1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <ctype.h>
58 #include <string.h>
59 #include <time.h>
60
61 #include <openssl/asn1.h>
62 #include <openssl/err.h>
63 #include <openssl/evp.h>
64 #include <openssl/mem.h>
65 #include <openssl/obj.h>
66 #include <openssl/thread.h>
67 #include <openssl/x509.h>
68 #include <openssl/x509v3.h>
69
70 #include "../internal.h"
71 #include "../x509v3/internal.h"
72 #include "internal.h"
73
74 static CRYPTO_EX_DATA_CLASS g_ex_data_class =
75 CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
76
77 // CRL score values
78
79 // No unhandled critical extensions
80
81 #define CRL_SCORE_NOCRITICAL 0x100
82
83 // certificate is within CRL scope
84
85 #define CRL_SCORE_SCOPE 0x080
86
87 // CRL times valid
88
89 #define CRL_SCORE_TIME 0x040
90
91 // Issuer name matches certificate
92
93 #define CRL_SCORE_ISSUER_NAME 0x020
94
95 // If this score or above CRL is probably valid
96
97 #define CRL_SCORE_VALID \
98 (CRL_SCORE_NOCRITICAL | CRL_SCORE_TIME | CRL_SCORE_SCOPE)
99
100 // CRL issuer is certificate issuer
101
102 #define CRL_SCORE_ISSUER_CERT 0x018
103
104 // CRL issuer is on certificate path
105
106 #define CRL_SCORE_SAME_PATH 0x008
107
108 // CRL issuer matches CRL AKID
109
110 #define CRL_SCORE_AKID 0x004
111
112 // Have a delta CRL with valid times
113
114 #define CRL_SCORE_TIME_DELTA 0x002
115
116 static int null_callback(int ok, X509_STORE_CTX *e);
117 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
118 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
119 static int check_chain_extensions(X509_STORE_CTX *ctx);
120 static int check_name_constraints(X509_STORE_CTX *ctx);
121 static int check_id(X509_STORE_CTX *ctx);
122 static int check_trust(X509_STORE_CTX *ctx);
123 static int check_revocation(X509_STORE_CTX *ctx);
124 static int check_cert(X509_STORE_CTX *ctx);
125 static int check_policy(X509_STORE_CTX *ctx);
126
127 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
128 unsigned int *preasons, X509_CRL *crl, X509 *x);
129 static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
130 X509 *x);
131 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
132 X509_CRL *base, STACK_OF(X509_CRL) *crls);
133 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
134 int *pcrl_score);
135 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
136 unsigned int *preasons);
137 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
138 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
139 STACK_OF(X509) *crl_path);
140
141 static int internal_verify(X509_STORE_CTX *ctx);
142
null_callback(int ok,X509_STORE_CTX * e)143 static int null_callback(int ok, X509_STORE_CTX *e) { return ok; }
144
145 // cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
146 // one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
147 // returns zero.
cert_self_signed(X509 * x,int * out_is_self_signed)148 static int cert_self_signed(X509 *x, int *out_is_self_signed) {
149 if (!x509v3_cache_extensions(x)) {
150 return 0;
151 }
152 *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
153 return 1;
154 }
155
156 // Given a certificate try and find an exact match in the store
157
lookup_cert_match(X509_STORE_CTX * ctx,X509 * x)158 static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) {
159 STACK_OF(X509) *certs;
160 X509 *xtmp = NULL;
161 size_t i;
162 // Lookup all certs with matching subject name
163 certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
164 if (certs == NULL) {
165 return NULL;
166 }
167 // Look for exact match
168 for (i = 0; i < sk_X509_num(certs); i++) {
169 xtmp = sk_X509_value(certs, i);
170 if (!X509_cmp(xtmp, x)) {
171 break;
172 }
173 }
174 if (i < sk_X509_num(certs)) {
175 X509_up_ref(xtmp);
176 } else {
177 xtmp = NULL;
178 }
179 sk_X509_pop_free(certs, X509_free);
180 return xtmp;
181 }
182
X509_verify_cert(X509_STORE_CTX * ctx)183 int X509_verify_cert(X509_STORE_CTX *ctx) {
184 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
185 int bad_chain = 0;
186 X509_VERIFY_PARAM *param = ctx->param;
187 int depth, i, ok = 0;
188 int num, j, retry, trust;
189 STACK_OF(X509) *sktmp = NULL;
190
191 if (ctx->cert == NULL) {
192 OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
193 ctx->error = X509_V_ERR_INVALID_CALL;
194 return -1;
195 }
196 if (ctx->chain != NULL) {
197 // This X509_STORE_CTX has already been used to verify a cert. We
198 // cannot do another one.
199 OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
200 ctx->error = X509_V_ERR_INVALID_CALL;
201 return -1;
202 }
203
204 // first we make sure the chain we are going to build is present and that
205 // the first entry is in place
206 ctx->chain = sk_X509_new_null();
207 if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
208 ctx->error = X509_V_ERR_OUT_OF_MEM;
209 goto end;
210 }
211 X509_up_ref(ctx->cert);
212 ctx->last_untrusted = 1;
213
214 // We use a temporary STACK so we can chop and hack at it.
215 if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
216 ctx->error = X509_V_ERR_OUT_OF_MEM;
217 goto end;
218 }
219
220 num = (int)sk_X509_num(ctx->chain);
221 x = sk_X509_value(ctx->chain, num - 1);
222 depth = param->depth;
223
224 for (;;) {
225 // If we have enough, we break
226 if (depth < num) {
227 break; // FIXME: If this happens, we should take
228 // note of it and, if appropriate, use the
229 // X509_V_ERR_CERT_CHAIN_TOO_LONG error code
230 // later.
231 }
232
233 int is_self_signed;
234 if (!cert_self_signed(x, &is_self_signed)) {
235 ctx->error = X509_V_ERR_INVALID_EXTENSION;
236 goto end;
237 }
238
239 // If we are self signed, we break
240 if (is_self_signed) {
241 break;
242 }
243 // If asked see if we can find issuer in trusted store first
244 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
245 ok = ctx->get_issuer(&xtmp, ctx, x);
246 if (ok < 0) {
247 ctx->error = X509_V_ERR_STORE_LOOKUP;
248 goto end;
249 }
250 // If successful for now free up cert so it will be picked up
251 // again later.
252 if (ok > 0) {
253 X509_free(xtmp);
254 break;
255 }
256 }
257
258 // If we were passed a cert chain, use it first
259 if (sktmp != NULL) {
260 xtmp = find_issuer(ctx, sktmp, x);
261 if (xtmp != NULL) {
262 if (!sk_X509_push(ctx->chain, xtmp)) {
263 ctx->error = X509_V_ERR_OUT_OF_MEM;
264 ok = 0;
265 goto end;
266 }
267 X509_up_ref(xtmp);
268 (void)sk_X509_delete_ptr(sktmp, xtmp);
269 ctx->last_untrusted++;
270 x = xtmp;
271 num++;
272 // reparse the full chain for the next one
273 continue;
274 }
275 }
276 break;
277 }
278
279 // Remember how many untrusted certs we have
280 j = num;
281 // at this point, chain should contain a list of untrusted certificates.
282 // We now need to add at least one trusted one, if possible, otherwise we
283 // complain.
284
285 do {
286 // Examine last certificate in chain and see if it is self signed.
287 i = (int)sk_X509_num(ctx->chain);
288 x = sk_X509_value(ctx->chain, i - 1);
289
290 int is_self_signed;
291 if (!cert_self_signed(x, &is_self_signed)) {
292 ctx->error = X509_V_ERR_INVALID_EXTENSION;
293 goto end;
294 }
295
296 if (is_self_signed) {
297 // we have a self signed certificate
298 if (sk_X509_num(ctx->chain) == 1) {
299 // We have a single self signed certificate: see if we can
300 // find it in the store. We must have an exact match to avoid
301 // possible impersonation.
302 ok = ctx->get_issuer(&xtmp, ctx, x);
303 if ((ok <= 0) || X509_cmp(x, xtmp)) {
304 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
305 ctx->current_cert = x;
306 ctx->error_depth = i - 1;
307 if (ok == 1) {
308 X509_free(xtmp);
309 }
310 bad_chain = 1;
311 ok = ctx->verify_cb(0, ctx);
312 if (!ok) {
313 goto end;
314 }
315 } else {
316 // We have a match: replace certificate with store
317 // version so we get any trust settings.
318 X509_free(x);
319 x = xtmp;
320 (void)sk_X509_set(ctx->chain, i - 1, x);
321 ctx->last_untrusted = 0;
322 }
323 } else {
324 // extract and save self signed certificate for later use
325 chain_ss = sk_X509_pop(ctx->chain);
326 ctx->last_untrusted--;
327 num--;
328 j--;
329 x = sk_X509_value(ctx->chain, num - 1);
330 }
331 }
332 // We now lookup certs from the certificate store
333 for (;;) {
334 // If we have enough, we break
335 if (depth < num) {
336 break;
337 }
338 if (!cert_self_signed(x, &is_self_signed)) {
339 ctx->error = X509_V_ERR_INVALID_EXTENSION;
340 goto end;
341 }
342 // If we are self signed, we break
343 if (is_self_signed) {
344 break;
345 }
346 ok = ctx->get_issuer(&xtmp, ctx, x);
347
348 if (ok < 0) {
349 ctx->error = X509_V_ERR_STORE_LOOKUP;
350 goto end;
351 }
352 if (ok == 0) {
353 break;
354 }
355 x = xtmp;
356 if (!sk_X509_push(ctx->chain, x)) {
357 X509_free(xtmp);
358 ctx->error = X509_V_ERR_OUT_OF_MEM;
359 ok = 0;
360 goto end;
361 }
362 num++;
363 }
364
365 // we now have our chain, lets check it...
366 trust = check_trust(ctx);
367
368 // If explicitly rejected error
369 if (trust == X509_TRUST_REJECTED) {
370 ok = 0;
371 goto end;
372 }
373 // If it's not explicitly trusted then check if there is an alternative
374 // chain that could be used. We only do this if we haven't already
375 // checked via TRUSTED_FIRST and the user hasn't switched off alternate
376 // chain checking
377 retry = 0;
378 if (trust != X509_TRUST_TRUSTED &&
379 !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
380 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
381 while (j-- > 1) {
382 xtmp2 = sk_X509_value(ctx->chain, j - 1);
383 ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
384 if (ok < 0) {
385 goto end;
386 }
387 // Check if we found an alternate chain
388 if (ok > 0) {
389 // Free up the found cert we'll add it again later
390 X509_free(xtmp);
391
392 // Dump all the certs above this point - we've found an
393 // alternate chain
394 while (num > j) {
395 xtmp = sk_X509_pop(ctx->chain);
396 X509_free(xtmp);
397 num--;
398 }
399 ctx->last_untrusted = (int)sk_X509_num(ctx->chain);
400 retry = 1;
401 break;
402 }
403 }
404 }
405 } while (retry);
406
407 // If not explicitly trusted then indicate error unless it's a single
408 // self signed certificate in which case we've indicated an error already
409 // and set bad_chain == 1
410 if (trust != X509_TRUST_TRUSTED && !bad_chain) {
411 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
412 if (ctx->last_untrusted >= num) {
413 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
414 } else {
415 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
416 }
417 ctx->current_cert = x;
418 } else {
419 sk_X509_push(ctx->chain, chain_ss);
420 num++;
421 ctx->last_untrusted = num;
422 ctx->current_cert = chain_ss;
423 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
424 chain_ss = NULL;
425 }
426
427 ctx->error_depth = num - 1;
428 bad_chain = 1;
429 ok = ctx->verify_cb(0, ctx);
430 if (!ok) {
431 goto end;
432 }
433 }
434
435 // We have the chain complete: now we need to check its purpose
436 ok = check_chain_extensions(ctx);
437
438 if (!ok) {
439 goto end;
440 }
441
442 ok = check_id(ctx);
443
444 if (!ok) {
445 goto end;
446 }
447
448 // Check revocation status: we do this after copying parameters because
449 // they may be needed for CRL signature verification.
450 ok = ctx->check_revocation(ctx);
451 if (!ok) {
452 goto end;
453 }
454
455 // At this point, we have a chain and need to verify it
456 if (ctx->verify != NULL) {
457 ok = ctx->verify(ctx);
458 } else {
459 ok = internal_verify(ctx);
460 }
461 if (!ok) {
462 goto end;
463 }
464
465 // Check name constraints
466 ok = check_name_constraints(ctx);
467 if (!ok) {
468 goto end;
469 }
470
471 // If we get this far, evaluate policies.
472 if (!bad_chain) {
473 ok = ctx->check_policy(ctx);
474 }
475
476 end:
477 if (sktmp != NULL) {
478 sk_X509_free(sktmp);
479 }
480 if (chain_ss != NULL) {
481 X509_free(chain_ss);
482 }
483
484 // Safety net, error returns must set ctx->error
485 if (ok <= 0 && ctx->error == X509_V_OK) {
486 ctx->error = X509_V_ERR_UNSPECIFIED;
487 }
488 return ok;
489 }
490
491 // Given a STACK_OF(X509) find the issuer of cert (if any)
492
find_issuer(X509_STORE_CTX * ctx,STACK_OF (X509)* sk,X509 * x)493 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) {
494 size_t i;
495 X509 *issuer;
496 for (i = 0; i < sk_X509_num(sk); i++) {
497 issuer = sk_X509_value(sk, i);
498 if (ctx->check_issued(ctx, x, issuer)) {
499 return issuer;
500 }
501 }
502 return NULL;
503 }
504
505 // Given a possible certificate and issuer check them
506
check_issued(X509_STORE_CTX * ctx,X509 * x,X509 * issuer)507 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) {
508 int ret;
509 ret = X509_check_issued(issuer, x);
510 if (ret == X509_V_OK) {
511 return 1;
512 }
513 // If we haven't asked for issuer errors don't set ctx
514 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) {
515 return 0;
516 }
517
518 ctx->error = ret;
519 ctx->current_cert = x;
520 ctx->current_issuer = issuer;
521 return ctx->verify_cb(0, ctx);
522 }
523
524 // Alternative lookup method: look from a STACK stored in other_ctx
525
get_issuer_sk(X509 ** issuer,X509_STORE_CTX * ctx,X509 * x)526 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) {
527 *issuer = find_issuer(ctx, ctx->other_ctx, x);
528 if (*issuer) {
529 X509_up_ref(*issuer);
530 return 1;
531 } else {
532 return 0;
533 }
534 }
535
536 // Check a certificate chains extensions for consistency with the supplied
537 // purpose
538
check_chain_extensions(X509_STORE_CTX * ctx)539 static int check_chain_extensions(X509_STORE_CTX *ctx) {
540 int ok = 0, plen = 0;
541
542 // If |ctx->parent| is set, this is CRL path validation.
543 int purpose =
544 ctx->parent == NULL ? ctx->param->purpose : X509_PURPOSE_CRL_SIGN;
545
546 // Check all untrusted certificates
547 for (int i = 0; i < ctx->last_untrusted; i++) {
548 X509 *x = sk_X509_value(ctx->chain, i);
549 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
550 (x->ex_flags & EXFLAG_CRITICAL)) {
551 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
552 ctx->error_depth = i;
553 ctx->current_cert = x;
554 ok = ctx->verify_cb(0, ctx);
555 if (!ok) {
556 goto end;
557 }
558 }
559
560 int must_be_ca = i > 0;
561 if (must_be_ca && !X509_check_ca(x)) {
562 ctx->error = X509_V_ERR_INVALID_CA;
563 ctx->error_depth = i;
564 ctx->current_cert = x;
565 ok = ctx->verify_cb(0, ctx);
566 if (!ok) {
567 goto end;
568 }
569 }
570 if (ctx->param->purpose > 0 &&
571 X509_check_purpose(x, purpose, must_be_ca) != 1) {
572 ctx->error = X509_V_ERR_INVALID_PURPOSE;
573 ctx->error_depth = i;
574 ctx->current_cert = x;
575 ok = ctx->verify_cb(0, ctx);
576 if (!ok) {
577 goto end;
578 }
579 }
580 // Check pathlen if not self issued
581 if (i > 1 && !(x->ex_flags & EXFLAG_SI) && x->ex_pathlen != -1 &&
582 plen > x->ex_pathlen + 1) {
583 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
584 ctx->error_depth = i;
585 ctx->current_cert = x;
586 ok = ctx->verify_cb(0, ctx);
587 if (!ok) {
588 goto end;
589 }
590 }
591 // Increment path length if not self issued
592 if (!(x->ex_flags & EXFLAG_SI)) {
593 plen++;
594 }
595 }
596 ok = 1;
597 end:
598 return ok;
599 }
600
reject_dns_name_in_common_name(X509 * x509)601 static int reject_dns_name_in_common_name(X509 *x509) {
602 const X509_NAME *name = X509_get_subject_name(x509);
603 int i = -1;
604 for (;;) {
605 i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
606 if (i == -1) {
607 return X509_V_OK;
608 }
609
610 const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
611 const ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
612 unsigned char *idval;
613 int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
614 if (idlen < 0) {
615 return X509_V_ERR_OUT_OF_MEM;
616 }
617 // Only process attributes that look like host names. Note it is
618 // important that this check be mirrored in |X509_check_host|.
619 int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
620 OPENSSL_free(idval);
621 if (looks_like_dns) {
622 return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
623 }
624 }
625 }
626
check_name_constraints(X509_STORE_CTX * ctx)627 static int check_name_constraints(X509_STORE_CTX *ctx) {
628 int i, j, rv;
629 int has_name_constraints = 0;
630 // Check name constraints for all certificates
631 for (i = (int)sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
632 X509 *x = sk_X509_value(ctx->chain, i);
633 // Ignore self issued certs unless last in chain
634 if (i && (x->ex_flags & EXFLAG_SI)) {
635 continue;
636 }
637 // Check against constraints for all certificates higher in chain
638 // including trust anchor. Trust anchor not strictly speaking needed
639 // but if it includes constraints it is to be assumed it expects them
640 // to be obeyed.
641 for (j = (int)sk_X509_num(ctx->chain) - 1; j > i; j--) {
642 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
643 if (nc) {
644 has_name_constraints = 1;
645 rv = NAME_CONSTRAINTS_check(x, nc);
646 switch (rv) {
647 case X509_V_OK:
648 continue;
649 case X509_V_ERR_OUT_OF_MEM:
650 ctx->error = rv;
651 return 0;
652 default:
653 ctx->error = rv;
654 ctx->error_depth = i;
655 ctx->current_cert = x;
656 if (!ctx->verify_cb(0, ctx)) {
657 return 0;
658 }
659 break;
660 }
661 }
662 }
663 }
664
665 // Name constraints do not match against the common name, but
666 // |X509_check_host| still implements the legacy behavior where, on
667 // certificates lacking a SAN list, DNS-like names in the common name are
668 // checked instead.
669 //
670 // While we could apply the name constraints to the common name, name
671 // constraints are rare enough that can hold such certificates to a higher
672 // standard. Note this does not make "DNS-like" heuristic failures any
673 // worse. A decorative common-name misidentified as a DNS name would fail
674 // the name constraint anyway.
675 X509 *leaf = sk_X509_value(ctx->chain, 0);
676 if (has_name_constraints && leaf->altname == NULL) {
677 rv = reject_dns_name_in_common_name(leaf);
678 switch (rv) {
679 case X509_V_OK:
680 break;
681 case X509_V_ERR_OUT_OF_MEM:
682 ctx->error = rv;
683 return 0;
684 default:
685 ctx->error = rv;
686 ctx->error_depth = i;
687 ctx->current_cert = leaf;
688 if (!ctx->verify_cb(0, ctx)) {
689 return 0;
690 }
691 break;
692 }
693 }
694
695 return 1;
696 }
697
check_id_error(X509_STORE_CTX * ctx,int errcode)698 static int check_id_error(X509_STORE_CTX *ctx, int errcode) {
699 ctx->error = errcode;
700 ctx->current_cert = ctx->cert;
701 ctx->error_depth = 0;
702 return ctx->verify_cb(0, ctx);
703 }
704
check_hosts(X509 * x,X509_VERIFY_PARAM * param)705 static int check_hosts(X509 *x, X509_VERIFY_PARAM *param) {
706 size_t i;
707 size_t n = sk_OPENSSL_STRING_num(param->hosts);
708 char *name;
709
710 if (param->peername != NULL) {
711 OPENSSL_free(param->peername);
712 param->peername = NULL;
713 }
714 for (i = 0; i < n; ++i) {
715 name = sk_OPENSSL_STRING_value(param->hosts, i);
716 if (X509_check_host(x, name, strlen(name), param->hostflags,
717 ¶m->peername) > 0) {
718 return 1;
719 }
720 }
721 return n == 0;
722 }
723
check_id(X509_STORE_CTX * ctx)724 static int check_id(X509_STORE_CTX *ctx) {
725 X509_VERIFY_PARAM *vpm = ctx->param;
726 X509 *x = ctx->cert;
727 if (vpm->poison) {
728 if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL)) {
729 return 0;
730 }
731 }
732 if (vpm->hosts && check_hosts(x, vpm) <= 0) {
733 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) {
734 return 0;
735 }
736 }
737 if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
738 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) {
739 return 0;
740 }
741 }
742 if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
743 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) {
744 return 0;
745 }
746 }
747 return 1;
748 }
749
check_trust(X509_STORE_CTX * ctx)750 static int check_trust(X509_STORE_CTX *ctx) {
751 int ok;
752 X509 *x = NULL;
753 // Check all trusted certificates in chain
754 for (size_t i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
755 x = sk_X509_value(ctx->chain, i);
756 ok = X509_check_trust(x, ctx->param->trust, 0);
757 // If explicitly trusted return trusted
758 if (ok == X509_TRUST_TRUSTED) {
759 return X509_TRUST_TRUSTED;
760 }
761 // If explicitly rejected notify callback and reject if not
762 // overridden.
763 if (ok == X509_TRUST_REJECTED) {
764 ctx->error_depth = (int)i;
765 ctx->current_cert = x;
766 ctx->error = X509_V_ERR_CERT_REJECTED;
767 ok = ctx->verify_cb(0, ctx);
768 if (!ok) {
769 return X509_TRUST_REJECTED;
770 }
771 }
772 }
773 // If we accept partial chains and have at least one trusted certificate
774 // return success.
775 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
776 X509 *mx;
777 if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) {
778 return X509_TRUST_TRUSTED;
779 }
780 x = sk_X509_value(ctx->chain, 0);
781 mx = lookup_cert_match(ctx, x);
782 if (mx) {
783 (void)sk_X509_set(ctx->chain, 0, mx);
784 X509_free(x);
785 ctx->last_untrusted = 0;
786 return X509_TRUST_TRUSTED;
787 }
788 }
789
790 // If no trusted certs in chain at all return untrusted and allow
791 // standard (no issuer cert) etc errors to be indicated.
792 return X509_TRUST_UNTRUSTED;
793 }
794
check_revocation(X509_STORE_CTX * ctx)795 static int check_revocation(X509_STORE_CTX *ctx) {
796 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) {
797 return 1;
798 }
799 int last;
800 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) {
801 last = (int)sk_X509_num(ctx->chain) - 1;
802 } else {
803 // If checking CRL paths this isn't the EE certificate
804 if (ctx->parent) {
805 return 1;
806 }
807 last = 0;
808 }
809 for (int i = 0; i <= last; i++) {
810 ctx->error_depth = i;
811 int ok = check_cert(ctx);
812 if (!ok) {
813 return ok;
814 }
815 }
816 return 1;
817 }
818
check_cert(X509_STORE_CTX * ctx)819 static int check_cert(X509_STORE_CTX *ctx) {
820 X509_CRL *crl = NULL, *dcrl = NULL;
821 X509 *x;
822 int ok = 0, cnum;
823 unsigned int last_reasons;
824 cnum = ctx->error_depth;
825 x = sk_X509_value(ctx->chain, cnum);
826 ctx->current_cert = x;
827 ctx->current_issuer = NULL;
828 ctx->current_crl_score = 0;
829 ctx->current_reasons = 0;
830 while (ctx->current_reasons != CRLDP_ALL_REASONS) {
831 last_reasons = ctx->current_reasons;
832 // Try to retrieve relevant CRL
833 if (ctx->get_crl) {
834 ok = ctx->get_crl(ctx, &crl, x);
835 } else {
836 ok = get_crl_delta(ctx, &crl, &dcrl, x);
837 }
838 // If error looking up CRL, nothing we can do except notify callback
839 if (!ok) {
840 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
841 ok = ctx->verify_cb(0, ctx);
842 goto err;
843 }
844 ctx->current_crl = crl;
845 ok = ctx->check_crl(ctx, crl);
846 if (!ok) {
847 goto err;
848 }
849
850 if (dcrl) {
851 ok = ctx->check_crl(ctx, dcrl);
852 if (!ok) {
853 goto err;
854 }
855 ok = ctx->cert_crl(ctx, dcrl, x);
856 if (!ok) {
857 goto err;
858 }
859 } else {
860 ok = 1;
861 }
862
863 // Don't look in full CRL if delta reason is removefromCRL
864 if (ok != 2) {
865 ok = ctx->cert_crl(ctx, crl, x);
866 if (!ok) {
867 goto err;
868 }
869 }
870
871 X509_CRL_free(crl);
872 X509_CRL_free(dcrl);
873 crl = NULL;
874 dcrl = NULL;
875 // If reasons not updated we wont get anywhere by another iteration,
876 // so exit loop.
877 if (last_reasons == ctx->current_reasons) {
878 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
879 ok = ctx->verify_cb(0, ctx);
880 goto err;
881 }
882 }
883 err:
884 X509_CRL_free(crl);
885 X509_CRL_free(dcrl);
886
887 ctx->current_crl = NULL;
888 return ok;
889 }
890
891 // Check CRL times against values in X509_STORE_CTX
892
check_crl_time(X509_STORE_CTX * ctx,X509_CRL * crl,int notify)893 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) {
894 if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
895 return 1;
896 }
897
898 if (notify) {
899 ctx->current_crl = crl;
900 }
901 int64_t ptime;
902 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
903 ptime = ctx->param->check_time;
904 } else {
905 ptime = time(NULL);
906 }
907
908 int i = X509_cmp_time_posix(X509_CRL_get0_lastUpdate(crl), ptime);
909 if (i == 0) {
910 if (!notify) {
911 return 0;
912 }
913 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
914 if (!ctx->verify_cb(0, ctx)) {
915 return 0;
916 }
917 }
918
919 if (i > 0) {
920 if (!notify) {
921 return 0;
922 }
923 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
924 if (!ctx->verify_cb(0, ctx)) {
925 return 0;
926 }
927 }
928
929 if (X509_CRL_get0_nextUpdate(crl)) {
930 i = X509_cmp_time_posix(X509_CRL_get0_nextUpdate(crl), ptime);
931
932 if (i == 0) {
933 if (!notify) {
934 return 0;
935 }
936 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
937 if (!ctx->verify_cb(0, ctx)) {
938 return 0;
939 }
940 }
941 // Ignore expiry of base CRL is delta is valid
942 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
943 if (!notify) {
944 return 0;
945 }
946 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
947 if (!ctx->verify_cb(0, ctx)) {
948 return 0;
949 }
950 }
951 }
952
953 if (notify) {
954 ctx->current_crl = NULL;
955 }
956
957 return 1;
958 }
959
get_crl_sk(X509_STORE_CTX * ctx,X509_CRL ** pcrl,X509_CRL ** pdcrl,X509 ** pissuer,int * pscore,unsigned int * preasons,STACK_OF (X509_CRL)* crls)960 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
961 X509 **pissuer, int *pscore, unsigned int *preasons,
962 STACK_OF(X509_CRL) *crls) {
963 int crl_score, best_score = *pscore;
964 size_t i;
965 unsigned int reasons, best_reasons = 0;
966 X509 *x = ctx->current_cert;
967 X509_CRL *crl, *best_crl = NULL;
968 X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
969
970 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
971 crl = sk_X509_CRL_value(crls, i);
972 reasons = *preasons;
973 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
974 if (crl_score < best_score || crl_score == 0) {
975 continue;
976 }
977 // If current CRL is equivalent use it if it is newer
978 if (crl_score == best_score && best_crl != NULL) {
979 int day, sec;
980 if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
981 X509_CRL_get0_lastUpdate(crl)) == 0) {
982 continue;
983 }
984 // ASN1_TIME_diff never returns inconsistent signs for |day|
985 // and |sec|.
986 if (day <= 0 && sec <= 0) {
987 continue;
988 }
989 }
990 best_crl = crl;
991 best_crl_issuer = crl_issuer;
992 best_score = crl_score;
993 best_reasons = reasons;
994 }
995
996 if (best_crl) {
997 if (*pcrl) {
998 X509_CRL_free(*pcrl);
999 }
1000 *pcrl = best_crl;
1001 *pissuer = best_crl_issuer;
1002 *pscore = best_score;
1003 *preasons = best_reasons;
1004 X509_CRL_up_ref(best_crl);
1005 if (*pdcrl) {
1006 X509_CRL_free(*pdcrl);
1007 *pdcrl = NULL;
1008 }
1009 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1010 }
1011
1012 if (best_score >= CRL_SCORE_VALID) {
1013 return 1;
1014 }
1015
1016 return 0;
1017 }
1018
1019 // Compare two CRL extensions for delta checking purposes. They should be
1020 // both present or both absent. If both present all fields must be identical.
1021
crl_extension_match(X509_CRL * a,X509_CRL * b,int nid)1022 static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) {
1023 const ASN1_OCTET_STRING *exta, *extb;
1024 int i;
1025 i = X509_CRL_get_ext_by_NID(a, nid, -1);
1026 if (i >= 0) {
1027 // Can't have multiple occurrences
1028 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) {
1029 return 0;
1030 }
1031 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1032 } else {
1033 exta = NULL;
1034 }
1035
1036 i = X509_CRL_get_ext_by_NID(b, nid, -1);
1037
1038 if (i >= 0) {
1039 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) {
1040 return 0;
1041 }
1042 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1043 } else {
1044 extb = NULL;
1045 }
1046
1047 if (!exta && !extb) {
1048 return 1;
1049 }
1050
1051 if (!exta || !extb) {
1052 return 0;
1053 }
1054
1055 if (ASN1_OCTET_STRING_cmp(exta, extb)) {
1056 return 0;
1057 }
1058
1059 return 1;
1060 }
1061
1062 // See if a base and delta are compatible
1063
check_delta_base(X509_CRL * delta,X509_CRL * base)1064 static int check_delta_base(X509_CRL *delta, X509_CRL *base) {
1065 // Delta CRL must be a delta
1066 if (!delta->base_crl_number) {
1067 return 0;
1068 }
1069 // Base must have a CRL number
1070 if (!base->crl_number) {
1071 return 0;
1072 }
1073 // Issuer names must match
1074 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) {
1075 return 0;
1076 }
1077 // AKID and IDP must match
1078 if (!crl_extension_match(delta, base, NID_authority_key_identifier)) {
1079 return 0;
1080 }
1081 if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) {
1082 return 0;
1083 }
1084 // Delta CRL base number must not exceed Full CRL number.
1085 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) {
1086 return 0;
1087 }
1088 // Delta CRL number must exceed full CRL number
1089 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) {
1090 return 1;
1091 }
1092 return 0;
1093 }
1094
1095 // For a given base CRL find a delta... maybe extend to delta scoring or
1096 // retrieve a chain of deltas...
1097
get_delta_sk(X509_STORE_CTX * ctx,X509_CRL ** dcrl,int * pscore,X509_CRL * base,STACK_OF (X509_CRL)* crls)1098 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1099 X509_CRL *base, STACK_OF(X509_CRL) *crls) {
1100 X509_CRL *delta;
1101 size_t i;
1102 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) {
1103 return;
1104 }
1105 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) {
1106 return;
1107 }
1108 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1109 delta = sk_X509_CRL_value(crls, i);
1110 if (check_delta_base(delta, base)) {
1111 if (check_crl_time(ctx, delta, 0)) {
1112 *pscore |= CRL_SCORE_TIME_DELTA;
1113 }
1114 X509_CRL_up_ref(delta);
1115 *dcrl = delta;
1116 return;
1117 }
1118 }
1119 *dcrl = NULL;
1120 }
1121
1122 // For a given CRL return how suitable it is for the supplied certificate
1123 // 'x'. The return value is a mask of several criteria. If the issuer is not
1124 // the certificate issuer this is returned in *pissuer. The reasons mask is
1125 // also used to determine if the CRL is suitable: if no new reasons the CRL
1126 // is rejected, otherwise reasons is updated.
1127
get_crl_score(X509_STORE_CTX * ctx,X509 ** pissuer,unsigned int * preasons,X509_CRL * crl,X509 * x)1128 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1129 unsigned int *preasons, X509_CRL *crl, X509 *x) {
1130 int crl_score = 0;
1131 unsigned int tmp_reasons = *preasons, crl_reasons;
1132
1133 // First see if we can reject CRL straight away
1134
1135 // Invalid IDP cannot be processed
1136 if (crl->idp_flags & IDP_INVALID) {
1137 return 0;
1138 }
1139 // Reason codes or indirect CRLs need extended CRL support
1140 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1141 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) {
1142 return 0;
1143 }
1144 } else if (crl->idp_flags & IDP_REASONS) {
1145 // If no new reasons reject
1146 if (!(crl->idp_reasons & ~tmp_reasons)) {
1147 return 0;
1148 }
1149 }
1150 // Don't process deltas at this stage
1151 else if (crl->base_crl_number) {
1152 return 0;
1153 }
1154 // If issuer name doesn't match certificate need indirect CRL
1155 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1156 if (!(crl->idp_flags & IDP_INDIRECT)) {
1157 return 0;
1158 }
1159 } else {
1160 crl_score |= CRL_SCORE_ISSUER_NAME;
1161 }
1162
1163 if (!(crl->flags & EXFLAG_CRITICAL)) {
1164 crl_score |= CRL_SCORE_NOCRITICAL;
1165 }
1166
1167 // Check expiry
1168 if (check_crl_time(ctx, crl, 0)) {
1169 crl_score |= CRL_SCORE_TIME;
1170 }
1171
1172 // Check authority key ID and locate certificate issuer
1173 crl_akid_check(ctx, crl, pissuer, &crl_score);
1174
1175 // If we can't locate certificate issuer at this point forget it
1176
1177 if (!(crl_score & CRL_SCORE_AKID)) {
1178 return 0;
1179 }
1180
1181 // Check cert for matching CRL distribution points
1182
1183 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1184 // If no new reasons reject
1185 if (!(crl_reasons & ~tmp_reasons)) {
1186 return 0;
1187 }
1188 tmp_reasons |= crl_reasons;
1189 crl_score |= CRL_SCORE_SCOPE;
1190 }
1191
1192 *preasons = tmp_reasons;
1193
1194 return crl_score;
1195 }
1196
crl_akid_check(X509_STORE_CTX * ctx,X509_CRL * crl,X509 ** pissuer,int * pcrl_score)1197 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
1198 int *pcrl_score) {
1199 X509 *crl_issuer = NULL;
1200 X509_NAME *cnm = X509_CRL_get_issuer(crl);
1201 int cidx = ctx->error_depth;
1202 size_t i;
1203
1204 if ((size_t)cidx != sk_X509_num(ctx->chain) - 1) {
1205 cidx++;
1206 }
1207
1208 crl_issuer = sk_X509_value(ctx->chain, cidx);
1209
1210 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1211 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1212 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1213 *pissuer = crl_issuer;
1214 return;
1215 }
1216 }
1217
1218 for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1219 crl_issuer = sk_X509_value(ctx->chain, cidx);
1220 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1221 continue;
1222 }
1223 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1224 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1225 *pissuer = crl_issuer;
1226 return;
1227 }
1228 }
1229
1230 // Anything else needs extended CRL support
1231
1232 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1233 return;
1234 }
1235
1236 // Otherwise the CRL issuer is not on the path. Look for it in the set of
1237 // untrusted certificates.
1238 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1239 crl_issuer = sk_X509_value(ctx->untrusted, i);
1240 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1241 continue;
1242 }
1243 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1244 *pissuer = crl_issuer;
1245 *pcrl_score |= CRL_SCORE_AKID;
1246 return;
1247 }
1248 }
1249 }
1250
1251 // Check the path of a CRL issuer certificate. This creates a new
1252 // X509_STORE_CTX and populates it with most of the parameters from the
1253 // parent. This could be optimised somewhat since a lot of path checking will
1254 // be duplicated by the parent, but this will rarely be used in practice.
1255
check_crl_path(X509_STORE_CTX * ctx,X509 * x)1256 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) {
1257 X509_STORE_CTX crl_ctx;
1258 int ret;
1259 // Don't allow recursive CRL path validation
1260 if (ctx->parent) {
1261 return 0;
1262 }
1263 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) {
1264 return -1;
1265 }
1266
1267 crl_ctx.crls = ctx->crls;
1268 // Copy verify params across
1269 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1270
1271 crl_ctx.parent = ctx;
1272 crl_ctx.verify_cb = ctx->verify_cb;
1273
1274 // Verify CRL issuer
1275 ret = X509_verify_cert(&crl_ctx);
1276
1277 if (ret <= 0) {
1278 goto err;
1279 }
1280
1281 // Check chain is acceptable
1282
1283 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1284 err:
1285 X509_STORE_CTX_cleanup(&crl_ctx);
1286 return ret;
1287 }
1288
1289 // RFC 3280 says nothing about the relationship between CRL path and
1290 // certificate path, which could lead to situations where a certificate could
1291 // be revoked or validated by a CA not authorised to do so. RFC 5280 is more
1292 // strict and states that the two paths must end in the same trust anchor,
1293 // though some discussions remain... until this is resolved we use the
1294 // RFC 5280 version
1295
check_crl_chain(X509_STORE_CTX * ctx,STACK_OF (X509)* cert_path,STACK_OF (X509)* crl_path)1296 static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
1297 STACK_OF(X509) *crl_path) {
1298 X509 *cert_ta, *crl_ta;
1299 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1300 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1301 if (!X509_cmp(cert_ta, crl_ta)) {
1302 return 1;
1303 }
1304 return 0;
1305 }
1306
1307 // Check for match between two dist point names: three separate cases. 1.
1308 // Both are relative names and compare X509_NAME types. 2. One full, one
1309 // relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1310 // compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1311
idp_check_dp(DIST_POINT_NAME * a,DIST_POINT_NAME * b)1312 static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) {
1313 X509_NAME *nm = NULL;
1314 GENERAL_NAMES *gens = NULL;
1315 GENERAL_NAME *gena, *genb;
1316 size_t i, j;
1317 if (!a || !b) {
1318 return 1;
1319 }
1320 if (a->type == 1) {
1321 if (!a->dpname) {
1322 return 0;
1323 }
1324 // Case 1: two X509_NAME
1325 if (b->type == 1) {
1326 if (!b->dpname) {
1327 return 0;
1328 }
1329 if (!X509_NAME_cmp(a->dpname, b->dpname)) {
1330 return 1;
1331 } else {
1332 return 0;
1333 }
1334 }
1335 // Case 2: set name and GENERAL_NAMES appropriately
1336 nm = a->dpname;
1337 gens = b->name.fullname;
1338 } else if (b->type == 1) {
1339 if (!b->dpname) {
1340 return 0;
1341 }
1342 // Case 2: set name and GENERAL_NAMES appropriately
1343 gens = a->name.fullname;
1344 nm = b->dpname;
1345 }
1346
1347 // Handle case 2 with one GENERAL_NAMES and one X509_NAME
1348 if (nm) {
1349 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1350 gena = sk_GENERAL_NAME_value(gens, i);
1351 if (gena->type != GEN_DIRNAME) {
1352 continue;
1353 }
1354 if (!X509_NAME_cmp(nm, gena->d.directoryName)) {
1355 return 1;
1356 }
1357 }
1358 return 0;
1359 }
1360
1361 // Else case 3: two GENERAL_NAMES
1362
1363 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1364 gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1365 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1366 genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1367 if (!GENERAL_NAME_cmp(gena, genb)) {
1368 return 1;
1369 }
1370 }
1371 }
1372
1373 return 0;
1374 }
1375
crldp_check_crlissuer(DIST_POINT * dp,X509_CRL * crl,int crl_score)1376 static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) {
1377 size_t i;
1378 X509_NAME *nm = X509_CRL_get_issuer(crl);
1379 // If no CRLissuer return is successful iff don't need a match
1380 if (!dp->CRLissuer) {
1381 return !!(crl_score & CRL_SCORE_ISSUER_NAME);
1382 }
1383 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1384 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1385 if (gen->type != GEN_DIRNAME) {
1386 continue;
1387 }
1388 if (!X509_NAME_cmp(gen->d.directoryName, nm)) {
1389 return 1;
1390 }
1391 }
1392 return 0;
1393 }
1394
1395 // Check CRLDP and IDP
1396
crl_crldp_check(X509 * x,X509_CRL * crl,int crl_score,unsigned int * preasons)1397 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1398 unsigned int *preasons) {
1399 size_t i;
1400 if (crl->idp_flags & IDP_ONLYATTR) {
1401 return 0;
1402 }
1403 if (x->ex_flags & EXFLAG_CA) {
1404 if (crl->idp_flags & IDP_ONLYUSER) {
1405 return 0;
1406 }
1407 } else {
1408 if (crl->idp_flags & IDP_ONLYCA) {
1409 return 0;
1410 }
1411 }
1412 *preasons = crl->idp_reasons;
1413 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1414 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1415 if (crldp_check_crlissuer(dp, crl, crl_score)) {
1416 if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1417 *preasons &= dp->dp_reasons;
1418 return 1;
1419 }
1420 }
1421 }
1422 if ((!crl->idp || !crl->idp->distpoint) &&
1423 (crl_score & CRL_SCORE_ISSUER_NAME)) {
1424 return 1;
1425 }
1426 return 0;
1427 }
1428
1429 // Retrieve CRL corresponding to current certificate. If deltas enabled try
1430 // to find a delta CRL too
1431
get_crl_delta(X509_STORE_CTX * ctx,X509_CRL ** pcrl,X509_CRL ** pdcrl,X509 * x)1432 static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1433 X509 *x) {
1434 int ok;
1435 X509 *issuer = NULL;
1436 int crl_score = 0;
1437 unsigned int reasons;
1438 X509_CRL *crl = NULL, *dcrl = NULL;
1439 STACK_OF(X509_CRL) *skcrl;
1440 X509_NAME *nm = X509_get_issuer_name(x);
1441 reasons = ctx->current_reasons;
1442 ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, ctx->crls);
1443
1444 if (ok) {
1445 goto done;
1446 }
1447
1448 // Lookup CRLs from store
1449
1450 skcrl = ctx->lookup_crls(ctx, nm);
1451
1452 // If no CRLs found and a near match from get_crl_sk use that
1453 if (!skcrl && crl) {
1454 goto done;
1455 }
1456
1457 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1458
1459 sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1460
1461 done:
1462
1463 // If we got any kind of CRL use it and return success
1464 if (crl) {
1465 ctx->current_issuer = issuer;
1466 ctx->current_crl_score = crl_score;
1467 ctx->current_reasons = reasons;
1468 *pcrl = crl;
1469 *pdcrl = dcrl;
1470 return 1;
1471 }
1472
1473 return 0;
1474 }
1475
1476 // Check CRL validity
check_crl(X509_STORE_CTX * ctx,X509_CRL * crl)1477 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) {
1478 X509 *issuer = NULL;
1479 EVP_PKEY *ikey = NULL;
1480 int ok = 0;
1481 int cnum = ctx->error_depth;
1482 int chnum = (int)sk_X509_num(ctx->chain) - 1;
1483 // if we have an alternative CRL issuer cert use that
1484 if (ctx->current_issuer) {
1485 issuer = ctx->current_issuer;
1486 }
1487
1488 // Else find CRL issuer: if not last certificate then issuer is next
1489 // certificate in chain.
1490 else if (cnum < chnum) {
1491 issuer = sk_X509_value(ctx->chain, cnum + 1);
1492 } else {
1493 issuer = sk_X509_value(ctx->chain, chnum);
1494 // If not self signed, can't check signature
1495 if (!ctx->check_issued(ctx, issuer, issuer)) {
1496 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1497 ok = ctx->verify_cb(0, ctx);
1498 if (!ok) {
1499 goto err;
1500 }
1501 }
1502 }
1503
1504 if (issuer) {
1505 // Skip most tests for deltas because they have already been done
1506 if (!crl->base_crl_number) {
1507 // Check for cRLSign bit if keyUsage present
1508 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1509 !(issuer->ex_kusage & KU_CRL_SIGN)) {
1510 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1511 ok = ctx->verify_cb(0, ctx);
1512 if (!ok) {
1513 goto err;
1514 }
1515 }
1516
1517 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1518 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1519 ok = ctx->verify_cb(0, ctx);
1520 if (!ok) {
1521 goto err;
1522 }
1523 }
1524
1525 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1526 if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1527 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1528 ok = ctx->verify_cb(0, ctx);
1529 if (!ok) {
1530 goto err;
1531 }
1532 }
1533 }
1534
1535 if (crl->idp_flags & IDP_INVALID) {
1536 ctx->error = X509_V_ERR_INVALID_EXTENSION;
1537 ok = ctx->verify_cb(0, ctx);
1538 if (!ok) {
1539 goto err;
1540 }
1541 }
1542 }
1543
1544 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1545 ok = check_crl_time(ctx, crl, 1);
1546 if (!ok) {
1547 goto err;
1548 }
1549 }
1550
1551 // Attempt to get issuer certificate public key
1552 ikey = X509_get_pubkey(issuer);
1553
1554 if (!ikey) {
1555 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1556 ok = ctx->verify_cb(0, ctx);
1557 if (!ok) {
1558 goto err;
1559 }
1560 } else {
1561 // Verify CRL signature
1562 if (X509_CRL_verify(crl, ikey) <= 0) {
1563 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1564 ok = ctx->verify_cb(0, ctx);
1565 if (!ok) {
1566 goto err;
1567 }
1568 }
1569 }
1570 }
1571
1572 ok = 1;
1573
1574 err:
1575 EVP_PKEY_free(ikey);
1576 return ok;
1577 }
1578
1579 // Check certificate against CRL
cert_crl(X509_STORE_CTX * ctx,X509_CRL * crl,X509 * x)1580 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) {
1581 int ok;
1582 X509_REVOKED *rev;
1583 // The rules changed for this... previously if a CRL contained unhandled
1584 // critical extensions it could still be used to indicate a certificate
1585 // was revoked. This has since been changed since critical extension can
1586 // change the meaning of CRL entries.
1587 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
1588 (crl->flags & EXFLAG_CRITICAL)) {
1589 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1590 ok = ctx->verify_cb(0, ctx);
1591 if (!ok) {
1592 return 0;
1593 }
1594 }
1595 // Look for serial number of certificate in CRL If found make sure reason
1596 // is not removeFromCRL.
1597 if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1598 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) {
1599 return 2;
1600 }
1601 ctx->error = X509_V_ERR_CERT_REVOKED;
1602 ok = ctx->verify_cb(0, ctx);
1603 if (!ok) {
1604 return 0;
1605 }
1606 }
1607
1608 return 1;
1609 }
1610
check_policy(X509_STORE_CTX * ctx)1611 static int check_policy(X509_STORE_CTX *ctx) {
1612 // TODO(davidben): Why do we disable policy validation for CRL paths?
1613 if (ctx->parent) {
1614 return 1;
1615 }
1616
1617 X509 *current_cert = NULL;
1618 int ret = X509_policy_check(ctx->chain, ctx->param->policies,
1619 ctx->param->flags, ¤t_cert);
1620 if (ret != X509_V_OK) {
1621 ctx->current_cert = current_cert;
1622 ctx->error = ret;
1623 if (ret == X509_V_ERR_OUT_OF_MEM) {
1624 return 0;
1625 }
1626 return ctx->verify_cb(0, ctx);
1627 }
1628
1629 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1630 ctx->current_cert = NULL;
1631 // Verification errors need to be "sticky", a callback may have allowed
1632 // an SSL handshake to continue despite an error, and we must then
1633 // remain in an error state. Therefore, we MUST NOT clear earlier
1634 // verification errors by setting the error to X509_V_OK.
1635 if (!ctx->verify_cb(2, ctx)) {
1636 return 0;
1637 }
1638 }
1639
1640 return 1;
1641 }
1642
check_cert_time(X509_STORE_CTX * ctx,X509 * x)1643 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) {
1644 if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
1645 return 1;
1646 }
1647
1648 int64_t ptime;
1649 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
1650 ptime = ctx->param->check_time;
1651 } else {
1652 ptime = time(NULL);
1653 }
1654
1655 int i = X509_cmp_time_posix(X509_get_notBefore(x), ptime);
1656 if (i == 0) {
1657 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1658 ctx->current_cert = x;
1659 if (!ctx->verify_cb(0, ctx)) {
1660 return 0;
1661 }
1662 }
1663
1664 if (i > 0) {
1665 ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1666 ctx->current_cert = x;
1667 if (!ctx->verify_cb(0, ctx)) {
1668 return 0;
1669 }
1670 }
1671
1672 i = X509_cmp_time_posix(X509_get_notAfter(x), ptime);
1673 if (i == 0) {
1674 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1675 ctx->current_cert = x;
1676 if (!ctx->verify_cb(0, ctx)) {
1677 return 0;
1678 }
1679 }
1680
1681 if (i < 0) {
1682 ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1683 ctx->current_cert = x;
1684 if (!ctx->verify_cb(0, ctx)) {
1685 return 0;
1686 }
1687 }
1688
1689 return 1;
1690 }
1691
internal_verify(X509_STORE_CTX * ctx)1692 static int internal_verify(X509_STORE_CTX *ctx) {
1693 int ok = 0;
1694 X509 *xs, *xi;
1695 EVP_PKEY *pkey = NULL;
1696
1697 int n = (int)sk_X509_num(ctx->chain);
1698 ctx->error_depth = n - 1;
1699 n--;
1700 xi = sk_X509_value(ctx->chain, n);
1701
1702 if (ctx->check_issued(ctx, xi, xi)) {
1703 xs = xi;
1704 } else {
1705 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1706 xs = xi;
1707 goto check_cert;
1708 }
1709 if (n <= 0) {
1710 ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1711 ctx->current_cert = xi;
1712 ok = ctx->verify_cb(0, ctx);
1713 goto end;
1714 } else {
1715 n--;
1716 ctx->error_depth = n;
1717 xs = sk_X509_value(ctx->chain, n);
1718 }
1719 }
1720
1721 // ctx->error=0; not needed
1722 while (n >= 0) {
1723 ctx->error_depth = n;
1724
1725 // Skip signature check for self signed certificates unless
1726 // explicitly asked for. It doesn't add any security and just wastes
1727 // time.
1728 if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1729 if ((pkey = X509_get_pubkey(xi)) == NULL) {
1730 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1731 ctx->current_cert = xi;
1732 ok = ctx->verify_cb(0, ctx);
1733 if (!ok) {
1734 goto end;
1735 }
1736 } else if (X509_verify(xs, pkey) <= 0) {
1737 ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1738 ctx->current_cert = xs;
1739 ok = ctx->verify_cb(0, ctx);
1740 if (!ok) {
1741 EVP_PKEY_free(pkey);
1742 goto end;
1743 }
1744 }
1745 EVP_PKEY_free(pkey);
1746 pkey = NULL;
1747 }
1748
1749 check_cert:
1750 ok = check_cert_time(ctx, xs);
1751 if (!ok) {
1752 goto end;
1753 }
1754
1755 // The last error (if any) is still in the error value
1756 ctx->current_issuer = xi;
1757 ctx->current_cert = xs;
1758 ok = ctx->verify_cb(1, ctx);
1759 if (!ok) {
1760 goto end;
1761 }
1762
1763 n--;
1764 if (n >= 0) {
1765 xi = xs;
1766 xs = sk_X509_value(ctx->chain, n);
1767 }
1768 }
1769 ok = 1;
1770 end:
1771 return ok;
1772 }
1773
X509_cmp_current_time(const ASN1_TIME * ctm)1774 int X509_cmp_current_time(const ASN1_TIME *ctm) {
1775 return X509_cmp_time_posix(ctm, time(NULL));
1776 }
1777
X509_cmp_time(const ASN1_TIME * ctm,const time_t * cmp_time)1778 int X509_cmp_time(const ASN1_TIME *ctm, const time_t *cmp_time) {
1779 int64_t compare_time = (cmp_time == NULL) ? time(NULL) : *cmp_time;
1780 return X509_cmp_time_posix(ctm, compare_time);
1781 }
1782
X509_cmp_time_posix(const ASN1_TIME * ctm,int64_t cmp_time)1783 int X509_cmp_time_posix(const ASN1_TIME *ctm, int64_t cmp_time) {
1784 int64_t ctm_time;
1785 if (!ASN1_TIME_to_posix(ctm, &ctm_time)) {
1786 return 0;
1787 }
1788 // The return value 0 is reserved for errors.
1789 return (ctm_time - cmp_time <= 0) ? -1 : 1;
1790 }
1791
X509_gmtime_adj(ASN1_TIME * s,long offset_sec)1792 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec) {
1793 return X509_time_adj(s, offset_sec, NULL);
1794 }
1795
X509_time_adj(ASN1_TIME * s,long offset_sec,const time_t * in_tm)1796 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, const time_t *in_tm) {
1797 return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1798 }
1799
X509_time_adj_ex(ASN1_TIME * s,int offset_day,long offset_sec,const time_t * in_tm)1800 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec,
1801 const time_t *in_tm) {
1802 int64_t t = 0;
1803
1804 if (in_tm) {
1805 t = *in_tm;
1806 } else {
1807 t = time(NULL);
1808 }
1809
1810 return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1811 }
1812
X509_STORE_CTX_get_ex_new_index(long argl,void * argp,CRYPTO_EX_unused * unused,CRYPTO_EX_dup * dup_unused,CRYPTO_EX_free * free_func)1813 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
1814 CRYPTO_EX_unused *unused,
1815 CRYPTO_EX_dup *dup_unused,
1816 CRYPTO_EX_free *free_func) {
1817 // This function is (usually) called only once, by
1818 // SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
1819 int index;
1820 if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
1821 free_func)) {
1822 return -1;
1823 }
1824 return index;
1825 }
1826
X509_STORE_CTX_set_ex_data(X509_STORE_CTX * ctx,int idx,void * data)1827 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) {
1828 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
1829 }
1830
X509_STORE_CTX_get_ex_data(X509_STORE_CTX * ctx,int idx)1831 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) {
1832 return CRYPTO_get_ex_data(&ctx->ex_data, idx);
1833 }
1834
X509_STORE_CTX_get_error(X509_STORE_CTX * ctx)1835 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { return ctx->error; }
1836
X509_STORE_CTX_set_error(X509_STORE_CTX * ctx,int err)1837 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) {
1838 ctx->error = err;
1839 }
1840
X509_STORE_CTX_get_error_depth(X509_STORE_CTX * ctx)1841 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) {
1842 return ctx->error_depth;
1843 }
1844
X509_STORE_CTX_get_current_cert(X509_STORE_CTX * ctx)1845 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) {
1846 return ctx->current_cert;
1847 }
1848
STACK_OF(X509)1849 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) {
1850 return ctx->chain;
1851 }
1852
STACK_OF(X509)1853 STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) {
1854 return ctx->chain;
1855 }
1856
STACK_OF(X509)1857 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) {
1858 if (!ctx->chain) {
1859 return NULL;
1860 }
1861 return X509_chain_up_ref(ctx->chain);
1862 }
1863
X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX * ctx)1864 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) {
1865 return ctx->current_issuer;
1866 }
1867
X509_STORE_CTX_get0_current_crl(X509_STORE_CTX * ctx)1868 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) {
1869 return ctx->current_crl;
1870 }
1871
X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX * ctx)1872 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) {
1873 return ctx->parent;
1874 }
1875
X509_STORE_CTX_set_cert(X509_STORE_CTX * ctx,X509 * x)1876 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert = x; }
1877
X509_STORE_CTX_set_chain(X509_STORE_CTX * ctx,STACK_OF (X509)* sk)1878 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
1879 ctx->untrusted = sk;
1880 }
1881
STACK_OF(X509)1882 STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) {
1883 return ctx->untrusted;
1884 }
1885
X509_STORE_CTX_set0_crls(X509_STORE_CTX * ctx,STACK_OF (X509_CRL)* sk)1886 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) {
1887 ctx->crls = sk;
1888 }
1889
X509_STORE_CTX_set_purpose(X509_STORE_CTX * ctx,int purpose)1890 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) {
1891 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
1892 }
1893
X509_STORE_CTX_set_trust(X509_STORE_CTX * ctx,int trust)1894 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) {
1895 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
1896 }
1897
1898 // This function is used to set the X509_STORE_CTX purpose and trust values.
1899 // This is intended to be used when another structure has its own trust and
1900 // purpose values which (if set) will be inherited by the ctx. If they aren't
1901 // set then we will usually have a default purpose in mind which should then
1902 // be used to set the trust value. An example of this is SSL use: an SSL
1903 // structure will have its own purpose and trust settings which the
1904 // application can set: if they aren't set then we use the default of SSL
1905 // client/server.
1906
X509_STORE_CTX_purpose_inherit(X509_STORE_CTX * ctx,int def_purpose,int purpose,int trust)1907 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
1908 int purpose, int trust) {
1909 int idx;
1910 // If purpose not set use default
1911 if (!purpose) {
1912 purpose = def_purpose;
1913 }
1914 // If we have a purpose then check it is valid
1915 if (purpose) {
1916 X509_PURPOSE *ptmp;
1917 idx = X509_PURPOSE_get_by_id(purpose);
1918 if (idx == -1) {
1919 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
1920 return 0;
1921 }
1922 ptmp = X509_PURPOSE_get0(idx);
1923 if (ptmp->trust == X509_TRUST_DEFAULT) {
1924 idx = X509_PURPOSE_get_by_id(def_purpose);
1925 if (idx == -1) {
1926 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
1927 return 0;
1928 }
1929 ptmp = X509_PURPOSE_get0(idx);
1930 }
1931 // If trust not set then get from purpose default
1932 if (!trust) {
1933 trust = ptmp->trust;
1934 }
1935 }
1936 if (trust) {
1937 idx = X509_TRUST_get_by_id(trust);
1938 if (idx == -1) {
1939 OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
1940 return 0;
1941 }
1942 }
1943
1944 if (purpose && !ctx->param->purpose) {
1945 ctx->param->purpose = purpose;
1946 }
1947 if (trust && !ctx->param->trust) {
1948 ctx->param->trust = trust;
1949 }
1950 return 1;
1951 }
1952
X509_STORE_CTX_new(void)1953 X509_STORE_CTX *X509_STORE_CTX_new(void) {
1954 X509_STORE_CTX *ctx;
1955 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
1956 if (!ctx) {
1957 return NULL;
1958 }
1959 X509_STORE_CTX_zero(ctx);
1960 return ctx;
1961 }
1962
X509_STORE_CTX_zero(X509_STORE_CTX * ctx)1963 void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) {
1964 OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
1965 }
1966
X509_STORE_CTX_free(X509_STORE_CTX * ctx)1967 void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
1968 if (ctx == NULL) {
1969 return;
1970 }
1971 X509_STORE_CTX_cleanup(ctx);
1972 OPENSSL_free(ctx);
1973 }
1974
X509_STORE_CTX_init(X509_STORE_CTX * ctx,X509_STORE * store,X509 * x509,STACK_OF (X509)* chain)1975 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
1976 STACK_OF(X509) *chain) {
1977 X509_STORE_CTX_zero(ctx);
1978 ctx->ctx = store;
1979 ctx->cert = x509;
1980 ctx->untrusted = chain;
1981
1982 CRYPTO_new_ex_data(&ctx->ex_data);
1983
1984 if (store == NULL) {
1985 OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
1986 goto err;
1987 }
1988
1989 ctx->param = X509_VERIFY_PARAM_new();
1990 if (!ctx->param) {
1991 goto err;
1992 }
1993
1994 // Inherit callbacks and flags from X509_STORE.
1995
1996 ctx->verify_cb = store->verify_cb;
1997 ctx->cleanup = store->cleanup;
1998
1999 if (!X509_VERIFY_PARAM_inherit(ctx->param, store->param) ||
2000 !X509_VERIFY_PARAM_inherit(ctx->param,
2001 X509_VERIFY_PARAM_lookup("default"))) {
2002 goto err;
2003 }
2004
2005 if (store->check_issued) {
2006 ctx->check_issued = store->check_issued;
2007 } else {
2008 ctx->check_issued = check_issued;
2009 }
2010
2011 if (store->get_issuer) {
2012 ctx->get_issuer = store->get_issuer;
2013 } else {
2014 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2015 }
2016
2017 if (store->verify_cb) {
2018 ctx->verify_cb = store->verify_cb;
2019 } else {
2020 ctx->verify_cb = null_callback;
2021 }
2022
2023 if (store->verify) {
2024 ctx->verify = store->verify;
2025 } else {
2026 ctx->verify = internal_verify;
2027 }
2028
2029 if (store->check_revocation) {
2030 ctx->check_revocation = store->check_revocation;
2031 } else {
2032 ctx->check_revocation = check_revocation;
2033 }
2034
2035 if (store->get_crl) {
2036 ctx->get_crl = store->get_crl;
2037 } else {
2038 ctx->get_crl = NULL;
2039 }
2040
2041 if (store->check_crl) {
2042 ctx->check_crl = store->check_crl;
2043 } else {
2044 ctx->check_crl = check_crl;
2045 }
2046
2047 if (store->cert_crl) {
2048 ctx->cert_crl = store->cert_crl;
2049 } else {
2050 ctx->cert_crl = cert_crl;
2051 }
2052
2053 if (store->lookup_certs) {
2054 ctx->lookup_certs = store->lookup_certs;
2055 } else {
2056 ctx->lookup_certs = X509_STORE_get1_certs;
2057 }
2058
2059 if (store->lookup_crls) {
2060 ctx->lookup_crls = store->lookup_crls;
2061 } else {
2062 ctx->lookup_crls = X509_STORE_get1_crls;
2063 }
2064
2065 ctx->check_policy = check_policy;
2066
2067 return 1;
2068
2069 err:
2070 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2071 if (ctx->param != NULL) {
2072 X509_VERIFY_PARAM_free(ctx->param);
2073 }
2074
2075 OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2076 return 0;
2077 }
2078
2079 // Set alternative lookup method: just a STACK of trusted certificates. This
2080 // avoids X509_STORE nastiness where it isn't needed.
2081
X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX * ctx,STACK_OF (X509)* sk)2082 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2083 STACK_OF(X509) *sk) {
2084 ctx->other_ctx = sk;
2085 ctx->get_issuer = get_issuer_sk;
2086 }
2087
X509_STORE_CTX_trusted_stack(X509_STORE_CTX * ctx,STACK_OF (X509)* sk)2088 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
2089 X509_STORE_CTX_set0_trusted_stack(ctx, sk);
2090 }
2091
X509_STORE_CTX_cleanup(X509_STORE_CTX * ctx)2092 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) {
2093 // We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2094 // also calls this function.
2095 if (ctx->cleanup != NULL) {
2096 ctx->cleanup(ctx);
2097 ctx->cleanup = NULL;
2098 }
2099 if (ctx->param != NULL) {
2100 if (ctx->parent == NULL) {
2101 X509_VERIFY_PARAM_free(ctx->param);
2102 }
2103 ctx->param = NULL;
2104 }
2105 if (ctx->chain != NULL) {
2106 sk_X509_pop_free(ctx->chain, X509_free);
2107 ctx->chain = NULL;
2108 }
2109 CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2110 OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2111 }
2112
X509_STORE_CTX_set_depth(X509_STORE_CTX * ctx,int depth)2113 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) {
2114 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2115 }
2116
X509_STORE_CTX_set_flags(X509_STORE_CTX * ctx,unsigned long flags)2117 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) {
2118 X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2119 }
2120
X509_STORE_CTX_set_time_posix(X509_STORE_CTX * ctx,unsigned long flags,int64_t t)2121 void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx, unsigned long flags,
2122 int64_t t) {
2123 X509_VERIFY_PARAM_set_time_posix(ctx->param, t);
2124 }
2125
X509_STORE_CTX_set_time(X509_STORE_CTX * ctx,unsigned long flags,time_t t)2126 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2127 time_t t) {
2128 X509_STORE_CTX_set_time_posix(ctx, flags, t);
2129 }
2130
X509_STORE_CTX_get0_cert(X509_STORE_CTX * ctx)2131 X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) {
2132 return ctx->cert;
2133 }
2134
X509_STORE_CTX_set_verify_cb(X509_STORE_CTX * ctx,int (* verify_cb)(int,X509_STORE_CTX *))2135 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2136 int (*verify_cb)(int, X509_STORE_CTX *)) {
2137 ctx->verify_cb = verify_cb;
2138 }
2139
X509_STORE_CTX_set_default(X509_STORE_CTX * ctx,const char * name)2140 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) {
2141 const X509_VERIFY_PARAM *param;
2142 param = X509_VERIFY_PARAM_lookup(name);
2143 if (!param) {
2144 return 0;
2145 }
2146 return X509_VERIFY_PARAM_inherit(ctx->param, param);
2147 }
2148
X509_STORE_CTX_get0_param(X509_STORE_CTX * ctx)2149 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) {
2150 return ctx->param;
2151 }
2152
X509_STORE_CTX_set0_param(X509_STORE_CTX * ctx,X509_VERIFY_PARAM * param)2153 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) {
2154 if (ctx->param) {
2155 X509_VERIFY_PARAM_free(ctx->param);
2156 }
2157 ctx->param = param;
2158 }
2159