_MEM; 501 ok = 0; 502 goto end; 503 } 504 num++; 505 ctx->last_untrusted = num; 506 ctx->current_cert = chain_ss; 507 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 508 chain_ss = NULL; 509 } 510 511 ctx->error_depth = num - 1; 512 bad_chain = 1; 513 ok = cb(0, ctx); 514 if (!ok) 515 goto end; 516 } 517 518 /* We have the chain complete: now we need to check its purpose */ 519 ok = check_chain_extensions(ctx); 520 if (!ok) 521 goto end; 522 523 /* Check name constraints */ 524 ok = check_name_constraints(ctx); 525 if (!ok) 526 goto end; 527 528 ok = check_id(ctx); 529 if (!ok) 530 goto end; 531 /* 532 * Check revocation status: we do this after copying parameters because 533 * they may be needed for CRL signature verification. 534 */ 535 ok = ctx->check_revocation(ctx); 536 if (!ok) 537 goto end; 538 539 /* At this point, we have a chain and need to verify it */ 540 if (ctx->verify != NULL) 541 ok = ctx->verify(ctx); 542 else 543 ok = internal_verify(ctx); 544 if (!ok) 545 goto end; 546 547 /* If we get this far evaluate policies */ 548 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 549 ok = ctx->check_policy(ctx); 550 551 end: 552 sk_X509_free(sktmp); 553 X509_free(chain_ss); 554 555 /* Safety net, error returns must set ctx->error */ 556 if (ok <= 0 && ctx->error == X509_V_OK) 557 ctx->error = X509_V_ERR_UNSPECIFIED; 558 return ok; 559 } 560 561 /* Given a STACK_OF(X509) find the issuer of cert (if any) 562 */ 563 564 static X509 * 565 find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) 566 { 567 int i; 568 X509 *issuer, *rv = NULL; 569 570 for (i = 0; i < sk_X509_num(sk); i++) { 571 issuer = sk_X509_value(sk, i); 572 if (ctx->check_issued(ctx, x, issuer)) { 573 rv = issuer; 574 if (x509_check_cert_time(ctx, rv, -1)) 575 break; 576 } 577 } 578 return rv; 579 } 580 581 /* Given a possible certificate and issuer check them */ 582 583 static int 584 check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 585 { 586 int ret; 587 588 ret = X509_check_issued(issuer, x); 589 if (ret == X509_V_OK) 590 return 1; 591 /* If we haven't asked for issuer errors don't set ctx */ 592 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 593 return 0; 594 595 ctx->error = ret; 596 ctx->current_cert = x; 597 ctx->current_issuer = issuer; 598 return ctx->verify_cb(0, ctx); 599 } 600 601 /* Alternative lookup method: look from a STACK stored in other_ctx */ 602 603 static int 604 get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 605 { 606 *issuer = find_issuer(ctx, ctx->other_ctx, x); 607 if (*issuer) { 608 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 609 return 1; 610 } else 611 return 0; 612 } 613 614 /* Check a certificate chains extensions for consistency 615 * with the supplied purpose 616 */ 617 618 static int 619 check_chain_extensions(X509_STORE_CTX *ctx) 620 { 621 #ifdef OPENSSL_NO_CHAIN_VERIFY 622 return 1; 623 #else 624 int i, ok = 0, must_be_ca, plen = 0; 625 X509 *x; 626 int (*cb)(int xok, X509_STORE_CTX *xctx); 627 int proxy_path_length = 0; 628 int purpose; 629 int allow_proxy_certs; 630 631 cb = ctx->verify_cb; 632 633 /* must_be_ca can have 1 of 3 values: 634 -1: we accept both CA and non-CA certificates, to allow direct 635 use of self-signed certificates (which are marked as CA). 636 0: we only accept non-CA certificates. This is currently not 637 used, but the possibility is present for future extensions. 638 1: we only accept CA certificates. This is currently used for 639 all certificates in the chain except the leaf certificate. 640 */ 641 must_be_ca = -1; 642 643 /* CRL path validation */ 644 if (ctx->parent) { 645 allow_proxy_certs = 0; 646 purpose = X509_PURPOSE_CRL_SIGN; 647 } else { 648 allow_proxy_certs = 649 !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 650 purpose = ctx->param->purpose; 651 } 652 653 /* Check all untrusted certificates */ 654 for (i = 0; i < ctx->last_untrusted; i++) { 655 int ret; 656 x = sk_X509_value(ctx->chain, i); 657 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 658 (x->ex_flags & EXFLAG_CRITICAL)) { 659 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 660 ctx->error_depth = i; 661 ctx->current_cert = x; 662 ok = cb(0, ctx); 663 if (!ok) 664 goto end; 665 } 666 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { 667 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 668 ctx->error_depth = i; 669 ctx->current_cert = x; 670 ok = cb(0, ctx); 671 if (!ok) 672 goto end; 673 } 674 ret = X509_check_ca(x); 675 switch (must_be_ca) { 676 case -1: 677 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 678 (ret != 1) && (ret != 0)) { 679 ret = 0; 680 ctx->error = X509_V_ERR_INVALID_CA; 681 } else 682 ret = 1; 683 break; 684 case 0: 685 if (ret != 0) { 686 ret = 0; 687 ctx->error = X509_V_ERR_INVALID_NON_CA; 688 } else 689 ret = 1; 690 break; 691 default: 692 if ((ret == 0) || 693 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 694 (ret != 1))) { 695 ret = 0; 696 ctx->error = X509_V_ERR_INVALID_CA; 697 } else 698 ret = 1; 699 break; 700 } 701 if (ret == 0) { 702 ctx->error_depth = i; 703 ctx->current_cert = x; 704 ok = cb(0, ctx); 705 if (!ok) 706 goto end; 707 } 708 if (ctx->param->purpose > 0) { 709 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 710 if ((ret == 0) || 711 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 712 (ret != 1))) { 713 ctx->error = X509_V_ERR_INVALID_PURPOSE; 714 ctx->error_depth = i; 715 ctx->current_cert = x; 716 ok = cb(0, ctx); 717 if (!ok) 718 goto end; 719 } 720 } 721 /* Check pathlen if not self issued */ 722 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) && 723 (x->ex_pathlen != -1) && 724 (plen > (x->ex_pathlen + proxy_path_length + 1))) { 725 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 726 ctx->error_depth = i; 727 ctx->current_cert = x; 728 ok = cb(0, ctx); 729 if (!ok) 730 goto end; 731 } 732 /* Increment path length if not self issued */ 733 if (!(x->ex_flags & EXFLAG_SI)) 734 plen++; 735 /* If this certificate is a proxy certificate, the next 736 certificate must be another proxy certificate or a EE 737 certificate. If not, the next certificate must be a 738 CA certificate. */ 739 if (x->ex_flags & EXFLAG_PROXY) { 740 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { 741 ctx->error = 742 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 743 ctx->error_depth = i; 744 ctx->current_cert = x; 745 ok = cb(0, ctx); 746 if (!ok) 747 goto end; 748 } 749 proxy_path_length++; 750 must_be_ca = 0; 751 } else 752 must_be_ca = 1; 753 } 754 ok = 1; 755 756 end: 757 return ok; 758 #endif 759 } 760 761 static int 762 check_name_constraints(X509_STORE_CTX *ctx) 763 { 764 X509 *x; 765 int i, j, rv; 766 767 /* Check name constraints for all certificates */ 768 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { 769 x = sk_X509_value(ctx->chain, i); 770 /* Ignore self issued certs unless last in chain */ 771 if (i && (x->ex_flags & EXFLAG_SI)) 772 continue; 773 /* Check against constraints for all certificates higher in 774 * chain including trust anchor. Trust anchor not strictly 775 * speaking needed but if it includes constraints it is to be 776 * assumed it expects them to be obeyed. 777 */ 778 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { 779 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; 780 if (nc) { 781 rv = NAME_CONSTRAINTS_check(x, nc); 782 if (rv != X509_V_OK) { 783 ctx->error = rv; 784 ctx->error_depth = i; 785 ctx->current_cert = x; 786 if (!ctx->verify_cb(0, ctx)) 787 return 0; 788 } 789 } 790 } 791 } 792 return 1; 793 } 794 795 /* Given a certificate try and find an exact match in the store */ 796 797 static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 798 { 799 STACK_OF(X509) *certs; 800 X509 *xtmp = NULL; 801 size_t i; 802 803 /* Lookup all certs with matching subject name */ 804 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 805 if (certs == NULL) 806 return NULL; 807 808 /* Look for exact match */ 809 for (i = 0; i < sk_X509_num(certs); i++) { 810 xtmp = sk_X509_value(certs, i); 811 if (!X509_cmp(xtmp, x)) 812 break; 813 } 814 815 if (i < sk_X509_num(certs)) 816 X509_up_ref(xtmp); 817 else 818 xtmp = NULL; 819 820 sk_X509_pop_free(certs, X509_free); 821 return xtmp; 822 } 823 824 static int check_trust(X509_STORE_CTX *ctx) 825 { 826 size_t i; 827 int ok; 828 X509 *x = NULL; 829 int (*cb) (int xok, X509_STORE_CTX *xctx); 830 831 cb = ctx->verify_cb; 832 /* Check all trusted certificates in chain */ 833 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { 834 x = sk_X509_value(ctx->chain, i); 835 ok = X509_check_trust(x, ctx->param->trust, 0); 836 837 /* If explicitly trusted return trusted */ 838 if (ok == X509_TRUST_TRUSTED) 839 return X509_TRUST_TRUSTED; 840 /* 841 * If explicitly rejected notify callback and reject if not 842 * overridden. 843 */ 844 if (ok == X509_TRUST_REJECTED) { 845 ctx->error_depth = i; 846 ctx->current_cert = x; 847 ctx->error = X509_V_ERR_CERT_REJECTED; 848 ok = cb(0, ctx); 849 if (!ok) 850 return X509_TRUST_REJECTED; 851 } 852 } 853 /* 854 * If we accept partial chains and have at least one trusted certificate 855 * return success. 856 */ 857 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 858 X509 *mx; 859 if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) 860 return X509_TRUST_TRUSTED; 861 x = sk_X509_value(ctx->chain, 0); 862 mx = lookup_cert_match(ctx, x); 863 if (mx) { 864 (void)sk_X509_set(ctx->chain, 0, mx); 865 X509_free(x); 866 ctx->last_untrusted = 0; 867 return X509_TRUST_TRUSTED; 868 } 869 } 870 871 /* 872 * If no trusted certs in chain at all return untrusted and allow 873 * standard (no issuer cert) etc errors to be indicated. 874 */ 875 return X509_TRUST_UNTRUSTED; 876 } 877 878 static int 879 check_revocation(X509_STORE_CTX *ctx) 880 { 881 int i, last, ok; 882 883 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 884 return 1; 885 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 886 last = sk_X509_num(ctx->chain) - 1; 887 else { 888 /* If checking CRL paths this isn't the EE certificate */ 889 if (ctx->parent) 890 return 1; 891 last = 0; 892 } 893 for (i = 0; i <= last; i++) { 894 ctx->error_depth = i; 895 ok = check_cert(ctx); 896 if (!ok) 897 return ok; 898 } 899 return 1; 900 } 901 902 static int 903 check_cert(X509_STORE_CTX *ctx) 904 { 905 X509_CRL *crl = NULL, *dcrl = NULL; 906 X509 *x; 907 int ok = 0, cnum; 908 unsigned int last_reasons; 909 910 cnum = ctx->error_depth; 911 x = sk_X509_value(ctx->chain, cnum); 912 ctx->current_cert = x; 913 ctx->current_issuer = NULL; 914 ctx->current_crl_score = 0; 915 ctx->current_reasons = 0; 916 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 917 last_reasons = ctx->current_reasons; 918 /* Try to retrieve relevant CRL */ 919 if (ctx->get_crl) 920 ok = ctx->get_crl(ctx, &crl, x); 921 else 922 ok = get_crl_delta(ctx, &crl, &dcrl, x); 923 /* If error looking up CRL, nothing we can do except 924 * notify callback 925 */ 926 if (!ok) { 927 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 928 ok = ctx->verify_cb(0, ctx); 929 goto err; 930 } 931 ctx->current_crl = crl; 932 ok = ctx->check_crl(ctx, crl); 933 if (!ok) 934 goto err; 935 936 if (dcrl) { 937 ok = ctx->check_crl(ctx, dcrl); 938 if (!ok) 939 goto err; 940 ok = ctx->cert_crl(ctx, dcrl, x); 941 if (!ok) 942 goto err; 943 } else 944 ok = 1; 945 946 /* Don't look in full CRL if delta reason is removefromCRL */ 947 if (ok != 2) { 948 ok = ctx->cert_crl(ctx, crl, x); 949 if (!ok) 950 goto err; 951 } 952 953 ctx->current_crl = NULL; 954 X509_CRL_free(crl); 955 X509_CRL_free(dcrl); 956 crl = NULL; 957 dcrl = NULL; 958 /* If reasons not updated we wont get anywhere by 959 * another iteration, so exit loop. 960 */ 961 if (last_reasons == ctx->current_reasons) { 962 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 963 ok = ctx->verify_cb(0, ctx); 964 goto err; 965 } 966 } 967 968 err: 969 ctx->current_crl = NULL; 970 X509_CRL_free(crl); 971 X509_CRL_free(dcrl); 972 return ok; 973 } 974 975 /* Check CRL times against values in X509_STORE_CTX */ 976 977 static int 978 check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 979 { 980 time_t *ptime = NULL; 981 int i; 982 983 if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 984 return (1); 985 986 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 987 ptime = &ctx->param->check_time; 988 989 if (notify) 990 ctx->current_crl = crl; 991 992 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 993 if (i == 0) { 994 if (!notify) 995 return 0; 996 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 997 if (!ctx->verify_cb(0, ctx)) 998 return 0; 999 } 1000 1001 if (i > 0) { 1002 if (!notify) 1003 return 0; 1004 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 1005 if (!ctx->verify_cb(0, ctx)) 1006 return 0; 1007 } 1008 1009 if (X509_CRL_get_nextUpdate(crl)) { 1010 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 1011 1012 if (i == 0) { 1013 if (!notify) 1014 return 0; 1015 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 1016 if (!ctx->verify_cb(0, ctx)) 1017 return 0; 1018 } 1019 /* Ignore expiry of base CRL is delta is valid */ 1020 if ((i < 0) && 1021 !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 1022 if (!notify) 1023 return 0; 1024 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 1025 if (!ctx->verify_cb(0, ctx)) 1026 return 0; 1027 } 1028 } 1029 1030 if (notify) 1031 ctx->current_crl = NULL; 1032 1033 return 1; 1034 } 1035 1036 static int 1037 get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 1038 X509 **pissuer, int *pscore, unsigned int *preasons, 1039 STACK_OF(X509_CRL) *crls) 1040 { 1041 int i, crl_score, best_score = *pscore; 1042 unsigned int reasons, best_reasons = 0; 1043 X509 *x = ctx->current_cert; 1044 X509_CRL *crl, *best_crl = NULL; 1045 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 1046 1047 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1048 crl = sk_X509_CRL_value(crls, i); 1049 reasons = *preasons; 1050 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 1051 1052 if (crl_score > best_score) { 1053 best_crl = crl; 1054 best_crl_issuer = crl_issuer; 1055 best_score = crl_score; 1056 best_reasons = reasons; 1057 } 1058 } 1059 1060 if (best_crl) { 1061 if (*pcrl) 1062 X509_CRL_free(*pcrl); 1063 *pcrl = best_crl; 1064 *pissuer = best_crl_issuer; 1065 *pscore = best_score; 1066 *preasons = best_reasons; 1067 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); 1068 if (*pdcrl) { 1069 X509_CRL_free(*pdcrl); 1070 *pdcrl = NULL; 1071 } 1072 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1073 } 1074 1075 if (best_score >= CRL_SCORE_VALID) 1076 return 1; 1077 1078 return 0; 1079 } 1080 1081 /* Compare two CRL extensions for delta checking purposes. They should be 1082 * both present or both absent. If both present all fields must be identical. 1083 */ 1084 1085 static int 1086 crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1087 { 1088 ASN1_OCTET_STRING *exta, *extb; 1089 int i; 1090 1091 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1092 if (i >= 0) { 1093 /* Can't have multiple occurrences */ 1094 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1095 return 0; 1096 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1097 } else 1098 exta = NULL; 1099 1100 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1101 1102 if (i >= 0) { 1103 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1104 return 0; 1105 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1106 } else 1107 extb = NULL; 1108 1109 if (!exta && !extb) 1110 return 1; 1111 1112 if (!exta || !extb) 1113 return 0; 1114 1115 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1116 return 0; 1117 1118 return 1; 1119 } 1120 1121 /* See if a base and delta are compatible */ 1122 1123 static int 1124 check_delta_base(X509_CRL *delta, X509_CRL *base) 1125 { 1126 /* Delta CRL must be a delta */ 1127 if (!delta->base_crl_number) 1128 return 0; 1129 /* Base must have a CRL number */ 1130 if (!base->crl_number) 1131 return 0; 1132 /* Issuer names must match */ 1133 if (X509_NAME_cmp(X509_CRL_get_issuer(base), 1134 X509_CRL_get_issuer(delta))) 1135 return 0; 1136 /* AKID and IDP must match */ 1137 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1138 return 0; 1139 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1140 return 0; 1141 /* Delta CRL base number must not exceed Full CRL number. */ 1142 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1143 return 0; 1144 /* Delta CRL number must exceed full CRL number */ 1145 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1146 return 1; 1147 return 0; 1148 } 1149 1150 /* For a given base CRL find a delta... maybe extend to delta scoring 1151 * or retrieve a chain of deltas... 1152 */ 1153 1154 static void 1155 get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base, 1156 STACK_OF(X509_CRL) *crls) 1157 { 1158 X509_CRL *delta; 1159 int i; 1160 1161 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1162 return; 1163 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1164 return; 1165 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1166 delta = sk_X509_CRL_value(crls, i); 1167 if (check_delta_base(delta, base)) { 1168 if (check_crl_time(ctx, delta, 0)) 1169 *pscore |= CRL_SCORE_TIME_DELTA; 1170 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); 1171 *dcrl = delta; 1172 return; 1173 } 1174 } 1175 *dcrl = NULL; 1176 } 1177 1178 /* For a given CRL return how suitable it is for the supplied certificate 'x'. 1179 * The return value is a mask of several criteria. 1180 * If the issuer is not the certificate issuer this is returned in *pissuer. 1181 * The reasons mask is also used to determine if the CRL is suitable: if 1182 * no new reasons the CRL is rejected, otherwise reasons is updated. 1183 */ 1184 1185 static int 1186 get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, 1187 X509_CRL *crl, X509 *x) 1188 { 1189 int crl_score = 0; 1190 unsigned int tmp_reasons = *preasons, crl_reasons; 1191 1192 /* First see if we can reject CRL straight away */ 1193 1194 /* Invalid IDP cannot be processed */ 1195 if (crl->idp_flags & IDP_INVALID) 1196 return 0; 1197 /* Reason codes or indirect CRLs need extended CRL support */ 1198 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1199 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1200 return 0; 1201 } else if (crl->idp_flags & IDP_REASONS) { 1202 /* If no new reasons reject */ 1203 if (!(crl->idp_reasons & ~tmp_reasons)) 1204 return 0; 1205 } 1206 /* Don't process deltas at this stage */ 1207 else if (crl->base_crl_number) 1208 return 0; 1209 /* If issuer name doesn't match certificate need indirect CRL */ 1210 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1211 if (!(crl->idp_flags & IDP_INDIRECT)) 1212 return 0; 1213 } else 1214 crl_score |= CRL_SCORE_ISSUER_NAME; 1215 1216 if (!(crl->flags & EXFLAG_CRITICAL)) 1217 crl_score |= CRL_SCORE_NOCRITICAL; 1218 1219 /* Check expiry */ 1220 if (check_crl_time(ctx, crl, 0)) 1221 crl_score |= CRL_SCORE_TIME; 1222 1223 /* Check authority key ID and locate certificate issuer */ 1224 crl_akid_check(ctx, crl, pissuer, &crl_score); 1225 1226 /* If we can't locate certificate issuer at this point forget it */ 1227 1228 if (!(crl_score & CRL_SCORE_AKID)) 1229 return 0; 1230 1231 /* Check cert for matching CRL distribution points */ 1232 1233 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1234 /* If no new reasons reject */ 1235 if (!(crl_reasons & ~tmp_reasons)) 1236 return 0; 1237 tmp_reasons |= crl_reasons; 1238 crl_score |= CRL_SCORE_SCOPE; 1239 } 1240 1241 *preasons = tmp_reasons; 1242 1243 return crl_score; 1244 } 1245 1246 static void 1247 crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 1248 int *pcrl_score) 1249 { 1250 X509 *crl_issuer = NULL; 1251 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1252 int cidx = ctx->error_depth; 1253 int i; 1254 1255 if (cidx != sk_X509_num(ctx->chain) - 1) 1256 cidx++; 1257 1258 crl_issuer = sk_X509_value(ctx->chain, cidx); 1259 1260 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1261 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1262 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; 1263 *pissuer = crl_issuer; 1264 return; 1265 } 1266 } 1267 1268 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { 1269 crl_issuer = sk_X509_value(ctx->chain, cidx); 1270 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1271 continue; 1272 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1273 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; 1274 *pissuer = crl_issuer; 1275 return; 1276 } 1277 } 1278 1279 /* Anything else needs extended CRL support */ 1280 1281 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1282 return; 1283 1284 /* Otherwise the CRL issuer is not on the path. Look for it in the 1285 * set of untrusted certificates. 1286 */ 1287 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1288 crl_issuer = sk_X509_value(ctx->untrusted, i); 1289 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1290 continue; 1291 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1292 *pissuer = crl_issuer; 1293 *pcrl_score |= CRL_SCORE_AKID; 1294 return; 1295 } 1296 } 1297 } 1298 1299 /* Check the path of a CRL issuer certificate. This creates a new 1300 * X509_STORE_CTX and populates it with most of the parameters from the 1301 * parent. This could be optimised somewhat since a lot of path checking 1302 * will be duplicated by the parent, but this will rarely be used in 1303 * practice. 1304 */ 1305 1306 static int 1307 check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1308 { 1309 X509_STORE_CTX crl_ctx; 1310 int ret; 1311 1312 /* Don't allow recursive CRL path validation */ 1313 if (ctx->parent) 1314 return 0; 1315 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) { 1316 ret = -1; 1317 goto err; 1318 } 1319 1320 crl_ctx.crls = ctx->crls; 1321 /* Copy verify params across */ 1322 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1323 1324 crl_ctx.parent = ctx; 1325 crl_ctx.verify_cb = ctx->verify_cb; 1326 1327 /* Verify CRL issuer */ 1328 ret = X509_verify_cert(&crl_ctx); 1329 1330 if (ret <= 0) 1331 goto err; 1332 1333 /* Check chain is acceptable */ 1334 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1335 1336 err: 1337 X509_STORE_CTX_cleanup(&crl_ctx); 1338 return ret; 1339 } 1340 1341 /* RFC3280 says nothing about the relationship between CRL path 1342 * and certificate path, which could lead to situations where a 1343 * certificate could be revoked or validated by a CA not authorised 1344 * to do so. RFC5280 is more strict and states that the two paths must 1345 * end in the same trust anchor, though some discussions remain... 1346 * until this is resolved we use the RFC5280 version 1347 */ 1348 1349 static int 1350 check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 1351 STACK_OF(X509) *crl_path) 1352 { 1353 X509 *cert_ta, *crl_ta; 1354 1355 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1356 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1357 if (!X509_cmp(cert_ta, crl_ta)) 1358 return 1; 1359 return 0; 1360 } 1361 1362 /* Check for match between two dist point names: three separate cases. 1363 * 1. Both are relative names and compare X509_NAME types. 1364 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1365 * 3. Both are full names and compare two GENERAL_NAMES. 1366 * 4. One is NULL: automatic match. 1367 */ 1368 1369 static int 1370 idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1371 { 1372 X509_NAME *nm = NULL; 1373 GENERAL_NAMES *gens = NULL; 1374 GENERAL_NAME *gena, *genb; 1375 int i, j; 1376 1377 if (!a || !b) 1378 return 1; 1379 if (a->type == 1) { 1380 if (!a->dpname) 1381 return 0; 1382 /* Case 1: two X509_NAME */ 1383 if (b->type == 1) { 1384 if (!b->dpname) 1385 return 0; 1386 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1387 return 1; 1388 else 1389 return 0; 1390 } 1391 /* Case 2: set name and GENERAL_NAMES appropriately */ 1392 nm = a->dpname; 1393 gens = b->name.fullname; 1394 } else if (b->type == 1) { 1395 if (!b->dpname) 1396 return 0; 1397 /* Case 2: set name and GENERAL_NAMES appropriately */ 1398 gens = a->name.fullname; 1399 nm = b->dpname; 1400 } 1401 1402 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1403 if (nm) { 1404 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1405 gena = sk_GENERAL_NAME_value(gens, i); 1406 if (gena->type != GEN_DIRNAME) 1407 continue; 1408 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1409 return 1; 1410 } 1411 return 0; 1412 } 1413 1414 /* Else case 3: two GENERAL_NAMES */ 1415 1416 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1417 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1418 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1419 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1420 if (!GENERAL_NAME_cmp(gena, genb)) 1421 return 1; 1422 } 1423 } 1424 1425 return 0; 1426 } 1427 1428 static int 1429 crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1430 { 1431 int i; 1432 X509_NAME *nm = X509_CRL_get_issuer(crl); 1433 1434 /* If no CRLissuer return is successful iff don't need a match */ 1435 if (!dp->CRLissuer) 1436 return !!(crl_score & CRL_SCORE_ISSUER_NAME); 1437 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1438 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1439 if (gen->type != GEN_DIRNAME) 1440 continue; 1441 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1442 return 1; 1443 } 1444 return 0; 1445 } 1446 1447 /* Check CRLDP and IDP */ 1448 1449 static int 1450 crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons) 1451 { 1452 int i; 1453 1454 if (crl->idp_flags & IDP_ONLYATTR) 1455 return 0; 1456 if (x->ex_flags & EXFLAG_CA) { 1457 if (crl->idp_flags & IDP_ONLYUSER) 1458 return 0; 1459 } else { 1460 if (crl->idp_flags & IDP_ONLYCA) 1461 return 0; 1462 } 1463 *preasons = crl->idp_reasons; 1464 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1465 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1466 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1467 if (!crl->idp || 1468 idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1469 *preasons &= dp->dp_reasons; 1470 return 1; 1471 } 1472 } 1473 } 1474 if ((!crl->idp || !crl->idp->distpoint) && 1475 (crl_score & CRL_SCORE_ISSUER_NAME)) 1476 return 1; 1477 return 0; 1478 } 1479 1480 /* Retrieve CRL corresponding to current certificate. 1481 * If deltas enabled try to find a delta CRL too 1482 */ 1483 1484 static int 1485 get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1486 { 1487 int ok; 1488 X509 *issuer = NULL; 1489 int crl_score = 0; 1490 unsigned int reasons; 1491 X509_CRL *crl = NULL, *dcrl = NULL; 1492 STACK_OF(X509_CRL) *skcrl; 1493 X509_NAME *nm = X509_get_issuer_name(x); 1494 1495 reasons = ctx->current_reasons; 1496 ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, 1497 ctx->crls); 1498 if (ok) 1499 goto done; 1500 1501 /* Lookup CRLs from store */ 1502 skcrl = ctx->lookup_crls(ctx, nm); 1503 1504 /* If no CRLs found and a near match from get_crl_sk use that */ 1505 if (!skcrl && crl) 1506 goto done; 1507 1508 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1509 1510 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1511 1512 done: 1513 1514 /* If we got any kind of CRL use it and return success */ 1515 if (crl) { 1516 ctx->current_issuer = issuer; 1517 ctx->current_crl_score = crl_score; 1518 ctx->current_reasons = reasons; 1519 *pcrl = crl; 1520 *pdcrl = dcrl; 1521 return 1; 1522 } 1523 1524 return 0; 1525 } 1526 1527 /* Check CRL validity */ 1528 static int 1529 check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1530 { 1531 X509 *issuer = NULL; 1532 EVP_PKEY *ikey = NULL; 1533 int ok = 0, chnum, cnum; 1534 1535 cnum = ctx->error_depth; 1536 chnum = sk_X509_num(ctx->chain) - 1; 1537 /* if we have an alternative CRL issuer cert use that */ 1538 if (ctx->current_issuer) { 1539 issuer = ctx->current_issuer; 1540 } else if (cnum < chnum) { 1541 /* Else find CRL issuer: if not last certificate then issuer 1542 * is next certificate in chain. 1543 */ 1544 issuer = sk_X509_value(ctx->chain, cnum + 1); 1545 } else { 1546 issuer = sk_X509_value(ctx->chain, chnum); 1547 /* If not self signed, can't check signature */ 1548 if (!ctx->check_issued(ctx, issuer, issuer)) { 1549 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1550 ok = ctx->verify_cb(0, ctx); 1551 if (!ok) 1552 goto err; 1553 } 1554 } 1555 1556 if (issuer) { 1557 /* Skip most tests for deltas because they have already 1558 * been done 1559 */ 1560 if (!crl->base_crl_number) { 1561 /* Check for cRLSign bit if keyUsage present */ 1562 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1563 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1564 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1565 ok = ctx->verify_cb(0, ctx); 1566 if (!ok) 1567 goto err; 1568 } 1569 1570 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1571 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1572 ok = ctx->verify_cb(0, ctx); 1573 if (!ok) 1574 goto err; 1575 } 1576 1577 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1578 if (check_crl_path(ctx, 1579 ctx->current_issuer) <= 0) { 1580 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1581 ok = ctx->verify_cb(0, ctx); 1582 if (!ok) 1583 goto err; 1584 } 1585 } 1586 1587 if (crl->idp_flags & IDP_INVALID) { 1588 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1589 ok = ctx->verify_cb(0, ctx); 1590 if (!ok) 1591 goto err; 1592 } 1593 1594 1595 } 1596 1597 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1598 ok = check_crl_time(ctx, crl, 1); 1599 if (!ok) 1600 goto err; 1601 } 1602 1603 /* Attempt to get issuer certificate public key */ 1604 ikey = X509_get_pubkey(issuer); 1605 1606 if (!ikey) { 1607 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1608 ok = ctx->verify_cb(0, ctx); 1609 if (!ok) 1610 goto err; 1611 } else { 1612 /* Verify CRL signature */ 1613 if (X509_CRL_verify(crl, ikey) <= 0) { 1614 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1615 ok = ctx->verify_cb(0, ctx); 1616 if (!ok) 1617 goto err; 1618 } 1619 } 1620 } 1621 1622 ok = 1; 1623 1624 err: 1625 EVP_PKEY_free(ikey); 1626 return ok; 1627 } 1628 1629 /* Check certificate against CRL */ 1630 static int 1631 cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1632 { 1633 int ok; 1634 X509_REVOKED *rev; 1635 1636 /* The rules changed for this... previously if a CRL contained 1637 * unhandled critical extensions it could still be used to indicate 1638 * a certificate was revoked. This has since been changed since 1639 * critical extension can change the meaning of CRL entries. 1640 */ 1641 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 1642 (crl->flags & EXFLAG_CRITICAL)) { 1643 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1644 ok = ctx->verify_cb(0, ctx); 1645 if (!ok) 1646 return 0; 1647 } 1648 /* Look for serial number of certificate in CRL 1649 * If found make sure reason is not removeFromCRL. 1650 */ 1651 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1652 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1653 return 2; 1654 ctx->error = X509_V_ERR_CERT_REVOKED; 1655 ok = ctx->verify_cb(0, ctx); 1656 if (!ok) 1657 return 0; 1658 } 1659 1660 return 1; 1661 } 1662 1663 static int 1664 check_policy(X509_STORE_CTX *ctx) 1665 { 1666 int ret; 1667 1668 if (ctx->parent) 1669 return 1; 1670 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1671 ctx->param->policies, ctx->param->flags); 1672 if (ret == 0) { 1673 X509error(ERR_R_MALLOC_FAILURE); 1674 return 0; 1675 } 1676 /* Invalid or inconsistent extensions */ 1677 if (ret == -1) { 1678 /* Locate certificates with bad extensions and notify 1679 * callback. 1680 */ 1681 X509 *x; 1682 int i; 1683 for (i = 1; i < sk_X509_num(ctx->chain); i++) { 1684 x = sk_X509_value(ctx->chain, i); 1685 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1686 continue; 1687 ctx->current_cert = x; 1688 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1689 if (!ctx->verify_cb(0, ctx)) 1690 return 0; 1691 } 1692 return 1; 1693 } 1694 if (ret == -2) { 1695 ctx->current_cert = NULL; 1696 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1697 return ctx->verify_cb(0, ctx); 1698 } 1699 1700 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1701 ctx->current_cert = NULL; 1702 ctx->error = X509_V_OK; 1703 if (!ctx->verify_cb(2, ctx)) 1704 return 0; 1705 } 1706 1707 return 1; 1708 } 1709 1710 /* 1711 * Inform the verify callback of an error. 1712 * 1713 * If x is not NULL it is the error cert, otherwise use the chain cert 1714 * at depth. 1715 * 1716 * If err is not X509_V_OK, that's the error value, otherwise leave 1717 * unchanged (presumably set by the caller). 1718 * 1719 * Returns 0 to abort verification with an error, non-zero to continue. 1720 */ 1721 static int 1722 verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) 1723 { 1724 ctx->error_depth = depth; 1725 ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); 1726 if (err != X509_V_OK) 1727 ctx->error = err; 1728 return ctx->verify_cb(0, ctx); 1729 } 1730 1731 /* 1732 * Check certificate validity times. 1733 * 1734 * If depth >= 0, invoke verification callbacks on error, otherwise just return 1735 * the validation status. 1736 * 1737 * Return 1 on success, 0 otherwise. 1738 */ 1739 int 1740 x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) 1741 { 1742 time_t *ptime; 1743 int i; 1744 1745 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1746 ptime = &ctx->param->check_time; 1747 else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1748 return 1; 1749 else 1750 ptime = NULL; 1751 1752 i = X509_cmp_time(X509_get_notBefore(x), ptime); 1753 if (i >= 0 && depth < 0) 1754 return 0; 1755 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1756 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) 1757 return 0; 1758 if (i > 0 && !verify_cb_cert(ctx, x, depth, 1759 X509_V_ERR_CERT_NOT_YET_VALID)) 1760 return 0; 1761 1762 i = X509_cmp_time_internal(X509_get_notAfter(x), ptime, 1); 1763 if (i <= 0 && depth < 0) 1764 return 0; 1765 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1766 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) 1767 return 0; 1768 if (i < 0 && !verify_cb_cert(ctx, x, depth, 1769 X509_V_ERR_CERT_HAS_EXPIRED)) 1770 return 0; 1771 return 1; 1772 } 1773 1774 static int 1775 internal_verify(X509_STORE_CTX *ctx) 1776 { 1777 int n = sk_X509_num(ctx->chain) - 1; 1778 X509 *xi = sk_X509_value(ctx->chain, n); 1779 X509 *xs; 1780 1781 if (ctx->check_issued(ctx, xi, xi)) 1782 xs = xi; 1783 else { 1784 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1785 xs = xi; 1786 goto check_cert; 1787 } 1788 if (n <= 0) 1789 return verify_cb_cert(ctx, xi, 0, 1790 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); 1791 n--; 1792 ctx->error_depth = n; 1793 xs = sk_X509_value(ctx->chain, n); 1794 } 1795 1796 /* 1797 * Do not clear ctx->error=0, it must be "sticky", only the 1798 * user's callback is allowed to reset errors (at its own 1799 * peril). 1800 */ 1801 while (n >= 0) { 1802 1803 /* 1804 * Skip signature check for self signed certificates 1805 * unless explicitly asked for. It doesn't add any 1806 * security and just wastes time. If the issuer's 1807 * public key is unusable, report the issuer 1808 * certificate and its depth (rather than the depth of 1809 * the subject). 1810 */ 1811 if (xs != xi || (ctx->param->flags & 1812 X509_V_FLAG_CHECK_SS_SIGNATURE)) { 1813 EVP_PKEY *pkey; 1814 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1815 if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, 1816 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) 1817 return 0; 1818 } else if (X509_verify(xs, pkey) <= 0) { 1819 if (!verify_cb_cert(ctx, xs, n, 1820 X509_V_ERR_CERT_SIGNATURE_FAILURE)) { 1821 EVP_PKEY_free(pkey); 1822 return 0; 1823 } 1824 } 1825 EVP_PKEY_free(pkey); 1826 } 1827 check_cert: 1828 /* Calls verify callback as needed */ 1829 if (!x509_check_cert_time(ctx, xs, n)) 1830 return 0; 1831 1832 /* 1833 * Signal success at this depth. However, the 1834 * previous error (if any) is retained. 1835 */ 1836 ctx->current_issuer = xi; 1837 ctx->current_cert = xs; 1838 ctx->error_depth = n; 1839 if (!ctx->verify_cb(1, ctx)) 1840 return 0; 1841 1842 if (--n >= 0) { 1843 xi = xs; 1844 xs = sk_X509_value(ctx->chain, n); 1845 } 1846 } 1847 return 1; 1848 } 1849 1850 int 1851 X509_cmp_current_time(const ASN1_TIME *ctm) 1852 { 1853 return X509_cmp_time(ctm, NULL); 1854 } 1855 1856 /* 1857 * Compare a possibly unvalidated ASN1_TIME string against a time_t 1858 * using RFC 5280 rules for the time string. If *cmp_time is NULL 1859 * the current system time is used. 1860 * 1861 * XXX NOTE that unlike what you expect a "cmp" function to do in C, 1862 * XXX this one is "special", and returns 0 for error. 1863 * 1864 * Returns: 1865 * -1 if the ASN1_time is earlier than OR the same as *cmp_time. 1866 * 1 if the ASN1_time is later than *cmp_time. 1867 * 0 on error. 1868 */ 1869 static int 1870 X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter) 1871 { 1872 time_t time1, time2; 1873 struct tm tm1, tm2; 1874 int ret = 0; 1875 int type; 1876 1877 if (cmp_time == NULL) 1878 time2 = time(NULL); 1879 else 1880 time2 = *cmp_time; 1881 1882 memset(&tm1, 0, sizeof(tm1)); 1883 1884 type = ASN1_time_parse(ctm->data, ctm->length, &tm1, ctm->type); 1885 if (type == -1) 1886 goto out; /* invalid time */ 1887 1888 /* RFC 5280 section 4.1.2.5 */ 1889 if (tm1.tm_year < 150 && type != V_ASN1_UTCTIME) 1890 goto out; 1891 if (tm1.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) 1892 goto out; 1893 1894 if (clamp_notafter) { 1895 /* Allow for completely broken operating systems. */ 1896 if (!ASN1_time_tm_clamp_notafter(&tm1)) 1897 goto out; 1898 } 1899 1900 /* 1901 * Defensively fail if the time string is not representable as 1902 * a time_t. A time_t must be sane if you care about times after 1903 * Jan 19 2038. 1904 */ 1905 if ((time1 = timegm(&tm1)) == -1) 1906 goto out; 1907 1908 if (gmtime_r(&time2, &tm2) == NULL) 1909 goto out; 1910 1911 ret = ASN1_time_tm_cmp(&tm1, &tm2); 1912 if (ret == 0) 1913 ret = -1; /* 0 is used for error, so map same to less than */ 1914 out: 1915 return (ret); 1916 } 1917 1918 int 1919 X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 1920 { 1921 return X509_cmp_time_internal(ctm, cmp_time, 0); 1922 } 1923 1924 1925 ASN1_TIME * 1926 X509_gmtime_adj(ASN1_TIME *s, long adj) 1927 { 1928 return X509_time_adj(s, adj, NULL); 1929 } 1930 1931 ASN1_TIME * 1932 X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time) 1933 { 1934 return X509_time_adj_ex(s, 0, offset_sec, in_time); 1935 } 1936 1937 ASN1_TIME * 1938 X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time) 1939 { 1940 time_t t; 1941 if (in_time == NULL) 1942 t = time(NULL); 1943 else 1944 t = *in_time; 1945 1946 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 1947 } 1948 1949 int 1950 X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) 1951 { 1952 EVP_PKEY *ktmp = NULL, *ktmp2; 1953 int i, j; 1954 1955 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) 1956 return 1; 1957 1958 for (i = 0; i < sk_X509_num(chain); i++) { 1959 ktmp = X509_get_pubkey(sk_X509_value(chain, i)); 1960 if (ktmp == NULL) { 1961 X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 1962 return 0; 1963 } 1964 if (!EVP_PKEY_missing_parameters(ktmp)) 1965 break; 1966 else { 1967 EVP_PKEY_free(ktmp); 1968 ktmp = NULL; 1969 } 1970 } 1971 if (ktmp == NULL) { 1972 X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 1973 return 0; 1974 } 1975 1976 /* first, populate the other certs */ 1977 for (j = i - 1; j >= 0; j--) { 1978 ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); 1979 EVP_PKEY_copy_parameters(ktmp2, ktmp); 1980 EVP_PKEY_free(ktmp2); 1981 } 1982 1983 if (pkey != NULL) 1984 EVP_PKEY_copy_parameters(pkey, ktmp); 1985 EVP_PKEY_free(ktmp); 1986 return 1; 1987 } 1988 1989 int 1990 X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 1991 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 1992 { 1993 /* This function is (usually) called only once, by 1994 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ 1995 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, 1996 argl, argp, new_func, dup_func, free_func); 1997 } 1998 1999 int 2000 X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2001 { 2002 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2003 } 2004 2005 void * 2006 X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2007 { 2008 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2009 } 2010 2011 int 2012 X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2013 { 2014 return ctx->error; 2015 } 2016 2017 void 2018 X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2019 { 2020 ctx->error = err; 2021 } 2022 2023 int 2024 X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2025 { 2026 return ctx->error_depth; 2027 } 2028 2029 X509 * 2030 X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2031 { 2032 return ctx->current_cert; 2033 } 2034 2035 STACK_OF(X509) * 2036 X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2037 { 2038 return ctx->chain; 2039 } 2040 2041 STACK_OF(X509) * 2042 X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs) 2043 { 2044 return xs->chain; 2045 } 2046 2047 STACK_OF(X509) * 2048 X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2049 { 2050 int i; 2051 X509 *x; 2052 STACK_OF(X509) *chain; 2053 2054 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) 2055 return NULL; 2056 for (i = 0; i < sk_X509_num(chain); i++) { 2057 x = sk_X509_value(chain, i); 2058 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 2059 } 2060 return chain; 2061 } 2062 2063 X509 * 2064 X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2065 { 2066 return ctx->current_issuer; 2067 } 2068 2069 X509_CRL * 2070 X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2071 { 2072 return ctx->current_crl; 2073 } 2074 2075 X509_STORE_CTX * 2076 X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2077 { 2078 return ctx->parent; 2079 } 2080 2081 X509_STORE * 2082 X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) 2083 { 2084 return xs->ctx; 2085 } 2086 2087 void 2088 X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2089 { 2090 ctx->cert = x; 2091 } 2092 2093 void 2094 X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2095 { 2096 ctx->untrusted = sk; 2097 } 2098 2099 void 2100 X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2101 { 2102 ctx->crls = sk; 2103 } 2104 2105 int 2106 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2107 { 2108 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2109 } 2110 2111 int 2112 X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2113 { 2114 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2115 } 2116 2117 /* This function is used to set the X509_STORE_CTX purpose and trust 2118 * values. This is intended to be used when another structure has its 2119 * own trust and purpose values which (if set) will be inherited by 2120 * the ctx. If they aren't set then we will usually have a default 2121 * purpose in mind which should then be used to set the trust value. 2122 * An example of this is SSL use: an SSL structure will have its own 2123 * purpose and trust settings which the application can set: if they 2124 * aren't set then we use the default of SSL client/server. 2125 */ 2126 2127 int 2128 X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2129 int purpose, int trust) 2130 { 2131 int idx; 2132 2133 /* If purpose not set use default */ 2134 if (!purpose) 2135 purpose = def_purpose; 2136 /* If we have a purpose then check it is valid */ 2137 if (purpose) { 2138 X509_PURPOSE *ptmp; 2139 idx = X509_PURPOSE_get_by_id(purpose); 2140 if (idx == -1) { 2141 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2142 return 0; 2143 } 2144 ptmp = X509_PURPOSE_get0(idx); 2145 if (ptmp->trust == X509_TRUST_DEFAULT) { 2146 idx = X509_PURPOSE_get_by_id(def_purpose); 2147 if (idx == -1) { 2148 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2149 return 0; 2150 } 2151 ptmp = X509_PURPOSE_get0(idx); 2152 } 2153 /* If trust not set then get from purpose default */ 2154 if (!trust) 2155 trust = ptmp->trust; 2156 } 2157 if (trust) { 2158 idx = X509_TRUST_get_by_id(trust); 2159 if (idx == -1) { 2160 X509error(X509_R_UNKNOWN_TRUST_ID); 2161 return 0; 2162 } 2163 } 2164 2165 if (purpose && !ctx->param->purpose) 2166 ctx->param->purpose = purpose; 2167 if (trust && !ctx->param->trust) 2168 ctx->param->trust = trust; 2169 return 1; 2170 } 2171 2172 X509_STORE_CTX * 2173 X509_STORE_CTX_new(void) 2174 { 2175 X509_STORE_CTX *ctx; 2176 2177 ctx = calloc(1, sizeof(X509_STORE_CTX)); 2178 if (!ctx) { 2179 X509error(ERR_R_MALLOC_FAILURE); 2180 return NULL; 2181 } 2182 return ctx; 2183 } 2184 2185 void 2186 X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2187 { 2188 if (ctx == NULL) 2189 return; 2190 2191 X509_STORE_CTX_cleanup(ctx); 2192 free(ctx); 2193 } 2194 2195 int 2196 X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2197 STACK_OF(X509) *chain) 2198 { 2199 int param_ret = 1; 2200 2201 /* 2202 * Make sure everything is initialized properly even in case of an 2203 * early return due to an error. 2204 * 2205 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have 2206 * freed everything and memset ex_data anyway. This also allows us 2207 * to safely use X509_STORE_CTX variables from the stack which will 2208 * have uninitialized data. 2209 */ 2210 memset(ctx, 0, sizeof(*ctx)); 2211 2212 /* 2213 * Start with this set to not valid - it will be set to valid 2214 * in X509_verify_cert. 2215 */ 2216 ctx->error = X509_V_ERR_INVALID_CALL; 2217 2218 /* 2219 * Set values other than 0. Keep this in the same order as 2220 * X509_STORE_CTX except for values that may fail. All fields that 2221 * may fail should go last to make sure 'ctx' is as consistent as 2222 * possible even on early exits. 2223 */ 2224 ctx->ctx = store; 2225 ctx->cert = x509; 2226 ctx->untrusted = chain; 2227 2228 if (store && store->verify) 2229 ctx->verify = store->verify; 2230 else 2231 ctx->verify = internal_verify; 2232 2233 if (store && store->verify_cb) 2234 ctx->verify_cb = store->verify_cb; 2235 else 2236 ctx->verify_cb = null_callback; 2237 2238 if (store && store->get_issuer) 2239 ctx->get_issuer = store->get_issuer; 2240 else 2241 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2242 2243 if (store && store->check_issued) 2244 ctx->check_issued = store->check_issued; 2245 else 2246 ctx->check_issued = check_issued; 2247 2248 if (store && store->check_revocation) 2249 ctx->check_revocation = store->check_revocation; 2250 else 2251 ctx->check_revocation = check_revocation; 2252 2253 if (store && store->get_crl) 2254 ctx->get_crl = store->get_crl; 2255 else 2256 ctx->get_crl = NULL; 2257 2258 if (store && store->check_crl) 2259 ctx->check_crl = store->check_crl; 2260 else 2261 ctx->check_crl = check_crl; 2262 2263 if (store && store->cert_crl) 2264 ctx->cert_crl = store->cert_crl; 2265 else 2266 ctx->cert_crl = cert_crl; 2267 2268 ctx->check_policy = check_policy; 2269 2270 if (store && store->lookup_certs) 2271 ctx->lookup_certs = store->lookup_certs; 2272 else 2273 ctx->lookup_certs = X509_STORE_get1_certs; 2274 2275 if (store && store->lookup_crls) 2276 ctx->lookup_crls = store->lookup_crls; 2277 else 2278 ctx->lookup_crls = X509_STORE_get1_crls; 2279 2280 if (store && store->cleanup) 2281 ctx->cleanup = store->cleanup; 2282 else 2283 ctx->cleanup = NULL; 2284 2285 ctx->param = X509_VERIFY_PARAM_new(); 2286 if (!ctx->param) { 2287 X509error(ERR_R_MALLOC_FAILURE); 2288 return 0; 2289 } 2290 2291 /* Inherit callbacks and flags from X509_STORE if not set 2292 * use defaults. 2293 */ 2294 if (store) 2295 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2296 else 2297 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; 2298 2299 if (param_ret) 2300 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, 2301 X509_VERIFY_PARAM_lookup("default")); 2302 2303 if (param_ret == 0) { 2304 X509error(ERR_R_MALLOC_FAILURE); 2305 return 0; 2306 } 2307 2308 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2309 &(ctx->ex_data)) == 0) { 2310 X509error(ERR_R_MALLOC_FAILURE); 2311 return 0; 2312 } 2313 return 1; 2314 } 2315 2316 /* Set alternative lookup method: just a STACK of trusted certificates. 2317 * This avoids X509_STORE nastiness where it isn't needed. 2318 */ 2319 2320 void 2321 X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2322 { 2323 ctx->other_ctx = sk; 2324 ctx->get_issuer = get_issuer_sk; 2325 } 2326 2327 void 2328 X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2329 { 2330 X509_STORE_CTX_trusted_stack(ctx, sk); 2331 } 2332 2333 void 2334 X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2335 { 2336 if (ctx->cleanup) 2337 ctx->cleanup(ctx); 2338 if (ctx->param != NULL) { 2339 if (ctx->parent == NULL) 2340 X509_VERIFY_PARAM_free(ctx->param); 2341 ctx->param = NULL; 2342 } 2343 if (ctx->tree != NULL) { 2344 X509_policy_tree_free(ctx->tree); 2345 ctx->tree = NULL; 2346 } 2347 if (ctx->chain != NULL) { 2348 sk_X509_pop_free(ctx->chain, X509_free); 2349 ctx->chain = NULL; 2350 } 2351 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, 2352 ctx, &(ctx->ex_data)); 2353 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2354 } 2355 2356 void 2357 X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2358 { 2359 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2360 } 2361 2362 void 2363 X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2364 { 2365 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2366 } 2367 2368 void 2369 X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) 2370 { 2371 X509_VERIFY_PARAM_set_time(ctx->param, t); 2372 } 2373 2374 void 2375 X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2376 int (*verify_cb)(int, X509_STORE_CTX *)) 2377 { 2378 ctx->verify_cb = verify_cb; 2379 } 2380 2381 X509 * 2382 X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) 2383 { 2384 return ctx->cert; 2385 } 2386 2387 STACK_OF(X509) * 2388 X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) 2389 { 2390 return ctx->untrusted; 2391 } 2392 2393 void 2394 X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2395 { 2396 ctx->untrusted = sk; 2397 } 2398 2399 X509_POLICY_TREE * 2400 X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2401 { 2402 return ctx->tree; 2403 } 2404 2405 int 2406 X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2407 { 2408 return ctx->explicit_policy; 2409 } 2410 2411 int 2412 X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2413 { 2414 const X509_VERIFY_PARAM *param; 2415 param = X509_VERIFY_PARAM_lookup(name); 2416 if (!param) 2417 return 0; 2418 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2419 } 2420 2421 X509_VERIFY_PARAM * 2422 X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2423 { 2424 return ctx->param; 2425 } 2426 2427 void 2428 X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2429 { 2430 if (ctx->param) 2431 X509_VERIFY_PARAM_free(ctx->param); 2432 ctx->param = param; 2433 } 2434