1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <string.h> 58 #include <time.h> 59 60 #include <openssl/asn1.h> 61 #include <openssl/buf.h> 62 #include <openssl/err.h> 63 #include <openssl/evp.h> 64 #include <openssl/lhash.h> 65 #include <openssl/mem.h> 66 #include <openssl/obj.h> 67 #include <openssl/thread.h> 68 #include <openssl/x509.h> 69 #include <openssl/x509v3.h> 70 71 #include "vpm_int.h" 72 #include "../internal.h" 73 74 75 static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; 76 77 /* CRL score values */ 78 79 /* No unhandled critical extensions */ 80 81 #define CRL_SCORE_NOCRITICAL 0x100 82 83 /* certificate is within CRL scope */ 84 85 #define CRL_SCORE_SCOPE 0x080 86 87 /* CRL times valid */ 88 89 #define CRL_SCORE_TIME 0x040 90 91 /* Issuer name matches certificate */ 92 93 #define CRL_SCORE_ISSUER_NAME 0x020 94 95 /* If this score or above CRL is probably valid */ 96 97 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 98 99 /* CRL issuer is certificate issuer */ 100 101 #define CRL_SCORE_ISSUER_CERT 0x018 102 103 /* CRL issuer is on certificate path */ 104 105 #define CRL_SCORE_SAME_PATH 0x008 106 107 /* CRL issuer matches CRL AKID */ 108 109 #define CRL_SCORE_AKID 0x004 110 111 /* Have a delta CRL with valid times */ 112 113 #define CRL_SCORE_TIME_DELTA 0x002 114 115 static int null_callback(int ok,X509_STORE_CTX *e); 116 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 117 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); 118 static int check_chain_extensions(X509_STORE_CTX *ctx); 119 static int check_name_constraints(X509_STORE_CTX *ctx); 120 static int check_id(X509_STORE_CTX *ctx); 121 static int check_trust(X509_STORE_CTX *ctx); 122 static int check_revocation(X509_STORE_CTX *ctx); 123 static int check_cert(X509_STORE_CTX *ctx); 124 static int check_policy(X509_STORE_CTX *ctx); 125 126 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 127 unsigned int *preasons, 128 X509_CRL *crl, X509 *x); 129 static int get_crl_delta(X509_STORE_CTX *ctx, 130 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 131 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, 132 X509_CRL *base, STACK_OF(X509_CRL) *crls); 133 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, 134 X509 **pissuer, int *pcrl_score); 135 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 136 unsigned int *preasons); 137 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 138 static int check_crl_chain(X509_STORE_CTX *ctx, 139 STACK_OF(X509) *cert_path, 140 STACK_OF(X509) *crl_path); 141 142 static int internal_verify(X509_STORE_CTX *ctx); 143 const char X509_version[]="X.509"; 144 145 146 static int null_callback(int ok, X509_STORE_CTX *e) 147 { 148 return ok; 149 } 150 151 #if 0 152 static int x509_subject_cmp(X509 **a, X509 **b) 153 { 154 return X509_subject_name_cmp(*a,*b); 155 } 156 #endif 157 /* Return 1 is a certificate is self signed */ 158 static int cert_self_signed(X509 *x) 159 { 160 X509_check_purpose(x, -1, 0); 161 if (x->ex_flags & EXFLAG_SS) 162 return 1; 163 else 164 return 0; 165 } 166 167 /* Given a certificate try and find an exact match in the store */ 168 169 static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 170 { 171 STACK_OF(X509) *certs; 172 X509 *xtmp = NULL; 173 size_t i; 174 /* Lookup all certs with matching subject name */ 175 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 176 if (certs == NULL) 177 return NULL; 178 /* Look for exact match */ 179 for (i = 0; i < sk_X509_num(certs); i++) 180 { 181 xtmp = sk_X509_value(certs, i); 182 if (!X509_cmp(xtmp, x)) 183 break; 184 } 185 if (i < sk_X509_num(certs)) 186 X509_up_ref(xtmp); 187 else 188 xtmp = NULL; 189 sk_X509_pop_free(certs, X509_free); 190 return xtmp; 191 } 192 193 int X509_verify_cert(X509_STORE_CTX *ctx) 194 { 195 X509 *x,*xtmp,*chain_ss=NULL; 196 int bad_chain = 0; 197 X509_VERIFY_PARAM *param = ctx->param; 198 int depth,i,ok=0; 199 int num; 200 int (*cb)(int xok,X509_STORE_CTX *xctx); 201 STACK_OF(X509) *sktmp=NULL; 202 if (ctx->cert == NULL) 203 { 204 OPENSSL_PUT_ERROR(X509, X509_verify_cert, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 205 return -1; 206 } 207 208 cb=ctx->verify_cb; 209 210 /* first we make sure the chain we are going to build is 211 * present and that the first entry is in place */ 212 if (ctx->chain == NULL) 213 { 214 if ( ((ctx->chain=sk_X509_new_null()) == NULL) || 215 (!sk_X509_push(ctx->chain,ctx->cert))) 216 { 217 OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); 218 goto end; 219 } 220 X509_up_ref(ctx->cert); 221 ctx->last_untrusted=1; 222 } 223 224 /* We use a temporary STACK so we can chop and hack at it */ 225 if (ctx->untrusted != NULL 226 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) 227 { 228 OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); 229 goto end; 230 } 231 232 num=sk_X509_num(ctx->chain); 233 x=sk_X509_value(ctx->chain,num-1); 234 depth=param->depth; 235 236 237 for (;;) 238 { 239 /* If we have enough, we break */ 240 if (depth < num) break; /* FIXME: If this happens, we should take 241 * note of it and, if appropriate, use the 242 * X509_V_ERR_CERT_CHAIN_TOO_LONG error 243 * code later. 244 */ 245 246 /* If we are self signed, we break */ 247 if (cert_self_signed(x)) 248 break; 249 /* If asked see if we can find issuer in trusted store first */ 250 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) 251 { 252 ok = ctx->get_issuer(&xtmp, ctx, x); 253 if (ok < 0) 254 return ok; 255 /* If successful for now free up cert so it 256 * will be picked up again later. 257 */ 258 if (ok > 0) 259 { 260 X509_free(xtmp); 261 break; 262 } 263 } 264 265 /* If we were passed a cert chain, use it first */ 266 if (ctx->untrusted != NULL) 267 { 268 xtmp=find_issuer(ctx, sktmp,x); 269 if (xtmp != NULL) 270 { 271 if (!sk_X509_push(ctx->chain,xtmp)) 272 { 273 OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); 274 goto end; 275 } 276 CRYPTO_refcount_inc(&xtmp->references); 277 (void)sk_X509_delete_ptr(sktmp,xtmp); 278 ctx->last_untrusted++; 279 x=xtmp; 280 num++; 281 /* reparse the full chain for 282 * the next one */ 283 continue; 284 } 285 } 286 break; 287 } 288 289 /* at this point, chain should contain a list of untrusted 290 * certificates. We now need to add at least one trusted one, 291 * if possible, otherwise we complain. */ 292 293 /* Examine last certificate in chain and see if it 294 * is self signed. 295 */ 296 297 i=sk_X509_num(ctx->chain); 298 x=sk_X509_value(ctx->chain,i-1); 299 if (cert_self_signed(x)) 300 { 301 /* we have a self signed certificate */ 302 if (sk_X509_num(ctx->chain) == 1) 303 { 304 /* We have a single self signed certificate: see if 305 * we can find it in the store. We must have an exact 306 * match to avoid possible impersonation. 307 */ 308 ok = ctx->get_issuer(&xtmp, ctx, x); 309 if ((ok <= 0) || X509_cmp(x, xtmp)) 310 { 311 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 312 ctx->current_cert=x; 313 ctx->error_depth=i-1; 314 if (ok == 1) X509_free(xtmp); 315 bad_chain = 1; 316 ok=cb(0,ctx); 317 if (!ok) goto end; 318 } 319 else 320 { 321 /* We have a match: replace certificate with store version 322 * so we get any trust settings. 323 */ 324 X509_free(x); 325 x = xtmp; 326 (void)sk_X509_set(ctx->chain, i - 1, x); 327 ctx->last_untrusted=0; 328 } 329 } 330 else 331 { 332 /* extract and save self signed certificate for later use */ 333 chain_ss=sk_X509_pop(ctx->chain); 334 ctx->last_untrusted--; 335 num--; 336 x=sk_X509_value(ctx->chain,num-1); 337 } 338 } 339 340 /* We now lookup certs from the certificate store */ 341 for (;;) 342 { 343 /* If we have enough, we break */ 344 if (depth < num) break; 345 346 /* If we are self signed, we break */ 347 if (cert_self_signed(x)) 348 break; 349 350 ok = ctx->get_issuer(&xtmp, ctx, x); 351 352 if (ok < 0) return ok; 353 if (ok == 0) break; 354 355 x = xtmp; 356 if (!sk_X509_push(ctx->chain,x)) 357 { 358 X509_free(xtmp); 359 OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); 360 return 0; 361 } 362 num++; 363 } 364 365 /* we now have our chain, lets check it... */ 366 367 i = check_trust(ctx); 368 369 /* If explicitly rejected error */ 370 if (i == X509_TRUST_REJECTED) 371 goto end; 372 /* If not explicitly trusted then indicate error unless it's 373 * a single self signed certificate in which case we've indicated 374 * an error already and set bad_chain == 1 375 */ 376 if (i != X509_TRUST_TRUSTED && !bad_chain) 377 { 378 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) 379 { 380 if (ctx->last_untrusted >= num) 381 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 382 else 383 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 384 ctx->current_cert=x; 385 } 386 else 387 { 388 389 sk_X509_push(ctx->chain,chain_ss); 390 num++; 391 ctx->last_untrusted=num; 392 ctx->current_cert=chain_ss; 393 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 394 chain_ss=NULL; 395 } 396 397 ctx->error_depth=num-1; 398 bad_chain = 1; 399 ok=cb(0,ctx); 400 if (!ok) goto end; 401 } 402 403 /* We have the chain complete: now we need to check its purpose */ 404 ok = check_chain_extensions(ctx); 405 406 if (!ok) goto end; 407 408 /* Check name constraints */ 409 410 ok = check_name_constraints(ctx); 411 412 if (!ok) goto end; 413 414 ok = check_id(ctx); 415 416 if (!ok) goto end; 417 418 /* Check revocation status: we do this after copying parameters 419 * because they may be needed for CRL signature verification. 420 */ 421 422 ok = ctx->check_revocation(ctx); 423 if(!ok) goto end; 424 425 i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, 426 ctx->param->flags); 427 if (i != X509_V_OK) 428 { 429 ctx->error = i; 430 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); 431 ok = cb(0, ctx); 432 if (!ok) 433 goto end; 434 } 435 436 /* At this point, we have a chain and need to verify it */ 437 if (ctx->verify != NULL) 438 ok=ctx->verify(ctx); 439 else 440 ok=internal_verify(ctx); 441 if(!ok) goto end; 442 443 /* If we get this far evaluate policies */ 444 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 445 ok = ctx->check_policy(ctx); 446 447 end: 448 if (sktmp != NULL) sk_X509_free(sktmp); 449 if (chain_ss != NULL) X509_free(chain_ss); 450 return ok; 451 } 452 453 454 /* Given a STACK_OF(X509) find the issuer of cert (if any) 455 */ 456 457 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) 458 { 459 size_t i; 460 X509 *issuer; 461 for (i = 0; i < sk_X509_num(sk); i++) 462 { 463 issuer = sk_X509_value(sk, i); 464 if (ctx->check_issued(ctx, x, issuer)) 465 return issuer; 466 } 467 return NULL; 468 } 469 470 /* Given a possible certificate and issuer check them */ 471 472 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 473 { 474 int ret; 475 ret = X509_check_issued(issuer, x); 476 if (ret == X509_V_OK) 477 return 1; 478 /* If we haven't asked for issuer errors don't set ctx */ 479 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 480 return 0; 481 482 ctx->error = ret; 483 ctx->current_cert = x; 484 ctx->current_issuer = issuer; 485 return ctx->verify_cb(0, ctx); 486 } 487 488 /* Alternative lookup method: look from a STACK stored in other_ctx */ 489 490 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 491 { 492 *issuer = find_issuer(ctx, ctx->other_ctx, x); 493 if (*issuer) 494 { 495 X509_up_ref(*issuer); 496 return 1; 497 } 498 else 499 return 0; 500 } 501 502 503 /* Check a certificate chains extensions for consistency 504 * with the supplied purpose 505 */ 506 507 static int check_chain_extensions(X509_STORE_CTX *ctx) 508 { 509 int i, ok=0, must_be_ca, plen = 0; 510 X509 *x; 511 int (*cb)(int xok,X509_STORE_CTX *xctx); 512 int proxy_path_length = 0; 513 int purpose; 514 int allow_proxy_certs; 515 cb=ctx->verify_cb; 516 517 /* must_be_ca can have 1 of 3 values: 518 -1: we accept both CA and non-CA certificates, to allow direct 519 use of self-signed certificates (which are marked as CA). 520 0: we only accept non-CA certificates. This is currently not 521 used, but the possibility is present for future extensions. 522 1: we only accept CA certificates. This is currently used for 523 all certificates in the chain except the leaf certificate. 524 */ 525 must_be_ca = -1; 526 527 /* CRL path validation */ 528 if (ctx->parent) 529 { 530 allow_proxy_certs = 0; 531 purpose = X509_PURPOSE_CRL_SIGN; 532 } 533 else 534 { 535 allow_proxy_certs = 536 !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 537 /* A hack to keep people who don't want to modify their 538 software happy */ 539 if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) 540 allow_proxy_certs = 1; 541 purpose = ctx->param->purpose; 542 } 543 544 /* Check all untrusted certificates */ 545 for (i = 0; i < ctx->last_untrusted; i++) 546 { 547 int ret; 548 x = sk_X509_value(ctx->chain, i); 549 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 550 && (x->ex_flags & EXFLAG_CRITICAL)) 551 { 552 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 553 ctx->error_depth = i; 554 ctx->current_cert = x; 555 ok=cb(0,ctx); 556 if (!ok) goto end; 557 } 558 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) 559 { 560 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 561 ctx->error_depth = i; 562 ctx->current_cert = x; 563 ok=cb(0,ctx); 564 if (!ok) goto end; 565 } 566 ret = X509_check_ca(x); 567 switch(must_be_ca) 568 { 569 case -1: 570 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 571 && (ret != 1) && (ret != 0)) 572 { 573 ret = 0; 574 ctx->error = X509_V_ERR_INVALID_CA; 575 } 576 else 577 ret = 1; 578 break; 579 case 0: 580 if (ret != 0) 581 { 582 ret = 0; 583 ctx->error = X509_V_ERR_INVALID_NON_CA; 584 } 585 else 586 ret = 1; 587 break; 588 default: 589 if ((ret == 0) 590 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 591 && (ret != 1))) 592 { 593 ret = 0; 594 ctx->error = X509_V_ERR_INVALID_CA; 595 } 596 else 597 ret = 1; 598 break; 599 } 600 if (ret == 0) 601 { 602 ctx->error_depth = i; 603 ctx->current_cert = x; 604 ok=cb(0,ctx); 605 if (!ok) goto end; 606 } 607 if (ctx->param->purpose > 0) 608 { 609 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 610 if ((ret == 0) 611 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) 612 && (ret != 1))) 613 { 614 ctx->error = X509_V_ERR_INVALID_PURPOSE; 615 ctx->error_depth = i; 616 ctx->current_cert = x; 617 ok=cb(0,ctx); 618 if (!ok) goto end; 619 } 620 } 621 /* Check pathlen if not self issued */ 622 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) 623 && (x->ex_pathlen != -1) 624 && (plen > (x->ex_pathlen + proxy_path_length + 1))) 625 { 626 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 627 ctx->error_depth = i; 628 ctx->current_cert = x; 629 ok=cb(0,ctx); 630 if (!ok) goto end; 631 } 632 /* Increment path length if not self issued */ 633 if (!(x->ex_flags & EXFLAG_SI)) 634 plen++; 635 /* If this certificate is a proxy certificate, the next 636 certificate must be another proxy certificate or a EE 637 certificate. If not, the next certificate must be a 638 CA certificate. */ 639 if (x->ex_flags & EXFLAG_PROXY) 640 { 641 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) 642 { 643 ctx->error = 644 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 645 ctx->error_depth = i; 646 ctx->current_cert = x; 647 ok=cb(0,ctx); 648 if (!ok) goto end; 649 } 650 proxy_path_length++; 651 must_be_ca = 0; 652 } 653 else 654 must_be_ca = 1; 655 } 656 ok = 1; 657 end: 658 return ok; 659 } 660 661 static int check_name_constraints(X509_STORE_CTX *ctx) 662 { 663 X509 *x; 664 int i, j, rv; 665 /* Check name constraints for all certificates */ 666 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) 667 { 668 x = sk_X509_value(ctx->chain, i); 669 /* Ignore self issued certs unless last in chain */ 670 if (i && (x->ex_flags & EXFLAG_SI)) 671 continue; 672 /* Check against constraints for all certificates higher in 673 * chain including trust anchor. Trust anchor not strictly 674 * speaking needed but if it includes constraints it is to be 675 * assumed it expects them to be obeyed. 676 */ 677 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) 678 { 679 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; 680 if (nc) 681 { 682 rv = NAME_CONSTRAINTS_check(x, nc); 683 if (rv != X509_V_OK) 684 { 685 ctx->error = rv; 686 ctx->error_depth = i; 687 ctx->current_cert = x; 688 if (!ctx->verify_cb(0,ctx)) 689 return 0; 690 } 691 } 692 } 693 } 694 return 1; 695 } 696 697 static int check_id_error(X509_STORE_CTX *ctx, int errcode) 698 { 699 ctx->error = errcode; 700 ctx->current_cert = ctx->cert; 701 ctx->error_depth = 0; 702 return ctx->verify_cb(0, ctx); 703 } 704 705 static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 706 { 707 size_t i; 708 size_t n = sk_OPENSSL_STRING_num(id->hosts); 709 char *name; 710 711 for (i = 0; i < n; ++i) 712 { 713 name = sk_OPENSSL_STRING_value(id->hosts, i); 714 if (X509_check_host(x, name, strlen(name), id->hostflags, 715 &id->peername) > 0) 716 return 1; 717 } 718 return n == 0; 719 } 720 721 static int check_id(X509_STORE_CTX *ctx) 722 { 723 X509_VERIFY_PARAM *vpm = ctx->param; 724 X509_VERIFY_PARAM_ID *id = vpm->id; 725 X509 *x = ctx->cert; 726 if (id->hosts && check_hosts(x, id) <= 0) 727 { 728 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 729 return 0; 730 } 731 if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) 732 { 733 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 734 return 0; 735 } 736 if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) 737 { 738 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 739 return 0; 740 } 741 return 1; 742 } 743 744 static int check_trust(X509_STORE_CTX *ctx) 745 { 746 size_t i; 747 int ok; 748 X509 *x = NULL; 749 int (*cb)(int xok,X509_STORE_CTX *xctx); 750 cb=ctx->verify_cb; 751 /* Check all trusted certificates in chain */ 752 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) 753 { 754 x = sk_X509_value(ctx->chain, i); 755 ok = X509_check_trust(x, ctx->param->trust, 0); 756 /* If explicitly trusted return trusted */ 757 if (ok == X509_TRUST_TRUSTED) 758 return X509_TRUST_TRUSTED; 759 /* If explicitly rejected notify callback and reject if 760 * not overridden. 761 */ 762 if (ok == X509_TRUST_REJECTED) 763 { 764 ctx->error_depth = i; 765 ctx->current_cert = x; 766 ctx->error = X509_V_ERR_CERT_REJECTED; 767 ok = cb(0, ctx); 768 if (!ok) 769 return X509_TRUST_REJECTED; 770 } 771 } 772 /* If we accept partial chains and have at least one trusted 773 * certificate return success. 774 */ 775 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) 776 { 777 X509 *mx; 778 if (ctx->last_untrusted < (int) sk_X509_num(ctx->chain)) 779 return X509_TRUST_TRUSTED; 780 x = sk_X509_value(ctx->chain, 0); 781 mx = lookup_cert_match(ctx, x); 782 if (mx) 783 { 784 (void)sk_X509_set(ctx->chain, 0, mx); 785 X509_free(x); 786 ctx->last_untrusted = 0; 787 return X509_TRUST_TRUSTED; 788 } 789 } 790 791 /* If no trusted certs in chain at all return untrusted and 792 * allow standard (no issuer cert) etc errors to be indicated. 793 */ 794 return X509_TRUST_UNTRUSTED; 795 } 796 797 static int check_revocation(X509_STORE_CTX *ctx) 798 { 799 int i, last, ok; 800 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 801 return 1; 802 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 803 last = sk_X509_num(ctx->chain) - 1; 804 else 805 { 806 /* If checking CRL paths this isn't the EE certificate */ 807 if (ctx->parent) 808 return 1; 809 last = 0; 810 } 811 for(i = 0; i <= last; i++) 812 { 813 ctx->error_depth = i; 814 ok = check_cert(ctx); 815 if (!ok) return ok; 816 } 817 return 1; 818 } 819 820 static int check_cert(X509_STORE_CTX *ctx) 821 OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS 822 { 823 X509_CRL *crl = NULL, *dcrl = NULL; 824 X509 *x; 825 int ok, cnum; 826 unsigned int last_reasons; 827 cnum = ctx->error_depth; 828 x = sk_X509_value(ctx->chain, cnum); 829 ctx->current_cert = x; 830 ctx->current_issuer = NULL; 831 ctx->current_crl_score = 0; 832 ctx->current_reasons = 0; 833 while (ctx->current_reasons != CRLDP_ALL_REASONS) 834 { 835 last_reasons = ctx->current_reasons; 836 /* Try to retrieve relevant CRL */ 837 if (ctx->get_crl) 838 ok = ctx->get_crl(ctx, &crl, x); 839 else 840 ok = get_crl_delta(ctx, &crl, &dcrl, x); 841 /* If error looking up CRL, nothing we can do except 842 * notify callback 843 */ 844 if(!ok) 845 { 846 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 847 ok = ctx->verify_cb(0, ctx); 848 goto err; 849 } 850 ctx->current_crl = crl; 851 ok = ctx->check_crl(ctx, crl); 852 if (!ok) 853 goto err; 854 855 if (dcrl) 856 { 857 ok = ctx->check_crl(ctx, dcrl); 858 if (!ok) 859 goto err; 860 ok = ctx->cert_crl(ctx, dcrl, x); 861 if (!ok) 862 goto err; 863 } 864 else 865 ok = 1; 866 867 /* Don't look in full CRL if delta reason is removefromCRL */ 868 if (ok != 2) 869 { 870 ok = ctx->cert_crl(ctx, crl, x); 871 if (!ok) 872 goto err; 873 } 874 875 X509_CRL_free(crl); 876 X509_CRL_free(dcrl); 877 crl = NULL; 878 dcrl = NULL; 879 /* If reasons not updated we wont get anywhere by 880 * another iteration, so exit loop. 881 */ 882 if (last_reasons == ctx->current_reasons) 883 { 884 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 885 ok = ctx->verify_cb(0, ctx); 886 goto err; 887 } 888 } 889 err: 890 X509_CRL_free(crl); 891 X509_CRL_free(dcrl); 892 893 ctx->current_crl = NULL; 894 return ok; 895 896 } 897 898 /* Check CRL times against values in X509_STORE_CTX */ 899 900 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 901 { 902 time_t *ptime; 903 int i; 904 if (notify) 905 ctx->current_crl = crl; 906 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 907 ptime = &ctx->param->check_time; 908 else 909 ptime = NULL; 910 911 i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 912 if (i == 0) 913 { 914 if (!notify) 915 return 0; 916 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 917 if (!ctx->verify_cb(0, ctx)) 918 return 0; 919 } 920 921 if (i > 0) 922 { 923 if (!notify) 924 return 0; 925 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; 926 if (!ctx->verify_cb(0, ctx)) 927 return 0; 928 } 929 930 if(X509_CRL_get_nextUpdate(crl)) 931 { 932 i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 933 934 if (i == 0) 935 { 936 if (!notify) 937 return 0; 938 ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 939 if (!ctx->verify_cb(0, ctx)) 940 return 0; 941 } 942 /* Ignore expiry of base CRL is delta is valid */ 943 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) 944 { 945 if (!notify) 946 return 0; 947 ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; 948 if (!ctx->verify_cb(0, ctx)) 949 return 0; 950 } 951 } 952 953 if (notify) 954 ctx->current_crl = NULL; 955 956 return 1; 957 } 958 959 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 960 X509 **pissuer, int *pscore, unsigned int *preasons, 961 STACK_OF(X509_CRL) *crls) 962 { 963 int crl_score, best_score = *pscore; 964 size_t i; 965 unsigned int reasons, best_reasons = 0; 966 X509 *x = ctx->current_cert; 967 X509_CRL *crl, *best_crl = NULL; 968 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 969 970 for (i = 0; i < sk_X509_CRL_num(crls); i++) 971 { 972 crl = sk_X509_CRL_value(crls, i); 973 reasons = *preasons; 974 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 975 976 if (crl_score > best_score) 977 { 978 best_crl = crl; 979 best_crl_issuer = crl_issuer; 980 best_score = crl_score; 981 best_reasons = reasons; 982 } 983 } 984 985 if (best_crl) 986 { 987 if (*pcrl) 988 X509_CRL_free(*pcrl); 989 *pcrl = best_crl; 990 *pissuer = best_crl_issuer; 991 *pscore = best_score; 992 *preasons = best_reasons; 993 CRYPTO_refcount_inc(&best_crl->references); 994 if (*pdcrl) 995 { 996 X509_CRL_free(*pdcrl); 997 *pdcrl = NULL; 998 } 999 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1000 } 1001 1002 if (best_score >= CRL_SCORE_VALID) 1003 return 1; 1004 1005 return 0; 1006 } 1007 1008 /* Compare two CRL extensions for delta checking purposes. They should be 1009 * both present or both absent. If both present all fields must be identical. 1010 */ 1011 1012 static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1013 { 1014 ASN1_OCTET_STRING *exta, *extb; 1015 int i; 1016 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1017 if (i >= 0) 1018 { 1019 /* Can't have multiple occurrences */ 1020 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1021 return 0; 1022 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1023 } 1024 else 1025 exta = NULL; 1026 1027 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1028 1029 if (i >= 0) 1030 { 1031 1032 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1033 return 0; 1034 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1035 } 1036 else 1037 extb = NULL; 1038 1039 if (!exta && !extb) 1040 return 1; 1041 1042 if (!exta || !extb) 1043 return 0; 1044 1045 1046 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1047 return 0; 1048 1049 return 1; 1050 } 1051 1052 /* See if a base and delta are compatible */ 1053 1054 static int check_delta_base(X509_CRL *delta, X509_CRL *base) 1055 { 1056 /* Delta CRL must be a delta */ 1057 if (!delta->base_crl_number) 1058 return 0; 1059 /* Base must have a CRL number */ 1060 if (!base->crl_number) 1061 return 0; 1062 /* Issuer names must match */ 1063 if (X509_NAME_cmp(X509_CRL_get_issuer(base), 1064 X509_CRL_get_issuer(delta))) 1065 return 0; 1066 /* AKID and IDP must match */ 1067 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1068 return 0; 1069 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1070 return 0; 1071 /* Delta CRL base number must not exceed Full CRL number. */ 1072 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1073 return 0; 1074 /* Delta CRL number must exceed full CRL number */ 1075 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1076 return 1; 1077 return 0; 1078 } 1079 1080 /* For a given base CRL find a delta... maybe extend to delta scoring 1081 * or retrieve a chain of deltas... 1082 */ 1083 1084 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, 1085 X509_CRL *base, STACK_OF(X509_CRL) *crls) 1086 { 1087 X509_CRL *delta; 1088 size_t i; 1089 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1090 return; 1091 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1092 return; 1093 for (i = 0; i < sk_X509_CRL_num(crls); i++) 1094 { 1095 delta = sk_X509_CRL_value(crls, i); 1096 if (check_delta_base(delta, base)) 1097 { 1098 if (check_crl_time(ctx, delta, 0)) 1099 *pscore |= CRL_SCORE_TIME_DELTA; 1100 CRYPTO_refcount_inc(&delta->references); 1101 *dcrl = delta; 1102 return; 1103 } 1104 } 1105 *dcrl = NULL; 1106 } 1107 1108 /* For a given CRL return how suitable it is for the supplied certificate 'x'. 1109 * The return value is a mask of several criteria. 1110 * If the issuer is not the certificate issuer this is returned in *pissuer. 1111 * The reasons mask is also used to determine if the CRL is suitable: if 1112 * no new reasons the CRL is rejected, otherwise reasons is updated. 1113 */ 1114 1115 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 1116 unsigned int *preasons, 1117 X509_CRL *crl, X509 *x) 1118 { 1119 1120 int crl_score = 0; 1121 unsigned int tmp_reasons = *preasons, crl_reasons; 1122 1123 /* First see if we can reject CRL straight away */ 1124 1125 /* Invalid IDP cannot be processed */ 1126 if (crl->idp_flags & IDP_INVALID) 1127 return 0; 1128 /* Reason codes or indirect CRLs need extended CRL support */ 1129 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1130 { 1131 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1132 return 0; 1133 } 1134 else if (crl->idp_flags & IDP_REASONS) 1135 { 1136 /* If no new reasons reject */ 1137 if (!(crl->idp_reasons & ~tmp_reasons)) 1138 return 0; 1139 } 1140 /* Don't process deltas at this stage */ 1141 else if (crl->base_crl_number) 1142 return 0; 1143 /* If issuer name doesn't match certificate need indirect CRL */ 1144 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) 1145 { 1146 if (!(crl->idp_flags & IDP_INDIRECT)) 1147 return 0; 1148 } 1149 else 1150 crl_score |= CRL_SCORE_ISSUER_NAME; 1151 1152 if (!(crl->flags & EXFLAG_CRITICAL)) 1153 crl_score |= CRL_SCORE_NOCRITICAL; 1154 1155 /* Check expiry */ 1156 if (check_crl_time(ctx, crl, 0)) 1157 crl_score |= CRL_SCORE_TIME; 1158 1159 /* Check authority key ID and locate certificate issuer */ 1160 crl_akid_check(ctx, crl, pissuer, &crl_score); 1161 1162 /* If we can't locate certificate issuer at this point forget it */ 1163 1164 if (!(crl_score & CRL_SCORE_AKID)) 1165 return 0; 1166 1167 /* Check cert for matching CRL distribution points */ 1168 1169 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) 1170 { 1171 /* If no new reasons reject */ 1172 if (!(crl_reasons & ~tmp_reasons)) 1173 return 0; 1174 tmp_reasons |= crl_reasons; 1175 crl_score |= CRL_SCORE_SCOPE; 1176 } 1177 1178 *preasons = tmp_reasons; 1179 1180 return crl_score; 1181 1182 } 1183 1184 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, 1185 X509 **pissuer, int *pcrl_score) 1186 { 1187 X509 *crl_issuer = NULL; 1188 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1189 int cidx = ctx->error_depth; 1190 size_t i; 1191 1192 if (cidx != sk_X509_num(ctx->chain) - 1) 1193 cidx++; 1194 1195 crl_issuer = sk_X509_value(ctx->chain, cidx); 1196 1197 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) 1198 { 1199 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) 1200 { 1201 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; 1202 *pissuer = crl_issuer; 1203 return; 1204 } 1205 } 1206 1207 for (cidx++; cidx < (int) sk_X509_num(ctx->chain); cidx++) 1208 { 1209 crl_issuer = sk_X509_value(ctx->chain, cidx); 1210 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1211 continue; 1212 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) 1213 { 1214 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; 1215 *pissuer = crl_issuer; 1216 return; 1217 } 1218 } 1219 1220 /* Anything else needs extended CRL support */ 1221 1222 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1223 return; 1224 1225 /* Otherwise the CRL issuer is not on the path. Look for it in the 1226 * set of untrusted certificates. 1227 */ 1228 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) 1229 { 1230 crl_issuer = sk_X509_value(ctx->untrusted, i); 1231 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1232 continue; 1233 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) 1234 { 1235 *pissuer = crl_issuer; 1236 *pcrl_score |= CRL_SCORE_AKID; 1237 return; 1238 } 1239 } 1240 } 1241 1242 /* Check the path of a CRL issuer certificate. This creates a new 1243 * X509_STORE_CTX and populates it with most of the parameters from the 1244 * parent. This could be optimised somewhat since a lot of path checking 1245 * will be duplicated by the parent, but this will rarely be used in 1246 * practice. 1247 */ 1248 1249 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1250 { 1251 X509_STORE_CTX crl_ctx; 1252 int ret; 1253 /* Don't allow recursive CRL path validation */ 1254 if (ctx->parent) 1255 return 0; 1256 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) 1257 return -1; 1258 1259 crl_ctx.crls = ctx->crls; 1260 /* Copy verify params across */ 1261 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1262 1263 crl_ctx.parent = ctx; 1264 crl_ctx.verify_cb = ctx->verify_cb; 1265 1266 /* Verify CRL issuer */ 1267 ret = X509_verify_cert(&crl_ctx); 1268 1269 if (ret <= 0) 1270 goto err; 1271 1272 /* Check chain is acceptable */ 1273 1274 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1275 err: 1276 X509_STORE_CTX_cleanup(&crl_ctx); 1277 return ret; 1278 } 1279 1280 /* RFC3280 says nothing about the relationship between CRL path 1281 * and certificate path, which could lead to situations where a 1282 * certificate could be revoked or validated by a CA not authorised 1283 * to do so. RFC5280 is more strict and states that the two paths must 1284 * end in the same trust anchor, though some discussions remain... 1285 * until this is resolved we use the RFC5280 version 1286 */ 1287 1288 static int check_crl_chain(X509_STORE_CTX *ctx, 1289 STACK_OF(X509) *cert_path, 1290 STACK_OF(X509) *crl_path) 1291 { 1292 X509 *cert_ta, *crl_ta; 1293 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1294 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1295 if (!X509_cmp(cert_ta, crl_ta)) 1296 return 1; 1297 return 0; 1298 } 1299 1300 /* Check for match between two dist point names: three separate cases. 1301 * 1. Both are relative names and compare X509_NAME types. 1302 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1303 * 3. Both are full names and compare two GENERAL_NAMES. 1304 * 4. One is NULL: automatic match. 1305 */ 1306 1307 1308 static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1309 { 1310 X509_NAME *nm = NULL; 1311 GENERAL_NAMES *gens = NULL; 1312 GENERAL_NAME *gena, *genb; 1313 size_t i, j; 1314 if (!a || !b) 1315 return 1; 1316 if (a->type == 1) 1317 { 1318 if (!a->dpname) 1319 return 0; 1320 /* Case 1: two X509_NAME */ 1321 if (b->type == 1) 1322 { 1323 if (!b->dpname) 1324 return 0; 1325 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1326 return 1; 1327 else 1328 return 0; 1329 } 1330 /* Case 2: set name and GENERAL_NAMES appropriately */ 1331 nm = a->dpname; 1332 gens = b->name.fullname; 1333 } 1334 else if (b->type == 1) 1335 { 1336 if (!b->dpname) 1337 return 0; 1338 /* Case 2: set name and GENERAL_NAMES appropriately */ 1339 gens = a->name.fullname; 1340 nm = b->dpname; 1341 } 1342 1343 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1344 if (nm) 1345 { 1346 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) 1347 { 1348 gena = sk_GENERAL_NAME_value(gens, i); 1349 if (gena->type != GEN_DIRNAME) 1350 continue; 1351 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1352 return 1; 1353 } 1354 return 0; 1355 } 1356 1357 /* Else case 3: two GENERAL_NAMES */ 1358 1359 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) 1360 { 1361 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1362 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) 1363 { 1364 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1365 if (!GENERAL_NAME_cmp(gena, genb)) 1366 return 1; 1367 } 1368 } 1369 1370 return 0; 1371 1372 } 1373 1374 static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1375 { 1376 size_t i; 1377 X509_NAME *nm = X509_CRL_get_issuer(crl); 1378 /* If no CRLissuer return is successful iff don't need a match */ 1379 if (!dp->CRLissuer) 1380 return !!(crl_score & CRL_SCORE_ISSUER_NAME); 1381 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) 1382 { 1383 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1384 if (gen->type != GEN_DIRNAME) 1385 continue; 1386 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1387 return 1; 1388 } 1389 return 0; 1390 } 1391 1392 /* Check CRLDP and IDP */ 1393 1394 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 1395 unsigned int *preasons) 1396 { 1397 size_t i; 1398 if (crl->idp_flags & IDP_ONLYATTR) 1399 return 0; 1400 if (x->ex_flags & EXFLAG_CA) 1401 { 1402 if (crl->idp_flags & IDP_ONLYUSER) 1403 return 0; 1404 } 1405 else 1406 { 1407 if (crl->idp_flags & IDP_ONLYCA) 1408 return 0; 1409 } 1410 *preasons = crl->idp_reasons; 1411 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) 1412 { 1413 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1414 if (crldp_check_crlissuer(dp, crl, crl_score)) 1415 { 1416 if (!crl->idp || 1417 idp_check_dp(dp->distpoint, crl->idp->distpoint)) 1418 { 1419 *preasons &= dp->dp_reasons; 1420 return 1; 1421 } 1422 } 1423 } 1424 if ((!crl->idp || !crl->idp->distpoint) && (crl_score & CRL_SCORE_ISSUER_NAME)) 1425 return 1; 1426 return 0; 1427 } 1428 1429 /* Retrieve CRL corresponding to current certificate. 1430 * If deltas enabled try to find a delta CRL too 1431 */ 1432 1433 static int get_crl_delta(X509_STORE_CTX *ctx, 1434 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1435 { 1436 int ok; 1437 X509 *issuer = NULL; 1438 int crl_score = 0; 1439 unsigned int reasons; 1440 X509_CRL *crl = NULL, *dcrl = NULL; 1441 STACK_OF(X509_CRL) *skcrl; 1442 X509_NAME *nm = X509_get_issuer_name(x); 1443 reasons = ctx->current_reasons; 1444 ok = get_crl_sk(ctx, &crl, &dcrl, 1445 &issuer, &crl_score, &reasons, ctx->crls); 1446 1447 if (ok) 1448 goto done; 1449 1450 /* Lookup CRLs from store */ 1451 1452 skcrl = ctx->lookup_crls(ctx, nm); 1453 1454 /* If no CRLs found and a near match from get_crl_sk use that */ 1455 if (!skcrl && crl) 1456 goto done; 1457 1458 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1459 1460 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1461 1462 done: 1463 1464 /* If we got any kind of CRL use it and return success */ 1465 if (crl) 1466 { 1467 ctx->current_issuer = issuer; 1468 ctx->current_crl_score = crl_score; 1469 ctx->current_reasons = reasons; 1470 *pcrl = crl; 1471 *pdcrl = dcrl; 1472 return 1; 1473 } 1474 1475 return 0; 1476 } 1477 1478 /* Check CRL validity */ 1479 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1480 { 1481 X509 *issuer = NULL; 1482 EVP_PKEY *ikey = NULL; 1483 int ok = 0, chnum, cnum; 1484 cnum = ctx->error_depth; 1485 chnum = sk_X509_num(ctx->chain) - 1; 1486 /* if we have an alternative CRL issuer cert use that */ 1487 if (ctx->current_issuer) 1488 issuer = ctx->current_issuer; 1489 1490 /* Else find CRL issuer: if not last certificate then issuer 1491 * is next certificate in chain. 1492 */ 1493 else if (cnum < chnum) 1494 issuer = sk_X509_value(ctx->chain, cnum + 1); 1495 else 1496 { 1497 issuer = sk_X509_value(ctx->chain, chnum); 1498 /* If not self signed, can't check signature */ 1499 if(!ctx->check_issued(ctx, issuer, issuer)) 1500 { 1501 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1502 ok = ctx->verify_cb(0, ctx); 1503 if(!ok) goto err; 1504 } 1505 } 1506 1507 if(issuer) 1508 { 1509 /* Skip most tests for deltas because they have already 1510 * been done 1511 */ 1512 if (!crl->base_crl_number) 1513 { 1514 /* Check for cRLSign bit if keyUsage present */ 1515 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1516 !(issuer->ex_kusage & KU_CRL_SIGN)) 1517 { 1518 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1519 ok = ctx->verify_cb(0, ctx); 1520 if(!ok) goto err; 1521 } 1522 1523 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) 1524 { 1525 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1526 ok = ctx->verify_cb(0, ctx); 1527 if(!ok) goto err; 1528 } 1529 1530 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) 1531 { 1532 if (check_crl_path(ctx, ctx->current_issuer) <= 0) 1533 { 1534 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1535 ok = ctx->verify_cb(0, ctx); 1536 if(!ok) goto err; 1537 } 1538 } 1539 1540 if (crl->idp_flags & IDP_INVALID) 1541 { 1542 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1543 ok = ctx->verify_cb(0, ctx); 1544 if(!ok) goto err; 1545 } 1546 1547 1548 } 1549 1550 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) 1551 { 1552 ok = check_crl_time(ctx, crl, 1); 1553 if (!ok) 1554 goto err; 1555 } 1556 1557 /* Attempt to get issuer certificate public key */ 1558 ikey = X509_get_pubkey(issuer); 1559 1560 if(!ikey) 1561 { 1562 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1563 ok = ctx->verify_cb(0, ctx); 1564 if (!ok) goto err; 1565 } 1566 else 1567 { 1568 int rv; 1569 rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); 1570 if (rv != X509_V_OK) 1571 { 1572 ctx->error=rv; 1573 ok = ctx->verify_cb(0, ctx); 1574 if (!ok) 1575 goto err; 1576 } 1577 /* Verify CRL signature */ 1578 if(X509_CRL_verify(crl, ikey) <= 0) 1579 { 1580 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; 1581 ok = ctx->verify_cb(0, ctx); 1582 if (!ok) goto err; 1583 } 1584 } 1585 } 1586 1587 ok = 1; 1588 1589 err: 1590 EVP_PKEY_free(ikey); 1591 return ok; 1592 } 1593 1594 /* Check certificate against CRL */ 1595 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1596 { 1597 int ok; 1598 X509_REVOKED *rev; 1599 /* The rules changed for this... previously if a CRL contained 1600 * unhandled critical extensions it could still be used to indicate 1601 * a certificate was revoked. This has since been changed since 1602 * critical extension can change the meaning of CRL entries. 1603 */ 1604 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 1605 && (crl->flags & EXFLAG_CRITICAL)) 1606 { 1607 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1608 ok = ctx->verify_cb(0, ctx); 1609 if(!ok) 1610 return 0; 1611 } 1612 /* Look for serial number of certificate in CRL 1613 * If found make sure reason is not removeFromCRL. 1614 */ 1615 if (X509_CRL_get0_by_cert(crl, &rev, x)) 1616 { 1617 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1618 return 2; 1619 ctx->error = X509_V_ERR_CERT_REVOKED; 1620 ok = ctx->verify_cb(0, ctx); 1621 if (!ok) 1622 return 0; 1623 } 1624 1625 return 1; 1626 } 1627 1628 static int check_policy(X509_STORE_CTX *ctx) 1629 { 1630 int ret; 1631 if (ctx->parent) 1632 return 1; 1633 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1634 ctx->param->policies, ctx->param->flags); 1635 if (ret == 0) 1636 { 1637 OPENSSL_PUT_ERROR(X509, check_policy, ERR_R_MALLOC_FAILURE); 1638 return 0; 1639 } 1640 /* Invalid or inconsistent extensions */ 1641 if (ret == -1) 1642 { 1643 /* Locate certificates with bad extensions and notify 1644 * callback. 1645 */ 1646 X509 *x; 1647 size_t i; 1648 for (i = 1; i < sk_X509_num(ctx->chain); i++) 1649 { 1650 x = sk_X509_value(ctx->chain, i); 1651 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1652 continue; 1653 ctx->current_cert = x; 1654 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1655 if(!ctx->verify_cb(0, ctx)) 1656 return 0; 1657 } 1658 return 1; 1659 } 1660 if (ret == -2) 1661 { 1662 ctx->current_cert = NULL; 1663 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1664 return ctx->verify_cb(0, ctx); 1665 } 1666 1667 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) 1668 { 1669 ctx->current_cert = NULL; 1670 ctx->error = X509_V_OK; 1671 if (!ctx->verify_cb(2, ctx)) 1672 return 0; 1673 } 1674 1675 return 1; 1676 } 1677 1678 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) 1679 { 1680 time_t *ptime; 1681 int i; 1682 1683 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1684 ptime = &ctx->param->check_time; 1685 else 1686 ptime = NULL; 1687 1688 i=X509_cmp_time(X509_get_notBefore(x), ptime); 1689 if (i == 0) 1690 { 1691 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; 1692 ctx->current_cert=x; 1693 if (!ctx->verify_cb(0, ctx)) 1694 return 0; 1695 } 1696 1697 if (i > 0) 1698 { 1699 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; 1700 ctx->current_cert=x; 1701 if (!ctx->verify_cb(0, ctx)) 1702 return 0; 1703 } 1704 1705 i=X509_cmp_time(X509_get_notAfter(x), ptime); 1706 if (i == 0) 1707 { 1708 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; 1709 ctx->current_cert=x; 1710 if (!ctx->verify_cb(0, ctx)) 1711 return 0; 1712 } 1713 1714 if (i < 0) 1715 { 1716 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; 1717 ctx->current_cert=x; 1718 if (!ctx->verify_cb(0, ctx)) 1719 return 0; 1720 } 1721 1722 return 1; 1723 } 1724 1725 static int internal_verify(X509_STORE_CTX *ctx) 1726 { 1727 int ok=0,n; 1728 X509 *xs,*xi; 1729 EVP_PKEY *pkey=NULL; 1730 int (*cb)(int xok,X509_STORE_CTX *xctx); 1731 1732 cb=ctx->verify_cb; 1733 1734 n=sk_X509_num(ctx->chain); 1735 ctx->error_depth=n-1; 1736 n--; 1737 xi=sk_X509_value(ctx->chain,n); 1738 1739 if (ctx->check_issued(ctx, xi, xi)) 1740 xs=xi; 1741 else 1742 { 1743 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) 1744 { 1745 xs = xi; 1746 goto check_cert; 1747 } 1748 if (n <= 0) 1749 { 1750 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; 1751 ctx->current_cert=xi; 1752 ok=cb(0,ctx); 1753 goto end; 1754 } 1755 else 1756 { 1757 n--; 1758 ctx->error_depth=n; 1759 xs=sk_X509_value(ctx->chain,n); 1760 } 1761 } 1762 1763 /* ctx->error=0; not needed */ 1764 while (n >= 0) 1765 { 1766 ctx->error_depth=n; 1767 1768 /* Skip signature check for self signed certificates unless 1769 * explicitly asked for. It doesn't add any security and 1770 * just wastes time. 1771 */ 1772 if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) 1773 { 1774 if ((pkey=X509_get_pubkey(xi)) == NULL) 1775 { 1776 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1777 ctx->current_cert=xi; 1778 ok=(*cb)(0,ctx); 1779 if (!ok) goto end; 1780 } 1781 else if (X509_verify(xs,pkey) <= 0) 1782 { 1783 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; 1784 ctx->current_cert=xs; 1785 ok=(*cb)(0,ctx); 1786 if (!ok) 1787 { 1788 EVP_PKEY_free(pkey); 1789 goto end; 1790 } 1791 } 1792 EVP_PKEY_free(pkey); 1793 pkey=NULL; 1794 } 1795 1796 xs->valid = 1; 1797 1798 check_cert: 1799 ok = check_cert_time(ctx, xs); 1800 if (!ok) 1801 goto end; 1802 1803 /* The last error (if any) is still in the error value */ 1804 ctx->current_issuer=xi; 1805 ctx->current_cert=xs; 1806 ok=(*cb)(1,ctx); 1807 if (!ok) goto end; 1808 1809 n--; 1810 if (n >= 0) 1811 { 1812 xi=xs; 1813 xs=sk_X509_value(ctx->chain,n); 1814 } 1815 } 1816 ok=1; 1817 end: 1818 return ok; 1819 } 1820 1821 int X509_cmp_current_time(const ASN1_TIME *ctm) 1822 { 1823 return X509_cmp_time(ctm, NULL); 1824 } 1825 1826 int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 1827 { 1828 char *str; 1829 ASN1_TIME atm; 1830 long offset; 1831 char buff1[24],buff2[24],*p; 1832 int i,j; 1833 1834 p=buff1; 1835 i=ctm->length; 1836 str=(char *)ctm->data; 1837 if (ctm->type == V_ASN1_UTCTIME) 1838 { 1839 if ((i < 11) || (i > 17)) return 0; 1840 memcpy(p,str,10); 1841 p+=10; 1842 str+=10; 1843 } 1844 else 1845 { 1846 if (i < 13) return 0; 1847 memcpy(p,str,12); 1848 p+=12; 1849 str+=12; 1850 } 1851 1852 if ((*str == 'Z') || (*str == '-') || (*str == '+')) 1853 { *(p++)='0'; *(p++)='0'; } 1854 else 1855 { 1856 *(p++)= *(str++); 1857 *(p++)= *(str++); 1858 /* Skip any fractional seconds... */ 1859 if (*str == '.') 1860 { 1861 str++; 1862 while ((*str >= '0') && (*str <= '9')) str++; 1863 } 1864 1865 } 1866 *(p++)='Z'; 1867 *(p++)='\0'; 1868 1869 if (*str == 'Z') 1870 offset=0; 1871 else 1872 { 1873 if ((*str != '+') && (*str != '-')) 1874 return 0; 1875 offset=((str[1]-'0')*10+(str[2]-'0'))*60; 1876 offset+=(str[3]-'0')*10+(str[4]-'0'); 1877 if (*str == '-') 1878 offset= -offset; 1879 } 1880 atm.type=ctm->type; 1881 atm.flags = 0; 1882 atm.length=sizeof(buff2); 1883 atm.data=(unsigned char *)buff2; 1884 1885 if (X509_time_adj(&atm, offset*60, cmp_time) == NULL) 1886 return 0; 1887 1888 if (ctm->type == V_ASN1_UTCTIME) 1889 { 1890 i=(buff1[0]-'0')*10+(buff1[1]-'0'); 1891 if (i < 50) i+=100; /* cf. RFC 2459 */ 1892 j=(buff2[0]-'0')*10+(buff2[1]-'0'); 1893 if (j < 50) j+=100; 1894 1895 if (i < j) return -1; 1896 if (i > j) return 1; 1897 } 1898 i=strcmp(buff1,buff2); 1899 if (i == 0) /* wait a second then return younger :-) */ 1900 return -1; 1901 else 1902 return i; 1903 } 1904 1905 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) 1906 { 1907 return X509_time_adj(s, adj, NULL); 1908 } 1909 1910 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) 1911 { 1912 return X509_time_adj_ex(s, 0, offset_sec, in_tm); 1913 } 1914 1915 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, 1916 int offset_day, long offset_sec, time_t *in_tm) 1917 { 1918 time_t t = 0; 1919 1920 if (in_tm) t = *in_tm; 1921 else time(&t); 1922 1923 if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) 1924 { 1925 if (s->type == V_ASN1_UTCTIME) 1926 return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec); 1927 if (s->type == V_ASN1_GENERALIZEDTIME) 1928 return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, 1929 offset_sec); 1930 } 1931 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 1932 } 1933 1934 /* Make a delta CRL as the diff between two full CRLs */ 1935 1936 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, 1937 EVP_PKEY *skey, const EVP_MD *md, unsigned int flags) 1938 { 1939 X509_CRL *crl = NULL; 1940 int i; 1941 size_t j; 1942 STACK_OF(X509_REVOKED) *revs = NULL; 1943 /* CRLs can't be delta already */ 1944 if (base->base_crl_number || newer->base_crl_number) 1945 { 1946 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_CRL_ALREADY_DELTA); 1947 return NULL; 1948 } 1949 /* Base and new CRL must have a CRL number */ 1950 if (!base->crl_number || !newer->crl_number) 1951 { 1952 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_NO_CRL_NUMBER); 1953 return NULL; 1954 } 1955 /* Issuer names must match */ 1956 if (X509_NAME_cmp(X509_CRL_get_issuer(base), 1957 X509_CRL_get_issuer(newer))) 1958 { 1959 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_ISSUER_MISMATCH); 1960 return NULL; 1961 } 1962 /* AKID and IDP must match */ 1963 if (!crl_extension_match(base, newer, NID_authority_key_identifier)) 1964 { 1965 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_AKID_MISMATCH); 1966 return NULL; 1967 } 1968 if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) 1969 { 1970 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_IDP_MISMATCH); 1971 return NULL; 1972 } 1973 /* Newer CRL number must exceed full CRL number */ 1974 if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) 1975 { 1976 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_NEWER_CRL_NOT_NEWER); 1977 return NULL; 1978 } 1979 /* CRLs must verify */ 1980 if (skey && (X509_CRL_verify(base, skey) <= 0 || 1981 X509_CRL_verify(newer, skey) <= 0)) 1982 { 1983 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_CRL_VERIFY_FAILURE); 1984 return NULL; 1985 } 1986 /* Create new CRL */ 1987 crl = X509_CRL_new(); 1988 if (!crl || !X509_CRL_set_version(crl, 1)) 1989 goto memerr; 1990 /* Set issuer name */ 1991 if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) 1992 goto memerr; 1993 1994 if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) 1995 goto memerr; 1996 if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) 1997 goto memerr; 1998 1999 /* Set base CRL number: must be critical */ 2000 2001 if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) 2002 goto memerr; 2003 2004 /* Copy extensions across from newest CRL to delta: this will set 2005 * CRL number to correct value too. 2006 */ 2007 2008 for (i = 0; i < X509_CRL_get_ext_count(newer); i++) 2009 { 2010 X509_EXTENSION *ext; 2011 ext = X509_CRL_get_ext(newer, i); 2012 if (!X509_CRL_add_ext(crl, ext, -1)) 2013 goto memerr; 2014 } 2015 2016 /* Go through revoked entries, copying as needed */ 2017 2018 revs = X509_CRL_get_REVOKED(newer); 2019 2020 for (j = 0; j < sk_X509_REVOKED_num(revs); j++) 2021 { 2022 X509_REVOKED *rvn, *rvtmp; 2023 rvn = sk_X509_REVOKED_value(revs, j); 2024 /* Add only if not also in base. 2025 * TODO: need something cleverer here for some more complex 2026 * CRLs covering multiple CAs. 2027 */ 2028 if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) 2029 { 2030 rvtmp = X509_REVOKED_dup(rvn); 2031 if (!rvtmp) 2032 goto memerr; 2033 if (!X509_CRL_add0_revoked(crl, rvtmp)) 2034 { 2035 X509_REVOKED_free(rvtmp); 2036 goto memerr; 2037 } 2038 } 2039 } 2040 /* TODO: optionally prune deleted entries */ 2041 2042 if (skey && md && !X509_CRL_sign(crl, skey, md)) 2043 goto memerr; 2044 2045 return crl; 2046 2047 memerr: 2048 OPENSSL_PUT_ERROR(X509, X509_CRL_diff, ERR_R_MALLOC_FAILURE); 2049 if (crl) 2050 X509_CRL_free(crl); 2051 return NULL; 2052 } 2053 2054 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2055 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 2056 { 2057 /* This function is (usually) called only once, by 2058 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ 2059 int index; 2060 if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, 2061 new_func, dup_func, free_func)) 2062 { 2063 return -1; 2064 } 2065 return index; 2066 } 2067 2068 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2069 { 2070 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); 2071 } 2072 2073 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2074 { 2075 return CRYPTO_get_ex_data(&ctx->ex_data,idx); 2076 } 2077 2078 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2079 { 2080 return ctx->error; 2081 } 2082 2083 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2084 { 2085 ctx->error=err; 2086 } 2087 2088 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2089 { 2090 return ctx->error_depth; 2091 } 2092 2093 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2094 { 2095 return ctx->current_cert; 2096 } 2097 2098 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2099 { 2100 return ctx->chain; 2101 } 2102 2103 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2104 { 2105 if (!ctx->chain) 2106 return NULL; 2107 return X509_chain_up_ref(ctx->chain); 2108 } 2109 2110 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2111 { 2112 return ctx->current_issuer; 2113 } 2114 2115 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2116 { 2117 return ctx->current_crl; 2118 } 2119 2120 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2121 { 2122 return ctx->parent; 2123 } 2124 2125 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2126 { 2127 ctx->cert=x; 2128 } 2129 2130 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2131 { 2132 ctx->untrusted=sk; 2133 } 2134 2135 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2136 { 2137 ctx->crls=sk; 2138 } 2139 2140 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2141 { 2142 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2143 } 2144 2145 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2146 { 2147 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2148 } 2149 2150 /* This function is used to set the X509_STORE_CTX purpose and trust 2151 * values. This is intended to be used when another structure has its 2152 * own trust and purpose values which (if set) will be inherited by 2153 * the ctx. If they aren't set then we will usually have a default 2154 * purpose in mind which should then be used to set the trust value. 2155 * An example of this is SSL use: an SSL structure will have its own 2156 * purpose and trust settings which the application can set: if they 2157 * aren't set then we use the default of SSL client/server. 2158 */ 2159 2160 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2161 int purpose, int trust) 2162 { 2163 int idx; 2164 /* If purpose not set use default */ 2165 if (!purpose) purpose = def_purpose; 2166 /* If we have a purpose then check it is valid */ 2167 if (purpose) 2168 { 2169 X509_PURPOSE *ptmp; 2170 idx = X509_PURPOSE_get_by_id(purpose); 2171 if (idx == -1) 2172 { 2173 OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_PURPOSE_ID); 2174 return 0; 2175 } 2176 ptmp = X509_PURPOSE_get0(idx); 2177 if (ptmp->trust == X509_TRUST_DEFAULT) 2178 { 2179 idx = X509_PURPOSE_get_by_id(def_purpose); 2180 if (idx == -1) 2181 { 2182 OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_PURPOSE_ID); 2183 return 0; 2184 } 2185 ptmp = X509_PURPOSE_get0(idx); 2186 } 2187 /* If trust not set then get from purpose default */ 2188 if (!trust) trust = ptmp->trust; 2189 } 2190 if (trust) 2191 { 2192 idx = X509_TRUST_get_by_id(trust); 2193 if (idx == -1) 2194 { 2195 OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_TRUST_ID); 2196 return 0; 2197 } 2198 } 2199 2200 if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; 2201 if (trust && !ctx->param->trust) ctx->param->trust = trust; 2202 return 1; 2203 } 2204 2205 X509_STORE_CTX *X509_STORE_CTX_new(void) 2206 { 2207 X509_STORE_CTX *ctx; 2208 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); 2209 if (!ctx) 2210 { 2211 OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_new, ERR_R_MALLOC_FAILURE); 2212 return NULL; 2213 } 2214 memset(ctx, 0, sizeof(X509_STORE_CTX)); 2215 return ctx; 2216 } 2217 2218 void X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2219 { 2220 X509_STORE_CTX_cleanup(ctx); 2221 OPENSSL_free(ctx); 2222 } 2223 2224 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2225 STACK_OF(X509) *chain) 2226 { 2227 int ret = 1; 2228 int ex_data_allocated = 0; 2229 2230 memset(ctx, 0, sizeof(X509_STORE_CTX)); 2231 ctx->ctx=store; 2232 ctx->cert=x509; 2233 ctx->untrusted=chain; 2234 2235 if(!CRYPTO_new_ex_data(&g_ex_data_class, ctx, 2236 &ctx->ex_data)) 2237 { 2238 goto err; 2239 } 2240 ex_data_allocated = 1; 2241 2242 ctx->param = X509_VERIFY_PARAM_new(); 2243 if (!ctx->param) 2244 goto err; 2245 2246 /* Inherit callbacks and flags from X509_STORE if not set 2247 * use defaults. */ 2248 2249 if (store) 2250 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2251 else 2252 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; 2253 2254 if (store) 2255 { 2256 ctx->verify_cb = store->verify_cb; 2257 ctx->cleanup = store->cleanup; 2258 } 2259 else 2260 ctx->cleanup = 0; 2261 2262 if (ret) 2263 ret = X509_VERIFY_PARAM_inherit(ctx->param, 2264 X509_VERIFY_PARAM_lookup("default")); 2265 2266 if (ret == 0) 2267 goto err; 2268 2269 if (store && store->check_issued) 2270 ctx->check_issued = store->check_issued; 2271 else 2272 ctx->check_issued = check_issued; 2273 2274 if (store && store->get_issuer) 2275 ctx->get_issuer = store->get_issuer; 2276 else 2277 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2278 2279 if (store && store->verify_cb) 2280 ctx->verify_cb = store->verify_cb; 2281 else 2282 ctx->verify_cb = null_callback; 2283 2284 if (store && store->verify) 2285 ctx->verify = store->verify; 2286 else 2287 ctx->verify = internal_verify; 2288 2289 if (store && store->check_revocation) 2290 ctx->check_revocation = store->check_revocation; 2291 else 2292 ctx->check_revocation = check_revocation; 2293 2294 if (store && store->get_crl) 2295 ctx->get_crl = store->get_crl; 2296 else 2297 ctx->get_crl = NULL; 2298 2299 if (store && store->check_crl) 2300 ctx->check_crl = store->check_crl; 2301 else 2302 ctx->check_crl = check_crl; 2303 2304 if (store && store->cert_crl) 2305 ctx->cert_crl = store->cert_crl; 2306 else 2307 ctx->cert_crl = cert_crl; 2308 2309 if (store && store->lookup_certs) 2310 ctx->lookup_certs = store->lookup_certs; 2311 else 2312 ctx->lookup_certs = X509_STORE_get1_certs; 2313 2314 if (store && store->lookup_crls) 2315 ctx->lookup_crls = store->lookup_crls; 2316 else 2317 ctx->lookup_crls = X509_STORE_get1_crls; 2318 2319 ctx->check_policy = check_policy; 2320 2321 return 1; 2322 2323 err: 2324 if (ex_data_allocated) 2325 { 2326 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data); 2327 } 2328 if (ctx->param != NULL) 2329 { 2330 X509_VERIFY_PARAM_free(ctx->param); 2331 } 2332 2333 memset(ctx, 0, sizeof(X509_STORE_CTX)); 2334 OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_init, ERR_R_MALLOC_FAILURE); 2335 return 0; 2336 } 2337 2338 /* Set alternative lookup method: just a STACK of trusted certificates. 2339 * This avoids X509_STORE nastiness where it isn't needed. 2340 */ 2341 2342 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2343 { 2344 ctx->other_ctx = sk; 2345 ctx->get_issuer = get_issuer_sk; 2346 } 2347 2348 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2349 { 2350 if (ctx->cleanup) ctx->cleanup(ctx); 2351 if (ctx->param != NULL) 2352 { 2353 if (ctx->parent == NULL) 2354 X509_VERIFY_PARAM_free(ctx->param); 2355 ctx->param=NULL; 2356 } 2357 if (ctx->tree != NULL) 2358 { 2359 X509_policy_tree_free(ctx->tree); 2360 ctx->tree=NULL; 2361 } 2362 if (ctx->chain != NULL) 2363 { 2364 sk_X509_pop_free(ctx->chain,X509_free); 2365 ctx->chain=NULL; 2366 } 2367 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data)); 2368 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); 2369 } 2370 2371 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2372 { 2373 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2374 } 2375 2376 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2377 { 2378 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2379 } 2380 2381 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) 2382 { 2383 X509_VERIFY_PARAM_set_time(ctx->param, t); 2384 } 2385 2386 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2387 int (*verify_cb)(int, X509_STORE_CTX *)) 2388 { 2389 ctx->verify_cb=verify_cb; 2390 } 2391 2392 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2393 { 2394 return ctx->tree; 2395 } 2396 2397 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2398 { 2399 return ctx->explicit_policy; 2400 } 2401 2402 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2403 { 2404 const X509_VERIFY_PARAM *param; 2405 param = X509_VERIFY_PARAM_lookup(name); 2406 if (!param) 2407 return 0; 2408 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2409 } 2410 2411 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2412 { 2413 return ctx->param; 2414 } 2415 2416 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2417 { 2418 if (ctx->param) 2419 X509_VERIFY_PARAM_free(ctx->param); 2420 ctx->param = param; 2421 } 2422 2423 IMPLEMENT_ASN1_SET_OF(X509) 2424 IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) 2425