1 /* $OpenBSD: x509_vfy.c,v 1.86 2021/02/25 17:29:22 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <errno.h> 60 #include <stdio.h> 61 #include <string.h> 62 #include <time.h> 63 #include <unistd.h> 64 65 #include <openssl/opensslconf.h> 66 67 #include <openssl/asn1.h> 68 #include <openssl/buffer.h> 69 #include <openssl/crypto.h> 70 #include <openssl/err.h> 71 #include <openssl/evp.h> 72 #include <openssl/lhash.h> 73 #include <openssl/objects.h> 74 #include <openssl/x509.h> 75 #include <openssl/x509v3.h> 76 #include "asn1_locl.h" 77 #include "vpm_int.h" 78 #include "x509_internal.h" 79 #include "x509_lcl.h" 80 #include "x509_internal.h" 81 82 /* CRL score values */ 83 84 /* No unhandled critical extensions */ 85 86 #define CRL_SCORE_NOCRITICAL 0x100 87 88 /* certificate is within CRL scope */ 89 90 #define CRL_SCORE_SCOPE 0x080 91 92 /* CRL times valid */ 93 94 #define CRL_SCORE_TIME 0x040 95 96 /* Issuer name matches certificate */ 97 98 #define CRL_SCORE_ISSUER_NAME 0x020 99 100 /* If this score or above CRL is probably valid */ 101 102 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) 103 104 /* CRL issuer is certificate issuer */ 105 106 #define CRL_SCORE_ISSUER_CERT 0x018 107 108 /* CRL issuer is on certificate path */ 109 110 #define CRL_SCORE_SAME_PATH 0x008 111 112 /* CRL issuer matches CRL AKID */ 113 114 #define CRL_SCORE_AKID 0x004 115 116 /* Have a delta CRL with valid times */ 117 118 #define CRL_SCORE_TIME_DELTA 0x002 119 120 static int null_callback(int ok, X509_STORE_CTX *e); 121 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); 122 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 123 int allow_expired); 124 static int check_chain_extensions(X509_STORE_CTX *ctx); 125 static int check_name_constraints(X509_STORE_CTX *ctx); 126 static int check_trust(X509_STORE_CTX *ctx); 127 static int check_revocation(X509_STORE_CTX *ctx); 128 static int check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth); 129 static int check_policy(X509_STORE_CTX *ctx); 130 131 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 132 unsigned int *preasons, X509_CRL *crl, X509 *x); 133 static int get_crl_delta(X509_STORE_CTX *ctx, 134 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); 135 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, 136 X509_CRL *base, STACK_OF(X509_CRL) *crls); 137 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 138 int *pcrl_score); 139 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, 140 unsigned int *preasons); 141 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); 142 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 143 STACK_OF(X509) *crl_path); 144 static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, 145 int clamp_notafter); 146 147 static int internal_verify(X509_STORE_CTX *ctx); 148 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); 149 150 int ASN1_time_tm_clamp_notafter(struct tm *tm); 151 152 static int 153 null_callback(int ok, X509_STORE_CTX *e) 154 { 155 return ok; 156 } 157 158 #if 0 159 static int 160 x509_subject_cmp(X509 **a, X509 **b) 161 { 162 return X509_subject_name_cmp(*a, *b); 163 } 164 #endif 165 166 /* Return 1 if a certificate is self signed */ 167 static int 168 cert_self_signed(X509 *x) 169 { 170 X509_check_purpose(x, -1, 0); 171 if (x->ex_flags & EXFLAG_SS) 172 return 1; 173 else 174 return 0; 175 } 176 177 static int 178 check_id_error(X509_STORE_CTX *ctx, int errcode) 179 { 180 ctx->error = errcode; 181 ctx->current_cert = ctx->cert; 182 ctx->error_depth = 0; 183 return ctx->verify_cb(0, ctx); 184 } 185 186 static int 187 check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) 188 { 189 size_t i, n; 190 char *name; 191 192 n = sk_OPENSSL_STRING_num(id->hosts); 193 free(id->peername); 194 id->peername = NULL; 195 196 for (i = 0; i < n; ++i) { 197 name = sk_OPENSSL_STRING_value(id->hosts, i); 198 if (X509_check_host(x, name, strlen(name), id->hostflags, 199 &id->peername) > 0) 200 return 1; 201 } 202 return n == 0; 203 } 204 205 static int 206 check_id(X509_STORE_CTX *ctx) 207 { 208 X509_VERIFY_PARAM *vpm = ctx->param; 209 X509_VERIFY_PARAM_ID *id = vpm->id; 210 X509 *x = ctx->cert; 211 212 if (id->hosts && check_hosts(x, id) <= 0) { 213 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) 214 return 0; 215 } 216 if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0) 217 <= 0) { 218 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) 219 return 0; 220 } 221 if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { 222 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) 223 return 0; 224 } 225 return 1; 226 } 227 228 int 229 x509_vfy_check_id(X509_STORE_CTX *ctx) { 230 return check_id(ctx); 231 } 232 233 /* 234 * This is the effectively broken legacy OpenSSL chain builder. It 235 * might find an unvalidated chain and leave it sitting in 236 * ctx->chain. It does not correctly handle many cases where multiple 237 * chains could exist. 238 * 239 * Oh no.. I know a dirty word... 240 * Oooooooh.. 241 */ 242 static int 243 X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) 244 { 245 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; 246 int bad_chain = 0; 247 X509_VERIFY_PARAM *param = ctx->param; 248 int ok = 0, ret = 0; 249 int depth, i; 250 int num, j, retry, trust; 251 int (*cb) (int xok, X509_STORE_CTX *xctx); 252 STACK_OF(X509) *sktmp = NULL; 253 254 cb = ctx->verify_cb; 255 256 /* 257 * First we make sure the chain we are going to build is 258 * present and that the first entry is in place. 259 */ 260 ctx->chain = sk_X509_new_null(); 261 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { 262 X509error(ERR_R_MALLOC_FAILURE); 263 ctx->error = X509_V_ERR_OUT_OF_MEM; 264 goto end; 265 } 266 X509_up_ref(ctx->cert); 267 ctx->last_untrusted = 1; 268 269 /* We use a temporary STACK so we can chop and hack at it */ 270 if (ctx->untrusted != NULL && 271 (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { 272 X509error(ERR_R_MALLOC_FAILURE); 273 ctx->error = X509_V_ERR_OUT_OF_MEM; 274 goto end; 275 } 276 277 num = sk_X509_num(ctx->chain); 278 x = sk_X509_value(ctx->chain, num - 1); 279 depth = param->depth; 280 281 for (;;) { 282 /* If we have enough, we break */ 283 /* FIXME: If this happens, we should take 284 * note of it and, if appropriate, use the 285 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code 286 * later. 287 */ 288 if (depth < num) 289 break; 290 /* If we are self signed, we break */ 291 if (cert_self_signed(x)) 292 break; 293 /* 294 * If asked see if we can find issuer in trusted store first 295 */ 296 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { 297 ok = ctx->get_issuer(&xtmp, ctx, x); 298 if (ok < 0) { 299 ctx->error = X509_V_ERR_STORE_LOOKUP; 300 goto end; 301 } 302 /* 303 * If successful for now free up cert so it 304 * will be picked up again later. 305 */ 306 if (ok > 0) { 307 X509_free(xtmp); 308 break; 309 } 310 } 311 /* If we were passed a cert chain, use it first */ 312 if (ctx->untrusted != NULL) { 313 /* 314 * If we do not find a non-expired untrusted cert, peek 315 * ahead and see if we can satisify this from the trusted 316 * store. If not, see if we have an expired untrusted cert. 317 */ 318 xtmp = find_issuer(ctx, sktmp, x, 0); 319 if (xtmp == NULL && 320 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)) { 321 ok = ctx->get_issuer(&xtmp, ctx, x); 322 if (ok < 0) { 323 ctx->error = X509_V_ERR_STORE_LOOKUP; 324 goto end; 325 } 326 if (ok > 0) { 327 X509_free(xtmp); 328 break; 329 } 330 xtmp = find_issuer(ctx, sktmp, x, 1); 331 } 332 if (xtmp != NULL) { 333 if (!sk_X509_push(ctx->chain, xtmp)) { 334 X509error(ERR_R_MALLOC_FAILURE); 335 ctx->error = X509_V_ERR_OUT_OF_MEM; 336 ok = 0; 337 goto end; 338 } 339 X509_up_ref(xtmp); 340 (void)sk_X509_delete_ptr(sktmp, xtmp); 341 ctx->last_untrusted++; 342 x = xtmp; 343 num++; 344 /* 345 * reparse the full chain for the next one 346 */ 347 continue; 348 } 349 } 350 break; 351 } 352 /* Remember how many untrusted certs we have */ 353 j = num; 354 355 /* 356 * At this point, chain should contain a list of untrusted 357 * certificates. We now need to add at least one trusted one, 358 * if possible, otherwise we complain. 359 */ 360 361 do { 362 /* 363 * Examine last certificate in chain and see if it is 364 * self signed. 365 */ 366 i = sk_X509_num(ctx->chain); 367 x = sk_X509_value(ctx->chain, i - 1); 368 if (cert_self_signed(x)) { 369 /* we have a self signed certificate */ 370 if (i == 1) { 371 /* 372 * We have a single self signed 373 * certificate: see if we can find it 374 * in the store. We must have an exact 375 * match to avoid possible 376 * impersonation. 377 */ 378 ok = ctx->get_issuer(&xtmp, ctx, x); 379 if ((ok <= 0) || X509_cmp(x, xtmp)) { 380 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; 381 ctx->current_cert = x; 382 ctx->error_depth = i - 1; 383 if (ok == 1) 384 X509_free(xtmp); 385 bad_chain = 1; 386 ok = cb(0, ctx); 387 if (!ok) 388 goto end; 389 } else { 390 /* 391 * We have a match: replace 392 * certificate with store 393 * version so we get any trust 394 * settings. 395 */ 396 X509_free(x); 397 x = xtmp; 398 (void)sk_X509_set(ctx->chain, i - 1, x); 399 ctx->last_untrusted = 0; 400 } 401 } else { 402 /* 403 * extract and save self signed 404 * certificate for later use 405 */ 406 chain_ss = sk_X509_pop(ctx->chain); 407 ctx->last_untrusted--; 408 num--; 409 j--; 410 x = sk_X509_value(ctx->chain, num - 1); 411 } 412 } 413 /* We now lookup certs from the certificate store */ 414 for (;;) { 415 /* If we have enough, we break */ 416 if (depth < num) 417 break; 418 /* If we are self signed, we break */ 419 if (cert_self_signed(x)) 420 break; 421 ok = ctx->get_issuer(&xtmp, ctx, x); 422 423 if (ok < 0) { 424 ctx->error = X509_V_ERR_STORE_LOOKUP; 425 goto end; 426 } 427 if (ok == 0) 428 break; 429 x = xtmp; 430 if (!sk_X509_push(ctx->chain, x)) { 431 X509_free(xtmp); 432 X509error(ERR_R_MALLOC_FAILURE); 433 ctx->error = X509_V_ERR_OUT_OF_MEM; 434 ok = 0; 435 goto end; 436 } 437 num++; 438 } 439 440 /* we now have our chain, lets check it... */ 441 trust = check_trust(ctx); 442 443 /* If explicitly rejected error */ 444 if (trust == X509_TRUST_REJECTED) { 445 ok = 0; 446 goto end; 447 } 448 /* 449 * If it's not explicitly trusted then check if there 450 * is an alternative chain that could be used. We only 451 * do this if we haven't already checked via 452 * TRUSTED_FIRST and the user hasn't switched off 453 * alternate chain checking 454 */ 455 retry = 0; 456 if (trust != X509_TRUST_TRUSTED && 457 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && 458 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { 459 while (j-- > 1) { 460 xtmp2 = sk_X509_value(ctx->chain, j - 1); 461 ok = ctx->get_issuer(&xtmp, ctx, xtmp2); 462 if (ok < 0) 463 goto end; 464 /* Check if we found an alternate chain */ 465 if (ok > 0) { 466 /* 467 * Free up the found cert 468 * we'll add it again later 469 */ 470 X509_free(xtmp); 471 /* 472 * Dump all the certs above 473 * this point - we've found an 474 * alternate chain 475 */ 476 while (num > j) { 477 xtmp = sk_X509_pop(ctx->chain); 478 X509_free(xtmp); 479 num--; 480 } 481 ctx->last_untrusted = sk_X509_num(ctx->chain); 482 retry = 1; 483 break; 484 } 485 } 486 } 487 } while (retry); 488 489 /* 490 * If not explicitly trusted then indicate error unless it's a single 491 * self signed certificate in which case we've indicated an error already 492 * and set bad_chain == 1 493 */ 494 if (trust != X509_TRUST_TRUSTED && !bad_chain) { 495 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { 496 if (ctx->last_untrusted >= num) 497 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; 498 else 499 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; 500 ctx->current_cert = x; 501 } else { 502 if (!sk_X509_push(ctx->chain, chain_ss)) { 503 X509error(ERR_R_MALLOC_FAILURE); 504 ctx->error = X509_V_ERR_OUT_OF_MEM; 505 ok = 0; 506 goto end; 507 } 508 num++; 509 ctx->last_untrusted = num; 510 ctx->current_cert = chain_ss; 511 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; 512 chain_ss = NULL; 513 } 514 515 ctx->error_depth = num - 1; 516 bad_chain = 1; 517 ok = cb(0, ctx); 518 if (!ok) 519 goto end; 520 } 521 522 ret = 1; 523 end: 524 sk_X509_free(sktmp); 525 X509_free(chain_ss); 526 *bad = bad_chain; 527 *out_ok = ok; 528 529 return ret; 530 } 531 532 static int 533 X509_verify_cert_legacy(X509_STORE_CTX *ctx) 534 { 535 int ok = 0, bad_chain; 536 537 ctx->error = X509_V_OK; /* Initialize to OK */ 538 539 if (!X509_verify_cert_legacy_build_chain(ctx, &bad_chain, &ok)) 540 goto end; 541 542 /* We have the chain complete: now we need to check its purpose */ 543 ok = check_chain_extensions(ctx); 544 if (!ok) 545 goto end; 546 547 /* Check name constraints */ 548 ok = check_name_constraints(ctx); 549 if (!ok) 550 goto end; 551 552 ok = check_id(ctx); 553 if (!ok) 554 goto end; 555 556 /* 557 * Check revocation status: we do this after copying parameters because 558 * they may be needed for CRL signature verification. 559 */ 560 ok = ctx->check_revocation(ctx); 561 if (!ok) 562 goto end; 563 564 /* At this point, we have a chain and need to verify it */ 565 if (ctx->verify != NULL) 566 ok = ctx->verify(ctx); 567 else 568 ok = internal_verify(ctx); 569 if (!ok) 570 goto end; 571 572 /* If we get this far evaluate policies */ 573 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) 574 ok = ctx->check_policy(ctx); 575 576 end: 577 /* Safety net, error returns must set ctx->error */ 578 if (ok <= 0 && ctx->error == X509_V_OK) 579 ctx->error = X509_V_ERR_UNSPECIFIED; 580 581 return ok; 582 } 583 584 int 585 X509_verify_cert(X509_STORE_CTX *ctx) 586 { 587 STACK_OF(X509) *roots = NULL; 588 struct x509_verify_ctx *vctx = NULL; 589 int chain_count = 0; 590 591 if (ctx->cert == NULL) { 592 X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); 593 ctx->error = X509_V_ERR_INVALID_CALL; 594 return -1; 595 } 596 if (ctx->chain != NULL) { 597 /* 598 * This X509_STORE_CTX has already been used to verify 599 * a cert. We cannot do another one. 600 */ 601 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 602 ctx->error = X509_V_ERR_INVALID_CALL; 603 return -1; 604 } 605 if (ctx->param->id->poisoned) { 606 /* 607 * This X509_STORE_CTX had failures setting 608 * up verify parameters. We can not use it. 609 */ 610 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 611 ctx->error = X509_V_ERR_INVALID_CALL; 612 return -1; 613 } 614 if (ctx->error != X509_V_ERR_INVALID_CALL) { 615 /* 616 * This X509_STORE_CTX has not been properly initialized. 617 */ 618 X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 619 ctx->error = X509_V_ERR_INVALID_CALL; 620 return -1; 621 } 622 623 /* 624 * If flags request legacy, use the legacy verifier. If we 625 * requested "no alt chains" from the age of hammer pants, use 626 * the legacy verifier because the multi chain verifier really 627 * does find all the "alt chains". 628 * 629 * XXX deprecate the NO_ALT_CHAINS flag? 630 */ 631 if ((ctx->param->flags & X509_V_FLAG_LEGACY_VERIFY) || 632 (ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) 633 return X509_verify_cert_legacy(ctx); 634 635 /* Use the modern multi-chain verifier from x509_verify_cert */ 636 637 /* Find our trusted roots */ 638 ctx->error = X509_V_ERR_OUT_OF_MEM; 639 640 if (ctx->get_issuer == get_issuer_sk) { 641 /* 642 * We are using the trusted stack method. so 643 * the roots are in the aptly named "ctx->other_ctx" 644 * pointer. (It could have been called "al") 645 */ 646 if ((roots = X509_chain_up_ref(ctx->other_ctx)) == NULL) 647 return -1; 648 } else { 649 /* 650 * We have a X509_STORE and need to pull out the roots. 651 * Don't look Ethel... 652 */ 653 STACK_OF(X509_OBJECT) *objs; 654 size_t i, good = 1; 655 656 if ((roots = sk_X509_new_null()) == NULL) 657 return -1; 658 659 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 660 if ((objs = X509_STORE_get0_objects(ctx->ctx)) == NULL) 661 good = 0; 662 for (i = 0; good && i < sk_X509_OBJECT_num(objs); i++) { 663 X509_OBJECT *obj; 664 X509 *root; 665 obj = sk_X509_OBJECT_value(objs, i); 666 if (obj->type != X509_LU_X509) 667 continue; 668 root = obj->data.x509; 669 if (X509_up_ref(root) == 0) 670 good = 0; 671 if (sk_X509_push(roots, root) == 0) { 672 X509_free(root); 673 good = 0; 674 } 675 } 676 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 677 678 if (!good) { 679 sk_X509_pop_free(roots, X509_free); 680 return -1; 681 } 682 } 683 684 if ((vctx = x509_verify_ctx_new_from_xsc(ctx, roots)) != NULL) { 685 ctx->error = X509_V_OK; /* Initialize to OK */ 686 chain_count = x509_verify(vctx, NULL, NULL); 687 } 688 x509_verify_ctx_free(vctx); 689 690 sk_X509_pop_free(roots, X509_free); 691 692 /* if we succeed we have a chain in ctx->chain */ 693 return (chain_count > 0 && ctx->chain != NULL); 694 } 695 696 /* Given a STACK_OF(X509) find the issuer of cert (if any) 697 */ 698 699 static X509 * 700 find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, 701 int allow_expired) 702 { 703 int i; 704 X509 *issuer, *rv = NULL; 705 706 for (i = 0; i < sk_X509_num(sk); i++) { 707 issuer = sk_X509_value(sk, i); 708 if (ctx->check_issued(ctx, x, issuer)) { 709 if (x509_check_cert_time(ctx, issuer, -1)) 710 return issuer; 711 if (allow_expired) 712 rv = issuer; 713 } 714 } 715 return rv; 716 } 717 718 /* Given a possible certificate and issuer check them */ 719 720 static int 721 check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) 722 { 723 int ret; 724 725 ret = X509_check_issued(issuer, x); 726 if (ret == X509_V_OK) 727 return 1; 728 /* If we haven't asked for issuer errors don't set ctx */ 729 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) 730 return 0; 731 732 ctx->error = ret; 733 ctx->current_cert = x; 734 ctx->current_issuer = issuer; 735 return ctx->verify_cb(0, ctx); 736 } 737 738 /* Alternative lookup method: look from a STACK stored in other_ctx */ 739 740 static int 741 get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 742 { 743 *issuer = find_issuer(ctx, ctx->other_ctx, x, 1); 744 if (*issuer) { 745 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); 746 return 1; 747 } else 748 return 0; 749 } 750 751 /* Check a certificate chains extensions for consistency 752 * with the supplied purpose 753 */ 754 755 int 756 x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) 757 { 758 #ifdef OPENSSL_NO_CHAIN_VERIFY 759 return 1; 760 #else 761 int i, ok = 0, must_be_ca, plen = 0; 762 X509 *x; 763 int (*cb)(int xok, X509_STORE_CTX *xctx); 764 int proxy_path_length = 0; 765 int purpose; 766 int allow_proxy_certs; 767 768 cb = ctx->verify_cb; 769 770 /* must_be_ca can have 1 of 3 values: 771 -1: we accept both CA and non-CA certificates, to allow direct 772 use of self-signed certificates (which are marked as CA). 773 0: we only accept non-CA certificates. This is currently not 774 used, but the possibility is present for future extensions. 775 1: we only accept CA certificates. This is currently used for 776 all certificates in the chain except the leaf certificate. 777 */ 778 must_be_ca = -1; 779 780 /* CRL path validation */ 781 if (ctx->parent) { 782 allow_proxy_certs = 0; 783 purpose = X509_PURPOSE_CRL_SIGN; 784 } else { 785 allow_proxy_certs = 786 !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); 787 purpose = ctx->param->purpose; 788 } 789 790 /* Check all untrusted certificates */ 791 for (i = 0; i < ctx->last_untrusted; i++) { 792 int ret; 793 x = sk_X509_value(ctx->chain, i); 794 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 795 (x->ex_flags & EXFLAG_CRITICAL)) { 796 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; 797 ctx->error_depth = i; 798 ctx->current_cert = x; 799 ok = cb(0, ctx); 800 if (!ok) 801 goto end; 802 } 803 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { 804 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; 805 ctx->error_depth = i; 806 ctx->current_cert = x; 807 ok = cb(0, ctx); 808 if (!ok) 809 goto end; 810 } 811 ret = X509_check_ca(x); 812 switch (must_be_ca) { 813 case -1: 814 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 815 (ret != 1) && (ret != 0)) { 816 ret = 0; 817 ctx->error = X509_V_ERR_INVALID_CA; 818 } else 819 ret = 1; 820 break; 821 case 0: 822 if (ret != 0) { 823 ret = 0; 824 ctx->error = X509_V_ERR_INVALID_NON_CA; 825 } else 826 ret = 1; 827 break; 828 default: 829 if ((ret == 0) || 830 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 831 (ret != 1))) { 832 ret = 0; 833 ctx->error = X509_V_ERR_INVALID_CA; 834 } else 835 ret = 1; 836 break; 837 } 838 if (ret == 0) { 839 ctx->error_depth = i; 840 ctx->current_cert = x; 841 ok = cb(0, ctx); 842 if (!ok) 843 goto end; 844 } 845 if (ctx->param->purpose > 0) { 846 ret = X509_check_purpose(x, purpose, must_be_ca > 0); 847 if ((ret == 0) || 848 ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && 849 (ret != 1))) { 850 ctx->error = X509_V_ERR_INVALID_PURPOSE; 851 ctx->error_depth = i; 852 ctx->current_cert = x; 853 ok = cb(0, ctx); 854 if (!ok) 855 goto end; 856 } 857 } 858 /* Check pathlen if not self issued */ 859 if ((i > 1) && !(x->ex_flags & EXFLAG_SI) && 860 (x->ex_pathlen != -1) && 861 (plen > (x->ex_pathlen + proxy_path_length + 1))) { 862 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 863 ctx->error_depth = i; 864 ctx->current_cert = x; 865 ok = cb(0, ctx); 866 if (!ok) 867 goto end; 868 } 869 /* Increment path length if not self issued */ 870 if (!(x->ex_flags & EXFLAG_SI)) 871 plen++; 872 /* If this certificate is a proxy certificate, the next 873 certificate must be another proxy certificate or a EE 874 certificate. If not, the next certificate must be a 875 CA certificate. */ 876 if (x->ex_flags & EXFLAG_PROXY) { 877 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { 878 ctx->error = 879 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; 880 ctx->error_depth = i; 881 ctx->current_cert = x; 882 ok = cb(0, ctx); 883 if (!ok) 884 goto end; 885 } 886 proxy_path_length++; 887 must_be_ca = 0; 888 } else 889 must_be_ca = 1; 890 } 891 ok = 1; 892 893 end: 894 return ok; 895 #endif 896 } 897 898 static int 899 check_chain_extensions(X509_STORE_CTX *ctx) { 900 return x509_vfy_check_chain_extensions(ctx); 901 } 902 903 static int 904 check_name_constraints(X509_STORE_CTX *ctx) 905 { 906 if (!x509_constraints_chain(ctx->chain, &ctx->error, 907 &ctx->error_depth)) { 908 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); 909 if (!ctx->verify_cb(0, ctx)) 910 return 0; 911 } 912 return 1; 913 } 914 915 /* Given a certificate try and find an exact match in the store */ 916 917 static X509 * 918 lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) 919 { 920 STACK_OF(X509) *certs; 921 X509 *xtmp = NULL; 922 size_t i; 923 924 /* Lookup all certs with matching subject name */ 925 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); 926 if (certs == NULL) 927 return NULL; 928 929 /* Look for exact match */ 930 for (i = 0; i < sk_X509_num(certs); i++) { 931 xtmp = sk_X509_value(certs, i); 932 if (!X509_cmp(xtmp, x)) 933 break; 934 } 935 936 if (i < sk_X509_num(certs)) 937 X509_up_ref(xtmp); 938 else 939 xtmp = NULL; 940 941 sk_X509_pop_free(certs, X509_free); 942 return xtmp; 943 } 944 945 static int 946 check_trust(X509_STORE_CTX *ctx) 947 { 948 size_t i; 949 int ok; 950 X509 *x = NULL; 951 int (*cb) (int xok, X509_STORE_CTX *xctx); 952 953 cb = ctx->verify_cb; 954 /* Check all trusted certificates in chain */ 955 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { 956 x = sk_X509_value(ctx->chain, i); 957 ok = X509_check_trust(x, ctx->param->trust, 0); 958 959 /* If explicitly trusted return trusted */ 960 if (ok == X509_TRUST_TRUSTED) 961 return X509_TRUST_TRUSTED; 962 /* 963 * If explicitly rejected notify callback and reject if not 964 * overridden. 965 */ 966 if (ok == X509_TRUST_REJECTED) { 967 ctx->error_depth = i; 968 ctx->current_cert = x; 969 ctx->error = X509_V_ERR_CERT_REJECTED; 970 ok = cb(0, ctx); 971 if (!ok) 972 return X509_TRUST_REJECTED; 973 } 974 } 975 /* 976 * If we accept partial chains and have at least one trusted certificate 977 * return success. 978 */ 979 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 980 X509 *mx; 981 if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) 982 return X509_TRUST_TRUSTED; 983 x = sk_X509_value(ctx->chain, 0); 984 mx = lookup_cert_match(ctx, x); 985 if (mx) { 986 (void)sk_X509_set(ctx->chain, 0, mx); 987 X509_free(x); 988 ctx->last_untrusted = 0; 989 return X509_TRUST_TRUSTED; 990 } 991 } 992 993 /* 994 * If no trusted certs in chain at all return untrusted and allow 995 * standard (no issuer cert) etc errors to be indicated. 996 */ 997 return X509_TRUST_UNTRUSTED; 998 } 999 1000 int 1001 x509_vfy_check_trust(X509_STORE_CTX *ctx) 1002 { 1003 return check_trust(ctx); 1004 } 1005 1006 static int 1007 check_revocation(X509_STORE_CTX *ctx) 1008 { 1009 int i, last, ok; 1010 1011 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) 1012 return 1; 1013 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) 1014 last = sk_X509_num(ctx->chain) - 1; 1015 else { 1016 /* If checking CRL paths this isn't the EE certificate */ 1017 if (ctx->parent) 1018 return 1; 1019 last = 0; 1020 } 1021 for (i = 0; i <= last; i++) { 1022 ok = check_cert(ctx, ctx->chain, i); 1023 if (!ok) 1024 return ok; 1025 } 1026 return 1; 1027 } 1028 1029 int 1030 x509_vfy_check_revocation(X509_STORE_CTX *ctx) 1031 { 1032 return check_revocation(ctx); 1033 } 1034 1035 static int 1036 check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth) 1037 { 1038 X509_CRL *crl = NULL, *dcrl = NULL; 1039 X509 *x; 1040 int ok = 0, cnum; 1041 unsigned int last_reasons; 1042 1043 cnum = ctx->error_depth = depth; 1044 x = sk_X509_value(chain, cnum); 1045 ctx->current_cert = x; 1046 ctx->current_issuer = NULL; 1047 ctx->current_crl_score = 0; 1048 ctx->current_reasons = 0; 1049 while (ctx->current_reasons != CRLDP_ALL_REASONS) { 1050 last_reasons = ctx->current_reasons; 1051 /* Try to retrieve relevant CRL */ 1052 if (ctx->get_crl) 1053 ok = ctx->get_crl(ctx, &crl, x); 1054 else 1055 ok = get_crl_delta(ctx, &crl, &dcrl, x); 1056 /* If error looking up CRL, nothing we can do except 1057 * notify callback 1058 */ 1059 if (!ok) { 1060 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 1061 ok = ctx->verify_cb(0, ctx); 1062 goto err; 1063 } 1064 ctx->current_crl = crl; 1065 ok = ctx->check_crl(ctx, crl); 1066 if (!ok) 1067 goto err; 1068 1069 if (dcrl) { 1070 ok = ctx->check_crl(ctx, dcrl); 1071 if (!ok) 1072 goto err; 1073 ok = ctx->cert_crl(ctx, dcrl, x); 1074 if (!ok) 1075 goto err; 1076 } else 1077 ok = 1; 1078 1079 /* Don't look in full CRL if delta reason is removefromCRL */ 1080 if (ok != 2) { 1081 ok = ctx->cert_crl(ctx, crl, x); 1082 if (!ok) 1083 goto err; 1084 } 1085 1086 ctx->current_crl = NULL; 1087 X509_CRL_free(crl); 1088 X509_CRL_free(dcrl); 1089 crl = NULL; 1090 dcrl = NULL; 1091 /* If reasons not updated we wont get anywhere by 1092 * another iteration, so exit loop. 1093 */ 1094 if (last_reasons == ctx->current_reasons) { 1095 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; 1096 ok = ctx->verify_cb(0, ctx); 1097 goto err; 1098 } 1099 } 1100 1101 err: 1102 ctx->current_crl = NULL; 1103 X509_CRL_free(crl); 1104 X509_CRL_free(dcrl); 1105 return ok; 1106 } 1107 1108 /* Check CRL times against values in X509_STORE_CTX */ 1109 1110 static int 1111 check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) 1112 { 1113 time_t *ptime = NULL; 1114 int i; 1115 1116 if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1117 return (1); 1118 1119 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1120 ptime = &ctx->param->check_time; 1121 1122 if (notify) 1123 ctx->current_crl = crl; 1124 1125 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); 1126 if (i == 0) { 1127 if (!notify) 1128 return 0; 1129 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; 1130 if (!ctx->verify_cb(0, ctx)) 1131 return 0; 1132 } 1133 1134 if (i > 0) { 1135 if (!notify) 1136 return 0; 1137 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; 1138 if (!ctx->verify_cb(0, ctx)) 1139 return 0; 1140 } 1141 1142 if (X509_CRL_get_nextUpdate(crl)) { 1143 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); 1144 1145 if (i == 0) { 1146 if (!notify) 1147 return 0; 1148 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; 1149 if (!ctx->verify_cb(0, ctx)) 1150 return 0; 1151 } 1152 /* Ignore expiry of base CRL is delta is valid */ 1153 if ((i < 0) && 1154 !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { 1155 if (!notify) 1156 return 0; 1157 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; 1158 if (!ctx->verify_cb(0, ctx)) 1159 return 0; 1160 } 1161 } 1162 1163 if (notify) 1164 ctx->current_crl = NULL; 1165 1166 return 1; 1167 } 1168 1169 static int 1170 get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, 1171 X509 **pissuer, int *pscore, unsigned int *preasons, 1172 STACK_OF(X509_CRL) *crls) 1173 { 1174 int i, crl_score, best_score = *pscore; 1175 unsigned int reasons, best_reasons = 0; 1176 X509 *x = ctx->current_cert; 1177 X509_CRL *crl, *best_crl = NULL; 1178 X509 *crl_issuer = NULL, *best_crl_issuer = NULL; 1179 1180 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1181 crl = sk_X509_CRL_value(crls, i); 1182 reasons = *preasons; 1183 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); 1184 1185 if (crl_score > best_score) { 1186 best_crl = crl; 1187 best_crl_issuer = crl_issuer; 1188 best_score = crl_score; 1189 best_reasons = reasons; 1190 } 1191 } 1192 1193 if (best_crl) { 1194 if (*pcrl) 1195 X509_CRL_free(*pcrl); 1196 *pcrl = best_crl; 1197 *pissuer = best_crl_issuer; 1198 *pscore = best_score; 1199 *preasons = best_reasons; 1200 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); 1201 if (*pdcrl) { 1202 X509_CRL_free(*pdcrl); 1203 *pdcrl = NULL; 1204 } 1205 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); 1206 } 1207 1208 if (best_score >= CRL_SCORE_VALID) 1209 return 1; 1210 1211 return 0; 1212 } 1213 1214 /* Compare two CRL extensions for delta checking purposes. They should be 1215 * both present or both absent. If both present all fields must be identical. 1216 */ 1217 1218 static int 1219 crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) 1220 { 1221 ASN1_OCTET_STRING *exta, *extb; 1222 int i; 1223 1224 i = X509_CRL_get_ext_by_NID(a, nid, -1); 1225 if (i >= 0) { 1226 /* Can't have multiple occurrences */ 1227 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) 1228 return 0; 1229 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); 1230 } else 1231 exta = NULL; 1232 1233 i = X509_CRL_get_ext_by_NID(b, nid, -1); 1234 1235 if (i >= 0) { 1236 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) 1237 return 0; 1238 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); 1239 } else 1240 extb = NULL; 1241 1242 if (!exta && !extb) 1243 return 1; 1244 1245 if (!exta || !extb) 1246 return 0; 1247 1248 if (ASN1_OCTET_STRING_cmp(exta, extb)) 1249 return 0; 1250 1251 return 1; 1252 } 1253 1254 /* See if a base and delta are compatible */ 1255 1256 static int 1257 check_delta_base(X509_CRL *delta, X509_CRL *base) 1258 { 1259 /* Delta CRL must be a delta */ 1260 if (!delta->base_crl_number) 1261 return 0; 1262 /* Base must have a CRL number */ 1263 if (!base->crl_number) 1264 return 0; 1265 /* Issuer names must match */ 1266 if (X509_NAME_cmp(X509_CRL_get_issuer(base), 1267 X509_CRL_get_issuer(delta))) 1268 return 0; 1269 /* AKID and IDP must match */ 1270 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) 1271 return 0; 1272 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) 1273 return 0; 1274 /* Delta CRL base number must not exceed Full CRL number. */ 1275 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) 1276 return 0; 1277 /* Delta CRL number must exceed full CRL number */ 1278 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) 1279 return 1; 1280 return 0; 1281 } 1282 1283 /* For a given base CRL find a delta... maybe extend to delta scoring 1284 * or retrieve a chain of deltas... 1285 */ 1286 1287 static void 1288 get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base, 1289 STACK_OF(X509_CRL) *crls) 1290 { 1291 X509_CRL *delta; 1292 int i; 1293 1294 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) 1295 return; 1296 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) 1297 return; 1298 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1299 delta = sk_X509_CRL_value(crls, i); 1300 if (check_delta_base(delta, base)) { 1301 if (check_crl_time(ctx, delta, 0)) 1302 *pscore |= CRL_SCORE_TIME_DELTA; 1303 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); 1304 *dcrl = delta; 1305 return; 1306 } 1307 } 1308 *dcrl = NULL; 1309 } 1310 1311 /* For a given CRL return how suitable it is for the supplied certificate 'x'. 1312 * The return value is a mask of several criteria. 1313 * If the issuer is not the certificate issuer this is returned in *pissuer. 1314 * The reasons mask is also used to determine if the CRL is suitable: if 1315 * no new reasons the CRL is rejected, otherwise reasons is updated. 1316 */ 1317 1318 static int 1319 get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, 1320 X509_CRL *crl, X509 *x) 1321 { 1322 int crl_score = 0; 1323 unsigned int tmp_reasons = *preasons, crl_reasons; 1324 1325 /* First see if we can reject CRL straight away */ 1326 1327 /* Invalid IDP cannot be processed */ 1328 if (crl->idp_flags & IDP_INVALID) 1329 return 0; 1330 /* Reason codes or indirect CRLs need extended CRL support */ 1331 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { 1332 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) 1333 return 0; 1334 } else if (crl->idp_flags & IDP_REASONS) { 1335 /* If no new reasons reject */ 1336 if (!(crl->idp_reasons & ~tmp_reasons)) 1337 return 0; 1338 } 1339 /* Don't process deltas at this stage */ 1340 else if (crl->base_crl_number) 1341 return 0; 1342 /* If issuer name doesn't match certificate need indirect CRL */ 1343 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { 1344 if (!(crl->idp_flags & IDP_INDIRECT)) 1345 return 0; 1346 } else 1347 crl_score |= CRL_SCORE_ISSUER_NAME; 1348 1349 if (!(crl->flags & EXFLAG_CRITICAL)) 1350 crl_score |= CRL_SCORE_NOCRITICAL; 1351 1352 /* Check expiry */ 1353 if (check_crl_time(ctx, crl, 0)) 1354 crl_score |= CRL_SCORE_TIME; 1355 1356 /* Check authority key ID and locate certificate issuer */ 1357 crl_akid_check(ctx, crl, pissuer, &crl_score); 1358 1359 /* If we can't locate certificate issuer at this point forget it */ 1360 1361 if (!(crl_score & CRL_SCORE_AKID)) 1362 return 0; 1363 1364 /* Check cert for matching CRL distribution points */ 1365 1366 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { 1367 /* If no new reasons reject */ 1368 if (!(crl_reasons & ~tmp_reasons)) 1369 return 0; 1370 tmp_reasons |= crl_reasons; 1371 crl_score |= CRL_SCORE_SCOPE; 1372 } 1373 1374 *preasons = tmp_reasons; 1375 1376 return crl_score; 1377 } 1378 1379 static void 1380 crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, 1381 int *pcrl_score) 1382 { 1383 X509 *crl_issuer = NULL; 1384 X509_NAME *cnm = X509_CRL_get_issuer(crl); 1385 int cidx = ctx->error_depth; 1386 int i; 1387 1388 if (cidx != sk_X509_num(ctx->chain) - 1) 1389 cidx++; 1390 1391 crl_issuer = sk_X509_value(ctx->chain, cidx); 1392 1393 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1394 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { 1395 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; 1396 *pissuer = crl_issuer; 1397 return; 1398 } 1399 } 1400 1401 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { 1402 crl_issuer = sk_X509_value(ctx->chain, cidx); 1403 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1404 continue; 1405 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1406 *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; 1407 *pissuer = crl_issuer; 1408 return; 1409 } 1410 } 1411 1412 /* Anything else needs extended CRL support */ 1413 1414 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) 1415 return; 1416 1417 /* Otherwise the CRL issuer is not on the path. Look for it in the 1418 * set of untrusted certificates. 1419 */ 1420 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { 1421 crl_issuer = sk_X509_value(ctx->untrusted, i); 1422 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) 1423 continue; 1424 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { 1425 *pissuer = crl_issuer; 1426 *pcrl_score |= CRL_SCORE_AKID; 1427 return; 1428 } 1429 } 1430 } 1431 1432 /* Check the path of a CRL issuer certificate. This creates a new 1433 * X509_STORE_CTX and populates it with most of the parameters from the 1434 * parent. This could be optimised somewhat since a lot of path checking 1435 * will be duplicated by the parent, but this will rarely be used in 1436 * practice. 1437 */ 1438 1439 static int 1440 check_crl_path(X509_STORE_CTX *ctx, X509 *x) 1441 { 1442 X509_STORE_CTX crl_ctx; 1443 int ret; 1444 1445 /* Don't allow recursive CRL path validation */ 1446 if (ctx->parent) 1447 return 0; 1448 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) { 1449 ret = -1; 1450 goto err; 1451 } 1452 1453 crl_ctx.crls = ctx->crls; 1454 /* Copy verify params across */ 1455 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); 1456 1457 crl_ctx.parent = ctx; 1458 crl_ctx.verify_cb = ctx->verify_cb; 1459 1460 /* Verify CRL issuer */ 1461 ret = X509_verify_cert(&crl_ctx); 1462 1463 if (ret <= 0) 1464 goto err; 1465 1466 /* Check chain is acceptable */ 1467 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); 1468 1469 err: 1470 X509_STORE_CTX_cleanup(&crl_ctx); 1471 return ret; 1472 } 1473 1474 /* RFC3280 says nothing about the relationship between CRL path 1475 * and certificate path, which could lead to situations where a 1476 * certificate could be revoked or validated by a CA not authorised 1477 * to do so. RFC5280 is more strict and states that the two paths must 1478 * end in the same trust anchor, though some discussions remain... 1479 * until this is resolved we use the RFC5280 version 1480 */ 1481 1482 static int 1483 check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, 1484 STACK_OF(X509) *crl_path) 1485 { 1486 X509 *cert_ta, *crl_ta; 1487 1488 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); 1489 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); 1490 if (!X509_cmp(cert_ta, crl_ta)) 1491 return 1; 1492 return 0; 1493 } 1494 1495 /* Check for match between two dist point names: three separate cases. 1496 * 1. Both are relative names and compare X509_NAME types. 1497 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. 1498 * 3. Both are full names and compare two GENERAL_NAMES. 1499 * 4. One is NULL: automatic match. 1500 */ 1501 1502 static int 1503 idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) 1504 { 1505 X509_NAME *nm = NULL; 1506 GENERAL_NAMES *gens = NULL; 1507 GENERAL_NAME *gena, *genb; 1508 int i, j; 1509 1510 if (!a || !b) 1511 return 1; 1512 if (a->type == 1) { 1513 if (!a->dpname) 1514 return 0; 1515 /* Case 1: two X509_NAME */ 1516 if (b->type == 1) { 1517 if (!b->dpname) 1518 return 0; 1519 if (!X509_NAME_cmp(a->dpname, b->dpname)) 1520 return 1; 1521 else 1522 return 0; 1523 } 1524 /* Case 2: set name and GENERAL_NAMES appropriately */ 1525 nm = a->dpname; 1526 gens = b->name.fullname; 1527 } else if (b->type == 1) { 1528 if (!b->dpname) 1529 return 0; 1530 /* Case 2: set name and GENERAL_NAMES appropriately */ 1531 gens = a->name.fullname; 1532 nm = b->dpname; 1533 } 1534 1535 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ 1536 if (nm) { 1537 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 1538 gena = sk_GENERAL_NAME_value(gens, i); 1539 if (gena->type != GEN_DIRNAME) 1540 continue; 1541 if (!X509_NAME_cmp(nm, gena->d.directoryName)) 1542 return 1; 1543 } 1544 return 0; 1545 } 1546 1547 /* Else case 3: two GENERAL_NAMES */ 1548 1549 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { 1550 gena = sk_GENERAL_NAME_value(a->name.fullname, i); 1551 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { 1552 genb = sk_GENERAL_NAME_value(b->name.fullname, j); 1553 if (!GENERAL_NAME_cmp(gena, genb)) 1554 return 1; 1555 } 1556 } 1557 1558 return 0; 1559 } 1560 1561 static int 1562 crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) 1563 { 1564 int i; 1565 X509_NAME *nm = X509_CRL_get_issuer(crl); 1566 1567 /* If no CRLissuer return is successful iff don't need a match */ 1568 if (!dp->CRLissuer) 1569 return !!(crl_score & CRL_SCORE_ISSUER_NAME); 1570 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { 1571 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); 1572 if (gen->type != GEN_DIRNAME) 1573 continue; 1574 if (!X509_NAME_cmp(gen->d.directoryName, nm)) 1575 return 1; 1576 } 1577 return 0; 1578 } 1579 1580 /* Check CRLDP and IDP */ 1581 1582 static int 1583 crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons) 1584 { 1585 int i; 1586 1587 if (crl->idp_flags & IDP_ONLYATTR) 1588 return 0; 1589 if (x->ex_flags & EXFLAG_CA) { 1590 if (crl->idp_flags & IDP_ONLYUSER) 1591 return 0; 1592 } else { 1593 if (crl->idp_flags & IDP_ONLYCA) 1594 return 0; 1595 } 1596 *preasons = crl->idp_reasons; 1597 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { 1598 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); 1599 if (crldp_check_crlissuer(dp, crl, crl_score)) { 1600 if (!crl->idp || 1601 idp_check_dp(dp->distpoint, crl->idp->distpoint)) { 1602 *preasons &= dp->dp_reasons; 1603 return 1; 1604 } 1605 } 1606 } 1607 if ((!crl->idp || !crl->idp->distpoint) && 1608 (crl_score & CRL_SCORE_ISSUER_NAME)) 1609 return 1; 1610 return 0; 1611 } 1612 1613 /* Retrieve CRL corresponding to current certificate. 1614 * If deltas enabled try to find a delta CRL too 1615 */ 1616 1617 static int 1618 get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) 1619 { 1620 int ok; 1621 X509 *issuer = NULL; 1622 int crl_score = 0; 1623 unsigned int reasons; 1624 X509_CRL *crl = NULL, *dcrl = NULL; 1625 STACK_OF(X509_CRL) *skcrl; 1626 X509_NAME *nm = X509_get_issuer_name(x); 1627 1628 reasons = ctx->current_reasons; 1629 ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, 1630 ctx->crls); 1631 if (ok) 1632 goto done; 1633 1634 /* Lookup CRLs from store */ 1635 skcrl = ctx->lookup_crls(ctx, nm); 1636 1637 /* If no CRLs found and a near match from get_crl_sk use that */ 1638 if (!skcrl && crl) 1639 goto done; 1640 1641 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); 1642 1643 sk_X509_CRL_pop_free(skcrl, X509_CRL_free); 1644 1645 done: 1646 1647 /* If we got any kind of CRL use it and return success */ 1648 if (crl) { 1649 ctx->current_issuer = issuer; 1650 ctx->current_crl_score = crl_score; 1651 ctx->current_reasons = reasons; 1652 *pcrl = crl; 1653 *pdcrl = dcrl; 1654 return 1; 1655 } 1656 1657 return 0; 1658 } 1659 1660 /* Check CRL validity */ 1661 static int 1662 check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) 1663 { 1664 X509 *issuer = NULL; 1665 EVP_PKEY *ikey = NULL; 1666 int ok = 0, chnum, cnum; 1667 1668 cnum = ctx->error_depth; 1669 chnum = sk_X509_num(ctx->chain) - 1; 1670 /* if we have an alternative CRL issuer cert use that */ 1671 if (ctx->current_issuer) { 1672 issuer = ctx->current_issuer; 1673 } else if (cnum < chnum) { 1674 /* 1675 * Else find CRL issuer: if not last certificate then issuer 1676 * is next certificate in chain. 1677 */ 1678 issuer = sk_X509_value(ctx->chain, cnum + 1); 1679 } else { 1680 issuer = sk_X509_value(ctx->chain, chnum); 1681 /* If not self signed, can't check signature */ 1682 if (!ctx->check_issued(ctx, issuer, issuer)) { 1683 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; 1684 ok = ctx->verify_cb(0, ctx); 1685 if (!ok) 1686 goto err; 1687 } 1688 } 1689 1690 if (issuer) { 1691 /* Skip most tests for deltas because they have already 1692 * been done 1693 */ 1694 if (!crl->base_crl_number) { 1695 /* Check for cRLSign bit if keyUsage present */ 1696 if ((issuer->ex_flags & EXFLAG_KUSAGE) && 1697 !(issuer->ex_kusage & KU_CRL_SIGN)) { 1698 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; 1699 ok = ctx->verify_cb(0, ctx); 1700 if (!ok) 1701 goto err; 1702 } 1703 1704 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { 1705 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; 1706 ok = ctx->verify_cb(0, ctx); 1707 if (!ok) 1708 goto err; 1709 } 1710 1711 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { 1712 if (check_crl_path(ctx, 1713 ctx->current_issuer) <= 0) { 1714 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; 1715 ok = ctx->verify_cb(0, ctx); 1716 if (!ok) 1717 goto err; 1718 } 1719 } 1720 1721 if (crl->idp_flags & IDP_INVALID) { 1722 ctx->error = X509_V_ERR_INVALID_EXTENSION; 1723 ok = ctx->verify_cb(0, ctx); 1724 if (!ok) 1725 goto err; 1726 } 1727 1728 1729 } 1730 1731 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { 1732 ok = check_crl_time(ctx, crl, 1); 1733 if (!ok) 1734 goto err; 1735 } 1736 1737 /* Attempt to get issuer certificate public key */ 1738 ikey = X509_get_pubkey(issuer); 1739 1740 if (!ikey) { 1741 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; 1742 ok = ctx->verify_cb(0, ctx); 1743 if (!ok) 1744 goto err; 1745 } else { 1746 /* Verify CRL signature */ 1747 if (X509_CRL_verify(crl, ikey) <= 0) { 1748 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; 1749 ok = ctx->verify_cb(0, ctx); 1750 if (!ok) 1751 goto err; 1752 } 1753 } 1754 } 1755 1756 ok = 1; 1757 1758 err: 1759 EVP_PKEY_free(ikey); 1760 return ok; 1761 } 1762 1763 /* Check certificate against CRL */ 1764 static int 1765 cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) 1766 { 1767 int ok; 1768 X509_REVOKED *rev; 1769 1770 /* The rules changed for this... previously if a CRL contained 1771 * unhandled critical extensions it could still be used to indicate 1772 * a certificate was revoked. This has since been changed since 1773 * critical extension can change the meaning of CRL entries. 1774 */ 1775 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && 1776 (crl->flags & EXFLAG_CRITICAL)) { 1777 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1778 ok = ctx->verify_cb(0, ctx); 1779 if (!ok) 1780 return 0; 1781 } 1782 /* Look for serial number of certificate in CRL 1783 * If found make sure reason is not removeFromCRL. 1784 */ 1785 if (X509_CRL_get0_by_cert(crl, &rev, x)) { 1786 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) 1787 return 2; 1788 ctx->error = X509_V_ERR_CERT_REVOKED; 1789 ok = ctx->verify_cb(0, ctx); 1790 if (!ok) 1791 return 0; 1792 } 1793 1794 return 1; 1795 } 1796 1797 int 1798 x509_vfy_check_policy(X509_STORE_CTX *ctx) 1799 { 1800 int ret; 1801 1802 if (ctx->parent) 1803 return 1; 1804 1805 /* X509_policy_check always allocates a new tree. */ 1806 X509_policy_tree_free(ctx->tree); 1807 ctx->tree = NULL; 1808 1809 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, 1810 ctx->param->policies, ctx->param->flags); 1811 if (ret == 0) { 1812 X509error(ERR_R_MALLOC_FAILURE); 1813 return 0; 1814 } 1815 /* Invalid or inconsistent extensions */ 1816 if (ret == -1) { 1817 /* Locate certificates with bad extensions and notify 1818 * callback. 1819 */ 1820 X509 *x; 1821 int i; 1822 for (i = 1; i < sk_X509_num(ctx->chain); i++) { 1823 x = sk_X509_value(ctx->chain, i); 1824 if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) 1825 continue; 1826 ctx->current_cert = x; 1827 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; 1828 if (!ctx->verify_cb(0, ctx)) 1829 return 0; 1830 } 1831 return 1; 1832 } 1833 if (ret == -2) { 1834 ctx->current_cert = NULL; 1835 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; 1836 return ctx->verify_cb(0, ctx); 1837 } 1838 1839 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { 1840 ctx->current_cert = NULL; 1841 ctx->error = X509_V_OK; 1842 if (!ctx->verify_cb(2, ctx)) 1843 return 0; 1844 } 1845 1846 return 1; 1847 } 1848 1849 static int 1850 check_policy(X509_STORE_CTX *ctx) 1851 { 1852 return x509_vfy_check_policy(ctx); 1853 } 1854 1855 /* 1856 * Inform the verify callback of an error. 1857 * 1858 * If x is not NULL it is the error cert, otherwise use the chain cert 1859 * at depth. 1860 * 1861 * If err is not X509_V_OK, that's the error value, otherwise leave 1862 * unchanged (presumably set by the caller). 1863 * 1864 * Returns 0 to abort verification with an error, non-zero to continue. 1865 */ 1866 static int 1867 verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) 1868 { 1869 ctx->error_depth = depth; 1870 ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); 1871 if (err != X509_V_OK) 1872 ctx->error = err; 1873 return ctx->verify_cb(0, ctx); 1874 } 1875 1876 /* 1877 * Check certificate validity times. 1878 * 1879 * If depth >= 0, invoke verification callbacks on error, otherwise just return 1880 * the validation status. 1881 * 1882 * Return 1 on success, 0 otherwise. 1883 */ 1884 int 1885 x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) 1886 { 1887 time_t *ptime; 1888 int i; 1889 1890 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) 1891 ptime = &ctx->param->check_time; 1892 else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) 1893 return 1; 1894 else 1895 ptime = NULL; 1896 1897 i = X509_cmp_time(X509_get_notBefore(x), ptime); 1898 if (i >= 0 && depth < 0) 1899 return 0; 1900 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1901 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) 1902 return 0; 1903 if (i > 0 && !verify_cb_cert(ctx, x, depth, 1904 X509_V_ERR_CERT_NOT_YET_VALID)) 1905 return 0; 1906 1907 i = X509_cmp_time_internal(X509_get_notAfter(x), ptime, 1); 1908 if (i <= 0 && depth < 0) 1909 return 0; 1910 if (i == 0 && !verify_cb_cert(ctx, x, depth, 1911 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) 1912 return 0; 1913 if (i < 0 && !verify_cb_cert(ctx, x, depth, 1914 X509_V_ERR_CERT_HAS_EXPIRED)) 1915 return 0; 1916 return 1; 1917 } 1918 1919 static int 1920 internal_verify(X509_STORE_CTX *ctx) 1921 { 1922 int n = sk_X509_num(ctx->chain) - 1; 1923 X509 *xi = sk_X509_value(ctx->chain, n); 1924 X509 *xs; 1925 1926 if (ctx->check_issued(ctx, xi, xi)) 1927 xs = xi; 1928 else { 1929 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { 1930 xs = xi; 1931 goto check_cert; 1932 } 1933 if (n <= 0) 1934 return verify_cb_cert(ctx, xi, 0, 1935 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); 1936 n--; 1937 ctx->error_depth = n; 1938 xs = sk_X509_value(ctx->chain, n); 1939 } 1940 1941 /* 1942 * Do not clear ctx->error=0, it must be "sticky", only the 1943 * user's callback is allowed to reset errors (at its own 1944 * peril). 1945 */ 1946 while (n >= 0) { 1947 1948 /* 1949 * Skip signature check for self signed certificates 1950 * unless explicitly asked for. It doesn't add any 1951 * security and just wastes time. If the issuer's 1952 * public key is unusable, report the issuer 1953 * certificate and its depth (rather than the depth of 1954 * the subject). 1955 */ 1956 if (xs != xi || 1957 (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { 1958 EVP_PKEY *pkey; 1959 if ((pkey = X509_get_pubkey(xi)) == NULL) { 1960 if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, 1961 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) 1962 return 0; 1963 } else if (X509_verify(xs, pkey) <= 0) { 1964 if (!verify_cb_cert(ctx, xs, n, 1965 X509_V_ERR_CERT_SIGNATURE_FAILURE)) { 1966 EVP_PKEY_free(pkey); 1967 return 0; 1968 } 1969 } 1970 EVP_PKEY_free(pkey); 1971 } 1972 check_cert: 1973 /* Calls verify callback as needed */ 1974 if (!x509_check_cert_time(ctx, xs, n)) 1975 return 0; 1976 1977 /* 1978 * Signal success at this depth. However, the 1979 * previous error (if any) is retained. 1980 */ 1981 ctx->current_issuer = xi; 1982 ctx->current_cert = xs; 1983 ctx->error_depth = n; 1984 if (!ctx->verify_cb(1, ctx)) 1985 return 0; 1986 1987 if (--n >= 0) { 1988 xi = xs; 1989 xs = sk_X509_value(ctx->chain, n); 1990 } 1991 } 1992 return 1; 1993 } 1994 1995 int 1996 X509_cmp_current_time(const ASN1_TIME *ctm) 1997 { 1998 return X509_cmp_time(ctm, NULL); 1999 } 2000 2001 /* 2002 * Compare a possibly unvalidated ASN1_TIME string against a time_t 2003 * using RFC 5280 rules for the time string. If *cmp_time is NULL 2004 * the current system time is used. 2005 * 2006 * XXX NOTE that unlike what you expect a "cmp" function to do in C, 2007 * XXX this one is "special", and returns 0 for error. 2008 * 2009 * Returns: 2010 * -1 if the ASN1_time is earlier than OR the same as *cmp_time. 2011 * 1 if the ASN1_time is later than *cmp_time. 2012 * 0 on error. 2013 */ 2014 static int 2015 X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter) 2016 { 2017 time_t compare; 2018 struct tm tm1, tm2; 2019 int ret = 0; 2020 2021 if (cmp_time == NULL) 2022 compare = time(NULL); 2023 else 2024 compare = *cmp_time; 2025 2026 memset(&tm1, 0, sizeof(tm1)); 2027 2028 if (!x509_verify_asn1_time_to_tm(ctm, &tm1, clamp_notafter)) 2029 goto out; /* invalid time */ 2030 2031 if (gmtime_r(&compare, &tm2) == NULL) 2032 goto out; 2033 2034 ret = ASN1_time_tm_cmp(&tm1, &tm2); 2035 if (ret == 0) 2036 ret = -1; /* 0 is used for error, so map same to less than */ 2037 out: 2038 return (ret); 2039 } 2040 2041 int 2042 X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) 2043 { 2044 return X509_cmp_time_internal(ctm, cmp_time, 0); 2045 } 2046 2047 2048 ASN1_TIME * 2049 X509_gmtime_adj(ASN1_TIME *s, long adj) 2050 { 2051 return X509_time_adj(s, adj, NULL); 2052 } 2053 2054 ASN1_TIME * 2055 X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time) 2056 { 2057 return X509_time_adj_ex(s, 0, offset_sec, in_time); 2058 } 2059 2060 ASN1_TIME * 2061 X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time) 2062 { 2063 time_t t; 2064 if (in_time == NULL) 2065 t = time(NULL); 2066 else 2067 t = *in_time; 2068 2069 return ASN1_TIME_adj(s, t, offset_day, offset_sec); 2070 } 2071 2072 int 2073 X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) 2074 { 2075 EVP_PKEY *ktmp = NULL, *ktmp2; 2076 int i, j; 2077 2078 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) 2079 return 1; 2080 2081 for (i = 0; i < sk_X509_num(chain); i++) { 2082 ktmp = X509_get_pubkey(sk_X509_value(chain, i)); 2083 if (ktmp == NULL) { 2084 X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); 2085 return 0; 2086 } 2087 if (!EVP_PKEY_missing_parameters(ktmp)) 2088 break; 2089 else { 2090 EVP_PKEY_free(ktmp); 2091 ktmp = NULL; 2092 } 2093 } 2094 if (ktmp == NULL) { 2095 X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); 2096 return 0; 2097 } 2098 2099 /* first, populate the other certs */ 2100 for (j = i - 1; j >= 0; j--) { 2101 ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); 2102 EVP_PKEY_copy_parameters(ktmp2, ktmp); 2103 EVP_PKEY_free(ktmp2); 2104 } 2105 2106 if (pkey != NULL) 2107 EVP_PKEY_copy_parameters(pkey, ktmp); 2108 EVP_PKEY_free(ktmp); 2109 return 1; 2110 } 2111 2112 int 2113 X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2114 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 2115 { 2116 /* This function is (usually) called only once, by 2117 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ 2118 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, 2119 argl, argp, new_func, dup_func, free_func); 2120 } 2121 2122 int 2123 X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) 2124 { 2125 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); 2126 } 2127 2128 void * 2129 X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) 2130 { 2131 return CRYPTO_get_ex_data(&ctx->ex_data, idx); 2132 } 2133 2134 int 2135 X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) 2136 { 2137 return ctx->error; 2138 } 2139 2140 void 2141 X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) 2142 { 2143 ctx->error = err; 2144 } 2145 2146 int 2147 X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) 2148 { 2149 return ctx->error_depth; 2150 } 2151 2152 X509 * 2153 X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) 2154 { 2155 return ctx->current_cert; 2156 } 2157 2158 STACK_OF(X509) * 2159 X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) 2160 { 2161 return ctx->chain; 2162 } 2163 2164 STACK_OF(X509) * 2165 X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs) 2166 { 2167 return xs->chain; 2168 } 2169 2170 STACK_OF(X509) * 2171 X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) 2172 { 2173 int i; 2174 X509 *x; 2175 STACK_OF(X509) *chain; 2176 2177 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) 2178 return NULL; 2179 for (i = 0; i < sk_X509_num(chain); i++) { 2180 x = sk_X509_value(chain, i); 2181 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); 2182 } 2183 return chain; 2184 } 2185 2186 X509 * 2187 X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) 2188 { 2189 return ctx->current_issuer; 2190 } 2191 2192 X509_CRL * 2193 X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) 2194 { 2195 return ctx->current_crl; 2196 } 2197 2198 X509_STORE_CTX * 2199 X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) 2200 { 2201 return ctx->parent; 2202 } 2203 2204 X509_STORE * 2205 X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) 2206 { 2207 return xs->ctx; 2208 } 2209 2210 void 2211 X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) 2212 { 2213 ctx->cert = x; 2214 } 2215 2216 void 2217 X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2218 { 2219 ctx->untrusted = sk; 2220 } 2221 2222 void 2223 X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) 2224 { 2225 ctx->crls = sk; 2226 } 2227 2228 int 2229 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) 2230 { 2231 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); 2232 } 2233 2234 int 2235 X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) 2236 { 2237 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); 2238 } 2239 2240 /* This function is used to set the X509_STORE_CTX purpose and trust 2241 * values. This is intended to be used when another structure has its 2242 * own trust and purpose values which (if set) will be inherited by 2243 * the ctx. If they aren't set then we will usually have a default 2244 * purpose in mind which should then be used to set the trust value. 2245 * An example of this is SSL use: an SSL structure will have its own 2246 * purpose and trust settings which the application can set: if they 2247 * aren't set then we use the default of SSL client/server. 2248 */ 2249 2250 int 2251 X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, 2252 int purpose, int trust) 2253 { 2254 int idx; 2255 2256 /* If purpose not set use default */ 2257 if (!purpose) 2258 purpose = def_purpose; 2259 /* If we have a purpose then check it is valid */ 2260 if (purpose) { 2261 X509_PURPOSE *ptmp; 2262 idx = X509_PURPOSE_get_by_id(purpose); 2263 if (idx == -1) { 2264 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2265 return 0; 2266 } 2267 ptmp = X509_PURPOSE_get0(idx); 2268 if (ptmp->trust == X509_TRUST_DEFAULT) { 2269 idx = X509_PURPOSE_get_by_id(def_purpose); 2270 if (idx == -1) { 2271 X509error(X509_R_UNKNOWN_PURPOSE_ID); 2272 return 0; 2273 } 2274 ptmp = X509_PURPOSE_get0(idx); 2275 } 2276 /* If trust not set then get from purpose default */ 2277 if (!trust) 2278 trust = ptmp->trust; 2279 } 2280 if (trust) { 2281 idx = X509_TRUST_get_by_id(trust); 2282 if (idx == -1) { 2283 X509error(X509_R_UNKNOWN_TRUST_ID); 2284 return 0; 2285 } 2286 } 2287 2288 if (purpose && !ctx->param->purpose) 2289 ctx->param->purpose = purpose; 2290 if (trust && !ctx->param->trust) 2291 ctx->param->trust = trust; 2292 return 1; 2293 } 2294 2295 X509_STORE_CTX * 2296 X509_STORE_CTX_new(void) 2297 { 2298 X509_STORE_CTX *ctx; 2299 2300 ctx = calloc(1, sizeof(X509_STORE_CTX)); 2301 if (!ctx) { 2302 X509error(ERR_R_MALLOC_FAILURE); 2303 return NULL; 2304 } 2305 return ctx; 2306 } 2307 2308 void 2309 X509_STORE_CTX_free(X509_STORE_CTX *ctx) 2310 { 2311 if (ctx == NULL) 2312 return; 2313 2314 X509_STORE_CTX_cleanup(ctx); 2315 free(ctx); 2316 } 2317 2318 int 2319 X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 2320 STACK_OF(X509) *chain) 2321 { 2322 int param_ret = 1; 2323 2324 /* 2325 * Make sure everything is initialized properly even in case of an 2326 * early return due to an error. 2327 * 2328 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have 2329 * freed everything and memset ex_data anyway. This also allows us 2330 * to safely use X509_STORE_CTX variables from the stack which will 2331 * have uninitialized data. 2332 */ 2333 memset(ctx, 0, sizeof(*ctx)); 2334 2335 /* 2336 * Start with this set to not valid - it will be set to valid 2337 * in X509_verify_cert. 2338 */ 2339 ctx->error = X509_V_ERR_INVALID_CALL; 2340 2341 /* 2342 * Set values other than 0. Keep this in the same order as 2343 * X509_STORE_CTX except for values that may fail. All fields that 2344 * may fail should go last to make sure 'ctx' is as consistent as 2345 * possible even on early exits. 2346 */ 2347 ctx->ctx = store; 2348 ctx->cert = x509; 2349 ctx->untrusted = chain; 2350 2351 if (store && store->verify) 2352 ctx->verify = store->verify; 2353 else 2354 ctx->verify = internal_verify; 2355 2356 if (store && store->verify_cb) 2357 ctx->verify_cb = store->verify_cb; 2358 else 2359 ctx->verify_cb = null_callback; 2360 2361 if (store && store->get_issuer) 2362 ctx->get_issuer = store->get_issuer; 2363 else 2364 ctx->get_issuer = X509_STORE_CTX_get1_issuer; 2365 2366 if (store && store->check_issued) 2367 ctx->check_issued = store->check_issued; 2368 else 2369 ctx->check_issued = check_issued; 2370 2371 if (store && store->check_revocation) 2372 ctx->check_revocation = store->check_revocation; 2373 else 2374 ctx->check_revocation = check_revocation; 2375 2376 if (store && store->get_crl) 2377 ctx->get_crl = store->get_crl; 2378 else 2379 ctx->get_crl = NULL; 2380 2381 if (store && store->check_crl) 2382 ctx->check_crl = store->check_crl; 2383 else 2384 ctx->check_crl = check_crl; 2385 2386 if (store && store->cert_crl) 2387 ctx->cert_crl = store->cert_crl; 2388 else 2389 ctx->cert_crl = cert_crl; 2390 2391 ctx->check_policy = check_policy; 2392 2393 if (store && store->lookup_certs) 2394 ctx->lookup_certs = store->lookup_certs; 2395 else 2396 ctx->lookup_certs = X509_STORE_get1_certs; 2397 2398 if (store && store->lookup_crls) 2399 ctx->lookup_crls = store->lookup_crls; 2400 else 2401 ctx->lookup_crls = X509_STORE_get1_crls; 2402 2403 if (store && store->cleanup) 2404 ctx->cleanup = store->cleanup; 2405 else 2406 ctx->cleanup = NULL; 2407 2408 ctx->param = X509_VERIFY_PARAM_new(); 2409 if (!ctx->param) { 2410 X509error(ERR_R_MALLOC_FAILURE); 2411 return 0; 2412 } 2413 2414 /* Inherit callbacks and flags from X509_STORE if not set 2415 * use defaults. 2416 */ 2417 if (store) 2418 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); 2419 else 2420 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; 2421 2422 if (param_ret) 2423 param_ret = X509_VERIFY_PARAM_inherit(ctx->param, 2424 X509_VERIFY_PARAM_lookup("default")); 2425 2426 if (param_ret == 0) { 2427 X509error(ERR_R_MALLOC_FAILURE); 2428 return 0; 2429 } 2430 2431 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, 2432 &(ctx->ex_data)) == 0) { 2433 X509error(ERR_R_MALLOC_FAILURE); 2434 return 0; 2435 } 2436 return 1; 2437 } 2438 2439 /* Set alternative lookup method: just a STACK of trusted certificates. 2440 * This avoids X509_STORE nastiness where it isn't needed. 2441 */ 2442 2443 void 2444 X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2445 { 2446 ctx->other_ctx = sk; 2447 ctx->get_issuer = get_issuer_sk; 2448 } 2449 2450 void 2451 X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2452 { 2453 X509_STORE_CTX_trusted_stack(ctx, sk); 2454 } 2455 2456 void 2457 X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) 2458 { 2459 if (ctx->cleanup) 2460 ctx->cleanup(ctx); 2461 if (ctx->param != NULL) { 2462 if (ctx->parent == NULL) 2463 X509_VERIFY_PARAM_free(ctx->param); 2464 ctx->param = NULL; 2465 } 2466 if (ctx->tree != NULL) { 2467 X509_policy_tree_free(ctx->tree); 2468 ctx->tree = NULL; 2469 } 2470 if (ctx->chain != NULL) { 2471 sk_X509_pop_free(ctx->chain, X509_free); 2472 ctx->chain = NULL; 2473 } 2474 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, 2475 ctx, &(ctx->ex_data)); 2476 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); 2477 } 2478 2479 void 2480 X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) 2481 { 2482 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 2483 } 2484 2485 void 2486 X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) 2487 { 2488 X509_VERIFY_PARAM_set_flags(ctx->param, flags); 2489 } 2490 2491 void 2492 X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) 2493 { 2494 X509_VERIFY_PARAM_set_time(ctx->param, t); 2495 } 2496 2497 void 2498 X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, 2499 int (*verify_cb)(int, X509_STORE_CTX *)) 2500 { 2501 ctx->verify_cb = verify_cb; 2502 } 2503 2504 X509 * 2505 X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) 2506 { 2507 return ctx->cert; 2508 } 2509 2510 STACK_OF(X509) * 2511 X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) 2512 { 2513 return ctx->untrusted; 2514 } 2515 2516 void 2517 X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) 2518 { 2519 ctx->untrusted = sk; 2520 } 2521 2522 X509_POLICY_TREE * 2523 X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) 2524 { 2525 return ctx->tree; 2526 } 2527 2528 int 2529 X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) 2530 { 2531 return ctx->explicit_policy; 2532 } 2533 2534 int 2535 X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) 2536 { 2537 const X509_VERIFY_PARAM *param; 2538 param = X509_VERIFY_PARAM_lookup(name); 2539 if (!param) 2540 return 0; 2541 return X509_VERIFY_PARAM_inherit(ctx->param, param); 2542 } 2543 2544 X509_VERIFY_PARAM * 2545 X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) 2546 { 2547 return ctx->param; 2548 } 2549 2550 void 2551 X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) 2552 { 2553 if (ctx->param) 2554 X509_VERIFY_PARAM_free(ctx->param); 2555 ctx->param = param; 2556 } 2557