1 /* $OpenBSD: x509_vfy.c,v 1.125 2023/06/08 22:02:40 beck Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <errno.h> 60 #include <stdio.h> 61 #include <string.h> 62 #include <time.h> 63 #include <unistd.h> 64 65 #include <openssl/opensslconf.h> 66 67 #include <openssl/asn1.h> 68 #include <openssl/buffer.h> 69 #include <openssl/crypto.h> 70 #include <openssl/err.h> 71 #include <openssl/evp.h> 72 #include <openssl/lhash.h> 73 #include <openssl/objects.h> 74 #include <openssl/x509.h> 75 #include <openssl/x509v3.h> 76 77 #include "asn1_local.h" 78 #include "x509_internal.h" 79 #include "x509_local.h" 80 81 /* CRL score values */ 82 83 /* No unhandled critical extensions */ 84 85 #define CRL_SCORE_NOCRITICAL 0x100 86 87 /* certificate is within CRL scope */ 88 89 #define CRL_SCORE_SCOPE 0x080 90 91 /* CRL times valid */ 92 93 #define CRL_SCORE_TIME 0x040 94 95 /* Issuer name matches certificate */ 96 97 #define CRL_SCORE_ISSUER_NAME 0x020 98 99 /* If this score or above CRL is probably valid */ 100 101 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 102 103 /* CRL issuer is certificate issuer */ 104 105 #define CRL_SCORE_ISSUER_CERT 0x018 106 107 /* CRL issuer is on certificate path */ 108 109 #define CRL_SCORE_SAME_PATH 0x008 110 111 /* CRL issuer matches CRL AKID */ 112 113 #define CRL_SCORE_AKID 0x004 114 115 /* Have a delta CRL with valid times */ 116 117 #define CRL_SCORE_TIME_DELTA 0x002 118 119 static int null_callback(int ok, X509_STORE_CTX *e); 120 static int check_issued(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer); 121 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 122 int allow_expired); 123 static int check_chain_extensions(X509_STORE_CTX *ctx); 124 static int check_name_constraints(X509_STORE_CTX *ctx); 125 static int check_trust(X509_STORE_CTX *ctx); 126 static int check_revocation(X509_STORE_CTX *ctx); 127 static int check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth); 128 static int check_policy(X509_STORE_CTX *ctx); 129 130 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 131 unsigned int *preasons, X509_CRL *crl, X509 *x); 132 static int get_crl_delta(X509_STORE_CTX *ctx, 133 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 134 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, 135 X509_CRL *base, STACK_OF(X509_CRL) *crls); 136 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 137 int *pcrl_score); 138 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 139 unsigned int *preasons); 140 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 141 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 142 STACK_OF(X509) *crl_path); 143 static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, 144 int clamp_notafter); 145 146 static int internal_verify(X509_STORE_CTX *ctx); 147 static int get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); 148 static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); 149 static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err); 150 151 int ASN1_time_tm_clamp_notafter(struct tm *tm); 152 153 static int 154 null_callback(int ok, X509_STORE_CTX *e) 155 { 156 return ok; 157 } 158 159 /* Return 1 if a certificate is self signed */ 160 static int 161 cert_self_signed(X509 *x) 162 { 163 X509_check_purpose(x, -1, 0); 164 if (x->ex_flags & EXFLAG_SS) 165 return 1; 166 else 167 return 0; 168 } 169 170 static int 171 check_id_error(X509_STORE_CTX *ctx, int errcode) 172 { 173 ctx->error = errcode; 174 ctx->current_cert = ctx->cert; 175 ctx->error_depth = 0; 176 return ctx->verify_cb(0, ctx); 177 } 178 179 static int 180 check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) 181 { 182 int i, n; 183 char *name; 184 185 n = sk_OPENSSL_STRING_num(vpm->hosts); 186 free(vpm->peername); 187 vpm->peername = NULL; 188 189 for (i = 0; i < n; ++i) { 190 name = sk_OPENSSL_STRING_value(vpm->hosts, i); 191 if (X509_check_host(x, name, strlen(name), vpm->hostflags, 192 &vpm->peername) > 0) 193 return 1; 194 } 195 return n == 0; 196 } 197 198 static int 199 check_id(X509_STORE_CTX *ctx) 200 { 201 X509_VERIFY_PARAM *vpm = ctx->param; 202 X509 *x = ctx->cert; 203 204 if (vpm->hosts && check_hosts(x, vpm) <= 0) { 205 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 206 return 0; 207 } 208 if (vpm->email != NULL && X509_check_email(x, vpm->email, vpm->emaillen, 0) 209 <= 0) { 210 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 211 return 0; 212 } 213 if (vpm->ip != NULL && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) { 214 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 215 return 0; 216 } 217 return 1; 218 } 219 220 int 221 x509_vfy_check_id(X509_STORE_CTX *ctx) { 222 return check_id(ctx); 223 } 224 225 /* 226 * This is the effectively broken legacy OpenSSL chain builder. It 227 * might find an unvalidated chain and leave it sitting in 228 * ctx->chain. It does not correctly handle many cases where multiple 229 * chains could exist. 230 * 231 * Oh no.. I know a dirty word... 232 * Oooooooh.. 233 */ 234 static int 235 X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) 236 { 237 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 238 int bad_chain = 0; 239 X509_VERIFY_PARAM *param = ctx->param; 240 int ok = 0, ret = 0; 241 int depth, i; 242 int num, j, retry, trust; 243 int (*cb) (int xok, X509_STORE_CTX *xctx); 244 STACK_OF(X509) *sktmp = NULL; 245 246 cb = ctx->verify_cb; 247 248 /* 249 * First we make sure the chain we are going to build is 250 * present and that the first entry is in place. 251 */ 252 ctx->chain = sk_X509_new_null(); 253 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { 254 X509error(ERR_R_MALLOC_FAILURE); 255 ctx->error = X509_V_ERR_OUT_OF_MEM; 256 goto end; 257 } 258 X509_up_ref(ctx->cert); 259 ctx->num_untrusted = 1; 260 261 /* We use a temporary STACK so we can chop and hack at it */ 262 if (ctx->untrusted != NULL && 263 (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 264 X509error(ERR_R_MALLOC_FAILURE); 265 ctx->error = X509_V_ERR_OUT_OF_MEM; 266 goto end; 267 } 268 269 num = sk_X509_num(ctx->chain); 270 x = sk_X509_value(ctx->chain, num - 1); 271 depth = param->depth; 272 273 for (;;) { 274 /* If we have enough, we break */ 275 /* FIXME: If this happens, we should take 276 * note of it and, if appropriate, use the 277 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 278 * later. 279 */ 280 if (depth < num) 281 break; 282 /* If we are self signed, we break */ 283 if (cert_self_signed(x)) 284 break; 285 /* 286 * If asked see if we can find issuer in trusted store first 287 */ 288 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 289 ok = ctx->get_issuer(&xtmp, ctx, x); 290 if (ok < 0) { 291 ctx->error = X509_V_ERR_STORE_LOOKUP; 292 goto end; 293 } 294 /* 295 * If successful for now free up cert so it 296 * will be picked up again later. 297 */ 298 if (ok > 0) { 299 X509_free(xtmp); 300 break; 301 } 302 } 303 /* If we were passed a cert chain, use it first */ 304 if (ctx->untrusted != NULL) { 305 /* 306 * If we do not find a non-expired untrusted cert, peek 307 * ahead and see if we can satisfy this from the trusted 308 * store. If not, see if we have an expired untrusted cert. 309 */ 310 xtmp = find_issuer(ctx, sktmp, x, 0); 311 if (xtmp == NULL && 312 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)) { 313 ok = ctx->get_issuer(&xtmp, ctx, x); 314 if (ok < 0) { 315 ctx->error = X509_V_ERR_STORE_LOOKUP; 316 goto end; 317 } 318 if (ok > 0) { 319 X509_free(xtmp); 320 break; 321 } 322 xtmp = find_issuer(ctx, sktmp, x, 1); 323 } 324 if (xtmp != NULL) { 325 if (!sk_X509_push(ctx->chain, xtmp)) { 326 X509error(ERR_R_MALLOC_FAILURE); 327 ctx->error = X509_V_ERR_OUT_OF_MEM; 328 ok = 0; 329 goto end; 330 } 331 X509_up_ref(xtmp); 332 (void)sk_X509_delete_ptr(sktmp, xtmp); 333 ctx->num_untrusted++; 334 x = xtmp; 335 num++; 336 /* 337 * reparse the full chain for the next one 338 */ 339 continue; 340 } 341 } 342 break; 343 } 344 /* Remember how many untrusted certs we have */ 345 j = num; 346 347 /* 348 * At this point, chain should contain a list of untrusted 349 * certificates. We now need to add at least one trusted one, 350 * if possible, otherwise we complain. 351 */ 352 353 do { 354 /* 355 * Examine last certificate in chain and see if it is 356 * self signed. 357 */ 358 i = sk_X509_num(ctx->chain); 359 x = sk_X509_value(ctx->chain, i - 1); 360 if (cert_self_signed(x)) { 361 /* we have a self signed certificate */ 362 if (i == 1) { 363 /* 364 * We have a single self signed 365 * certificate: see if we can find it 366 * in the store. We must have an exact 367 * match to avoid possible 368 * impersonation. 369 */ 370 ok = ctx->get_issuer(&xtmp, ctx, x); 371 if ((ok <= 0) || X509_cmp(x, xtmp)) { 372 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 373 ctx->current_cert = x; 374 ctx->error_depth = i - 1; 375 if (ok == 1) 376 X509_free(xtmp); 377 bad_chain = 1; 378 ok = cb(0, ctx); 379 if (!ok) 380 goto end; 381 } else { 382 /* 383 * We have a match: replace 384 * certificate with store 385 * version so we get any trust 386 * settings. 387 */ 388 X509_free(x); 389 x = xtmp; 390 (void)sk_X509_set(ctx->chain, i - 1, x); 391 ctx->num_untrusted = 0; 392 } 393 } else { 394 /* 395 * extract and save self signed 396 * certificate for later use 397 */ 398 chain_ss = sk_X509_pop(ctx->chain); 399 ctx->num_untrusted--; 400 num--; 401 j--; 402 x = sk_X509_value(ctx->chain, num - 1); 403 } 404 } 405 /* We now lookup certs from the certificate store */ 406 for (;;) { 407 /* If we have enough, we break */ 408 if (depth < num) 409 break; 410 /* If we are self signed, we break */ 411 if (cert_self_signed(x)) 412 break; 413 ok = ctx->get_issuer(&xtmp, ctx, x); 414 415 if (ok < 0) { 416 ctx->error = X509_V_ERR_STORE_LOOKUP; 417 goto end; 418 } 419 if (ok == 0) 420 break; 421 x = xtmp; 422 if (!sk_X509_push(ctx->chain, x)) { 423 X509_free(xtmp); 424 X509error(ERR_R_MALLOC_FAILURE); 425 ctx->error = X509_V_ERR_OUT_OF_MEM; 426 ok = 0; 427 goto end; 428 } 429 num++; 430 } 431 432 /* we now have our chain, lets check it... */ 433 trust = check_trust(ctx); 434 435 /* If explicitly rejected error */ 436 if (trust == X509_TRUST_REJECTED) { 437 ok = 0; 438 goto end; 439 } 440 /* 441 * If it's not explicitly trusted then check if there 442 * is an alternative chain that could be used. We only 443 * do this if we haven't already checked via 444 * TRUSTED_FIRST and the user hasn't switched off 445 * alternate chain checking 446 */ 447 retry = 0; 448 if (trust != X509_TRUST_TRUSTED && 449 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && 450 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 451 while (j-- > 1) { 452 xtmp2 = sk_X509_value(ctx->chain, j - 1); 453 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 454 if (ok < 0) 455 goto end; 456 /* Check if we found an alternate chain */ 457 if (ok > 0) { 458 /* 459 * Free up the found cert 460 * we'll add it again later 461 */ 462 X509_free(xtmp); 463 /* 464 * Dump all the certs above 465 * this point - we've found an 466 * alternate chain 467 */ 468 while (num > j) { 469 xtmp = sk_X509_pop(ctx->chain); 470 X509_free(xtmp); 471 num--; 472 } 473 ctx->num_untrusted = sk_X509_num(ctx->chain); 474 retry = 1; 475 break; 476 } 477 } 478 } 479 } while (retry); 480 481 /* 482 * If not explicitly trusted then indicate error unless it's a single 483 * self signed certificate in which case we've indicated an error already 484 * and set bad_chain == 1 485 */ 486 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 487 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 488 if (ctx->num_untrusted >= num) 489 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 490 else 491 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 492 ctx->current_cert = x; 493 } else { 494 if (!sk_X509_push(ctx->chain, chain_ss)) { 495 X509error(ERR_R_MALLOC_FAILURE); 496 ctx->error = X509_V_ERR_OUT_OF_MEM; 497 ok = 0; 498 goto end; 499 } 500 num++; 501 ctx->num_untrusted = num; 502 ctx->current_cert = chain_ss; 503 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 504 chain_ss = NULL; 505 } 506 507 ctx->error_depth = num - 1; 508 bad_chain = 1; 509 ok = cb(0, ctx); 510 if (!ok) 511 goto end; 512 } 513 514 ret = 1; 515 end: 516 sk_X509_free(sktmp); 517 X509_free(chain_ss); 518 *bad = bad_chain; 519 *out_ok = ok; 520 521 return ret; 522 } 523 524 static int 525 X509_verify_cert_legacy(X509_STORE_CTX *ctx) 526 { 527 int ok = 0, bad_chain; 528 529 ctx->error = X509_V_OK; /* Initialize to OK */ 530 531 if (!X509_verify_cert_legacy_build_chain(ctx, &bad_chain, &ok)) 532 goto end; 533 534 /* We have the chain complete: now we need to check its purpose */ 535 ok = check_chain_extensions(ctx); 536 if (!ok) 537 goto end; 538 539 /* Check that the chain satisfies the security level. */ 540 ok = x509_vfy_check_security_level(ctx); 541 if (!ok) 542 goto end; 543 544 /* Check name constraints */ 545 ok = check_name_constraints(ctx); 546 if (!ok) 547 goto end; 548 549 #ifndef OPENSSL_NO_RFC3779 550 ok = X509v3_asid_validate_path(ctx); 551 if (!ok) 552 goto end; 553 554 ok = X509v3_addr_validate_path(ctx); 555 if (!ok) 556 goto end; 557 #endif 558 559 ok = check_id(ctx); 560 if (!ok) 561 goto end; 562 563 /* 564 * Check revocation status: we do this after copying parameters because 565 * they may be needed for CRL signature verification. 566 */ 567 ok = ctx->check_revocation(ctx); 568 if (!ok) 569 goto end; 570 571 /* At this point, we have a chain and need to verify it */ 572 if (ctx->verify != NULL) 573 ok = ctx->verify(ctx); 574 else 575 ok = internal_verify(ctx); 576 if (!ok) 577 goto end; 578 579 /* If we get this far evaluate policies */ 580 if (!bad_chain) 581 ok = ctx->check_policy(ctx); 582 583 end: 584 /* Safety net, error returns must set ctx->error */ 585 if (ok <= 0 && ctx->error == X509_V_OK) 586 ctx->error = X509_V_ERR_UNSPECIFIED; 587 588 return ok; 589 } 590 591 int 592 X509_verify_cert(X509_STORE_CTX *ctx) 593 { 594 struct x509_verify_ctx *vctx = NULL; 595 int chain_count = 0; 596 597 if (ctx->cert == NULL) { 598 X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 599 ctx->error = X509_V_ERR_INVALID_CALL; 600 return -1; 601 } 602 if (ctx->chain != NULL) { 603 /* 604 * This X509_STORE_CTX has already been used to verify 605 * a cert. We cannot do another one. 606 */ 607 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 608 ctx->error = X509_V_ERR_INVALID_CALL; 609 return -1; 610 } 611 if (ctx->param->poisoned) { 612 /* 613 * This X509_STORE_CTX had failures setting 614 * up verify parameters. We can not use it. 615 */ 616 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 617 ctx->error = X509_V_ERR_INVALID_CALL; 618 return -1; 619 } 620 if (ctx->error != X509_V_ERR_INVALID_CALL) { 621 /* 622 * This X509_STORE_CTX has not been properly initialized. 623 */ 624 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 625 ctx->error = X509_V_ERR_INVALID_CALL; 626 return -1; 627 } 628 629 /* 630 * If the certificate's public key is too weak, don't bother 631 * continuing. 632 */ 633 if (!check_key_level(ctx, ctx->cert) && 634 !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL)) 635 return 0; 636 637 /* 638 * If flags request legacy, use the legacy verifier. If we 639 * requested "no alt chains" from the age of hammer pants, use 640 * the legacy verifier because the multi chain verifier really 641 * does find all the "alt chains". 642 * 643 * XXX deprecate the NO_ALT_CHAINS flag? 644 */ 645 if ((ctx->param->flags & X509_V_FLAG_LEGACY_VERIFY) || 646 (ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) 647 return X509_verify_cert_legacy(ctx); 648 649 /* Use the modern multi-chain verifier from x509_verify_cert */ 650 651 if ((vctx = x509_verify_ctx_new_from_xsc(ctx)) != NULL) { 652 ctx->error = X509_V_OK; /* Initialize to OK */ 653 chain_count = x509_verify(vctx, NULL, NULL); 654 } 655 x509_verify_ctx_free(vctx); 656 657 /* if we succeed we have a chain in ctx->chain */ 658 return (chain_count > 0 && ctx->chain != NULL); 659 } 660 LCRYPTO_ALIAS(X509_verify_cert); 661 662 /* Given a STACK_OF(X509) find the issuer of cert (if any) 663 */ 664 665 static X509 * 666 find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 667 int allow_expired) 668 { 669 int i; 670 X509 *issuer, *rv = NULL; 671 672 for (i = 0; i < sk_X509_num(sk); i++) { 673 issuer = sk_X509_value(sk, i); 674 if (ctx->check_issued(ctx, x, issuer)) { 675 if (x509_check_cert_time(ctx, issuer, -1)) 676 return issuer; 677 if (allow_expired) 678 rv = issuer; 679 } 680 } 681 return rv; 682 } 683 684 /* Given a possible certificate and issuer check them */ 685 686 static int 687 check_issued(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer) 688 { 689 /* 690 * Yes, the arguments of X509_STORE_CTX_check_issued_fn were exposed in 691 * reverse order compared to the already public X509_check_issued()... 692 */ 693 return X509_check_issued(issuer, subject) == X509_V_OK; 694 } 695 696 /* Alternative lookup method: look from a STACK stored in ctx->trusted */ 697 698 static int 699 get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 700 { 701 *issuer = find_issuer(ctx, ctx->trusted, x, 1); 702 if (*issuer) { 703 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 704 return 1; 705 } else 706 return 0; 707 } 708 709 /* Check a certificate chains extensions for consistency 710 * with the supplied purpose 711 */ 712 713 int 714 x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) 715 { 716 #ifdef OPENSSL_NO_CHAIN_VERIFY 717 return 1; 718 #else 719 int i, ok = 0, must_be_ca, plen = 0; 720 X509 *x; 721 int (*cb)(int xok, X509_STORE_CTX *xctx); 722 int proxy_path_length = 0; 723 int purpose; 724 725 cb = ctx->verify_cb; 726 727 /* must_be_ca can have 1 of 3 values: 728 -1: we accept both CA and non-CA certificates, to allow direct 729 use of self-signed certificates (which are marked as CA). 730 0: we only accept non-CA certificates. This is currently not 731 used, but the possibility is present for future extensions. 732 1: we only accept CA certificates. This is currently used for 733 all certificates in the chain except the leaf certificate. 734 */ 735 must_be_ca = -1; 736 737 /* CRL path validation */ 738 if (ctx->parent) 739 purpose = X509_PURPOSE_CRL_SIGN; 740 else 741 purpose = ctx->param->purpose; 742 743 /* Check all untrusted certificates */ 744 for (i = 0; i < ctx->num_untrusted; i++) { 745 int ret; 746 x = sk_X509_value(ctx->chain, i); 747 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 748 (x->ex_flags & EXFLAG_CRITICAL)) { 749 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 750 ctx->error_depth = i; 751 ctx->current_cert = x; 752 ok = cb(0, ctx); 753 if (!ok) 754 goto end; 755 } 756 ret = X509_check_ca(x); 757 if (must_be_ca == -1) { 758 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 759 (ret != 1) && (ret != 0)) { 760 ret = 0; 761 ctx->error = X509_V_ERR_INVALID_CA; 762 } else 763 ret = 1; 764 } else { 765 if ((ret == 0) || 766 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 767 (ret != 1))) { 768 ret = 0; 769 ctx->error = X509_V_ERR_INVALID_CA; 770 } else 771 ret = 1; 772 } 773 if (ret == 0) { 774 ctx->error_depth = i; 775 ctx->current_cert = x; 776 ok = cb(0, ctx); 777 if (!ok) 778 goto end; 779 } 780 if (ctx->param->purpose > 0) { 781 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 782 if ((ret == 0) || 783 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 784 (ret != 1))) { 785 ctx->error = X509_V_ERR_INVALID_PURPOSE; 786 ctx->error_depth = i; 787 ctx->current_cert = x; 788 ok = cb(0, ctx); 789 if (!ok) 790 goto end; 791 } 792 } 793 /* Check pathlen if not self issued */ 794 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) && 795 (x->ex_pathlen != -1) && 796 (plen > (x->ex_pathlen + proxy_path_length + 1))) { 797 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 798 ctx->error_depth = i; 799 ctx->current_cert = x; 800 ok = cb(0, ctx); 801 if (!ok) 802 goto end; 803 } 804 /* Increment path length if not self issued */ 805 if (!(x->ex_flags & EXFLAG_SI)) 806 plen++; 807 must_be_ca = 1; 808 } 809 ok = 1; 810 811 end: 812 return ok; 813 #endif 814 } 815 816 static int 817 check_chain_extensions(X509_STORE_CTX *ctx) { 818 return x509_vfy_check_chain_extensions(ctx); 819 } 820 821 static int 822 check_name_constraints(X509_STORE_CTX *ctx) 823 { 824 if (!x509_constraints_chain(ctx->chain, &ctx->error, 825 &ctx->error_depth)) { 826 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); 827 if (!ctx->verify_cb(0, ctx)) 828 return 0; 829 } 830 return 1; 831 } 832 833 /* Given a certificate try and find an exact match in the store */ 834 835 static X509 * 836 lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 837 { 838 STACK_OF(X509) *certs; 839 X509 *xtmp = NULL; 840 size_t i; 841 842 /* Lookup all certs with matching subject name */ 843 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 844 if (certs == NULL) 845 return NULL; 846 847 /* Look for exact match */ 848 for (i = 0; i < sk_X509_num(certs); i++) { 849 xtmp = sk_X509_value(certs, i); 850 if (!X509_cmp(xtmp, x)) 851 break; 852 } 853 854 if (i < sk_X509_num(certs)) 855 X509_up_ref(xtmp); 856 else 857 xtmp = NULL; 858 859 sk_X509_pop_free(certs, X509_free); 860 return xtmp; 861 } 862 863 X509 * 864 x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 865 { 866 if (ctx->lookup_certs == NULL || ctx->store == NULL || 867 ctx->store->objs == NULL) 868 return NULL; 869 return lookup_cert_match(ctx, x); 870 } 871 872 static int 873 check_trust(X509_STORE_CTX *ctx) 874 { 875 size_t i; 876 int ok; 877 X509 *x = NULL; 878 int (*cb) (int xok, X509_STORE_CTX *xctx); 879 880 cb = ctx->verify_cb; 881 /* Check all trusted certificates in chain */ 882 for (i = ctx->num_untrusted; i < sk_X509_num(ctx->chain); i++) { 883 x = sk_X509_value(ctx->chain, i); 884 ok = X509_check_trust(x, ctx->param->trust, 0); 885 886 /* If explicitly trusted return trusted */ 887 if (ok == X509_TRUST_TRUSTED) 888 return X509_TRUST_TRUSTED; 889 /* 890 * If explicitly rejected notify callback and reject if not 891 * overridden. 892 */ 893 if (ok == X509_TRUST_REJECTED) { 894 ctx->error_depth = i; 895 ctx->current_cert = x; 896 ctx->error = X509_V_ERR_CERT_REJECTED; 897 ok = cb(0, ctx); 898 if (!ok) 899 return X509_TRUST_REJECTED; 900 } 901 } 902 /* 903 * If we accept partial chains and have at least one trusted certificate 904 * return success. 905 */ 906 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 907 X509 *mx; 908 if (ctx->num_untrusted < (int)sk_X509_num(ctx->chain)) 909 return X509_TRUST_TRUSTED; 910 x = sk_X509_value(ctx->chain, 0); 911 mx = lookup_cert_match(ctx, x); 912 if (mx) { 913 (void)sk_X509_set(ctx->chain, 0, mx); 914 X509_free(x); 915 ctx->num_untrusted = 0; 916 return X509_TRUST_TRUSTED; 917 } 918 } 919 920 /* 921 * If no trusted certs in chain at all return untrusted and allow 922 * standard (no issuer cert) etc errors to be indicated. 923 */ 924 return X509_TRUST_UNTRUSTED; 925 } 926 927 int 928 x509_vfy_check_trust(X509_STORE_CTX *ctx) 929 { 930 return check_trust(ctx); 931 } 932 933 static int 934 check_revocation(X509_STORE_CTX *ctx) 935 { 936 int i, last, ok; 937 938 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 939 return 1; 940 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 941 last = sk_X509_num(ctx->chain) - 1; 942 else { 943 /* If checking CRL paths this isn't the EE certificate */ 944 if (ctx->parent) 945 return 1; 946 last = 0; 947 } 948 for (i = 0; i <= last; i++) { 949 ok = check_cert(ctx, ctx->chain, i); 950 if (!ok) 951 return ok; 952 } 953 return 1; 954 } 955 956 int 957 x509_vfy_check_revocation(X509_STORE_CTX *ctx) 958 { 959 return check_revocation(ctx); 960 } 961 962 static int 963 check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth) 964 { 965 X509_CRL *crl = NULL, *dcrl = NULL; 966 X509 *x; 967 int ok = 0, cnum; 968 unsigned int last_reasons; 969 970 cnum = ctx->error_depth = depth; 971 x = sk_X509_value(chain, cnum); 972 ctx->current_cert = x; 973 ctx->current_issuer = NULL; 974 ctx->current_crl_score = 0; 975 ctx->current_reasons = 0; 976 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 977 last_reasons = ctx->current_reasons; 978 /* Try to retrieve relevant CRL */ 979 if (ctx->get_crl) 980 ok = ctx->get_crl(ctx, &crl, x); 981 else 982 ok = get_crl_delta(ctx, &crl, &dcrl, x); 983 /* If error looking up CRL, nothing we can do except 984 * notify callback 985 */ 986 if (!ok) { 987 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 988 ok = ctx->verify_cb(0, ctx); 989 goto err; 990 } 991 ctx->current_crl = crl; 992 ok = ctx->check_crl(ctx, crl); 993 if (!ok) 994 goto err; 995 996 if (dcrl) { 997 ok = ctx->check_crl(ctx, dcrl); 998 if (!ok) 999 goto err; 1000 ok = ctx->cert_crl(ctx, dcrl, x); 1001 if (!ok) 1002 goto err; 1003 } else 1004 ok = 1; 1005 1006 /* Don't look in full CRL if delta reason is removefromCRL */ 1007 if (ok != 2) { 1008 ok = ctx->cert_crl(ctx, crl, x); 1009 if (!ok) 1010 goto err; 1011 } 1012 1013 ctx->current_crl = NULL; 1014 X509_CRL_free(crl); 1015 X509_CRL_free(dcrl); 1016 crl = NULL; 1017 dcrl = NULL; 1018 /* If reasons not updated we wont get anywhere by 1019 * another iteration, so exit loop. 1020 */ 1021 if (last_reasons == ctx->current_reasons) { 1022 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 1023 ok = ctx->verify_cb(0, ctx); 1024 goto err; 1025 } 1026 } 1027 1028 err: 1029 ctx->current_crl = NULL; 1030 X509_CRL_free(crl); 1031 X509_CRL_free(dcrl); 1032 return ok; 1033 } 1034 1035 /* Check CRL times against values in X509_STORE_CTX */ 1036 1037 static int 1038 check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 1039 { 1040 time_t *ptime; 1041 int i; 1042 1043 if (notify) 1044 ctx->current_crl = crl; 1045 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1046 ptime = &ctx->param->check_time; 1047 else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1048 return (1); 1049 else 1050 ptime = NULL; 1051 1052 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 1053 if (i == 0) { 1054 if (!notify) 1055 return 0; 1056 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 1057 if (!ctx->verify_cb(0, ctx)) 1058 return 0; 1059 } 1060 1061 if (i > 0) { 1062 if (!notify) 1063 return 0; 1064 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 1065 if (!ctx->verify_cb(0, ctx)) 1066 return 0; 1067 } 1068 1069 if (X509_CRL_get_nextUpdate(crl)) { 1070 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 1071 1072 if (i == 0) { 1073 if (!notify) 1074 return 0; 1075 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 1076 if (!ctx->verify_cb(0, ctx)) 1077 return 0; 1078 } 1079 /* Ignore expiry of base CRL is delta is valid */ 1080 if ((i < 0) && 1081 !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 1082 if (!notify) 1083 return 0; 1084 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 1085 if (!ctx->verify_cb(0, ctx)) 1086 return 0; 1087 } 1088 } 1089 1090 if (notify) 1091 ctx->current_crl = NULL; 1092 1093 return 1; 1094 } 1095 1096 static int 1097 get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 1098 X509 **pissuer, int *pscore, unsigned int *preasons, 1099 STACK_OF(X509_CRL) *crls) 1100 { 1101 int i, crl_score, best_score = *pscore; 1102 unsigned int reasons, best_reasons = 0; 1103 X509 *x = ctx->current_cert; 1104 X509_CRL *crl, *best_crl = NULL; 1105 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 1106 1107 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1108 crl = sk_X509_CRL_value(crls, i); 1109 reasons = *preasons; 1110 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 1111 1112 if (crl_score > best_score) { 1113 best_crl = crl; 1114 best_crl_issuer = crl_issuer; 1115 best_score = crl_score; 1116 best_reasons = reasons; 1117 } 1118 } 1119 1120 if (best_crl) { 1121 if (*pcrl) 1122 X509_CRL_free(*pcrl); 1123 *pcrl = best_crl; 1124 *pissuer = best_crl_issuer; 1125 *pscore = best_score; 1126 *preasons = best_reasons; 1127 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); 1128 if (*pdcrl) { 1129 X509_CRL_free(*pdcrl); 1130 *pdcrl = NULL; 1131 } 1132 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1133 } 1134 1135 if (best_score >= CRL_SCORE_VALID) 1136 return 1; 1137 1138 return 0; 1139 } 1140 1141 /* Compare two CRL extensions for delta checking purposes. They should be 1142 * both present or both absent. If both present all fields must be identical. 1143 */ 1144 1145 static int 1146 crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1147 { 1148 ASN1_OCTET_STRING *exta, *extb; 1149 int i; 1150 1151 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1152 if (i >= 0) { 1153 /* Can't have multiple occurrences */ 1154 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1155 return 0; 1156 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1157 } else 1158 exta = NULL; 1159 1160 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1161 1162 if (i >= 0) { 1163 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1164 return 0; 1165 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1166 } else 1167 extb = NULL; 1168 1169 if (!exta && !extb) 1170 return 1; 1171 1172 if (!exta || !extb) 1173 return 0; 1174 1175 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1176 return 0; 1177 1178 return 1; 1179 } 1180 1181 /* See if a base and delta are compatible */ 1182 1183 static int 1184 check_delta_base(X509_CRL *delta, X509_CRL *base) 1185 { 1186 /* Delta CRL must be a delta */ 1187 if (!delta->base_crl_number) 1188 return 0; 1189 /* Base must have a CRL number */ 1190 if (!base->crl_number) 1191 return 0; 1192 /* Issuer names must match */ 1193 if (X509_NAME_cmp(X509_CRL_get_issuer(base), 1194 X509_CRL_get_issuer(delta))) 1195 return 0; 1196 /* AKID and IDP must match */ 1197 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1198 return 0; 1199 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1200 return 0; 1201 /* Delta CRL base number must not exceed Full CRL number. */ 1202 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1203 return 0; 1204 /* Delta CRL number must exceed full CRL number */ 1205 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1206 return 1; 1207 return 0; 1208 } 1209 1210 /* For a given base CRL find a delta... maybe extend to delta scoring 1211 * or retrieve a chain of deltas... 1212 */ 1213 1214 static void 1215 get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base, 1216 STACK_OF(X509_CRL) *crls) 1217 { 1218 X509_CRL *delta; 1219 int i; 1220 1221 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1222 return; 1223 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1224 return; 1225 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1226 delta = sk_X509_CRL_value(crls, i); 1227 if (check_delta_base(delta, base)) { 1228 if (check_crl_time(ctx, delta, 0)) 1229 *pscore |= CRL_SCORE_TIME_DELTA; 1230 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); 1231 *dcrl = delta; 1232 return; 1233 } 1234 } 1235 *dcrl = NULL; 1236 } 1237 1238 /* For a given CRL return how suitable it is for the supplied certificate 'x'. 1239 * The return value is a mask of several criteria. 1240 * If the issuer is not the certificate issuer this is returned in *pissuer. 1241 * The reasons mask is also used to determine if the CRL is suitable: if 1242 * no new reasons the CRL is rejected, otherwise reasons is updated. 1243 */ 1244 1245 static int 1246 get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, 1247 X509_CRL *crl, X509 *x) 1248 { 1249 int crl_score = 0; 1250 unsigned int tmp_reasons = *preasons, crl_reasons; 1251 1252 /* First see if we can reject CRL straight away */ 1253 1254 /* Invalid IDP cannot be processed */ 1255 if (crl->idp_flags & IDP_INVALID) 1256 return 0; 1257 /* Reason codes or indirect CRLs need extended CRL support */ 1258 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1259 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1260 return 0; 1261 } else if (crl->idp_flags & IDP_REASONS) { 1262 /* If no new reasons reject */ 1263 if (!(crl->idp_reasons & ~tmp_reasons)) 1264 return 0; 1265 } 1266 /* Don't process deltas at this stage */ 1267 else if (crl->base_crl_number) 1268 return 0; 1269 /* If issuer name doesn't match certificate need indirect CRL */ 1270 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1271 if (!(crl->idp_flags & IDP_INDIRECT)) 1272 return 0; 1273 } else 1274 crl_score |= CRL_SCORE_ISSUER_NAME; 1275 1276 if (!(crl->flags & EXFLAG_CRITICAL)) 1277 crl_score |= CRL_SCORE_NOCRITICAL; 1278 1279 /* Check expiry */ 1280 if (check_crl_time(ctx, crl, 0)) 1281 crl_score |= CRL_SCORE_TIME; 1282 1283 /* Check authority key ID and locate certificate issuer */ 1284 crl_akid_check(ctx, crl, pissuer, &crl_score); 1285 1286 /* If we can't locate certificate issuer at this point forget it */ 1287 1288 if (!(crl_score & CRL_SCORE_AKID)) 1289 return 0; 1290 1291 /* Check cert for matching CRL distribution points */ 1292 1293 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1294 /* If no new reasons reject */ 1295 if (!(crl_reasons & ~tmp_reasons)) 1296 return 0; 1297 tmp_reasons |= crl_reasons; 1298 crl_score |= CRL_SCORE_SCOPE; 1299 } 1300 1301 *preasons = tmp_reasons; 1302 1303 return crl_score; 1304 } 1305 1306 static void 1307 crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 1308 int *pcrl_score) 1309 { 1310 X509 *crl_issuer = NULL; 1311 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1312 int cidx = ctx->error_depth; 1313 int i; 1314 1315 if (cidx != sk_X509_num(ctx->chain) - 1) 1316 cidx++; 1317 1318 crl_issuer = sk_X509_value(ctx->chain, cidx); 1319 1320 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1321 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1322 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; 1323 *pissuer = crl_issuer; 1324 return; 1325 } 1326 } 1327 1328 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { 1329 crl_issuer = sk_X509_value(ctx->chain, cidx); 1330 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1331 continue; 1332 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1333 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; 1334 *pissuer = crl_issuer; 1335 return; 1336 } 1337 } 1338 1339 /* Anything else needs extended CRL support */ 1340 1341 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1342 return; 1343 1344 /* Otherwise the CRL issuer is not on the path. Look for it in the 1345 * set of untrusted certificates. 1346 */ 1347 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1348 crl_issuer = sk_X509_value(ctx->untrusted, i); 1349 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1350 continue; 1351 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1352 *pissuer = crl_issuer; 1353 *pcrl_score |= CRL_SCORE_AKID; 1354 return; 1355 } 1356 } 1357 } 1358 1359 /* Check the path of a CRL issuer certificate. This creates a new 1360 * X509_STORE_CTX and populates it with most of the parameters from the 1361 * parent. This could be optimised somewhat since a lot of path checking 1362 * will be duplicated by the parent, but this will rarely be used in 1363 * practice. 1364 */ 1365 1366 static int 1367 check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1368 { 1369 X509_STORE_CTX crl_ctx; 1370 int ret; 1371 1372 /* Don't allow recursive CRL path validation */ 1373 if (ctx->parent) 1374 return 0; 1375 if (!X509_STORE_CTX_init(&crl_ctx, ctx->store, x, ctx->untrusted)) { 1376 ret = -1; 1377 goto err; 1378 } 1379 1380 crl_ctx.crls = ctx->crls; 1381 /* Copy verify params across */ 1382 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1383 1384 crl_ctx.parent = ctx; 1385 crl_ctx.verify_cb = ctx->verify_cb; 1386 1387 /* Verify CRL issuer */ 1388 ret = X509_verify_cert(&crl_ctx); 1389 1390 if (ret <= 0) 1391 goto err; 1392 1393 /* Check chain is acceptable */ 1394 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1395 1396 err: 1397 X509_STORE_CTX_cleanup(&crl_ctx); 1398 return ret; 1399 } 1400 1401 /* RFC3280 says nothing about the relationship between CRL path 1402 * and certificate path, which could lead to situations where a 1403 * certificate could be revoked or validated by a CA not authorised 1404 * to do so. RFC5280 is more strict and states that the two paths must 1405 * end in the same trust anchor, though some discussions remain... 1406 * until this is resolved we use the RFC5280 version 1407 */ 1408 1409 static int 1410 check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 1411 STACK_OF(X509) *crl_path) 1412 { 1413 X509 *cert_ta, *crl_ta; 1414 1415 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1416 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1417 if (!X509_cmp(cert_ta, crl_ta)) 1418 return 1; 1419 return 0; 1420 } 1421 1422 /* Check for match between two dist point names: three separate cases. 1423 * 1. Both are relative names and compare X509_NAME types. 1424 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1425 * 3. Both are full names and compare two GENERAL_NAMES. 1426 * 4. One is NULL: automatic match. 1427 */ 1428 1429 static int 1430 idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1431 { 1432 X509_NAME *nm = NULL; 1433 GENERAL_NAMES *gens = NULL; 1434 GENERAL_NAME *gena, *genb; 1435 int i, j; 1436 1437 if (!a || !b) 1438 return 1; 1439 if (a->type == 1) { 1440 if (!a->dpname) 1441 return 0; 1442 /* Case 1: two X509_NAME */ 1443 if (b->type == 1) { 1444 if (!b->dpname) 1445 return 0; 1446 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1447 return 1; 1448 else 1449 return 0; 1450 } 1451 /* Case 2: set name and GENERAL_NAMES appropriately */ 1452 nm = a->dpname; 1453 gens = b->name.fullname; 1454 } else if (b->type == 1) { 1455 if (!b->dpname) 1456 return 0; 1457 /* Case 2: set name and GENERAL_NAMES appropriately */ 1458 gens = a->name.fullname; 1459 nm = b->dpname; 1460 } 1461 1462 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1463 if (nm) { 1464 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1465 gena = sk_GENERAL_NAME_value(gens, i); 1466 if (gena->type != GEN_DIRNAME) 1467 continue; 1468 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1469 return 1; 1470 } 1471 return 0; 1472 } 1473 1474 /* Else case 3: two GENERAL_NAMES */ 1475 1476 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1477 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1478 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1479 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1480 if (!GENERAL_NAME_cmp(gena, genb)) 1481 return 1; 1482 } 1483 } 1484 1485 return 0; 1486 } 1487 1488 static int 1489 crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1490 { 1491 int i; 1492 X509_NAME *nm = X509_CRL_get_issuer(crl); 1493 1494 /* If no CRLissuer return is successful iff don't need a match */ 1495 if (!dp->CRLissuer) 1496 return !!(crl_score & CRL_SCORE_ISSUER_NAME); 1497 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1498 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1499 if (gen->type != GEN_DIRNAME) 1500 continue; 1501 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1502 return 1; 1503 } 1504 return 0; 1505 } 1506 1507 /* Check CRLDP and IDP */ 1508 1509 static int 1510 crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons) 1511 { 1512 int i; 1513 1514 if (crl->idp_flags & IDP_ONLYATTR) 1515 return 0; 1516 if (x->ex_flags & EXFLAG_CA) { 1517 if (crl->idp_flags & IDP_ONLYUSER) 1518 return 0; 1519 } else { 1520 if (crl->idp_flags & IDP_ONLYCA) 1521 return 0; 1522 } 1523 *preasons = crl->idp_reasons; 1524 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1525 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1526 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1527 if (!crl->idp || 1528 idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1529 *preasons &= dp->dp_reasons; 1530 return 1; 1531 } 1532 } 1533 } 1534 if ((!crl->idp || !crl->idp->distpoint) && 1535 (crl_score & CRL_SCORE_ISSUER_NAME)) 1536 return 1; 1537 return 0; 1538 } 1539 1540 /* Retrieve CRL corresponding to current certificate. 1541 * If deltas enabled try to find a delta CRL too 1542 */ 1543 1544 static int 1545 get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1546 { 1547 int ok; 1548 X509 *issuer = NULL; 1549 int crl_score = 0; 1550 unsigned int reasons; 1551 X509_CRL *crl = NULL, *dcrl = NULL; 1552 STACK_OF(X509_CRL) *skcrl; 1553 X509_NAME *nm = X509_get_issuer_name(x); 1554 1555 reasons = ctx->current_reasons; 1556 ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, 1557 ctx->crls); 1558 if (ok) 1559 goto done; 1560 1561 /* Lookup CRLs from store */ 1562 skcrl = ctx->lookup_crls(ctx, nm); 1563 1564 /* If no CRLs found and a near match from get_crl_sk use that */ 1565 if (!skcrl && crl) 1566 goto done; 1567 1568 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1569 1570 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1571 1572 done: 1573 1574 /* If we got any kind of CRL use it and return success */ 1575 if (crl) { 1576 ctx->current_issuer = issuer; 1577 ctx->current_crl_score = crl_score; 1578 ctx->current_reasons = reasons; 1579 *pcrl = crl; 1580 *pdcrl = dcrl; 1581 return 1; 1582 } 1583 1584 return 0; 1585 } 1586 1587 /* Check CRL validity */ 1588 static int 1589 check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1590 { 1591 X509 *issuer = NULL; 1592 EVP_PKEY *ikey = NULL; 1593 int ok = 0, chnum, cnum; 1594 1595 cnum = ctx->error_depth; 1596 chnum = sk_X509_num(ctx->chain) - 1; 1597 /* if we have an alternative CRL issuer cert use that */ 1598 if (ctx->current_issuer) { 1599 issuer = ctx->current_issuer; 1600 } else if (cnum < chnum) { 1601 /* 1602 * Else find CRL issuer: if not last certificate then issuer 1603 * is next certificate in chain. 1604 */ 1605 issuer = sk_X509_value(ctx->chain, cnum + 1); 1606 } else { 1607 issuer = sk_X509_value(ctx->chain, chnum); 1608 /* If not self signed, can't check signature */ 1609 if (!ctx->check_issued(ctx, issuer, issuer)) { 1610 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1611 ok = ctx->verify_cb(0, ctx); 1612 if (!ok) 1613 goto err; 1614 } 1615 } 1616 1617 if (issuer) { 1618 /* Skip most tests for deltas because they have already 1619 * been done 1620 */ 1621 if (!crl->base_crl_number) { 1622 /* Check for cRLSign bit if keyUsage present */ 1623 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1624 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1625 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1626 ok = ctx->verify_cb(0, ctx); 1627 if (!ok) 1628 goto err; 1629 } 1630 1631 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1632 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1633 ok = ctx->verify_cb(0, ctx); 1634 if (!ok) 1635 goto err; 1636 } 1637 1638 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1639 if (check_crl_path(ctx, 1640 ctx->current_issuer) <= 0) { 1641 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1642 ok = ctx->verify_cb(0, ctx); 1643 if (!ok) 1644 goto err; 1645 } 1646 } 1647 1648 if (crl->idp_flags & IDP_INVALID) { 1649 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1650 ok = ctx->verify_cb(0, ctx); 1651 if (!ok) 1652 goto err; 1653 } 1654 1655 1656 } 1657 1658 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1659 ok = check_crl_time(ctx, crl, 1); 1660 if (!ok) 1661 goto err; 1662 } 1663 1664 /* Attempt to get issuer certificate public key */ 1665 ikey = X509_get_pubkey(issuer); 1666 1667 if (!ikey) { 1668 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1669 ok = ctx->verify_cb(0, ctx); 1670 if (!ok) 1671 goto err; 1672 } else { 1673 /* Verify CRL signature */ 1674 if (X509_CRL_verify(crl, ikey) <= 0) { 1675 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1676 ok = ctx->verify_cb(0, ctx); 1677 if (!ok) 1678 goto err; 1679 } 1680 } 1681 } 1682 1683 ok = 1; 1684 1685 err: 1686 EVP_PKEY_free(ikey); 1687 return ok; 1688 } 1689 1690 /* Check certificate against CRL */ 1691 static int 1692 cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1693 { 1694 int ok; 1695 X509_REVOKED *rev; 1696 1697 /* The rules changed for this... previously if a CRL contained 1698 * unhandled critical extensions it could still be used to indicate 1699 * a certificate was revoked. This has since been changed since 1700 * critical extension can change the meaning of CRL entries. 1701 */ 1702 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 1703 (crl->flags & EXFLAG_CRITICAL)) { 1704 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1705 ok = ctx->verify_cb(0, ctx); 1706 if (!ok) 1707 return 0; 1708 } 1709 /* Look for serial number of certificate in CRL 1710 * If found make sure reason is not removeFromCRL. 1711 */ 1712 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1713 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1714 return 2; 1715 ctx->error = X509_V_ERR_CERT_REVOKED; 1716 ok = ctx->verify_cb(0, ctx); 1717 if (!ok) 1718 return 0; 1719 } 1720 1721 return 1; 1722 } 1723 1724 int 1725 x509_vfy_check_policy(X509_STORE_CTX *ctx) 1726 { 1727 X509 *current_cert = NULL; 1728 int ret; 1729 1730 if (ctx->parent != NULL) 1731 return 1; 1732 1733 ret = X509_policy_check(ctx->chain, ctx->param->policies, 1734 ctx->param->flags, ¤t_cert); 1735 if (ret != X509_V_OK) { 1736 ctx->current_cert = current_cert; 1737 ctx->error = ret; 1738 if (ret == X509_V_ERR_OUT_OF_MEM) 1739 return 0; 1740 return ctx->verify_cb(0, ctx); 1741 } 1742 1743 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1744 ctx->current_cert = NULL; 1745 /* 1746 * Verification errors need to be "sticky", a callback may have 1747 * allowed an SSL handshake to continue despite an error, and 1748 * we must then remain in an error state. Therefore, we MUST 1749 * NOT clear earlier verification errors by setting the error 1750 * to X509_V_OK. 1751 */ 1752 if (!ctx->verify_cb(2, ctx)) 1753 return 0; 1754 } 1755 1756 return 1; 1757 } 1758 1759 static int 1760 check_policy(X509_STORE_CTX *ctx) 1761 { 1762 return x509_vfy_check_policy(ctx); 1763 } 1764 1765 /* 1766 * Inform the verify callback of an error. 1767 * 1768 * If x is not NULL it is the error cert, otherwise use the chain cert 1769 * at depth. 1770 * 1771 * If err is not X509_V_OK, that's the error value, otherwise leave 1772 * unchanged (presumably set by the caller). 1773 * 1774 * Returns 0 to abort verification with an error, non-zero to continue. 1775 */ 1776 static int 1777 verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) 1778 { 1779 ctx->error_depth = depth; 1780 ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); 1781 if (err != X509_V_OK) 1782 ctx->error = err; 1783 return ctx->verify_cb(0, ctx); 1784 } 1785 1786 1787 /* Mimic OpenSSL '0 for failure' ick */ 1788 static int 1789 time_t_bogocmp(time_t a, time_t b) 1790 { 1791 if (a == -1 || b == -1) 1792 return 0; 1793 if (a <= b) 1794 return -1; 1795 return 1; 1796 } 1797 1798 /* 1799 * Check certificate validity times. 1800 * 1801 * If depth >= 0, invoke verification callbacks on error, otherwise just return 1802 * the validation status. 1803 * 1804 * Return 1 on success, 0 otherwise. 1805 */ 1806 int 1807 x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) 1808 { 1809 time_t ptime; 1810 int i; 1811 1812 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1813 ptime = ctx->param->check_time; 1814 else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1815 return 1; 1816 else 1817 ptime = time(NULL); 1818 1819 if (x->ex_flags & EXFLAG_SET) 1820 i = time_t_bogocmp(x->not_before, ptime); 1821 else 1822 i = X509_cmp_time(X509_get_notBefore(x), &ptime); 1823 1824 if (i >= 0 && depth < 0) 1825 return 0; 1826 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1827 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) 1828 return 0; 1829 if (i > 0 && !verify_cb_cert(ctx, x, depth, 1830 X509_V_ERR_CERT_NOT_YET_VALID)) 1831 return 0; 1832 1833 if (x->ex_flags & EXFLAG_SET) 1834 i = time_t_bogocmp(x->not_after, ptime); 1835 else 1836 i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1); 1837 1838 if (i <= 0 && depth < 0) 1839 return 0; 1840 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1841 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) 1842 return 0; 1843 if (i < 0 && !verify_cb_cert(ctx, x, depth, 1844 X509_V_ERR_CERT_HAS_EXPIRED)) 1845 return 0; 1846 1847 return 1; 1848 } 1849 1850 static int 1851 x509_vfy_internal_verify(X509_STORE_CTX *ctx, int chain_verified) 1852 { 1853 int n = sk_X509_num(ctx->chain) - 1; 1854 X509 *xi = sk_X509_value(ctx->chain, n); 1855 X509 *xs; 1856 1857 if (ctx->check_issued(ctx, xi, xi)) 1858 xs = xi; 1859 else { 1860 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1861 xs = xi; 1862 goto check_cert; 1863 } 1864 if (n <= 0) 1865 return verify_cb_cert(ctx, xi, 0, 1866 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); 1867 n--; 1868 ctx->error_depth = n; 1869 xs = sk_X509_value(ctx->chain, n); 1870 } 1871 1872 /* 1873 * Do not clear ctx->error=0, it must be "sticky", only the 1874 * user's callback is allowed to reset errors (at its own 1875 * peril). 1876 */ 1877 while (n >= 0) { 1878 1879 /* 1880 * Skip signature check for self signed certificates 1881 * unless explicitly asked for. It doesn't add any 1882 * security and just wastes time. If the issuer's 1883 * public key is unusable, report the issuer 1884 * certificate and its depth (rather than the depth of 1885 * the subject). 1886 */ 1887 if (!chain_verified && ( xs != xi || 1888 (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { 1889 EVP_PKEY *pkey; 1890 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1891 if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, 1892 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) 1893 return 0; 1894 } else if (X509_verify(xs, pkey) <= 0) { 1895 if (!verify_cb_cert(ctx, xs, n, 1896 X509_V_ERR_CERT_SIGNATURE_FAILURE)) { 1897 EVP_PKEY_free(pkey); 1898 return 0; 1899 } 1900 } 1901 EVP_PKEY_free(pkey); 1902 } 1903 check_cert: 1904 /* Calls verify callback as needed */ 1905 if (!chain_verified && !x509_check_cert_time(ctx, xs, n)) 1906 return 0; 1907 1908 /* 1909 * Signal success at this depth. However, the 1910 * previous error (if any) is retained. 1911 */ 1912 ctx->current_issuer = xi; 1913 ctx->current_cert = xs; 1914 ctx->error_depth = n; 1915 if (!ctx->verify_cb(1, ctx)) 1916 return 0; 1917 1918 if (--n >= 0) { 1919 xi = xs; 1920 xs = sk_X509_value(ctx->chain, n); 1921 } 1922 } 1923 return 1; 1924 } 1925 1926 static int 1927 internal_verify(X509_STORE_CTX *ctx) 1928 { 1929 return x509_vfy_internal_verify(ctx, 0); 1930 } 1931 1932 /* 1933 * Internal verify, but with a chain where the verification 1934 * math has already been performed. 1935 */ 1936 int 1937 x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx) 1938 { 1939 return x509_vfy_internal_verify(ctx, 1); 1940 } 1941 1942 int 1943 X509_cmp_current_time(const ASN1_TIME *ctm) 1944 { 1945 return X509_cmp_time(ctm, NULL); 1946 } 1947 LCRYPTO_ALIAS(X509_cmp_current_time); 1948 1949 /* 1950 * Compare a possibly unvalidated ASN1_TIME string against a time_t 1951 * using RFC 5280 rules for the time string. If *cmp_time is NULL 1952 * the current system time is used. 1953 * 1954 * XXX NOTE that unlike what you expect a "cmp" function to do in C, 1955 * XXX this one is "special", and returns 0 for error. 1956 * 1957 * Returns: 1958 * -1 if the ASN1_time is earlier than OR the same as *cmp_time. 1959 * 1 if the ASN1_time is later than *cmp_time. 1960 * 0 on error. 1961 */ 1962 static int 1963 X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int is_notafter) 1964 { 1965 time_t compare, cert_time; 1966 1967 if (cmp_time == NULL) 1968 compare = time(NULL); 1969 else 1970 compare = *cmp_time; 1971 1972 if ((cert_time = x509_verify_asn1_time_to_time_t(ctm, is_notafter)) == 1973 -1) 1974 return 0; /* invalid time */ 1975 1976 if (cert_time <= compare) 1977 return -1; /* 0 is used for error, so map same to less than */ 1978 1979 return 1; 1980 } 1981 1982 int 1983 X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 1984 { 1985 return X509_cmp_time_internal(ctm, cmp_time, 0); 1986 } 1987 LCRYPTO_ALIAS(X509_cmp_time); 1988 1989 1990 ASN1_TIME * 1991 X509_gmtime_adj(ASN1_TIME *s, long adj) 1992 { 1993 return X509_time_adj(s, adj, NULL); 1994 } 1995 LCRYPTO_ALIAS(X509_gmtime_adj); 1996 1997 ASN1_TIME * 1998 X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time) 1999 { 2000 return X509_time_adj_ex(s, 0, offset_sec, in_time); 2001 } 2002 LCRYPTO_ALIAS(X509_time_adj); 2003 2004 ASN1_TIME * 2005 X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time) 2006 { 2007 time_t t; 2008 if (in_time == NULL) 2009 t = time(NULL); 2010 else 2011 t = *in_time; 2012 2013 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 2014 } 2015 LCRYPTO_ALIAS(X509_time_adj_ex); 2016 2017 int 2018 X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) 2019 { 2020 EVP_PKEY *ktmp = NULL, *ktmp2; 2021 int i, j; 2022 2023 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) 2024 return 1; 2025 2026 for (i = 0; i < sk_X509_num(chain); i++) { 2027 ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); 2028 if (ktmp == NULL) { 2029 X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 2030 return 0; 2031 } 2032 if (!EVP_PKEY_missing_parameters(ktmp)) 2033 break; 2034 else 2035 ktmp = NULL; 2036 } 2037 if (ktmp == NULL) { 2038 X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 2039 return 0; 2040 } 2041 2042 /* first, populate the other certs */ 2043 for (j = i - 1; j >= 0; j--) { 2044 if ((ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j))) == NULL) 2045 return 0; 2046 if (!EVP_PKEY_copy_parameters(ktmp2, ktmp)) 2047 return 0; 2048 } 2049 2050 if (pkey != NULL) 2051 if (!EVP_PKEY_copy_parameters(pkey, ktmp)) 2052 return 0; 2053 return 1; 2054 } 2055 LCRYPTO_ALIAS(X509_get_pubkey_parameters); 2056 2057 int 2058 X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2059 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 2060 { 2061 /* This function is (usually) called only once, by 2062 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ 2063 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, 2064 argl, argp, new_func, dup_func, free_func); 2065 } 2066 LCRYPTO_ALIAS(X509_STORE_CTX_get_ex_new_index); 2067 2068 int 2069 X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2070 { 2071 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2072 } 2073 LCRYPTO_ALIAS(X509_STORE_CTX_set_ex_data); 2074 2075 void * 2076 X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2077 { 2078 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2079 } 2080 LCRYPTO_ALIAS(X509_STORE_CTX_get_ex_data); 2081 2082 int 2083 X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2084 { 2085 return ctx->error; 2086 } 2087 LCRYPTO_ALIAS(X509_STORE_CTX_get_error); 2088 2089 void 2090 X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2091 { 2092 ctx->error = err; 2093 } 2094 LCRYPTO_ALIAS(X509_STORE_CTX_set_error); 2095 2096 int 2097 X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2098 { 2099 return ctx->error_depth; 2100 } 2101 LCRYPTO_ALIAS(X509_STORE_CTX_get_error_depth); 2102 2103 void 2104 X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) 2105 { 2106 ctx->error_depth = depth; 2107 } 2108 LCRYPTO_ALIAS(X509_STORE_CTX_set_error_depth); 2109 2110 X509 * 2111 X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2112 { 2113 return ctx->current_cert; 2114 } 2115 LCRYPTO_ALIAS(X509_STORE_CTX_get_current_cert); 2116 2117 void 2118 X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) 2119 { 2120 ctx->current_cert = x; 2121 } 2122 LCRYPTO_ALIAS(X509_STORE_CTX_set_current_cert); 2123 2124 STACK_OF(X509) * 2125 X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2126 { 2127 return ctx->chain; 2128 } 2129 LCRYPTO_ALIAS(X509_STORE_CTX_get_chain); 2130 2131 STACK_OF(X509) * 2132 X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs) 2133 { 2134 return xs->chain; 2135 } 2136 LCRYPTO_ALIAS(X509_STORE_CTX_get0_chain); 2137 2138 STACK_OF(X509) * 2139 X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2140 { 2141 int i; 2142 X509 *x; 2143 STACK_OF(X509) *chain; 2144 2145 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) 2146 return NULL; 2147 for (i = 0; i < sk_X509_num(chain); i++) { 2148 x = sk_X509_value(chain, i); 2149 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 2150 } 2151 return chain; 2152 } 2153 LCRYPTO_ALIAS(X509_STORE_CTX_get1_chain); 2154 2155 X509 * 2156 X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2157 { 2158 return ctx->current_issuer; 2159 } 2160 LCRYPTO_ALIAS(X509_STORE_CTX_get0_current_issuer); 2161 2162 X509_CRL * 2163 X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2164 { 2165 return ctx->current_crl; 2166 } 2167 LCRYPTO_ALIAS(X509_STORE_CTX_get0_current_crl); 2168 2169 X509_STORE_CTX * 2170 X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2171 { 2172 return ctx->parent; 2173 } 2174 LCRYPTO_ALIAS(X509_STORE_CTX_get0_parent_ctx); 2175 2176 X509_STORE * 2177 X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) 2178 { 2179 return xs->store; 2180 } 2181 LCRYPTO_ALIAS(X509_STORE_CTX_get0_store); 2182 2183 void 2184 X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2185 { 2186 ctx->cert = x; 2187 } 2188 LCRYPTO_ALIAS(X509_STORE_CTX_set_cert); 2189 2190 void 2191 X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2192 { 2193 ctx->untrusted = sk; 2194 } 2195 LCRYPTO_ALIAS(X509_STORE_CTX_set_chain); 2196 2197 void 2198 X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2199 { 2200 ctx->crls = sk; 2201 } 2202 LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls); 2203 2204 int 2205 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2206 { 2207 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2208 } 2209 LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); 2210 2211 int 2212 X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2213 { 2214 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2215 } 2216 LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); 2217 2218 /* This function is used to set the X509_STORE_CTX purpose and trust 2219 * values. This is intended to be used when another structure has its 2220 * own trust and purpose values which (if set) will be inherited by 2221 * the ctx. If they aren't set then we will usually have a default 2222 * purpose in mind which should then be used to set the trust value. 2223 * An example of this is SSL use: an SSL structure will have its own 2224 * purpose and trust settings which the application can set: if they 2225 * aren't set then we use the default of SSL client/server. 2226 */ 2227 2228 int 2229 X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2230 int purpose, int trust) 2231 { 2232 int idx; 2233 2234 /* If purpose not set use default */ 2235 if (!purpose) 2236 purpose = def_purpose; 2237 /* If we have a purpose then check it is valid */ 2238 if (purpose) { 2239 X509_PURPOSE *ptmp; 2240 idx = X509_PURPOSE_get_by_id(purpose); 2241 if (idx == -1) { 2242 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2243 return 0; 2244 } 2245 ptmp = X509_PURPOSE_get0(idx); 2246 if (ptmp->trust == X509_TRUST_DEFAULT) { 2247 idx = X509_PURPOSE_get_by_id(def_purpose); 2248 if (idx == -1) { 2249 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2250 return 0; 2251 } 2252 ptmp = X509_PURPOSE_get0(idx); 2253 } 2254 /* If trust not set then get from purpose default */ 2255 if (!trust) 2256 trust = ptmp->trust; 2257 } 2258 if (trust) { 2259 idx = X509_TRUST_get_by_id(trust); 2260 if (idx == -1) { 2261 X509error(X509_R_UNKNOWN_TRUST_ID); 2262 return 0; 2263 } 2264 } 2265 2266 if (purpose && !ctx->param->purpose) 2267 ctx->param->purpose = purpose; 2268 if (trust && !ctx->param->trust) 2269 ctx->param->trust = trust; 2270 return 1; 2271 } 2272 LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); 2273 2274 X509_STORE_CTX * 2275 X509_STORE_CTX_new(void) 2276 { 2277 X509_STORE_CTX *ctx; 2278 2279 ctx = calloc(1, sizeof(X509_STORE_CTX)); 2280 if (!ctx) { 2281 X509error(ERR_R_MALLOC_FAILURE); 2282 return NULL; 2283 } 2284 return ctx; 2285 } 2286 LCRYPTO_ALIAS(X509_STORE_CTX_new); 2287 2288 void 2289 X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2290 { 2291 if (ctx == NULL) 2292 return; 2293 2294 X509_STORE_CTX_cleanup(ctx); 2295 free(ctx); 2296 } 2297 LCRYPTO_ALIAS(X509_STORE_CTX_free); 2298 2299 int 2300 X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *leaf, 2301 STACK_OF(X509) *untrusted) 2302 { 2303 int param_ret = 1; 2304 2305 /* 2306 * Make sure everything is initialized properly even in case of an 2307 * early return due to an error. 2308 * 2309 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have 2310 * freed everything and memset ex_data anyway. This also allows us 2311 * to safely use X509_STORE_CTX variables from the stack which will 2312 * have uninitialized data. 2313 */ 2314 memset(ctx, 0, sizeof(*ctx)); 2315 2316 /* 2317 * Start with this set to not valid - it will be set to valid 2318 * in X509_verify_cert. 2319 */ 2320 ctx->error = X509_V_ERR_INVALID_CALL; 2321 2322 /* 2323 * Set values other than 0. Keep this in the same order as 2324 * X509_STORE_CTX except for values that may fail. All fields that 2325 * may fail should go last to make sure 'ctx' is as consistent as 2326 * possible even on early exits. 2327 */ 2328 ctx->store = store; 2329 ctx->cert = leaf; 2330 ctx->untrusted = untrusted; 2331 2332 if (store && store->verify) 2333 ctx->verify = store->verify; 2334 else 2335 ctx->verify = internal_verify; 2336 2337 if (store && store->verify_cb) 2338 ctx->verify_cb = store->verify_cb; 2339 else 2340 ctx->verify_cb = null_callback; 2341 2342 if (store && store->get_issuer) 2343 ctx->get_issuer = store->get_issuer; 2344 else 2345 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2346 2347 if (store && store->check_issued) 2348 ctx->check_issued = store->check_issued; 2349 else 2350 ctx->check_issued = check_issued; 2351 2352 if (store && store->check_revocation) 2353 ctx->check_revocation = store->check_revocation; 2354 else 2355 ctx->check_revocation = check_revocation; 2356 2357 if (store && store->get_crl) 2358 ctx->get_crl = store->get_crl; 2359 else 2360 ctx->get_crl = NULL; 2361 2362 if (store && store->check_crl) 2363 ctx->check_crl = store->check_crl; 2364 else 2365 ctx->check_crl = check_crl; 2366 2367 if (store && store->cert_crl) 2368 ctx->cert_crl = store->cert_crl; 2369 else 2370 ctx->cert_crl = cert_crl; 2371 2372 ctx->check_policy = check_policy; 2373 2374 if (store && store->lookup_certs) 2375 ctx->lookup_certs = store->lookup_certs; 2376 else 2377 ctx->lookup_certs = X509_STORE_CTX_get1_certs; 2378 2379 if (store && store->lookup_crls) 2380 ctx->lookup_crls = store->lookup_crls; 2381 else 2382 ctx->lookup_crls = X509_STORE_CTX_get1_crls; 2383 2384 if (store && store->cleanup) 2385 ctx->cleanup = store->cleanup; 2386 else 2387 ctx->cleanup = NULL; 2388 2389 ctx->param = X509_VERIFY_PARAM_new(); 2390 if (!ctx->param) { 2391 X509error(ERR_R_MALLOC_FAILURE); 2392 return 0; 2393 } 2394 2395 /* Inherit callbacks and flags from X509_STORE if not set 2396 * use defaults. 2397 */ 2398 if (store) 2399 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2400 else 2401 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; 2402 2403 if (param_ret) 2404 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, 2405 X509_VERIFY_PARAM_lookup("default")); 2406 2407 if (param_ret == 0) { 2408 X509error(ERR_R_MALLOC_FAILURE); 2409 return 0; 2410 } 2411 2412 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2413 &(ctx->ex_data)) == 0) { 2414 X509error(ERR_R_MALLOC_FAILURE); 2415 return 0; 2416 } 2417 return 1; 2418 } 2419 LCRYPTO_ALIAS(X509_STORE_CTX_init); 2420 2421 /* Set alternative lookup method: just a STACK of trusted certificates. 2422 * This avoids X509_STORE nastiness where it isn't needed. 2423 */ 2424 2425 void 2426 X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted) 2427 { 2428 X509_STORE_CTX_set0_trusted_stack(ctx, trusted); 2429 } 2430 LCRYPTO_ALIAS(X509_STORE_CTX_trusted_stack); 2431 2432 void 2433 X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted) 2434 { 2435 ctx->trusted = trusted; 2436 ctx->get_issuer = get_trusted_issuer; 2437 } 2438 LCRYPTO_ALIAS(X509_STORE_CTX_set0_trusted_stack); 2439 2440 void 2441 X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2442 { 2443 if (ctx->cleanup) 2444 ctx->cleanup(ctx); 2445 if (ctx->param != NULL) { 2446 if (ctx->parent == NULL) 2447 X509_VERIFY_PARAM_free(ctx->param); 2448 ctx->param = NULL; 2449 } 2450 if (ctx->chain != NULL) { 2451 sk_X509_pop_free(ctx->chain, X509_free); 2452 ctx->chain = NULL; 2453 } 2454 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, 2455 ctx, &(ctx->ex_data)); 2456 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2457 } 2458 LCRYPTO_ALIAS(X509_STORE_CTX_cleanup); 2459 2460 void 2461 X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2462 { 2463 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2464 } 2465 LCRYPTO_ALIAS(X509_STORE_CTX_set_depth); 2466 2467 void 2468 X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2469 { 2470 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2471 } 2472 LCRYPTO_ALIAS(X509_STORE_CTX_set_flags); 2473 2474 void 2475 X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) 2476 { 2477 X509_VERIFY_PARAM_set_time(ctx->param, t); 2478 } 2479 LCRYPTO_ALIAS(X509_STORE_CTX_set_time); 2480 2481 int 2482 (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *) 2483 { 2484 return ctx->verify_cb; 2485 } 2486 LCRYPTO_ALIAS(X509_STORE_CTX_get_verify_cb); 2487 2488 void 2489 X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2490 int (*verify_cb)(int, X509_STORE_CTX *)) 2491 { 2492 ctx->verify_cb = verify_cb; 2493 } 2494 LCRYPTO_ALIAS(X509_STORE_CTX_set_verify_cb); 2495 2496 int 2497 (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *) 2498 { 2499 return ctx->verify; 2500 } 2501 LCRYPTO_ALIAS(X509_STORE_CTX_get_verify); 2502 2503 void 2504 X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, int (*verify)(X509_STORE_CTX *)) 2505 { 2506 ctx->verify = verify; 2507 } 2508 LCRYPTO_ALIAS(X509_STORE_CTX_set_verify); 2509 2510 X509_STORE_CTX_check_issued_fn 2511 X509_STORE_get_check_issued(X509_STORE *store) 2512 { 2513 return store->check_issued; 2514 } 2515 LCRYPTO_ALIAS(X509_STORE_get_check_issued); 2516 2517 void 2518 X509_STORE_set_check_issued(X509_STORE *store, 2519 X509_STORE_CTX_check_issued_fn check_issued) 2520 { 2521 store->check_issued = check_issued; 2522 } 2523 LCRYPTO_ALIAS(X509_STORE_set_check_issued); 2524 2525 X509_STORE_CTX_check_issued_fn 2526 X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx) 2527 { 2528 return ctx->check_issued; 2529 } 2530 LCRYPTO_ALIAS(X509_STORE_CTX_get_check_issued); 2531 2532 X509 * 2533 X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) 2534 { 2535 return ctx->cert; 2536 } 2537 LCRYPTO_ALIAS(X509_STORE_CTX_get0_cert); 2538 2539 STACK_OF(X509) * 2540 X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) 2541 { 2542 return ctx->untrusted; 2543 } 2544 LCRYPTO_ALIAS(X509_STORE_CTX_get0_untrusted); 2545 2546 void 2547 X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2548 { 2549 ctx->untrusted = sk; 2550 } 2551 LCRYPTO_ALIAS(X509_STORE_CTX_set0_untrusted); 2552 2553 void 2554 X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2555 { 2556 sk_X509_pop_free(ctx->chain, X509_free); 2557 ctx->chain = sk; 2558 } 2559 LCRYPTO_ALIAS(X509_STORE_CTX_set0_verified_chain); 2560 2561 int 2562 X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) 2563 { 2564 return ctx->num_untrusted; 2565 } 2566 LCRYPTO_ALIAS(X509_STORE_CTX_get_num_untrusted); 2567 2568 int 2569 X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2570 { 2571 const X509_VERIFY_PARAM *param; 2572 param = X509_VERIFY_PARAM_lookup(name); 2573 if (!param) 2574 return 0; 2575 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2576 } 2577 LCRYPTO_ALIAS(X509_STORE_CTX_set_default); 2578 2579 X509_VERIFY_PARAM * 2580 X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2581 { 2582 return ctx->param; 2583 } 2584 LCRYPTO_ALIAS(X509_STORE_CTX_get0_param); 2585 2586 void 2587 X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2588 { 2589 if (ctx->param) 2590 X509_VERIFY_PARAM_free(ctx->param); 2591 ctx->param = param; 2592 } 2593 LCRYPTO_ALIAS(X509_STORE_CTX_set0_param); 2594 2595 /* 2596 * Check if |bits| are adequate for |security level|. 2597 * Returns 1 if ok, 0 otherwise. 2598 */ 2599 static int 2600 enough_bits_for_security_level(int bits, int level) 2601 { 2602 /* 2603 * Sigh. OpenSSL does this silly squashing, so we will 2604 * too. Derp for Derp compatibility being important. 2605 */ 2606 if (level < 0) 2607 level = 0; 2608 if (level > 5) 2609 level = 5; 2610 2611 switch (level) { 2612 case 0: 2613 return 1; 2614 case 1: 2615 return bits >= 80; 2616 case 2: 2617 return bits >= 112; 2618 case 3: 2619 return bits >= 128; 2620 case 4: 2621 return bits >= 192; 2622 case 5: 2623 return bits >= 256; 2624 default: 2625 return 0; 2626 } 2627 } 2628 2629 /* 2630 * Check whether the public key of |cert| meets the security level of |ctx|. 2631 * 2632 * Returns 1 on success, 0 otherwise. 2633 */ 2634 static int 2635 check_key_level(X509_STORE_CTX *ctx, X509 *cert) 2636 { 2637 EVP_PKEY *pkey; 2638 int bits; 2639 2640 /* Unsupported or malformed keys are not secure */ 2641 if ((pkey = X509_get0_pubkey(cert)) == NULL) 2642 return 0; 2643 2644 if ((bits = EVP_PKEY_security_bits(pkey)) <= 0) 2645 return 0; 2646 2647 return enough_bits_for_security_level(bits, ctx->param->security_level); 2648 } 2649 2650 /* 2651 * Check whether the signature digest algorithm of |cert| meets the security 2652 * level of |ctx|. Do not check trust anchors (self-signed or not). 2653 * 2654 * Returns 1 on success, 0 otherwise. 2655 */ 2656 static int 2657 check_sig_level(X509_STORE_CTX *ctx, X509 *cert) 2658 { 2659 const EVP_MD *md; 2660 int bits, nid, md_nid; 2661 2662 if ((nid = X509_get_signature_nid(cert)) == NID_undef) 2663 return 0; 2664 2665 /* 2666 * Look up signature algorithm digest. 2667 */ 2668 2669 if (!OBJ_find_sigid_algs(nid, &md_nid, NULL)) 2670 return 0; 2671 2672 if (md_nid == NID_undef) 2673 return 0; 2674 2675 if ((md = EVP_get_digestbynid(md_nid)) == NULL) 2676 return 0; 2677 2678 /* Assume 4 bits of collision resistance for each hash octet. */ 2679 bits = EVP_MD_size(md) * 4; 2680 2681 return enough_bits_for_security_level(bits, ctx->param->security_level); 2682 } 2683 2684 int 2685 x509_vfy_check_security_level(X509_STORE_CTX *ctx) 2686 { 2687 int num = sk_X509_num(ctx->chain); 2688 int i; 2689 2690 if (ctx->param->security_level <= 0) 2691 return 1; 2692 2693 for (i = 0; i < num; i++) { 2694 X509 *cert = sk_X509_value(ctx->chain, i); 2695 2696 /* 2697 * We've already checked the security of the leaf key, so here 2698 * we only check the security of issuer keys. 2699 */ 2700 if (i > 0) { 2701 if (!check_key_level(ctx, cert) && 2702 !verify_cb_cert(ctx, cert, i, 2703 X509_V_ERR_CA_KEY_TOO_SMALL)) 2704 return 0; 2705 } 2706 2707 /* 2708 * We also check the signature algorithm security of all certs 2709 * except those of the trust anchor at index num - 1. 2710 */ 2711 if (i == num - 1) 2712 break; 2713 2714 if (!check_sig_level(ctx, cert) && 2715 !verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK)) 2716 return 0; 2717 } 2718 return 1; 2719 } 2720