1 /* $OpenBSD: x509_vfy.c,v 1.100 2021/11/26 13:17:09 schwarze Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <errno.h> 60 #include <stdio.h> 61 #include <string.h> 62 #include <time.h> 63 #include <unistd.h> 64 65 #include <openssl/opensslconf.h> 66 67 #include <openssl/asn1.h> 68 #include <openssl/buffer.h> 69 #include <openssl/crypto.h> 70 #include <openssl/err.h> 71 #include <openssl/evp.h> 72 #include <openssl/lhash.h> 73 #include <openssl/objects.h> 74 #include <openssl/x509.h> 75 #include <openssl/x509v3.h> 76 #include "asn1_locl.h" 77 #include "vpm_int.h" 78 #include "x509_internal.h" 79 80 /* CRL score values */ 81 82 /* No unhandled critical extensions */ 83 84 #define CRL_SCORE_NOCRITICAL 0x100 85 86 /* certificate is within CRL scope */ 87 88 #define CRL_SCORE_SCOPE 0x080 89 90 /* CRL times valid */ 91 92 #define CRL_SCORE_TIME 0x040 93 94 /* Issuer name matches certificate */ 95 96 #define CRL_SCORE_ISSUER_NAME 0x020 97 98 /* If this score or above CRL is probably valid */ 99 100 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 101 102 /* CRL issuer is certificate issuer */ 103 104 #define CRL_SCORE_ISSUER_CERT 0x018 105 106 /* CRL issuer is on certificate path */ 107 108 #define CRL_SCORE_SAME_PATH 0x008 109 110 /* CRL issuer matches CRL AKID */ 111 112 #define CRL_SCORE_AKID 0x004 113 114 /* Have a delta CRL with valid times */ 115 116 #define CRL_SCORE_TIME_DELTA 0x002 117 118 static int null_callback(int ok, X509_STORE_CTX *e); 119 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 120 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 121 int allow_expired); 122 static int check_chain_extensions(X509_STORE_CTX *ctx); 123 static int check_name_constraints(X509_STORE_CTX *ctx); 124 static int check_trust(X509_STORE_CTX *ctx); 125 static int check_revocation(X509_STORE_CTX *ctx); 126 static int check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth); 127 static int check_policy(X509_STORE_CTX *ctx); 128 129 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 130 unsigned int *preasons, X509_CRL *crl, X509 *x); 131 static int get_crl_delta(X509_STORE_CTX *ctx, 132 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 133 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, 134 X509_CRL *base, STACK_OF(X509_CRL) *crls); 135 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 136 int *pcrl_score); 137 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 138 unsigned int *preasons); 139 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 140 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 141 STACK_OF(X509) *crl_path); 142 static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, 143 int clamp_notafter); 144 145 static int internal_verify(X509_STORE_CTX *ctx); 146 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); 147 148 int ASN1_time_tm_clamp_notafter(struct tm *tm); 149 150 static int 151 null_callback(int ok, X509_STORE_CTX *e) 152 { 153 return ok; 154 } 155 156 #if 0 157 static int 158 x509_subject_cmp(X509 **a, X509 **b) 159 { 160 return X509_subject_name_cmp(*a, *b); 161 } 162 #endif 163 164 /* Return 1 if a certificate is self signed */ 165 static int 166 cert_self_signed(X509 *x) 167 { 168 X509_check_purpose(x, -1, 0); 169 if (x->ex_flags & EXFLAG_SS) 170 return 1; 171 else 172 return 0; 173 } 174 175 static int 176 check_id_error(X509_STORE_CTX *ctx, int errcode) 177 { 178 ctx->error = errcode; 179 ctx->current_cert = ctx->cert; 180 ctx->error_depth = 0; 181 return ctx->verify_cb(0, ctx); 182 } 183 184 static int 185 check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 186 { 187 size_t i, n; 188 char *name; 189 190 n = sk_OPENSSL_STRING_num(id->hosts); 191 free(id->peername); 192 id->peername = NULL; 193 194 for (i = 0; i < n; ++i) { 195 name = sk_OPENSSL_STRING_value(id->hosts, i); 196 if (X509_check_host(x, name, strlen(name), id->hostflags, 197 &id->peername) > 0) 198 return 1; 199 } 200 return n == 0; 201 } 202 203 static int 204 check_id(X509_STORE_CTX *ctx) 205 { 206 X509_VERIFY_PARAM *vpm = ctx->param; 207 X509_VERIFY_PARAM_ID *id = vpm->id; 208 X509 *x = ctx->cert; 209 210 if (id->hosts && check_hosts(x, id) <= 0) { 211 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 212 return 0; 213 } 214 if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0) 215 <= 0) { 216 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 217 return 0; 218 } 219 if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { 220 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 221 return 0; 222 } 223 return 1; 224 } 225 226 int 227 x509_vfy_check_id(X509_STORE_CTX *ctx) { 228 return check_id(ctx); 229 } 230 231 /* 232 * This is the effectively broken legacy OpenSSL chain builder. It 233 * might find an unvalidated chain and leave it sitting in 234 * ctx->chain. It does not correctly handle many cases where multiple 235 * chains could exist. 236 * 237 * Oh no.. I know a dirty word... 238 * Oooooooh.. 239 */ 240 static int 241 X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) 242 { 243 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 244 int bad_chain = 0; 245 X509_VERIFY_PARAM *param = ctx->param; 246 int ok = 0, ret = 0; 247 int depth, i; 248 int num, j, retry, trust; 249 int (*cb) (int xok, X509_STORE_CTX *xctx); 250 STACK_OF(X509) *sktmp = NULL; 251 252 cb = ctx->verify_cb; 253 254 /* 255 * First we make sure the chain we are going to build is 256 * present and that the first entry is in place. 257 */ 258 ctx->chain = sk_X509_new_null(); 259 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { 260 X509error(ERR_R_MALLOC_FAILURE); 261 ctx->error = X509_V_ERR_OUT_OF_MEM; 262 goto end; 263 } 264 X509_up_ref(ctx->cert); 265 ctx->num_untrusted = 1; 266 267 /* We use a temporary STACK so we can chop and hack at it */ 268 if (ctx->untrusted != NULL && 269 (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 270 X509error(ERR_R_MALLOC_FAILURE); 271 ctx->error = X509_V_ERR_OUT_OF_MEM; 272 goto end; 273 } 274 275 num = sk_X509_num(ctx->chain); 276 x = sk_X509_value(ctx->chain, num - 1); 277 depth = param->depth; 278 279 for (;;) { 280 /* If we have enough, we break */ 281 /* FIXME: If this happens, we should take 282 * note of it and, if appropriate, use the 283 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 284 * later. 285 */ 286 if (depth < num) 287 break; 288 /* If we are self signed, we break */ 289 if (cert_self_signed(x)) 290 break; 291 /* 292 * If asked see if we can find issuer in trusted store first 293 */ 294 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 295 ok = ctx->get_issuer(&xtmp, ctx, x); 296 if (ok < 0) { 297 ctx->error = X509_V_ERR_STORE_LOOKUP; 298 goto end; 299 } 300 /* 301 * If successful for now free up cert so it 302 * will be picked up again later. 303 */ 304 if (ok > 0) { 305 X509_free(xtmp); 306 break; 307 } 308 } 309 /* If we were passed a cert chain, use it first */ 310 if (ctx->untrusted != NULL) { 311 /* 312 * If we do not find a non-expired untrusted cert, peek 313 * ahead and see if we can satisify this from the trusted 314 * store. If not, see if we have an expired untrusted cert. 315 */ 316 xtmp = find_issuer(ctx, sktmp, x, 0); 317 if (xtmp == NULL && 318 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)) { 319 ok = ctx->get_issuer(&xtmp, ctx, x); 320 if (ok < 0) { 321 ctx->error = X509_V_ERR_STORE_LOOKUP; 322 goto end; 323 } 324 if (ok > 0) { 325 X509_free(xtmp); 326 break; 327 } 328 xtmp = find_issuer(ctx, sktmp, x, 1); 329 } 330 if (xtmp != NULL) { 331 if (!sk_X509_push(ctx->chain, xtmp)) { 332 X509error(ERR_R_MALLOC_FAILURE); 333 ctx->error = X509_V_ERR_OUT_OF_MEM; 334 ok = 0; 335 goto end; 336 } 337 X509_up_ref(xtmp); 338 (void)sk_X509_delete_ptr(sktmp, xtmp); 339 ctx->num_untrusted++; 340 x = xtmp; 341 num++; 342 /* 343 * reparse the full chain for the next one 344 */ 345 continue; 346 } 347 } 348 break; 349 } 350 /* Remember how many untrusted certs we have */ 351 j = num; 352 353 /* 354 * At this point, chain should contain a list of untrusted 355 * certificates. We now need to add at least one trusted one, 356 * if possible, otherwise we complain. 357 */ 358 359 do { 360 /* 361 * Examine last certificate in chain and see if it is 362 * self signed. 363 */ 364 i = sk_X509_num(ctx->chain); 365 x = sk_X509_value(ctx->chain, i - 1); 366 if (cert_self_signed(x)) { 367 /* we have a self signed certificate */ 368 if (i == 1) { 369 /* 370 * We have a single self signed 371 * certificate: see if we can find it 372 * in the store. We must have an exact 373 * match to avoid possible 374 * impersonation. 375 */ 376 ok = ctx->get_issuer(&xtmp, ctx, x); 377 if ((ok <= 0) || X509_cmp(x, xtmp)) { 378 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 379 ctx->current_cert = x; 380 ctx->error_depth = i - 1; 381 if (ok == 1) 382 X509_free(xtmp); 383 bad_chain = 1; 384 ok = cb(0, ctx); 385 if (!ok) 386 goto end; 387 } else { 388 /* 389 * We have a match: replace 390 * certificate with store 391 * version so we get any trust 392 * settings. 393 */ 394 X509_free(x); 395 x = xtmp; 396 (void)sk_X509_set(ctx->chain, i - 1, x); 397 ctx->num_untrusted = 0; 398 } 399 } else { 400 /* 401 * extract and save self signed 402 * certificate for later use 403 */ 404 chain_ss = sk_X509_pop(ctx->chain); 405 ctx->num_untrusted--; 406 num--; 407 j--; 408 x = sk_X509_value(ctx->chain, num - 1); 409 } 410 } 411 /* We now lookup certs from the certificate store */ 412 for (;;) { 413 /* If we have enough, we break */ 414 if (depth < num) 415 break; 416 /* If we are self signed, we break */ 417 if (cert_self_signed(x)) 418 break; 419 ok = ctx->get_issuer(&xtmp, ctx, x); 420 421 if (ok < 0) { 422 ctx->error = X509_V_ERR_STORE_LOOKUP; 423 goto end; 424 } 425 if (ok == 0) 426 break; 427 x = xtmp; 428 if (!sk_X509_push(ctx->chain, x)) { 429 X509_free(xtmp); 430 X509error(ERR_R_MALLOC_FAILURE); 431 ctx->error = X509_V_ERR_OUT_OF_MEM; 432 ok = 0; 433 goto end; 434 } 435 num++; 436 } 437 438 /* we now have our chain, lets check it... */ 439 trust = check_trust(ctx); 440 441 /* If explicitly rejected error */ 442 if (trust == X509_TRUST_REJECTED) { 443 ok = 0; 444 goto end; 445 } 446 /* 447 * If it's not explicitly trusted then check if there 448 * is an alternative chain that could be used. We only 449 * do this if we haven't already checked via 450 * TRUSTED_FIRST and the user hasn't switched off 451 * alternate chain checking 452 */ 453 retry = 0; 454 if (trust != X509_TRUST_TRUSTED && 455 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && 456 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 457 while (j-- > 1) { 458 xtmp2 = sk_X509_value(ctx->chain, j - 1); 459 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 460 if (ok < 0) 461 goto end; 462 /* Check if we found an alternate chain */ 463 if (ok > 0) { 464 /* 465 * Free up the found cert 466 * we'll add it again later 467 */ 468 X509_free(xtmp); 469 /* 470 * Dump all the certs above 471 * this point - we've found an 472 * alternate chain 473 */ 474 while (num > j) { 475 xtmp = sk_X509_pop(ctx->chain); 476 X509_free(xtmp); 477 num--; 478 } 479 ctx->num_untrusted = sk_X509_num(ctx->chain); 480 retry = 1; 481 break; 482 } 483 } 484 } 485 } while (retry); 486 487 /* 488 * If not explicitly trusted then indicate error unless it's a single 489 * self signed certificate in which case we've indicated an error already 490 * and set bad_chain == 1 491 */ 492 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 493 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 494 if (ctx->num_untrusted >= num) 495 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 496 else 497 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 498 ctx->current_cert = x; 499 } else { 500 if (!sk_X509_push(ctx->chain, chain_ss)) { 501 X509error(ERR_R_MALLOC_FAILURE); 502 ctx->error = X509_V_ERR_OUT_OF_MEM; 503 ok = 0; 504 goto end; 505 } 506 num++; 507 ctx->num_untrusted = num; 508 ctx->current_cert = chain_ss; 509 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 510 chain_ss = NULL; 511 } 512 513 ctx->error_depth = num - 1; 514 bad_chain = 1; 515 ok = cb(0, ctx); 516 if (!ok) 517 goto end; 518 } 519 520 ret = 1; 521 end: 522 sk_X509_free(sktmp); 523 X509_free(chain_ss); 524 *bad = bad_chain; 525 *out_ok = ok; 526 527 return ret; 528 } 529 530 static int 531 X509_verify_cert_legacy(X509_STORE_CTX *ctx) 532 { 533 int ok = 0, bad_chain; 534 535 ctx->error = X509_V_OK; /* Initialize to OK */ 536 537 if (!X509_verify_cert_legacy_build_chain(ctx, &bad_chain, &ok)) 538 goto end; 539 540 /* We have the chain complete: now we need to check its purpose */ 541 ok = check_chain_extensions(ctx); 542 if (!ok) 543 goto end; 544 545 /* Check name constraints */ 546 ok = check_name_constraints(ctx); 547 if (!ok) 548 goto end; 549 550 #ifndef OPENSSL_NO_RFC3779 551 ok = X509v3_asid_validate_path(ctx); 552 if (!ok) 553 goto end; 554 555 ok = X509v3_addr_validate_path(ctx); 556 if (!ok) 557 goto end; 558 #endif 559 560 ok = check_id(ctx); 561 if (!ok) 562 goto end; 563 564 /* 565 * Check revocation status: we do this after copying parameters because 566 * they may be needed for CRL signature verification. 567 */ 568 ok = ctx->check_revocation(ctx); 569 if (!ok) 570 goto end; 571 572 /* At this point, we have a chain and need to verify it */ 573 if (ctx->verify != NULL) 574 ok = ctx->verify(ctx); 575 else 576 ok = internal_verify(ctx); 577 if (!ok) 578 goto end; 579 580 /* If we get this far evaluate policies */ 581 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 582 ok = ctx->check_policy(ctx); 583 584 end: 585 /* Safety net, error returns must set ctx->error */ 586 if (ok <= 0 && ctx->error == X509_V_OK) 587 ctx->error = X509_V_ERR_UNSPECIFIED; 588 589 return ok; 590 } 591 592 int 593 X509_verify_cert(X509_STORE_CTX *ctx) 594 { 595 STACK_OF(X509) *roots = NULL; 596 struct x509_verify_ctx *vctx = NULL; 597 int chain_count = 0; 598 599 if (ctx->cert == NULL) { 600 X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 601 ctx->error = X509_V_ERR_INVALID_CALL; 602 return -1; 603 } 604 if (ctx->chain != NULL) { 605 /* 606 * This X509_STORE_CTX has already been used to verify 607 * a cert. We cannot do another one. 608 */ 609 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 610 ctx->error = X509_V_ERR_INVALID_CALL; 611 return -1; 612 } 613 if (ctx->param->id->poisoned) { 614 /* 615 * This X509_STORE_CTX had failures setting 616 * up verify parameters. We can not use it. 617 */ 618 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 619 ctx->error = X509_V_ERR_INVALID_CALL; 620 return -1; 621 } 622 if (ctx->error != X509_V_ERR_INVALID_CALL) { 623 /* 624 * This X509_STORE_CTX has not been properly initialized. 625 */ 626 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 627 ctx->error = X509_V_ERR_INVALID_CALL; 628 return -1; 629 } 630 631 /* 632 * If flags request legacy, use the legacy verifier. If we 633 * requested "no alt chains" from the age of hammer pants, use 634 * the legacy verifier because the multi chain verifier really 635 * does find all the "alt chains". 636 * 637 * XXX deprecate the NO_ALT_CHAINS flag? 638 */ 639 if ((ctx->param->flags & X509_V_FLAG_LEGACY_VERIFY) || 640 (ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) 641 return X509_verify_cert_legacy(ctx); 642 643 /* Use the modern multi-chain verifier from x509_verify_cert */ 644 645 if ((vctx = x509_verify_ctx_new_from_xsc(ctx)) != NULL) { 646 ctx->error = X509_V_OK; /* Initialize to OK */ 647 chain_count = x509_verify(vctx, NULL, NULL); 648 } 649 x509_verify_ctx_free(vctx); 650 651 sk_X509_pop_free(roots, X509_free); 652 653 /* if we succeed we have a chain in ctx->chain */ 654 return (chain_count > 0 && ctx->chain != NULL); 655 } 656 657 /* Given a STACK_OF(X509) find the issuer of cert (if any) 658 */ 659 660 static X509 * 661 find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 662 int allow_expired) 663 { 664 int i; 665 X509 *issuer, *rv = NULL; 666 667 for (i = 0; i < sk_X509_num(sk); i++) { 668 issuer = sk_X509_value(sk, i); 669 if (ctx->check_issued(ctx, x, issuer)) { 670 if (x509_check_cert_time(ctx, issuer, -1)) 671 return issuer; 672 if (allow_expired) 673 rv = issuer; 674 } 675 } 676 return rv; 677 } 678 679 /* Given a possible certificate and issuer check them */ 680 681 static int 682 check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 683 { 684 int ret; 685 686 ret = X509_check_issued(issuer, x); 687 if (ret == X509_V_OK) 688 return 1; 689 /* If we haven't asked for issuer errors don't set ctx */ 690 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 691 return 0; 692 693 ctx->error = ret; 694 ctx->current_cert = x; 695 ctx->current_issuer = issuer; 696 return ctx->verify_cb(0, ctx); 697 } 698 699 /* Alternative lookup method: look from a STACK stored in other_ctx */ 700 701 static int 702 get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 703 { 704 *issuer = find_issuer(ctx, ctx->other_ctx, x, 1); 705 if (*issuer) { 706 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 707 return 1; 708 } else 709 return 0; 710 } 711 712 /* Check a certificate chains extensions for consistency 713 * with the supplied purpose 714 */ 715 716 int 717 x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) 718 { 719 #ifdef OPENSSL_NO_CHAIN_VERIFY 720 return 1; 721 #else 722 int i, ok = 0, must_be_ca, plen = 0; 723 X509 *x; 724 int (*cb)(int xok, X509_STORE_CTX *xctx); 725 int proxy_path_length = 0; 726 int purpose; 727 int allow_proxy_certs; 728 729 cb = ctx->verify_cb; 730 731 /* must_be_ca can have 1 of 3 values: 732 -1: we accept both CA and non-CA certificates, to allow direct 733 use of self-signed certificates (which are marked as CA). 734 0: we only accept non-CA certificates. This is currently not 735 used, but the possibility is present for future extensions. 736 1: we only accept CA certificates. This is currently used for 737 all certificates in the chain except the leaf certificate. 738 */ 739 must_be_ca = -1; 740 741 /* CRL path validation */ 742 if (ctx->parent) { 743 allow_proxy_certs = 0; 744 purpose = X509_PURPOSE_CRL_SIGN; 745 } else { 746 allow_proxy_certs = 747 !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 748 purpose = ctx->param->purpose; 749 } 750 751 /* Check all untrusted certificates */ 752 for (i = 0; i < ctx->num_untrusted; i++) { 753 int ret; 754 x = sk_X509_value(ctx->chain, i); 755 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 756 (x->ex_flags & EXFLAG_CRITICAL)) { 757 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 758 ctx->error_depth = i; 759 ctx->current_cert = x; 760 ok = cb(0, ctx); 761 if (!ok) 762 goto end; 763 } 764 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { 765 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 766 ctx->error_depth = i; 767 ctx->current_cert = x; 768 ok = cb(0, ctx); 769 if (!ok) 770 goto end; 771 } 772 ret = X509_check_ca(x); 773 switch (must_be_ca) { 774 case -1: 775 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 776 (ret != 1) && (ret != 0)) { 777 ret = 0; 778 ctx->error = X509_V_ERR_INVALID_CA; 779 } else 780 ret = 1; 781 break; 782 case 0: 783 if (ret != 0) { 784 ret = 0; 785 ctx->error = X509_V_ERR_INVALID_NON_CA; 786 } else 787 ret = 1; 788 break; 789 default: 790 if ((ret == 0) || 791 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 792 (ret != 1))) { 793 ret = 0; 794 ctx->error = X509_V_ERR_INVALID_CA; 795 } else 796 ret = 1; 797 break; 798 } 799 if (ret == 0) { 800 ctx->error_depth = i; 801 ctx->current_cert = x; 802 ok = cb(0, ctx); 803 if (!ok) 804 goto end; 805 } 806 if (ctx->param->purpose > 0) { 807 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 808 if ((ret == 0) || 809 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 810 (ret != 1))) { 811 ctx->error = X509_V_ERR_INVALID_PURPOSE; 812 ctx->error_depth = i; 813 ctx->current_cert = x; 814 ok = cb(0, ctx); 815 if (!ok) 816 goto end; 817 } 818 } 819 /* Check pathlen if not self issued */ 820 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) && 821 (x->ex_pathlen != -1) && 822 (plen > (x->ex_pathlen + proxy_path_length + 1))) { 823 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 824 ctx->error_depth = i; 825 ctx->current_cert = x; 826 ok = cb(0, ctx); 827 if (!ok) 828 goto end; 829 } 830 /* Increment path length if not self issued */ 831 if (!(x->ex_flags & EXFLAG_SI)) 832 plen++; 833 /* If this certificate is a proxy certificate, the next 834 certificate must be another proxy certificate or a EE 835 certificate. If not, the next certificate must be a 836 CA certificate. */ 837 if (x->ex_flags & EXFLAG_PROXY) { 838 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { 839 ctx->error = 840 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 841 ctx->error_depth = i; 842 ctx->current_cert = x; 843 ok = cb(0, ctx); 844 if (!ok) 845 goto end; 846 } 847 proxy_path_length++; 848 must_be_ca = 0; 849 } else 850 must_be_ca = 1; 851 } 852 ok = 1; 853 854 end: 855 return ok; 856 #endif 857 } 858 859 static int 860 check_chain_extensions(X509_STORE_CTX *ctx) { 861 return x509_vfy_check_chain_extensions(ctx); 862 } 863 864 static int 865 check_name_constraints(X509_STORE_CTX *ctx) 866 { 867 if (!x509_constraints_chain(ctx->chain, &ctx->error, 868 &ctx->error_depth)) { 869 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); 870 if (!ctx->verify_cb(0, ctx)) 871 return 0; 872 } 873 return 1; 874 } 875 876 /* Given a certificate try and find an exact match in the store */ 877 878 static X509 * 879 lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 880 { 881 STACK_OF(X509) *certs; 882 X509 *xtmp = NULL; 883 size_t i; 884 885 /* Lookup all certs with matching subject name */ 886 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 887 if (certs == NULL) 888 return NULL; 889 890 /* Look for exact match */ 891 for (i = 0; i < sk_X509_num(certs); i++) { 892 xtmp = sk_X509_value(certs, i); 893 if (!X509_cmp(xtmp, x)) 894 break; 895 } 896 897 if (i < sk_X509_num(certs)) 898 X509_up_ref(xtmp); 899 else 900 xtmp = NULL; 901 902 sk_X509_pop_free(certs, X509_free); 903 return xtmp; 904 } 905 906 X509 * 907 x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 908 { 909 if (ctx->lookup_certs == NULL || ctx->store == NULL || 910 ctx->store->objs == NULL) 911 return NULL; 912 return lookup_cert_match(ctx, x); 913 } 914 915 static int 916 check_trust(X509_STORE_CTX *ctx) 917 { 918 size_t i; 919 int ok; 920 X509 *x = NULL; 921 int (*cb) (int xok, X509_STORE_CTX *xctx); 922 923 cb = ctx->verify_cb; 924 /* Check all trusted certificates in chain */ 925 for (i = ctx->num_untrusted; i < sk_X509_num(ctx->chain); i++) { 926 x = sk_X509_value(ctx->chain, i); 927 ok = X509_check_trust(x, ctx->param->trust, 0); 928 929 /* If explicitly trusted return trusted */ 930 if (ok == X509_TRUST_TRUSTED) 931 return X509_TRUST_TRUSTED; 932 /* 933 * If explicitly rejected notify callback and reject if not 934 * overridden. 935 */ 936 if (ok == X509_TRUST_REJECTED) { 937 ctx->error_depth = i; 938 ctx->current_cert = x; 939 ctx->error = X509_V_ERR_CERT_REJECTED; 940 ok = cb(0, ctx); 941 if (!ok) 942 return X509_TRUST_REJECTED; 943 } 944 } 945 /* 946 * If we accept partial chains and have at least one trusted certificate 947 * return success. 948 */ 949 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 950 X509 *mx; 951 if (ctx->num_untrusted < (int)sk_X509_num(ctx->chain)) 952 return X509_TRUST_TRUSTED; 953 x = sk_X509_value(ctx->chain, 0); 954 mx = lookup_cert_match(ctx, x); 955 if (mx) { 956 (void)sk_X509_set(ctx->chain, 0, mx); 957 X509_free(x); 958 ctx->num_untrusted = 0; 959 return X509_TRUST_TRUSTED; 960 } 961 } 962 963 /* 964 * If no trusted certs in chain at all return untrusted and allow 965 * standard (no issuer cert) etc errors to be indicated. 966 */ 967 return X509_TRUST_UNTRUSTED; 968 } 969 970 int 971 x509_vfy_check_trust(X509_STORE_CTX *ctx) 972 { 973 return check_trust(ctx); 974 } 975 976 static int 977 check_revocation(X509_STORE_CTX *ctx) 978 { 979 int i, last, ok; 980 981 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 982 return 1; 983 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 984 last = sk_X509_num(ctx->chain) - 1; 985 else { 986 /* If checking CRL paths this isn't the EE certificate */ 987 if (ctx->parent) 988 return 1; 989 last = 0; 990 } 991 for (i = 0; i <= last; i++) { 992 ok = check_cert(ctx, ctx->chain, i); 993 if (!ok) 994 return ok; 995 } 996 return 1; 997 } 998 999 int 1000 x509_vfy_check_revocation(X509_STORE_CTX *ctx) 1001 { 1002 return check_revocation(ctx); 1003 } 1004 1005 static int 1006 check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth) 1007 { 1008 X509_CRL *crl = NULL, *dcrl = NULL; 1009 X509 *x; 1010 int ok = 0, cnum; 1011 unsigned int last_reasons; 1012 1013 cnum = ctx->error_depth = depth; 1014 x = sk_X509_value(chain, cnum); 1015 ctx->current_cert = x; 1016 ctx->current_issuer = NULL; 1017 ctx->current_crl_score = 0; 1018 ctx->current_reasons = 0; 1019 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 1020 last_reasons = ctx->current_reasons; 1021 /* Try to retrieve relevant CRL */ 1022 if (ctx->get_crl) 1023 ok = ctx->get_crl(ctx, &crl, x); 1024 else 1025 ok = get_crl_delta(ctx, &crl, &dcrl, x); 1026 /* If error looking up CRL, nothing we can do except 1027 * notify callback 1028 */ 1029 if (!ok) { 1030 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 1031 ok = ctx->verify_cb(0, ctx); 1032 goto err; 1033 } 1034 ctx->current_crl = crl; 1035 ok = ctx->check_crl(ctx, crl); 1036 if (!ok) 1037 goto err; 1038 1039 if (dcrl) { 1040 ok = ctx->check_crl(ctx, dcrl); 1041 if (!ok) 1042 goto err; 1043 ok = ctx->cert_crl(ctx, dcrl, x); 1044 if (!ok) 1045 goto err; 1046 } else 1047 ok = 1; 1048 1049 /* Don't look in full CRL if delta reason is removefromCRL */ 1050 if (ok != 2) { 1051 ok = ctx->cert_crl(ctx, crl, x); 1052 if (!ok) 1053 goto err; 1054 } 1055 1056 ctx->current_crl = NULL; 1057 X509_CRL_free(crl); 1058 X509_CRL_free(dcrl); 1059 crl = NULL; 1060 dcrl = NULL; 1061 /* If reasons not updated we wont get anywhere by 1062 * another iteration, so exit loop. 1063 */ 1064 if (last_reasons == ctx->current_reasons) { 1065 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 1066 ok = ctx->verify_cb(0, ctx); 1067 goto err; 1068 } 1069 } 1070 1071 err: 1072 ctx->current_crl = NULL; 1073 X509_CRL_free(crl); 1074 X509_CRL_free(dcrl); 1075 return ok; 1076 } 1077 1078 /* Check CRL times against values in X509_STORE_CTX */ 1079 1080 static int 1081 check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 1082 { 1083 time_t *ptime; 1084 int i; 1085 1086 if (notify) 1087 ctx->current_crl = crl; 1088 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1089 ptime = &ctx->param->check_time; 1090 else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1091 return (1); 1092 else 1093 ptime = NULL; 1094 1095 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 1096 if (i == 0) { 1097 if (!notify) 1098 return 0; 1099 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 1100 if (!ctx->verify_cb(0, ctx)) 1101 return 0; 1102 } 1103 1104 if (i > 0) { 1105 if (!notify) 1106 return 0; 1107 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 1108 if (!ctx->verify_cb(0, ctx)) 1109 return 0; 1110 } 1111 1112 if (X509_CRL_get_nextUpdate(crl)) { 1113 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 1114 1115 if (i == 0) { 1116 if (!notify) 1117 return 0; 1118 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 1119 if (!ctx->verify_cb(0, ctx)) 1120 return 0; 1121 } 1122 /* Ignore expiry of base CRL is delta is valid */ 1123 if ((i < 0) && 1124 !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 1125 if (!notify) 1126 return 0; 1127 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 1128 if (!ctx->verify_cb(0, ctx)) 1129 return 0; 1130 } 1131 } 1132 1133 if (notify) 1134 ctx->current_crl = NULL; 1135 1136 return 1; 1137 } 1138 1139 static int 1140 get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 1141 X509 **pissuer, int *pscore, unsigned int *preasons, 1142 STACK_OF(X509_CRL) *crls) 1143 { 1144 int i, crl_score, best_score = *pscore; 1145 unsigned int reasons, best_reasons = 0; 1146 X509 *x = ctx->current_cert; 1147 X509_CRL *crl, *best_crl = NULL; 1148 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 1149 1150 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1151 crl = sk_X509_CRL_value(crls, i); 1152 reasons = *preasons; 1153 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 1154 1155 if (crl_score > best_score) { 1156 best_crl = crl; 1157 best_crl_issuer = crl_issuer; 1158 best_score = crl_score; 1159 best_reasons = reasons; 1160 } 1161 } 1162 1163 if (best_crl) { 1164 if (*pcrl) 1165 X509_CRL_free(*pcrl); 1166 *pcrl = best_crl; 1167 *pissuer = best_crl_issuer; 1168 *pscore = best_score; 1169 *preasons = best_reasons; 1170 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); 1171 if (*pdcrl) { 1172 X509_CRL_free(*pdcrl); 1173 *pdcrl = NULL; 1174 } 1175 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1176 } 1177 1178 if (best_score >= CRL_SCORE_VALID) 1179 return 1; 1180 1181 return 0; 1182 } 1183 1184 /* Compare two CRL extensions for delta checking purposes. They should be 1185 * both present or both absent. If both present all fields must be identical. 1186 */ 1187 1188 static int 1189 crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1190 { 1191 ASN1_OCTET_STRING *exta, *extb; 1192 int i; 1193 1194 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1195 if (i >= 0) { 1196 /* Can't have multiple occurrences */ 1197 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1198 return 0; 1199 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1200 } else 1201 exta = NULL; 1202 1203 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1204 1205 if (i >= 0) { 1206 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1207 return 0; 1208 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1209 } else 1210 extb = NULL; 1211 1212 if (!exta && !extb) 1213 return 1; 1214 1215 if (!exta || !extb) 1216 return 0; 1217 1218 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1219 return 0; 1220 1221 return 1; 1222 } 1223 1224 /* See if a base and delta are compatible */ 1225 1226 static int 1227 check_delta_base(X509_CRL *delta, X509_CRL *base) 1228 { 1229 /* Delta CRL must be a delta */ 1230 if (!delta->base_crl_number) 1231 return 0; 1232 /* Base must have a CRL number */ 1233 if (!base->crl_number) 1234 return 0; 1235 /* Issuer names must match */ 1236 if (X509_NAME_cmp(X509_CRL_get_issuer(base), 1237 X509_CRL_get_issuer(delta))) 1238 return 0; 1239 /* AKID and IDP must match */ 1240 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1241 return 0; 1242 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1243 return 0; 1244 /* Delta CRL base number must not exceed Full CRL number. */ 1245 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1246 return 0; 1247 /* Delta CRL number must exceed full CRL number */ 1248 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1249 return 1; 1250 return 0; 1251 } 1252 1253 /* For a given base CRL find a delta... maybe extend to delta scoring 1254 * or retrieve a chain of deltas... 1255 */ 1256 1257 static void 1258 get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base, 1259 STACK_OF(X509_CRL) *crls) 1260 { 1261 X509_CRL *delta; 1262 int i; 1263 1264 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1265 return; 1266 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1267 return; 1268 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1269 delta = sk_X509_CRL_value(crls, i); 1270 if (check_delta_base(delta, base)) { 1271 if (check_crl_time(ctx, delta, 0)) 1272 *pscore |= CRL_SCORE_TIME_DELTA; 1273 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); 1274 *dcrl = delta; 1275 return; 1276 } 1277 } 1278 *dcrl = NULL; 1279 } 1280 1281 /* For a given CRL return how suitable it is for the supplied certificate 'x'. 1282 * The return value is a mask of several criteria. 1283 * If the issuer is not the certificate issuer this is returned in *pissuer. 1284 * The reasons mask is also used to determine if the CRL is suitable: if 1285 * no new reasons the CRL is rejected, otherwise reasons is updated. 1286 */ 1287 1288 static int 1289 get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, 1290 X509_CRL *crl, X509 *x) 1291 { 1292 int crl_score = 0; 1293 unsigned int tmp_reasons = *preasons, crl_reasons; 1294 1295 /* First see if we can reject CRL straight away */ 1296 1297 /* Invalid IDP cannot be processed */ 1298 if (crl->idp_flags & IDP_INVALID) 1299 return 0; 1300 /* Reason codes or indirect CRLs need extended CRL support */ 1301 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1302 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1303 return 0; 1304 } else if (crl->idp_flags & IDP_REASONS) { 1305 /* If no new reasons reject */ 1306 if (!(crl->idp_reasons & ~tmp_reasons)) 1307 return 0; 1308 } 1309 /* Don't process deltas at this stage */ 1310 else if (crl->base_crl_number) 1311 return 0; 1312 /* If issuer name doesn't match certificate need indirect CRL */ 1313 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1314 if (!(crl->idp_flags & IDP_INDIRECT)) 1315 return 0; 1316 } else 1317 crl_score |= CRL_SCORE_ISSUER_NAME; 1318 1319 if (!(crl->flags & EXFLAG_CRITICAL)) 1320 crl_score |= CRL_SCORE_NOCRITICAL; 1321 1322 /* Check expiry */ 1323 if (check_crl_time(ctx, crl, 0)) 1324 crl_score |= CRL_SCORE_TIME; 1325 1326 /* Check authority key ID and locate certificate issuer */ 1327 crl_akid_check(ctx, crl, pissuer, &crl_score); 1328 1329 /* If we can't locate certificate issuer at this point forget it */ 1330 1331 if (!(crl_score & CRL_SCORE_AKID)) 1332 return 0; 1333 1334 /* Check cert for matching CRL distribution points */ 1335 1336 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1337 /* If no new reasons reject */ 1338 if (!(crl_reasons & ~tmp_reasons)) 1339 return 0; 1340 tmp_reasons |= crl_reasons; 1341 crl_score |= CRL_SCORE_SCOPE; 1342 } 1343 1344 *preasons = tmp_reasons; 1345 1346 return crl_score; 1347 } 1348 1349 static void 1350 crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 1351 int *pcrl_score) 1352 { 1353 X509 *crl_issuer = NULL; 1354 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1355 int cidx = ctx->error_depth; 1356 int i; 1357 1358 if (cidx != sk_X509_num(ctx->chain) - 1) 1359 cidx++; 1360 1361 crl_issuer = sk_X509_value(ctx->chain, cidx); 1362 1363 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1364 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1365 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; 1366 *pissuer = crl_issuer; 1367 return; 1368 } 1369 } 1370 1371 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { 1372 crl_issuer = sk_X509_value(ctx->chain, cidx); 1373 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1374 continue; 1375 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1376 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; 1377 *pissuer = crl_issuer; 1378 return; 1379 } 1380 } 1381 1382 /* Anything else needs extended CRL support */ 1383 1384 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1385 return; 1386 1387 /* Otherwise the CRL issuer is not on the path. Look for it in the 1388 * set of untrusted certificates. 1389 */ 1390 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1391 crl_issuer = sk_X509_value(ctx->untrusted, i); 1392 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1393 continue; 1394 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1395 *pissuer = crl_issuer; 1396 *pcrl_score |= CRL_SCORE_AKID; 1397 return; 1398 } 1399 } 1400 } 1401 1402 /* Check the path of a CRL issuer certificate. This creates a new 1403 * X509_STORE_CTX and populates it with most of the parameters from the 1404 * parent. This could be optimised somewhat since a lot of path checking 1405 * will be duplicated by the parent, but this will rarely be used in 1406 * practice. 1407 */ 1408 1409 static int 1410 check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1411 { 1412 X509_STORE_CTX crl_ctx; 1413 int ret; 1414 1415 /* Don't allow recursive CRL path validation */ 1416 if (ctx->parent) 1417 return 0; 1418 if (!X509_STORE_CTX_init(&crl_ctx, ctx->store, x, ctx->untrusted)) { 1419 ret = -1; 1420 goto err; 1421 } 1422 1423 crl_ctx.crls = ctx->crls; 1424 /* Copy verify params across */ 1425 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1426 1427 crl_ctx.parent = ctx; 1428 crl_ctx.verify_cb = ctx->verify_cb; 1429 1430 /* Verify CRL issuer */ 1431 ret = X509_verify_cert(&crl_ctx); 1432 1433 if (ret <= 0) 1434 goto err; 1435 1436 /* Check chain is acceptable */ 1437 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1438 1439 err: 1440 X509_STORE_CTX_cleanup(&crl_ctx); 1441 return ret; 1442 } 1443 1444 /* RFC3280 says nothing about the relationship between CRL path 1445 * and certificate path, which could lead to situations where a 1446 * certificate could be revoked or validated by a CA not authorised 1447 * to do so. RFC5280 is more strict and states that the two paths must 1448 * end in the same trust anchor, though some discussions remain... 1449 * until this is resolved we use the RFC5280 version 1450 */ 1451 1452 static int 1453 check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 1454 STACK_OF(X509) *crl_path) 1455 { 1456 X509 *cert_ta, *crl_ta; 1457 1458 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1459 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1460 if (!X509_cmp(cert_ta, crl_ta)) 1461 return 1; 1462 return 0; 1463 } 1464 1465 /* Check for match between two dist point names: three separate cases. 1466 * 1. Both are relative names and compare X509_NAME types. 1467 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1468 * 3. Both are full names and compare two GENERAL_NAMES. 1469 * 4. One is NULL: automatic match. 1470 */ 1471 1472 static int 1473 idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1474 { 1475 X509_NAME *nm = NULL; 1476 GENERAL_NAMES *gens = NULL; 1477 GENERAL_NAME *gena, *genb; 1478 int i, j; 1479 1480 if (!a || !b) 1481 return 1; 1482 if (a->type == 1) { 1483 if (!a->dpname) 1484 return 0; 1485 /* Case 1: two X509_NAME */ 1486 if (b->type == 1) { 1487 if (!b->dpname) 1488 return 0; 1489 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1490 return 1; 1491 else 1492 return 0; 1493 } 1494 /* Case 2: set name and GENERAL_NAMES appropriately */ 1495 nm = a->dpname; 1496 gens = b->name.fullname; 1497 } else if (b->type == 1) { 1498 if (!b->dpname) 1499 return 0; 1500 /* Case 2: set name and GENERAL_NAMES appropriately */ 1501 gens = a->name.fullname; 1502 nm = b->dpname; 1503 } 1504 1505 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1506 if (nm) { 1507 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1508 gena = sk_GENERAL_NAME_value(gens, i); 1509 if (gena->type != GEN_DIRNAME) 1510 continue; 1511 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1512 return 1; 1513 } 1514 return 0; 1515 } 1516 1517 /* Else case 3: two GENERAL_NAMES */ 1518 1519 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1520 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1521 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1522 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1523 if (!GENERAL_NAME_cmp(gena, genb)) 1524 return 1; 1525 } 1526 } 1527 1528 return 0; 1529 } 1530 1531 static int 1532 crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1533 { 1534 int i; 1535 X509_NAME *nm = X509_CRL_get_issuer(crl); 1536 1537 /* If no CRLissuer return is successful iff don't need a match */ 1538 if (!dp->CRLissuer) 1539 return !!(crl_score & CRL_SCORE_ISSUER_NAME); 1540 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1541 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1542 if (gen->type != GEN_DIRNAME) 1543 continue; 1544 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1545 return 1; 1546 } 1547 return 0; 1548 } 1549 1550 /* Check CRLDP and IDP */ 1551 1552 static int 1553 crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons) 1554 { 1555 int i; 1556 1557 if (crl->idp_flags & IDP_ONLYATTR) 1558 return 0; 1559 if (x->ex_flags & EXFLAG_CA) { 1560 if (crl->idp_flags & IDP_ONLYUSER) 1561 return 0; 1562 } else { 1563 if (crl->idp_flags & IDP_ONLYCA) 1564 return 0; 1565 } 1566 *preasons = crl->idp_reasons; 1567 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1568 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1569 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1570 if (!crl->idp || 1571 idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1572 *preasons &= dp->dp_reasons; 1573 return 1; 1574 } 1575 } 1576 } 1577 if ((!crl->idp || !crl->idp->distpoint) && 1578 (crl_score & CRL_SCORE_ISSUER_NAME)) 1579 return 1; 1580 return 0; 1581 } 1582 1583 /* Retrieve CRL corresponding to current certificate. 1584 * If deltas enabled try to find a delta CRL too 1585 */ 1586 1587 static int 1588 get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1589 { 1590 int ok; 1591 X509 *issuer = NULL; 1592 int crl_score = 0; 1593 unsigned int reasons; 1594 X509_CRL *crl = NULL, *dcrl = NULL; 1595 STACK_OF(X509_CRL) *skcrl; 1596 X509_NAME *nm = X509_get_issuer_name(x); 1597 1598 reasons = ctx->current_reasons; 1599 ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, 1600 ctx->crls); 1601 if (ok) 1602 goto done; 1603 1604 /* Lookup CRLs from store */ 1605 skcrl = ctx->lookup_crls(ctx, nm); 1606 1607 /* If no CRLs found and a near match from get_crl_sk use that */ 1608 if (!skcrl && crl) 1609 goto done; 1610 1611 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1612 1613 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1614 1615 done: 1616 1617 /* If we got any kind of CRL use it and return success */ 1618 if (crl) { 1619 ctx->current_issuer = issuer; 1620 ctx->current_crl_score = crl_score; 1621 ctx->current_reasons = reasons; 1622 *pcrl = crl; 1623 *pdcrl = dcrl; 1624 return 1; 1625 } 1626 1627 return 0; 1628 } 1629 1630 /* Check CRL validity */ 1631 static int 1632 check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1633 { 1634 X509 *issuer = NULL; 1635 EVP_PKEY *ikey = NULL; 1636 int ok = 0, chnum, cnum; 1637 1638 cnum = ctx->error_depth; 1639 chnum = sk_X509_num(ctx->chain) - 1; 1640 /* if we have an alternative CRL issuer cert use that */ 1641 if (ctx->current_issuer) { 1642 issuer = ctx->current_issuer; 1643 } else if (cnum < chnum) { 1644 /* 1645 * Else find CRL issuer: if not last certificate then issuer 1646 * is next certificate in chain. 1647 */ 1648 issuer = sk_X509_value(ctx->chain, cnum + 1); 1649 } else { 1650 issuer = sk_X509_value(ctx->chain, chnum); 1651 /* If not self signed, can't check signature */ 1652 if (!ctx->check_issued(ctx, issuer, issuer)) { 1653 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1654 ok = ctx->verify_cb(0, ctx); 1655 if (!ok) 1656 goto err; 1657 } 1658 } 1659 1660 if (issuer) { 1661 /* Skip most tests for deltas because they have already 1662 * been done 1663 */ 1664 if (!crl->base_crl_number) { 1665 /* Check for cRLSign bit if keyUsage present */ 1666 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1667 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1668 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1669 ok = ctx->verify_cb(0, ctx); 1670 if (!ok) 1671 goto err; 1672 } 1673 1674 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1675 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1676 ok = ctx->verify_cb(0, ctx); 1677 if (!ok) 1678 goto err; 1679 } 1680 1681 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1682 if (check_crl_path(ctx, 1683 ctx->current_issuer) <= 0) { 1684 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1685 ok = ctx->verify_cb(0, ctx); 1686 if (!ok) 1687 goto err; 1688 } 1689 } 1690 1691 if (crl->idp_flags & IDP_INVALID) { 1692 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1693 ok = ctx->verify_cb(0, ctx); 1694 if (!ok) 1695 goto err; 1696 } 1697 1698 1699 } 1700 1701 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1702 ok = check_crl_time(ctx, crl, 1); 1703 if (!ok) 1704 goto err; 1705 } 1706 1707 /* Attempt to get issuer certificate public key */ 1708 ikey = X509_get_pubkey(issuer); 1709 1710 if (!ikey) { 1711 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1712 ok = ctx->verify_cb(0, ctx); 1713 if (!ok) 1714 goto err; 1715 } else { 1716 /* Verify CRL signature */ 1717 if (X509_CRL_verify(crl, ikey) <= 0) { 1718 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1719 ok = ctx->verify_cb(0, ctx); 1720 if (!ok) 1721 goto err; 1722 } 1723 } 1724 } 1725 1726 ok = 1; 1727 1728 err: 1729 EVP_PKEY_free(ikey); 1730 return ok; 1731 } 1732 1733 /* Check certificate against CRL */ 1734 static int 1735 cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1736 { 1737 int ok; 1738 X509_REVOKED *rev; 1739 1740 /* The rules changed for this... previously if a CRL contained 1741 * unhandled critical extensions it could still be used to indicate 1742 * a certificate was revoked. This has since been changed since 1743 * critical extension can change the meaning of CRL entries. 1744 */ 1745 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 1746 (crl->flags & EXFLAG_CRITICAL)) { 1747 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1748 ok = ctx->verify_cb(0, ctx); 1749 if (!ok) 1750 return 0; 1751 } 1752 /* Look for serial number of certificate in CRL 1753 * If found make sure reason is not removeFromCRL. 1754 */ 1755 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1756 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1757 return 2; 1758 ctx->error = X509_V_ERR_CERT_REVOKED; 1759 ok = ctx->verify_cb(0, ctx); 1760 if (!ok) 1761 return 0; 1762 } 1763 1764 return 1; 1765 } 1766 1767 int 1768 x509_vfy_check_policy(X509_STORE_CTX *ctx) 1769 { 1770 int ret; 1771 1772 if (ctx->parent) 1773 return 1; 1774 1775 /* X509_policy_check always allocates a new tree. */ 1776 X509_policy_tree_free(ctx->tree); 1777 ctx->tree = NULL; 1778 1779 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1780 ctx->param->policies, ctx->param->flags); 1781 if (ret == 0) { 1782 X509error(ERR_R_MALLOC_FAILURE); 1783 return 0; 1784 } 1785 /* Invalid or inconsistent extensions */ 1786 if (ret == -1) { 1787 /* Locate certificates with bad extensions and notify 1788 * callback. 1789 */ 1790 X509 *x; 1791 int i; 1792 for (i = 1; i < sk_X509_num(ctx->chain); i++) { 1793 x = sk_X509_value(ctx->chain, i); 1794 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1795 continue; 1796 ctx->current_cert = x; 1797 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1798 if (!ctx->verify_cb(0, ctx)) 1799 return 0; 1800 } 1801 return 1; 1802 } 1803 if (ret == -2) { 1804 ctx->current_cert = NULL; 1805 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1806 return ctx->verify_cb(0, ctx); 1807 } 1808 1809 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1810 ctx->current_cert = NULL; 1811 ctx->error = X509_V_OK; 1812 if (!ctx->verify_cb(2, ctx)) 1813 return 0; 1814 } 1815 1816 return 1; 1817 } 1818 1819 static int 1820 check_policy(X509_STORE_CTX *ctx) 1821 { 1822 return x509_vfy_check_policy(ctx); 1823 } 1824 1825 /* 1826 * Inform the verify callback of an error. 1827 * 1828 * If x is not NULL it is the error cert, otherwise use the chain cert 1829 * at depth. 1830 * 1831 * If err is not X509_V_OK, that's the error value, otherwise leave 1832 * unchanged (presumably set by the caller). 1833 * 1834 * Returns 0 to abort verification with an error, non-zero to continue. 1835 */ 1836 static int 1837 verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) 1838 { 1839 ctx->error_depth = depth; 1840 ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); 1841 if (err != X509_V_OK) 1842 ctx->error = err; 1843 return ctx->verify_cb(0, ctx); 1844 } 1845 1846 1847 /* Mimic OpenSSL '0 for failure' ick */ 1848 static int 1849 time_t_bogocmp(time_t a, time_t b) 1850 { 1851 if (a == -1 || b == -1) 1852 return 0; 1853 if (a <= b) 1854 return -1; 1855 return 1; 1856 } 1857 1858 /* 1859 * Check certificate validity times. 1860 * 1861 * If depth >= 0, invoke verification callbacks on error, otherwise just return 1862 * the validation status. 1863 * 1864 * Return 1 on success, 0 otherwise. 1865 */ 1866 int 1867 x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) 1868 { 1869 time_t ptime; 1870 int i; 1871 1872 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1873 ptime = ctx->param->check_time; 1874 else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1875 return 1; 1876 else 1877 ptime = time(NULL); 1878 1879 if (x->ex_flags & EXFLAG_SET) 1880 i = time_t_bogocmp(x->not_before, ptime); 1881 else 1882 i = X509_cmp_time(X509_get_notBefore(x), &ptime); 1883 1884 if (i >= 0 && depth < 0) 1885 return 0; 1886 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1887 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) 1888 return 0; 1889 if (i > 0 && !verify_cb_cert(ctx, x, depth, 1890 X509_V_ERR_CERT_NOT_YET_VALID)) 1891 return 0; 1892 1893 if (x->ex_flags & EXFLAG_SET) 1894 i = time_t_bogocmp(x->not_after, ptime); 1895 else 1896 i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1); 1897 1898 if (i <= 0 && depth < 0) 1899 return 0; 1900 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1901 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) 1902 return 0; 1903 if (i < 0 && !verify_cb_cert(ctx, x, depth, 1904 X509_V_ERR_CERT_HAS_EXPIRED)) 1905 return 0; 1906 1907 return 1; 1908 } 1909 1910 static int 1911 x509_vfy_internal_verify(X509_STORE_CTX *ctx, int chain_verified) 1912 { 1913 int n = sk_X509_num(ctx->chain) - 1; 1914 X509 *xi = sk_X509_value(ctx->chain, n); 1915 X509 *xs; 1916 1917 if (ctx->check_issued(ctx, xi, xi)) 1918 xs = xi; 1919 else { 1920 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1921 xs = xi; 1922 goto check_cert; 1923 } 1924 if (n <= 0) 1925 return verify_cb_cert(ctx, xi, 0, 1926 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); 1927 n--; 1928 ctx->error_depth = n; 1929 xs = sk_X509_value(ctx->chain, n); 1930 } 1931 1932 /* 1933 * Do not clear ctx->error=0, it must be "sticky", only the 1934 * user's callback is allowed to reset errors (at its own 1935 * peril). 1936 */ 1937 while (n >= 0) { 1938 1939 /* 1940 * Skip signature check for self signed certificates 1941 * unless explicitly asked for. It doesn't add any 1942 * security and just wastes time. If the issuer's 1943 * public key is unusable, report the issuer 1944 * certificate and its depth (rather than the depth of 1945 * the subject). 1946 */ 1947 if (!chain_verified && ( xs != xi || 1948 (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { 1949 EVP_PKEY *pkey; 1950 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1951 if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, 1952 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) 1953 return 0; 1954 } else if (X509_verify(xs, pkey) <= 0) { 1955 if (!verify_cb_cert(ctx, xs, n, 1956 X509_V_ERR_CERT_SIGNATURE_FAILURE)) { 1957 EVP_PKEY_free(pkey); 1958 return 0; 1959 } 1960 } 1961 EVP_PKEY_free(pkey); 1962 } 1963 check_cert: 1964 /* Calls verify callback as needed */ 1965 if (!chain_verified && !x509_check_cert_time(ctx, xs, n)) 1966 return 0; 1967 1968 /* 1969 * Signal success at this depth. However, the 1970 * previous error (if any) is retained. 1971 */ 1972 ctx->current_issuer = xi; 1973 ctx->current_cert = xs; 1974 ctx->error_depth = n; 1975 if (!ctx->verify_cb(1, ctx)) 1976 return 0; 1977 1978 if (--n >= 0) { 1979 xi = xs; 1980 xs = sk_X509_value(ctx->chain, n); 1981 } 1982 } 1983 return 1; 1984 } 1985 1986 static int 1987 internal_verify(X509_STORE_CTX *ctx) 1988 { 1989 return x509_vfy_internal_verify(ctx, 0); 1990 } 1991 1992 /* 1993 * Internal verify, but with a chain where the verification 1994 * math has already been performed. 1995 */ 1996 int 1997 x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx) 1998 { 1999 return x509_vfy_internal_verify(ctx, 1); 2000 } 2001 2002 int 2003 X509_cmp_current_time(const ASN1_TIME *ctm) 2004 { 2005 return X509_cmp_time(ctm, NULL); 2006 } 2007 2008 /* 2009 * Compare a possibly unvalidated ASN1_TIME string against a time_t 2010 * using RFC 5280 rules for the time string. If *cmp_time is NULL 2011 * the current system time is used. 2012 * 2013 * XXX NOTE that unlike what you expect a "cmp" function to do in C, 2014 * XXX this one is "special", and returns 0 for error. 2015 * 2016 * Returns: 2017 * -1 if the ASN1_time is earlier than OR the same as *cmp_time. 2018 * 1 if the ASN1_time is later than *cmp_time. 2019 * 0 on error. 2020 */ 2021 static int 2022 X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int is_notafter) 2023 { 2024 time_t compare, cert_time; 2025 2026 if (cmp_time == NULL) 2027 compare = time(NULL); 2028 else 2029 compare = *cmp_time; 2030 2031 if ((cert_time = x509_verify_asn1_time_to_time_t(ctm, is_notafter)) == 2032 -1) 2033 return 0; /* invalid time */ 2034 2035 if (cert_time <= compare) 2036 return -1; /* 0 is used for error, so map same to less than */ 2037 2038 return 1; 2039 } 2040 2041 int 2042 X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 2043 { 2044 return X509_cmp_time_internal(ctm, cmp_time, 0); 2045 } 2046 2047 2048 ASN1_TIME * 2049 X509_gmtime_adj(ASN1_TIME *s, long adj) 2050 { 2051 return X509_time_adj(s, adj, NULL); 2052 } 2053 2054 ASN1_TIME * 2055 X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time) 2056 { 2057 return X509_time_adj_ex(s, 0, offset_sec, in_time); 2058 } 2059 2060 ASN1_TIME * 2061 X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time) 2062 { 2063 time_t t; 2064 if (in_time == NULL) 2065 t = time(NULL); 2066 else 2067 t = *in_time; 2068 2069 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 2070 } 2071 2072 int 2073 X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) 2074 { 2075 EVP_PKEY *ktmp = NULL, *ktmp2; 2076 int i, j; 2077 2078 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) 2079 return 1; 2080 2081 for (i = 0; i < sk_X509_num(chain); i++) { 2082 ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); 2083 if (ktmp == NULL) { 2084 X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 2085 return 0; 2086 } 2087 if (!EVP_PKEY_missing_parameters(ktmp)) 2088 break; 2089 else 2090 ktmp = NULL; 2091 } 2092 if (ktmp == NULL) { 2093 X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 2094 return 0; 2095 } 2096 2097 /* first, populate the other certs */ 2098 for (j = i - 1; j >= 0; j--) { 2099 ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j)); 2100 if (!EVP_PKEY_copy_parameters(ktmp2, ktmp)) 2101 return 0; 2102 } 2103 2104 if (pkey != NULL) 2105 if (!EVP_PKEY_copy_parameters(pkey, ktmp)) 2106 return 0; 2107 return 1; 2108 } 2109 2110 int 2111 X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2112 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 2113 { 2114 /* This function is (usually) called only once, by 2115 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ 2116 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, 2117 argl, argp, new_func, dup_func, free_func); 2118 } 2119 2120 int 2121 X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2122 { 2123 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2124 } 2125 2126 void * 2127 X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2128 { 2129 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2130 } 2131 2132 int 2133 X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2134 { 2135 return ctx->error; 2136 } 2137 2138 void 2139 X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2140 { 2141 ctx->error = err; 2142 } 2143 2144 int 2145 X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2146 { 2147 return ctx->error_depth; 2148 } 2149 2150 void 2151 X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) 2152 { 2153 ctx->error_depth = depth; 2154 } 2155 2156 X509 * 2157 X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2158 { 2159 return ctx->current_cert; 2160 } 2161 2162 void 2163 X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) 2164 { 2165 ctx->current_cert = x; 2166 } 2167 2168 STACK_OF(X509) * 2169 X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2170 { 2171 return ctx->chain; 2172 } 2173 2174 STACK_OF(X509) * 2175 X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs) 2176 { 2177 return xs->chain; 2178 } 2179 2180 STACK_OF(X509) * 2181 X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2182 { 2183 int i; 2184 X509 *x; 2185 STACK_OF(X509) *chain; 2186 2187 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) 2188 return NULL; 2189 for (i = 0; i < sk_X509_num(chain); i++) { 2190 x = sk_X509_value(chain, i); 2191 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 2192 } 2193 return chain; 2194 } 2195 2196 X509 * 2197 X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2198 { 2199 return ctx->current_issuer; 2200 } 2201 2202 X509_CRL * 2203 X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2204 { 2205 return ctx->current_crl; 2206 } 2207 2208 X509_STORE_CTX * 2209 X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2210 { 2211 return ctx->parent; 2212 } 2213 2214 X509_STORE * 2215 X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) 2216 { 2217 return xs->store; 2218 } 2219 2220 void 2221 X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2222 { 2223 ctx->cert = x; 2224 } 2225 2226 void 2227 X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2228 { 2229 ctx->untrusted = sk; 2230 } 2231 2232 void 2233 X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2234 { 2235 ctx->crls = sk; 2236 } 2237 2238 int 2239 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2240 { 2241 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2242 } 2243 2244 int 2245 X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2246 { 2247 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2248 } 2249 2250 /* This function is used to set the X509_STORE_CTX purpose and trust 2251 * values. This is intended to be used when another structure has its 2252 * own trust and purpose values which (if set) will be inherited by 2253 * the ctx. If they aren't set then we will usually have a default 2254 * purpose in mind which should then be used to set the trust value. 2255 * An example of this is SSL use: an SSL structure will have its own 2256 * purpose and trust settings which the application can set: if they 2257 * aren't set then we use the default of SSL client/server. 2258 */ 2259 2260 int 2261 X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2262 int purpose, int trust) 2263 { 2264 int idx; 2265 2266 /* If purpose not set use default */ 2267 if (!purpose) 2268 purpose = def_purpose; 2269 /* If we have a purpose then check it is valid */ 2270 if (purpose) { 2271 X509_PURPOSE *ptmp; 2272 idx = X509_PURPOSE_get_by_id(purpose); 2273 if (idx == -1) { 2274 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2275 return 0; 2276 } 2277 ptmp = X509_PURPOSE_get0(idx); 2278 if (ptmp->trust == X509_TRUST_DEFAULT) { 2279 idx = X509_PURPOSE_get_by_id(def_purpose); 2280 if (idx == -1) { 2281 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2282 return 0; 2283 } 2284 ptmp = X509_PURPOSE_get0(idx); 2285 } 2286 /* If trust not set then get from purpose default */ 2287 if (!trust) 2288 trust = ptmp->trust; 2289 } 2290 if (trust) { 2291 idx = X509_TRUST_get_by_id(trust); 2292 if (idx == -1) { 2293 X509error(X509_R_UNKNOWN_TRUST_ID); 2294 return 0; 2295 } 2296 } 2297 2298 if (purpose && !ctx->param->purpose) 2299 ctx->param->purpose = purpose; 2300 if (trust && !ctx->param->trust) 2301 ctx->param->trust = trust; 2302 return 1; 2303 } 2304 2305 X509_STORE_CTX * 2306 X509_STORE_CTX_new(void) 2307 { 2308 X509_STORE_CTX *ctx; 2309 2310 ctx = calloc(1, sizeof(X509_STORE_CTX)); 2311 if (!ctx) { 2312 X509error(ERR_R_MALLOC_FAILURE); 2313 return NULL; 2314 } 2315 return ctx; 2316 } 2317 2318 void 2319 X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2320 { 2321 if (ctx == NULL) 2322 return; 2323 2324 X509_STORE_CTX_cleanup(ctx); 2325 free(ctx); 2326 } 2327 2328 int 2329 X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2330 STACK_OF(X509) *chain) 2331 { 2332 int param_ret = 1; 2333 2334 /* 2335 * Make sure everything is initialized properly even in case of an 2336 * early return due to an error. 2337 * 2338 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have 2339 * freed everything and memset ex_data anyway. This also allows us 2340 * to safely use X509_STORE_CTX variables from the stack which will 2341 * have uninitialized data. 2342 */ 2343 memset(ctx, 0, sizeof(*ctx)); 2344 2345 /* 2346 * Start with this set to not valid - it will be set to valid 2347 * in X509_verify_cert. 2348 */ 2349 ctx->error = X509_V_ERR_INVALID_CALL; 2350 2351 /* 2352 * Set values other than 0. Keep this in the same order as 2353 * X509_STORE_CTX except for values that may fail. All fields that 2354 * may fail should go last to make sure 'ctx' is as consistent as 2355 * possible even on early exits. 2356 */ 2357 ctx->store = store; 2358 ctx->cert = x509; 2359 ctx->untrusted = chain; 2360 2361 if (store && store->verify) 2362 ctx->verify = store->verify; 2363 else 2364 ctx->verify = internal_verify; 2365 2366 if (store && store->verify_cb) 2367 ctx->verify_cb = store->verify_cb; 2368 else 2369 ctx->verify_cb = null_callback; 2370 2371 if (store && store->get_issuer) 2372 ctx->get_issuer = store->get_issuer; 2373 else 2374 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2375 2376 if (store && store->check_issued) 2377 ctx->check_issued = store->check_issued; 2378 else 2379 ctx->check_issued = check_issued; 2380 2381 if (store && store->check_revocation) 2382 ctx->check_revocation = store->check_revocation; 2383 else 2384 ctx->check_revocation = check_revocation; 2385 2386 if (store && store->get_crl) 2387 ctx->get_crl = store->get_crl; 2388 else 2389 ctx->get_crl = NULL; 2390 2391 if (store && store->check_crl) 2392 ctx->check_crl = store->check_crl; 2393 else 2394 ctx->check_crl = check_crl; 2395 2396 if (store && store->cert_crl) 2397 ctx->cert_crl = store->cert_crl; 2398 else 2399 ctx->cert_crl = cert_crl; 2400 2401 ctx->check_policy = check_policy; 2402 2403 if (store && store->lookup_certs) 2404 ctx->lookup_certs = store->lookup_certs; 2405 else 2406 ctx->lookup_certs = X509_STORE_get1_certs; 2407 2408 if (store && store->lookup_crls) 2409 ctx->lookup_crls = store->lookup_crls; 2410 else 2411 ctx->lookup_crls = X509_STORE_get1_crls; 2412 2413 if (store && store->cleanup) 2414 ctx->cleanup = store->cleanup; 2415 else 2416 ctx->cleanup = NULL; 2417 2418 ctx->param = X509_VERIFY_PARAM_new(); 2419 if (!ctx->param) { 2420 X509error(ERR_R_MALLOC_FAILURE); 2421 return 0; 2422 } 2423 2424 /* Inherit callbacks and flags from X509_STORE if not set 2425 * use defaults. 2426 */ 2427 if (store) 2428 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2429 else 2430 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; 2431 2432 if (param_ret) 2433 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, 2434 X509_VERIFY_PARAM_lookup("default")); 2435 2436 if (param_ret == 0) { 2437 X509error(ERR_R_MALLOC_FAILURE); 2438 return 0; 2439 } 2440 2441 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2442 &(ctx->ex_data)) == 0) { 2443 X509error(ERR_R_MALLOC_FAILURE); 2444 return 0; 2445 } 2446 return 1; 2447 } 2448 2449 /* Set alternative lookup method: just a STACK of trusted certificates. 2450 * This avoids X509_STORE nastiness where it isn't needed. 2451 */ 2452 2453 void 2454 X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2455 { 2456 ctx->other_ctx = sk; 2457 ctx->get_issuer = get_issuer_sk; 2458 } 2459 2460 void 2461 X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2462 { 2463 X509_STORE_CTX_trusted_stack(ctx, sk); 2464 } 2465 2466 void 2467 X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2468 { 2469 if (ctx->cleanup) 2470 ctx->cleanup(ctx); 2471 if (ctx->param != NULL) { 2472 if (ctx->parent == NULL) 2473 X509_VERIFY_PARAM_free(ctx->param); 2474 ctx->param = NULL; 2475 } 2476 if (ctx->tree != NULL) { 2477 X509_policy_tree_free(ctx->tree); 2478 ctx->tree = NULL; 2479 } 2480 if (ctx->chain != NULL) { 2481 sk_X509_pop_free(ctx->chain, X509_free); 2482 ctx->chain = NULL; 2483 } 2484 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, 2485 ctx, &(ctx->ex_data)); 2486 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2487 } 2488 2489 void 2490 X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2491 { 2492 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2493 } 2494 2495 void 2496 X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2497 { 2498 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2499 } 2500 2501 void 2502 X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) 2503 { 2504 X509_VERIFY_PARAM_set_time(ctx->param, t); 2505 } 2506 2507 int 2508 (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *) 2509 { 2510 return ctx->verify_cb; 2511 } 2512 2513 void 2514 X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2515 int (*verify_cb)(int, X509_STORE_CTX *)) 2516 { 2517 ctx->verify_cb = verify_cb; 2518 } 2519 2520 int 2521 (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *) 2522 { 2523 return ctx->verify; 2524 } 2525 2526 void 2527 X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, int (*verify)(X509_STORE_CTX *)) 2528 { 2529 ctx->verify = verify; 2530 } 2531 2532 X509 * 2533 X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) 2534 { 2535 return ctx->cert; 2536 } 2537 2538 STACK_OF(X509) * 2539 X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) 2540 { 2541 return ctx->untrusted; 2542 } 2543 2544 void 2545 X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2546 { 2547 ctx->untrusted = sk; 2548 } 2549 2550 void 2551 X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2552 { 2553 sk_X509_pop_free(ctx->chain, X509_free); 2554 ctx->chain = sk; 2555 } 2556 2557 X509_POLICY_TREE * 2558 X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2559 { 2560 return ctx->tree; 2561 } 2562 2563 int 2564 X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2565 { 2566 return ctx->explicit_policy; 2567 } 2568 2569 int 2570 X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) 2571 { 2572 return ctx->num_untrusted; 2573 } 2574 2575 int 2576 X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2577 { 2578 const X509_VERIFY_PARAM *param; 2579 param = X509_VERIFY_PARAM_lookup(name); 2580 if (!param) 2581 return 0; 2582 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2583 } 2584 2585 X509_VERIFY_PARAM * 2586 X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2587 { 2588 return ctx->param; 2589 } 2590 2591 void 2592 X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2593 { 2594 if (ctx->param) 2595 X509_VERIFY_PARAM_free(ctx->param); 2596 ctx->param = param; 2597 } 2598