1 /* crypto/x509/x509_vfy.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include <time.h> 61 #include <errno.h> 62 63 #include "cryptlib.h" 64 #include <openssl/crypto.h> 65 #include <openssl/lhash.h> 66 #include <openssl/buffer.h> 67 #include <openssl/evp.h> 68 #include <openssl/asn1.h> 69 #include <openssl/x509.h> 70 #include <openssl/x509v3.h> 71 #include <openssl/objects.h> 72 #include "vpm_int.h" 73 74 /* CRL score values */ 75 76 /* No unhandled critical extensions */ 77 78 #define CRL_SCORE_NOCRITICAL 0x100 79 80 /* certificate is within CRL scope */ 81 82 #define CRL_SCORE_SCOPE 0x080 83 84 /* CRL times valid */ 85 86 #define CRL_SCORE_TIME 0x040 87 88 /* Issuer name matches certificate */ 89 90 #define CRL_SCORE_ISSUER_NAME 0x020 91 92 /* If this score or above CRL is probably valid */ 93 94 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 95 96 /* CRL issuer is certificate issuer */ 97 98 #define CRL_SCORE_ISSUER_CERT 0x018 99 100 /* CRL issuer is on certificate path */ 101 102 #define CRL_SCORE_SAME_PATH 0x008 103 104 /* CRL issuer matches CRL AKID */ 105 106 #define CRL_SCORE_AKID 0x004 107 108 /* Have a delta CRL with valid times */ 109 110 #define CRL_SCORE_TIME_DELTA 0x002 111 112 static int null_callback(int ok, X509_STORE_CTX *e); 113 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 114 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); 115 static int check_chain_extensions(X509_STORE_CTX *ctx); 116 static int check_name_constraints(X509_STORE_CTX *ctx); 117 static int check_id(X509_STORE_CTX *ctx); 118 static int check_trust(X509_STORE_CTX *ctx); 119 static int check_revocation(X509_STORE_CTX *ctx); 120 static int check_cert(X509_STORE_CTX *ctx); 121 static int check_policy(X509_STORE_CTX *ctx); 122 123 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 124 unsigned int *preasons, X509_CRL *crl, X509 *x); 125 static int get_crl_delta(X509_STORE_CTX *ctx, 126 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 127 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, 128 int *pcrl_score, X509_CRL *base, 129 STACK_OF(X509_CRL) *crls); 130 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 131 int *pcrl_score); 132 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 133 unsigned int *preasons); 134 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 135 static int check_crl_chain(X509_STORE_CTX *ctx, 136 STACK_OF(X509) *cert_path, 137 STACK_OF(X509) *crl_path); 138 139 static int internal_verify(X509_STORE_CTX *ctx); 140 const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT; 141 142 static int null_callback(int ok, X509_STORE_CTX *e) 143 { 144 return ok; 145 } 146 147 #if 0 148 static int x509_subject_cmp(X509 **a, X509 **b) 149 { 150 return X509_subject_name_cmp(*a, *b); 151 } 152 #endif 153 /* Return 1 is a certificate is self signed */ 154 static int cert_self_signed(X509 *x) 155 { 156 X509_check_purpose(x, -1, 0); 157 if (x->ex_flags & EXFLAG_SS) 158 return 1; 159 else 160 return 0; 161 } 162 163 /* Given a certificate try and find an exact match in the store */ 164 165 static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 166 { 167 STACK_OF(X509) *certs; 168 X509 *xtmp = NULL; 169 int i; 170 /* Lookup all certs with matching subject name */ 171 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 172 if (certs == NULL) 173 return NULL; 174 /* Look for exact match */ 175 for (i = 0; i < sk_X509_num(certs); i++) { 176 xtmp = sk_X509_value(certs, i); 177 if (!X509_cmp(xtmp, x)) 178 break; 179 } 180 if (i < sk_X509_num(certs)) 181 CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); 182 else 183 xtmp = NULL; 184 sk_X509_pop_free(certs, X509_free); 185 return xtmp; 186 } 187 188 int X509_verify_cert(X509_STORE_CTX *ctx) 189 { 190 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 191 int bad_chain = 0; 192 X509_VERIFY_PARAM *param = ctx->param; 193 int depth, i, ok = 0; 194 int num, j, retry; 195 int (*cb) (int xok, X509_STORE_CTX *xctx); 196 STACK_OF(X509) *sktmp = NULL; 197 int trust = X509_TRUST_UNTRUSTED; 198 int err; 199 200 if (ctx->cert == NULL) { 201 X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 202 ctx->error = X509_V_ERR_INVALID_CALL; 203 return -1; 204 } 205 if (ctx->chain != NULL) { 206 /* 207 * This X509_STORE_CTX has already been used to verify a cert. We 208 * cannot do another one. 209 */ 210 X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 211 ctx->error = X509_V_ERR_INVALID_CALL; 212 return -1; 213 } 214 215 cb = ctx->verify_cb; 216 217 /* 218 * first we make sure the chain we are going to build is present and that 219 * the first entry is in place 220 */ 221 if (((ctx->chain = sk_X509_new_null()) == NULL) || 222 (!sk_X509_push(ctx->chain, ctx->cert))) { 223 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 224 ctx->error = X509_V_ERR_OUT_OF_MEM; 225 ok = -1; 226 goto err; 227 } 228 CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); 229 ctx->last_untrusted = 1; 230 231 /* We use a temporary STACK so we can chop and hack at it */ 232 if (ctx->untrusted != NULL 233 && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 234 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 235 ctx->error = X509_V_ERR_OUT_OF_MEM; 236 ok = -1; 237 goto err; 238 } 239 240 num = sk_X509_num(ctx->chain); 241 x = sk_X509_value(ctx->chain, num - 1); 242 depth = param->depth; 243 244 for (;;) { 245 /* If we have enough, we break */ 246 if (depth < num) 247 break; /* FIXME: If this happens, we should take 248 * note of it and, if appropriate, use the 249 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 250 * later. */ 251 252 /* If we are self signed, we break */ 253 if (cert_self_signed(x)) 254 break; 255 /* 256 * If asked see if we can find issuer in trusted store first 257 */ 258 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 259 ok = ctx->get_issuer(&xtmp, ctx, x); 260 if (ok < 0) { 261 ctx->error = X509_V_ERR_STORE_LOOKUP; 262 goto err; 263 } 264 /* 265 * If successful for now free up cert so it will be picked up 266 * again later. 267 */ 268 if (ok > 0) { 269 X509_free(xtmp); 270 break; 271 } 272 } 273 274 /* If we were passed a cert chain, use it first */ 275 if (ctx->untrusted != NULL) { 276 xtmp = find_issuer(ctx, sktmp, x); 277 if (xtmp != NULL) { 278 if (!sk_X509_push(ctx->chain, xtmp)) { 279 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 280 ctx->error = X509_V_ERR_OUT_OF_MEM; 281 ok = -1; 282 goto err; 283 } 284 CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); 285 (void)sk_X509_delete_ptr(sktmp, xtmp); 286 ctx->last_untrusted++; 287 x = xtmp; 288 num++; 289 /* 290 * reparse the full chain for the next one 291 */ 292 continue; 293 } 294 } 295 break; 296 } 297 298 /* Remember how many untrusted certs we have */ 299 j = num; 300 /* 301 * at this point, chain should contain a list of untrusted certificates. 302 * We now need to add at least one trusted one, if possible, otherwise we 303 * complain. 304 */ 305 306 do { 307 /* 308 * Examine last certificate in chain and see if it is self signed. 309 */ 310 i = sk_X509_num(ctx->chain); 311 x = sk_X509_value(ctx->chain, i - 1); 312 if (cert_self_signed(x)) { 313 /* we have a self signed certificate */ 314 if (sk_X509_num(ctx->chain) == 1) { 315 /* 316 * We have a single self signed certificate: see if we can 317 * find it in the store. We must have an exact match to avoid 318 * possible impersonation. 319 */ 320 ok = ctx->get_issuer(&xtmp, ctx, x); 321 if ((ok <= 0) || X509_cmp(x, xtmp)) { 322 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 323 ctx->current_cert = x; 324 ctx->error_depth = i - 1; 325 if (ok == 1) 326 X509_free(xtmp); 327 bad_chain = 1; 328 ok = cb(0, ctx); 329 if (!ok) 330 goto err; 331 } else { 332 /* 333 * We have a match: replace certificate with store 334 * version so we get any trust settings. 335 */ 336 X509_free(x); 337 x = xtmp; 338 (void)sk_X509_set(ctx->chain, i - 1, x); 339 ctx->last_untrusted = 0; 340 } 341 } else { 342 /* 343 * extract and save self signed certificate for later use 344 */ 345 chain_ss = sk_X509_pop(ctx->chain); 346 ctx->last_untrusted--; 347 num--; 348 j--; 349 x = sk_X509_value(ctx->chain, num - 1); 350 } 351 } 352 /* We now lookup certs from the certificate store */ 353 for (;;) { 354 /* If we have enough, we break */ 355 if (depth < num) 356 break; 357 /* If we are self signed, we break */ 358 if (cert_self_signed(x)) 359 break; 360 ok = ctx->get_issuer(&xtmp, ctx, x); 361 362 if (ok < 0) { 363 ctx->error = X509_V_ERR_STORE_LOOKUP; 364 goto err; 365 } 366 if (ok == 0) 367 break; 368 x = xtmp; 369 if (!sk_X509_push(ctx->chain, x)) { 370 X509_free(xtmp); 371 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 372 ctx->error = X509_V_ERR_OUT_OF_MEM; 373 ok = -1; 374 goto err; 375 } 376 num++; 377 } 378 379 /* we now have our chain, lets check it... */ 380 if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) { 381 /* Callback already issued */ 382 ok = 0; 383 goto err; 384 } 385 386 /* 387 * If it's not explicitly trusted then check if there is an alternative 388 * chain that could be used. We only do this if we haven't already 389 * checked via TRUSTED_FIRST and the user hasn't switched off alternate 390 * chain checking 391 */ 392 retry = 0; 393 if (trust != X509_TRUST_TRUSTED 394 && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) 395 && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 396 while (j-- > 1) { 397 xtmp2 = sk_X509_value(ctx->chain, j - 1); 398 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 399 if (ok < 0) { 400 ctx->error = X509_V_ERR_STORE_LOOKUP; 401 goto err; 402 } 403 /* Check if we found an alternate chain */ 404 if (ok > 0) { 405 /* 406 * Free up the found cert we'll add it again later 407 */ 408 X509_free(xtmp); 409 410 /* 411 * Dump all the certs above this point - we've found an 412 * alternate chain 413 */ 414 while (num > j) { 415 xtmp = sk_X509_pop(ctx->chain); 416 X509_free(xtmp); 417 num--; 418 } 419 ctx->last_untrusted = sk_X509_num(ctx->chain); 420 retry = 1; 421 break; 422 } 423 } 424 } 425 } while (retry); 426 427 /* 428 * If not explicitly trusted then indicate error unless it's a single 429 * self signed certificate in which case we've indicated an error already 430 * and set bad_chain == 1 431 */ 432 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 433 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 434 if (ctx->last_untrusted >= num) 435 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 436 else 437 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 438 ctx->current_cert = x; 439 } else { 440 441 sk_X509_push(ctx->chain, chain_ss); 442 num++; 443 ctx->last_untrusted = num; 444 ctx->current_cert = chain_ss; 445 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 446 chain_ss = NULL; 447 } 448 449 ctx->error_depth = num - 1; 450 bad_chain = 1; 451 ok = cb(0, ctx); 452 if (!ok) 453 goto err; 454 } 455 456 /* We have the chain complete: now we need to check its purpose */ 457 ok = check_chain_extensions(ctx); 458 459 if (!ok) 460 goto err; 461 462 /* Check name constraints */ 463 464 ok = check_name_constraints(ctx); 465 466 if (!ok) 467 goto err; 468 469 ok = check_id(ctx); 470 471 if (!ok) 472 goto err; 473 474 /* We may as well copy down any DSA parameters that are required */ 475 X509_get_pubkey_parameters(NULL, ctx->chain); 476 477 /* 478 * Check revocation status: we do this after copying parameters because 479 * they may be needed for CRL signature verification. 480 */ 481 482 ok = ctx->check_revocation(ctx); 483 if (!ok) 484 goto err; 485 486 err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, 487 ctx->param->flags); 488 if (err != X509_V_OK) { 489 ctx->error = err; 490 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); 491 ok = cb(0, ctx); 492 if (!ok) 493 goto err; 494 } 495 496 /* At this point, we have a chain and need to verify it */ 497 if (ctx->verify != NULL) 498 ok = ctx->verify(ctx); 499 else 500 ok = internal_verify(ctx); 501 if (!ok) 502 goto err; 503 504 #ifndef OPENSSL_NO_RFC3779 505 /* RFC 3779 path validation, now that CRL check has been done */ 506 ok = v3_asid_validate_path(ctx); 507 if (!ok) 508 goto err; 509 ok = v3_addr_validate_path(ctx); 510 if (!ok) 511 goto err; 512 #endif 513 514 /* If we get this far evaluate policies */ 515 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 516 ok = ctx->check_policy(ctx); 517 if (!ok) 518 goto err; 519 if (0) { 520 err: 521 /* Ensure we return an error */ 522 if (ok > 0) 523 ok = 0; 524 X509_get_pubkey_parameters(NULL, ctx->chain); 525 } 526 if (sktmp != NULL) 527 sk_X509_free(sktmp); 528 if (chain_ss != NULL) 529 X509_free(chain_ss); 530 531 /* Safety net, error returns must set ctx->error */ 532 if (ok <= 0 && ctx->error == X509_V_OK) 533 ctx->error = X509_V_ERR_UNSPECIFIED; 534 return ok; 535 } 536 537 /* 538 * Given a STACK_OF(X509) find the issuer of cert (if any) 539 */ 540 541 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) 542 { 543 int i; 544 X509 *issuer; 545 for (i = 0; i < sk_X509_num(sk); i++) { 546 issuer = sk_X509_value(sk, i); 547 if (ctx->check_issued(ctx, x, issuer)) 548 return issuer; 549 } 550 return NULL; 551 } 552 553 /* Given a possible certificate and issuer check them */ 554 555 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 556 { 557 int ret; 558 ret = X509_check_issued(issuer, x); 559 if (ret == X509_V_OK) 560 return 1; 561 /* If we haven't asked for issuer errors don't set ctx */ 562 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 563 return 0; 564 565 ctx->error = ret; 566 ctx->current_cert = x; 567 ctx->current_issuer = issuer; 568 return ctx->verify_cb(0, ctx); 569 } 570 571 /* Alternative lookup method: look from a STACK stored in other_ctx */ 572 573 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 574 { 575 *issuer = find_issuer(ctx, ctx->other_ctx, x); 576 if (*issuer) { 577 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 578 return 1; 579 } else 580 return 0; 581 } 582 583 /* 584 * Check a certificate chains extensions for consistency with the supplied 585 * purpose 586 */ 587 588 static int check_chain_extensions(X509_STORE_CTX *ctx) 589 { 590 #ifdef OPENSSL_NO_CHAIN_VERIFY 591 return 1; 592 #else 593 int i, ok = 0, must_be_ca, plen = 0; 594 X509 *x; 595 int (*cb) (int xok, X509_STORE_CTX *xctx); 596 int proxy_path_length = 0; 597 int purpose; 598 int allow_proxy_certs; 599 cb = ctx->verify_cb; 600 601 /*- 602 * must_be_ca can have 1 of 3 values: 603 * -1: we accept both CA and non-CA certificates, to allow direct 604 * use of self-signed certificates (which are marked as CA). 605 * 0: we only accept non-CA certificates. This is currently not 606 * used, but the possibility is present for future extensions. 607 * 1: we only accept CA certificates. This is currently used for 608 * all certificates in the chain except the leaf certificate. 609 */ 610 must_be_ca = -1; 611 612 /* CRL path validation */ 613 if (ctx->parent) { 614 allow_proxy_certs = 0; 615 purpose = X509_PURPOSE_CRL_SIGN; 616 } else { 617 allow_proxy_certs = 618 ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 619 /* 620 * A hack to keep people who don't want to modify their software 621 * happy 622 */ 623 if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) 624 allow_proxy_certs = 1; 625 purpose = ctx->param->purpose; 626 } 627 628 /* Check all untrusted certificates */ 629 for (i = 0; i < ctx->last_untrusted; i++) { 630 int ret; 631 x = sk_X509_value(ctx->chain, i); 632 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 633 && (x->ex_flags & EXFLAG_CRITICAL)) { 634 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 635 ctx->error_depth = i; 636 ctx->current_cert = x; 637 ok = cb(0, ctx); 638 if (!ok) 639 goto end; 640 } 641 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { 642 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 643 ctx->error_depth = i; 644 ctx->current_cert = x; 645 ok = cb(0, ctx); 646 if (!ok) 647 goto end; 648 } 649 ret = X509_check_ca(x); 650 switch (must_be_ca) { 651 case -1: 652 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 653 && (ret != 1) && (ret != 0)) { 654 ret = 0; 655 ctx->error = X509_V_ERR_INVALID_CA; 656 } else 657 ret = 1; 658 break; 659 case 0: 660 if (ret != 0) { 661 ret = 0; 662 ctx->error = X509_V_ERR_INVALID_NON_CA; 663 } else 664 ret = 1; 665 break; 666 default: 667 if ((ret == 0) 668 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 669 && (ret != 1))) { 670 ret = 0; 671 ctx->error = X509_V_ERR_INVALID_CA; 672 } else 673 ret = 1; 674 break; 675 } 676 if (ret == 0) { 677 ctx->error_depth = i; 678 ctx->current_cert = x; 679 ok = cb(0, ctx); 680 if (!ok) 681 goto end; 682 } 683 if (ctx->param->purpose > 0) { 684 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 685 if ((ret == 0) 686 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 687 && (ret != 1))) { 688 ctx->error = X509_V_ERR_INVALID_PURPOSE; 689 ctx->error_depth = i; 690 ctx->current_cert = x; 691 ok = cb(0, ctx); 692 if (!ok) 693 goto end; 694 } 695 } 696 /* Check pathlen if not self issued */ 697 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) 698 && (x->ex_pathlen != -1) 699 && (plen > (x->ex_pathlen + proxy_path_length + 1))) { 700 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 701 ctx->error_depth = i; 702 ctx->current_cert = x; 703 ok = cb(0, ctx); 704 if (!ok) 705 goto end; 706 } 707 /* Increment path length if not self issued */ 708 if (!(x->ex_flags & EXFLAG_SI)) 709 plen++; 710 /* 711 * If this certificate is a proxy certificate, the next certificate 712 * must be another proxy certificate or a EE certificate. If not, 713 * the next certificate must be a CA certificate. 714 */ 715 if (x->ex_flags & EXFLAG_PROXY) { 716 /* 717 * RFC3820, 4.1.3 (b)(1) stipulates that if pCPathLengthConstraint 718 * is less than max_path_length, the former should be copied to 719 * the latter, and 4.1.4 (a) stipulates that max_path_length 720 * should be verified to be larger than zero and decrement it. 721 * 722 * Because we're checking the certs in the reverse order, we start 723 * with verifying that proxy_path_length isn't larger than pcPLC, 724 * and copy the latter to the former if it is, and finally, 725 * increment proxy_path_length. 726 */ 727 if (x->ex_pcpathlen != -1) { 728 if (proxy_path_length > x->ex_pcpathlen) { 729 ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 730 ctx->error_depth = i; 731 ctx->current_cert = x; 732 ok = cb(0, ctx); 733 if (!ok) 734 goto end; 735 } 736 proxy_path_length = x->ex_pcpathlen; 737 } 738 proxy_path_length++; 739 must_be_ca = 0; 740 } else 741 must_be_ca = 1; 742 } 743 ok = 1; 744 end: 745 return ok; 746 #endif 747 } 748 749 static int check_name_constraints(X509_STORE_CTX *ctx) 750 { 751 X509 *x; 752 int i, j, rv; 753 /* Check name constraints for all certificates */ 754 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { 755 x = sk_X509_value(ctx->chain, i); 756 /* Ignore self issued certs unless last in chain */ 757 if (i && (x->ex_flags & EXFLAG_SI)) 758 continue; 759 760 /* 761 * Proxy certificates policy has an extra constraint, where the 762 * certificate subject MUST be the issuer with a single CN entry 763 * added. 764 * (RFC 3820: 3.4, 4.1.3 (a)(4)) 765 */ 766 if (x->ex_flags & EXFLAG_PROXY) { 767 X509_NAME *tmpsubject = X509_get_subject_name(x); 768 X509_NAME *tmpissuer = X509_get_issuer_name(x); 769 X509_NAME_ENTRY *tmpentry = NULL; 770 int last_object_nid = 0; 771 int err = X509_V_OK; 772 int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1; 773 774 /* Check that there are at least two RDNs */ 775 if (last_object_loc < 1) { 776 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; 777 goto proxy_name_done; 778 } 779 780 /* 781 * Check that there is exactly one more RDN in subject as 782 * there is in issuer. 783 */ 784 if (X509_NAME_entry_count(tmpsubject) 785 != X509_NAME_entry_count(tmpissuer) + 1) { 786 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; 787 goto proxy_name_done; 788 } 789 790 /* 791 * Check that the last subject component isn't part of a 792 * multivalued RDN 793 */ 794 if (X509_NAME_get_entry(tmpsubject, last_object_loc)->set 795 == X509_NAME_get_entry(tmpsubject, last_object_loc - 1)->set) { 796 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; 797 goto proxy_name_done; 798 } 799 800 /* 801 * Check that the last subject RDN is a commonName, and that 802 * all the previous RDNs match the issuer exactly 803 */ 804 tmpsubject = X509_NAME_dup(tmpsubject); 805 if (tmpsubject == NULL) { 806 X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); 807 ctx->error = X509_V_ERR_OUT_OF_MEM; 808 return 0; 809 } 810 811 tmpentry = 812 X509_NAME_delete_entry(tmpsubject, last_object_loc); 813 last_object_nid = 814 OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry)); 815 816 if (last_object_nid != NID_commonName 817 || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) { 818 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; 819 } 820 821 X509_NAME_ENTRY_free(tmpentry); 822 X509_NAME_free(tmpsubject); 823 824 proxy_name_done: 825 if (err != X509_V_OK) { 826 ctx->error = err; 827 ctx->error_depth = i; 828 ctx->current_cert = x; 829 if (!ctx->verify_cb(0, ctx)) 830 return 0; 831 } 832 } 833 834 /* 835 * Check against constraints for all certificates higher in chain 836 * including trust anchor. Trust anchor not strictly speaking needed 837 * but if it includes constraints it is to be assumed it expects them 838 * to be obeyed. 839 */ 840 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { 841 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; 842 if (nc) { 843 rv = NAME_CONSTRAINTS_check(x, nc); 844 switch (rv) { 845 case X509_V_OK: 846 continue; 847 case X509_V_ERR_OUT_OF_MEM: 848 ctx->error = rv; 849 return 0; 850 default: 851 ctx->error = rv; 852 ctx->error_depth = i; 853 ctx->current_cert = x; 854 if (!ctx->verify_cb(0, ctx)) 855 return 0; 856 break; 857 } 858 } 859 } 860 } 861 return 1; 862 } 863 864 static int check_id_error(X509_STORE_CTX *ctx, int errcode) 865 { 866 ctx->error = errcode; 867 ctx->current_cert = ctx->cert; 868 ctx->error_depth = 0; 869 return ctx->verify_cb(0, ctx); 870 } 871 872 static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 873 { 874 int i; 875 int n = sk_OPENSSL_STRING_num(id->hosts); 876 char *name; 877 878 if (id->peername != NULL) { 879 OPENSSL_free(id->peername); 880 id->peername = NULL; 881 } 882 for (i = 0; i < n; ++i) { 883 name = sk_OPENSSL_STRING_value(id->hosts, i); 884 if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) 885 return 1; 886 } 887 return n == 0; 888 } 889 890 static int check_id(X509_STORE_CTX *ctx) 891 { 892 X509_VERIFY_PARAM *vpm = ctx->param; 893 X509_VERIFY_PARAM_ID *id = vpm->id; 894 X509 *x = ctx->cert; 895 if (id->hosts && check_hosts(x, id) <= 0) { 896 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 897 return 0; 898 } 899 if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) { 900 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 901 return 0; 902 } 903 if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { 904 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 905 return 0; 906 } 907 return 1; 908 } 909 910 static int check_trust(X509_STORE_CTX *ctx) 911 { 912 int i, ok; 913 X509 *x = NULL; 914 int (*cb) (int xok, X509_STORE_CTX *xctx); 915 cb = ctx->verify_cb; 916 /* Check all trusted certificates in chain */ 917 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { 918 x = sk_X509_value(ctx->chain, i); 919 ok = X509_check_trust(x, ctx->param->trust, 0); 920 /* If explicitly trusted return trusted */ 921 if (ok == X509_TRUST_TRUSTED) 922 return X509_TRUST_TRUSTED; 923 /* 924 * If explicitly rejected notify callback and reject if not 925 * overridden. 926 */ 927 if (ok == X509_TRUST_REJECTED) { 928 ctx->error_depth = i; 929 ctx->current_cert = x; 930 ctx->error = X509_V_ERR_CERT_REJECTED; 931 ok = cb(0, ctx); 932 if (!ok) 933 return X509_TRUST_REJECTED; 934 } 935 } 936 /* 937 * If we accept partial chains and have at least one trusted certificate 938 * return success. 939 */ 940 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 941 X509 *mx; 942 if (ctx->last_untrusted < sk_X509_num(ctx->chain)) 943 return X509_TRUST_TRUSTED; 944 x = sk_X509_value(ctx->chain, 0); 945 mx = lookup_cert_match(ctx, x); 946 if (mx) { 947 (void)sk_X509_set(ctx->chain, 0, mx); 948 X509_free(x); 949 ctx->last_untrusted = 0; 950 return X509_TRUST_TRUSTED; 951 } 952 } 953 954 /* 955 * If no trusted certs in chain at all return untrusted and allow 956 * standard (no issuer cert) etc errors to be indicated. 957 */ 958 return X509_TRUST_UNTRUSTED; 959 } 960 961 static int check_revocation(X509_STORE_CTX *ctx) 962 { 963 int i, last, ok; 964 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 965 return 1; 966 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 967 last = sk_X509_num(ctx->chain) - 1; 968 else { 969 /* If checking CRL paths this isn't the EE certificate */ 970 if (ctx->parent) 971 return 1; 972 last = 0; 973 } 974 for (i = 0; i <= last; i++) { 975 ctx->error_depth = i; 976 ok = check_cert(ctx); 977 if (!ok) 978 return ok; 979 } 980 return 1; 981 } 982 983 static int check_cert(X509_STORE_CTX *ctx) 984 { 985 X509_CRL *crl = NULL, *dcrl = NULL; 986 X509 *x; 987 int ok, cnum; 988 unsigned int last_reasons; 989 cnum = ctx->error_depth; 990 x = sk_X509_value(ctx->chain, cnum); 991 ctx->current_cert = x; 992 ctx->current_issuer = NULL; 993 ctx->current_crl_score = 0; 994 ctx->current_reasons = 0; 995 if (x->ex_flags & EXFLAG_PROXY) 996 return 1; 997 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 998 last_reasons = ctx->current_reasons; 999 /* Try to retrieve relevant CRL */ 1000 if (ctx->get_crl) 1001 ok = ctx->get_crl(ctx, &crl, x); 1002 else 1003 ok = get_crl_delta(ctx, &crl, &dcrl, x); 1004 /* 1005 * If error looking up CRL, nothing we can do except notify callback 1006 */ 1007 if (!ok) { 1008 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 1009 ok = ctx->verify_cb(0, ctx); 1010 goto err; 1011 } 1012 ctx->current_crl = crl; 1013 ok = ctx->check_crl(ctx, crl); 1014 if (!ok) 1015 goto err; 1016 1017 if (dcrl) { 1018 ok = ctx->check_crl(ctx, dcrl); 1019 if (!ok) 1020 goto err; 1021 ok = ctx->cert_crl(ctx, dcrl, x); 1022 if (!ok) 1023 goto err; 1024 } else 1025 ok = 1; 1026 1027 /* Don't look in full CRL if delta reason is removefromCRL */ 1028 if (ok != 2) { 1029 ok = ctx->cert_crl(ctx, crl, x); 1030 if (!ok) 1031 goto err; 1032 } 1033 1034 X509_CRL_free(crl); 1035 X509_CRL_free(dcrl); 1036 crl = NULL; 1037 dcrl = NULL; 1038 /* 1039 * If reasons not updated we wont get anywhere by another iteration, 1040 * so exit loop. 1041 */ 1042 if (last_reasons == ctx->current_reasons) { 1043 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 1044 ok = ctx->verify_cb(0, ctx); 1045 goto err; 1046 } 1047 } 1048 err: 1049 X509_CRL_free(crl); 1050 X509_CRL_free(dcrl); 1051 1052 ctx->current_crl = NULL; 1053 return ok; 1054 1055 } 1056 1057 /* Check CRL times against values in X509_STORE_CTX */ 1058 1059 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 1060 { 1061 time_t *ptime; 1062 int i; 1063 if (notify) 1064 ctx->current_crl = crl; 1065 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1066 ptime = &ctx->param->check_time; 1067 else 1068 ptime = NULL; 1069 1070 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 1071 if (i == 0) { 1072 if (!notify) 1073 return 0; 1074 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 1075 if (!ctx->verify_cb(0, ctx)) 1076 return 0; 1077 } 1078 1079 if (i > 0) { 1080 if (!notify) 1081 return 0; 1082 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 1083 if (!ctx->verify_cb(0, ctx)) 1084 return 0; 1085 } 1086 1087 if (X509_CRL_get_nextUpdate(crl)) { 1088 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 1089 1090 if (i == 0) { 1091 if (!notify) 1092 return 0; 1093 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 1094 if (!ctx->verify_cb(0, ctx)) 1095 return 0; 1096 } 1097 /* Ignore expiry of base CRL is delta is valid */ 1098 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 1099 if (!notify) 1100 return 0; 1101 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 1102 if (!ctx->verify_cb(0, ctx)) 1103 return 0; 1104 } 1105 } 1106 1107 if (notify) 1108 ctx->current_crl = NULL; 1109 1110 return 1; 1111 } 1112 1113 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 1114 X509 **pissuer, int *pscore, unsigned int *preasons, 1115 STACK_OF(X509_CRL) *crls) 1116 { 1117 int i, crl_score, best_score = *pscore; 1118 unsigned int reasons, best_reasons = 0; 1119 X509 *x = ctx->current_cert; 1120 X509_CRL *crl, *best_crl = NULL; 1121 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 1122 1123 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1124 crl = sk_X509_CRL_value(crls, i); 1125 reasons = *preasons; 1126 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 1127 if (crl_score < best_score || crl_score == 0) 1128 continue; 1129 /* If current CRL is equivalent use it if it is newer */ 1130 if (crl_score == best_score && best_crl != NULL) { 1131 int day, sec; 1132 if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), 1133 X509_CRL_get_lastUpdate(crl)) == 0) 1134 continue; 1135 /* 1136 * ASN1_TIME_diff never returns inconsistent signs for |day| 1137 * and |sec|. 1138 */ 1139 if (day <= 0 && sec <= 0) 1140 continue; 1141 } 1142 best_crl = crl; 1143 best_crl_issuer = crl_issuer; 1144 best_score = crl_score; 1145 best_reasons = reasons; 1146 } 1147 1148 if (best_crl) { 1149 if (*pcrl) 1150 X509_CRL_free(*pcrl); 1151 *pcrl = best_crl; 1152 *pissuer = best_crl_issuer; 1153 *pscore = best_score; 1154 *preasons = best_reasons; 1155 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); 1156 if (*pdcrl) { 1157 X509_CRL_free(*pdcrl); 1158 *pdcrl = NULL; 1159 } 1160 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1161 } 1162 1163 if (best_score >= CRL_SCORE_VALID) 1164 return 1; 1165 1166 return 0; 1167 } 1168 1169 /* 1170 * Compare two CRL extensions for delta checking purposes. They should be 1171 * both present or both absent. If both present all fields must be identical. 1172 */ 1173 1174 static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1175 { 1176 ASN1_OCTET_STRING *exta, *extb; 1177 int i; 1178 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1179 if (i >= 0) { 1180 /* Can't have multiple occurrences */ 1181 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1182 return 0; 1183 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1184 } else 1185 exta = NULL; 1186 1187 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1188 1189 if (i >= 0) { 1190 1191 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1192 return 0; 1193 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1194 } else 1195 extb = NULL; 1196 1197 if (!exta && !extb) 1198 return 1; 1199 1200 if (!exta || !extb) 1201 return 0; 1202 1203 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1204 return 0; 1205 1206 return 1; 1207 } 1208 1209 /* See if a base and delta are compatible */ 1210 1211 static int check_delta_base(X509_CRL *delta, X509_CRL *base) 1212 { 1213 /* Delta CRL must be a delta */ 1214 if (!delta->base_crl_number) 1215 return 0; 1216 /* Base must have a CRL number */ 1217 if (!base->crl_number) 1218 return 0; 1219 /* Issuer names must match */ 1220 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) 1221 return 0; 1222 /* AKID and IDP must match */ 1223 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1224 return 0; 1225 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1226 return 0; 1227 /* Delta CRL base number must not exceed Full CRL number. */ 1228 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1229 return 0; 1230 /* Delta CRL number must exceed full CRL number */ 1231 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1232 return 1; 1233 return 0; 1234 } 1235 1236 /* 1237 * For a given base CRL find a delta... maybe extend to delta scoring or 1238 * retrieve a chain of deltas... 1239 */ 1240 1241 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, 1242 X509_CRL *base, STACK_OF(X509_CRL) *crls) 1243 { 1244 X509_CRL *delta; 1245 int i; 1246 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1247 return; 1248 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1249 return; 1250 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1251 delta = sk_X509_CRL_value(crls, i); 1252 if (check_delta_base(delta, base)) { 1253 if (check_crl_time(ctx, delta, 0)) 1254 *pscore |= CRL_SCORE_TIME_DELTA; 1255 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); 1256 *dcrl = delta; 1257 return; 1258 } 1259 } 1260 *dcrl = NULL; 1261 } 1262 1263 /* 1264 * For a given CRL return how suitable it is for the supplied certificate 1265 * 'x'. The return value is a mask of several criteria. If the issuer is not 1266 * the certificate issuer this is returned in *pissuer. The reasons mask is 1267 * also used to determine if the CRL is suitable: if no new reasons the CRL 1268 * is rejected, otherwise reasons is updated. 1269 */ 1270 1271 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 1272 unsigned int *preasons, X509_CRL *crl, X509 *x) 1273 { 1274 1275 int crl_score = 0; 1276 unsigned int tmp_reasons = *preasons, crl_reasons; 1277 1278 /* First see if we can reject CRL straight away */ 1279 1280 /* Invalid IDP cannot be processed */ 1281 if (crl->idp_flags & IDP_INVALID) 1282 return 0; 1283 /* Reason codes or indirect CRLs need extended CRL support */ 1284 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1285 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1286 return 0; 1287 } else if (crl->idp_flags & IDP_REASONS) { 1288 /* If no new reasons reject */ 1289 if (!(crl->idp_reasons & ~tmp_reasons)) 1290 return 0; 1291 } 1292 /* Don't process deltas at this stage */ 1293 else if (crl->base_crl_number) 1294 return 0; 1295 /* If issuer name doesn't match certificate need indirect CRL */ 1296 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1297 if (!(crl->idp_flags & IDP_INDIRECT)) 1298 return 0; 1299 } else 1300 crl_score |= CRL_SCORE_ISSUER_NAME; 1301 1302 if (!(crl->flags & EXFLAG_CRITICAL)) 1303 crl_score |= CRL_SCORE_NOCRITICAL; 1304 1305 /* Check expiry */ 1306 if (check_crl_time(ctx, crl, 0)) 1307 crl_score |= CRL_SCORE_TIME; 1308 1309 /* Check authority key ID and locate certificate issuer */ 1310 crl_akid_check(ctx, crl, pissuer, &crl_score); 1311 1312 /* If we can't locate certificate issuer at this point forget it */ 1313 1314 if (!(crl_score & CRL_SCORE_AKID)) 1315 return 0; 1316 1317 /* Check cert for matching CRL distribution points */ 1318 1319 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1320 /* If no new reasons reject */ 1321 if (!(crl_reasons & ~tmp_reasons)) 1322 return 0; 1323 tmp_reasons |= crl_reasons; 1324 crl_score |= CRL_SCORE_SCOPE; 1325 } 1326 1327 *preasons = tmp_reasons; 1328 1329 return crl_score; 1330 1331 } 1332 1333 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, 1334 X509 **pissuer, int *pcrl_score) 1335 { 1336 X509 *crl_issuer = NULL; 1337 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1338 int cidx = ctx->error_depth; 1339 int i; 1340 1341 if (cidx != sk_X509_num(ctx->chain) - 1) 1342 cidx++; 1343 1344 crl_issuer = sk_X509_value(ctx->chain, cidx); 1345 1346 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1347 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1348 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT; 1349 *pissuer = crl_issuer; 1350 return; 1351 } 1352 } 1353 1354 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { 1355 crl_issuer = sk_X509_value(ctx->chain, cidx); 1356 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1357 continue; 1358 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1359 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH; 1360 *pissuer = crl_issuer; 1361 return; 1362 } 1363 } 1364 1365 /* Anything else needs extended CRL support */ 1366 1367 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1368 return; 1369 1370 /* 1371 * Otherwise the CRL issuer is not on the path. Look for it in the set of 1372 * untrusted certificates. 1373 */ 1374 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1375 crl_issuer = sk_X509_value(ctx->untrusted, i); 1376 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1377 continue; 1378 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1379 *pissuer = crl_issuer; 1380 *pcrl_score |= CRL_SCORE_AKID; 1381 return; 1382 } 1383 } 1384 } 1385 1386 /* 1387 * Check the path of a CRL issuer certificate. This creates a new 1388 * X509_STORE_CTX and populates it with most of the parameters from the 1389 * parent. This could be optimised somewhat since a lot of path checking will 1390 * be duplicated by the parent, but this will rarely be used in practice. 1391 */ 1392 1393 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1394 { 1395 X509_STORE_CTX crl_ctx; 1396 int ret; 1397 /* Don't allow recursive CRL path validation */ 1398 if (ctx->parent) 1399 return 0; 1400 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) 1401 return -1; 1402 1403 crl_ctx.crls = ctx->crls; 1404 /* Copy verify params across */ 1405 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1406 1407 crl_ctx.parent = ctx; 1408 crl_ctx.verify_cb = ctx->verify_cb; 1409 1410 /* Verify CRL issuer */ 1411 ret = X509_verify_cert(&crl_ctx); 1412 1413 if (ret <= 0) 1414 goto err; 1415 1416 /* Check chain is acceptable */ 1417 1418 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1419 err: 1420 X509_STORE_CTX_cleanup(&crl_ctx); 1421 return ret; 1422 } 1423 1424 /* 1425 * RFC3280 says nothing about the relationship between CRL path and 1426 * certificate path, which could lead to situations where a certificate could 1427 * be revoked or validated by a CA not authorised to do so. RFC5280 is more 1428 * strict and states that the two paths must end in the same trust anchor, 1429 * though some discussions remain... until this is resolved we use the 1430 * RFC5280 version 1431 */ 1432 1433 static int check_crl_chain(X509_STORE_CTX *ctx, 1434 STACK_OF(X509) *cert_path, 1435 STACK_OF(X509) *crl_path) 1436 { 1437 X509 *cert_ta, *crl_ta; 1438 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1439 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1440 if (!X509_cmp(cert_ta, crl_ta)) 1441 return 1; 1442 return 0; 1443 } 1444 1445 /*- 1446 * Check for match between two dist point names: three separate cases. 1447 * 1. Both are relative names and compare X509_NAME types. 1448 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1449 * 3. Both are full names and compare two GENERAL_NAMES. 1450 * 4. One is NULL: automatic match. 1451 */ 1452 1453 static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1454 { 1455 X509_NAME *nm = NULL; 1456 GENERAL_NAMES *gens = NULL; 1457 GENERAL_NAME *gena, *genb; 1458 int i, j; 1459 if (!a || !b) 1460 return 1; 1461 if (a->type == 1) { 1462 if (!a->dpname) 1463 return 0; 1464 /* Case 1: two X509_NAME */ 1465 if (b->type == 1) { 1466 if (!b->dpname) 1467 return 0; 1468 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1469 return 1; 1470 else 1471 return 0; 1472 } 1473 /* Case 2: set name and GENERAL_NAMES appropriately */ 1474 nm = a->dpname; 1475 gens = b->name.fullname; 1476 } else if (b->type == 1) { 1477 if (!b->dpname) 1478 return 0; 1479 /* Case 2: set name and GENERAL_NAMES appropriately */ 1480 gens = a->name.fullname; 1481 nm = b->dpname; 1482 } 1483 1484 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1485 if (nm) { 1486 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1487 gena = sk_GENERAL_NAME_value(gens, i); 1488 if (gena->type != GEN_DIRNAME) 1489 continue; 1490 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1491 return 1; 1492 } 1493 return 0; 1494 } 1495 1496 /* Else case 3: two GENERAL_NAMES */ 1497 1498 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1499 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1500 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1501 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1502 if (!GENERAL_NAME_cmp(gena, genb)) 1503 return 1; 1504 } 1505 } 1506 1507 return 0; 1508 1509 } 1510 1511 static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1512 { 1513 int i; 1514 X509_NAME *nm = X509_CRL_get_issuer(crl); 1515 /* If no CRLissuer return is successful iff don't need a match */ 1516 if (!dp->CRLissuer) 1517 return ! !(crl_score & CRL_SCORE_ISSUER_NAME); 1518 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1519 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1520 if (gen->type != GEN_DIRNAME) 1521 continue; 1522 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1523 return 1; 1524 } 1525 return 0; 1526 } 1527 1528 /* Check CRLDP and IDP */ 1529 1530 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 1531 unsigned int *preasons) 1532 { 1533 int i; 1534 if (crl->idp_flags & IDP_ONLYATTR) 1535 return 0; 1536 if (x->ex_flags & EXFLAG_CA) { 1537 if (crl->idp_flags & IDP_ONLYUSER) 1538 return 0; 1539 } else { 1540 if (crl->idp_flags & IDP_ONLYCA) 1541 return 0; 1542 } 1543 *preasons = crl->idp_reasons; 1544 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1545 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1546 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1547 if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1548 *preasons &= dp->dp_reasons; 1549 return 1; 1550 } 1551 } 1552 } 1553 if ((!crl->idp || !crl->idp->distpoint) 1554 && (crl_score & CRL_SCORE_ISSUER_NAME)) 1555 return 1; 1556 return 0; 1557 } 1558 1559 /* 1560 * Retrieve CRL corresponding to current certificate. If deltas enabled try 1561 * to find a delta CRL too 1562 */ 1563 1564 static int get_crl_delta(X509_STORE_CTX *ctx, 1565 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1566 { 1567 int ok; 1568 X509 *issuer = NULL; 1569 int crl_score = 0; 1570 unsigned int reasons; 1571 X509_CRL *crl = NULL, *dcrl = NULL; 1572 STACK_OF(X509_CRL) *skcrl; 1573 X509_NAME *nm = X509_get_issuer_name(x); 1574 reasons = ctx->current_reasons; 1575 ok = get_crl_sk(ctx, &crl, &dcrl, 1576 &issuer, &crl_score, &reasons, ctx->crls); 1577 1578 if (ok) 1579 goto done; 1580 1581 /* Lookup CRLs from store */ 1582 1583 skcrl = ctx->lookup_crls(ctx, nm); 1584 1585 /* If no CRLs found and a near match from get_crl_sk use that */ 1586 if (!skcrl && crl) 1587 goto done; 1588 1589 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1590 1591 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1592 1593 done: 1594 1595 /* If we got any kind of CRL use it and return success */ 1596 if (crl) { 1597 ctx->current_issuer = issuer; 1598 ctx->current_crl_score = crl_score; 1599 ctx->current_reasons = reasons; 1600 *pcrl = crl; 1601 *pdcrl = dcrl; 1602 return 1; 1603 } 1604 1605 return 0; 1606 } 1607 1608 /* Check CRL validity */ 1609 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1610 { 1611 X509 *issuer = NULL; 1612 EVP_PKEY *ikey = NULL; 1613 int ok = 0, chnum, cnum; 1614 cnum = ctx->error_depth; 1615 chnum = sk_X509_num(ctx->chain) - 1; 1616 /* if we have an alternative CRL issuer cert use that */ 1617 if (ctx->current_issuer) 1618 issuer = ctx->current_issuer; 1619 1620 /* 1621 * Else find CRL issuer: if not last certificate then issuer is next 1622 * certificate in chain. 1623 */ 1624 else if (cnum < chnum) 1625 issuer = sk_X509_value(ctx->chain, cnum + 1); 1626 else { 1627 issuer = sk_X509_value(ctx->chain, chnum); 1628 /* If not self signed, can't check signature */ 1629 if (!ctx->check_issued(ctx, issuer, issuer)) { 1630 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1631 ok = ctx->verify_cb(0, ctx); 1632 if (!ok) 1633 goto err; 1634 } 1635 } 1636 1637 if (issuer) { 1638 /* 1639 * Skip most tests for deltas because they have already been done 1640 */ 1641 if (!crl->base_crl_number) { 1642 /* Check for cRLSign bit if keyUsage present */ 1643 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1644 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1645 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1646 ok = ctx->verify_cb(0, ctx); 1647 if (!ok) 1648 goto err; 1649 } 1650 1651 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1652 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1653 ok = ctx->verify_cb(0, ctx); 1654 if (!ok) 1655 goto err; 1656 } 1657 1658 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1659 if (check_crl_path(ctx, ctx->current_issuer) <= 0) { 1660 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1661 ok = ctx->verify_cb(0, ctx); 1662 if (!ok) 1663 goto err; 1664 } 1665 } 1666 1667 if (crl->idp_flags & IDP_INVALID) { 1668 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1669 ok = ctx->verify_cb(0, ctx); 1670 if (!ok) 1671 goto err; 1672 } 1673 1674 } 1675 1676 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1677 ok = check_crl_time(ctx, crl, 1); 1678 if (!ok) 1679 goto err; 1680 } 1681 1682 /* Attempt to get issuer certificate public key */ 1683 ikey = X509_get_pubkey(issuer); 1684 1685 if (!ikey) { 1686 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1687 ok = ctx->verify_cb(0, ctx); 1688 if (!ok) 1689 goto err; 1690 } else { 1691 int rv; 1692 rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); 1693 if (rv != X509_V_OK) { 1694 ctx->error = rv; 1695 ok = ctx->verify_cb(0, ctx); 1696 if (!ok) 1697 goto err; 1698 } 1699 /* Verify CRL signature */ 1700 if (X509_CRL_verify(crl, ikey) <= 0) { 1701 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1702 ok = ctx->verify_cb(0, ctx); 1703 if (!ok) 1704 goto err; 1705 } 1706 } 1707 } 1708 1709 ok = 1; 1710 1711 err: 1712 EVP_PKEY_free(ikey); 1713 return ok; 1714 } 1715 1716 /* Check certificate against CRL */ 1717 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1718 { 1719 int ok; 1720 X509_REVOKED *rev; 1721 /* 1722 * The rules changed for this... previously if a CRL contained unhandled 1723 * critical extensions it could still be used to indicate a certificate 1724 * was revoked. This has since been changed since critical extension can 1725 * change the meaning of CRL entries. 1726 */ 1727 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 1728 && (crl->flags & EXFLAG_CRITICAL)) { 1729 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1730 ok = ctx->verify_cb(0, ctx); 1731 if (!ok) 1732 return 0; 1733 } 1734 /* 1735 * Look for serial number of certificate in CRL If found make sure reason 1736 * is not removeFromCRL. 1737 */ 1738 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1739 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1740 return 2; 1741 ctx->error = X509_V_ERR_CERT_REVOKED; 1742 ok = ctx->verify_cb(0, ctx); 1743 if (!ok) 1744 return 0; 1745 } 1746 1747 return 1; 1748 } 1749 1750 static int check_policy(X509_STORE_CTX *ctx) 1751 { 1752 int ret; 1753 if (ctx->parent) 1754 return 1; 1755 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1756 ctx->param->policies, ctx->param->flags); 1757 if (ret == 0) { 1758 X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); 1759 ctx->error = X509_V_ERR_OUT_OF_MEM; 1760 return 0; 1761 } 1762 /* Invalid or inconsistent extensions */ 1763 if (ret == -1) { 1764 /* 1765 * Locate certificates with bad extensions and notify callback. 1766 */ 1767 X509 *x; 1768 int i; 1769 for (i = 1; i < sk_X509_num(ctx->chain); i++) { 1770 x = sk_X509_value(ctx->chain, i); 1771 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1772 continue; 1773 ctx->current_cert = x; 1774 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1775 if (!ctx->verify_cb(0, ctx)) 1776 return 0; 1777 } 1778 return 1; 1779 } 1780 if (ret == -2) { 1781 ctx->current_cert = NULL; 1782 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1783 return ctx->verify_cb(0, ctx); 1784 } 1785 1786 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1787 ctx->current_cert = NULL; 1788 /* 1789 * Verification errors need to be "sticky", a callback may have allowed 1790 * an SSL handshake to continue despite an error, and we must then 1791 * remain in an error state. Therefore, we MUST NOT clear earlier 1792 * verification errors by setting the error to X509_V_OK. 1793 */ 1794 if (!ctx->verify_cb(2, ctx)) 1795 return 0; 1796 } 1797 1798 return 1; 1799 } 1800 1801 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) 1802 { 1803 time_t *ptime; 1804 int i; 1805 1806 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1807 ptime = &ctx->param->check_time; 1808 else 1809 ptime = NULL; 1810 1811 i = X509_cmp_time(X509_get_notBefore(x), ptime); 1812 if (i == 0) { 1813 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; 1814 ctx->current_cert = x; 1815 if (!ctx->verify_cb(0, ctx)) 1816 return 0; 1817 } 1818 1819 if (i > 0) { 1820 ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; 1821 ctx->current_cert = x; 1822 if (!ctx->verify_cb(0, ctx)) 1823 return 0; 1824 } 1825 1826 i = X509_cmp_time(X509_get_notAfter(x), ptime); 1827 if (i == 0) { 1828 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; 1829 ctx->current_cert = x; 1830 if (!ctx->verify_cb(0, ctx)) 1831 return 0; 1832 } 1833 1834 if (i < 0) { 1835 ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; 1836 ctx->current_cert = x; 1837 if (!ctx->verify_cb(0, ctx)) 1838 return 0; 1839 } 1840 1841 return 1; 1842 } 1843 1844 static int internal_verify(X509_STORE_CTX *ctx) 1845 { 1846 int ok = 0, n; 1847 X509 *xs, *xi; 1848 EVP_PKEY *pkey = NULL; 1849 int (*cb) (int xok, X509_STORE_CTX *xctx); 1850 1851 cb = ctx->verify_cb; 1852 1853 n = sk_X509_num(ctx->chain); 1854 ctx->error_depth = n - 1; 1855 n--; 1856 xi = sk_X509_value(ctx->chain, n); 1857 1858 if (ctx->check_issued(ctx, xi, xi)) 1859 xs = xi; 1860 else { 1861 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1862 xs = xi; 1863 goto check_cert; 1864 } 1865 if (n <= 0) { 1866 ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; 1867 ctx->current_cert = xi; 1868 ok = cb(0, ctx); 1869 goto end; 1870 } else { 1871 n--; 1872 ctx->error_depth = n; 1873 xs = sk_X509_value(ctx->chain, n); 1874 } 1875 } 1876 1877 /* ctx->error=0; not needed */ 1878 while (n >= 0) { 1879 ctx->error_depth = n; 1880 1881 /* 1882 * Skip signature check for self signed certificates unless 1883 * explicitly asked for. It doesn't add any security and just wastes 1884 * time. 1885 */ 1886 if (!xs->valid 1887 && (xs != xi 1888 || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { 1889 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1890 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1891 ctx->current_cert = xi; 1892 ok = (*cb) (0, ctx); 1893 if (!ok) 1894 goto end; 1895 } else if (X509_verify(xs, pkey) <= 0) { 1896 ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; 1897 ctx->current_cert = xs; 1898 ok = (*cb) (0, ctx); 1899 if (!ok) { 1900 EVP_PKEY_free(pkey); 1901 goto end; 1902 } 1903 } 1904 EVP_PKEY_free(pkey); 1905 pkey = NULL; 1906 } 1907 1908 xs->valid = 1; 1909 1910 check_cert: 1911 ok = check_cert_time(ctx, xs); 1912 if (!ok) 1913 goto end; 1914 1915 /* The last error (if any) is still in the error value */ 1916 ctx->current_issuer = xi; 1917 ctx->current_cert = xs; 1918 ok = (*cb) (1, ctx); 1919 if (!ok) 1920 goto end; 1921 1922 n--; 1923 if (n >= 0) { 1924 xi = xs; 1925 xs = sk_X509_value(ctx->chain, n); 1926 } 1927 } 1928 ok = 1; 1929 end: 1930 return ok; 1931 } 1932 1933 int X509_cmp_current_time(const ASN1_TIME *ctm) 1934 { 1935 return X509_cmp_time(ctm, NULL); 1936 } 1937 1938 int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 1939 { 1940 char *str; 1941 ASN1_TIME atm; 1942 long offset; 1943 char buff1[24], buff2[24], *p; 1944 int i, j, remaining; 1945 1946 p = buff1; 1947 remaining = ctm->length; 1948 str = (char *)ctm->data; 1949 /* 1950 * Note that the following (historical) code allows much more slack in the 1951 * time format than RFC5280. In RFC5280, the representation is fixed: 1952 * UTCTime: YYMMDDHHMMSSZ 1953 * GeneralizedTime: YYYYMMDDHHMMSSZ 1954 */ 1955 if (ctm->type == V_ASN1_UTCTIME) { 1956 /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ 1957 int min_length = sizeof("YYMMDDHHMMZ") - 1; 1958 int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; 1959 if (remaining < min_length || remaining > max_length) 1960 return 0; 1961 memcpy(p, str, 10); 1962 p += 10; 1963 str += 10; 1964 remaining -= 10; 1965 } else { 1966 /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ 1967 int min_length = sizeof("YYYYMMDDHHMMZ") - 1; 1968 int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; 1969 if (remaining < min_length || remaining > max_length) 1970 return 0; 1971 memcpy(p, str, 12); 1972 p += 12; 1973 str += 12; 1974 remaining -= 12; 1975 } 1976 1977 if ((*str == 'Z') || (*str == '-') || (*str == '+')) { 1978 *(p++) = '0'; 1979 *(p++) = '0'; 1980 } else { 1981 /* SS (seconds) */ 1982 if (remaining < 2) 1983 return 0; 1984 *(p++) = *(str++); 1985 *(p++) = *(str++); 1986 remaining -= 2; 1987 /* 1988 * Skip any (up to three) fractional seconds... 1989 * TODO(emilia): in RFC5280, fractional seconds are forbidden. 1990 * Can we just kill them altogether? 1991 */ 1992 if (remaining && *str == '.') { 1993 str++; 1994 remaining--; 1995 for (i = 0; i < 3 && remaining; i++, str++, remaining--) { 1996 if (*str < '0' || *str > '9') 1997 break; 1998 } 1999 } 2000 2001 } 2002 *(p++) = 'Z'; 2003 *(p++) = '\0'; 2004 2005 /* We now need either a terminating 'Z' or an offset. */ 2006 if (!remaining) 2007 return 0; 2008 if (*str == 'Z') { 2009 if (remaining != 1) 2010 return 0; 2011 offset = 0; 2012 } else { 2013 /* (+-)HHMM */ 2014 if ((*str != '+') && (*str != '-')) 2015 return 0; 2016 /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ 2017 if (remaining != 5) 2018 return 0; 2019 if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || 2020 str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') 2021 return 0; 2022 offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; 2023 offset += (str[3] - '0') * 10 + (str[4] - '0'); 2024 if (*str == '-') 2025 offset = -offset; 2026 } 2027 atm.type = ctm->type; 2028 atm.flags = 0; 2029 atm.length = sizeof(buff2); 2030 atm.data = (unsigned char *)buff2; 2031 2032 if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) 2033 return 0; 2034 2035 if (ctm->type == V_ASN1_UTCTIME) { 2036 i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); 2037 if (i < 50) 2038 i += 100; /* cf. RFC 2459 */ 2039 j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); 2040 if (j < 50) 2041 j += 100; 2042 2043 if (i < j) 2044 return -1; 2045 if (i > j) 2046 return 1; 2047 } 2048 i = strcmp(buff1, buff2); 2049 if (i == 0) /* wait a second then return younger :-) */ 2050 return -1; 2051 else 2052 return i; 2053 } 2054 2055 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) 2056 { 2057 return X509_time_adj(s, adj, NULL); 2058 } 2059 2060 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) 2061 { 2062 return X509_time_adj_ex(s, 0, offset_sec, in_tm); 2063 } 2064 2065 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, 2066 int offset_day, long offset_sec, time_t *in_tm) 2067 { 2068 time_t t; 2069 2070 if (in_tm) 2071 t = *in_tm; 2072 else 2073 time(&t); 2074 2075 if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) { 2076 if (s->type == V_ASN1_UTCTIME) 2077 return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); 2078 if (s->type == V_ASN1_GENERALIZEDTIME) 2079 return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); 2080 } 2081 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 2082 } 2083 2084 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) 2085 { 2086 EVP_PKEY *ktmp = NULL, *ktmp2; 2087 int i, j; 2088 2089 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) 2090 return 1; 2091 2092 for (i = 0; i < sk_X509_num(chain); i++) { 2093 ktmp = X509_get_pubkey(sk_X509_value(chain, i)); 2094 if (ktmp == NULL) { 2095 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, 2096 X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 2097 return 0; 2098 } 2099 if (!EVP_PKEY_missing_parameters(ktmp)) 2100 break; 2101 else { 2102 EVP_PKEY_free(ktmp); 2103 ktmp = NULL; 2104 } 2105 } 2106 if (ktmp == NULL) { 2107 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, 2108 X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 2109 return 0; 2110 } 2111 2112 /* first, populate the other certs */ 2113 for (j = i - 1; j >= 0; j--) { 2114 ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); 2115 EVP_PKEY_copy_parameters(ktmp2, ktmp); 2116 EVP_PKEY_free(ktmp2); 2117 } 2118 2119 if (pkey != NULL) 2120 EVP_PKEY_copy_parameters(pkey, ktmp); 2121 EVP_PKEY_free(ktmp); 2122 return 1; 2123 } 2124 2125 /* Make a delta CRL as the diff between two full CRLs */ 2126 2127 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, 2128 EVP_PKEY *skey, const EVP_MD *md, unsigned int flags) 2129 { 2130 X509_CRL *crl = NULL; 2131 int i; 2132 STACK_OF(X509_REVOKED) *revs = NULL; 2133 /* CRLs can't be delta already */ 2134 if (base->base_crl_number || newer->base_crl_number) { 2135 X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_ALREADY_DELTA); 2136 return NULL; 2137 } 2138 /* Base and new CRL must have a CRL number */ 2139 if (!base->crl_number || !newer->crl_number) { 2140 X509err(X509_F_X509_CRL_DIFF, X509_R_NO_CRL_NUMBER); 2141 return NULL; 2142 } 2143 /* Issuer names must match */ 2144 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) { 2145 X509err(X509_F_X509_CRL_DIFF, X509_R_ISSUER_MISMATCH); 2146 return NULL; 2147 } 2148 /* AKID and IDP must match */ 2149 if (!crl_extension_match(base, newer, NID_authority_key_identifier)) { 2150 X509err(X509_F_X509_CRL_DIFF, X509_R_AKID_MISMATCH); 2151 return NULL; 2152 } 2153 if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) { 2154 X509err(X509_F_X509_CRL_DIFF, X509_R_IDP_MISMATCH); 2155 return NULL; 2156 } 2157 /* Newer CRL number must exceed full CRL number */ 2158 if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) { 2159 X509err(X509_F_X509_CRL_DIFF, X509_R_NEWER_CRL_NOT_NEWER); 2160 return NULL; 2161 } 2162 /* CRLs must verify */ 2163 if (skey && (X509_CRL_verify(base, skey) <= 0 || 2164 X509_CRL_verify(newer, skey) <= 0)) { 2165 X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_VERIFY_FAILURE); 2166 return NULL; 2167 } 2168 /* Create new CRL */ 2169 crl = X509_CRL_new(); 2170 if (!crl || !X509_CRL_set_version(crl, 1)) 2171 goto memerr; 2172 /* Set issuer name */ 2173 if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) 2174 goto memerr; 2175 2176 if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) 2177 goto memerr; 2178 if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) 2179 goto memerr; 2180 2181 /* Set base CRL number: must be critical */ 2182 2183 if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) 2184 goto memerr; 2185 2186 /* 2187 * Copy extensions across from newest CRL to delta: this will set CRL 2188 * number to correct value too. 2189 */ 2190 2191 for (i = 0; i < X509_CRL_get_ext_count(newer); i++) { 2192 X509_EXTENSION *ext; 2193 ext = X509_CRL_get_ext(newer, i); 2194 if (!X509_CRL_add_ext(crl, ext, -1)) 2195 goto memerr; 2196 } 2197 2198 /* Go through revoked entries, copying as needed */ 2199 2200 revs = X509_CRL_get_REVOKED(newer); 2201 2202 for (i = 0; i < sk_X509_REVOKED_num(revs); i++) { 2203 X509_REVOKED *rvn, *rvtmp; 2204 rvn = sk_X509_REVOKED_value(revs, i); 2205 /* 2206 * Add only if not also in base. TODO: need something cleverer here 2207 * for some more complex CRLs covering multiple CAs. 2208 */ 2209 if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) { 2210 rvtmp = X509_REVOKED_dup(rvn); 2211 if (!rvtmp) 2212 goto memerr; 2213 if (!X509_CRL_add0_revoked(crl, rvtmp)) { 2214 X509_REVOKED_free(rvtmp); 2215 goto memerr; 2216 } 2217 } 2218 } 2219 /* TODO: optionally prune deleted entries */ 2220 2221 if (skey && md && !X509_CRL_sign(crl, skey, md)) 2222 goto memerr; 2223 2224 return crl; 2225 2226 memerr: 2227 X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE); 2228 if (crl) 2229 X509_CRL_free(crl); 2230 return NULL; 2231 } 2232 2233 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, 2234 CRYPTO_EX_new *new_func, 2235 CRYPTO_EX_dup *dup_func, 2236 CRYPTO_EX_free *free_func) 2237 { 2238 /* 2239 * This function is (usually) called only once, by 2240 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). 2241 */ 2242 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, 2243 new_func, dup_func, free_func); 2244 } 2245 2246 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2247 { 2248 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2249 } 2250 2251 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2252 { 2253 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2254 } 2255 2256 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2257 { 2258 return ctx->error; 2259 } 2260 2261 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2262 { 2263 ctx->error = err; 2264 } 2265 2266 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2267 { 2268 return ctx->error_depth; 2269 } 2270 2271 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2272 { 2273 return ctx->current_cert; 2274 } 2275 2276 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2277 { 2278 return ctx->chain; 2279 } 2280 2281 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2282 { 2283 if (!ctx->chain) 2284 return NULL; 2285 return X509_chain_up_ref(ctx->chain); 2286 } 2287 2288 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2289 { 2290 return ctx->current_issuer; 2291 } 2292 2293 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2294 { 2295 return ctx->current_crl; 2296 } 2297 2298 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2299 { 2300 return ctx->parent; 2301 } 2302 2303 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2304 { 2305 ctx->cert = x; 2306 } 2307 2308 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2309 { 2310 ctx->untrusted = sk; 2311 } 2312 2313 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2314 { 2315 ctx->crls = sk; 2316 } 2317 2318 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2319 { 2320 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2321 } 2322 2323 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2324 { 2325 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2326 } 2327 2328 /* 2329 * This function is used to set the X509_STORE_CTX purpose and trust values. 2330 * This is intended to be used when another structure has its own trust and 2331 * purpose values which (if set) will be inherited by the ctx. If they aren't 2332 * set then we will usually have a default purpose in mind which should then 2333 * be used to set the trust value. An example of this is SSL use: an SSL 2334 * structure will have its own purpose and trust settings which the 2335 * application can set: if they aren't set then we use the default of SSL 2336 * client/server. 2337 */ 2338 2339 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2340 int purpose, int trust) 2341 { 2342 int idx; 2343 /* If purpose not set use default */ 2344 if (!purpose) 2345 purpose = def_purpose; 2346 /* If we have a purpose then check it is valid */ 2347 if (purpose) { 2348 X509_PURPOSE *ptmp; 2349 idx = X509_PURPOSE_get_by_id(purpose); 2350 if (idx == -1) { 2351 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2352 X509_R_UNKNOWN_PURPOSE_ID); 2353 return 0; 2354 } 2355 ptmp = X509_PURPOSE_get0(idx); 2356 if (ptmp->trust == X509_TRUST_DEFAULT) { 2357 idx = X509_PURPOSE_get_by_id(def_purpose); 2358 if (idx == -1) { 2359 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2360 X509_R_UNKNOWN_PURPOSE_ID); 2361 return 0; 2362 } 2363 ptmp = X509_PURPOSE_get0(idx); 2364 } 2365 /* If trust not set then get from purpose default */ 2366 if (!trust) 2367 trust = ptmp->trust; 2368 } 2369 if (trust) { 2370 idx = X509_TRUST_get_by_id(trust); 2371 if (idx == -1) { 2372 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2373 X509_R_UNKNOWN_TRUST_ID); 2374 return 0; 2375 } 2376 } 2377 2378 if (purpose && !ctx->param->purpose) 2379 ctx->param->purpose = purpose; 2380 if (trust && !ctx->param->trust) 2381 ctx->param->trust = trust; 2382 return 1; 2383 } 2384 2385 X509_STORE_CTX *X509_STORE_CTX_new(void) 2386 { 2387 X509_STORE_CTX *ctx; 2388 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); 2389 if (!ctx) { 2390 X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); 2391 return NULL; 2392 } 2393 memset(ctx, 0, sizeof(X509_STORE_CTX)); 2394 return ctx; 2395 } 2396 2397 void X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2398 { 2399 if (!ctx) 2400 return; 2401 X509_STORE_CTX_cleanup(ctx); 2402 OPENSSL_free(ctx); 2403 } 2404 2405 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2406 STACK_OF(X509) *chain) 2407 { 2408 int ret = 1; 2409 ctx->ctx = store; 2410 ctx->current_method = 0; 2411 ctx->cert = x509; 2412 ctx->untrusted = chain; 2413 ctx->crls = NULL; 2414 ctx->last_untrusted = 0; 2415 ctx->other_ctx = NULL; 2416 ctx->valid = 0; 2417 ctx->chain = NULL; 2418 ctx->error = 0; 2419 ctx->explicit_policy = 0; 2420 ctx->error_depth = 0; 2421 ctx->current_cert = NULL; 2422 ctx->current_issuer = NULL; 2423 ctx->current_crl = NULL; 2424 ctx->current_crl_score = 0; 2425 ctx->current_reasons = 0; 2426 ctx->tree = NULL; 2427 ctx->parent = NULL; 2428 /* Zero ex_data to make sure we're cleanup-safe */ 2429 memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); 2430 2431 ctx->param = X509_VERIFY_PARAM_new(); 2432 if (!ctx->param) { 2433 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2434 return 0; 2435 } 2436 2437 /* 2438 * Inherit callbacks and flags from X509_STORE if not set use defaults. 2439 */ 2440 if (store) 2441 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2442 else 2443 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; 2444 2445 if (store) { 2446 ctx->verify_cb = store->verify_cb; 2447 /* Seems to always be 0 in OpenSSL, else must be idempotent */ 2448 ctx->cleanup = store->cleanup; 2449 } else 2450 ctx->cleanup = 0; 2451 2452 if (ret) 2453 ret = X509_VERIFY_PARAM_inherit(ctx->param, 2454 X509_VERIFY_PARAM_lookup("default")); 2455 2456 if (ret == 0) { 2457 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2458 goto err; 2459 } 2460 2461 if (store && store->check_issued) 2462 ctx->check_issued = store->check_issued; 2463 else 2464 ctx->check_issued = check_issued; 2465 2466 if (store && store->get_issuer) 2467 ctx->get_issuer = store->get_issuer; 2468 else 2469 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2470 2471 if (store && store->verify_cb) 2472 ctx->verify_cb = store->verify_cb; 2473 else 2474 ctx->verify_cb = null_callback; 2475 2476 if (store && store->verify) 2477 ctx->verify = store->verify; 2478 else 2479 ctx->verify = internal_verify; 2480 2481 if (store && store->check_revocation) 2482 ctx->check_revocation = store->check_revocation; 2483 else 2484 ctx->check_revocation = check_revocation; 2485 2486 if (store && store->get_crl) 2487 ctx->get_crl = store->get_crl; 2488 else 2489 ctx->get_crl = NULL; 2490 2491 if (store && store->check_crl) 2492 ctx->check_crl = store->check_crl; 2493 else 2494 ctx->check_crl = check_crl; 2495 2496 if (store && store->cert_crl) 2497 ctx->cert_crl = store->cert_crl; 2498 else 2499 ctx->cert_crl = cert_crl; 2500 2501 if (store && store->lookup_certs) 2502 ctx->lookup_certs = store->lookup_certs; 2503 else 2504 ctx->lookup_certs = X509_STORE_get1_certs; 2505 2506 if (store && store->lookup_crls) 2507 ctx->lookup_crls = store->lookup_crls; 2508 else 2509 ctx->lookup_crls = X509_STORE_get1_crls; 2510 2511 ctx->check_policy = check_policy; 2512 2513 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2514 &ctx->ex_data)) 2515 return 1; 2516 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2517 2518 err: 2519 /* 2520 * On error clean up allocated storage, if the store context was not 2521 * allocated with X509_STORE_CTX_new() this is our last chance to do so. 2522 */ 2523 X509_STORE_CTX_cleanup(ctx); 2524 return 0; 2525 } 2526 2527 /* 2528 * Set alternative lookup method: just a STACK of trusted certificates. This 2529 * avoids X509_STORE nastiness where it isn't needed. 2530 */ 2531 2532 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2533 { 2534 ctx->other_ctx = sk; 2535 ctx->get_issuer = get_issuer_sk; 2536 } 2537 2538 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2539 { 2540 /* 2541 * We need to be idempotent because, unfortunately, free() also calls 2542 * cleanup(), so the natural call sequence new(), init(), cleanup(), free() 2543 * calls cleanup() for the same object twice! Thus we must zero the 2544 * pointers below after they're freed! 2545 */ 2546 /* Seems to always be 0 in OpenSSL, do this at most once. */ 2547 if (ctx->cleanup != NULL) { 2548 ctx->cleanup(ctx); 2549 ctx->cleanup = NULL; 2550 } 2551 if (ctx->param != NULL) { 2552 if (ctx->parent == NULL) 2553 X509_VERIFY_PARAM_free(ctx->param); 2554 ctx->param = NULL; 2555 } 2556 if (ctx->tree != NULL) { 2557 X509_policy_tree_free(ctx->tree); 2558 ctx->tree = NULL; 2559 } 2560 if (ctx->chain != NULL) { 2561 sk_X509_pop_free(ctx->chain, X509_free); 2562 ctx->chain = NULL; 2563 } 2564 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); 2565 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2566 } 2567 2568 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2569 { 2570 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2571 } 2572 2573 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2574 { 2575 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2576 } 2577 2578 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, 2579 time_t t) 2580 { 2581 X509_VERIFY_PARAM_set_time(ctx->param, t); 2582 } 2583 2584 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2585 int (*verify_cb) (int, X509_STORE_CTX *)) 2586 { 2587 ctx->verify_cb = verify_cb; 2588 } 2589 2590 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2591 { 2592 return ctx->tree; 2593 } 2594 2595 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2596 { 2597 return ctx->explicit_policy; 2598 } 2599 2600 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2601 { 2602 const X509_VERIFY_PARAM *param; 2603 param = X509_VERIFY_PARAM_lookup(name); 2604 if (!param) 2605 return 0; 2606 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2607 } 2608 2609 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2610 { 2611 return ctx->param; 2612 } 2613 2614 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2615 { 2616 if (ctx->param) 2617 X509_VERIFY_PARAM_free(ctx->param); 2618 ctx->param = param; 2619 } 2620 2621 IMPLEMENT_STACK_OF(X509) 2622 2623 IMPLEMENT_ASN1_SET_OF(X509) 2624 2625 IMPLEMENT_STACK_OF(X509_NAME) 2626 2627 IMPLEMENT_STACK_OF(X509_ATTRIBUTE) 2628 2629 IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) 2630