1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57#include <string.h> 58#include <time.h> 59 60#include <openssl/asn1.h> 61#include <openssl/buf.h> 62#include <openssl/err.h> 63#include <openssl/evp.h> 64#include <openssl/mem.h> 65#include <openssl/obj.h> 66#include <openssl/thread.h> 67#include <openssl/x509.h> 68#include <openssl/x509v3.h> 69 70#include "vpm_int.h" 71#include "../internal.h" 72 73static CRYPTO_EX_DATA_CLASS g_ex_data_class = 74 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; 75 76/* CRL score values */ 77 78/* No unhandled critical extensions */ 79 80#define CRL_SCORE_NOCRITICAL 0x100 81 82/* certificate is within CRL scope */ 83 84#define CRL_SCORE_SCOPE 0x080 85 86/* CRL times valid */ 87 88#define CRL_SCORE_TIME 0x040 89 90/* Issuer name matches certificate */ 91 92#define CRL_SCORE_ISSUER_NAME 0x020 93 94/* If this score or above CRL is probably valid */ 95 96#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 97 98/* CRL issuer is certificate issuer */ 99 100#define CRL_SCORE_ISSUER_CERT 0x018 101 102/* CRL issuer is on certificate path */ 103 104#define CRL_SCORE_SAME_PATH 0x008 105 106/* CRL issuer matches CRL AKID */ 107 108#define CRL_SCORE_AKID 0x004 109 110/* Have a delta CRL with valid times */ 111 112#define CRL_SCORE_TIME_DELTA 0x002 113 114static int null_callback(int ok, X509_STORE_CTX *e); 115static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 116static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); 117static int check_chain_extensions(X509_STORE_CTX *ctx); 118static int check_name_constraints(X509_STORE_CTX *ctx); 119static int check_id(X509_STORE_CTX *ctx); 120static int check_trust(X509_STORE_CTX *ctx); 121static int check_revocation(X509_STORE_CTX *ctx); 122static int check_cert(X509_STORE_CTX *ctx); 123static int check_policy(X509_STORE_CTX *ctx); 124 125static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 126 unsigned int *preasons, X509_CRL *crl, X509 *x); 127static int get_crl_delta(X509_STORE_CTX *ctx, 128 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 129static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, 130 int *pcrl_score, X509_CRL *base, 131 STACK_OF(X509_CRL) *crls); 132static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 133 int *pcrl_score); 134static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 135 unsigned int *preasons); 136static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 137static int check_crl_chain(X509_STORE_CTX *ctx, 138 STACK_OF(X509) *cert_path, 139 STACK_OF(X509) *crl_path); 140 141static int internal_verify(X509_STORE_CTX *ctx); 142 143static int null_callback(int ok, X509_STORE_CTX *e) 144{ 145 return ok; 146} 147 148/* Return 1 is a certificate is self signed */ 149static int cert_self_signed(X509 *x) 150{ 151 X509_check_purpose(x, -1, 0); 152 if (x->ex_flags & EXFLAG_SS) 153 return 1; 154 else 155 return 0; 156} 157 158/* Given a certificate try and find an exact match in the store */ 159 160static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 161{ 162 STACK_OF(X509) *certs; 163 X509 *xtmp = NULL; 164 size_t i; 165 /* Lookup all certs with matching subject name */ 166 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 167 if (certs == NULL) 168 return NULL; 169 /* Look for exact match */ 170 for (i = 0; i < sk_X509_num(certs); i++) { 171 xtmp = sk_X509_value(certs, i); 172 if (!X509_cmp(xtmp, x)) 173 break; 174 } 175 if (i < sk_X509_num(certs)) 176 X509_up_ref(xtmp); 177 else 178 xtmp = NULL; 179 sk_X509_pop_free(certs, X509_free); 180 return xtmp; 181} 182 183int X509_verify_cert(X509_STORE_CTX *ctx) 184{ 185 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 186 int bad_chain = 0; 187 X509_VERIFY_PARAM *param = ctx->param; 188 int depth, i, ok = 0; 189 int num, j, retry, trust; 190 int (*cb) (int xok, X509_STORE_CTX *xctx); 191 STACK_OF(X509) *sktmp = NULL; 192 if (ctx->cert == NULL) { 193 OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 194 ctx->error = X509_V_ERR_INVALID_CALL; 195 return -1; 196 } 197 if (ctx->chain != NULL) { 198 /* 199 * This X509_STORE_CTX has already been used to verify a cert. We 200 * cannot do another one. 201 */ 202 OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 203 ctx->error = X509_V_ERR_INVALID_CALL; 204 return -1; 205 } 206 207 cb = ctx->verify_cb; 208 209 /* 210 * first we make sure the chain we are going to build is present and that 211 * the first entry is in place 212 */ 213 ctx->chain = sk_X509_new_null(); 214 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { 215 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 216 ctx->error = X509_V_ERR_OUT_OF_MEM; 217 goto end; 218 } 219 X509_up_ref(ctx->cert); 220 ctx->last_untrusted = 1; 221 222 /* We use a temporary STACK so we can chop and hack at it. 223 * sktmp = ctx->untrusted ++ ctx->ctx->additional_untrusted */ 224 if (ctx->untrusted != NULL 225 && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 226 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 227 ctx->error = X509_V_ERR_OUT_OF_MEM; 228 goto end; 229 } 230 231 if (ctx->ctx->additional_untrusted != NULL) { 232 if (sktmp == NULL) { 233 sktmp = sk_X509_new_null(); 234 if (sktmp == NULL) { 235 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 236 ctx->error = X509_V_ERR_OUT_OF_MEM; 237 goto end; 238 } 239 } 240 241 for (size_t k = 0; k < sk_X509_num(ctx->ctx->additional_untrusted); 242 k++) { 243 if (!sk_X509_push(sktmp, 244 sk_X509_value(ctx->ctx->additional_untrusted, 245 k))) { 246 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 247 ctx->error = X509_V_ERR_OUT_OF_MEM; 248 goto end; 249 } 250 } 251 } 252 253 num = sk_X509_num(ctx->chain); 254 x = sk_X509_value(ctx->chain, num - 1); 255 depth = param->depth; 256 257 for (;;) { 258 /* If we have enough, we break */ 259 if (depth < num) 260 break; /* FIXME: If this happens, we should take 261 * note of it and, if appropriate, use the 262 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 263 * later. */ 264 265 /* If we are self signed, we break */ 266 if (cert_self_signed(x)) 267 break; 268 /* 269 * If asked see if we can find issuer in trusted store first 270 */ 271 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 272 ok = ctx->get_issuer(&xtmp, ctx, x); 273 if (ok < 0) { 274 ctx->error = X509_V_ERR_STORE_LOOKUP; 275 goto end; 276 } 277 /* 278 * If successful for now free up cert so it will be picked up 279 * again later. 280 */ 281 if (ok > 0) { 282 X509_free(xtmp); 283 break; 284 } 285 } 286 287 /* If we were passed a cert chain, use it first */ 288 if (sktmp != NULL) { 289 xtmp = find_issuer(ctx, sktmp, x); 290 if (xtmp != NULL) { 291 if (!sk_X509_push(ctx->chain, xtmp)) { 292 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 293 ctx->error = X509_V_ERR_OUT_OF_MEM; 294 ok = 0; 295 goto end; 296 } 297 X509_up_ref(xtmp); 298 (void)sk_X509_delete_ptr(sktmp, xtmp); 299 ctx->last_untrusted++; 300 x = xtmp; 301 num++; 302 /* 303 * reparse the full chain for the next one 304 */ 305 continue; 306 } 307 } 308 break; 309 } 310 311 /* Remember how many untrusted certs we have */ 312 j = num; 313 /* 314 * at this point, chain should contain a list of untrusted certificates. 315 * We now need to add at least one trusted one, if possible, otherwise we 316 * complain. 317 */ 318 319 do { 320 /* 321 * Examine last certificate in chain and see if it is self signed. 322 */ 323 i = sk_X509_num(ctx->chain); 324 x = sk_X509_value(ctx->chain, i - 1); 325 if (cert_self_signed(x)) { 326 /* we have a self signed certificate */ 327 if (sk_X509_num(ctx->chain) == 1) { 328 /* 329 * We have a single self signed certificate: see if we can 330 * find it in the store. We must have an exact match to avoid 331 * possible impersonation. 332 */ 333 ok = ctx->get_issuer(&xtmp, ctx, x); 334 if ((ok <= 0) || X509_cmp(x, xtmp)) { 335 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 336 ctx->current_cert = x; 337 ctx->error_depth = i - 1; 338 if (ok == 1) 339 X509_free(xtmp); 340 bad_chain = 1; 341 ok = cb(0, ctx); 342 if (!ok) 343 goto end; 344 } else { 345 /* 346 * We have a match: replace certificate with store 347 * version so we get any trust settings. 348 */ 349 X509_free(x); 350 x = xtmp; 351 (void)sk_X509_set(ctx->chain, i - 1, x); 352 ctx->last_untrusted = 0; 353 } 354 } else { 355 /* 356 * extract and save self signed certificate for later use 357 */ 358 chain_ss = sk_X509_pop(ctx->chain); 359 ctx->last_untrusted--; 360 num--; 361 j--; 362 x = sk_X509_value(ctx->chain, num - 1); 363 } 364 } 365 /* We now lookup certs from the certificate store */ 366 for (;;) { 367 /* If we have enough, we break */ 368 if (depth < num) 369 break; 370 /* If we are self signed, we break */ 371 if (cert_self_signed(x)) 372 break; 373 ok = ctx->get_issuer(&xtmp, ctx, x); 374 375 if (ok < 0) { 376 ctx->error = X509_V_ERR_STORE_LOOKUP; 377 goto end; 378 } 379 if (ok == 0) 380 break; 381 x = xtmp; 382 if (!sk_X509_push(ctx->chain, x)) { 383 X509_free(xtmp); 384 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 385 ctx->error = X509_V_ERR_OUT_OF_MEM; 386 ok = 0; 387 goto end; 388 } 389 num++; 390 } 391 392 /* we now have our chain, lets check it... */ 393 trust = check_trust(ctx); 394 395 /* If explicitly rejected error */ 396 if (trust == X509_TRUST_REJECTED) { 397 ok = 0; 398 goto end; 399 } 400 /* 401 * If it's not explicitly trusted then check if there is an alternative 402 * chain that could be used. We only do this if we haven't already 403 * checked via TRUSTED_FIRST and the user hasn't switched off alternate 404 * chain checking 405 */ 406 retry = 0; 407 if (trust != X509_TRUST_TRUSTED 408 && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) 409 && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 410 while (j-- > 1) { 411 xtmp2 = sk_X509_value(ctx->chain, j - 1); 412 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 413 if (ok < 0) 414 goto end; 415 /* Check if we found an alternate chain */ 416 if (ok > 0) { 417 /* 418 * Free up the found cert we'll add it again later 419 */ 420 X509_free(xtmp); 421 422 /* 423 * Dump all the certs above this point - we've found an 424 * alternate chain 425 */ 426 while (num > j) { 427 xtmp = sk_X509_pop(ctx->chain); 428 X509_free(xtmp); 429 num--; 430 } 431 ctx->last_untrusted = sk_X509_num(ctx->chain); 432 retry = 1; 433 break; 434 } 435 } 436 } 437 } while (retry); 438 439 /* 440 * If not explicitly trusted then indicate error unless it's a single 441 * self signed certificate in which case we've indicated an error already 442 * and set bad_chain == 1 443 */ 444 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 445 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 446 if (ctx->last_untrusted >= num) 447 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 448 else 449 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 450 ctx->current_cert = x; 451 } else { 452 453 sk_X509_push(ctx->chain, chain_ss); 454 num++; 455 ctx->last_untrusted = num; 456 ctx->current_cert = chain_ss; 457 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 458 chain_ss = NULL; 459 } 460 461 ctx->error_depth = num - 1; 462 bad_chain = 1; 463 ok = cb(0, ctx); 464 if (!ok) 465 goto end; 466 } 467 468 /* We have the chain complete: now we need to check its purpose */ 469 ok = check_chain_extensions(ctx); 470 471 if (!ok) 472 goto end; 473 474 ok = check_id(ctx); 475 476 if (!ok) 477 goto end; 478 479 /* 480 * Check revocation status: we do this after copying parameters because 481 * they may be needed for CRL signature verification. 482 */ 483 484 ok = ctx->check_revocation(ctx); 485 if (!ok) 486 goto end; 487 488 int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, 489 ctx->param->flags); 490 if (err != X509_V_OK) { 491 ctx->error = err; 492 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); 493 ok = cb(0, ctx); 494 if (!ok) 495 goto end; 496 } 497 498 /* At this point, we have a chain and need to verify it */ 499 if (ctx->verify != NULL) 500 ok = ctx->verify(ctx); 501 else 502 ok = internal_verify(ctx); 503 if (!ok) 504 goto end; 505 506 /* Check name constraints */ 507 508 ok = check_name_constraints(ctx); 509 if (!ok) 510 goto end; 511 512 /* If we get this far evaluate policies */ 513 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 514 ok = ctx->check_policy(ctx); 515 516 end: 517 if (sktmp != NULL) 518 sk_X509_free(sktmp); 519 if (chain_ss != NULL) 520 X509_free(chain_ss); 521 522 /* Safety net, error returns must set ctx->error */ 523 if (ok <= 0 && ctx->error == X509_V_OK) 524 ctx->error = X509_V_ERR_UNSPECIFIED; 525 return ok; 526} 527 528/* 529 * Given a STACK_OF(X509) find the issuer of cert (if any) 530 */ 531 532static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) 533{ 534 size_t i; 535 X509 *issuer; 536 for (i = 0; i < sk_X509_num(sk); i++) { 537 issuer = sk_X509_value(sk, i); 538 if (ctx->check_issued(ctx, x, issuer)) 539 return issuer; 540 } 541 return NULL; 542} 543 544/* Given a possible certificate and issuer check them */ 545 546static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 547{ 548 int ret; 549 ret = X509_check_issued(issuer, x); 550 if (ret == X509_V_OK) 551 return 1; 552 /* If we haven't asked for issuer errors don't set ctx */ 553 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 554 return 0; 555 556 ctx->error = ret; 557 ctx->current_cert = x; 558 ctx->current_issuer = issuer; 559 return ctx->verify_cb(0, ctx); 560} 561 562/* Alternative lookup method: look from a STACK stored in other_ctx */ 563 564static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 565{ 566 *issuer = find_issuer(ctx, ctx->other_ctx, x); 567 if (*issuer) { 568 X509_up_ref(*issuer); 569 return 1; 570 } else 571 return 0; 572} 573 574/* 575 * Check a certificate chains extensions for consistency with the supplied 576 * purpose 577 */ 578 579static int check_chain_extensions(X509_STORE_CTX *ctx) 580{ 581 int i, ok = 0, must_be_ca, plen = 0; 582 X509 *x; 583 int (*cb) (int xok, X509_STORE_CTX *xctx); 584 int proxy_path_length = 0; 585 int purpose; 586 int allow_proxy_certs; 587 cb = ctx->verify_cb; 588 589 /* 590 * must_be_ca can have 1 of 3 values: -1: we accept both CA and non-CA 591 * certificates, to allow direct use of self-signed certificates (which 592 * are marked as CA). 0: we only accept non-CA certificates. This is 593 * currently not used, but the possibility is present for future 594 * extensions. 1: we only accept CA certificates. This is currently used 595 * for all certificates in the chain except the leaf certificate. 596 */ 597 must_be_ca = -1; 598 599 /* CRL path validation */ 600 if (ctx->parent) { 601 allow_proxy_certs = 0; 602 purpose = X509_PURPOSE_CRL_SIGN; 603 } else { 604 allow_proxy_certs = 605 ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 606 purpose = ctx->param->purpose; 607 } 608 609 /* Check all untrusted certificates */ 610 for (i = 0; i < ctx->last_untrusted; i++) { 611 int ret; 612 x = sk_X509_value(ctx->chain, i); 613 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 614 && (x->ex_flags & EXFLAG_CRITICAL)) { 615 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 616 ctx->error_depth = i; 617 ctx->current_cert = x; 618 ok = cb(0, ctx); 619 if (!ok) 620 goto end; 621 } 622 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { 623 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 624 ctx->error_depth = i; 625 ctx->current_cert = x; 626 ok = cb(0, ctx); 627 if (!ok) 628 goto end; 629 } 630 ret = X509_check_ca(x); 631 switch (must_be_ca) { 632 case -1: 633 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 634 && (ret != 1) && (ret != 0)) { 635 ret = 0; 636 ctx->error = X509_V_ERR_INVALID_CA; 637 } else 638 ret = 1; 639 break; 640 case 0: 641 if (ret != 0) { 642 ret = 0; 643 ctx->error = X509_V_ERR_INVALID_NON_CA; 644 } else 645 ret = 1; 646 break; 647 default: 648 if ((ret == 0) 649 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 650 && (ret != 1))) { 651 ret = 0; 652 ctx->error = X509_V_ERR_INVALID_CA; 653 } else 654 ret = 1; 655 break; 656 } 657 if (ret == 0) { 658 ctx->error_depth = i; 659 ctx->current_cert = x; 660 ok = cb(0, ctx); 661 if (!ok) 662 goto end; 663 } 664 if (ctx->param->purpose > 0) { 665 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 666 if ((ret == 0) 667 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 668 && (ret != 1))) { 669 ctx->error = X509_V_ERR_INVALID_PURPOSE; 670 ctx->error_depth = i; 671 ctx->current_cert = x; 672 ok = cb(0, ctx); 673 if (!ok) 674 goto end; 675 } 676 } 677 /* Check pathlen if not self issued */ 678 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) 679 && (x->ex_pathlen != -1) 680 && (plen > (x->ex_pathlen + proxy_path_length + 1))) { 681 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 682 ctx->error_depth = i; 683 ctx->current_cert = x; 684 ok = cb(0, ctx); 685 if (!ok) 686 goto end; 687 } 688 /* Increment path length if not self issued */ 689 if (!(x->ex_flags & EXFLAG_SI)) 690 plen++; 691 /* 692 * If this certificate is a proxy certificate, the next certificate 693 * must be another proxy certificate or a EE certificate. If not, 694 * the next certificate must be a CA certificate. 695 */ 696 if (x->ex_flags & EXFLAG_PROXY) { 697 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { 698 ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 699 ctx->error_depth = i; 700 ctx->current_cert = x; 701 ok = cb(0, ctx); 702 if (!ok) 703 goto end; 704 } 705 proxy_path_length++; 706 must_be_ca = 0; 707 } else 708 must_be_ca = 1; 709 } 710 ok = 1; 711 end: 712 return ok; 713} 714 715static int check_name_constraints(X509_STORE_CTX *ctx) 716{ 717 X509 *x; 718 int i, j, rv; 719 /* Check name constraints for all certificates */ 720 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { 721 x = sk_X509_value(ctx->chain, i); 722 /* Ignore self issued certs unless last in chain */ 723 if (i && (x->ex_flags & EXFLAG_SI)) 724 continue; 725 /* 726 * Check against constraints for all certificates higher in chain 727 * including trust anchor. Trust anchor not strictly speaking needed 728 * but if it includes constraints it is to be assumed it expects them 729 * to be obeyed. 730 */ 731 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { 732 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; 733 if (nc) { 734 rv = NAME_CONSTRAINTS_check(x, nc); 735 switch (rv) { 736 case X509_V_OK: 737 continue; 738 case X509_V_ERR_OUT_OF_MEM: 739 ctx->error = rv; 740 return 0; 741 default: 742 ctx->error = rv; 743 ctx->error_depth = i; 744 ctx->current_cert = x; 745 if (!ctx->verify_cb(0, ctx)) 746 return 0; 747 break; 748 } 749 } 750 } 751 } 752 return 1; 753} 754 755static int check_id_error(X509_STORE_CTX *ctx, int errcode) 756{ 757 ctx->error = errcode; 758 ctx->current_cert = ctx->cert; 759 ctx->error_depth = 0; 760 return ctx->verify_cb(0, ctx); 761} 762 763static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 764{ 765 size_t i; 766 size_t n = sk_OPENSSL_STRING_num(id->hosts); 767 char *name; 768 769 if (id->peername != NULL) { 770 OPENSSL_free(id->peername); 771 id->peername = NULL; 772 } 773 for (i = 0; i < n; ++i) { 774 name = sk_OPENSSL_STRING_value(id->hosts, i); 775 if (X509_check_host(x, name, strlen(name), id->hostflags, 776 &id->peername) > 0) 777 return 1; 778 } 779 return n == 0; 780} 781 782static int check_id(X509_STORE_CTX *ctx) 783{ 784 X509_VERIFY_PARAM *vpm = ctx->param; 785 X509_VERIFY_PARAM_ID *id = vpm->id; 786 X509 *x = ctx->cert; 787 if (id->hosts && check_hosts(x, id) <= 0) { 788 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 789 return 0; 790 } 791 if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) { 792 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 793 return 0; 794 } 795 if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { 796 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 797 return 0; 798 } 799 return 1; 800} 801 802static int check_trust(X509_STORE_CTX *ctx) 803{ 804 size_t i; 805 int ok; 806 X509 *x = NULL; 807 int (*cb) (int xok, X509_STORE_CTX *xctx); 808 cb = ctx->verify_cb; 809 /* Check all trusted certificates in chain */ 810 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { 811 x = sk_X509_value(ctx->chain, i); 812 ok = X509_check_trust(x, ctx->param->trust, 0); 813 /* If explicitly trusted return trusted */ 814 if (ok == X509_TRUST_TRUSTED) 815 return X509_TRUST_TRUSTED; 816 /* 817 * If explicitly rejected notify callback and reject if not 818 * overridden. 819 */ 820 if (ok == X509_TRUST_REJECTED) { 821 ctx->error_depth = i; 822 ctx->current_cert = x; 823 ctx->error = X509_V_ERR_CERT_REJECTED; 824 ok = cb(0, ctx); 825 if (!ok) 826 return X509_TRUST_REJECTED; 827 } 828 } 829 /* 830 * If we accept partial chains and have at least one trusted certificate 831 * return success. 832 */ 833 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 834 X509 *mx; 835 if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) 836 return X509_TRUST_TRUSTED; 837 x = sk_X509_value(ctx->chain, 0); 838 mx = lookup_cert_match(ctx, x); 839 if (mx) { 840 (void)sk_X509_set(ctx->chain, 0, mx); 841 X509_free(x); 842 ctx->last_untrusted = 0; 843 return X509_TRUST_TRUSTED; 844 } 845 } 846 847 /* 848 * If no trusted certs in chain at all return untrusted and allow 849 * standard (no issuer cert) etc errors to be indicated. 850 */ 851 return X509_TRUST_UNTRUSTED; 852} 853 854static int check_revocation(X509_STORE_CTX *ctx) 855{ 856 int i, last, ok; 857 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 858 return 1; 859 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 860 last = sk_X509_num(ctx->chain) - 1; 861 else { 862 /* If checking CRL paths this isn't the EE certificate */ 863 if (ctx->parent) 864 return 1; 865 last = 0; 866 } 867 for (i = 0; i <= last; i++) { 868 ctx->error_depth = i; 869 ok = check_cert(ctx); 870 if (!ok) 871 return ok; 872 } 873 return 1; 874} 875 876static int check_cert(X509_STORE_CTX *ctx) 877{ 878 X509_CRL *crl = NULL, *dcrl = NULL; 879 X509 *x; 880 int ok = 0, cnum; 881 unsigned int last_reasons; 882 cnum = ctx->error_depth; 883 x = sk_X509_value(ctx->chain, cnum); 884 ctx->current_cert = x; 885 ctx->current_issuer = NULL; 886 ctx->current_crl_score = 0; 887 ctx->current_reasons = 0; 888 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 889 last_reasons = ctx->current_reasons; 890 /* Try to retrieve relevant CRL */ 891 if (ctx->get_crl) 892 ok = ctx->get_crl(ctx, &crl, x); 893 else 894 ok = get_crl_delta(ctx, &crl, &dcrl, x); 895 /* 896 * If error looking up CRL, nothing we can do except notify callback 897 */ 898 if (!ok) { 899 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 900 ok = ctx->verify_cb(0, ctx); 901 goto err; 902 } 903 ctx->current_crl = crl; 904 ok = ctx->check_crl(ctx, crl); 905 if (!ok) 906 goto err; 907 908 if (dcrl) { 909 ok = ctx->check_crl(ctx, dcrl); 910 if (!ok) 911 goto err; 912 ok = ctx->cert_crl(ctx, dcrl, x); 913 if (!ok) 914 goto err; 915 } else 916 ok = 1; 917 918 /* Don't look in full CRL if delta reason is removefromCRL */ 919 if (ok != 2) { 920 ok = ctx->cert_crl(ctx, crl, x); 921 if (!ok) 922 goto err; 923 } 924 925 X509_CRL_free(crl); 926 X509_CRL_free(dcrl); 927 crl = NULL; 928 dcrl = NULL; 929 /* 930 * If reasons not updated we wont get anywhere by another iteration, 931 * so exit loop. 932 */ 933 if (last_reasons == ctx->current_reasons) { 934 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 935 ok = ctx->verify_cb(0, ctx); 936 goto err; 937 } 938 } 939 err: 940 X509_CRL_free(crl); 941 X509_CRL_free(dcrl); 942 943 ctx->current_crl = NULL; 944 return ok; 945 946} 947 948/* Check CRL times against values in X509_STORE_CTX */ 949 950static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 951{ 952 time_t *ptime; 953 int i; 954 if (notify) 955 ctx->current_crl = crl; 956 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 957 ptime = &ctx->param->check_time; 958 else 959 ptime = NULL; 960 961 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 962 if (i == 0) { 963 if (!notify) 964 return 0; 965 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 966 if (!ctx->verify_cb(0, ctx)) 967 return 0; 968 } 969 970 if (i > 0) { 971 if (!notify) 972 return 0; 973 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 974 if (!ctx->verify_cb(0, ctx)) 975 return 0; 976 } 977 978 if (X509_CRL_get_nextUpdate(crl)) { 979 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 980 981 if (i == 0) { 982 if (!notify) 983 return 0; 984 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 985 if (!ctx->verify_cb(0, ctx)) 986 return 0; 987 } 988 /* Ignore expiry of base CRL is delta is valid */ 989 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 990 if (!notify) 991 return 0; 992 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 993 if (!ctx->verify_cb(0, ctx)) 994 return 0; 995 } 996 } 997 998 if (notify) 999 ctx->current_crl = NULL; 1000 1001 return 1; 1002} 1003 1004static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 1005 X509 **pissuer, int *pscore, unsigned int *preasons, 1006 STACK_OF(X509_CRL) *crls) 1007{ 1008 int crl_score, best_score = *pscore; 1009 size_t i; 1010 unsigned int reasons, best_reasons = 0; 1011 X509 *x = ctx->current_cert; 1012 X509_CRL *crl, *best_crl = NULL; 1013 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 1014 1015 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1016 crl = sk_X509_CRL_value(crls, i); 1017 reasons = *preasons; 1018 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 1019 if (crl_score < best_score || crl_score == 0) 1020 continue; 1021 /* If current CRL is equivalent use it if it is newer */ 1022 if (crl_score == best_score && best_crl != NULL) { 1023 int day, sec; 1024 if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), 1025 X509_CRL_get_lastUpdate(crl)) == 0) 1026 continue; 1027 /* 1028 * ASN1_TIME_diff never returns inconsistent signs for |day| 1029 * and |sec|. 1030 */ 1031 if (day <= 0 && sec <= 0) 1032 continue; 1033 } 1034 best_crl = crl; 1035 best_crl_issuer = crl_issuer; 1036 best_score = crl_score; 1037 best_reasons = reasons; 1038 } 1039 1040 if (best_crl) { 1041 if (*pcrl) 1042 X509_CRL_free(*pcrl); 1043 *pcrl = best_crl; 1044 *pissuer = best_crl_issuer; 1045 *pscore = best_score; 1046 *preasons = best_reasons; 1047 X509_CRL_up_ref(best_crl); 1048 if (*pdcrl) { 1049 X509_CRL_free(*pdcrl); 1050 *pdcrl = NULL; 1051 } 1052 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1053 } 1054 1055 if (best_score >= CRL_SCORE_VALID) 1056 return 1; 1057 1058 return 0; 1059} 1060 1061/* 1062 * Compare two CRL extensions for delta checking purposes. They should be 1063 * both present or both absent. If both present all fields must be identical. 1064 */ 1065 1066static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1067{ 1068 ASN1_OCTET_STRING *exta, *extb; 1069 int i; 1070 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1071 if (i >= 0) { 1072 /* Can't have multiple occurrences */ 1073 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1074 return 0; 1075 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1076 } else 1077 exta = NULL; 1078 1079 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1080 1081 if (i >= 0) { 1082 1083 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1084 return 0; 1085 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1086 } else 1087 extb = NULL; 1088 1089 if (!exta && !extb) 1090 return 1; 1091 1092 if (!exta || !extb) 1093 return 0; 1094 1095 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1096 return 0; 1097 1098 return 1; 1099} 1100 1101/* See if a base and delta are compatible */ 1102 1103static int check_delta_base(X509_CRL *delta, X509_CRL *base) 1104{ 1105 /* Delta CRL must be a delta */ 1106 if (!delta->base_crl_number) 1107 return 0; 1108 /* Base must have a CRL number */ 1109 if (!base->crl_number) 1110 return 0; 1111 /* Issuer names must match */ 1112 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) 1113 return 0; 1114 /* AKID and IDP must match */ 1115 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1116 return 0; 1117 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1118 return 0; 1119 /* Delta CRL base number must not exceed Full CRL number. */ 1120 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1121 return 0; 1122 /* Delta CRL number must exceed full CRL number */ 1123 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1124 return 1; 1125 return 0; 1126} 1127 1128/* 1129 * For a given base CRL find a delta... maybe extend to delta scoring or 1130 * retrieve a chain of deltas... 1131 */ 1132 1133static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, 1134 X509_CRL *base, STACK_OF(X509_CRL) *crls) 1135{ 1136 X509_CRL *delta; 1137 size_t i; 1138 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1139 return; 1140 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1141 return; 1142 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1143 delta = sk_X509_CRL_value(crls, i); 1144 if (check_delta_base(delta, base)) { 1145 if (check_crl_time(ctx, delta, 0)) 1146 *pscore |= CRL_SCORE_TIME_DELTA; 1147 X509_CRL_up_ref(delta); 1148 *dcrl = delta; 1149 return; 1150 } 1151 } 1152 *dcrl = NULL; 1153} 1154 1155/* 1156 * For a given CRL return how suitable it is for the supplied certificate 1157 * 'x'. The return value is a mask of several criteria. If the issuer is not 1158 * the certificate issuer this is returned in *pissuer. The reasons mask is 1159 * also used to determine if the CRL is suitable: if no new reasons the CRL 1160 * is rejected, otherwise reasons is updated. 1161 */ 1162 1163static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 1164 unsigned int *preasons, X509_CRL *crl, X509 *x) 1165{ 1166 1167 int crl_score = 0; 1168 unsigned int tmp_reasons = *preasons, crl_reasons; 1169 1170 /* First see if we can reject CRL straight away */ 1171 1172 /* Invalid IDP cannot be processed */ 1173 if (crl->idp_flags & IDP_INVALID) 1174 return 0; 1175 /* Reason codes or indirect CRLs need extended CRL support */ 1176 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1177 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1178 return 0; 1179 } else if (crl->idp_flags & IDP_REASONS) { 1180 /* If no new reasons reject */ 1181 if (!(crl->idp_reasons & ~tmp_reasons)) 1182 return 0; 1183 } 1184 /* Don't process deltas at this stage */ 1185 else if (crl->base_crl_number) 1186 return 0; 1187 /* If issuer name doesn't match certificate need indirect CRL */ 1188 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1189 if (!(crl->idp_flags & IDP_INDIRECT)) 1190 return 0; 1191 } else 1192 crl_score |= CRL_SCORE_ISSUER_NAME; 1193 1194 if (!(crl->flags & EXFLAG_CRITICAL)) 1195 crl_score |= CRL_SCORE_NOCRITICAL; 1196 1197 /* Check expiry */ 1198 if (check_crl_time(ctx, crl, 0)) 1199 crl_score |= CRL_SCORE_TIME; 1200 1201 /* Check authority key ID and locate certificate issuer */ 1202 crl_akid_check(ctx, crl, pissuer, &crl_score); 1203 1204 /* If we can't locate certificate issuer at this point forget it */ 1205 1206 if (!(crl_score & CRL_SCORE_AKID)) 1207 return 0; 1208 1209 /* Check cert for matching CRL distribution points */ 1210 1211 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1212 /* If no new reasons reject */ 1213 if (!(crl_reasons & ~tmp_reasons)) 1214 return 0; 1215 tmp_reasons |= crl_reasons; 1216 crl_score |= CRL_SCORE_SCOPE; 1217 } 1218 1219 *preasons = tmp_reasons; 1220 1221 return crl_score; 1222 1223} 1224 1225static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, 1226 X509 **pissuer, int *pcrl_score) 1227{ 1228 X509 *crl_issuer = NULL; 1229 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1230 int cidx = ctx->error_depth; 1231 size_t i; 1232 1233 if ((size_t)cidx != sk_X509_num(ctx->chain) - 1) 1234 cidx++; 1235 1236 crl_issuer = sk_X509_value(ctx->chain, cidx); 1237 1238 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1239 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1240 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT; 1241 *pissuer = crl_issuer; 1242 return; 1243 } 1244 } 1245 1246 for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) { 1247 crl_issuer = sk_X509_value(ctx->chain, cidx); 1248 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1249 continue; 1250 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1251 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH; 1252 *pissuer = crl_issuer; 1253 return; 1254 } 1255 } 1256 1257 /* Anything else needs extended CRL support */ 1258 1259 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1260 return; 1261 1262 /* 1263 * Otherwise the CRL issuer is not on the path. Look for it in the set of 1264 * untrusted certificates. 1265 */ 1266 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1267 crl_issuer = sk_X509_value(ctx->untrusted, i); 1268 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1269 continue; 1270 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1271 *pissuer = crl_issuer; 1272 *pcrl_score |= CRL_SCORE_AKID; 1273 return; 1274 } 1275 } 1276 1277 for (i = 0; i < sk_X509_num(ctx->ctx->additional_untrusted); i++) { 1278 crl_issuer = sk_X509_value(ctx->ctx->additional_untrusted, i); 1279 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1280 continue; 1281 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1282 *pissuer = crl_issuer; 1283 *pcrl_score |= CRL_SCORE_AKID; 1284 return; 1285 } 1286 } 1287} 1288 1289/* 1290 * Check the path of a CRL issuer certificate. This creates a new 1291 * X509_STORE_CTX and populates it with most of the parameters from the 1292 * parent. This could be optimised somewhat since a lot of path checking will 1293 * be duplicated by the parent, but this will rarely be used in practice. 1294 */ 1295 1296static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1297{ 1298 X509_STORE_CTX crl_ctx; 1299 int ret; 1300 /* Don't allow recursive CRL path validation */ 1301 if (ctx->parent) 1302 return 0; 1303 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) 1304 return -1; 1305 1306 crl_ctx.crls = ctx->crls; 1307 /* Copy verify params across */ 1308 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1309 1310 crl_ctx.parent = ctx; 1311 crl_ctx.verify_cb = ctx->verify_cb; 1312 1313 /* Verify CRL issuer */ 1314 ret = X509_verify_cert(&crl_ctx); 1315 1316 if (ret <= 0) 1317 goto err; 1318 1319 /* Check chain is acceptable */ 1320 1321 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1322 err: 1323 X509_STORE_CTX_cleanup(&crl_ctx); 1324 return ret; 1325} 1326 1327/* 1328 * RFC3280 says nothing about the relationship between CRL path and 1329 * certificate path, which could lead to situations where a certificate could 1330 * be revoked or validated by a CA not authorised to do so. RFC5280 is more 1331 * strict and states that the two paths must end in the same trust anchor, 1332 * though some discussions remain... until this is resolved we use the 1333 * RFC5280 version 1334 */ 1335 1336static int check_crl_chain(X509_STORE_CTX *ctx, 1337 STACK_OF(X509) *cert_path, 1338 STACK_OF(X509) *crl_path) 1339{ 1340 X509 *cert_ta, *crl_ta; 1341 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1342 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1343 if (!X509_cmp(cert_ta, crl_ta)) 1344 return 1; 1345 return 0; 1346} 1347 1348/* 1349 * Check for match between two dist point names: three separate cases. 1. 1350 * Both are relative names and compare X509_NAME types. 2. One full, one 1351 * relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and 1352 * compare two GENERAL_NAMES. 4. One is NULL: automatic match. 1353 */ 1354 1355static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1356{ 1357 X509_NAME *nm = NULL; 1358 GENERAL_NAMES *gens = NULL; 1359 GENERAL_NAME *gena, *genb; 1360 size_t i, j; 1361 if (!a || !b) 1362 return 1; 1363 if (a->type == 1) { 1364 if (!a->dpname) 1365 return 0; 1366 /* Case 1: two X509_NAME */ 1367 if (b->type == 1) { 1368 if (!b->dpname) 1369 return 0; 1370 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1371 return 1; 1372 else 1373 return 0; 1374 } 1375 /* Case 2: set name and GENERAL_NAMES appropriately */ 1376 nm = a->dpname; 1377 gens = b->name.fullname; 1378 } else if (b->type == 1) { 1379 if (!b->dpname) 1380 return 0; 1381 /* Case 2: set name and GENERAL_NAMES appropriately */ 1382 gens = a->name.fullname; 1383 nm = b->dpname; 1384 } 1385 1386 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1387 if (nm) { 1388 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1389 gena = sk_GENERAL_NAME_value(gens, i); 1390 if (gena->type != GEN_DIRNAME) 1391 continue; 1392 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1393 return 1; 1394 } 1395 return 0; 1396 } 1397 1398 /* Else case 3: two GENERAL_NAMES */ 1399 1400 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1401 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1402 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1403 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1404 if (!GENERAL_NAME_cmp(gena, genb)) 1405 return 1; 1406 } 1407 } 1408 1409 return 0; 1410 1411} 1412 1413static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1414{ 1415 size_t i; 1416 X509_NAME *nm = X509_CRL_get_issuer(crl); 1417 /* If no CRLissuer return is successful iff don't need a match */ 1418 if (!dp->CRLissuer) 1419 return ! !(crl_score & CRL_SCORE_ISSUER_NAME); 1420 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1421 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1422 if (gen->type != GEN_DIRNAME) 1423 continue; 1424 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1425 return 1; 1426 } 1427 return 0; 1428} 1429 1430/* Check CRLDP and IDP */ 1431 1432static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 1433 unsigned int *preasons) 1434{ 1435 size_t i; 1436 if (crl->idp_flags & IDP_ONLYATTR) 1437 return 0; 1438 if (x->ex_flags & EXFLAG_CA) { 1439 if (crl->idp_flags & IDP_ONLYUSER) 1440 return 0; 1441 } else { 1442 if (crl->idp_flags & IDP_ONLYCA) 1443 return 0; 1444 } 1445 *preasons = crl->idp_reasons; 1446 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1447 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1448 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1449 if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1450 *preasons &= dp->dp_reasons; 1451 return 1; 1452 } 1453 } 1454 } 1455 if ((!crl->idp || !crl->idp->distpoint) 1456 && (crl_score & CRL_SCORE_ISSUER_NAME)) 1457 return 1; 1458 return 0; 1459} 1460 1461/* 1462 * Retrieve CRL corresponding to current certificate. If deltas enabled try 1463 * to find a delta CRL too 1464 */ 1465 1466static int get_crl_delta(X509_STORE_CTX *ctx, 1467 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1468{ 1469 int ok; 1470 X509 *issuer = NULL; 1471 int crl_score = 0; 1472 unsigned int reasons; 1473 X509_CRL *crl = NULL, *dcrl = NULL; 1474 STACK_OF(X509_CRL) *skcrl; 1475 X509_NAME *nm = X509_get_issuer_name(x); 1476 reasons = ctx->current_reasons; 1477 ok = get_crl_sk(ctx, &crl, &dcrl, 1478 &issuer, &crl_score, &reasons, ctx->crls); 1479 1480 if (ok) 1481 goto done; 1482 1483 /* Lookup CRLs from store */ 1484 1485 skcrl = ctx->lookup_crls(ctx, nm); 1486 1487 /* If no CRLs found and a near match from get_crl_sk use that */ 1488 if (!skcrl && crl) 1489 goto done; 1490 1491 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1492 1493 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1494 1495 done: 1496 1497 /* If we got any kind of CRL use it and return success */ 1498 if (crl) { 1499 ctx->current_issuer = issuer; 1500 ctx->current_crl_score = crl_score; 1501 ctx->current_reasons = reasons; 1502 *pcrl = crl; 1503 *pdcrl = dcrl; 1504 return 1; 1505 } 1506 1507 return 0; 1508} 1509 1510/* Check CRL validity */ 1511static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1512{ 1513 X509 *issuer = NULL; 1514 EVP_PKEY *ikey = NULL; 1515 int ok = 0, chnum, cnum; 1516 cnum = ctx->error_depth; 1517 chnum = sk_X509_num(ctx->chain) - 1; 1518 /* if we have an alternative CRL issuer cert use that */ 1519 if (ctx->current_issuer) 1520 issuer = ctx->current_issuer; 1521 1522 /* 1523 * Else find CRL issuer: if not last certificate then issuer is next 1524 * certificate in chain. 1525 */ 1526 else if (cnum < chnum) 1527 issuer = sk_X509_value(ctx->chain, cnum + 1); 1528 else { 1529 issuer = sk_X509_value(ctx->chain, chnum); 1530 /* If not self signed, can't check signature */ 1531 if (!ctx->check_issued(ctx, issuer, issuer)) { 1532 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1533 ok = ctx->verify_cb(0, ctx); 1534 if (!ok) 1535 goto err; 1536 } 1537 } 1538 1539 if (issuer) { 1540 /* 1541 * Skip most tests for deltas because they have already been done 1542 */ 1543 if (!crl->base_crl_number) { 1544 /* Check for cRLSign bit if keyUsage present */ 1545 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1546 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1547 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1548 ok = ctx->verify_cb(0, ctx); 1549 if (!ok) 1550 goto err; 1551 } 1552 1553 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1554 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1555 ok = ctx->verify_cb(0, ctx); 1556 if (!ok) 1557 goto err; 1558 } 1559 1560 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1561 if (check_crl_path(ctx, ctx->current_issuer) <= 0) { 1562 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1563 ok = ctx->verify_cb(0, ctx); 1564 if (!ok) 1565 goto err; 1566 } 1567 } 1568 1569 if (crl->idp_flags & IDP_INVALID) { 1570 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1571 ok = ctx->verify_cb(0, ctx); 1572 if (!ok) 1573 goto err; 1574 } 1575 1576 } 1577 1578 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1579 ok = check_crl_time(ctx, crl, 1); 1580 if (!ok) 1581 goto err; 1582 } 1583 1584 /* Attempt to get issuer certificate public key */ 1585 ikey = X509_get_pubkey(issuer); 1586 1587 if (!ikey) { 1588 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1589 ok = ctx->verify_cb(0, ctx); 1590 if (!ok) 1591 goto err; 1592 } else { 1593 int rv; 1594 rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); 1595 if (rv != X509_V_OK) { 1596 ctx->error = rv; 1597 ok = ctx->verify_cb(0, ctx); 1598 if (!ok) 1599 goto err; 1600 } 1601 /* Verify CRL signature */ 1602 if (X509_CRL_verify(crl, ikey) <= 0) { 1603 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1604 ok = ctx->verify_cb(0, ctx); 1605 if (!ok) 1606 goto err; 1607 } 1608 } 1609 } 1610 1611 ok = 1; 1612 1613 err: 1614 EVP_PKEY_free(ikey); 1615 return ok; 1616} 1617 1618/* Check certificate against CRL */ 1619static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1620{ 1621 int ok; 1622 X509_REVOKED *rev; 1623 /* 1624 * The rules changed for this... previously if a CRL contained unhandled 1625 * critical extensions it could still be used to indicate a certificate 1626 * was revoked. This has since been changed since critical extension can 1627 * change the meaning of CRL entries. 1628 */ 1629 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 1630 && (crl->flags & EXFLAG_CRITICAL)) { 1631 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1632 ok = ctx->verify_cb(0, ctx); 1633 if (!ok) 1634 return 0; 1635 } 1636 /* 1637 * Look for serial number of certificate in CRL If found make sure reason 1638 * is not removeFromCRL. 1639 */ 1640 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1641 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1642 return 2; 1643 ctx->error = X509_V_ERR_CERT_REVOKED; 1644 ok = ctx->verify_cb(0, ctx); 1645 if (!ok) 1646 return 0; 1647 } 1648 1649 return 1; 1650} 1651 1652static int check_policy(X509_STORE_CTX *ctx) 1653{ 1654 int ret; 1655 if (ctx->parent) 1656 return 1; 1657 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1658 ctx->param->policies, ctx->param->flags); 1659 if (ret == 0) { 1660 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 1661 ctx->error = X509_V_ERR_OUT_OF_MEM; 1662 return 0; 1663 } 1664 /* Invalid or inconsistent extensions */ 1665 if (ret == -1) { 1666 /* 1667 * Locate certificates with bad extensions and notify callback. 1668 */ 1669 X509 *x; 1670 size_t i; 1671 for (i = 1; i < sk_X509_num(ctx->chain); i++) { 1672 x = sk_X509_value(ctx->chain, i); 1673 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1674 continue; 1675 ctx->current_cert = x; 1676 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1677 if (!ctx->verify_cb(0, ctx)) 1678 return 0; 1679 } 1680 return 1; 1681 } 1682 if (ret == -2) { 1683 ctx->current_cert = NULL; 1684 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1685 return ctx->verify_cb(0, ctx); 1686 } 1687 1688 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1689 ctx->current_cert = NULL; 1690 /* 1691 * Verification errors need to be "sticky", a callback may have allowed 1692 * an SSL handshake to continue despite an error, and we must then 1693 * remain in an error state. Therefore, we MUST NOT clear earlier 1694 * verification errors by setting the error to X509_V_OK. 1695 */ 1696 if (!ctx->verify_cb(2, ctx)) 1697 return 0; 1698 } 1699 1700 return 1; 1701} 1702 1703static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) 1704{ 1705 time_t *ptime; 1706 int i; 1707 1708 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1709 ptime = &ctx->param->check_time; 1710 else 1711 ptime = NULL; 1712 1713 i = X509_cmp_time(X509_get_notBefore(x), ptime); 1714 if (i == 0) { 1715 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; 1716 ctx->current_cert = x; 1717 if (!ctx->verify_cb(0, ctx)) 1718 return 0; 1719 } 1720 1721 if (i > 0) { 1722 ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; 1723 ctx->current_cert = x; 1724 if (!ctx->verify_cb(0, ctx)) 1725 return 0; 1726 } 1727 1728 i = X509_cmp_time(X509_get_notAfter(x), ptime); 1729 if (i == 0) { 1730 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; 1731 ctx->current_cert = x; 1732 if (!ctx->verify_cb(0, ctx)) 1733 return 0; 1734 } 1735 1736 if (i < 0) { 1737 ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; 1738 ctx->current_cert = x; 1739 if (!ctx->verify_cb(0, ctx)) 1740 return 0; 1741 } 1742 1743 return 1; 1744} 1745 1746static int internal_verify(X509_STORE_CTX *ctx) 1747{ 1748 int ok = 0, n; 1749 X509 *xs, *xi; 1750 EVP_PKEY *pkey = NULL; 1751 int (*cb) (int xok, X509_STORE_CTX *xctx); 1752 1753 cb = ctx->verify_cb; 1754 1755 n = sk_X509_num(ctx->chain); 1756 ctx->error_depth = n - 1; 1757 n--; 1758 xi = sk_X509_value(ctx->chain, n); 1759 1760 if (ctx->check_issued(ctx, xi, xi)) 1761 xs = xi; 1762 else { 1763 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1764 xs = xi; 1765 goto check_cert; 1766 } 1767 if (n <= 0) { 1768 ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; 1769 ctx->current_cert = xi; 1770 ok = cb(0, ctx); 1771 goto end; 1772 } else { 1773 n--; 1774 ctx->error_depth = n; 1775 xs = sk_X509_value(ctx->chain, n); 1776 } 1777 } 1778 1779/* ctx->error=0; not needed */ 1780 while (n >= 0) { 1781 ctx->error_depth = n; 1782 1783 /* 1784 * Skip signature check for self signed certificates unless 1785 * explicitly asked for. It doesn't add any security and just wastes 1786 * time. 1787 */ 1788 if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { 1789 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1790 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1791 ctx->current_cert = xi; 1792 ok = (*cb) (0, ctx); 1793 if (!ok) 1794 goto end; 1795 } else if (X509_verify(xs, pkey) <= 0) { 1796 ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; 1797 ctx->current_cert = xs; 1798 ok = (*cb) (0, ctx); 1799 if (!ok) { 1800 EVP_PKEY_free(pkey); 1801 goto end; 1802 } 1803 } 1804 EVP_PKEY_free(pkey); 1805 pkey = NULL; 1806 } 1807 1808 check_cert: 1809 ok = check_cert_time(ctx, xs); 1810 if (!ok) 1811 goto end; 1812 1813 /* The last error (if any) is still in the error value */ 1814 ctx->current_issuer = xi; 1815 ctx->current_cert = xs; 1816 ok = (*cb) (1, ctx); 1817 if (!ok) 1818 goto end; 1819 1820 n--; 1821 if (n >= 0) { 1822 xi = xs; 1823 xs = sk_X509_value(ctx->chain, n); 1824 } 1825 } 1826 ok = 1; 1827 end: 1828 return ok; 1829} 1830 1831int X509_cmp_current_time(const ASN1_TIME *ctm) 1832{ 1833 return X509_cmp_time(ctm, NULL); 1834} 1835 1836int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 1837{ 1838 char *str; 1839 ASN1_TIME atm; 1840 long offset; 1841 char buff1[24], buff2[24], *p; 1842 int i, j, remaining; 1843 1844 p = buff1; 1845 remaining = ctm->length; 1846 str = (char *)ctm->data; 1847 /* 1848 * Note that the following (historical) code allows much more slack in 1849 * the time format than RFC5280. In RFC5280, the representation is fixed: 1850 * UTCTime: YYMMDDHHMMSSZ GeneralizedTime: YYYYMMDDHHMMSSZ 1851 */ 1852 if (ctm->type == V_ASN1_UTCTIME) { 1853 /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ 1854 int min_length = sizeof("YYMMDDHHMMZ") - 1; 1855 int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; 1856 if (remaining < min_length || remaining > max_length) 1857 return 0; 1858 OPENSSL_memcpy(p, str, 10); 1859 p += 10; 1860 str += 10; 1861 remaining -= 10; 1862 } else { 1863 /* 1864 * YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm 1865 */ 1866 int min_length = sizeof("YYYYMMDDHHMMZ") - 1; 1867 int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; 1868 if (remaining < min_length || remaining > max_length) 1869 return 0; 1870 OPENSSL_memcpy(p, str, 12); 1871 p += 12; 1872 str += 12; 1873 remaining -= 12; 1874 } 1875 1876 if ((*str == 'Z') || (*str == '-') || (*str == '+')) { 1877 *(p++) = '0'; 1878 *(p++) = '0'; 1879 } else { 1880 /* SS (seconds) */ 1881 if (remaining < 2) 1882 return 0; 1883 *(p++) = *(str++); 1884 *(p++) = *(str++); 1885 remaining -= 2; 1886 /* 1887 * Skip any (up to three) fractional seconds... TODO(emilia): in 1888 * RFC5280, fractional seconds are forbidden. Can we just kill them 1889 * altogether? 1890 */ 1891 if (remaining && *str == '.') { 1892 str++; 1893 remaining--; 1894 for (i = 0; i < 3 && remaining; i++, str++, remaining--) { 1895 if (*str < '0' || *str > '9') 1896 break; 1897 } 1898 } 1899 1900 } 1901 *(p++) = 'Z'; 1902 *(p++) = '\0'; 1903 1904 /* We now need either a terminating 'Z' or an offset. */ 1905 if (!remaining) 1906 return 0; 1907 if (*str == 'Z') { 1908 if (remaining != 1) 1909 return 0; 1910 offset = 0; 1911 } else { 1912 /* (+-)HHMM */ 1913 if ((*str != '+') && (*str != '-')) 1914 return 0; 1915 /* 1916 * Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. 1917 */ 1918 if (remaining != 5) 1919 return 0; 1920 if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || 1921 str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') 1922 return 0; 1923 offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; 1924 offset += (str[3] - '0') * 10 + (str[4] - '0'); 1925 if (*str == '-') 1926 offset = -offset; 1927 } 1928 atm.type = ctm->type; 1929 atm.flags = 0; 1930 atm.length = sizeof(buff2); 1931 atm.data = (unsigned char *)buff2; 1932 1933 if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) 1934 return 0; 1935 1936 if (ctm->type == V_ASN1_UTCTIME) { 1937 i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); 1938 if (i < 50) 1939 i += 100; /* cf. RFC 2459 */ 1940 j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); 1941 if (j < 50) 1942 j += 100; 1943 1944 if (i < j) 1945 return -1; 1946 if (i > j) 1947 return 1; 1948 } 1949 i = strcmp(buff1, buff2); 1950 if (i == 0) /* wait a second then return younger :-) */ 1951 return -1; 1952 else 1953 return i; 1954} 1955 1956ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) 1957{ 1958 return X509_time_adj(s, adj, NULL); 1959} 1960 1961ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) 1962{ 1963 return X509_time_adj_ex(s, 0, offset_sec, in_tm); 1964} 1965 1966ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, 1967 int offset_day, long offset_sec, time_t *in_tm) 1968{ 1969 time_t t = 0; 1970 1971 if (in_tm) 1972 t = *in_tm; 1973 else 1974 time(&t); 1975 1976 if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) { 1977 if (s->type == V_ASN1_UTCTIME) 1978 return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); 1979 if (s->type == V_ASN1_GENERALIZEDTIME) 1980 return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); 1981 } 1982 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 1983} 1984 1985/* Make a delta CRL as the diff between two full CRLs */ 1986 1987X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, 1988 EVP_PKEY *skey, const EVP_MD *md, unsigned int flags) 1989{ 1990 X509_CRL *crl = NULL; 1991 int i; 1992 size_t j; 1993 STACK_OF(X509_REVOKED) *revs = NULL; 1994 /* CRLs can't be delta already */ 1995 if (base->base_crl_number || newer->base_crl_number) { 1996 OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA); 1997 return NULL; 1998 } 1999 /* Base and new CRL must have a CRL number */ 2000 if (!base->crl_number || !newer->crl_number) { 2001 OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER); 2002 return NULL; 2003 } 2004 /* Issuer names must match */ 2005 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) { 2006 OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH); 2007 return NULL; 2008 } 2009 /* AKID and IDP must match */ 2010 if (!crl_extension_match(base, newer, NID_authority_key_identifier)) { 2011 OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH); 2012 return NULL; 2013 } 2014 if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) { 2015 OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH); 2016 return NULL; 2017 } 2018 /* Newer CRL number must exceed full CRL number */ 2019 if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) { 2020 OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER); 2021 return NULL; 2022 } 2023 /* CRLs must verify */ 2024 if (skey && (X509_CRL_verify(base, skey) <= 0 || 2025 X509_CRL_verify(newer, skey) <= 0)) { 2026 OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE); 2027 return NULL; 2028 } 2029 /* Create new CRL */ 2030 crl = X509_CRL_new(); 2031 if (!crl || !X509_CRL_set_version(crl, 1)) 2032 goto memerr; 2033 /* Set issuer name */ 2034 if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) 2035 goto memerr; 2036 2037 if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) 2038 goto memerr; 2039 if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) 2040 goto memerr; 2041 2042 /* Set base CRL number: must be critical */ 2043 2044 if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) 2045 goto memerr; 2046 2047 /* 2048 * Copy extensions across from newest CRL to delta: this will set CRL 2049 * number to correct value too. 2050 */ 2051 2052 for (i = 0; i < X509_CRL_get_ext_count(newer); i++) { 2053 X509_EXTENSION *ext; 2054 ext = X509_CRL_get_ext(newer, i); 2055 if (!X509_CRL_add_ext(crl, ext, -1)) 2056 goto memerr; 2057 } 2058 2059 /* Go through revoked entries, copying as needed */ 2060 2061 revs = X509_CRL_get_REVOKED(newer); 2062 2063 for (j = 0; j < sk_X509_REVOKED_num(revs); j++) { 2064 X509_REVOKED *rvn, *rvtmp; 2065 rvn = sk_X509_REVOKED_value(revs, j); 2066 /* 2067 * Add only if not also in base. TODO: need something cleverer here 2068 * for some more complex CRLs covering multiple CAs. 2069 */ 2070 if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) { 2071 rvtmp = X509_REVOKED_dup(rvn); 2072 if (!rvtmp) 2073 goto memerr; 2074 if (!X509_CRL_add0_revoked(crl, rvtmp)) { 2075 X509_REVOKED_free(rvtmp); 2076 goto memerr; 2077 } 2078 } 2079 } 2080 /* TODO: optionally prune deleted entries */ 2081 2082 if (skey && md && !X509_CRL_sign(crl, skey, md)) 2083 goto memerr; 2084 2085 return crl; 2086 2087 memerr: 2088 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 2089 if (crl) 2090 X509_CRL_free(crl); 2091 return NULL; 2092} 2093 2094int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, 2095 CRYPTO_EX_unused * unused, 2096 CRYPTO_EX_dup *dup_unused, 2097 CRYPTO_EX_free *free_func) 2098{ 2099 /* 2100 * This function is (usually) called only once, by 2101 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). 2102 */ 2103 int index; 2104 if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, 2105 free_func)) { 2106 return -1; 2107 } 2108 return index; 2109} 2110 2111int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2112{ 2113 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2114} 2115 2116void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2117{ 2118 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2119} 2120 2121int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2122{ 2123 return ctx->error; 2124} 2125 2126void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2127{ 2128 ctx->error = err; 2129} 2130 2131int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2132{ 2133 return ctx->error_depth; 2134} 2135 2136X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2137{ 2138 return ctx->current_cert; 2139} 2140 2141STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2142{ 2143 return ctx->chain; 2144} 2145 2146STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2147{ 2148 if (!ctx->chain) 2149 return NULL; 2150 return X509_chain_up_ref(ctx->chain); 2151} 2152 2153X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2154{ 2155 return ctx->current_issuer; 2156} 2157 2158X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2159{ 2160 return ctx->current_crl; 2161} 2162 2163X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2164{ 2165 return ctx->parent; 2166} 2167 2168void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2169{ 2170 ctx->cert = x; 2171} 2172 2173void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2174{ 2175 ctx->untrusted = sk; 2176} 2177 2178STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) 2179{ 2180 return ctx->untrusted; 2181} 2182 2183void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2184{ 2185 ctx->crls = sk; 2186} 2187 2188int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2189{ 2190 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2191} 2192 2193int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2194{ 2195 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2196} 2197 2198/* 2199 * This function is used to set the X509_STORE_CTX purpose and trust values. 2200 * This is intended to be used when another structure has its own trust and 2201 * purpose values which (if set) will be inherited by the ctx. If they aren't 2202 * set then we will usually have a default purpose in mind which should then 2203 * be used to set the trust value. An example of this is SSL use: an SSL 2204 * structure will have its own purpose and trust settings which the 2205 * application can set: if they aren't set then we use the default of SSL 2206 * client/server. 2207 */ 2208 2209int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2210 int purpose, int trust) 2211{ 2212 int idx; 2213 /* If purpose not set use default */ 2214 if (!purpose) 2215 purpose = def_purpose; 2216 /* If we have a purpose then check it is valid */ 2217 if (purpose) { 2218 X509_PURPOSE *ptmp; 2219 idx = X509_PURPOSE_get_by_id(purpose); 2220 if (idx == -1) { 2221 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); 2222 return 0; 2223 } 2224 ptmp = X509_PURPOSE_get0(idx); 2225 if (ptmp->trust == X509_TRUST_DEFAULT) { 2226 idx = X509_PURPOSE_get_by_id(def_purpose); 2227 if (idx == -1) { 2228 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); 2229 return 0; 2230 } 2231 ptmp = X509_PURPOSE_get0(idx); 2232 } 2233 /* If trust not set then get from purpose default */ 2234 if (!trust) 2235 trust = ptmp->trust; 2236 } 2237 if (trust) { 2238 idx = X509_TRUST_get_by_id(trust); 2239 if (idx == -1) { 2240 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID); 2241 return 0; 2242 } 2243 } 2244 2245 if (purpose && !ctx->param->purpose) 2246 ctx->param->purpose = purpose; 2247 if (trust && !ctx->param->trust) 2248 ctx->param->trust = trust; 2249 return 1; 2250} 2251 2252X509_STORE_CTX *X509_STORE_CTX_new(void) 2253{ 2254 X509_STORE_CTX *ctx; 2255 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); 2256 if (!ctx) { 2257 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 2258 return NULL; 2259 } 2260 X509_STORE_CTX_zero(ctx); 2261 return ctx; 2262} 2263 2264void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) 2265{ 2266 OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX)); 2267} 2268 2269void X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2270{ 2271 if (ctx == NULL) { 2272 return; 2273 } 2274 X509_STORE_CTX_cleanup(ctx); 2275 OPENSSL_free(ctx); 2276} 2277 2278int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2279 STACK_OF(X509) *chain) 2280{ 2281 int ret = 1; 2282 2283 X509_STORE_CTX_zero(ctx); 2284 ctx->ctx = store; 2285 ctx->cert = x509; 2286 ctx->untrusted = chain; 2287 2288 CRYPTO_new_ex_data(&ctx->ex_data); 2289 2290 ctx->param = X509_VERIFY_PARAM_new(); 2291 if (!ctx->param) 2292 goto err; 2293 2294 /* 2295 * Inherit callbacks and flags from X509_STORE if not set use defaults. 2296 */ 2297 2298 if (store) 2299 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2300 else 2301 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; 2302 2303 if (store) { 2304 ctx->verify_cb = store->verify_cb; 2305 ctx->cleanup = store->cleanup; 2306 } else 2307 ctx->cleanup = 0; 2308 2309 if (ret) 2310 ret = X509_VERIFY_PARAM_inherit(ctx->param, 2311 X509_VERIFY_PARAM_lookup("default")); 2312 2313 if (ret == 0) 2314 goto err; 2315 2316 if (store && store->check_issued) 2317 ctx->check_issued = store->check_issued; 2318 else 2319 ctx->check_issued = check_issued; 2320 2321 if (store && store->get_issuer) 2322 ctx->get_issuer = store->get_issuer; 2323 else 2324 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2325 2326 if (store && store->verify_cb) 2327 ctx->verify_cb = store->verify_cb; 2328 else 2329 ctx->verify_cb = null_callback; 2330 2331 if (store && store->verify) 2332 ctx->verify = store->verify; 2333 else 2334 ctx->verify = internal_verify; 2335 2336 if (store && store->check_revocation) 2337 ctx->check_revocation = store->check_revocation; 2338 else 2339 ctx->check_revocation = check_revocation; 2340 2341 if (store && store->get_crl) 2342 ctx->get_crl = store->get_crl; 2343 else 2344 ctx->get_crl = NULL; 2345 2346 if (store && store->check_crl) 2347 ctx->check_crl = store->check_crl; 2348 else 2349 ctx->check_crl = check_crl; 2350 2351 if (store && store->cert_crl) 2352 ctx->cert_crl = store->cert_crl; 2353 else 2354 ctx->cert_crl = cert_crl; 2355 2356 if (store && store->lookup_certs) 2357 ctx->lookup_certs = store->lookup_certs; 2358 else 2359 ctx->lookup_certs = X509_STORE_get1_certs; 2360 2361 if (store && store->lookup_crls) 2362 ctx->lookup_crls = store->lookup_crls; 2363 else 2364 ctx->lookup_crls = X509_STORE_get1_crls; 2365 2366 ctx->check_policy = check_policy; 2367 2368 return 1; 2369 2370 err: 2371 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data); 2372 if (ctx->param != NULL) { 2373 X509_VERIFY_PARAM_free(ctx->param); 2374 } 2375 2376 OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX)); 2377 OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); 2378 return 0; 2379} 2380 2381/* 2382 * Set alternative lookup method: just a STACK of trusted certificates. This 2383 * avoids X509_STORE nastiness where it isn't needed. 2384 */ 2385 2386void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2387{ 2388 ctx->other_ctx = sk; 2389 ctx->get_issuer = get_issuer_sk; 2390} 2391 2392void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2393{ 2394 /* We need to be idempotent because, unfortunately, |X509_STORE_CTX_free| 2395 * also calls this function. */ 2396 if (ctx->cleanup != NULL) { 2397 ctx->cleanup(ctx); 2398 ctx->cleanup = NULL; 2399 } 2400 if (ctx->param != NULL) { 2401 if (ctx->parent == NULL) 2402 X509_VERIFY_PARAM_free(ctx->param); 2403 ctx->param = NULL; 2404 } 2405 if (ctx->tree != NULL) { 2406 X509_policy_tree_free(ctx->tree); 2407 ctx->tree = NULL; 2408 } 2409 if (ctx->chain != NULL) { 2410 sk_X509_pop_free(ctx->chain, X509_free); 2411 ctx->chain = NULL; 2412 } 2413 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data)); 2414 OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2415} 2416 2417void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2418{ 2419 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2420} 2421 2422void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2423{ 2424 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2425} 2426 2427void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, 2428 time_t t) 2429{ 2430 X509_VERIFY_PARAM_set_time(ctx->param, t); 2431} 2432 2433void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2434 int (*verify_cb) (int, X509_STORE_CTX *)) 2435{ 2436 ctx->verify_cb = verify_cb; 2437} 2438 2439X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2440{ 2441 return ctx->tree; 2442} 2443 2444int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2445{ 2446 return ctx->explicit_policy; 2447} 2448 2449int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2450{ 2451 const X509_VERIFY_PARAM *param; 2452 param = X509_VERIFY_PARAM_lookup(name); 2453 if (!param) 2454 return 0; 2455 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2456} 2457 2458X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2459{ 2460 return ctx->param; 2461} 2462 2463void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2464{ 2465 if (ctx->param) 2466 X509_VERIFY_PARAM_free(ctx->param); 2467 ctx->param = param; 2468} 2469 2470IMPLEMENT_ASN1_SET_OF(X509) 2471 2472IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) 2473