1/* crypto/x509/x509_vfy.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include <time.h> 61#include <errno.h> 62 63#include "cryptlib.h" 64#include <openssl/crypto.h> 65#include <openssl/lhash.h> 66#include <openssl/buffer.h> 67#include <openssl/evp.h> 68#include <openssl/asn1.h> 69#include <openssl/x509.h> 70#include <openssl/x509v3.h> 71#include <openssl/objects.h> 72#include "vpm_int.h" 73 74/* CRL score values */ 75 76/* No unhandled critical extensions */ 77 78#define CRL_SCORE_NOCRITICAL 0x100 79 80/* certificate is within CRL scope */ 81 82#define CRL_SCORE_SCOPE 0x080 83 84/* CRL times valid */ 85 86#define CRL_SCORE_TIME 0x040 87 88/* Issuer name matches certificate */ 89 90#define CRL_SCORE_ISSUER_NAME 0x020 91 92/* If this score or above CRL is probably valid */ 93 94#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 95 96/* CRL issuer is certificate issuer */ 97 98#define CRL_SCORE_ISSUER_CERT 0x018 99 100/* CRL issuer is on certificate path */ 101 102#define CRL_SCORE_SAME_PATH 0x008 103 104/* CRL issuer matches CRL AKID */ 105 106#define CRL_SCORE_AKID 0x004 107 108/* Have a delta CRL with valid times */ 109 110#define CRL_SCORE_TIME_DELTA 0x002 111 112static int null_callback(int ok, X509_STORE_CTX *e); 113static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 114static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); 115static int check_chain_extensions(X509_STORE_CTX *ctx); 116static int check_name_constraints(X509_STORE_CTX *ctx); 117static int check_id(X509_STORE_CTX *ctx); 118static int check_trust(X509_STORE_CTX *ctx); 119static int check_revocation(X509_STORE_CTX *ctx); 120static int check_cert(X509_STORE_CTX *ctx); 121static int check_policy(X509_STORE_CTX *ctx); 122 123static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 124 unsigned int *preasons, X509_CRL *crl, X509 *x); 125static int get_crl_delta(X509_STORE_CTX *ctx, 126 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 127static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, 128 int *pcrl_score, X509_CRL *base, 129 STACK_OF(X509_CRL) *crls); 130static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 131 int *pcrl_score); 132static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 133 unsigned int *preasons); 134static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 135static int check_crl_chain(X509_STORE_CTX *ctx, 136 STACK_OF(X509) *cert_path, 137 STACK_OF(X509) *crl_path); 138 139static int internal_verify(X509_STORE_CTX *ctx); 140const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT; 141 142static int null_callback(int ok, X509_STORE_CTX *e) 143{ 144 return ok; 145} 146 147#if 0 148static int x509_subject_cmp(X509 **a, X509 **b) 149{ 150 return X509_subject_name_cmp(*a, *b); 151} 152#endif 153/* Return 1 is a certificate is self signed */ 154static int cert_self_signed(X509 *x) 155{ 156 X509_check_purpose(x, -1, 0); 157 if (x->ex_flags & EXFLAG_SS) 158 return 1; 159 else 160 return 0; 161} 162 163/* Given a certificate try and find an exact match in the store */ 164 165static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 166{ 167 STACK_OF(X509) *certs; 168 X509 *xtmp = NULL; 169 int i; 170 /* Lookup all certs with matching subject name */ 171 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 172 if (certs == NULL) 173 return NULL; 174 /* Look for exact match */ 175 for (i = 0; i < sk_X509_num(certs); i++) { 176 xtmp = sk_X509_value(certs, i); 177 if (!X509_cmp(xtmp, x)) 178 break; 179 } 180 if (i < sk_X509_num(certs)) 181 CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); 182 else 183 xtmp = NULL; 184 sk_X509_pop_free(certs, X509_free); 185 return xtmp; 186} 187 188int X509_verify_cert(X509_STORE_CTX *ctx) 189{ 190 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 191 int bad_chain = 0; 192 X509_VERIFY_PARAM *param = ctx->param; 193 int depth, i, ok = 0; 194 int num, j, retry; 195 int (*cb) (int xok, X509_STORE_CTX *xctx); 196 STACK_OF(X509) *sktmp = NULL; 197 if (ctx->cert == NULL) { 198 X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 199 return -1; 200 } 201 if (ctx->chain != NULL) { 202 /* 203 * This X509_STORE_CTX has already been used to verify a cert. We 204 * cannot do another one. 205 */ 206 X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 207 return -1; 208 } 209 210 cb = ctx->verify_cb; 211 212 /* 213 * first we make sure the chain we are going to build is present and that 214 * the first entry is in place 215 */ 216 if (((ctx->chain = sk_X509_new_null()) == NULL) || 217 (!sk_X509_push(ctx->chain, ctx->cert))) { 218 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 219 goto end; 220 } 221 CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); 222 ctx->last_untrusted = 1; 223 224 /* We use a temporary STACK so we can chop and hack at it */ 225 if (ctx->untrusted != NULL 226 && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 227 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 228 goto end; 229 } 230 231 num = sk_X509_num(ctx->chain); 232 x = sk_X509_value(ctx->chain, num - 1); 233 depth = param->depth; 234 235 for (;;) { 236 /* If we have enough, we break */ 237 if (depth < num) 238 break; /* FIXME: If this happens, we should take 239 * note of it and, if appropriate, use the 240 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 241 * later. */ 242 243 /* If we are self signed, we break */ 244 if (cert_self_signed(x)) 245 break; 246 /* 247 * If asked see if we can find issuer in trusted store first 248 */ 249 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 250 ok = ctx->get_issuer(&xtmp, ctx, x); 251 if (ok < 0) 252 return ok; 253 /* 254 * If successful for now free up cert so it will be picked up 255 * again later. 256 */ 257 if (ok > 0) { 258 X509_free(xtmp); 259 break; 260 } 261 } 262 263 /* If we were passed a cert chain, use it first */ 264 if (ctx->untrusted != NULL) { 265 xtmp = find_issuer(ctx, sktmp, x); 266 if (xtmp != NULL) { 267 if (!sk_X509_push(ctx->chain, xtmp)) { 268 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 269 goto end; 270 } 271 CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); 272 (void)sk_X509_delete_ptr(sktmp, xtmp); 273 ctx->last_untrusted++; 274 x = xtmp; 275 num++; 276 /* 277 * reparse the full chain for the next one 278 */ 279 continue; 280 } 281 } 282 break; 283 } 284 285 /* Remember how many untrusted certs we have */ 286 j = num; 287 /* 288 * at this point, chain should contain a list of untrusted certificates. 289 * We now need to add at least one trusted one, if possible, otherwise we 290 * complain. 291 */ 292 293 do { 294 /* 295 * Examine last certificate in chain and see if it is self signed. 296 */ 297 i = sk_X509_num(ctx->chain); 298 x = sk_X509_value(ctx->chain, i - 1); 299 if (cert_self_signed(x)) { 300 /* we have a self signed certificate */ 301 if (sk_X509_num(ctx->chain) == 1) { 302 /* 303 * We have a single self signed certificate: see if we can 304 * find it in the store. We must have an exact match to avoid 305 * possible impersonation. 306 */ 307 ok = ctx->get_issuer(&xtmp, ctx, x); 308 if ((ok <= 0) || X509_cmp(x, xtmp)) { 309 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 310 ctx->current_cert = x; 311 ctx->error_depth = i - 1; 312 if (ok == 1) 313 X509_free(xtmp); 314 bad_chain = 1; 315 ok = cb(0, ctx); 316 if (!ok) 317 goto end; 318 } else { 319 /* 320 * We have a match: replace certificate with store 321 * version so we get any trust settings. 322 */ 323 X509_free(x); 324 x = xtmp; 325 (void)sk_X509_set(ctx->chain, i - 1, x); 326 ctx->last_untrusted = 0; 327 } 328 } else { 329 /* 330 * extract and save self signed certificate for later use 331 */ 332 chain_ss = sk_X509_pop(ctx->chain); 333 ctx->last_untrusted--; 334 num--; 335 j--; 336 x = sk_X509_value(ctx->chain, num - 1); 337 } 338 } 339 /* We now lookup certs from the certificate store */ 340 for (;;) { 341 /* If we have enough, we break */ 342 if (depth < num) 343 break; 344 /* If we are self signed, we break */ 345 if (cert_self_signed(x)) 346 break; 347 ok = ctx->get_issuer(&xtmp, ctx, x); 348 349 if (ok < 0) 350 return ok; 351 if (ok == 0) 352 break; 353 x = xtmp; 354 if (!sk_X509_push(ctx->chain, x)) { 355 X509_free(xtmp); 356 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); 357 return 0; 358 } 359 num++; 360 } 361 362 /* we now have our chain, lets check it... */ 363 i = check_trust(ctx); 364 365 /* If explicitly rejected error */ 366 if (i == X509_TRUST_REJECTED) 367 goto end; 368 /* 369 * If it's not explicitly trusted then check if there is an alternative 370 * chain that could be used. We only do this if we haven't already 371 * checked via TRUSTED_FIRST and the user hasn't switched off alternate 372 * chain checking 373 */ 374 retry = 0; 375 if (i != X509_TRUST_TRUSTED 376 && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) 377 && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 378 while (j-- > 1) { 379 xtmp2 = sk_X509_value(ctx->chain, j - 1); 380 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 381 if (ok < 0) 382 goto end; 383 /* Check if we found an alternate chain */ 384 if (ok > 0) { 385 /* 386 * Free up the found cert we'll add it again later 387 */ 388 X509_free(xtmp); 389 390 /* 391 * Dump all the certs above this point - we've found an 392 * alternate chain 393 */ 394 while (num > j) { 395 xtmp = sk_X509_pop(ctx->chain); 396 X509_free(xtmp); 397 num--; 398 } 399 ctx->last_untrusted = sk_X509_num(ctx->chain); 400 retry = 1; 401 break; 402 } 403 } 404 } 405 } while (retry); 406 407 /* 408 * If not explicitly trusted then indicate error unless it's a single 409 * self signed certificate in which case we've indicated an error already 410 * and set bad_chain == 1 411 */ 412 if (i != X509_TRUST_TRUSTED && !bad_chain) { 413 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 414 if (ctx->last_untrusted >= num) 415 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 416 else 417 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 418 ctx->current_cert = x; 419 } else { 420 421 sk_X509_push(ctx->chain, chain_ss); 422 num++; 423 ctx->last_untrusted = num; 424 ctx->current_cert = chain_ss; 425 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 426 chain_ss = NULL; 427 } 428 429 ctx->error_depth = num - 1; 430 bad_chain = 1; 431 ok = cb(0, ctx); 432 if (!ok) 433 goto end; 434 } 435 436 /* We have the chain complete: now we need to check its purpose */ 437 ok = check_chain_extensions(ctx); 438 439 if (!ok) 440 goto end; 441 442 /* Check name constraints */ 443 444 ok = check_name_constraints(ctx); 445 446 if (!ok) 447 goto end; 448 449 ok = check_id(ctx); 450 451 if (!ok) 452 goto end; 453 454 /* We may as well copy down any DSA parameters that are required */ 455 X509_get_pubkey_parameters(NULL, ctx->chain); 456 457 /* 458 * Check revocation status: we do this after copying parameters because 459 * they may be needed for CRL signature verification. 460 */ 461 462 ok = ctx->check_revocation(ctx); 463 if (!ok) 464 goto end; 465 466 i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, 467 ctx->param->flags); 468 if (i != X509_V_OK) { 469 ctx->error = i; 470 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); 471 ok = cb(0, ctx); 472 if (!ok) 473 goto end; 474 } 475 476 /* At this point, we have a chain and need to verify it */ 477 if (ctx->verify != NULL) 478 ok = ctx->verify(ctx); 479 else 480 ok = internal_verify(ctx); 481 if (!ok) 482 goto end; 483 484#ifndef OPENSSL_NO_RFC3779 485 /* RFC 3779 path validation, now that CRL check has been done */ 486 ok = v3_asid_validate_path(ctx); 487 if (!ok) 488 goto end; 489 ok = v3_addr_validate_path(ctx); 490 if (!ok) 491 goto end; 492#endif 493 494 /* If we get this far evaluate policies */ 495 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 496 ok = ctx->check_policy(ctx); 497 if (!ok) 498 goto end; 499 if (0) { 500 end: 501 X509_get_pubkey_parameters(NULL, ctx->chain); 502 } 503 if (sktmp != NULL) 504 sk_X509_free(sktmp); 505 if (chain_ss != NULL) 506 X509_free(chain_ss); 507 return ok; 508} 509 510/* 511 * Given a STACK_OF(X509) find the issuer of cert (if any) 512 */ 513 514static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) 515{ 516 int i; 517 X509 *issuer; 518 for (i = 0; i < sk_X509_num(sk); i++) { 519 issuer = sk_X509_value(sk, i); 520 if (ctx->check_issued(ctx, x, issuer)) 521 return issuer; 522 } 523 return NULL; 524} 525 526/* Given a possible certificate and issuer check them */ 527 528static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 529{ 530 int ret; 531 ret = X509_check_issued(issuer, x); 532 if (ret == X509_V_OK) 533 return 1; 534 /* If we haven't asked for issuer errors don't set ctx */ 535 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 536 return 0; 537 538 ctx->error = ret; 539 ctx->current_cert = x; 540 ctx->current_issuer = issuer; 541 return ctx->verify_cb(0, ctx); 542} 543 544/* Alternative lookup method: look from a STACK stored in other_ctx */ 545 546static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 547{ 548 *issuer = find_issuer(ctx, ctx->other_ctx, x); 549 if (*issuer) { 550 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 551 return 1; 552 } else 553 return 0; 554} 555 556/* 557 * Check a certificate chains extensions for consistency with the supplied 558 * purpose 559 */ 560 561static int check_chain_extensions(X509_STORE_CTX *ctx) 562{ 563#ifdef OPENSSL_NO_CHAIN_VERIFY 564 return 1; 565#else 566 int i, ok = 0, must_be_ca, plen = 0; 567 X509 *x; 568 int (*cb) (int xok, X509_STORE_CTX *xctx); 569 int proxy_path_length = 0; 570 int purpose; 571 int allow_proxy_certs; 572 cb = ctx->verify_cb; 573 574 /*- 575 * must_be_ca can have 1 of 3 values: 576 * -1: we accept both CA and non-CA certificates, to allow direct 577 * use of self-signed certificates (which are marked as CA). 578 * 0: we only accept non-CA certificates. This is currently not 579 * used, but the possibility is present for future extensions. 580 * 1: we only accept CA certificates. This is currently used for 581 * all certificates in the chain except the leaf certificate. 582 */ 583 must_be_ca = -1; 584 585 /* CRL path validation */ 586 if (ctx->parent) { 587 allow_proxy_certs = 0; 588 purpose = X509_PURPOSE_CRL_SIGN; 589 } else { 590 allow_proxy_certs = 591 ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 592 /* 593 * A hack to keep people who don't want to modify their software 594 * happy 595 */ 596 if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) 597 allow_proxy_certs = 1; 598 purpose = ctx->param->purpose; 599 } 600 601 /* Check all untrusted certificates */ 602 for (i = 0; i < ctx->last_untrusted; i++) { 603 int ret; 604 x = sk_X509_value(ctx->chain, i); 605 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 606 && (x->ex_flags & EXFLAG_CRITICAL)) { 607 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 608 ctx->error_depth = i; 609 ctx->current_cert = x; 610 ok = cb(0, ctx); 611 if (!ok) 612 goto end; 613 } 614 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { 615 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 616 ctx->error_depth = i; 617 ctx->current_cert = x; 618 ok = cb(0, ctx); 619 if (!ok) 620 goto end; 621 } 622 ret = X509_check_ca(x); 623 switch (must_be_ca) { 624 case -1: 625 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 626 && (ret != 1) && (ret != 0)) { 627 ret = 0; 628 ctx->error = X509_V_ERR_INVALID_CA; 629 } else 630 ret = 1; 631 break; 632 case 0: 633 if (ret != 0) { 634 ret = 0; 635 ctx->error = X509_V_ERR_INVALID_NON_CA; 636 } else 637 ret = 1; 638 break; 639 default: 640 if ((ret == 0) 641 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 642 && (ret != 1))) { 643 ret = 0; 644 ctx->error = X509_V_ERR_INVALID_CA; 645 } else 646 ret = 1; 647 break; 648 } 649 if (ret == 0) { 650 ctx->error_depth = i; 651 ctx->current_cert = x; 652 ok = cb(0, ctx); 653 if (!ok) 654 goto end; 655 } 656 if (ctx->param->purpose > 0) { 657 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 658 if ((ret == 0) 659 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 660 && (ret != 1))) { 661 ctx->error = X509_V_ERR_INVALID_PURPOSE; 662 ctx->error_depth = i; 663 ctx->current_cert = x; 664 ok = cb(0, ctx); 665 if (!ok) 666 goto end; 667 } 668 } 669 /* Check pathlen if not self issued */ 670 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) 671 && (x->ex_pathlen != -1) 672 && (plen > (x->ex_pathlen + proxy_path_length + 1))) { 673 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 674 ctx->error_depth = i; 675 ctx->current_cert = x; 676 ok = cb(0, ctx); 677 if (!ok) 678 goto end; 679 } 680 /* Increment path length if not self issued */ 681 if (!(x->ex_flags & EXFLAG_SI)) 682 plen++; 683 /* 684 * If this certificate is a proxy certificate, the next certificate 685 * must be another proxy certificate or a EE certificate. If not, 686 * the next certificate must be a CA certificate. 687 */ 688 if (x->ex_flags & EXFLAG_PROXY) { 689 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { 690 ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 691 ctx->error_depth = i; 692 ctx->current_cert = x; 693 ok = cb(0, ctx); 694 if (!ok) 695 goto end; 696 } 697 proxy_path_length++; 698 must_be_ca = 0; 699 } else 700 must_be_ca = 1; 701 } 702 ok = 1; 703 end: 704 return ok; 705#endif 706} 707 708static int check_name_constraints(X509_STORE_CTX *ctx) 709{ 710 X509 *x; 711 int i, j, rv; 712 /* Check name constraints for all certificates */ 713 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { 714 x = sk_X509_value(ctx->chain, i); 715 /* Ignore self issued certs unless last in chain */ 716 if (i && (x->ex_flags & EXFLAG_SI)) 717 continue; 718 /* 719 * Check against constraints for all certificates higher in chain 720 * including trust anchor. Trust anchor not strictly speaking needed 721 * but if it includes constraints it is to be assumed it expects them 722 * to be obeyed. 723 */ 724 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { 725 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; 726 if (nc) { 727 rv = NAME_CONSTRAINTS_check(x, nc); 728 if (rv != X509_V_OK) { 729 ctx->error = rv; 730 ctx->error_depth = i; 731 ctx->current_cert = x; 732 if (!ctx->verify_cb(0, ctx)) 733 return 0; 734 } 735 } 736 } 737 } 738 return 1; 739} 740 741static int check_id_error(X509_STORE_CTX *ctx, int errcode) 742{ 743 ctx->error = errcode; 744 ctx->current_cert = ctx->cert; 745 ctx->error_depth = 0; 746 return ctx->verify_cb(0, ctx); 747} 748 749static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 750{ 751 int i; 752 int n = sk_OPENSSL_STRING_num(id->hosts); 753 char *name; 754 755 for (i = 0; i < n; ++i) { 756 name = sk_OPENSSL_STRING_value(id->hosts, i); 757 if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) 758 return 1; 759 } 760 return n == 0; 761} 762 763static int check_id(X509_STORE_CTX *ctx) 764{ 765 X509_VERIFY_PARAM *vpm = ctx->param; 766 X509_VERIFY_PARAM_ID *id = vpm->id; 767 X509 *x = ctx->cert; 768 if (id->hosts && check_hosts(x, id) <= 0) { 769 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 770 return 0; 771 } 772 if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) { 773 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 774 return 0; 775 } 776 if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { 777 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 778 return 0; 779 } 780 return 1; 781} 782 783static int check_trust(X509_STORE_CTX *ctx) 784{ 785 int i, ok; 786 X509 *x = NULL; 787 int (*cb) (int xok, X509_STORE_CTX *xctx); 788 cb = ctx->verify_cb; 789 /* Check all trusted certificates in chain */ 790 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { 791 x = sk_X509_value(ctx->chain, i); 792 ok = X509_check_trust(x, ctx->param->trust, 0); 793 /* If explicitly trusted return trusted */ 794 if (ok == X509_TRUST_TRUSTED) 795 return X509_TRUST_TRUSTED; 796 /* 797 * If explicitly rejected notify callback and reject if not 798 * overridden. 799 */ 800 if (ok == X509_TRUST_REJECTED) { 801 ctx->error_depth = i; 802 ctx->current_cert = x; 803 ctx->error = X509_V_ERR_CERT_REJECTED; 804 ok = cb(0, ctx); 805 if (!ok) 806 return X509_TRUST_REJECTED; 807 } 808 } 809 /* 810 * If we accept partial chains and have at least one trusted certificate 811 * return success. 812 */ 813 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 814 X509 *mx; 815 if (ctx->last_untrusted < sk_X509_num(ctx->chain)) 816 return X509_TRUST_TRUSTED; 817 x = sk_X509_value(ctx->chain, 0); 818 mx = lookup_cert_match(ctx, x); 819 if (mx) { 820 (void)sk_X509_set(ctx->chain, 0, mx); 821 X509_free(x); 822 ctx->last_untrusted = 0; 823 return X509_TRUST_TRUSTED; 824 } 825 } 826 827 /* 828 * If no trusted certs in chain at all return untrusted and allow 829 * standard (no issuer cert) etc errors to be indicated. 830 */ 831 return X509_TRUST_UNTRUSTED; 832} 833 834static int check_revocation(X509_STORE_CTX *ctx) 835{ 836 int i, last, ok; 837 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 838 return 1; 839 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 840 last = sk_X509_num(ctx->chain) - 1; 841 else { 842 /* If checking CRL paths this isn't the EE certificate */ 843 if (ctx->parent) 844 return 1; 845 last = 0; 846 } 847 for (i = 0; i <= last; i++) { 848 ctx->error_depth = i; 849 ok = check_cert(ctx); 850 if (!ok) 851 return ok; 852 } 853 return 1; 854} 855 856static int check_cert(X509_STORE_CTX *ctx) 857{ 858 X509_CRL *crl = NULL, *dcrl = NULL; 859 X509 *x; 860 int ok, cnum; 861 unsigned int last_reasons; 862 cnum = ctx->error_depth; 863 x = sk_X509_value(ctx->chain, cnum); 864 ctx->current_cert = x; 865 ctx->current_issuer = NULL; 866 ctx->current_crl_score = 0; 867 ctx->current_reasons = 0; 868 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 869 last_reasons = ctx->current_reasons; 870 /* Try to retrieve relevant CRL */ 871 if (ctx->get_crl) 872 ok = ctx->get_crl(ctx, &crl, x); 873 else 874 ok = get_crl_delta(ctx, &crl, &dcrl, x); 875 /* 876 * If error looking up CRL, nothing we can do except notify callback 877 */ 878 if (!ok) { 879 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 880 ok = ctx->verify_cb(0, ctx); 881 goto err; 882 } 883 ctx->current_crl = crl; 884 ok = ctx->check_crl(ctx, crl); 885 if (!ok) 886 goto err; 887 888 if (dcrl) { 889 ok = ctx->check_crl(ctx, dcrl); 890 if (!ok) 891 goto err; 892 ok = ctx->cert_crl(ctx, dcrl, x); 893 if (!ok) 894 goto err; 895 } else 896 ok = 1; 897 898 /* Don't look in full CRL if delta reason is removefromCRL */ 899 if (ok != 2) { 900 ok = ctx->cert_crl(ctx, crl, x); 901 if (!ok) 902 goto err; 903 } 904 905 X509_CRL_free(crl); 906 X509_CRL_free(dcrl); 907 crl = NULL; 908 dcrl = NULL; 909 /* 910 * If reasons not updated we wont get anywhere by another iteration, 911 * so exit loop. 912 */ 913 if (last_reasons == ctx->current_reasons) { 914 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 915 ok = ctx->verify_cb(0, ctx); 916 goto err; 917 } 918 } 919 err: 920 X509_CRL_free(crl); 921 X509_CRL_free(dcrl); 922 923 ctx->current_crl = NULL; 924 return ok; 925 926} 927 928/* Check CRL times against values in X509_STORE_CTX */ 929 930static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 931{ 932 time_t *ptime; 933 int i; 934 if (notify) 935 ctx->current_crl = crl; 936 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 937 ptime = &ctx->param->check_time; 938 else 939 ptime = NULL; 940 941 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 942 if (i == 0) { 943 if (!notify) 944 return 0; 945 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 946 if (!ctx->verify_cb(0, ctx)) 947 return 0; 948 } 949 950 if (i > 0) { 951 if (!notify) 952 return 0; 953 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 954 if (!ctx->verify_cb(0, ctx)) 955 return 0; 956 } 957 958 if (X509_CRL_get_nextUpdate(crl)) { 959 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 960 961 if (i == 0) { 962 if (!notify) 963 return 0; 964 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 965 if (!ctx->verify_cb(0, ctx)) 966 return 0; 967 } 968 /* Ignore expiry of base CRL is delta is valid */ 969 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 970 if (!notify) 971 return 0; 972 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 973 if (!ctx->verify_cb(0, ctx)) 974 return 0; 975 } 976 } 977 978 if (notify) 979 ctx->current_crl = NULL; 980 981 return 1; 982} 983 984static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 985 X509 **pissuer, int *pscore, unsigned int *preasons, 986 STACK_OF(X509_CRL) *crls) 987{ 988 int i, crl_score, best_score = *pscore; 989 unsigned int reasons, best_reasons = 0; 990 X509 *x = ctx->current_cert; 991 X509_CRL *crl, *best_crl = NULL; 992 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 993 994 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 995 crl = sk_X509_CRL_value(crls, i); 996 reasons = *preasons; 997 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 998 999 if (crl_score > best_score) { 1000 best_crl = crl; 1001 best_crl_issuer = crl_issuer; 1002 best_score = crl_score; 1003 best_reasons = reasons; 1004 } 1005 } 1006 1007 if (best_crl) { 1008 if (*pcrl) 1009 X509_CRL_free(*pcrl); 1010 *pcrl = best_crl; 1011 *pissuer = best_crl_issuer; 1012 *pscore = best_score; 1013 *preasons = best_reasons; 1014 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); 1015 if (*pdcrl) { 1016 X509_CRL_free(*pdcrl); 1017 *pdcrl = NULL; 1018 } 1019 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1020 } 1021 1022 if (best_score >= CRL_SCORE_VALID) 1023 return 1; 1024 1025 return 0; 1026} 1027 1028/* 1029 * Compare two CRL extensions for delta checking purposes. They should be 1030 * both present or both absent. If both present all fields must be identical. 1031 */ 1032 1033static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1034{ 1035 ASN1_OCTET_STRING *exta, *extb; 1036 int i; 1037 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1038 if (i >= 0) { 1039 /* Can't have multiple occurrences */ 1040 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1041 return 0; 1042 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1043 } else 1044 exta = NULL; 1045 1046 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1047 1048 if (i >= 0) { 1049 1050 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1051 return 0; 1052 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1053 } else 1054 extb = NULL; 1055 1056 if (!exta && !extb) 1057 return 1; 1058 1059 if (!exta || !extb) 1060 return 0; 1061 1062 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1063 return 0; 1064 1065 return 1; 1066} 1067 1068/* See if a base and delta are compatible */ 1069 1070static int check_delta_base(X509_CRL *delta, X509_CRL *base) 1071{ 1072 /* Delta CRL must be a delta */ 1073 if (!delta->base_crl_number) 1074 return 0; 1075 /* Base must have a CRL number */ 1076 if (!base->crl_number) 1077 return 0; 1078 /* Issuer names must match */ 1079 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) 1080 return 0; 1081 /* AKID and IDP must match */ 1082 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1083 return 0; 1084 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1085 return 0; 1086 /* Delta CRL base number must not exceed Full CRL number. */ 1087 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1088 return 0; 1089 /* Delta CRL number must exceed full CRL number */ 1090 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1091 return 1; 1092 return 0; 1093} 1094 1095/* 1096 * For a given base CRL find a delta... maybe extend to delta scoring or 1097 * retrieve a chain of deltas... 1098 */ 1099 1100static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, 1101 X509_CRL *base, STACK_OF(X509_CRL) *crls) 1102{ 1103 X509_CRL *delta; 1104 int i; 1105 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1106 return; 1107 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1108 return; 1109 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1110 delta = sk_X509_CRL_value(crls, i); 1111 if (check_delta_base(delta, base)) { 1112 if (check_crl_time(ctx, delta, 0)) 1113 *pscore |= CRL_SCORE_TIME_DELTA; 1114 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); 1115 *dcrl = delta; 1116 return; 1117 } 1118 } 1119 *dcrl = NULL; 1120} 1121 1122/* 1123 * For a given CRL return how suitable it is for the supplied certificate 1124 * 'x'. The return value is a mask of several criteria. If the issuer is not 1125 * the certificate issuer this is returned in *pissuer. The reasons mask is 1126 * also used to determine if the CRL is suitable: if no new reasons the CRL 1127 * is rejected, otherwise reasons is updated. 1128 */ 1129 1130static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 1131 unsigned int *preasons, X509_CRL *crl, X509 *x) 1132{ 1133 1134 int crl_score = 0; 1135 unsigned int tmp_reasons = *preasons, crl_reasons; 1136 1137 /* First see if we can reject CRL straight away */ 1138 1139 /* Invalid IDP cannot be processed */ 1140 if (crl->idp_flags & IDP_INVALID) 1141 return 0; 1142 /* Reason codes or indirect CRLs need extended CRL support */ 1143 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1144 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1145 return 0; 1146 } else if (crl->idp_flags & IDP_REASONS) { 1147 /* If no new reasons reject */ 1148 if (!(crl->idp_reasons & ~tmp_reasons)) 1149 return 0; 1150 } 1151 /* Don't process deltas at this stage */ 1152 else if (crl->base_crl_number) 1153 return 0; 1154 /* If issuer name doesn't match certificate need indirect CRL */ 1155 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1156 if (!(crl->idp_flags & IDP_INDIRECT)) 1157 return 0; 1158 } else 1159 crl_score |= CRL_SCORE_ISSUER_NAME; 1160 1161 if (!(crl->flags & EXFLAG_CRITICAL)) 1162 crl_score |= CRL_SCORE_NOCRITICAL; 1163 1164 /* Check expiry */ 1165 if (check_crl_time(ctx, crl, 0)) 1166 crl_score |= CRL_SCORE_TIME; 1167 1168 /* Check authority key ID and locate certificate issuer */ 1169 crl_akid_check(ctx, crl, pissuer, &crl_score); 1170 1171 /* If we can't locate certificate issuer at this point forget it */ 1172 1173 if (!(crl_score & CRL_SCORE_AKID)) 1174 return 0; 1175 1176 /* Check cert for matching CRL distribution points */ 1177 1178 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1179 /* If no new reasons reject */ 1180 if (!(crl_reasons & ~tmp_reasons)) 1181 return 0; 1182 tmp_reasons |= crl_reasons; 1183 crl_score |= CRL_SCORE_SCOPE; 1184 } 1185 1186 *preasons = tmp_reasons; 1187 1188 return crl_score; 1189 1190} 1191 1192static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, 1193 X509 **pissuer, int *pcrl_score) 1194{ 1195 X509 *crl_issuer = NULL; 1196 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1197 int cidx = ctx->error_depth; 1198 int i; 1199 1200 if (cidx != sk_X509_num(ctx->chain) - 1) 1201 cidx++; 1202 1203 crl_issuer = sk_X509_value(ctx->chain, cidx); 1204 1205 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1206 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1207 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT; 1208 *pissuer = crl_issuer; 1209 return; 1210 } 1211 } 1212 1213 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { 1214 crl_issuer = sk_X509_value(ctx->chain, cidx); 1215 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1216 continue; 1217 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1218 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH; 1219 *pissuer = crl_issuer; 1220 return; 1221 } 1222 } 1223 1224 /* Anything else needs extended CRL support */ 1225 1226 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1227 return; 1228 1229 /* 1230 * Otherwise the CRL issuer is not on the path. Look for it in the set of 1231 * untrusted certificates. 1232 */ 1233 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1234 crl_issuer = sk_X509_value(ctx->untrusted, i); 1235 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1236 continue; 1237 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1238 *pissuer = crl_issuer; 1239 *pcrl_score |= CRL_SCORE_AKID; 1240 return; 1241 } 1242 } 1243} 1244 1245/* 1246 * Check the path of a CRL issuer certificate. This creates a new 1247 * X509_STORE_CTX and populates it with most of the parameters from the 1248 * parent. This could be optimised somewhat since a lot of path checking will 1249 * be duplicated by the parent, but this will rarely be used in practice. 1250 */ 1251 1252static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1253{ 1254 X509_STORE_CTX crl_ctx; 1255 int ret; 1256 /* Don't allow recursive CRL path validation */ 1257 if (ctx->parent) 1258 return 0; 1259 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) 1260 return -1; 1261 1262 crl_ctx.crls = ctx->crls; 1263 /* Copy verify params across */ 1264 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1265 1266 crl_ctx.parent = ctx; 1267 crl_ctx.verify_cb = ctx->verify_cb; 1268 1269 /* Verify CRL issuer */ 1270 ret = X509_verify_cert(&crl_ctx); 1271 1272 if (ret <= 0) 1273 goto err; 1274 1275 /* Check chain is acceptable */ 1276 1277 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1278 err: 1279 X509_STORE_CTX_cleanup(&crl_ctx); 1280 return ret; 1281} 1282 1283/* 1284 * RFC3280 says nothing about the relationship between CRL path and 1285 * certificate path, which could lead to situations where a certificate could 1286 * be revoked or validated by a CA not authorised to do so. RFC5280 is more 1287 * strict and states that the two paths must end in the same trust anchor, 1288 * though some discussions remain... until this is resolved we use the 1289 * RFC5280 version 1290 */ 1291 1292static int check_crl_chain(X509_STORE_CTX *ctx, 1293 STACK_OF(X509) *cert_path, 1294 STACK_OF(X509) *crl_path) 1295{ 1296 X509 *cert_ta, *crl_ta; 1297 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1298 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1299 if (!X509_cmp(cert_ta, crl_ta)) 1300 return 1; 1301 return 0; 1302} 1303 1304/*- 1305 * Check for match between two dist point names: three separate cases. 1306 * 1. Both are relative names and compare X509_NAME types. 1307 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1308 * 3. Both are full names and compare two GENERAL_NAMES. 1309 * 4. One is NULL: automatic match. 1310 */ 1311 1312static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1313{ 1314 X509_NAME *nm = NULL; 1315 GENERAL_NAMES *gens = NULL; 1316 GENERAL_NAME *gena, *genb; 1317 int i, j; 1318 if (!a || !b) 1319 return 1; 1320 if (a->type == 1) { 1321 if (!a->dpname) 1322 return 0; 1323 /* Case 1: two X509_NAME */ 1324 if (b->type == 1) { 1325 if (!b->dpname) 1326 return 0; 1327 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1328 return 1; 1329 else 1330 return 0; 1331 } 1332 /* Case 2: set name and GENERAL_NAMES appropriately */ 1333 nm = a->dpname; 1334 gens = b->name.fullname; 1335 } else if (b->type == 1) { 1336 if (!b->dpname) 1337 return 0; 1338 /* Case 2: set name and GENERAL_NAMES appropriately */ 1339 gens = a->name.fullname; 1340 nm = b->dpname; 1341 } 1342 1343 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1344 if (nm) { 1345 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1346 gena = sk_GENERAL_NAME_value(gens, i); 1347 if (gena->type != GEN_DIRNAME) 1348 continue; 1349 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1350 return 1; 1351 } 1352 return 0; 1353 } 1354 1355 /* Else case 3: two GENERAL_NAMES */ 1356 1357 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1358 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1359 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1360 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1361 if (!GENERAL_NAME_cmp(gena, genb)) 1362 return 1; 1363 } 1364 } 1365 1366 return 0; 1367 1368} 1369 1370static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1371{ 1372 int i; 1373 X509_NAME *nm = X509_CRL_get_issuer(crl); 1374 /* If no CRLissuer return is successful iff don't need a match */ 1375 if (!dp->CRLissuer) 1376 return ! !(crl_score & CRL_SCORE_ISSUER_NAME); 1377 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1378 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1379 if (gen->type != GEN_DIRNAME) 1380 continue; 1381 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1382 return 1; 1383 } 1384 return 0; 1385} 1386 1387/* Check CRLDP and IDP */ 1388 1389static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 1390 unsigned int *preasons) 1391{ 1392 int i; 1393 if (crl->idp_flags & IDP_ONLYATTR) 1394 return 0; 1395 if (x->ex_flags & EXFLAG_CA) { 1396 if (crl->idp_flags & IDP_ONLYUSER) 1397 return 0; 1398 } else { 1399 if (crl->idp_flags & IDP_ONLYCA) 1400 return 0; 1401 } 1402 *preasons = crl->idp_reasons; 1403 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1404 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1405 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1406 if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1407 *preasons &= dp->dp_reasons; 1408 return 1; 1409 } 1410 } 1411 } 1412 if ((!crl->idp || !crl->idp->distpoint) 1413 && (crl_score & CRL_SCORE_ISSUER_NAME)) 1414 return 1; 1415 return 0; 1416} 1417 1418/* 1419 * Retrieve CRL corresponding to current certificate. If deltas enabled try 1420 * to find a delta CRL too 1421 */ 1422 1423static int get_crl_delta(X509_STORE_CTX *ctx, 1424 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1425{ 1426 int ok; 1427 X509 *issuer = NULL; 1428 int crl_score = 0; 1429 unsigned int reasons; 1430 X509_CRL *crl = NULL, *dcrl = NULL; 1431 STACK_OF(X509_CRL) *skcrl; 1432 X509_NAME *nm = X509_get_issuer_name(x); 1433 reasons = ctx->current_reasons; 1434 ok = get_crl_sk(ctx, &crl, &dcrl, 1435 &issuer, &crl_score, &reasons, ctx->crls); 1436 1437 if (ok) 1438 goto done; 1439 1440 /* Lookup CRLs from store */ 1441 1442 skcrl = ctx->lookup_crls(ctx, nm); 1443 1444 /* If no CRLs found and a near match from get_crl_sk use that */ 1445 if (!skcrl && crl) 1446 goto done; 1447 1448 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1449 1450 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1451 1452 done: 1453 1454 /* If we got any kind of CRL use it and return success */ 1455 if (crl) { 1456 ctx->current_issuer = issuer; 1457 ctx->current_crl_score = crl_score; 1458 ctx->current_reasons = reasons; 1459 *pcrl = crl; 1460 *pdcrl = dcrl; 1461 return 1; 1462 } 1463 1464 return 0; 1465} 1466 1467/* Check CRL validity */ 1468static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1469{ 1470 X509 *issuer = NULL; 1471 EVP_PKEY *ikey = NULL; 1472 int ok = 0, chnum, cnum; 1473 cnum = ctx->error_depth; 1474 chnum = sk_X509_num(ctx->chain) - 1; 1475 /* if we have an alternative CRL issuer cert use that */ 1476 if (ctx->current_issuer) 1477 issuer = ctx->current_issuer; 1478 1479 /* 1480 * Else find CRL issuer: if not last certificate then issuer is next 1481 * certificate in chain. 1482 */ 1483 else if (cnum < chnum) 1484 issuer = sk_X509_value(ctx->chain, cnum + 1); 1485 else { 1486 issuer = sk_X509_value(ctx->chain, chnum); 1487 /* If not self signed, can't check signature */ 1488 if (!ctx->check_issued(ctx, issuer, issuer)) { 1489 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1490 ok = ctx->verify_cb(0, ctx); 1491 if (!ok) 1492 goto err; 1493 } 1494 } 1495 1496 if (issuer) { 1497 /* 1498 * Skip most tests for deltas because they have already been done 1499 */ 1500 if (!crl->base_crl_number) { 1501 /* Check for cRLSign bit if keyUsage present */ 1502 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1503 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1504 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1505 ok = ctx->verify_cb(0, ctx); 1506 if (!ok) 1507 goto err; 1508 } 1509 1510 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1511 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1512 ok = ctx->verify_cb(0, ctx); 1513 if (!ok) 1514 goto err; 1515 } 1516 1517 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1518 if (check_crl_path(ctx, ctx->current_issuer) <= 0) { 1519 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1520 ok = ctx->verify_cb(0, ctx); 1521 if (!ok) 1522 goto err; 1523 } 1524 } 1525 1526 if (crl->idp_flags & IDP_INVALID) { 1527 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1528 ok = ctx->verify_cb(0, ctx); 1529 if (!ok) 1530 goto err; 1531 } 1532 1533 } 1534 1535 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1536 ok = check_crl_time(ctx, crl, 1); 1537 if (!ok) 1538 goto err; 1539 } 1540 1541 /* Attempt to get issuer certificate public key */ 1542 ikey = X509_get_pubkey(issuer); 1543 1544 if (!ikey) { 1545 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1546 ok = ctx->verify_cb(0, ctx); 1547 if (!ok) 1548 goto err; 1549 } else { 1550 int rv; 1551 rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); 1552 if (rv != X509_V_OK) { 1553 ctx->error = rv; 1554 ok = ctx->verify_cb(0, ctx); 1555 if (!ok) 1556 goto err; 1557 } 1558 /* Verify CRL signature */ 1559 if (X509_CRL_verify(crl, ikey) <= 0) { 1560 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1561 ok = ctx->verify_cb(0, ctx); 1562 if (!ok) 1563 goto err; 1564 } 1565 } 1566 } 1567 1568 ok = 1; 1569 1570 err: 1571 EVP_PKEY_free(ikey); 1572 return ok; 1573} 1574 1575/* Check certificate against CRL */ 1576static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1577{ 1578 int ok; 1579 X509_REVOKED *rev; 1580 /* 1581 * The rules changed for this... previously if a CRL contained unhandled 1582 * critical extensions it could still be used to indicate a certificate 1583 * was revoked. This has since been changed since critical extension can 1584 * change the meaning of CRL entries. 1585 */ 1586 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 1587 && (crl->flags & EXFLAG_CRITICAL)) { 1588 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1589 ok = ctx->verify_cb(0, ctx); 1590 if (!ok) 1591 return 0; 1592 } 1593 /* 1594 * Look for serial number of certificate in CRL If found make sure reason 1595 * is not removeFromCRL. 1596 */ 1597 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1598 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1599 return 2; 1600 ctx->error = X509_V_ERR_CERT_REVOKED; 1601 ok = ctx->verify_cb(0, ctx); 1602 if (!ok) 1603 return 0; 1604 } 1605 1606 return 1; 1607} 1608 1609static int check_policy(X509_STORE_CTX *ctx) 1610{ 1611 int ret; 1612 if (ctx->parent) 1613 return 1; 1614 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1615 ctx->param->policies, ctx->param->flags); 1616 if (ret == 0) { 1617 X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); 1618 return 0; 1619 } 1620 /* Invalid or inconsistent extensions */ 1621 if (ret == -1) { 1622 /* 1623 * Locate certificates with bad extensions and notify callback. 1624 */ 1625 X509 *x; 1626 int i; 1627 for (i = 1; i < sk_X509_num(ctx->chain); i++) { 1628 x = sk_X509_value(ctx->chain, i); 1629 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1630 continue; 1631 ctx->current_cert = x; 1632 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1633 if (!ctx->verify_cb(0, ctx)) 1634 return 0; 1635 } 1636 return 1; 1637 } 1638 if (ret == -2) { 1639 ctx->current_cert = NULL; 1640 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1641 return ctx->verify_cb(0, ctx); 1642 } 1643 1644 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1645 ctx->current_cert = NULL; 1646 ctx->error = X509_V_OK; 1647 if (!ctx->verify_cb(2, ctx)) 1648 return 0; 1649 } 1650 1651 return 1; 1652} 1653 1654static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) 1655{ 1656 time_t *ptime; 1657 int i; 1658 1659 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1660 ptime = &ctx->param->check_time; 1661 else 1662 ptime = NULL; 1663 1664 i = X509_cmp_time(X509_get_notBefore(x), ptime); 1665 if (i == 0) { 1666 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; 1667 ctx->current_cert = x; 1668 if (!ctx->verify_cb(0, ctx)) 1669 return 0; 1670 } 1671 1672 if (i > 0) { 1673 ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; 1674 ctx->current_cert = x; 1675 if (!ctx->verify_cb(0, ctx)) 1676 return 0; 1677 } 1678 1679 i = X509_cmp_time(X509_get_notAfter(x), ptime); 1680 if (i == 0) { 1681 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; 1682 ctx->current_cert = x; 1683 if (!ctx->verify_cb(0, ctx)) 1684 return 0; 1685 } 1686 1687 if (i < 0) { 1688 ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; 1689 ctx->current_cert = x; 1690 if (!ctx->verify_cb(0, ctx)) 1691 return 0; 1692 } 1693 1694 return 1; 1695} 1696 1697static int internal_verify(X509_STORE_CTX *ctx) 1698{ 1699 int ok = 0, n; 1700 X509 *xs, *xi; 1701 EVP_PKEY *pkey = NULL; 1702 int (*cb) (int xok, X509_STORE_CTX *xctx); 1703 1704 cb = ctx->verify_cb; 1705 1706 n = sk_X509_num(ctx->chain); 1707 ctx->error_depth = n - 1; 1708 n--; 1709 xi = sk_X509_value(ctx->chain, n); 1710 1711 if (ctx->check_issued(ctx, xi, xi)) 1712 xs = xi; 1713 else { 1714 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1715 xs = xi; 1716 goto check_cert; 1717 } 1718 if (n <= 0) { 1719 ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; 1720 ctx->current_cert = xi; 1721 ok = cb(0, ctx); 1722 goto end; 1723 } else { 1724 n--; 1725 ctx->error_depth = n; 1726 xs = sk_X509_value(ctx->chain, n); 1727 } 1728 } 1729 1730/* ctx->error=0; not needed */ 1731 while (n >= 0) { 1732 ctx->error_depth = n; 1733 1734 /* 1735 * Skip signature check for self signed certificates unless 1736 * explicitly asked for. It doesn't add any security and just wastes 1737 * time. 1738 */ 1739 if (!xs->valid 1740 && (xs != xi 1741 || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { 1742 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1743 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1744 ctx->current_cert = xi; 1745 ok = (*cb) (0, ctx); 1746 if (!ok) 1747 goto end; 1748 } else if (X509_verify(xs, pkey) <= 0) { 1749 ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; 1750 ctx->current_cert = xs; 1751 ok = (*cb) (0, ctx); 1752 if (!ok) { 1753 EVP_PKEY_free(pkey); 1754 goto end; 1755 } 1756 } 1757 EVP_PKEY_free(pkey); 1758 pkey = NULL; 1759 } 1760 1761 xs->valid = 1; 1762 1763 check_cert: 1764 ok = check_cert_time(ctx, xs); 1765 if (!ok) 1766 goto end; 1767 1768 /* The last error (if any) is still in the error value */ 1769 ctx->current_issuer = xi; 1770 ctx->current_cert = xs; 1771 ok = (*cb) (1, ctx); 1772 if (!ok) 1773 goto end; 1774 1775 n--; 1776 if (n >= 0) { 1777 xi = xs; 1778 xs = sk_X509_value(ctx->chain, n); 1779 } 1780 } 1781 ok = 1; 1782 end: 1783 return ok; 1784} 1785 1786int X509_cmp_current_time(const ASN1_TIME *ctm) 1787{ 1788 return X509_cmp_time(ctm, NULL); 1789} 1790 1791int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 1792{ 1793 char *str; 1794 ASN1_TIME atm; 1795 long offset; 1796 char buff1[24], buff2[24], *p; 1797 int i, j, remaining; 1798 1799 p = buff1; 1800 remaining = ctm->length; 1801 str = (char *)ctm->data; 1802 /* 1803 * Note that the following (historical) code allows much more slack in the 1804 * time format than RFC5280. In RFC5280, the representation is fixed: 1805 * UTCTime: YYMMDDHHMMSSZ 1806 * GeneralizedTime: YYYYMMDDHHMMSSZ 1807 */ 1808 if (ctm->type == V_ASN1_UTCTIME) { 1809 /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ 1810 int min_length = sizeof("YYMMDDHHMMZ") - 1; 1811 int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; 1812 if (remaining < min_length || remaining > max_length) 1813 return 0; 1814 memcpy(p, str, 10); 1815 p += 10; 1816 str += 10; 1817 remaining -= 10; 1818 } else { 1819 /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ 1820 int min_length = sizeof("YYYYMMDDHHMMZ") - 1; 1821 int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; 1822 if (remaining < min_length || remaining > max_length) 1823 return 0; 1824 memcpy(p, str, 12); 1825 p += 12; 1826 str += 12; 1827 remaining -= 12; 1828 } 1829 1830 if ((*str == 'Z') || (*str == '-') || (*str == '+')) { 1831 *(p++) = '0'; 1832 *(p++) = '0'; 1833 } else { 1834 /* SS (seconds) */ 1835 if (remaining < 2) 1836 return 0; 1837 *(p++) = *(str++); 1838 *(p++) = *(str++); 1839 remaining -= 2; 1840 /* 1841 * Skip any (up to three) fractional seconds... 1842 * TODO(emilia): in RFC5280, fractional seconds are forbidden. 1843 * Can we just kill them altogether? 1844 */ 1845 if (remaining && *str == '.') { 1846 str++; 1847 remaining--; 1848 for (i = 0; i < 3 && remaining; i++, str++, remaining--) { 1849 if (*str < '0' || *str > '9') 1850 break; 1851 } 1852 } 1853 1854 } 1855 *(p++) = 'Z'; 1856 *(p++) = '\0'; 1857 1858 /* We now need either a terminating 'Z' or an offset. */ 1859 if (!remaining) 1860 return 0; 1861 if (*str == 'Z') { 1862 if (remaining != 1) 1863 return 0; 1864 offset = 0; 1865 } else { 1866 /* (+-)HHMM */ 1867 if ((*str != '+') && (*str != '-')) 1868 return 0; 1869 /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ 1870 if (remaining != 5) 1871 return 0; 1872 if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || 1873 str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') 1874 return 0; 1875 offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; 1876 offset += (str[3] - '0') * 10 + (str[4] - '0'); 1877 if (*str == '-') 1878 offset = -offset; 1879 } 1880 atm.type = ctm->type; 1881 atm.flags = 0; 1882 atm.length = sizeof(buff2); 1883 atm.data = (unsigned char *)buff2; 1884 1885 if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) 1886 return 0; 1887 1888 if (ctm->type == V_ASN1_UTCTIME) { 1889 i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); 1890 if (i < 50) 1891 i += 100; /* cf. RFC 2459 */ 1892 j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); 1893 if (j < 50) 1894 j += 100; 1895 1896 if (i < j) 1897 return -1; 1898 if (i > j) 1899 return 1; 1900 } 1901 i = strcmp(buff1, buff2); 1902 if (i == 0) /* wait a second then return younger :-) */ 1903 return -1; 1904 else 1905 return i; 1906} 1907 1908ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) 1909{ 1910 return X509_time_adj(s, adj, NULL); 1911} 1912 1913ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) 1914{ 1915 return X509_time_adj_ex(s, 0, offset_sec, in_tm); 1916} 1917 1918ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, 1919 int offset_day, long offset_sec, time_t *in_tm) 1920{ 1921 time_t t; 1922 1923 if (in_tm) 1924 t = *in_tm; 1925 else 1926 time(&t); 1927 1928 if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) { 1929 if (s->type == V_ASN1_UTCTIME) 1930 return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); 1931 if (s->type == V_ASN1_GENERALIZEDTIME) 1932 return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); 1933 } 1934 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 1935} 1936 1937int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) 1938{ 1939 EVP_PKEY *ktmp = NULL, *ktmp2; 1940 int i, j; 1941 1942 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) 1943 return 1; 1944 1945 for (i = 0; i < sk_X509_num(chain); i++) { 1946 ktmp = X509_get_pubkey(sk_X509_value(chain, i)); 1947 if (ktmp == NULL) { 1948 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, 1949 X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 1950 return 0; 1951 } 1952 if (!EVP_PKEY_missing_parameters(ktmp)) 1953 break; 1954 else { 1955 EVP_PKEY_free(ktmp); 1956 ktmp = NULL; 1957 } 1958 } 1959 if (ktmp == NULL) { 1960 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, 1961 X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 1962 return 0; 1963 } 1964 1965 /* first, populate the other certs */ 1966 for (j = i - 1; j >= 0; j--) { 1967 ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); 1968 EVP_PKEY_copy_parameters(ktmp2, ktmp); 1969 EVP_PKEY_free(ktmp2); 1970 } 1971 1972 if (pkey != NULL) 1973 EVP_PKEY_copy_parameters(pkey, ktmp); 1974 EVP_PKEY_free(ktmp); 1975 return 1; 1976} 1977 1978/* Make a delta CRL as the diff between two full CRLs */ 1979 1980X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, 1981 EVP_PKEY *skey, const EVP_MD *md, unsigned int flags) 1982{ 1983 X509_CRL *crl = NULL; 1984 int i; 1985 STACK_OF(X509_REVOKED) *revs = NULL; 1986 /* CRLs can't be delta already */ 1987 if (base->base_crl_number || newer->base_crl_number) { 1988 X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_ALREADY_DELTA); 1989 return NULL; 1990 } 1991 /* Base and new CRL must have a CRL number */ 1992 if (!base->crl_number || !newer->crl_number) { 1993 X509err(X509_F_X509_CRL_DIFF, X509_R_NO_CRL_NUMBER); 1994 return NULL; 1995 } 1996 /* Issuer names must match */ 1997 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) { 1998 X509err(X509_F_X509_CRL_DIFF, X509_R_ISSUER_MISMATCH); 1999 return NULL; 2000 } 2001 /* AKID and IDP must match */ 2002 if (!crl_extension_match(base, newer, NID_authority_key_identifier)) { 2003 X509err(X509_F_X509_CRL_DIFF, X509_R_AKID_MISMATCH); 2004 return NULL; 2005 } 2006 if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) { 2007 X509err(X509_F_X509_CRL_DIFF, X509_R_IDP_MISMATCH); 2008 return NULL; 2009 } 2010 /* Newer CRL number must exceed full CRL number */ 2011 if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) { 2012 X509err(X509_F_X509_CRL_DIFF, X509_R_NEWER_CRL_NOT_NEWER); 2013 return NULL; 2014 } 2015 /* CRLs must verify */ 2016 if (skey && (X509_CRL_verify(base, skey) <= 0 || 2017 X509_CRL_verify(newer, skey) <= 0)) { 2018 X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_VERIFY_FAILURE); 2019 return NULL; 2020 } 2021 /* Create new CRL */ 2022 crl = X509_CRL_new(); 2023 if (!crl || !X509_CRL_set_version(crl, 1)) 2024 goto memerr; 2025 /* Set issuer name */ 2026 if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) 2027 goto memerr; 2028 2029 if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) 2030 goto memerr; 2031 if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) 2032 goto memerr; 2033 2034 /* Set base CRL number: must be critical */ 2035 2036 if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) 2037 goto memerr; 2038 2039 /* 2040 * Copy extensions across from newest CRL to delta: this will set CRL 2041 * number to correct value too. 2042 */ 2043 2044 for (i = 0; i < X509_CRL_get_ext_count(newer); i++) { 2045 X509_EXTENSION *ext; 2046 ext = X509_CRL_get_ext(newer, i); 2047 if (!X509_CRL_add_ext(crl, ext, -1)) 2048 goto memerr; 2049 } 2050 2051 /* Go through revoked entries, copying as needed */ 2052 2053 revs = X509_CRL_get_REVOKED(newer); 2054 2055 for (i = 0; i < sk_X509_REVOKED_num(revs); i++) { 2056 X509_REVOKED *rvn, *rvtmp; 2057 rvn = sk_X509_REVOKED_value(revs, i); 2058 /* 2059 * Add only if not also in base. TODO: need something cleverer here 2060 * for some more complex CRLs covering multiple CAs. 2061 */ 2062 if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) { 2063 rvtmp = X509_REVOKED_dup(rvn); 2064 if (!rvtmp) 2065 goto memerr; 2066 if (!X509_CRL_add0_revoked(crl, rvtmp)) { 2067 X509_REVOKED_free(rvtmp); 2068 goto memerr; 2069 } 2070 } 2071 } 2072 /* TODO: optionally prune deleted entries */ 2073 2074 if (skey && md && !X509_CRL_sign(crl, skey, md)) 2075 goto memerr; 2076 2077 return crl; 2078 2079 memerr: 2080 X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE); 2081 if (crl) 2082 X509_CRL_free(crl); 2083 return NULL; 2084} 2085 2086int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, 2087 CRYPTO_EX_new *new_func, 2088 CRYPTO_EX_dup *dup_func, 2089 CRYPTO_EX_free *free_func) 2090{ 2091 /* 2092 * This function is (usually) called only once, by 2093 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). 2094 */ 2095 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, 2096 new_func, dup_func, free_func); 2097} 2098 2099int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2100{ 2101 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2102} 2103 2104void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2105{ 2106 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2107} 2108 2109int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2110{ 2111 return ctx->error; 2112} 2113 2114void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2115{ 2116 ctx->error = err; 2117} 2118 2119int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2120{ 2121 return ctx->error_depth; 2122} 2123 2124X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2125{ 2126 return ctx->current_cert; 2127} 2128 2129STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2130{ 2131 return ctx->chain; 2132} 2133 2134STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2135{ 2136 if (!ctx->chain) 2137 return NULL; 2138 return X509_chain_up_ref(ctx->chain); 2139} 2140 2141X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2142{ 2143 return ctx->current_issuer; 2144} 2145 2146X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2147{ 2148 return ctx->current_crl; 2149} 2150 2151X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2152{ 2153 return ctx->parent; 2154} 2155 2156void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2157{ 2158 ctx->cert = x; 2159} 2160 2161void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2162{ 2163 ctx->untrusted = sk; 2164} 2165 2166void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2167{ 2168 ctx->crls = sk; 2169} 2170 2171int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2172{ 2173 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2174} 2175 2176int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2177{ 2178 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2179} 2180 2181/* 2182 * This function is used to set the X509_STORE_CTX purpose and trust values. 2183 * This is intended to be used when another structure has its own trust and 2184 * purpose values which (if set) will be inherited by the ctx. If they aren't 2185 * set then we will usually have a default purpose in mind which should then 2186 * be used to set the trust value. An example of this is SSL use: an SSL 2187 * structure will have its own purpose and trust settings which the 2188 * application can set: if they aren't set then we use the default of SSL 2189 * client/server. 2190 */ 2191 2192int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2193 int purpose, int trust) 2194{ 2195 int idx; 2196 /* If purpose not set use default */ 2197 if (!purpose) 2198 purpose = def_purpose; 2199 /* If we have a purpose then check it is valid */ 2200 if (purpose) { 2201 X509_PURPOSE *ptmp; 2202 idx = X509_PURPOSE_get_by_id(purpose); 2203 if (idx == -1) { 2204 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2205 X509_R_UNKNOWN_PURPOSE_ID); 2206 return 0; 2207 } 2208 ptmp = X509_PURPOSE_get0(idx); 2209 if (ptmp->trust == X509_TRUST_DEFAULT) { 2210 idx = X509_PURPOSE_get_by_id(def_purpose); 2211 if (idx == -1) { 2212 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2213 X509_R_UNKNOWN_PURPOSE_ID); 2214 return 0; 2215 } 2216 ptmp = X509_PURPOSE_get0(idx); 2217 } 2218 /* If trust not set then get from purpose default */ 2219 if (!trust) 2220 trust = ptmp->trust; 2221 } 2222 if (trust) { 2223 idx = X509_TRUST_get_by_id(trust); 2224 if (idx == -1) { 2225 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 2226 X509_R_UNKNOWN_TRUST_ID); 2227 return 0; 2228 } 2229 } 2230 2231 if (purpose && !ctx->param->purpose) 2232 ctx->param->purpose = purpose; 2233 if (trust && !ctx->param->trust) 2234 ctx->param->trust = trust; 2235 return 1; 2236} 2237 2238X509_STORE_CTX *X509_STORE_CTX_new(void) 2239{ 2240 X509_STORE_CTX *ctx; 2241 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); 2242 if (!ctx) { 2243 X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); 2244 return NULL; 2245 } 2246 memset(ctx, 0, sizeof(X509_STORE_CTX)); 2247 return ctx; 2248} 2249 2250void X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2251{ 2252 if (!ctx) 2253 return; 2254 X509_STORE_CTX_cleanup(ctx); 2255 OPENSSL_free(ctx); 2256} 2257 2258int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2259 STACK_OF(X509) *chain) 2260{ 2261 int ret = 1; 2262 ctx->ctx = store; 2263 ctx->current_method = 0; 2264 ctx->cert = x509; 2265 ctx->untrusted = chain; 2266 ctx->crls = NULL; 2267 ctx->last_untrusted = 0; 2268 ctx->other_ctx = NULL; 2269 ctx->valid = 0; 2270 ctx->chain = NULL; 2271 ctx->error = 0; 2272 ctx->explicit_policy = 0; 2273 ctx->error_depth = 0; 2274 ctx->current_cert = NULL; 2275 ctx->current_issuer = NULL; 2276 ctx->current_crl = NULL; 2277 ctx->current_crl_score = 0; 2278 ctx->current_reasons = 0; 2279 ctx->tree = NULL; 2280 ctx->parent = NULL; 2281 2282 ctx->param = X509_VERIFY_PARAM_new(); 2283 2284 if (!ctx->param) { 2285 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2286 return 0; 2287 } 2288 2289 /* 2290 * Inherit callbacks and flags from X509_STORE if not set use defaults. 2291 */ 2292 2293 if (store) 2294 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2295 else 2296 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; 2297 2298 if (store) { 2299 ctx->verify_cb = store->verify_cb; 2300 ctx->cleanup = store->cleanup; 2301 } else 2302 ctx->cleanup = 0; 2303 2304 if (ret) 2305 ret = X509_VERIFY_PARAM_inherit(ctx->param, 2306 X509_VERIFY_PARAM_lookup("default")); 2307 2308 if (ret == 0) { 2309 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2310 return 0; 2311 } 2312 2313 if (store && store->check_issued) 2314 ctx->check_issued = store->check_issued; 2315 else 2316 ctx->check_issued = check_issued; 2317 2318 if (store && store->get_issuer) 2319 ctx->get_issuer = store->get_issuer; 2320 else 2321 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2322 2323 if (store && store->verify_cb) 2324 ctx->verify_cb = store->verify_cb; 2325 else 2326 ctx->verify_cb = null_callback; 2327 2328 if (store && store->verify) 2329 ctx->verify = store->verify; 2330 else 2331 ctx->verify = internal_verify; 2332 2333 if (store && store->check_revocation) 2334 ctx->check_revocation = store->check_revocation; 2335 else 2336 ctx->check_revocation = check_revocation; 2337 2338 if (store && store->get_crl) 2339 ctx->get_crl = store->get_crl; 2340 else 2341 ctx->get_crl = NULL; 2342 2343 if (store && store->check_crl) 2344 ctx->check_crl = store->check_crl; 2345 else 2346 ctx->check_crl = check_crl; 2347 2348 if (store && store->cert_crl) 2349 ctx->cert_crl = store->cert_crl; 2350 else 2351 ctx->cert_crl = cert_crl; 2352 2353 if (store && store->lookup_certs) 2354 ctx->lookup_certs = store->lookup_certs; 2355 else 2356 ctx->lookup_certs = X509_STORE_get1_certs; 2357 2358 if (store && store->lookup_crls) 2359 ctx->lookup_crls = store->lookup_crls; 2360 else 2361 ctx->lookup_crls = X509_STORE_get1_crls; 2362 2363 ctx->check_policy = check_policy; 2364 2365 /* 2366 * This memset() can't make any sense anyway, so it's removed. As 2367 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a 2368 * corresponding "new" here and remove this bogus initialisation. 2369 */ 2370 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ 2371 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2372 &(ctx->ex_data))) { 2373 OPENSSL_free(ctx); 2374 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); 2375 return 0; 2376 } 2377 return 1; 2378} 2379 2380/* 2381 * Set alternative lookup method: just a STACK of trusted certificates. This 2382 * avoids X509_STORE nastiness where it isn't needed. 2383 */ 2384 2385void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2386{ 2387 ctx->other_ctx = sk; 2388 ctx->get_issuer = get_issuer_sk; 2389} 2390 2391void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2392{ 2393 if (ctx->cleanup) 2394 ctx->cleanup(ctx); 2395 if (ctx->param != NULL) { 2396 if (ctx->parent == NULL) 2397 X509_VERIFY_PARAM_free(ctx->param); 2398 ctx->param = NULL; 2399 } 2400 if (ctx->tree != NULL) { 2401 X509_policy_tree_free(ctx->tree); 2402 ctx->tree = NULL; 2403 } 2404 if (ctx->chain != NULL) { 2405 sk_X509_pop_free(ctx->chain, X509_free); 2406 ctx->chain = NULL; 2407 } 2408 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); 2409 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2410} 2411 2412void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2413{ 2414 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2415} 2416 2417void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2418{ 2419 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2420} 2421 2422void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, 2423 time_t t) 2424{ 2425 X509_VERIFY_PARAM_set_time(ctx->param, t); 2426} 2427 2428void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2429 int (*verify_cb) (int, X509_STORE_CTX *)) 2430{ 2431 ctx->verify_cb = verify_cb; 2432} 2433 2434X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2435{ 2436 return ctx->tree; 2437} 2438 2439int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2440{ 2441 return ctx->explicit_policy; 2442} 2443 2444int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2445{ 2446 const X509_VERIFY_PARAM *param; 2447 param = X509_VERIFY_PARAM_lookup(name); 2448 if (!param) 2449 return 0; 2450 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2451} 2452 2453X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2454{ 2455 return ctx->param; 2456} 2457 2458void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2459{ 2460 if (ctx->param) 2461 X509_VERIFY_PARAM_free(ctx->param); 2462 ctx->param = param; 2463} 2464 2465IMPLEMENT_STACK_OF(X509) 2466 2467IMPLEMENT_ASN1_SET_OF(X509) 2468 2469IMPLEMENT_STACK_OF(X509_NAME) 2470 2471IMPLEMENT_STACK_OF(X509_ATTRIBUTE) 2472 2473IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) 2474