1 /* $OpenBSD: x509_vfy.c,v 1.72.6.1 2020/06/10 03:56:22 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <errno.h> 60 #include <stdio.h> 61 #include <string.h> 62 #include <time.h> 63 #include <unistd.h> 64 65 #include <openssl/opensslconf.h> 66 67 #include <openssl/asn1.h> 68 #include <openssl/buffer.h> 69 #include <openssl/crypto.h> 70 #include <openssl/err.h> 71 #include <openssl/evp.h> 72 #include <openssl/lhash.h> 73 #include <openssl/objects.h> 74 #include <openssl/x509.h> 75 #include <openssl/x509v3.h> 76 #include "asn1_locl.h" 77 #include "vpm_int.h" 78 #include "x509_lcl.h" 79 80 /* CRL score values */ 81 82 /* No unhandled critical extensions */ 83 84 #define CRL_SCORE_NOCRITICAL 0x100 85 86 /* certificate is within CRL scope */ 87 88 #define CRL_SCORE_SCOPE 0x080 89 90 /* CRL times valid */ 91 92 #define CRL_SCORE_TIME 0x040 93 94 /* Issuer name matches certificate */ 95 96 #define CRL_SCORE_ISSUER_NAME 0x020 97 98 /* If this score or above CRL is probably valid */ 99 100 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 101 102 /* CRL issuer is certificate issuer */ 103 104 #define CRL_SCORE_ISSUER_CERT 0x018 105 106 /* CRL issuer is on certificate path */ 107 108 #define CRL_SCORE_SAME_PATH 0x008 109 110 /* CRL issuer matches CRL AKID */ 111 112 #define CRL_SCORE_AKID 0x004 113 114 /* Have a delta CRL with valid times */ 115 116 #define CRL_SCORE_TIME_DELTA 0x002 117 118 static int null_callback(int ok, X509_STORE_CTX *e); 119 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 120 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 121 int allow_expired); 122 static int check_chain_extensions(X509_STORE_CTX *ctx); 123 static int check_name_constraints(X509_STORE_CTX *ctx); 124 static int check_trust(X509_STORE_CTX *ctx); 125 static int check_revocation(X509_STORE_CTX *ctx); 126 static int check_cert(X509_STORE_CTX *ctx); 127 static int check_policy(X509_STORE_CTX *ctx); 128 129 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 130 unsigned int *preasons, X509_CRL *crl, X509 *x); 131 static int get_crl_delta(X509_STORE_CTX *ctx, 132 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 133 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, 134 X509_CRL *base, STACK_OF(X509_CRL) *crls); 135 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 136 int *pcrl_score); 137 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 138 unsigned int *preasons); 139 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 140 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 141 STACK_OF(X509) *crl_path); 142 static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, 143 int clamp_notafter); 144 145 static int internal_verify(X509_STORE_CTX *ctx); 146 147 int ASN1_time_tm_clamp_notafter(struct tm *tm); 148 149 static int 150 null_callback(int ok, X509_STORE_CTX *e) 151 { 152 return ok; 153 } 154 155 #if 0 156 static int 157 x509_subject_cmp(X509 **a, X509 **b) 158 { 159 return X509_subject_name_cmp(*a, *b); 160 } 161 #endif 162 163 /* Return 1 if a certificate is self signed */ 164 static int 165 cert_self_signed(X509 *x) 166 { 167 X509_check_purpose(x, -1, 0); 168 if (x->ex_flags & EXFLAG_SS) 169 return 1; 170 else 171 return 0; 172 } 173 174 static int 175 check_id_error(X509_STORE_CTX *ctx, int errcode) 176 { 177 ctx->error = errcode; 178 ctx->current_cert = ctx->cert; 179 ctx->error_depth = 0; 180 return ctx->verify_cb(0, ctx); 181 } 182 183 static int 184 check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 185 { 186 size_t i, n; 187 char *name; 188 189 n = sk_OPENSSL_STRING_num(id->hosts); 190 free(id->peername); 191 id->peername = NULL; 192 193 for (i = 0; i < n; ++i) { 194 name = sk_OPENSSL_STRING_value(id->hosts, i); 195 if (X509_check_host(x, name, strlen(name), id->hostflags, 196 &id->peername) > 0) 197 return 1; 198 } 199 return n == 0; 200 } 201 202 static int 203 check_id(X509_STORE_CTX *ctx) 204 { 205 X509_VERIFY_PARAM *vpm = ctx->param; 206 X509_VERIFY_PARAM_ID *id = vpm->id; 207 X509 *x = ctx->cert; 208 209 if (id->hosts && check_hosts(x, id) <= 0) { 210 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 211 return 0; 212 } 213 if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0) 214 <= 0) { 215 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 216 return 0; 217 } 218 if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { 219 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 220 return 0; 221 } 222 return 1; 223 } 224 225 int 226 X509_verify_cert(X509_STORE_CTX *ctx) 227 { 228 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 229 int bad_chain = 0; 230 X509_VERIFY_PARAM *param = ctx->param; 231 int depth, i, ok = 0; 232 int num, j, retry, trust; 233 int (*cb) (int xok, X509_STORE_CTX *xctx); 234 STACK_OF(X509) *sktmp = NULL; 235 236 if (ctx->cert == NULL) { 237 X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 238 ctx->error = X509_V_ERR_INVALID_CALL; 239 return -1; 240 } 241 if (ctx->chain != NULL) { 242 /* 243 * This X509_STORE_CTX has already been used to verify 244 * a cert. We cannot do another one. 245 */ 246 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 247 ctx->error = X509_V_ERR_INVALID_CALL; 248 return -1; 249 } 250 if (ctx->param->id->poisoned) { 251 /* 252 * This X509_STORE_CTX had failures setting 253 * up verify parameters. We can not use it. 254 */ 255 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 256 ctx->error = X509_V_ERR_INVALID_CALL; 257 return -1; 258 } 259 if (ctx->error != X509_V_ERR_INVALID_CALL) { 260 /* 261 * This X509_STORE_CTX has not been properly initialized. 262 */ 263 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 264 ctx->error = X509_V_ERR_INVALID_CALL; 265 return -1; 266 } 267 ctx->error = X509_V_OK; /* Initialize to OK */ 268 269 cb = ctx->verify_cb; 270 271 /* 272 * First we make sure the chain we are going to build is 273 * present and that the first entry is in place. 274 */ 275 ctx->chain = sk_X509_new_null(); 276 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { 277 X509error(ERR_R_MALLOC_FAILURE); 278 ctx->error = X509_V_ERR_OUT_OF_MEM; 279 goto end; 280 } 281 X509_up_ref(ctx->cert); 282 ctx->last_untrusted = 1; 283 284 /* We use a temporary STACK so we can chop and hack at it */ 285 if (ctx->untrusted != NULL && 286 (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 287 X509error(ERR_R_MALLOC_FAILURE); 288 ctx->error = X509_V_ERR_OUT_OF_MEM; 289 goto end; 290 } 291 292 num = sk_X509_num(ctx->chain); 293 x = sk_X509_value(ctx->chain, num - 1); 294 depth = param->depth; 295 296 for (;;) { 297 /* If we have enough, we break */ 298 /* FIXME: If this happens, we should take 299 * note of it and, if appropriate, use the 300 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 301 * later. 302 */ 303 if (depth < num) 304 break; 305 /* If we are self signed, we break */ 306 if (cert_self_signed(x)) 307 break; 308 /* 309 * If asked see if we can find issuer in trusted store first 310 */ 311 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 312 ok = ctx->get_issuer(&xtmp, ctx, x); 313 if (ok < 0) { 314 ctx->error = X509_V_ERR_STORE_LOOKUP; 315 goto end; 316 } 317 /* 318 * If successful for now free up cert so it 319 * will be picked up again later. 320 */ 321 if (ok > 0) { 322 X509_free(xtmp); 323 break; 324 } 325 } 326 /* If we were passed a cert chain, use it first */ 327 if (ctx->untrusted != NULL) { 328 /* 329 * If we do not find a non-expired untrusted cert, peek 330 * ahead and see if we can satisify this from the trusted 331 * store. If not, see if we have an expired untrusted cert. 332 */ 333 xtmp = find_issuer(ctx, sktmp, x, 0); 334 if (xtmp == NULL && 335 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)) { 336 ok = ctx->get_issuer(&xtmp, ctx, x); 337 if (ok < 0) { 338 ctx->error = X509_V_ERR_STORE_LOOKUP; 339 goto end; 340 } 341 if (ok > 0) { 342 X509_free(xtmp); 343 break; 344 } 345 xtmp = find_issuer(ctx, sktmp, x, 1); 346 } 347 if (xtmp != NULL) { 348 if (!sk_X509_push(ctx->chain, xtmp)) { 349 X509error(ERR_R_MALLOC_FAILURE); 350 ctx->error = X509_V_ERR_OUT_OF_MEM; 351 ok = 0; 352 goto end; 353 } 354 X509_up_ref(xtmp); 355 (void)sk_X509_delete_ptr(sktmp, xtmp); 356 ctx->last_untrusted++; 357 x = xtmp; 358 num++; 359 /* 360 * reparse the full chain for the next one 361 */ 362 continue; 363 } 364 } 365 break; 366 } 367 /* Remember how many untrusted certs we have */ 368 j = num; 369 370 /* 371 * At this point, chain should contain a list of untrusted 372 * certificates. We now need to add at least one trusted one, 373 * if possible, otherwise we complain. 374 */ 375 376 do { 377 /* 378 * Examine last certificate in chain and see if it is 379 * self signed. 380 */ 381 i = sk_X509_num(ctx->chain); 382 x = sk_X509_value(ctx->chain, i - 1); 383 if (cert_self_signed(x)) { 384 /* we have a self signed certificate */ 385 if (i == 1) { 386 /* 387 * We have a single self signed 388 * certificate: see if we can find it 389 * in the store. We must have an exact 390 * match to avoid possible 391 * impersonation. 392 */ 393 ok = ctx->get_issuer(&xtmp, ctx, x); 394 if ((ok <= 0) || X509_cmp(x, xtmp)) { 395 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 396 ctx->current_cert = x; 397 ctx->error_depth = i - 1; 398 if (ok == 1) 399 X509_free(xtmp); 400 bad_chain = 1; 401 ok = cb(0, ctx); 402 if (!ok) 403 goto end; 404 } else { 405 /* 406 * We have a match: replace 407 * certificate with store 408 * version so we get any trust 409 * settings. 410 */ 411 X509_free(x); 412 x = xtmp; 413 (void)sk_X509_set(ctx->chain, i - 1, x); 414 ctx->last_untrusted = 0; 415 } 416 } else { 417 /* 418 * extract and save self signed 419 * certificate for later use 420 */ 421 chain_ss = sk_X509_pop(ctx->chain); 422 ctx->last_untrusted--; 423 num--; 424 j--; 425 x = sk_X509_value(ctx->chain, num - 1); 426 } 427 } 428 /* We now lookup certs from the certificate store */ 429 for (;;) { 430 /* If we have enough, we break */ 431 if (depth < num) 432 break; 433 /* If we are self signed, we break */ 434 if (cert_self_signed(x)) 435 break; 436 ok = ctx->get_issuer(&xtmp, ctx, x); 437 438 if (ok < 0) { 439 ctx->error = X509_V_ERR_STORE_LOOKUP; 440 goto end; 441 } 442 if (ok == 0) 443 break; 444 x = xtmp; 445 if (!sk_X509_push(ctx->chain, x)) { 446 X509_free(xtmp); 447 X509error(ERR_R_MALLOC_FAILURE); 448 ctx->error = X509_V_ERR_OUT_OF_MEM; 449 ok = 0; 450 goto end; 451 } 452 num++; 453 } 454 455 /* we now have our chain, lets check it... */ 456 trust = check_trust(ctx); 457 458 /* If explicitly rejected error */ 459 if (trust == X509_TRUST_REJECTED) { 460 ok = 0; 461 goto end; 462 } 463 /* 464 * If it's not explicitly trusted then check if there 465 * is an alternative chain that could be used. We only 466 * do this if we haven't already checked via 467 * TRUSTED_FIRST and the user hasn't switched off 468 * alternate chain checking 469 */ 470 retry = 0; 471 if (trust != X509_TRUST_TRUSTED && 472 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && 473 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 474 while (j-- > 1) { 475 xtmp2 = sk_X509_value(ctx->chain, j - 1); 476 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 477 if (ok < 0) 478 goto end; 479 /* Check if we found an alternate chain */ 480 if (ok > 0) { 481 /* 482 * Free up the found cert 483 * we'll add it again later 484 */ 485 X509_free(xtmp); 486 /* 487 * Dump all the certs above 488 * this point - we've found an 489 * alternate chain 490 */ 491 while (num > j) { 492 xtmp = sk_X509_pop(ctx->chain); 493 X509_free(xtmp); 494 num--; 495 } 496 ctx->last_untrusted = sk_X509_num(ctx->chain); 497 retry = 1; 498 break; 499 } 500 } 501 } 502 } while (retry); 503 504 /* 505 * If not explicitly trusted then indicate error unless it's a single 506 * self signed certificate in which case we've indicated an error already 507 * and set bad_chain == 1 508 */ 509 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 510 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 511 if (ctx->last_untrusted >= num) 512 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 513 else 514 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 515 ctx->current_cert = x; 516 } else { 517 if (!sk_X509_push(ctx->chain, chain_ss)) { 518 X509error(ERR_R_MALLOC_FAILURE); 519 ctx->error = X509_V_ERR_OUT_OF_MEM; 520 ok = 0; 521 goto end; 522 } 523 num++; 524 ctx->last_untrusted = num; 525 ctx->current_cert = chain_ss; 526 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 527 chain_ss = NULL; 528 } 529 530 ctx->error_depth = num - 1; 531 bad_chain = 1; 532 ok = cb(0, ctx); 533 if (!ok) 534 goto end; 535 } 536 537 /* We have the chain complete: now we need to check its purpose */ 538 ok = check_chain_extensions(ctx); 539 if (!ok) 540 goto end; 541 542 /* Check name constraints */ 543 ok = check_name_constraints(ctx); 544 if (!ok) 545 goto end; 546 547 ok = check_id(ctx); 548 if (!ok) 549 goto end; 550 /* 551 * Check revocation status: we do this after copying parameters because 552 * they may be needed for CRL signature verification. 553 */ 554 ok = ctx->check_revocation(ctx); 555 if (!ok) 556 goto end; 557 558 /* At this point, we have a chain and need to verify it */ 559 if (ctx->verify != NULL) 560 ok = ctx->verify(ctx); 561 else 562 ok = internal_verify(ctx); 563 if (!ok) 564 goto end; 565 566 /* If we get this far evaluate policies */ 567 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 568 ok = ctx->check_policy(ctx); 569 570 end: 571 sk_X509_free(sktmp); 572 X509_free(chain_ss); 573 574 /* Safety net, error returns must set ctx->error */ 575 if (ok <= 0 && ctx->error == X509_V_OK) 576 ctx->error = X509_V_ERR_UNSPECIFIED; 577 return ok; 578 } 579 580 /* Given a STACK_OF(X509) find the issuer of cert (if any) 581 */ 582 583 static X509 * 584 find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 585 int allow_expired) 586 { 587 int i; 588 X509 *issuer, *rv = NULL; 589 590 for (i = 0; i < sk_X509_num(sk); i++) { 591 issuer = sk_X509_value(sk, i); 592 if (ctx->check_issued(ctx, x, issuer)) { 593 if (x509_check_cert_time(ctx, issuer, -1)) 594 return issuer; 595 if (allow_expired) 596 rv = issuer; 597 } 598 } 599 return rv; 600 } 601 602 /* Given a possible certificate and issuer check them */ 603 604 static int 605 check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 606 { 607 int ret; 608 609 ret = X509_check_issued(issuer, x); 610 if (ret == X509_V_OK) 611 return 1; 612 /* If we haven't asked for issuer errors don't set ctx */ 613 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 614 return 0; 615 616 ctx->error = ret; 617 ctx->current_cert = x; 618 ctx->current_issuer = issuer; 619 return ctx->verify_cb(0, ctx); 620 } 621 622 /* Alternative lookup method: look from a STACK stored in other_ctx */ 623 624 static int 625 get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 626 { 627 *issuer = find_issuer(ctx, ctx->other_ctx, x, 1); 628 if (*issuer) { 629 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 630 return 1; 631 } else 632 return 0; 633 } 634 635 /* Check a certificate chains extensions for consistency 636 * with the supplied purpose 637 */ 638 639 static int 640 check_chain_extensions(X509_STORE_CTX *ctx) 641 { 642 #ifdef OPENSSL_NO_CHAIN_VERIFY 643 return 1; 644 #else 645 int i, ok = 0, must_be_ca, plen = 0; 646 X509 *x; 647 int (*cb)(int xok, X509_STORE_CTX *xctx); 648 int proxy_path_length = 0; 649 int purpose; 650 int allow_proxy_certs; 651 652 cb = ctx->verify_cb; 653 654 /* must_be_ca can have 1 of 3 values: 655 -1: we accept both CA and non-CA certificates, to allow direct 656 use of self-signed certificates (which are marked as CA). 657 0: we only accept non-CA certificates. This is currently not 658 used, but the possibility is present for future extensions. 659 1: we only accept CA certificates. This is currently used for 660 all certificates in the chain except the leaf certificate. 661 */ 662 must_be_ca = -1; 663 664 /* CRL path validation */ 665 if (ctx->parent) { 666 allow_proxy_certs = 0; 667 purpose = X509_PURPOSE_CRL_SIGN; 668 } else { 669 allow_proxy_certs = 670 !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 671 purpose = ctx->param->purpose; 672 } 673 674 /* Check all untrusted certificates */ 675 for (i = 0; i < ctx->last_untrusted; i++) { 676 int ret; 677 x = sk_X509_value(ctx->chain, i); 678 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 679 (x->ex_flags & EXFLAG_CRITICAL)) { 680 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 681 ctx->error_depth = i; 682 ctx->current_cert = x; 683 ok = cb(0, ctx); 684 if (!ok) 685 goto end; 686 } 687 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { 688 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 689 ctx->error_depth = i; 690 ctx->current_cert = x; 691 ok = cb(0, ctx); 692 if (!ok) 693 goto end; 694 } 695 ret = X509_check_ca(x); 696 switch (must_be_ca) { 697 case -1: 698 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 699 (ret != 1) && (ret != 0)) { 700 ret = 0; 701 ctx->error = X509_V_ERR_INVALID_CA; 702 } else 703 ret = 1; 704 break; 705 case 0: 706 if (ret != 0) { 707 ret = 0; 708 ctx->error = X509_V_ERR_INVALID_NON_CA; 709 } else 710 ret = 1; 711 break; 712 default: 713 if ((ret == 0) || 714 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 715 (ret != 1))) { 716 ret = 0; 717 ctx->error = X509_V_ERR_INVALID_CA; 718 } else 719 ret = 1; 720 break; 721 } 722 if (ret == 0) { 723 ctx->error_depth = i; 724 ctx->current_cert = x; 725 ok = cb(0, ctx); 726 if (!ok) 727 goto end; 728 } 729 if (ctx->param->purpose > 0) { 730 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 731 if ((ret == 0) || 732 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 733 (ret != 1))) { 734 ctx->error = X509_V_ERR_INVALID_PURPOSE; 735 ctx->error_depth = i; 736 ctx->current_cert = x; 737 ok = cb(0, ctx); 738 if (!ok) 739 goto end; 740 } 741 } 742 /* Check pathlen if not self issued */ 743 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) && 744 (x->ex_pathlen != -1) && 745 (plen > (x->ex_pathlen + proxy_path_length + 1))) { 746 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 747 ctx->error_depth = i; 748 ctx->current_cert = x; 749 ok = cb(0, ctx); 750 if (!ok) 751 goto end; 752 } 753 /* Increment path length if not self issued */ 754 if (!(x->ex_flags & EXFLAG_SI)) 755 plen++; 756 /* If this certificate is a proxy certificate, the next 757 certificate must be another proxy certificate or a EE 758 certificate. If not, the next certificate must be a 759 CA certificate. */ 760 if (x->ex_flags & EXFLAG_PROXY) { 761 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { 762 ctx->error = 763 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 764 ctx->error_depth = i; 765 ctx->current_cert = x; 766 ok = cb(0, ctx); 767 if (!ok) 768 goto end; 769 } 770 proxy_path_length++; 771 must_be_ca = 0; 772 } else 773 must_be_ca = 1; 774 } 775 ok = 1; 776 777 end: 778 return ok; 779 #endif 780 } 781 782 static int 783 check_name_constraints(X509_STORE_CTX *ctx) 784 { 785 X509 *x; 786 int i, j, rv; 787 788 /* Check name constraints for all certificates */ 789 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { 790 x = sk_X509_value(ctx->chain, i); 791 /* Ignore self issued certs unless last in chain */ 792 if (i && (x->ex_flags & EXFLAG_SI)) 793 continue; 794 /* Check against constraints for all certificates higher in 795 * chain including trust anchor. Trust anchor not strictly 796 * speaking needed but if it includes constraints it is to be 797 * assumed it expects them to be obeyed. 798 */ 799 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { 800 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; 801 if (nc) { 802 rv = NAME_CONSTRAINTS_check(x, nc); 803 if (rv != X509_V_OK) { 804 ctx->error = rv; 805 ctx->error_depth = i; 806 ctx->current_cert = x; 807 if (!ctx->verify_cb(0, ctx)) 808 return 0; 809 } 810 } 811 } 812 } 813 return 1; 814 } 815 816 /* Given a certificate try and find an exact match in the store */ 817 818 static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 819 { 820 STACK_OF(X509) *certs; 821 X509 *xtmp = NULL; 822 size_t i; 823 824 /* Lookup all certs with matching subject name */ 825 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 826 if (certs == NULL) 827 return NULL; 828 829 /* Look for exact match */ 830 for (i = 0; i < sk_X509_num(certs); i++) { 831 xtmp = sk_X509_value(certs, i); 832 if (!X509_cmp(xtmp, x)) 833 break; 834 } 835 836 if (i < sk_X509_num(certs)) 837 X509_up_ref(xtmp); 838 else 839 xtmp = NULL; 840 841 sk_X509_pop_free(certs, X509_free); 842 return xtmp; 843 } 844 845 static int check_trust(X509_STORE_CTX *ctx) 846 { 847 size_t i; 848 int ok; 849 X509 *x = NULL; 850 int (*cb) (int xok, X509_STORE_CTX *xctx); 851 852 cb = ctx->verify_cb; 853 /* Check all trusted certificates in chain */ 854 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { 855 x = sk_X509_value(ctx->chain, i); 856 ok = X509_check_trust(x, ctx->param->trust, 0); 857 858 /* If explicitly trusted return trusted */ 859 if (ok == X509_TRUST_TRUSTED) 860 return X509_TRUST_TRUSTED; 861 /* 862 * If explicitly rejected notify callback and reject if not 863 * overridden. 864 */ 865 if (ok == X509_TRUST_REJECTED) { 866 ctx->error_depth = i; 867 ctx->current_cert = x; 868 ctx->error = X509_V_ERR_CERT_REJECTED; 869 ok = cb(0, ctx); 870 if (!ok) 871 return X509_TRUST_REJECTED; 872 } 873 } 874 /* 875 * If we accept partial chains and have at least one trusted certificate 876 * return success. 877 */ 878 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 879 X509 *mx; 880 if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) 881 return X509_TRUST_TRUSTED; 882 x = sk_X509_value(ctx->chain, 0); 883 mx = lookup_cert_match(ctx, x); 884 if (mx) { 885 (void)sk_X509_set(ctx->chain, 0, mx); 886 X509_free(x); 887 ctx->last_untrusted = 0; 888 return X509_TRUST_TRUSTED; 889 } 890 } 891 892 /* 893 * If no trusted certs in chain at all return untrusted and allow 894 * standard (no issuer cert) etc errors to be indicated. 895 */ 896 return X509_TRUST_UNTRUSTED; 897 } 898 899 static int 900 check_revocation(X509_STORE_CTX *ctx) 901 { 902 int i, last, ok; 903 904 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 905 return 1; 906 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 907 last = sk_X509_num(ctx->chain) - 1; 908 else { 909 /* If checking CRL paths this isn't the EE certificate */ 910 if (ctx->parent) 911 return 1; 912 last = 0; 913 } 914 for (i = 0; i <= last; i++) { 915 ctx->error_depth = i; 916 ok = check_cert(ctx); 917 if (!ok) 918 return ok; 919 } 920 return 1; 921 } 922 923 static int 924 check_cert(X509_STORE_CTX *ctx) 925 { 926 X509_CRL *crl = NULL, *dcrl = NULL; 927 X509 *x; 928 int ok = 0, cnum; 929 unsigned int last_reasons; 930 931 cnum = ctx->error_depth; 932 x = sk_X509_value(ctx->chain, cnum); 933 ctx->current_cert = x; 934 ctx->current_issuer = NULL; 935 ctx->current_crl_score = 0; 936 ctx->current_reasons = 0; 937 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 938 last_reasons = ctx->current_reasons; 939 /* Try to retrieve relevant CRL */ 940 if (ctx->get_crl) 941 ok = ctx->get_crl(ctx, &crl, x); 942 else 943 ok = get_crl_delta(ctx, &crl, &dcrl, x); 944 /* If error looking up CRL, nothing we can do except 945 * notify callback 946 */ 947 if (!ok) { 948 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 949 ok = ctx->verify_cb(0, ctx); 950 goto err; 951 } 952 ctx->current_crl = crl; 953 ok = ctx->check_crl(ctx, crl); 954 if (!ok) 955 goto err; 956 957 if (dcrl) { 958 ok = ctx->check_crl(ctx, dcrl); 959 if (!ok) 960 goto err; 961 ok = ctx->cert_crl(ctx, dcrl, x); 962 if (!ok) 963 goto err; 964 } else 965 ok = 1; 966 967 /* Don't look in full CRL if delta reason is removefromCRL */ 968 if (ok != 2) { 969 ok = ctx->cert_crl(ctx, crl, x); 970 if (!ok) 971 goto err; 972 } 973 974 ctx->current_crl = NULL; 975 X509_CRL_free(crl); 976 X509_CRL_free(dcrl); 977 crl = NULL; 978 dcrl = NULL; 979 /* If reasons not updated we wont get anywhere by 980 * another iteration, so exit loop. 981 */ 982 if (last_reasons == ctx->current_reasons) { 983 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 984 ok = ctx->verify_cb(0, ctx); 985 goto err; 986 } 987 } 988 989 err: 990 ctx->current_crl = NULL; 991 X509_CRL_free(crl); 992 X509_CRL_free(dcrl); 993 return ok; 994 } 995 996 /* Check CRL times against values in X509_STORE_CTX */ 997 998 static int 999 check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 1000 { 1001 time_t *ptime = NULL; 1002 int i; 1003 1004 if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1005 return (1); 1006 1007 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1008 ptime = &ctx->param->check_time; 1009 1010 if (notify) 1011 ctx->current_crl = crl; 1012 1013 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 1014 if (i == 0) { 1015 if (!notify) 1016 return 0; 1017 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 1018 if (!ctx->verify_cb(0, ctx)) 1019 return 0; 1020 } 1021 1022 if (i > 0) { 1023 if (!notify) 1024 return 0; 1025 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 1026 if (!ctx->verify_cb(0, ctx)) 1027 return 0; 1028 } 1029 1030 if (X509_CRL_get_nextUpdate(crl)) { 1031 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 1032 1033 if (i == 0) { 1034 if (!notify) 1035 return 0; 1036 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 1037 if (!ctx->verify_cb(0, ctx)) 1038 return 0; 1039 } 1040 /* Ignore expiry of base CRL is delta is valid */ 1041 if ((i < 0) && 1042 !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 1043 if (!notify) 1044 return 0; 1045 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 1046 if (!ctx->verify_cb(0, ctx)) 1047 return 0; 1048 } 1049 } 1050 1051 if (notify) 1052 ctx->current_crl = NULL; 1053 1054 return 1; 1055 } 1056 1057 static int 1058 get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 1059 X509 **pissuer, int *pscore, unsigned int *preasons, 1060 STACK_OF(X509_CRL) *crls) 1061 { 1062 int i, crl_score, best_score = *pscore; 1063 unsigned int reasons, best_reasons = 0; 1064 X509 *x = ctx->current_cert; 1065 X509_CRL *crl, *best_crl = NULL; 1066 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 1067 1068 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1069 crl = sk_X509_CRL_value(crls, i); 1070 reasons = *preasons; 1071 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 1072 1073 if (crl_score > best_score) { 1074 best_crl = crl; 1075 best_crl_issuer = crl_issuer; 1076 best_score = crl_score; 1077 best_reasons = reasons; 1078 } 1079 } 1080 1081 if (best_crl) { 1082 if (*pcrl) 1083 X509_CRL_free(*pcrl); 1084 *pcrl = best_crl; 1085 *pissuer = best_crl_issuer; 1086 *pscore = best_score; 1087 *preasons = best_reasons; 1088 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); 1089 if (*pdcrl) { 1090 X509_CRL_free(*pdcrl); 1091 *pdcrl = NULL; 1092 } 1093 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1094 } 1095 1096 if (best_score >= CRL_SCORE_VALID) 1097 return 1; 1098 1099 return 0; 1100 } 1101 1102 /* Compare two CRL extensions for delta checking purposes. They should be 1103 * both present or both absent. If both present all fields must be identical. 1104 */ 1105 1106 static int 1107 crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1108 { 1109 ASN1_OCTET_STRING *exta, *extb; 1110 int i; 1111 1112 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1113 if (i >= 0) { 1114 /* Can't have multiple occurrences */ 1115 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1116 return 0; 1117 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1118 } else 1119 exta = NULL; 1120 1121 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1122 1123 if (i >= 0) { 1124 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1125 return 0; 1126 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1127 } else 1128 extb = NULL; 1129 1130 if (!exta && !extb) 1131 return 1; 1132 1133 if (!exta || !extb) 1134 return 0; 1135 1136 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1137 return 0; 1138 1139 return 1; 1140 } 1141 1142 /* See if a base and delta are compatible */ 1143 1144 static int 1145 check_delta_base(X509_CRL *delta, X509_CRL *base) 1146 { 1147 /* Delta CRL must be a delta */ 1148 if (!delta->base_crl_number) 1149 return 0; 1150 /* Base must have a CRL number */ 1151 if (!base->crl_number) 1152 return 0; 1153 /* Issuer names must match */ 1154 if (X509_NAME_cmp(X509_CRL_get_issuer(base), 1155 X509_CRL_get_issuer(delta))) 1156 return 0; 1157 /* AKID and IDP must match */ 1158 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1159 return 0; 1160 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1161 return 0; 1162 /* Delta CRL base number must not exceed Full CRL number. */ 1163 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1164 return 0; 1165 /* Delta CRL number must exceed full CRL number */ 1166 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1167 return 1; 1168 return 0; 1169 } 1170 1171 /* For a given base CRL find a delta... maybe extend to delta scoring 1172 * or retrieve a chain of deltas... 1173 */ 1174 1175 static void 1176 get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base, 1177 STACK_OF(X509_CRL) *crls) 1178 { 1179 X509_CRL *delta; 1180 int i; 1181 1182 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1183 return; 1184 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1185 return; 1186 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1187 delta = sk_X509_CRL_value(crls, i); 1188 if (check_delta_base(delta, base)) { 1189 if (check_crl_time(ctx, delta, 0)) 1190 *pscore |= CRL_SCORE_TIME_DELTA; 1191 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); 1192 *dcrl = delta; 1193 return; 1194 } 1195 } 1196 *dcrl = NULL; 1197 } 1198 1199 /* For a given CRL return how suitable it is for the supplied certificate 'x'. 1200 * The return value is a mask of several criteria. 1201 * If the issuer is not the certificate issuer this is returned in *pissuer. 1202 * The reasons mask is also used to determine if the CRL is suitable: if 1203 * no new reasons the CRL is rejected, otherwise reasons is updated. 1204 */ 1205 1206 static int 1207 get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, 1208 X509_CRL *crl, X509 *x) 1209 { 1210 int crl_score = 0; 1211 unsigned int tmp_reasons = *preasons, crl_reasons; 1212 1213 /* First see if we can reject CRL straight away */ 1214 1215 /* Invalid IDP cannot be processed */ 1216 if (crl->idp_flags & IDP_INVALID) 1217 return 0; 1218 /* Reason codes or indirect CRLs need extended CRL support */ 1219 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1220 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1221 return 0; 1222 } else if (crl->idp_flags & IDP_REASONS) { 1223 /* If no new reasons reject */ 1224 if (!(crl->idp_reasons & ~tmp_reasons)) 1225 return 0; 1226 } 1227 /* Don't process deltas at this stage */ 1228 else if (crl->base_crl_number) 1229 return 0; 1230 /* If issuer name doesn't match certificate need indirect CRL */ 1231 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1232 if (!(crl->idp_flags & IDP_INDIRECT)) 1233 return 0; 1234 } else 1235 crl_score |= CRL_SCORE_ISSUER_NAME; 1236 1237 if (!(crl->flags & EXFLAG_CRITICAL)) 1238 crl_score |= CRL_SCORE_NOCRITICAL; 1239 1240 /* Check expiry */ 1241 if (check_crl_time(ctx, crl, 0)) 1242 crl_score |= CRL_SCORE_TIME; 1243 1244 /* Check authority key ID and locate certificate issuer */ 1245 crl_akid_check(ctx, crl, pissuer, &crl_score); 1246 1247 /* If we can't locate certificate issuer at this point forget it */ 1248 1249 if (!(crl_score & CRL_SCORE_AKID)) 1250 return 0; 1251 1252 /* Check cert for matching CRL distribution points */ 1253 1254 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1255 /* If no new reasons reject */ 1256 if (!(crl_reasons & ~tmp_reasons)) 1257 return 0; 1258 tmp_reasons |= crl_reasons; 1259 crl_score |= CRL_SCORE_SCOPE; 1260 } 1261 1262 *preasons = tmp_reasons; 1263 1264 return crl_score; 1265 } 1266 1267 static void 1268 crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 1269 int *pcrl_score) 1270 { 1271 X509 *crl_issuer = NULL; 1272 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1273 int cidx = ctx->error_depth; 1274 int i; 1275 1276 if (cidx != sk_X509_num(ctx->chain) - 1) 1277 cidx++; 1278 1279 crl_issuer = sk_X509_value(ctx->chain, cidx); 1280 1281 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1282 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1283 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; 1284 *pissuer = crl_issuer; 1285 return; 1286 } 1287 } 1288 1289 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { 1290 crl_issuer = sk_X509_value(ctx->chain, cidx); 1291 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1292 continue; 1293 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1294 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; 1295 *pissuer = crl_issuer; 1296 return; 1297 } 1298 } 1299 1300 /* Anything else needs extended CRL support */ 1301 1302 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1303 return; 1304 1305 /* Otherwise the CRL issuer is not on the path. Look for it in the 1306 * set of untrusted certificates. 1307 */ 1308 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1309 crl_issuer = sk_X509_value(ctx->untrusted, i); 1310 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1311 continue; 1312 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1313 *pissuer = crl_issuer; 1314 *pcrl_score |= CRL_SCORE_AKID; 1315 return; 1316 } 1317 } 1318 } 1319 1320 /* Check the path of a CRL issuer certificate. This creates a new 1321 * X509_STORE_CTX and populates it with most of the parameters from the 1322 * parent. This could be optimised somewhat since a lot of path checking 1323 * will be duplicated by the parent, but this will rarely be used in 1324 * practice. 1325 */ 1326 1327 static int 1328 check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1329 { 1330 X509_STORE_CTX crl_ctx; 1331 int ret; 1332 1333 /* Don't allow recursive CRL path validation */ 1334 if (ctx->parent) 1335 return 0; 1336 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) { 1337 ret = -1; 1338 goto err; 1339 } 1340 1341 crl_ctx.crls = ctx->crls; 1342 /* Copy verify params across */ 1343 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1344 1345 crl_ctx.parent = ctx; 1346 crl_ctx.verify_cb = ctx->verify_cb; 1347 1348 /* Verify CRL issuer */ 1349 ret = X509_verify_cert(&crl_ctx); 1350 1351 if (ret <= 0) 1352 goto err; 1353 1354 /* Check chain is acceptable */ 1355 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1356 1357 err: 1358 X509_STORE_CTX_cleanup(&crl_ctx); 1359 return ret; 1360 } 1361 1362 /* RFC3280 says nothing about the relationship between CRL path 1363 * and certificate path, which could lead to situations where a 1364 * certificate could be revoked or validated by a CA not authorised 1365 * to do so. RFC5280 is more strict and states that the two paths must 1366 * end in the same trust anchor, though some discussions remain... 1367 * until this is resolved we use the RFC5280 version 1368 */ 1369 1370 static int 1371 check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 1372 STACK_OF(X509) *crl_path) 1373 { 1374 X509 *cert_ta, *crl_ta; 1375 1376 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1377 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1378 if (!X509_cmp(cert_ta, crl_ta)) 1379 return 1; 1380 return 0; 1381 } 1382 1383 /* Check for match between two dist point names: three separate cases. 1384 * 1. Both are relative names and compare X509_NAME types. 1385 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1386 * 3. Both are full names and compare two GENERAL_NAMES. 1387 * 4. One is NULL: automatic match. 1388 */ 1389 1390 static int 1391 idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1392 { 1393 X509_NAME *nm = NULL; 1394 GENERAL_NAMES *gens = NULL; 1395 GENERAL_NAME *gena, *genb; 1396 int i, j; 1397 1398 if (!a || !b) 1399 return 1; 1400 if (a->type == 1) { 1401 if (!a->dpname) 1402 return 0; 1403 /* Case 1: two X509_NAME */ 1404 if (b->type == 1) { 1405 if (!b->dpname) 1406 return 0; 1407 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1408 return 1; 1409 else 1410 return 0; 1411 } 1412 /* Case 2: set name and GENERAL_NAMES appropriately */ 1413 nm = a->dpname; 1414 gens = b->name.fullname; 1415 } else if (b->type == 1) { 1416 if (!b->dpname) 1417 return 0; 1418 /* Case 2: set name and GENERAL_NAMES appropriately */ 1419 gens = a->name.fullname; 1420 nm = b->dpname; 1421 } 1422 1423 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1424 if (nm) { 1425 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1426 gena = sk_GENERAL_NAME_value(gens, i); 1427 if (gena->type != GEN_DIRNAME) 1428 continue; 1429 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1430 return 1; 1431 } 1432 return 0; 1433 } 1434 1435 /* Else case 3: two GENERAL_NAMES */ 1436 1437 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1438 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1439 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1440 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1441 if (!GENERAL_NAME_cmp(gena, genb)) 1442 return 1; 1443 } 1444 } 1445 1446 return 0; 1447 } 1448 1449 static int 1450 crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1451 { 1452 int i; 1453 X509_NAME *nm = X509_CRL_get_issuer(crl); 1454 1455 /* If no CRLissuer return is successful iff don't need a match */ 1456 if (!dp->CRLissuer) 1457 return !!(crl_score & CRL_SCORE_ISSUER_NAME); 1458 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1459 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1460 if (gen->type != GEN_DIRNAME) 1461 continue; 1462 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1463 return 1; 1464 } 1465 return 0; 1466 } 1467 1468 /* Check CRLDP and IDP */ 1469 1470 static int 1471 crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons) 1472 { 1473 int i; 1474 1475 if (crl->idp_flags & IDP_ONLYATTR) 1476 return 0; 1477 if (x->ex_flags & EXFLAG_CA) { 1478 if (crl->idp_flags & IDP_ONLYUSER) 1479 return 0; 1480 } else { 1481 if (crl->idp_flags & IDP_ONLYCA) 1482 return 0; 1483 } 1484 *preasons = crl->idp_reasons; 1485 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1486 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1487 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1488 if (!crl->idp || 1489 idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1490 *preasons &= dp->dp_reasons; 1491 return 1; 1492 } 1493 } 1494 } 1495 if ((!crl->idp || !crl->idp->distpoint) && 1496 (crl_score & CRL_SCORE_ISSUER_NAME)) 1497 return 1; 1498 return 0; 1499 } 1500 1501 /* Retrieve CRL corresponding to current certificate. 1502 * If deltas enabled try to find a delta CRL too 1503 */ 1504 1505 static int 1506 get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1507 { 1508 int ok; 1509 X509 *issuer = NULL; 1510 int crl_score = 0; 1511 unsigned int reasons; 1512 X509_CRL *crl = NULL, *dcrl = NULL; 1513 STACK_OF(X509_CRL) *skcrl; 1514 X509_NAME *nm = X509_get_issuer_name(x); 1515 1516 reasons = ctx->current_reasons; 1517 ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, 1518 ctx->crls); 1519 if (ok) 1520 goto done; 1521 1522 /* Lookup CRLs from store */ 1523 skcrl = ctx->lookup_crls(ctx, nm); 1524 1525 /* If no CRLs found and a near match from get_crl_sk use that */ 1526 if (!skcrl && crl) 1527 goto done; 1528 1529 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1530 1531 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1532 1533 done: 1534 1535 /* If we got any kind of CRL use it and return success */ 1536 if (crl) { 1537 ctx->current_issuer = issuer; 1538 ctx->current_crl_score = crl_score; 1539 ctx->current_reasons = reasons; 1540 *pcrl = crl; 1541 *pdcrl = dcrl; 1542 return 1; 1543 } 1544 1545 return 0; 1546 } 1547 1548 /* Check CRL validity */ 1549 static int 1550 check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1551 { 1552 X509 *issuer = NULL; 1553 EVP_PKEY *ikey = NULL; 1554 int ok = 0, chnum, cnum; 1555 1556 cnum = ctx->error_depth; 1557 chnum = sk_X509_num(ctx->chain) - 1; 1558 /* if we have an alternative CRL issuer cert use that */ 1559 if (ctx->current_issuer) { 1560 issuer = ctx->current_issuer; 1561 } else if (cnum < chnum) { 1562 /* Else find CRL issuer: if not last certificate then issuer 1563 * is next certificate in chain. 1564 */ 1565 issuer = sk_X509_value(ctx->chain, cnum + 1); 1566 } else { 1567 issuer = sk_X509_value(ctx->chain, chnum); 1568 /* If not self signed, can't check signature */ 1569 if (!ctx->check_issued(ctx, issuer, issuer)) { 1570 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1571 ok = ctx->verify_cb(0, ctx); 1572 if (!ok) 1573 goto err; 1574 } 1575 } 1576 1577 if (issuer) { 1578 /* Skip most tests for deltas because they have already 1579 * been done 1580 */ 1581 if (!crl->base_crl_number) { 1582 /* Check for cRLSign bit if keyUsage present */ 1583 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1584 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1585 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1586 ok = ctx->verify_cb(0, ctx); 1587 if (!ok) 1588 goto err; 1589 } 1590 1591 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1592 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1593 ok = ctx->verify_cb(0, ctx); 1594 if (!ok) 1595 goto err; 1596 } 1597 1598 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1599 if (check_crl_path(ctx, 1600 ctx->current_issuer) <= 0) { 1601 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1602 ok = ctx->verify_cb(0, ctx); 1603 if (!ok) 1604 goto err; 1605 } 1606 } 1607 1608 if (crl->idp_flags & IDP_INVALID) { 1609 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1610 ok = ctx->verify_cb(0, ctx); 1611 if (!ok) 1612 goto err; 1613 } 1614 1615 1616 } 1617 1618 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1619 ok = check_crl_time(ctx, crl, 1); 1620 if (!ok) 1621 goto err; 1622 } 1623 1624 /* Attempt to get issuer certificate public key */ 1625 ikey = X509_get_pubkey(issuer); 1626 1627 if (!ikey) { 1628 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1629 ok = ctx->verify_cb(0, ctx); 1630 if (!ok) 1631 goto err; 1632 } else { 1633 /* Verify CRL signature */ 1634 if (X509_CRL_verify(crl, ikey) <= 0) { 1635 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1636 ok = ctx->verify_cb(0, ctx); 1637 if (!ok) 1638 goto err; 1639 } 1640 } 1641 } 1642 1643 ok = 1; 1644 1645 err: 1646 EVP_PKEY_free(ikey); 1647 return ok; 1648 } 1649 1650 /* Check certificate against CRL */ 1651 static int 1652 cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1653 { 1654 int ok; 1655 X509_REVOKED *rev; 1656 1657 /* The rules changed for this... previously if a CRL contained 1658 * unhandled critical extensions it could still be used to indicate 1659 * a certificate was revoked. This has since been changed since 1660 * critical extension can change the meaning of CRL entries. 1661 */ 1662 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 1663 (crl->flags & EXFLAG_CRITICAL)) { 1664 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1665 ok = ctx->verify_cb(0, ctx); 1666 if (!ok) 1667 return 0; 1668 } 1669 /* Look for serial number of certificate in CRL 1670 * If found make sure reason is not removeFromCRL. 1671 */ 1672 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1673 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1674 return 2; 1675 ctx->error = X509_V_ERR_CERT_REVOKED; 1676 ok = ctx->verify_cb(0, ctx); 1677 if (!ok) 1678 return 0; 1679 } 1680 1681 return 1; 1682 } 1683 1684 static int 1685 check_policy(X509_STORE_CTX *ctx) 1686 { 1687 int ret; 1688 1689 if (ctx->parent) 1690 return 1; 1691 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1692 ctx->param->policies, ctx->param->flags); 1693 if (ret == 0) { 1694 X509error(ERR_R_MALLOC_FAILURE); 1695 return 0; 1696 } 1697 /* Invalid or inconsistent extensions */ 1698 if (ret == -1) { 1699 /* Locate certificates with bad extensions and notify 1700 * callback. 1701 */ 1702 X509 *x; 1703 int i; 1704 for (i = 1; i < sk_X509_num(ctx->chain); i++) { 1705 x = sk_X509_value(ctx->chain, i); 1706 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1707 continue; 1708 ctx->current_cert = x; 1709 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1710 if (!ctx->verify_cb(0, ctx)) 1711 return 0; 1712 } 1713 return 1; 1714 } 1715 if (ret == -2) { 1716 ctx->current_cert = NULL; 1717 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1718 return ctx->verify_cb(0, ctx); 1719 } 1720 1721 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1722 ctx->current_cert = NULL; 1723 ctx->error = X509_V_OK; 1724 if (!ctx->verify_cb(2, ctx)) 1725 return 0; 1726 } 1727 1728 return 1; 1729 } 1730 1731 /* 1732 * Inform the verify callback of an error. 1733 * 1734 * If x is not NULL it is the error cert, otherwise use the chain cert 1735 * at depth. 1736 * 1737 * If err is not X509_V_OK, that's the error value, otherwise leave 1738 * unchanged (presumably set by the caller). 1739 * 1740 * Returns 0 to abort verification with an error, non-zero to continue. 1741 */ 1742 static int 1743 verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) 1744 { 1745 ctx->error_depth = depth; 1746 ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); 1747 if (err != X509_V_OK) 1748 ctx->error = err; 1749 return ctx->verify_cb(0, ctx); 1750 } 1751 1752 /* 1753 * Check certificate validity times. 1754 * 1755 * If depth >= 0, invoke verification callbacks on error, otherwise just return 1756 * the validation status. 1757 * 1758 * Return 1 on success, 0 otherwise. 1759 */ 1760 int 1761 x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) 1762 { 1763 time_t *ptime; 1764 int i; 1765 1766 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1767 ptime = &ctx->param->check_time; 1768 else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1769 return 1; 1770 else 1771 ptime = NULL; 1772 1773 i = X509_cmp_time(X509_get_notBefore(x), ptime); 1774 if (i >= 0 && depth < 0) 1775 return 0; 1776 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1777 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) 1778 return 0; 1779 if (i > 0 && !verify_cb_cert(ctx, x, depth, 1780 X509_V_ERR_CERT_NOT_YET_VALID)) 1781 return 0; 1782 1783 i = X509_cmp_time_internal(X509_get_notAfter(x), ptime, 1); 1784 if (i <= 0 && depth < 0) 1785 return 0; 1786 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1787 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) 1788 return 0; 1789 if (i < 0 && !verify_cb_cert(ctx, x, depth, 1790 X509_V_ERR_CERT_HAS_EXPIRED)) 1791 return 0; 1792 return 1; 1793 } 1794 1795 static int 1796 internal_verify(X509_STORE_CTX *ctx) 1797 { 1798 int n = sk_X509_num(ctx->chain) - 1; 1799 X509 *xi = sk_X509_value(ctx->chain, n); 1800 X509 *xs; 1801 1802 if (ctx->check_issued(ctx, xi, xi)) 1803 xs = xi; 1804 else { 1805 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1806 xs = xi; 1807 goto check_cert; 1808 } 1809 if (n <= 0) 1810 return verify_cb_cert(ctx, xi, 0, 1811 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); 1812 n--; 1813 ctx->error_depth = n; 1814 xs = sk_X509_value(ctx->chain, n); 1815 } 1816 1817 /* 1818 * Do not clear ctx->error=0, it must be "sticky", only the 1819 * user's callback is allowed to reset errors (at its own 1820 * peril). 1821 */ 1822 while (n >= 0) { 1823 1824 /* 1825 * Skip signature check for self signed certificates 1826 * unless explicitly asked for. It doesn't add any 1827 * security and just wastes time. If the issuer's 1828 * public key is unusable, report the issuer 1829 * certificate and its depth (rather than the depth of 1830 * the subject). 1831 */ 1832 if (xs != xi || (ctx->param->flags & 1833 X509_V_FLAG_CHECK_SS_SIGNATURE)) { 1834 EVP_PKEY *pkey; 1835 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1836 if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, 1837 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) 1838 return 0; 1839 } else if (X509_verify(xs, pkey) <= 0) { 1840 if (!verify_cb_cert(ctx, xs, n, 1841 X509_V_ERR_CERT_SIGNATURE_FAILURE)) { 1842 EVP_PKEY_free(pkey); 1843 return 0; 1844 } 1845 } 1846 EVP_PKEY_free(pkey); 1847 } 1848 check_cert: 1849 /* Calls verify callback as needed */ 1850 if (!x509_check_cert_time(ctx, xs, n)) 1851 return 0; 1852 1853 /* 1854 * Signal success at this depth. However, the 1855 * previous error (if any) is retained. 1856 */ 1857 ctx->current_issuer = xi; 1858 ctx->current_cert = xs; 1859 ctx->error_depth = n; 1860 if (!ctx->verify_cb(1, ctx)) 1861 return 0; 1862 1863 if (--n >= 0) { 1864 xi = xs; 1865 xs = sk_X509_value(ctx->chain, n); 1866 } 1867 } 1868 return 1; 1869 } 1870 1871 int 1872 X509_cmp_current_time(const ASN1_TIME *ctm) 1873 { 1874 return X509_cmp_time(ctm, NULL); 1875 } 1876 1877 /* 1878 * Compare a possibly unvalidated ASN1_TIME string against a time_t 1879 * using RFC 5280 rules for the time string. If *cmp_time is NULL 1880 * the current system time is used. 1881 * 1882 * XXX NOTE that unlike what you expect a "cmp" function to do in C, 1883 * XXX this one is "special", and returns 0 for error. 1884 * 1885 * Returns: 1886 * -1 if the ASN1_time is earlier than OR the same as *cmp_time. 1887 * 1 if the ASN1_time is later than *cmp_time. 1888 * 0 on error. 1889 */ 1890 static int 1891 X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter) 1892 { 1893 time_t time1, time2; 1894 struct tm tm1, tm2; 1895 int ret = 0; 1896 int type; 1897 1898 if (cmp_time == NULL) 1899 time2 = time(NULL); 1900 else 1901 time2 = *cmp_time; 1902 1903 memset(&tm1, 0, sizeof(tm1)); 1904 1905 type = ASN1_time_parse(ctm->data, ctm->length, &tm1, ctm->type); 1906 if (type == -1) 1907 goto out; /* invalid time */ 1908 1909 /* RFC 5280 section 4.1.2.5 */ 1910 if (tm1.tm_year < 150 && type != V_ASN1_UTCTIME) 1911 goto out; 1912 if (tm1.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) 1913 goto out; 1914 1915 if (clamp_notafter) { 1916 /* Allow for completely broken operating systems. */ 1917 if (!ASN1_time_tm_clamp_notafter(&tm1)) 1918 goto out; 1919 } 1920 1921 /* 1922 * Defensively fail if the time string is not representable as 1923 * a time_t. A time_t must be sane if you care about times after 1924 * Jan 19 2038. 1925 */ 1926 if ((time1 = timegm(&tm1)) == -1) 1927 goto out; 1928 1929 if (gmtime_r(&time2, &tm2) == NULL) 1930 goto out; 1931 1932 ret = ASN1_time_tm_cmp(&tm1, &tm2); 1933 if (ret == 0) 1934 ret = -1; /* 0 is used for error, so map same to less than */ 1935 out: 1936 return (ret); 1937 } 1938 1939 int 1940 X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 1941 { 1942 return X509_cmp_time_internal(ctm, cmp_time, 0); 1943 } 1944 1945 1946 ASN1_TIME * 1947 X509_gmtime_adj(ASN1_TIME *s, long adj) 1948 { 1949 return X509_time_adj(s, adj, NULL); 1950 } 1951 1952 ASN1_TIME * 1953 X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time) 1954 { 1955 return X509_time_adj_ex(s, 0, offset_sec, in_time); 1956 } 1957 1958 ASN1_TIME * 1959 X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time) 1960 { 1961 time_t t; 1962 if (in_time == NULL) 1963 t = time(NULL); 1964 else 1965 t = *in_time; 1966 1967 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 1968 } 1969 1970 int 1971 X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) 1972 { 1973 EVP_PKEY *ktmp = NULL, *ktmp2; 1974 int i, j; 1975 1976 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) 1977 return 1; 1978 1979 for (i = 0; i < sk_X509_num(chain); i++) { 1980 ktmp = X509_get_pubkey(sk_X509_value(chain, i)); 1981 if (ktmp == NULL) { 1982 X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 1983 return 0; 1984 } 1985 if (!EVP_PKEY_missing_parameters(ktmp)) 1986 break; 1987 else { 1988 EVP_PKEY_free(ktmp); 1989 ktmp = NULL; 1990 } 1991 } 1992 if (ktmp == NULL) { 1993 X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 1994 return 0; 1995 } 1996 1997 /* first, populate the other certs */ 1998 for (j = i - 1; j >= 0; j--) { 1999 ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); 2000 EVP_PKEY_copy_parameters(ktmp2, ktmp); 2001 EVP_PKEY_free(ktmp2); 2002 } 2003 2004 if (pkey != NULL) 2005 EVP_PKEY_copy_parameters(pkey, ktmp); 2006 EVP_PKEY_free(ktmp); 2007 return 1; 2008 } 2009 2010 int 2011 X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2012 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 2013 { 2014 /* This function is (usually) called only once, by 2015 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ 2016 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, 2017 argl, argp, new_func, dup_func, free_func); 2018 } 2019 2020 int 2021 X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2022 { 2023 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2024 } 2025 2026 void * 2027 X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2028 { 2029 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2030 } 2031 2032 int 2033 X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2034 { 2035 return ctx->error; 2036 } 2037 2038 void 2039 X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2040 { 2041 ctx->error = err; 2042 } 2043 2044 int 2045 X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2046 { 2047 return ctx->error_depth; 2048 } 2049 2050 X509 * 2051 X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2052 { 2053 return ctx->current_cert; 2054 } 2055 2056 STACK_OF(X509) * 2057 X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2058 { 2059 return ctx->chain; 2060 } 2061 2062 STACK_OF(X509) * 2063 X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs) 2064 { 2065 return xs->chain; 2066 } 2067 2068 STACK_OF(X509) * 2069 X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2070 { 2071 int i; 2072 X509 *x; 2073 STACK_OF(X509) *chain; 2074 2075 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) 2076 return NULL; 2077 for (i = 0; i < sk_X509_num(chain); i++) { 2078 x = sk_X509_value(chain, i); 2079 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 2080 } 2081 return chain; 2082 } 2083 2084 X509 * 2085 X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2086 { 2087 return ctx->current_issuer; 2088 } 2089 2090 X509_CRL * 2091 X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2092 { 2093 return ctx->current_crl; 2094 } 2095 2096 X509_STORE_CTX * 2097 X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2098 { 2099 return ctx->parent; 2100 } 2101 2102 X509_STORE * 2103 X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) 2104 { 2105 return xs->ctx; 2106 } 2107 2108 void 2109 X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2110 { 2111 ctx->cert = x; 2112 } 2113 2114 void 2115 X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2116 { 2117 ctx->untrusted = sk; 2118 } 2119 2120 void 2121 X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2122 { 2123 ctx->crls = sk; 2124 } 2125 2126 int 2127 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2128 { 2129 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2130 } 2131 2132 int 2133 X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2134 { 2135 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2136 } 2137 2138 /* This function is used to set the X509_STORE_CTX purpose and trust 2139 * values. This is intended to be used when another structure has its 2140 * own trust and purpose values which (if set) will be inherited by 2141 * the ctx. If they aren't set then we will usually have a default 2142 * purpose in mind which should then be used to set the trust value. 2143 * An example of this is SSL use: an SSL structure will have its own 2144 * purpose and trust settings which the application can set: if they 2145 * aren't set then we use the default of SSL client/server. 2146 */ 2147 2148 int 2149 X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2150 int purpose, int trust) 2151 { 2152 int idx; 2153 2154 /* If purpose not set use default */ 2155 if (!purpose) 2156 purpose = def_purpose; 2157 /* If we have a purpose then check it is valid */ 2158 if (purpose) { 2159 X509_PURPOSE *ptmp; 2160 idx = X509_PURPOSE_get_by_id(purpose); 2161 if (idx == -1) { 2162 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2163 return 0; 2164 } 2165 ptmp = X509_PURPOSE_get0(idx); 2166 if (ptmp->trust == X509_TRUST_DEFAULT) { 2167 idx = X509_PURPOSE_get_by_id(def_purpose); 2168 if (idx == -1) { 2169 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2170 return 0; 2171 } 2172 ptmp = X509_PURPOSE_get0(idx); 2173 } 2174 /* If trust not set then get from purpose default */ 2175 if (!trust) 2176 trust = ptmp->trust; 2177 } 2178 if (trust) { 2179 idx = X509_TRUST_get_by_id(trust); 2180 if (idx == -1) { 2181 X509error(X509_R_UNKNOWN_TRUST_ID); 2182 return 0; 2183 } 2184 } 2185 2186 if (purpose && !ctx->param->purpose) 2187 ctx->param->purpose = purpose; 2188 if (trust && !ctx->param->trust) 2189 ctx->param->trust = trust; 2190 return 1; 2191 } 2192 2193 X509_STORE_CTX * 2194 X509_STORE_CTX_new(void) 2195 { 2196 X509_STORE_CTX *ctx; 2197 2198 ctx = calloc(1, sizeof(X509_STORE_CTX)); 2199 if (!ctx) { 2200 X509error(ERR_R_MALLOC_FAILURE); 2201 return NULL; 2202 } 2203 return ctx; 2204 } 2205 2206 void 2207 X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2208 { 2209 if (ctx == NULL) 2210 return; 2211 2212 X509_STORE_CTX_cleanup(ctx); 2213 free(ctx); 2214 } 2215 2216 int 2217 X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2218 STACK_OF(X509) *chain) 2219 { 2220 int param_ret = 1; 2221 2222 /* 2223 * Make sure everything is initialized properly even in case of an 2224 * early return due to an error. 2225 * 2226 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have 2227 * freed everything and memset ex_data anyway. This also allows us 2228 * to safely use X509_STORE_CTX variables from the stack which will 2229 * have uninitialized data. 2230 */ 2231 memset(ctx, 0, sizeof(*ctx)); 2232 2233 /* 2234 * Start with this set to not valid - it will be set to valid 2235 * in X509_verify_cert. 2236 */ 2237 ctx->error = X509_V_ERR_INVALID_CALL; 2238 2239 /* 2240 * Set values other than 0. Keep this in the same order as 2241 * X509_STORE_CTX except for values that may fail. All fields that 2242 * may fail should go last to make sure 'ctx' is as consistent as 2243 * possible even on early exits. 2244 */ 2245 ctx->ctx = store; 2246 ctx->cert = x509; 2247 ctx->untrusted = chain; 2248 2249 if (store && store->verify) 2250 ctx->verify = store->verify; 2251 else 2252 ctx->verify = internal_verify; 2253 2254 if (store && store->verify_cb) 2255 ctx->verify_cb = store->verify_cb; 2256 else 2257 ctx->verify_cb = null_callback; 2258 2259 if (store && store->get_issuer) 2260 ctx->get_issuer = store->get_issuer; 2261 else 2262 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2263 2264 if (store && store->check_issued) 2265 ctx->check_issued = store->check_issued; 2266 else 2267 ctx->check_issued = check_issued; 2268 2269 if (store && store->check_revocation) 2270 ctx->check_revocation = store->check_revocation; 2271 else 2272 ctx->check_revocation = check_revocation; 2273 2274 if (store && store->get_crl) 2275 ctx->get_crl = store->get_crl; 2276 else 2277 ctx->get_crl = NULL; 2278 2279 if (store && store->check_crl) 2280 ctx->check_crl = store->check_crl; 2281 else 2282 ctx->check_crl = check_crl; 2283 2284 if (store && store->cert_crl) 2285 ctx->cert_crl = store->cert_crl; 2286 else 2287 ctx->cert_crl = cert_crl; 2288 2289 ctx->check_policy = check_policy; 2290 2291 if (store && store->lookup_certs) 2292 ctx->lookup_certs = store->lookup_certs; 2293 else 2294 ctx->lookup_certs = X509_STORE_get1_certs; 2295 2296 if (store && store->lookup_crls) 2297 ctx->lookup_crls = store->lookup_crls; 2298 else 2299 ctx->lookup_crls = X509_STORE_get1_crls; 2300 2301 if (store && store->cleanup) 2302 ctx->cleanup = store->cleanup; 2303 else 2304 ctx->cleanup = NULL; 2305 2306 ctx->param = X509_VERIFY_PARAM_new(); 2307 if (!ctx->param) { 2308 X509error(ERR_R_MALLOC_FAILURE); 2309 return 0; 2310 } 2311 2312 /* Inherit callbacks and flags from X509_STORE if not set 2313 * use defaults. 2314 */ 2315 if (store) 2316 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2317 else 2318 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; 2319 2320 if (param_ret) 2321 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, 2322 X509_VERIFY_PARAM_lookup("default")); 2323 2324 if (param_ret == 0) { 2325 X509error(ERR_R_MALLOC_FAILURE); 2326 return 0; 2327 } 2328 2329 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2330 &(ctx->ex_data)) == 0) { 2331 X509error(ERR_R_MALLOC_FAILURE); 2332 return 0; 2333 } 2334 return 1; 2335 } 2336 2337 /* Set alternative lookup method: just a STACK of trusted certificates. 2338 * This avoids X509_STORE nastiness where it isn't needed. 2339 */ 2340 2341 void 2342 X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2343 { 2344 ctx->other_ctx = sk; 2345 ctx->get_issuer = get_issuer_sk; 2346 } 2347 2348 void 2349 X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2350 { 2351 X509_STORE_CTX_trusted_stack(ctx, sk); 2352 } 2353 2354 void 2355 X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2356 { 2357 if (ctx->cleanup) 2358 ctx->cleanup(ctx); 2359 if (ctx->param != NULL) { 2360 if (ctx->parent == NULL) 2361 X509_VERIFY_PARAM_free(ctx->param); 2362 ctx->param = NULL; 2363 } 2364 if (ctx->tree != NULL) { 2365 X509_policy_tree_free(ctx->tree); 2366 ctx->tree = NULL; 2367 } 2368 if (ctx->chain != NULL) { 2369 sk_X509_pop_free(ctx->chain, X509_free); 2370 ctx->chain = NULL; 2371 } 2372 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, 2373 ctx, &(ctx->ex_data)); 2374 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2375 } 2376 2377 void 2378 X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2379 { 2380 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2381 } 2382 2383 void 2384 X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2385 { 2386 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2387 } 2388 2389 void 2390 X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) 2391 { 2392 X509_VERIFY_PARAM_set_time(ctx->param, t); 2393 } 2394 2395 void 2396 X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2397 int (*verify_cb)(int, X509_STORE_CTX *)) 2398 { 2399 ctx->verify_cb = verify_cb; 2400 } 2401 2402 X509 * 2403 X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) 2404 { 2405 return ctx->cert; 2406 } 2407 2408 STACK_OF(X509) * 2409 X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) 2410 { 2411 return ctx->untrusted; 2412 } 2413 2414 void 2415 X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2416 { 2417 ctx->untrusted = sk; 2418 } 2419 2420 X509_POLICY_TREE * 2421 X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2422 { 2423 return ctx->tree; 2424 } 2425 2426 int 2427 X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2428 { 2429 return ctx->explicit_policy; 2430 } 2431 2432 int 2433 X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2434 { 2435 const X509_VERIFY_PARAM *param; 2436 param = X509_VERIFY_PARAM_lookup(name); 2437 if (!param) 2438 return 0; 2439 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2440 } 2441 2442 X509_VERIFY_PARAM * 2443 X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2444 { 2445 return ctx->param; 2446 } 2447 2448 void 2449 X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2450 { 2451 if (ctx->param) 2452 X509_VERIFY_PARAM_free(ctx->param); 2453 ctx->param = param; 2454 } 2455