1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <ctype.h>
58 #include <string.h>
59 #include <time.h>
60
61 #include <openssl/asn1.h>
62 #include <openssl/err.h>
63 #include <openssl/evp.h>
64 #include <openssl/mem.h>
65 #include <openssl/obj.h>
66 #include <openssl/thread.h>
67 #include <openssl/x509.h>
68 #include <openssl/x509v3.h>
69
70 #include "../internal.h"
71 #include "../x509v3/internal.h"
72 #include "internal.h"
73
74 static CRYPTO_EX_DATA_CLASS g_ex_data_class =
75 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
76
77 // CRL score values
78
79 // No unhandled critical extensions
80
81 #define CRL_SCORE_NOCRITICAL 0x100
82
83 // certificate is within CRL scope
84
85 #define CRL_SCORE_SCOPE 0x080
86
87 // CRL times valid
88
89 #define CRL_SCORE_TIME 0x040
90
91 // Issuer name matches certificate
92
93 #define CRL_SCORE_ISSUER_NAME 0x020
94
95 // If this score or above CRL is probably valid
96
97 #define CRL_SCORE_VALID \
98 (CRL_SCORE_NOCRITICAL | CRL_SCORE_TIME | CRL_SCORE_SCOPE)
99
100 // CRL issuer is certificate issuer
101
102 #define CRL_SCORE_ISSUER_CERT 0x018
103
104 // CRL issuer is on certificate path
105
106 #define CRL_SCORE_SAME_PATH 0x008
107
108 // CRL issuer matches CRL AKID
109
110 #define CRL_SCORE_AKID 0x004
111
112 // Have a delta CRL with valid times
113
114 #define CRL_SCORE_TIME_DELTA 0x002
115
116 static int null_callback(int ok, X509_STORE_CTX *e);
117 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
118 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
119 static int check_chain_extensions(X509_STORE_CTX *ctx);
120 static int check_name_constraints(X509_STORE_CTX *ctx);
121 static int check_id(X509_STORE_CTX *ctx);
122 static int check_trust(X509_STORE_CTX *ctx);
123 static int check_revocation(X509_STORE_CTX *ctx);
124 static int check_cert(X509_STORE_CTX *ctx);
125 static int check_policy(X509_STORE_CTX *ctx);
126
127 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
128 unsigned int *preasons, X509_CRL *crl, X509 *x);
129 static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
130 X509 *x);
131 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
132 X509_CRL *base, STACK_OF(X509_CRL) *crls);
133 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
134 int *pcrl_score);
135 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
136 unsigned int *preasons);
137 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
138 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
139 STACK_OF(X509) *crl_path);
140
141 static int internal_verify(X509_STORE_CTX *ctx);
142
null_callback(int ok,X509_STORE_CTX * e)143 static int null_callback(int ok, X509_STORE_CTX *e) { return ok; }
144
145 // cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
146 // one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
147 // returns zero.
cert_self_signed(X509 * x,int * out_is_self_signed)148 static int cert_self_signed(X509 *x, int *out_is_self_signed) {
149 if (!x509v3_cache_extensions(x)) {
150 return 0;
151 }
152 *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
153 return 1;
154 }
155
156 // Given a certificate try and find an exact match in the store
157
lookup_cert_match(X509_STORE_CTX * ctx,X509 * x)158 static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) {
159 STACK_OF(X509) *certs;
160 X509 *xtmp = NULL;
161 size_t i;
162 // Lookup all certs with matching subject name
163 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
164 if (certs == NULL) {
165 return NULL;
166 }
167 // Look for exact match
168 for (i = 0; i < sk_X509_num(certs); i++) {
169 xtmp = sk_X509_value(certs, i);
170 if (!X509_cmp(xtmp, x)) {
171 break;
172 }
173 }
174 if (i < sk_X509_num(certs)) {
175 X509_up_ref(xtmp);
176 } else {
177 xtmp = NULL;
178 }
179 sk_X509_pop_free(certs, X509_free);
180 return xtmp;
181 }
182
X509_verify_cert(X509_STORE_CTX * ctx)183 int X509_verify_cert(X509_STORE_CTX *ctx) {
184 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
185 int bad_chain = 0;
186 X509_VERIFY_PARAM *param = ctx->param;
187 int depth, i, ok = 0;
188 int num, j, retry, trust;
189 STACK_OF(X509) *sktmp = NULL;
190
191 if (ctx->cert == NULL) {
192 OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
193 ctx->error = X509_V_ERR_INVALID_CALL;
194 return -1;
195 }
196 if (ctx->chain != NULL) {
197 // This X509_STORE_CTX has already been used to verify a cert. We
198 // cannot do another one.
199 OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
200 ctx->error = X509_V_ERR_INVALID_CALL;
201 return -1;
202 }
203
204 // first we make sure the chain we are going to build is present and that
205 // the first entry is in place
206 ctx->chain = sk_X509_new_null();
207 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
208 ctx->error = X509_V_ERR_OUT_OF_MEM;
209 goto end;
210 }
211 X509_up_ref(ctx->cert);
212 ctx->last_untrusted = 1;
213
214 // We use a temporary STACK so we can chop and hack at it.
215 if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
216 ctx->error = X509_V_ERR_OUT_OF_MEM;
217 goto end;
218 }
219
220 num = sk_X509_num(ctx->chain);
221 x = sk_X509_value(ctx->chain, num - 1);
222 depth = param->depth;
223
224 for (;;) {
225 // If we have enough, we break
226 if (depth < num) {
227 break; // FIXME: If this happens, we should take
228 // note of it and, if appropriate, use the
229 // X509_V_ERR_CERT_CHAIN_TOO_LONG error code
230 // later.
231 }
232
233 int is_self_signed;
234 if (!cert_self_signed(x, &is_self_signed)) {
235 ctx->error = X509_V_ERR_INVALID_EXTENSION;
236 goto end;
237 }
238
239 // If we are self signed, we break
240 if (is_self_signed) {
241 break;
242 }
243 // If asked see if we can find issuer in trusted store first
244 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
245 ok = ctx->get_issuer(&xtmp, ctx, x);
246 if (ok < 0) {
247 ctx->error = X509_V_ERR_STORE_LOOKUP;
248 goto end;
249 }
250 // If successful for now free up cert so it will be picked up
251 // again later.
252 if (ok > 0) {
253 X509_free(xtmp);
254 break;
255 }
256 }
257
258 // If we were passed a cert chain, use it first
259 if (sktmp != NULL) {
260 xtmp = find_issuer(ctx, sktmp, x);
261 if (xtmp != NULL) {
262 if (!sk_X509_push(ctx->chain, xtmp)) {
263 ctx->error = X509_V_ERR_OUT_OF_MEM;
264 ok = 0;
265 goto end;
266 }
267 X509_up_ref(xtmp);
268 (void)sk_X509_delete_ptr(sktmp, xtmp);
269 ctx->last_untrusted++;
270 x = xtmp;
271 num++;
272 // reparse the full chain for the next one
273 continue;
274 }
275 }
276 break;
277 }
278
279 // Remember how many untrusted certs we have
280 j = num;
281 // at this point, chain should contain a list of untrusted certificates.
282 // We now need to add at least one trusted one, if possible, otherwise we
283 // complain.
284
285 do {
286 // Examine last certificate in chain and see if it is self signed.
287 i = sk_X509_num(ctx->chain);
288 x = sk_X509_value(ctx->chain, i - 1);
289
290 int is_self_signed;
291 if (!cert_self_signed(x, &is_self_signed)) {
292 ctx->error = X509_V_ERR_INVALID_EXTENSION;
293 goto end;
294 }
295
296 if (is_self_signed) {
297 // we have a self signed certificate
298 if (sk_X509_num(ctx->chain) == 1) {
299 // We have a single self signed certificate: see if we can
300 // find it in the store. We must have an exact match to avoid
301 // possible impersonation.
302 ok = ctx->get_issuer(&xtmp, ctx, x);
303 if ((ok <= 0) || X509_cmp(x, xtmp)) {
304 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
305 ctx->current_cert = x;
306 ctx->error_depth = i - 1;
307 if (ok == 1) {
308 X509_free(xtmp);
309 }
310 bad_chain = 1;
311 ok = ctx->verify_cb(0, ctx);
312 if (!ok) {
313 goto end;
314 }
315 } else {
316 // We have a match: replace certificate with store
317 // version so we get any trust settings.
318 X509_free(x);
319 x = xtmp;
320 (void)sk_X509_set(ctx->chain, i - 1, x);
321 ctx->last_untrusted = 0;
322 }
323 } else {
324 // extract and save self signed certificate for later use
325 chain_ss = sk_X509_pop(ctx->chain);
326 ctx->last_untrusted--;
327 num--;
328 j--;
329 x = sk_X509_value(ctx->chain, num - 1);
330 }
331 }
332 // We now lookup certs from the certificate store
333 for (;;) {
334 // If we have enough, we break
335 if (depth < num) {
336 break;
337 }
338 if (!cert_self_signed(x, &is_self_signed)) {
339 ctx->error = X509_V_ERR_INVALID_EXTENSION;
340 goto end;
341 }
342 // If we are self signed, we break
343 if (is_self_signed) {
344 break;
345 }
346 ok = ctx->get_issuer(&xtmp, ctx, x);
347
348 if (ok < 0) {
349 ctx->error = X509_V_ERR_STORE_LOOKUP;
350 goto end;
351 }
352 if (ok == 0) {
353 break;
354 }
355 x = xtmp;
356 if (!sk_X509_push(ctx->chain, x)) {
357 X509_free(xtmp);
358 ctx->error = X509_V_ERR_OUT_OF_MEM;
359 ok = 0;
360 goto end;
361 }
362 num++;
363 }
364
365 // we now have our chain, lets check it...
366 trust = check_trust(ctx);
367
368 // If explicitly rejected error
369 if (trust == X509_TRUST_REJECTED) {
370 ok = 0;
371 goto end;
372 }
373 // If it's not explicitly trusted then check if there is an alternative
374 // chain that could be used. We only do this if we haven't already
375 // checked via TRUSTED_FIRST and the user hasn't switched off alternate
376 // chain checking
377 retry = 0;
378 if (trust != X509_TRUST_TRUSTED &&
379 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
380 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
381 while (j-- > 1) {
382 xtmp2 = sk_X509_value(ctx->chain, j - 1);
383 ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
384 if (ok < 0) {
385 goto end;
386 }
387 // Check if we found an alternate chain
388 if (ok > 0) {
389 // Free up the found cert we'll add it again later
390 X509_free(xtmp);
391
392 // Dump all the certs above this point - we've found an
393 // alternate chain
394 while (num > j) {
395 xtmp = sk_X509_pop(ctx->chain);
396 X509_free(xtmp);
397 num--;
398 }
399 ctx->last_untrusted = sk_X509_num(ctx->chain);
400 retry = 1;
401 break;
402 }
403 }
404 }
405 } while (retry);
406
407 // If not explicitly trusted then indicate error unless it's a single
408 // self signed certificate in which case we've indicated an error already
409 // and set bad_chain == 1
410 if (trust != X509_TRUST_TRUSTED && !bad_chain) {
411 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
412 if (ctx->last_untrusted >= num) {
413 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
414 } else {
415 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
416 }
417 ctx->current_cert = x;
418 } else {
419 sk_X509_push(ctx->chain, chain_ss);
420 num++;
421 ctx->last_untrusted = num;
422 ctx->current_cert = chain_ss;
423 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
424 chain_ss = NULL;
425 }
426
427 ctx->error_depth = num - 1;
428 bad_chain = 1;
429 ok = ctx->verify_cb(0, ctx);
430 if (!ok) {
431 goto end;
432 }
433 }
434
435 // We have the chain complete: now we need to check its purpose
436 ok = check_chain_extensions(ctx);
437
438 if (!ok) {
439 goto end;
440 }
441
442 ok = check_id(ctx);
443
444 if (!ok) {
445 goto end;
446 }
447
448 // Check revocation status: we do this after copying parameters because
449 // they may be needed for CRL signature verification.
450 ok = ctx->check_revocation(ctx);
451 if (!ok) {
452 goto end;
453 }
454
455 // At this point, we have a chain and need to verify it
456 if (ctx->verify != NULL) {
457 ok = ctx->verify(ctx);
458 } else {
459 ok = internal_verify(ctx);
460 }
461 if (!ok) {
462 goto end;
463 }
464
465 // Check name constraints
466 ok = check_name_constraints(ctx);
467 if (!ok) {
468 goto end;
469 }
470
471 // If we get this far, evaluate policies.
472 if (!bad_chain) {
473 ok = ctx->check_policy(ctx);
474 }
475
476 end:
477 if (sktmp != NULL) {
478 sk_X509_free(sktmp);
479 }
480 if (chain_ss != NULL) {
481 X509_free(chain_ss);
482 }
483
484 // Safety net, error returns must set ctx->error
485 if (ok <= 0 && ctx->error == X509_V_OK) {
486 ctx->error = X509_V_ERR_UNSPECIFIED;
487 }
488 return ok;
489 }
490
491 // Given a STACK_OF(X509) find the issuer of cert (if any)
492
find_issuer(X509_STORE_CTX * ctx,STACK_OF (X509)* sk,X509 * x)493 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) {
494 size_t i;
495 X509 *issuer;
496 for (i = 0; i < sk_X509_num(sk); i++) {
497 issuer = sk_X509_value(sk, i);
498 if (ctx->check_issued(ctx, x, issuer)) {
499 return issuer;
500 }
501 }
502 return NULL;
503 }
504
505 // Given a possible certificate and issuer check them
506
check_issued(X509_STORE_CTX * ctx,X509 * x,X509 * issuer)507 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) {
508 int ret;
509 ret = X509_check_issued(issuer, x);
510 if (ret == X509_V_OK) {
511 return 1;
512 }
513 // If we haven't asked for issuer errors don't set ctx
514 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) {
515 return 0;
516 }
517
518 ctx->error = ret;
519 ctx->current_cert = x;
520 ctx->current_issuer = issuer;
521 return ctx->verify_cb(0, ctx);
522 }
523
524 // Alternative lookup method: look from a STACK stored in other_ctx
525
get_issuer_sk(X509 ** issuer,X509_STORE_CTX * ctx,X509 * x)526 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) {
527 *issuer = find_issuer(ctx, ctx->other_ctx, x);
528 if (*issuer) {
529 X509_up_ref(*issuer);
530 return 1;
531 } else {
532 return 0;
533 }
534 }
535
536 // Check a certificate chains extensions for consistency with the supplied
537 // purpose
538
check_chain_extensions(X509_STORE_CTX * ctx)539 static int check_chain_extensions(X509_STORE_CTX *ctx) {
540 int ok = 0, plen = 0;
541
542 // If |ctx->parent| is set, this is CRL path validation.
543 int purpose =
544 ctx->parent == NULL ? ctx->param->purpose : X509_PURPOSE_CRL_SIGN;
545
546 // Check all untrusted certificates
547 for (int i = 0; i < ctx->last_untrusted; i++) {
548 X509 *x = sk_X509_value(ctx->chain, i);
549 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
550 (x->ex_flags & EXFLAG_CRITICAL)) {
551 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
552 ctx->error_depth = i;
553 ctx->current_cert = x;
554 ok = ctx->verify_cb(0, ctx);
555 if (!ok) {
556 goto end;
557 }
558 }
559
560 int must_be_ca = i > 0;
561 if (must_be_ca && !X509_check_ca(x)) {
562 ctx->error = X509_V_ERR_INVALID_CA;
563 ctx->error_depth = i;
564 ctx->current_cert = x;
565 ok = ctx->verify_cb(0, ctx);
566 if (!ok) {
567 goto end;
568 }
569 }
570 if (ctx->param->purpose > 0 &&
571 X509_check_purpose(x, purpose, must_be_ca) != 1) {
572 ctx->error = X509_V_ERR_INVALID_PURPOSE;
573 ctx->error_depth = i;
574 ctx->current_cert = x;
575 ok = ctx->verify_cb(0, ctx);
576 if (!ok) {
577 goto end;
578 }
579 }
580 // Check pathlen if not self issued
581 if (i > 1 && !(x->ex_flags & EXFLAG_SI) && x->ex_pathlen != -1 &&
582 plen > x->ex_pathlen + 1) {
583 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
584 ctx->error_depth = i;
585 ctx->current_cert = x;
586 ok = ctx->verify_cb(0, ctx);
587 if (!ok) {
588 goto end;
589 }
590 }
591 // Increment path length if not self issued
592 if (!(x->ex_flags & EXFLAG_SI)) {
593 plen++;
594 }
595 }
596 ok = 1;
597 end:
598 return ok;
599 }
600
reject_dns_name_in_common_name(X509 * x509)601 static int reject_dns_name_in_common_name(X509 *x509) {
602 const X509_NAME *name = X509_get_subject_name(x509);
603 int i = -1;
604 for (;;) {
605 i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
606 if (i == -1) {
607 return X509_V_OK;
608 }
609
610 const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
611 const ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
612 unsigned char *idval;
613 int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
614 if (idlen < 0) {
615 return X509_V_ERR_OUT_OF_MEM;
616 }
617 // Only process attributes that look like host names. Note it is
618 // important that this check be mirrored in |X509_check_host|.
619 int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
620 OPENSSL_free(idval);
621 if (looks_like_dns) {
622 return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
623 }
624 }
625 }
626
check_name_constraints(X509_STORE_CTX * ctx)627 static int check_name_constraints(X509_STORE_CTX *ctx) {
628 int i, j, rv;
629 int has_name_constraints = 0;
630 // Check name constraints for all certificates
631 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
632 X509 *x = sk_X509_value(ctx->chain, i);
633 // Ignore self issued certs unless last in chain
634 if (i && (x->ex_flags & EXFLAG_SI)) {
635 continue;
636 }
637 // Check against constraints for all certificates higher in chain
638 // including trust anchor. Trust anchor not strictly speaking needed
639 // but if it includes constraints it is to be assumed it expects them
640 // to be obeyed.
641 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
642 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
643 if (nc) {
644 has_name_constraints = 1;
645 rv = NAME_CONSTRAINTS_check(x, nc);
646 switch (rv) {
647 case X509_V_OK:
648 continue;
649 case X509_V_ERR_OUT_OF_MEM:
650 ctx->error = rv;
651 return 0;
652 default:
653 ctx->error = rv;
654 ctx->error_depth = i;
655 ctx->current_cert = x;
656 if (!ctx->verify_cb(0, ctx)) {
657 return 0;
658 }
659 break;
660 }
661 }
662 }
663 }
664
665 // Name constraints do not match against the common name, but
666 // |X509_check_host| still implements the legacy behavior where, on
667 // certificates lacking a SAN list, DNS-like names in the common name are
668 // checked instead.
669 //
670 // While we could apply the name constraints to the common name, name
671 // constraints are rare enough that can hold such certificates to a higher
672 // standard. Note this does not make "DNS-like" heuristic failures any
673 // worse. A decorative common-name misidentified as a DNS name would fail
674 // the name constraint anyway.
675 X509 *leaf = sk_X509_value(ctx->chain, 0);
676 if (has_name_constraints && leaf->altname == NULL) {
677 rv = reject_dns_name_in_common_name(leaf);
678 switch (rv) {
679 case X509_V_OK:
680 break;
681 case X509_V_ERR_OUT_OF_MEM:
682 ctx->error = rv;
683 return 0;
684 default:
685 ctx->error = rv;
686 ctx->error_depth = i;
687 ctx->current_cert = leaf;
688 if (!ctx->verify_cb(0, ctx)) {
689 return 0;
690 }
691 break;
692 }
693 }
694
695 return 1;
696 }
697
check_id_error(X509_STORE_CTX * ctx,int errcode)698 static int check_id_error(X509_STORE_CTX *ctx, int errcode) {
699 ctx->error = errcode;
700 ctx->current_cert = ctx->cert;
701 ctx->error_depth = 0;
702 return ctx->verify_cb(0, ctx);
703 }
704
check_hosts(X509 * x,X509_VERIFY_PARAM * param)705 static int check_hosts(X509 *x, X509_VERIFY_PARAM *param) {
706 size_t i;
707 size_t n = sk_OPENSSL_STRING_num(param->hosts);
708 char *name;
709
710 if (param->peername != NULL) {
711 OPENSSL_free(param->peername);
712 param->peername = NULL;
713 }
714 for (i = 0; i < n; ++i) {
715 name = sk_OPENSSL_STRING_value(param->hosts, i);
716 if (X509_check_host(x, name, strlen(name), param->hostflags,
717 ¶m->peername) > 0) {
718 return 1;
719 }
720 }
721 return n == 0;
722 }
723
check_id(X509_STORE_CTX * ctx)724 static int check_id(X509_STORE_CTX *ctx) {
725 X509_VERIFY_PARAM *vpm = ctx->param;
726 X509 *x = ctx->cert;
727 if (vpm->poison) {
728 if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL)) {
729 return 0;
730 }
731 }
732 if (vpm->hosts && check_hosts(x, vpm) <= 0) {
733 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) {
734 return 0;
735 }
736 }
737 if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
738 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) {
739 return 0;
740 }
741 }
742 if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
743 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) {
744 return 0;
745 }
746 }
747 return 1;
748 }
749
check_trust(X509_STORE_CTX * ctx)750 static int check_trust(X509_STORE_CTX *ctx) {
751 size_t i;
752 int ok;
753 X509 *x = NULL;
754 // Check all trusted certificates in chain
755 for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
756 x = sk_X509_value(ctx->chain, i);
757 ok = X509_check_trust(x, ctx->param->trust, 0);
758 // If explicitly trusted return trusted
759 if (ok == X509_TRUST_TRUSTED) {
760 return X509_TRUST_TRUSTED;
761 }
762 // If explicitly rejected notify callback and reject if not
763 // overridden.
764 if (ok == X509_TRUST_REJECTED) {
765 ctx->error_depth = i;
766 ctx->current_cert = x;
767 ctx->error = X509_V_ERR_CERT_REJECTED;
768 ok = ctx->verify_cb(0, ctx);
769 if (!ok) {
770 return X509_TRUST_REJECTED;
771 }
772 }
773 }
774 // If we accept partial chains and have at least one trusted certificate
775 // return success.
776 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
777 X509 *mx;
778 if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) {
779 return X509_TRUST_TRUSTED;
780 }
781 x = sk_X509_value(ctx->chain, 0);
782 mx = lookup_cert_match(ctx, x);
783 if (mx) {
784 (void)sk_X509_set(ctx->chain, 0, mx);
785 X509_free(x);
786 ctx->last_untrusted = 0;
787 return X509_TRUST_TRUSTED;
788 }
789 }
790
791 // If no trusted certs in chain at all return untrusted and allow
792 // standard (no issuer cert) etc errors to be indicated.
793 return X509_TRUST_UNTRUSTED;
794 }
795
check_revocation(X509_STORE_CTX * ctx)796 static int check_revocation(X509_STORE_CTX *ctx) {
797 int i, last, ok;
798 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) {
799 return 1;
800 }
801 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) {
802 last = sk_X509_num(ctx->chain) - 1;
803 } else {
804 // If checking CRL paths this isn't the EE certificate
805 if (ctx->parent) {
806 return 1;
807 }
808 last = 0;
809 }
810 for (i = 0; i <= last; i++) {
811 ctx->error_depth = i;
812 ok = check_cert(ctx);
813 if (!ok) {
814 return ok;
815 }
816 }
817 return 1;
818 }
819
check_cert(X509_STORE_CTX * ctx)820 static int check_cert(X509_STORE_CTX *ctx) {
821 X509_CRL *crl = NULL, *dcrl = NULL;
822 X509 *x;
823 int ok = 0, cnum;
824 unsigned int last_reasons;
825 cnum = ctx->error_depth;
826 x = sk_X509_value(ctx->chain, cnum);
827 ctx->current_cert = x;
828 ctx->current_issuer = NULL;
829 ctx->current_crl_score = 0;
830 ctx->current_reasons = 0;
831 while (ctx->current_reasons != CRLDP_ALL_REASONS) {
832 last_reasons = ctx->current_reasons;
833 // Try to retrieve relevant CRL
834 if (ctx->get_crl) {
835 ok = ctx->get_crl(ctx, &crl, x);
836 } else {
837 ok = get_crl_delta(ctx, &crl, &dcrl, x);
838 }
839 // If error looking up CRL, nothing we can do except notify callback
840 if (!ok) {
841 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
842 ok = ctx->verify_cb(0, ctx);
843 goto err;
844 }
845 ctx->current_crl = crl;
846 ok = ctx->check_crl(ctx, crl);
847 if (!ok) {
848 goto err;
849 }
850
851 if (dcrl) {
852 ok = ctx->check_crl(ctx, dcrl);
853 if (!ok) {
854 goto err;
855 }
856 ok = ctx->cert_crl(ctx, dcrl, x);
857 if (!ok) {
858 goto err;
859 }
860 } else {
861 ok = 1;
862 }
863
864 // Don't look in full CRL if delta reason is removefromCRL
865 if (ok != 2) {
866 ok = ctx->cert_crl(ctx, crl, x);
867 if (!ok) {
868 goto err;
869 }
870 }
871
872 X509_CRL_free(crl);
873 X509_CRL_free(dcrl);
874 crl = NULL;
875 dcrl = NULL;
876 // If reasons not updated we wont get anywhere by another iteration,
877 // so exit loop.
878 if (last_reasons == ctx->current_reasons) {
879 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
880 ok = ctx->verify_cb(0, ctx);
881 goto err;
882 }
883 }
884 err:
885 X509_CRL_free(crl);
886 X509_CRL_free(dcrl);
887
888 ctx->current_crl = NULL;
889 return ok;
890 }
891
892 // Check CRL times against values in X509_STORE_CTX
893
check_crl_time(X509_STORE_CTX * ctx,X509_CRL * crl,int notify)894 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) {
895 if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
896 return 1;
897 }
898
899 if (notify) {
900 ctx->current_crl = crl;
901 }
902 int64_t ptime;
903 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
904 ptime = ctx->param->check_time;
905 } else {
906 ptime = time(NULL);
907 }
908
909 int i = X509_cmp_time_posix(X509_CRL_get0_lastUpdate(crl), ptime);
910 if (i == 0) {
911 if (!notify) {
912 return 0;
913 }
914 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
915 if (!ctx->verify_cb(0, ctx)) {
916 return 0;
917 }
918 }
919
920 if (i > 0) {
921 if (!notify) {
922 return 0;
923 }
924 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
925 if (!ctx->verify_cb(0, ctx)) {
926 return 0;
927 }
928 }
929
930 if (X509_CRL_get0_nextUpdate(crl)) {
931 i = X509_cmp_time_posix(X509_CRL_get0_nextUpdate(crl), ptime);
932
933 if (i == 0) {
934 if (!notify) {
935 return 0;
936 }
937 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
938 if (!ctx->verify_cb(0, ctx)) {
939 return 0;
940 }
941 }
942 // Ignore expiry of base CRL is delta is valid
943 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
944 if (!notify) {
945 return 0;
946 }
947 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
948 if (!ctx->verify_cb(0, ctx)) {
949 return 0;
950 }
951 }
952 }
953
954 if (notify) {
955 ctx->current_crl = NULL;
956 }
957
958 return 1;
959 }
960
get_crl_sk(X509_STORE_CTX * ctx,X509_CRL ** pcrl,X509_CRL ** pdcrl,X509 ** pissuer,int * pscore,unsigned int * preasons,STACK_OF (X509_CRL)* crls)961 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
962 X509 **pissuer, int *pscore, unsigned int *preasons,
963 STACK_OF(X509_CRL) *crls) {
964 int crl_score, best_score = *pscore;
965 size_t i;
966 unsigned int reasons, best_reasons = 0;
967 X509 *x = ctx->current_cert;
968 X509_CRL *crl, *best_crl = NULL;
969 X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
970
971 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
972 crl = sk_X509_CRL_value(crls, i);
973 reasons = *preasons;
974 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
975 if (crl_score < best_score || crl_score == 0) {
976 continue;
977 }
978 // If current CRL is equivalent use it if it is newer
979 if (crl_score == best_score && best_crl != NULL) {
980 int day, sec;
981 if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
982 X509_CRL_get0_lastUpdate(crl)) == 0) {
983 continue;
984 }
985 // ASN1_TIME_diff never returns inconsistent signs for |day|
986 // and |sec|.
987 if (day <= 0 && sec <= 0) {
988 continue;
989 }
990 }
991 best_crl = crl;
992 best_crl_issuer = crl_issuer;
993 best_score = crl_score;
994 best_reasons = reasons;
995 }
996
997 if (best_crl) {
998 if (*pcrl) {
999 X509_CRL_free(*pcrl);
1000 }
1001 *pcrl = best_crl;
1002 *pissuer = best_crl_issuer;
1003 *pscore = best_score;
1004 *preasons = best_reasons;
1005 X509_CRL_up_ref(best_crl);
1006 if (*pdcrl) {
1007 X509_CRL_free(*pdcrl);
1008 *pdcrl = NULL;
1009 }
1010 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1011 }
1012
1013 if (best_score >= CRL_SCORE_VALID) {
1014 return 1;
1015 }
1016
1017 return 0;
1018 }
1019
1020 // Compare two CRL extensions for delta checking purposes. They should be
1021 // both present or both absent. If both present all fields must be identical.
1022
crl_extension_match(X509_CRL * a,X509_CRL * b,int nid)1023 static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) {
1024 const ASN1_OCTET_STRING *exta, *extb;
1025 int i;
1026 i = X509_CRL_get_ext_by_NID(a, nid, -1);
1027 if (i >= 0) {
1028 // Can't have multiple occurrences
1029 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) {
1030 return 0;
1031 }
1032 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1033 } else {
1034 exta = NULL;
1035 }
1036
1037 i = X509_CRL_get_ext_by_NID(b, nid, -1);
1038
1039 if (i >= 0) {
1040 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) {
1041 return 0;
1042 }
1043 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1044 } else {
1045 extb = NULL;
1046 }
1047
1048 if (!exta && !extb) {
1049 return 1;
1050 }
1051
1052 if (!exta || !extb) {
1053 return 0;
1054 }
1055
1056 if (ASN1_OCTET_STRING_cmp(exta, extb)) {
1057 return 0;
1058 }
1059
1060 return 1;
1061 }
1062
1063 // See if a base and delta are compatible
1064
check_delta_base(X509_CRL * delta,X509_CRL * base)1065 static int check_delta_base(X509_CRL *delta, X509_CRL *base) {
1066 // Delta CRL must be a delta
1067 if (!delta->base_crl_number) {
1068 return 0;
1069 }
1070 // Base must have a CRL number
1071 if (!base->crl_number) {
1072 return 0;
1073 }
1074 // Issuer names must match
1075 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) {
1076 return 0;
1077 }
1078 // AKID and IDP must match
1079 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) {
1080 return 0;
1081 }
1082 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) {
1083 return 0;
1084 }
1085 // Delta CRL base number must not exceed Full CRL number.
1086 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) {
1087 return 0;
1088 }
1089 // Delta CRL number must exceed full CRL number
1090 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) {
1091 return 1;
1092 }
1093 return 0;
1094 }
1095
1096 // For a given base CRL find a delta... maybe extend to delta scoring or
1097 // retrieve a chain of deltas...
1098
get_delta_sk(X509_STORE_CTX * ctx,X509_CRL ** dcrl,int * pscore,X509_CRL * base,STACK_OF (X509_CRL)* crls)1099 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1100 X509_CRL *base, STACK_OF(X509_CRL) *crls) {
1101 X509_CRL *delta;
1102 size_t i;
1103 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) {
1104 return;
1105 }
1106 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) {
1107 return;
1108 }
1109 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1110 delta = sk_X509_CRL_value(crls, i);
1111 if (check_delta_base(delta, base)) {
1112 if (check_crl_time(ctx, delta, 0)) {
1113 *pscore |= CRL_SCORE_TIME_DELTA;
1114 }
1115 X509_CRL_up_ref(delta);
1116 *dcrl = delta;
1117 return;
1118 }
1119 }
1120 *dcrl = NULL;
1121 }
1122
1123 // For a given CRL return how suitable it is for the supplied certificate
1124 // 'x'. The return value is a mask of several criteria. If the issuer is not
1125 // the certificate issuer this is returned in *pissuer. The reasons mask is
1126 // also used to determine if the CRL is suitable: if no new reasons the CRL
1127 // is rejected, otherwise reasons is updated.
1128
get_crl_score(X509_STORE_CTX * ctx,X509 ** pissuer,unsigned int * preasons,X509_CRL * crl,X509 * x)1129 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1130 unsigned int *preasons, X509_CRL *crl, X509 *x) {
1131 int crl_score = 0;
1132 unsigned int tmp_reasons = *preasons, crl_reasons;
1133
1134 // First see if we can reject CRL straight away
1135
1136 // Invalid IDP cannot be processed
1137 if (crl->idp_flags & IDP_INVALID) {
1138 return 0;
1139 }
1140 // Reason codes or indirect CRLs need extended CRL support
1141 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1142 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) {
1143 return 0;
1144 }
1145 } else if (crl->idp_flags & IDP_REASONS) {
1146 // If no new reasons reject
1147 if (!(crl->idp_reasons & ~tmp_reasons)) {
1148 return 0;
1149 }
1150 }
1151 // Don't process deltas at this stage
1152 else if (crl->base_crl_number) {
1153 return 0;
1154 }
1155 // If issuer name doesn't match certificate need indirect CRL
1156 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1157 if (!(crl->idp_flags & IDP_INDIRECT)) {
1158 return 0;
1159 }
1160 } else {
1161 crl_score |= CRL_SCORE_ISSUER_NAME;
1162 }
1163
1164 if (!(crl->flags & EXFLAG_CRITICAL)) {
1165 crl_score |= CRL_SCORE_NOCRITICAL;
1166 }
1167
1168 // Check expiry
1169 if (check_crl_time(ctx, crl, 0)) {
1170 crl_score |= CRL_SCORE_TIME;
1171 }
1172
1173 // Check authority key ID and locate certificate issuer
1174 crl_akid_check(ctx, crl, pissuer, &crl_score);
1175
1176 // If we can't locate certificate issuer at this point forget it
1177
1178 if (!(crl_score & CRL_SCORE_AKID)) {
1179 return 0;
1180 }
1181
1182 // Check cert for matching CRL distribution points
1183
1184 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1185 // If no new reasons reject
1186 if (!(crl_reasons & ~tmp_reasons)) {
1187 return 0;
1188 }
1189 tmp_reasons |= crl_reasons;
1190 crl_score |= CRL_SCORE_SCOPE;
1191 }
1192
1193 *preasons = tmp_reasons;
1194
1195 return crl_score;
1196 }
1197
crl_akid_check(X509_STORE_CTX * ctx,X509_CRL * crl,X509 ** pissuer,int * pcrl_score)1198 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
1199 int *pcrl_score) {
1200 X509 *crl_issuer = NULL;
1201 X509_NAME *cnm = X509_CRL_get_issuer(crl);
1202 int cidx = ctx->error_depth;
1203 size_t i;
1204
1205 if ((size_t)cidx != sk_X509_num(ctx->chain) - 1) {
1206 cidx++;
1207 }
1208
1209 crl_issuer = sk_X509_value(ctx->chain, cidx);
1210
1211 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1212 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1213 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1214 *pissuer = crl_issuer;
1215 return;
1216 }
1217 }
1218
1219 for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1220 crl_issuer = sk_X509_value(ctx->chain, cidx);
1221 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1222 continue;
1223 }
1224 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1225 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1226 *pissuer = crl_issuer;
1227 return;
1228 }
1229 }
1230
1231 // Anything else needs extended CRL support
1232
1233 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1234 return;
1235 }
1236
1237 // Otherwise the CRL issuer is not on the path. Look for it in the set of
1238 // untrusted certificates.
1239 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1240 crl_issuer = sk_X509_value(ctx->untrusted, i);
1241 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1242 continue;
1243 }
1244 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1245 *pissuer = crl_issuer;
1246 *pcrl_score |= CRL_SCORE_AKID;
1247 return;
1248 }
1249 }
1250 }
1251
1252 // Check the path of a CRL issuer certificate. This creates a new
1253 // X509_STORE_CTX and populates it with most of the parameters from the
1254 // parent. This could be optimised somewhat since a lot of path checking will
1255 // be duplicated by the parent, but this will rarely be used in practice.
1256
check_crl_path(X509_STORE_CTX * ctx,X509 * x)1257 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) {
1258 X509_STORE_CTX crl_ctx;
1259 int ret;
1260 // Don't allow recursive CRL path validation
1261 if (ctx->parent) {
1262 return 0;
1263 }
1264 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) {
1265 return -1;
1266 }
1267
1268 crl_ctx.crls = ctx->crls;
1269 // Copy verify params across
1270 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1271
1272 crl_ctx.parent = ctx;
1273 crl_ctx.verify_cb = ctx->verify_cb;
1274
1275 // Verify CRL issuer
1276 ret = X509_verify_cert(&crl_ctx);
1277
1278 if (ret <= 0) {
1279 goto err;
1280 }
1281
1282 // Check chain is acceptable
1283
1284 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1285 err:
1286 X509_STORE_CTX_cleanup(&crl_ctx);
1287 return ret;
1288 }
1289
1290 // RFC 3280 says nothing about the relationship between CRL path and
1291 // certificate path, which could lead to situations where a certificate could
1292 // be revoked or validated by a CA not authorised to do so. RFC 5280 is more
1293 // strict and states that the two paths must end in the same trust anchor,
1294 // though some discussions remain... until this is resolved we use the
1295 // RFC 5280 version
1296
check_crl_chain(X509_STORE_CTX * ctx,STACK_OF (X509)* cert_path,STACK_OF (X509)* crl_path)1297 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
1298 STACK_OF(X509) *crl_path) {
1299 X509 *cert_ta, *crl_ta;
1300 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1301 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1302 if (!X509_cmp(cert_ta, crl_ta)) {
1303 return 1;
1304 }
1305 return 0;
1306 }
1307
1308 // Check for match between two dist point names: three separate cases. 1.
1309 // Both are relative names and compare X509_NAME types. 2. One full, one
1310 // relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1311 // compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1312
idp_check_dp(DIST_POINT_NAME * a,DIST_POINT_NAME * b)1313 static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) {
1314 X509_NAME *nm = NULL;
1315 GENERAL_NAMES *gens = NULL;
1316 GENERAL_NAME *gena, *genb;
1317 size_t i, j;
1318 if (!a || !b) {
1319 return 1;
1320 }
1321 if (a->type == 1) {
1322 if (!a->dpname) {
1323 return 0;
1324 }
1325 // Case 1: two X509_NAME
1326 if (b->type == 1) {
1327 if (!b->dpname) {
1328 return 0;
1329 }
1330 if (!X509_NAME_cmp(a->dpname, b->dpname)) {
1331 return 1;
1332 } else {
1333 return 0;
1334 }
1335 }
1336 // Case 2: set name and GENERAL_NAMES appropriately
1337 nm = a->dpname;
1338 gens = b->name.fullname;
1339 } else if (b->type == 1) {
1340 if (!b->dpname) {
1341 return 0;
1342 }
1343 // Case 2: set name and GENERAL_NAMES appropriately
1344 gens = a->name.fullname;
1345 nm = b->dpname;
1346 }
1347
1348 // Handle case 2 with one GENERAL_NAMES and one X509_NAME
1349 if (nm) {
1350 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1351 gena = sk_GENERAL_NAME_value(gens, i);
1352 if (gena->type != GEN_DIRNAME) {
1353 continue;
1354 }
1355 if (!X509_NAME_cmp(nm, gena->d.directoryName)) {
1356 return 1;
1357 }
1358 }
1359 return 0;
1360 }
1361
1362 // Else case 3: two GENERAL_NAMES
1363
1364 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1365 gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1366 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1367 genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1368 if (!GENERAL_NAME_cmp(gena, genb)) {
1369 return 1;
1370 }
1371 }
1372 }
1373
1374 return 0;
1375 }
1376
crldp_check_crlissuer(DIST_POINT * dp,X509_CRL * crl,int crl_score)1377 static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) {
1378 size_t i;
1379 X509_NAME *nm = X509_CRL_get_issuer(crl);
1380 // If no CRLissuer return is successful iff don't need a match
1381 if (!dp->CRLissuer) {
1382 return !!(crl_score & CRL_SCORE_ISSUER_NAME);
1383 }
1384 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1385 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1386 if (gen->type != GEN_DIRNAME) {
1387 continue;
1388 }
1389 if (!X509_NAME_cmp(gen->d.directoryName, nm)) {
1390 return 1;
1391 }
1392 }
1393 return 0;
1394 }
1395
1396 // Check CRLDP and IDP
1397
crl_crldp_check(X509 * x,X509_CRL * crl,int crl_score,unsigned int * preasons)1398 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1399 unsigned int *preasons) {
1400 size_t i;
1401 if (crl->idp_flags & IDP_ONLYATTR) {
1402 return 0;
1403 }
1404 if (x->ex_flags & EXFLAG_CA) {
1405 if (crl->idp_flags & IDP_ONLYUSER) {
1406 return 0;
1407 }
1408 } else {
1409 if (crl->idp_flags & IDP_ONLYCA) {
1410 return 0;
1411 }
1412 }
1413 *preasons = crl->idp_reasons;
1414 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1415 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1416 if (crldp_check_crlissuer(dp, crl, crl_score)) {
1417 if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1418 *preasons &= dp->dp_reasons;
1419 return 1;
1420 }
1421 }
1422 }
1423 if ((!crl->idp || !crl->idp->distpoint) &&
1424 (crl_score & CRL_SCORE_ISSUER_NAME)) {
1425 return 1;
1426 }
1427 return 0;
1428 }
1429
1430 // Retrieve CRL corresponding to current certificate. If deltas enabled try
1431 // to find a delta CRL too
1432
get_crl_delta(X509_STORE_CTX * ctx,X509_CRL ** pcrl,X509_CRL ** pdcrl,X509 * x)1433 static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1434 X509 *x) {
1435 int ok;
1436 X509 *issuer = NULL;
1437 int crl_score = 0;
1438 unsigned int reasons;
1439 X509_CRL *crl = NULL, *dcrl = NULL;
1440 STACK_OF(X509_CRL) *skcrl;
1441 X509_NAME *nm = X509_get_issuer_name(x);
1442 reasons = ctx->current_reasons;
1443 ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, ctx->crls);
1444
1445 if (ok) {
1446 goto done;
1447 }
1448
1449 // Lookup CRLs from store
1450
1451 skcrl = ctx->lookup_crls(ctx, nm);
1452
1453 // If no CRLs found and a near match from get_crl_sk use that
1454 if (!skcrl && crl) {
1455 goto done;
1456 }
1457
1458 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1459
1460 sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1461
1462 done:
1463
1464 // If we got any kind of CRL use it and return success
1465 if (crl) {
1466 ctx->current_issuer = issuer;
1467 ctx->current_crl_score = crl_score;
1468 ctx->current_reasons = reasons;
1469 *pcrl = crl;
1470 *pdcrl = dcrl;
1471 return 1;
1472 }
1473
1474 return 0;
1475 }
1476
1477 // Check CRL validity
check_crl(X509_STORE_CTX * ctx,X509_CRL * crl)1478 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) {
1479 X509 *issuer = NULL;
1480 EVP_PKEY *ikey = NULL;
1481 int ok = 0, chnum, cnum;
1482 cnum = ctx->error_depth;
1483 chnum = sk_X509_num(ctx->chain) - 1;
1484 // if we have an alternative CRL issuer cert use that
1485 if (ctx->current_issuer) {
1486 issuer = ctx->current_issuer;
1487 }
1488
1489 // Else find CRL issuer: if not last certificate then issuer is next
1490 // certificate in chain.
1491 else if (cnum < chnum) {
1492 issuer = sk_X509_value(ctx->chain, cnum + 1);
1493 } else {
1494 issuer = sk_X509_value(ctx->chain, chnum);
1495 // If not self signed, can't check signature
1496 if (!ctx->check_issued(ctx, issuer, issuer)) {
1497 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1498 ok = ctx->verify_cb(0, ctx);
1499 if (!ok) {
1500 goto err;
1501 }
1502 }
1503 }
1504
1505 if (issuer) {
1506 // Skip most tests for deltas because they have already been done
1507 if (!crl->base_crl_number) {
1508 // Check for cRLSign bit if keyUsage present
1509 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1510 !(issuer->ex_kusage & KU_CRL_SIGN)) {
1511 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1512 ok = ctx->verify_cb(0, ctx);
1513 if (!ok) {
1514 goto err;
1515 }
1516 }
1517
1518 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1519 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1520 ok = ctx->verify_cb(0, ctx);
1521 if (!ok) {
1522 goto err;
1523 }
1524 }
1525
1526 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1527 if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1528 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1529 ok = ctx->verify_cb(0, ctx);
1530 if (!ok) {
1531 goto err;
1532 }
1533 }
1534 }
1535
1536 if (crl->idp_flags & IDP_INVALID) {
1537 ctx->error = X509_V_ERR_INVALID_EXTENSION;
1538 ok = ctx->verify_cb(0, ctx);
1539 if (!ok) {
1540 goto err;
1541 }
1542 }
1543 }
1544
1545 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1546 ok = check_crl_time(ctx, crl, 1);
1547 if (!ok) {
1548 goto err;
1549 }
1550 }
1551
1552 // Attempt to get issuer certificate public key
1553 ikey = X509_get_pubkey(issuer);
1554
1555 if (!ikey) {
1556 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1557 ok = ctx->verify_cb(0, ctx);
1558 if (!ok) {
1559 goto err;
1560 }
1561 } else {
1562 // Verify CRL signature
1563 if (X509_CRL_verify(crl, ikey) <= 0) {
1564 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1565 ok = ctx->verify_cb(0, ctx);
1566 if (!ok) {
1567 goto err;
1568 }
1569 }
1570 }
1571 }
1572
1573 ok = 1;
1574
1575 err:
1576 EVP_PKEY_free(ikey);
1577 return ok;
1578 }
1579
1580 // Check certificate against CRL
cert_crl(X509_STORE_CTX * ctx,X509_CRL * crl,X509 * x)1581 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) {
1582 int ok;
1583 X509_REVOKED *rev;
1584 // The rules changed for this... previously if a CRL contained unhandled
1585 // critical extensions it could still be used to indicate a certificate
1586 // was revoked. This has since been changed since critical extension can
1587 // change the meaning of CRL entries.
1588 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
1589 (crl->flags & EXFLAG_CRITICAL)) {
1590 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1591 ok = ctx->verify_cb(0, ctx);
1592 if (!ok) {
1593 return 0;
1594 }
1595 }
1596 // Look for serial number of certificate in CRL If found make sure reason
1597 // is not removeFromCRL.
1598 if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1599 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) {
1600 return 2;
1601 }
1602 ctx->error = X509_V_ERR_CERT_REVOKED;
1603 ok = ctx->verify_cb(0, ctx);
1604 if (!ok) {
1605 return 0;
1606 }
1607 }
1608
1609 return 1;
1610 }
1611
check_policy(X509_STORE_CTX * ctx)1612 static int check_policy(X509_STORE_CTX *ctx) {
1613 // TODO(davidben): Why do we disable policy validation for CRL paths?
1614 if (ctx->parent) {
1615 return 1;
1616 }
1617
1618 X509 *current_cert = NULL;
1619 int ret = X509_policy_check(ctx->chain, ctx->param->policies,
1620 ctx->param->flags, ¤t_cert);
1621 if (ret != X509_V_OK) {
1622 ctx->current_cert = current_cert;
1623 ctx->error = ret;
1624 if (ret == X509_V_ERR_OUT_OF_MEM) {
1625 return 0;
1626 }
1627 return ctx->verify_cb(0, ctx);
1628 }
1629
1630 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1631 ctx->current_cert = NULL;
1632 // Verification errors need to be "sticky", a callback may have allowed
1633 // an SSL handshake to continue despite an error, and we must then
1634 // remain in an error state. Therefore, we MUST NOT clear earlier
1635 // verification errors by setting the error to X509_V_OK.
1636 if (!ctx->verify_cb(2, ctx)) {
1637 return 0;
1638 }
1639 }
1640
1641 return 1;
1642 }
1643
check_cert_time(X509_STORE_CTX * ctx,X509 * x)1644 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) {
1645 if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
1646 return 1;
1647 }
1648
1649 int64_t ptime;
1650 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
1651 ptime = ctx->param->check_time;
1652 } else {
1653 ptime = time(NULL);
1654 }
1655
1656 int i = X509_cmp_time_posix(X509_get_notBefore(x), ptime);
1657 if (i == 0) {
1658 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1659 ctx->current_cert = x;
1660 if (!ctx->verify_cb(0, ctx)) {
1661 return 0;
1662 }
1663 }
1664
1665 if (i > 0) {
1666 ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1667 ctx->current_cert = x;
1668 if (!ctx->verify_cb(0, ctx)) {
1669 return 0;
1670 }
1671 }
1672
1673 i = X509_cmp_time_posix(X509_get_notAfter(x), ptime);
1674 if (i == 0) {
1675 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1676 ctx->current_cert = x;
1677 if (!ctx->verify_cb(0, ctx)) {
1678 return 0;
1679 }
1680 }
1681
1682 if (i < 0) {
1683 ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1684 ctx->current_cert = x;
1685 if (!ctx->verify_cb(0, ctx)) {
1686 return 0;
1687 }
1688 }
1689
1690 return 1;
1691 }
1692
internal_verify(X509_STORE_CTX * ctx)1693 static int internal_verify(X509_STORE_CTX *ctx) {
1694 int ok = 0, n;
1695 X509 *xs, *xi;
1696 EVP_PKEY *pkey = NULL;
1697
1698 n = sk_X509_num(ctx->chain);
1699 ctx->error_depth = n - 1;
1700 n--;
1701 xi = sk_X509_value(ctx->chain, n);
1702
1703 if (ctx->check_issued(ctx, xi, xi)) {
1704 xs = xi;
1705 } else {
1706 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1707 xs = xi;
1708 goto check_cert;
1709 }
1710 if (n <= 0) {
1711 ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1712 ctx->current_cert = xi;
1713 ok = ctx->verify_cb(0, ctx);
1714 goto end;
1715 } else {
1716 n--;
1717 ctx->error_depth = n;
1718 xs = sk_X509_value(ctx->chain, n);
1719 }
1720 }
1721
1722 // ctx->error=0; not needed
1723 while (n >= 0) {
1724 ctx->error_depth = n;
1725
1726 // Skip signature check for self signed certificates unless
1727 // explicitly asked for. It doesn't add any security and just wastes
1728 // time.
1729 if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1730 if ((pkey = X509_get_pubkey(xi)) == NULL) {
1731 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1732 ctx->current_cert = xi;
1733 ok = ctx->verify_cb(0, ctx);
1734 if (!ok) {
1735 goto end;
1736 }
1737 } else if (X509_verify(xs, pkey) <= 0) {
1738 ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1739 ctx->current_cert = xs;
1740 ok = ctx->verify_cb(0, ctx);
1741 if (!ok) {
1742 EVP_PKEY_free(pkey);
1743 goto end;
1744 }
1745 }
1746 EVP_PKEY_free(pkey);
1747 pkey = NULL;
1748 }
1749
1750 check_cert:
1751 ok = check_cert_time(ctx, xs);
1752 if (!ok) {
1753 goto end;
1754 }
1755
1756 // The last error (if any) is still in the error value
1757 ctx->current_issuer = xi;
1758 ctx->current_cert = xs;
1759 ok = ctx->verify_cb(1, ctx);
1760 if (!ok) {
1761 goto end;
1762 }
1763
1764 n--;
1765 if (n >= 0) {
1766 xi = xs;
1767 xs = sk_X509_value(ctx->chain, n);
1768 }
1769 }
1770 ok = 1;
1771 end:
1772 return ok;
1773 }
1774
X509_cmp_current_time(const ASN1_TIME * ctm)1775 int X509_cmp_current_time(const ASN1_TIME *ctm) {
1776 return X509_cmp_time_posix(ctm, time(NULL));
1777 }
1778
X509_cmp_time(const ASN1_TIME * ctm,time_t * cmp_time)1779 int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) {
1780 int64_t compare_time = (cmp_time == NULL) ? time(NULL) : *cmp_time;
1781 return X509_cmp_time_posix(ctm, compare_time);
1782 }
1783
X509_cmp_time_posix(const ASN1_TIME * ctm,int64_t cmp_time)1784 int X509_cmp_time_posix(const ASN1_TIME *ctm, int64_t cmp_time) {
1785 int64_t ctm_time;
1786 if (!ASN1_TIME_to_posix(ctm, &ctm_time)) {
1787 return 0;
1788 }
1789 // The return value 0 is reserved for errors.
1790 return (ctm_time - cmp_time <= 0) ? -1 : 1;
1791 }
1792
X509_gmtime_adj(ASN1_TIME * s,long offset_sec)1793 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec) {
1794 return X509_time_adj(s, offset_sec, NULL);
1795 }
1796
X509_time_adj(ASN1_TIME * s,long offset_sec,time_t * in_tm)1797 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) {
1798 return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1799 }
1800
X509_time_adj_ex(ASN1_TIME * s,int offset_day,long offset_sec,time_t * in_tm)1801 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec,
1802 time_t *in_tm) {
1803 int64_t t = 0;
1804
1805 if (in_tm) {
1806 t = *in_tm;
1807 } else {
1808 t = time(NULL);
1809 }
1810
1811 return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1812 }
1813
1814 // Make a delta CRL as the diff between two full CRLs
1815
X509_CRL_diff(X509_CRL * base,X509_CRL * newer,EVP_PKEY * skey,const EVP_MD * md,unsigned int flags)1816 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey,
1817 const EVP_MD *md, unsigned int flags) {
1818 X509_CRL *crl = NULL;
1819 int i;
1820 size_t j;
1821 STACK_OF(X509_REVOKED) *revs = NULL;
1822 // CRLs can't be delta already
1823 if (base->base_crl_number || newer->base_crl_number) {
1824 OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
1825 return NULL;
1826 }
1827 // Base and new CRL must have a CRL number
1828 if (!base->crl_number || !newer->crl_number) {
1829 OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
1830 return NULL;
1831 }
1832 // Issuer names must match
1833 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
1834 OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
1835 return NULL;
1836 }
1837 // AKID and IDP must match
1838 if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
1839 OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
1840 return NULL;
1841 }
1842 if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
1843 OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
1844 return NULL;
1845 }
1846 // Newer CRL number must exceed full CRL number
1847 if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
1848 OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
1849 return NULL;
1850 }
1851 // CRLs must verify
1852 if (skey &&
1853 (X509_CRL_verify(base, skey) <= 0 || X509_CRL_verify(newer, skey) <= 0)) {
1854 OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
1855 return NULL;
1856 }
1857 // Create new CRL
1858 crl = X509_CRL_new();
1859 if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2)) {
1860 goto memerr;
1861 }
1862 // Set issuer name
1863 if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) {
1864 goto memerr;
1865 }
1866
1867 if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) {
1868 goto memerr;
1869 }
1870 if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) {
1871 goto memerr;
1872 }
1873
1874 // Set base CRL number: must be critical
1875
1876 if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) {
1877 goto memerr;
1878 }
1879
1880 // Copy extensions across from newest CRL to delta: this will set CRL
1881 // number to correct value too.
1882
1883 for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
1884 const X509_EXTENSION *ext = X509_CRL_get_ext(newer, i);
1885 if (!X509_CRL_add_ext(crl, ext, -1)) {
1886 goto memerr;
1887 }
1888 }
1889
1890 // Go through revoked entries, copying as needed
1891
1892 revs = X509_CRL_get_REVOKED(newer);
1893
1894 for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
1895 X509_REVOKED *rvn, *rvtmp;
1896 rvn = sk_X509_REVOKED_value(revs, j);
1897 // Add only if not also in base. TODO: need something cleverer here
1898 // for some more complex CRLs covering multiple CAs.
1899 if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
1900 rvtmp = X509_REVOKED_dup(rvn);
1901 if (!rvtmp) {
1902 goto memerr;
1903 }
1904 if (!X509_CRL_add0_revoked(crl, rvtmp)) {
1905 X509_REVOKED_free(rvtmp);
1906 goto memerr;
1907 }
1908 }
1909 }
1910 // TODO: optionally prune deleted entries
1911
1912 if (skey && md && !X509_CRL_sign(crl, skey, md)) {
1913 goto memerr;
1914 }
1915
1916 return crl;
1917
1918 memerr:
1919 if (crl) {
1920 X509_CRL_free(crl);
1921 }
1922 return NULL;
1923 }
1924
X509_STORE_CTX_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_unused,CRYPTO_EX_free * free_func)1925 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
1926 CRYPTO_EX_unused *unused,
1927 CRYPTO_EX_dup *dup_unused,
1928 CRYPTO_EX_free *free_func) {
1929 // This function is (usually) called only once, by
1930 // SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
1931 int index;
1932 if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
1933 free_func)) {
1934 return -1;
1935 }
1936 return index;
1937 }
1938
X509_STORE_CTX_set_ex_data(X509_STORE_CTX * ctx,int idx,void * data)1939 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) {
1940 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
1941 }
1942
X509_STORE_CTX_get_ex_data(X509_STORE_CTX * ctx,int idx)1943 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) {
1944 return CRYPTO_get_ex_data(&ctx->ex_data, idx);
1945 }
1946
X509_STORE_CTX_get_error(X509_STORE_CTX * ctx)1947 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { return ctx->error; }
1948
X509_STORE_CTX_set_error(X509_STORE_CTX * ctx,int err)1949 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) {
1950 ctx->error = err;
1951 }
1952
X509_STORE_CTX_get_error_depth(X509_STORE_CTX * ctx)1953 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) {
1954 return ctx->error_depth;
1955 }
1956
X509_STORE_CTX_get_current_cert(X509_STORE_CTX * ctx)1957 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) {
1958 return ctx->current_cert;
1959 }
1960
STACK_OF(X509)1961 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) {
1962 return ctx->chain;
1963 }
1964
STACK_OF(X509)1965 STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) {
1966 return ctx->chain;
1967 }
1968
STACK_OF(X509)1969 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) {
1970 if (!ctx->chain) {
1971 return NULL;
1972 }
1973 return X509_chain_up_ref(ctx->chain);
1974 }
1975
X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX * ctx)1976 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) {
1977 return ctx->current_issuer;
1978 }
1979
X509_STORE_CTX_get0_current_crl(X509_STORE_CTX * ctx)1980 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) {
1981 return ctx->current_crl;
1982 }
1983
X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX * ctx)1984 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) {
1985 return ctx->parent;
1986 }
1987
X509_STORE_CTX_set_cert(X509_STORE_CTX * ctx,X509 * x)1988 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert = x; }
1989
X509_STORE_CTX_set_chain(X509_STORE_CTX * ctx,STACK_OF (X509)* sk)1990 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
1991 ctx->untrusted = sk;
1992 }
1993
STACK_OF(X509)1994 STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) {
1995 return ctx->untrusted;
1996 }
1997
X509_STORE_CTX_set0_crls(X509_STORE_CTX * ctx,STACK_OF (X509_CRL)* sk)1998 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) {
1999 ctx->crls = sk;
2000 }
2001
X509_STORE_CTX_set_purpose(X509_STORE_CTX * ctx,int purpose)2002 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) {
2003 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2004 }
2005
X509_STORE_CTX_set_trust(X509_STORE_CTX * ctx,int trust)2006 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) {
2007 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2008 }
2009
2010 // This function is used to set the X509_STORE_CTX purpose and trust values.
2011 // This is intended to be used when another structure has its own trust and
2012 // purpose values which (if set) will be inherited by the ctx. If they aren't
2013 // set then we will usually have a default purpose in mind which should then
2014 // be used to set the trust value. An example of this is SSL use: an SSL
2015 // structure will have its own purpose and trust settings which the
2016 // application can set: if they aren't set then we use the default of SSL
2017 // client/server.
2018
X509_STORE_CTX_purpose_inherit(X509_STORE_CTX * ctx,int def_purpose,int purpose,int trust)2019 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2020 int purpose, int trust) {
2021 int idx;
2022 // If purpose not set use default
2023 if (!purpose) {
2024 purpose = def_purpose;
2025 }
2026 // If we have a purpose then check it is valid
2027 if (purpose) {
2028 X509_PURPOSE *ptmp;
2029 idx = X509_PURPOSE_get_by_id(purpose);
2030 if (idx == -1) {
2031 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2032 return 0;
2033 }
2034 ptmp = X509_PURPOSE_get0(idx);
2035 if (ptmp->trust == X509_TRUST_DEFAULT) {
2036 idx = X509_PURPOSE_get_by_id(def_purpose);
2037 if (idx == -1) {
2038 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2039 return 0;
2040 }
2041 ptmp = X509_PURPOSE_get0(idx);
2042 }
2043 // If trust not set then get from purpose default
2044 if (!trust) {
2045 trust = ptmp->trust;
2046 }
2047 }
2048 if (trust) {
2049 idx = X509_TRUST_get_by_id(trust);
2050 if (idx == -1) {
2051 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2052 return 0;
2053 }
2054 }
2055
2056 if (purpose && !ctx->param->purpose) {
2057 ctx->param->purpose = purpose;
2058 }
2059 if (trust && !ctx->param->trust) {
2060 ctx->param->trust = trust;
2061 }
2062 return 1;
2063 }
2064
X509_STORE_CTX_new(void)2065 X509_STORE_CTX *X509_STORE_CTX_new(void) {
2066 X509_STORE_CTX *ctx;
2067 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2068 if (!ctx) {
2069 return NULL;
2070 }
2071 X509_STORE_CTX_zero(ctx);
2072 return ctx;
2073 }
2074
X509_STORE_CTX_zero(X509_STORE_CTX * ctx)2075 void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) {
2076 OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2077 }
2078
X509_STORE_CTX_free(X509_STORE_CTX * ctx)2079 void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
2080 if (ctx == NULL) {
2081 return;
2082 }
2083 X509_STORE_CTX_cleanup(ctx);
2084 OPENSSL_free(ctx);
2085 }
2086
X509_STORE_CTX_init(X509_STORE_CTX * ctx,X509_STORE * store,X509 * x509,STACK_OF (X509)* chain)2087 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2088 STACK_OF(X509) *chain) {
2089 X509_STORE_CTX_zero(ctx);
2090 ctx->ctx = store;
2091 ctx->cert = x509;
2092 ctx->untrusted = chain;
2093
2094 CRYPTO_new_ex_data(&ctx->ex_data);
2095
2096 if (store == NULL) {
2097 OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
2098 goto err;
2099 }
2100
2101 ctx->param = X509_VERIFY_PARAM_new();
2102 if (!ctx->param) {
2103 goto err;
2104 }
2105
2106 // Inherit callbacks and flags from X509_STORE.
2107
2108 ctx->verify_cb = store->verify_cb;
2109 ctx->cleanup = store->cleanup;
2110
2111 if (!X509_VERIFY_PARAM_inherit(ctx->param, store->param) ||
2112 !X509_VERIFY_PARAM_inherit(ctx->param,
2113 X509_VERIFY_PARAM_lookup("default"))) {
2114 goto err;
2115 }
2116
2117 if (store->check_issued) {
2118 ctx->check_issued = store->check_issued;
2119 } else {
2120 ctx->check_issued = check_issued;
2121 }
2122
2123 if (store->get_issuer) {
2124 ctx->get_issuer = store->get_issuer;
2125 } else {
2126 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2127 }
2128
2129 if (store->verify_cb) {
2130 ctx->verify_cb = store->verify_cb;
2131 } else {
2132 ctx->verify_cb = null_callback;
2133 }
2134
2135 if (store->verify) {
2136 ctx->verify = store->verify;
2137 } else {
2138 ctx->verify = internal_verify;
2139 }
2140
2141 if (store->check_revocation) {
2142 ctx->check_revocation = store->check_revocation;
2143 } else {
2144 ctx->check_revocation = check_revocation;
2145 }
2146
2147 if (store->get_crl) {
2148 ctx->get_crl = store->get_crl;
2149 } else {
2150 ctx->get_crl = NULL;
2151 }
2152
2153 if (store->check_crl) {
2154 ctx->check_crl = store->check_crl;
2155 } else {
2156 ctx->check_crl = check_crl;
2157 }
2158
2159 if (store->cert_crl) {
2160 ctx->cert_crl = store->cert_crl;
2161 } else {
2162 ctx->cert_crl = cert_crl;
2163 }
2164
2165 if (store->lookup_certs) {
2166 ctx->lookup_certs = store->lookup_certs;
2167 } else {
2168 ctx->lookup_certs = X509_STORE_get1_certs;
2169 }
2170
2171 if (store->lookup_crls) {
2172 ctx->lookup_crls = store->lookup_crls;
2173 } else {
2174 ctx->lookup_crls = X509_STORE_get1_crls;
2175 }
2176
2177 ctx->check_policy = check_policy;
2178
2179 return 1;
2180
2181 err:
2182 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2183 if (ctx->param != NULL) {
2184 X509_VERIFY_PARAM_free(ctx->param);
2185 }
2186
2187 OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2188 return 0;
2189 }
2190
2191 // Set alternative lookup method: just a STACK of trusted certificates. This
2192 // avoids X509_STORE nastiness where it isn't needed.
2193
X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX * ctx,STACK_OF (X509)* sk)2194 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2195 STACK_OF(X509) *sk) {
2196 ctx->other_ctx = sk;
2197 ctx->get_issuer = get_issuer_sk;
2198 }
2199
X509_STORE_CTX_trusted_stack(X509_STORE_CTX * ctx,STACK_OF (X509)* sk)2200 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
2201 X509_STORE_CTX_set0_trusted_stack(ctx, sk);
2202 }
2203
X509_STORE_CTX_cleanup(X509_STORE_CTX * ctx)2204 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) {
2205 // We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2206 // also calls this function.
2207 if (ctx->cleanup != NULL) {
2208 ctx->cleanup(ctx);
2209 ctx->cleanup = NULL;
2210 }
2211 if (ctx->param != NULL) {
2212 if (ctx->parent == NULL) {
2213 X509_VERIFY_PARAM_free(ctx->param);
2214 }
2215 ctx->param = NULL;
2216 }
2217 if (ctx->chain != NULL) {
2218 sk_X509_pop_free(ctx->chain, X509_free);
2219 ctx->chain = NULL;
2220 }
2221 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2222 OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2223 }
2224
X509_STORE_CTX_set_depth(X509_STORE_CTX * ctx,int depth)2225 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) {
2226 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2227 }
2228
X509_STORE_CTX_set_flags(X509_STORE_CTX * ctx,unsigned long flags)2229 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) {
2230 X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2231 }
2232
X509_STORE_CTX_set_time_posix(X509_STORE_CTX * ctx,unsigned long flags,int64_t t)2233 void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx, unsigned long flags,
2234 int64_t t) {
2235 X509_VERIFY_PARAM_set_time_posix(ctx->param, t);
2236 }
2237
X509_STORE_CTX_set_time(X509_STORE_CTX * ctx,unsigned long flags,time_t t)2238 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2239 time_t t) {
2240 X509_STORE_CTX_set_time_posix(ctx, flags, t);
2241 }
2242
X509_STORE_CTX_get0_cert(X509_STORE_CTX * ctx)2243 X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) {
2244 return ctx->cert;
2245 }
2246
X509_STORE_CTX_set_verify_cb(X509_STORE_CTX * ctx,int (* verify_cb)(int,X509_STORE_CTX *))2247 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2248 int (*verify_cb)(int, X509_STORE_CTX *)) {
2249 ctx->verify_cb = verify_cb;
2250 }
2251
X509_STORE_CTX_set_default(X509_STORE_CTX * ctx,const char * name)2252 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) {
2253 const X509_VERIFY_PARAM *param;
2254 param = X509_VERIFY_PARAM_lookup(name);
2255 if (!param) {
2256 return 0;
2257 }
2258 return X509_VERIFY_PARAM_inherit(ctx->param, param);
2259 }
2260
X509_STORE_CTX_get0_param(X509_STORE_CTX * ctx)2261 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) {
2262 return ctx->param;
2263 }
2264
X509_STORE_CTX_set0_param(X509_STORE_CTX * ctx,X509_VERIFY_PARAM * param)2265 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) {
2266 if (ctx->param) {
2267 X509_VERIFY_PARAM_free(ctx->param);
2268 }
2269 ctx->param = param;
2270 }
2271