1 /* v3_purp.c */
2 /*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 2001.
5 */
6 /* ====================================================================
7 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com). */
57
58 #include <stdio.h>
59
60 #include <string.h>
61
62 #include <openssl/err.h>
63 #include <openssl/digest.h>
64 #include <openssl/mem.h>
65 #include <openssl/obj.h>
66 #include <openssl/thread.h>
67 #include <openssl/x509_vfy.h>
68 #include <openssl/x509v3.h>
69
70 #include "../internal.h"
71 #include "../x509/internal.h"
72 #include "internal.h"
73
74 #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
75 #define ku_reject(x, usage) \
76 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
77 #define xku_reject(x, usage) \
78 (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
79 #define ns_reject(x, usage) \
80 (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
81
82 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
83 int ca);
84 static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
85 int ca);
86 static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
87 int ca);
88 static int purpose_smime(const X509 *x, int ca);
89 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
90 int ca);
91 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
92 int ca);
93 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
94 int ca);
95 static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
96 int ca);
97 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
98 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
99
100 static int xp_cmp(const X509_PURPOSE **a, const X509_PURPOSE **b);
101 static void xptable_free(X509_PURPOSE *p);
102
103 static X509_PURPOSE xstandard[] = {
104 {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
105 check_purpose_ssl_client, (char *)"SSL client", (char *)"sslclient",
106 NULL},
107 {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
108 check_purpose_ssl_server, (char *)"SSL server", (char *)"sslserver",
109 NULL},
110 {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
111 check_purpose_ns_ssl_server, (char *)"Netscape SSL server",
112 (char *)"nssslserver", NULL},
113 {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
114 (char *)"S/MIME signing", (char *)"smimesign", NULL},
115 {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
116 check_purpose_smime_encrypt, (char *)"S/MIME encryption",
117 (char *)"smimeencrypt", NULL},
118 {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
119 (char *)"CRL signing", (char *)"crlsign", NULL},
120 {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, (char *)"Any Purpose",
121 (char *)"any", NULL},
122 {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
123 (char *)"OCSP helper", (char *)"ocsphelper", NULL},
124 {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
125 check_purpose_timestamp_sign, (char *)"Time Stamp signing",
126 (char *)"timestampsign", NULL},
127 };
128
129 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
130
131 static STACK_OF(X509_PURPOSE) *xptable = NULL;
132
xp_cmp(const X509_PURPOSE ** a,const X509_PURPOSE ** b)133 static int xp_cmp(const X509_PURPOSE **a, const X509_PURPOSE **b)
134 {
135 return (*a)->purpose - (*b)->purpose;
136 }
137
138 /*
139 * As much as I'd like to make X509_check_purpose use a "const" X509* I
140 * really can't because it does recalculate hashes and do other non-const
141 * things.
142 */
X509_check_purpose(X509 * x,int id,int ca)143 int X509_check_purpose(X509 *x, int id, int ca)
144 {
145 int idx;
146 const X509_PURPOSE *pt;
147 if (!x509v3_cache_extensions(x)) {
148 return -1;
149 }
150
151 if (id == -1)
152 return 1;
153 idx = X509_PURPOSE_get_by_id(id);
154 if (idx == -1)
155 return -1;
156 pt = X509_PURPOSE_get0(idx);
157 return pt->check_purpose(pt, x, ca);
158 }
159
X509_PURPOSE_set(int * p,int purpose)160 int X509_PURPOSE_set(int *p, int purpose)
161 {
162 if (X509_PURPOSE_get_by_id(purpose) == -1) {
163 OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PURPOSE);
164 return 0;
165 }
166 *p = purpose;
167 return 1;
168 }
169
X509_PURPOSE_get_count(void)170 int X509_PURPOSE_get_count(void)
171 {
172 if (!xptable)
173 return X509_PURPOSE_COUNT;
174 return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
175 }
176
X509_PURPOSE_get0(int idx)177 X509_PURPOSE *X509_PURPOSE_get0(int idx)
178 {
179 if (idx < 0)
180 return NULL;
181 if (idx < (int)X509_PURPOSE_COUNT)
182 return xstandard + idx;
183 return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
184 }
185
X509_PURPOSE_get_by_sname(char * sname)186 int X509_PURPOSE_get_by_sname(char *sname)
187 {
188 int i;
189 X509_PURPOSE *xptmp;
190 for (i = 0; i < X509_PURPOSE_get_count(); i++) {
191 xptmp = X509_PURPOSE_get0(i);
192 if (!strcmp(xptmp->sname, sname))
193 return i;
194 }
195 return -1;
196 }
197
X509_PURPOSE_get_by_id(int purpose)198 int X509_PURPOSE_get_by_id(int purpose)
199 {
200 X509_PURPOSE tmp;
201 size_t idx;
202
203 if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
204 return purpose - X509_PURPOSE_MIN;
205 tmp.purpose = purpose;
206 if (!xptable)
207 return -1;
208
209 sk_X509_PURPOSE_sort(xptable);
210 if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp))
211 return -1;
212 return idx + X509_PURPOSE_COUNT;
213 }
214
X509_PURPOSE_add(int id,int trust,int flags,int (* ck)(const X509_PURPOSE *,const X509 *,int),char * name,char * sname,void * arg)215 int X509_PURPOSE_add(int id, int trust, int flags,
216 int (*ck) (const X509_PURPOSE *, const X509 *, int),
217 char *name, char *sname, void *arg)
218 {
219 int idx;
220 X509_PURPOSE *ptmp;
221 char *name_dup, *sname_dup;
222
223 /*
224 * This is set according to what we change: application can't set it
225 */
226 flags &= ~X509_PURPOSE_DYNAMIC;
227 /* This will always be set for application modified trust entries */
228 flags |= X509_PURPOSE_DYNAMIC_NAME;
229 /* Get existing entry if any */
230 idx = X509_PURPOSE_get_by_id(id);
231 /* Need a new entry */
232 if (idx == -1) {
233 if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
234 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
235 return 0;
236 }
237 ptmp->flags = X509_PURPOSE_DYNAMIC;
238 } else
239 ptmp = X509_PURPOSE_get0(idx);
240
241 /* Duplicate the supplied names. */
242 name_dup = OPENSSL_strdup(name);
243 sname_dup = OPENSSL_strdup(sname);
244 if (name_dup == NULL || sname_dup == NULL) {
245 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
246 if (name_dup != NULL)
247 OPENSSL_free(name_dup);
248 if (sname_dup != NULL)
249 OPENSSL_free(sname_dup);
250 if (idx == -1)
251 OPENSSL_free(ptmp);
252 return 0;
253 }
254
255 /* OPENSSL_free existing name if dynamic */
256 if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
257 OPENSSL_free(ptmp->name);
258 OPENSSL_free(ptmp->sname);
259 }
260 /* dup supplied name */
261 ptmp->name = name_dup;
262 ptmp->sname = sname_dup;
263 /* Keep the dynamic flag of existing entry */
264 ptmp->flags &= X509_PURPOSE_DYNAMIC;
265 /* Set all other flags */
266 ptmp->flags |= flags;
267
268 ptmp->purpose = id;
269 ptmp->trust = trust;
270 ptmp->check_purpose = ck;
271 ptmp->usr_data = arg;
272
273 /* If its a new entry manage the dynamic table */
274 if (idx == -1) {
275 if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
276 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
277 xptable_free(ptmp);
278 return 0;
279 }
280 if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
281 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
282 xptable_free(ptmp);
283 return 0;
284 }
285 }
286 return 1;
287 }
288
xptable_free(X509_PURPOSE * p)289 static void xptable_free(X509_PURPOSE *p)
290 {
291 if (!p)
292 return;
293 if (p->flags & X509_PURPOSE_DYNAMIC) {
294 if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
295 OPENSSL_free(p->name);
296 OPENSSL_free(p->sname);
297 }
298 OPENSSL_free(p);
299 }
300 }
301
X509_PURPOSE_cleanup(void)302 void X509_PURPOSE_cleanup(void)
303 {
304 unsigned int i;
305 sk_X509_PURPOSE_pop_free(xptable, xptable_free);
306 for (i = 0; i < X509_PURPOSE_COUNT; i++)
307 xptable_free(xstandard + i);
308 xptable = NULL;
309 }
310
X509_PURPOSE_get_id(const X509_PURPOSE * xp)311 int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
312 {
313 return xp->purpose;
314 }
315
X509_PURPOSE_get0_name(const X509_PURPOSE * xp)316 char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
317 {
318 return xp->name;
319 }
320
X509_PURPOSE_get0_sname(const X509_PURPOSE * xp)321 char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
322 {
323 return xp->sname;
324 }
325
X509_PURPOSE_get_trust(const X509_PURPOSE * xp)326 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
327 {
328 return xp->trust;
329 }
330
nid_cmp(const void * void_a,const void * void_b)331 static int nid_cmp(const void *void_a, const void *void_b)
332 {
333 const int *a = void_a, *b = void_b;
334
335 return *a - *b;
336 }
337
X509_supported_extension(X509_EXTENSION * ex)338 int X509_supported_extension(X509_EXTENSION *ex)
339 {
340 /*
341 * This table is a list of the NIDs of supported extensions: that is
342 * those which are used by the verify process. If an extension is
343 * critical and doesn't appear in this list then the verify process will
344 * normally reject the certificate. The list must be kept in numerical
345 * order because it will be searched using bsearch.
346 */
347
348 static const int supported_nids[] = {
349 NID_netscape_cert_type, /* 71 */
350 NID_key_usage, /* 83 */
351 NID_subject_alt_name, /* 85 */
352 NID_basic_constraints, /* 87 */
353 NID_certificate_policies, /* 89 */
354 NID_ext_key_usage, /* 126 */
355 NID_policy_constraints, /* 401 */
356 NID_proxyCertInfo, /* 663 */
357 NID_name_constraints, /* 666 */
358 NID_policy_mappings, /* 747 */
359 NID_inhibit_any_policy /* 748 */
360 };
361
362 int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
363
364 if (ex_nid == NID_undef)
365 return 0;
366
367 if (bsearch
368 (&ex_nid, supported_nids, sizeof(supported_nids) / sizeof(int),
369 sizeof(int), nid_cmp) != NULL)
370 return 1;
371 return 0;
372 }
373
setup_dp(X509 * x,DIST_POINT * dp)374 static int setup_dp(X509 *x, DIST_POINT *dp)
375 {
376 X509_NAME *iname = NULL;
377 size_t i;
378 if (dp->reasons) {
379 if (dp->reasons->length > 0)
380 dp->dp_reasons = dp->reasons->data[0];
381 if (dp->reasons->length > 1)
382 dp->dp_reasons |= (dp->reasons->data[1] << 8);
383 dp->dp_reasons &= CRLDP_ALL_REASONS;
384 } else
385 dp->dp_reasons = CRLDP_ALL_REASONS;
386 if (!dp->distpoint || (dp->distpoint->type != 1))
387 return 1;
388 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
389 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
390 if (gen->type == GEN_DIRNAME) {
391 iname = gen->d.directoryName;
392 break;
393 }
394 }
395 if (!iname)
396 iname = X509_get_issuer_name(x);
397
398 return DIST_POINT_set_dpname(dp->distpoint, iname);
399 }
400
setup_crldp(X509 * x)401 static int setup_crldp(X509 *x)
402 {
403 int j;
404 x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL);
405 if (x->crldp == NULL && j != -1) {
406 return 0;
407 }
408 for (size_t i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
409 if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i))) {
410 return 0;
411 }
412 }
413 return 1;
414 }
415
x509v3_cache_extensions(X509 * x)416 int x509v3_cache_extensions(X509 *x)
417 {
418 BASIC_CONSTRAINTS *bs;
419 PROXY_CERT_INFO_EXTENSION *pci;
420 ASN1_BIT_STRING *usage;
421 ASN1_BIT_STRING *ns;
422 EXTENDED_KEY_USAGE *extusage;
423 X509_EXTENSION *ex;
424 size_t i;
425 int j;
426
427 CRYPTO_MUTEX_lock_read(&x->lock);
428 const int is_set = x->ex_flags & EXFLAG_SET;
429 CRYPTO_MUTEX_unlock_read(&x->lock);
430
431 if (is_set) {
432 return (x->ex_flags & EXFLAG_INVALID) == 0;
433 }
434
435 CRYPTO_MUTEX_lock_write(&x->lock);
436 if (x->ex_flags & EXFLAG_SET) {
437 CRYPTO_MUTEX_unlock_write(&x->lock);
438 return (x->ex_flags & EXFLAG_INVALID) == 0;
439 }
440
441 if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
442 x->ex_flags |= EXFLAG_INVALID;
443 /* V1 should mean no extensions ... */
444 if (X509_get_version(x) == X509_VERSION_1)
445 x->ex_flags |= EXFLAG_V1;
446 /* Handle basic constraints */
447 if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) {
448 if (bs->ca)
449 x->ex_flags |= EXFLAG_CA;
450 if (bs->pathlen) {
451 if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
452 || !bs->ca) {
453 x->ex_flags |= EXFLAG_INVALID;
454 x->ex_pathlen = 0;
455 } else {
456 /* TODO(davidben): |ASN1_INTEGER_get| returns -1 on overflow,
457 * which currently acts as if the constraint isn't present. This
458 * works (an overflowing path length constraint may as well be
459 * infinity), but Chromium's verifier simply treats values above
460 * 255 as an error. */
461 x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
462 }
463 } else
464 x->ex_pathlen = -1;
465 BASIC_CONSTRAINTS_free(bs);
466 x->ex_flags |= EXFLAG_BCONS;
467 } else if (j != -1) {
468 x->ex_flags |= EXFLAG_INVALID;
469 }
470 /* Handle proxy certificates */
471 if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &j, NULL))) {
472 if (x->ex_flags & EXFLAG_CA
473 || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
474 || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
475 x->ex_flags |= EXFLAG_INVALID;
476 }
477 if (pci->pcPathLengthConstraint) {
478 x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
479 } else
480 x->ex_pcpathlen = -1;
481 PROXY_CERT_INFO_EXTENSION_free(pci);
482 x->ex_flags |= EXFLAG_PROXY;
483 } else if (j != -1) {
484 x->ex_flags |= EXFLAG_INVALID;
485 }
486 /* Handle key usage */
487 if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) {
488 if (usage->length > 0) {
489 x->ex_kusage = usage->data[0];
490 if (usage->length > 1)
491 x->ex_kusage |= usage->data[1] << 8;
492 } else
493 x->ex_kusage = 0;
494 x->ex_flags |= EXFLAG_KUSAGE;
495 ASN1_BIT_STRING_free(usage);
496 } else if (j != -1) {
497 x->ex_flags |= EXFLAG_INVALID;
498 }
499 x->ex_xkusage = 0;
500 if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) {
501 x->ex_flags |= EXFLAG_XKUSAGE;
502 for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
503 switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
504 case NID_server_auth:
505 x->ex_xkusage |= XKU_SSL_SERVER;
506 break;
507
508 case NID_client_auth:
509 x->ex_xkusage |= XKU_SSL_CLIENT;
510 break;
511
512 case NID_email_protect:
513 x->ex_xkusage |= XKU_SMIME;
514 break;
515
516 case NID_code_sign:
517 x->ex_xkusage |= XKU_CODE_SIGN;
518 break;
519
520 case NID_ms_sgc:
521 case NID_ns_sgc:
522 x->ex_xkusage |= XKU_SGC;
523 break;
524
525 case NID_OCSP_sign:
526 x->ex_xkusage |= XKU_OCSP_SIGN;
527 break;
528
529 case NID_time_stamp:
530 x->ex_xkusage |= XKU_TIMESTAMP;
531 break;
532
533 case NID_dvcs:
534 x->ex_xkusage |= XKU_DVCS;
535 break;
536
537 case NID_anyExtendedKeyUsage:
538 x->ex_xkusage |= XKU_ANYEKU;
539 break;
540 }
541 }
542 sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
543 } else if (j != -1) {
544 x->ex_flags |= EXFLAG_INVALID;
545 }
546
547 if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) {
548 if (ns->length > 0)
549 x->ex_nscert = ns->data[0];
550 else
551 x->ex_nscert = 0;
552 x->ex_flags |= EXFLAG_NSCERT;
553 ASN1_BIT_STRING_free(ns);
554 } else if (j != -1) {
555 x->ex_flags |= EXFLAG_INVALID;
556 }
557 x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL);
558 if (x->skid == NULL && j != -1) {
559 x->ex_flags |= EXFLAG_INVALID;
560 }
561 x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL);
562 if (x->akid == NULL && j != -1) {
563 x->ex_flags |= EXFLAG_INVALID;
564 }
565 /* Does subject name match issuer ? */
566 if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
567 x->ex_flags |= EXFLAG_SI;
568 /* If SKID matches AKID also indicate self signed */
569 if (X509_check_akid(x, x->akid) == X509_V_OK &&
570 !ku_reject(x, KU_KEY_CERT_SIGN))
571 x->ex_flags |= EXFLAG_SS;
572 }
573 x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL);
574 if (x->altname == NULL && j != -1) {
575 x->ex_flags |= EXFLAG_INVALID;
576 }
577 x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL);
578 if (x->nc == NULL && j != -1) {
579 x->ex_flags |= EXFLAG_INVALID;
580 }
581 if (!setup_crldp(x)) {
582 x->ex_flags |= EXFLAG_INVALID;
583 }
584
585 for (j = 0; j < X509_get_ext_count(x); j++) {
586 ex = X509_get_ext(x, j);
587 if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
588 == NID_freshest_crl)
589 x->ex_flags |= EXFLAG_FRESHEST;
590 if (!X509_EXTENSION_get_critical(ex))
591 continue;
592 if (!X509_supported_extension(ex)) {
593 x->ex_flags |= EXFLAG_CRITICAL;
594 break;
595 }
596 }
597 x->ex_flags |= EXFLAG_SET;
598
599 CRYPTO_MUTEX_unlock_write(&x->lock);
600 return (x->ex_flags & EXFLAG_INVALID) == 0;
601 }
602
603 /* check_ca returns one if |x| should be considered a CA certificate and zero
604 * otherwise. */
check_ca(const X509 * x)605 static int check_ca(const X509 *x)
606 {
607 /* keyUsage if present should allow cert signing */
608 if (ku_reject(x, KU_KEY_CERT_SIGN))
609 return 0;
610 /* Version 1 certificates are considered CAs and don't have extensions. */
611 if ((x->ex_flags & V1_ROOT) == V1_ROOT) {
612 return 1;
613 }
614 /* Otherwise, it's only a CA if basicConstraints says so. */
615 return ((x->ex_flags & EXFLAG_BCONS) &&
616 (x->ex_flags & EXFLAG_CA));
617 }
618
X509_check_ca(X509 * x)619 int X509_check_ca(X509 *x)
620 {
621 if (!x509v3_cache_extensions(x)) {
622 return 0;
623 }
624 return check_ca(x);
625 }
626
check_purpose_ssl_client(const X509_PURPOSE * xp,const X509 * x,int ca)627 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
628 int ca)
629 {
630 if (xku_reject(x, XKU_SSL_CLIENT))
631 return 0;
632 if (ca)
633 return check_ca(x);
634 /* We need to do digital signatures or key agreement */
635 if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
636 return 0;
637 /* nsCertType if present should allow SSL client use */
638 if (ns_reject(x, NS_SSL_CLIENT))
639 return 0;
640 return 1;
641 }
642
643 /*
644 * Key usage needed for TLS/SSL server: digital signature, encipherment or
645 * key agreement. The ssl code can check this more thoroughly for individual
646 * key types.
647 */
648 #define KU_TLS \
649 (KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT)
650
check_purpose_ssl_server(const X509_PURPOSE * xp,const X509 * x,int ca)651 static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
652 int ca)
653 {
654 if (xku_reject(x, XKU_SSL_SERVER))
655 return 0;
656 if (ca)
657 return check_ca(x);
658
659 if (ns_reject(x, NS_SSL_SERVER))
660 return 0;
661 if (ku_reject(x, KU_TLS))
662 return 0;
663
664 return 1;
665
666 }
667
check_purpose_ns_ssl_server(const X509_PURPOSE * xp,const X509 * x,int ca)668 static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
669 int ca)
670 {
671 int ret;
672 ret = check_purpose_ssl_server(xp, x, ca);
673 if (!ret || ca)
674 return ret;
675 /* We need to encipher or Netscape complains */
676 if (ku_reject(x, KU_KEY_ENCIPHERMENT))
677 return 0;
678 return ret;
679 }
680
681 /* purpose_smime returns one if |x| is a valid S/MIME leaf (|ca| is zero) or CA
682 * (|ca| is one) certificate, and zero otherwise. */
purpose_smime(const X509 * x,int ca)683 static int purpose_smime(const X509 *x, int ca)
684 {
685 if (xku_reject(x, XKU_SMIME))
686 return 0;
687 if (ca) {
688 /* check nsCertType if present */
689 if ((x->ex_flags & EXFLAG_NSCERT) &&
690 (x->ex_nscert & NS_SMIME_CA) == 0) {
691 return 0;
692 }
693
694 return check_ca(x);
695 }
696 if (x->ex_flags & EXFLAG_NSCERT) {
697 return (x->ex_nscert & NS_SMIME) == NS_SMIME;
698 }
699 return 1;
700 }
701
check_purpose_smime_sign(const X509_PURPOSE * xp,const X509 * x,int ca)702 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
703 int ca)
704 {
705 int ret;
706 ret = purpose_smime(x, ca);
707 if (!ret || ca)
708 return ret;
709 if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
710 return 0;
711 return ret;
712 }
713
check_purpose_smime_encrypt(const X509_PURPOSE * xp,const X509 * x,int ca)714 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
715 int ca)
716 {
717 int ret;
718 ret = purpose_smime(x, ca);
719 if (!ret || ca)
720 return ret;
721 if (ku_reject(x, KU_KEY_ENCIPHERMENT))
722 return 0;
723 return ret;
724 }
725
check_purpose_crl_sign(const X509_PURPOSE * xp,const X509 * x,int ca)726 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
727 int ca)
728 {
729 if (ca) {
730 return check_ca(x);
731 }
732 if (ku_reject(x, KU_CRL_SIGN))
733 return 0;
734 return 1;
735 }
736
737 /*
738 * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
739 * is valid. Additional checks must be made on the chain.
740 */
741
ocsp_helper(const X509_PURPOSE * xp,const X509 * x,int ca)742 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
743 {
744 if (ca)
745 return check_ca(x);
746 /* leaf certificate is checked in OCSP_verify() */
747 return 1;
748 }
749
check_purpose_timestamp_sign(const X509_PURPOSE * xp,const X509 * x,int ca)750 static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
751 int ca)
752 {
753 int i_ext;
754
755 /* If ca is true we must return if this is a valid CA certificate. */
756 if (ca)
757 return check_ca(x);
758
759 /*
760 * Check the optional key usage field:
761 * if Key Usage is present, it must be one of digitalSignature
762 * and/or nonRepudiation (other values are not consistent and shall
763 * be rejected).
764 */
765 if ((x->ex_flags & EXFLAG_KUSAGE)
766 && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
767 !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
768 return 0;
769
770 /* Only time stamp key usage is permitted and it's required. */
771 if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
772 return 0;
773
774 /* Extended Key Usage MUST be critical */
775 i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
776 if (i_ext >= 0) {
777 X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
778 if (!X509_EXTENSION_get_critical(ext))
779 return 0;
780 }
781
782 return 1;
783 }
784
no_check(const X509_PURPOSE * xp,const X509 * x,int ca)785 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
786 {
787 return 1;
788 }
789
790 /*
791 * Various checks to see if one certificate issued the second. This can be
792 * used to prune a set of possible issuer certificates which have been looked
793 * up using some simple method such as by subject name. These are: 1. Check
794 * issuer_name(subject) == subject_name(issuer) 2. If akid(subject) exists
795 * check it matches issuer 3. If key_usage(issuer) exists check it supports
796 * certificate signing returns 0 for OK, positive for reason for mismatch,
797 * reasons match codes for X509_verify_cert()
798 */
799
X509_check_issued(X509 * issuer,X509 * subject)800 int X509_check_issued(X509 *issuer, X509 *subject)
801 {
802 if (X509_NAME_cmp(X509_get_subject_name(issuer),
803 X509_get_issuer_name(subject)))
804 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
805 if (!x509v3_cache_extensions(issuer) ||
806 !x509v3_cache_extensions(subject)) {
807 return X509_V_ERR_UNSPECIFIED;
808 }
809
810 if (subject->akid) {
811 int ret = X509_check_akid(issuer, subject->akid);
812 if (ret != X509_V_OK)
813 return ret;
814 }
815
816 if (subject->ex_flags & EXFLAG_PROXY) {
817 if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
818 return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
819 } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
820 return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
821 return X509_V_OK;
822 }
823
X509_check_akid(X509 * issuer,AUTHORITY_KEYID * akid)824 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
825 {
826
827 if (!akid)
828 return X509_V_OK;
829
830 /* Check key ids (if present) */
831 if (akid->keyid && issuer->skid &&
832 ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
833 return X509_V_ERR_AKID_SKID_MISMATCH;
834 /* Check serial number */
835 if (akid->serial &&
836 ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
837 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
838 /* Check issuer name */
839 if (akid->issuer) {
840 /*
841 * Ugh, for some peculiar reason AKID includes SEQUENCE OF
842 * GeneralName. So look for a DirName. There may be more than one but
843 * we only take any notice of the first.
844 */
845 GENERAL_NAMES *gens;
846 GENERAL_NAME *gen;
847 X509_NAME *nm = NULL;
848 size_t i;
849 gens = akid->issuer;
850 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
851 gen = sk_GENERAL_NAME_value(gens, i);
852 if (gen->type == GEN_DIRNAME) {
853 nm = gen->d.dirn;
854 break;
855 }
856 }
857 if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
858 return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
859 }
860 return X509_V_OK;
861 }
862
X509_get_extension_flags(X509 * x)863 uint32_t X509_get_extension_flags(X509 *x)
864 {
865 /* Ignore the return value. On failure, |x->ex_flags| will include
866 * |EXFLAG_INVALID|. */
867 x509v3_cache_extensions(x);
868 return x->ex_flags;
869 }
870
X509_get_key_usage(X509 * x)871 uint32_t X509_get_key_usage(X509 *x)
872 {
873 if (!x509v3_cache_extensions(x)) {
874 return 0;
875 }
876 if (x->ex_flags & EXFLAG_KUSAGE)
877 return x->ex_kusage;
878 return UINT32_MAX;
879 }
880
X509_get_extended_key_usage(X509 * x)881 uint32_t X509_get_extended_key_usage(X509 *x)
882 {
883 if (!x509v3_cache_extensions(x)) {
884 return 0;
885 }
886 if (x->ex_flags & EXFLAG_XKUSAGE)
887 return x->ex_xkusage;
888 return UINT32_MAX;
889 }
890
X509_get0_subject_key_id(X509 * x509)891 const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509)
892 {
893 if (!x509v3_cache_extensions(x509)) {
894 return NULL;
895 }
896 return x509->skid;
897 }
898
X509_get0_authority_key_id(X509 * x509)899 const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509)
900 {
901 if (!x509v3_cache_extensions(x509)) {
902 return NULL;
903 }
904 return x509->akid != NULL ? x509->akid->keyid : NULL;
905 }
906
X509_get0_authority_issuer(X509 * x509)907 const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509)
908 {
909 if (!x509v3_cache_extensions(x509)) {
910 return NULL;
911 }
912 return x509->akid != NULL ? x509->akid->issuer : NULL;
913 }
914
X509_get0_authority_serial(X509 * x509)915 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509)
916 {
917 if (!x509v3_cache_extensions(x509)) {
918 return NULL;
919 }
920 return x509->akid != NULL ? x509->akid->serial : NULL;
921 }
922
X509_get_pathlen(X509 * x509)923 long X509_get_pathlen(X509 *x509)
924 {
925 if (!x509v3_cache_extensions(x509) ||
926 (x509->ex_flags & EXFLAG_BCONS) == 0) {
927 return -1;
928 }
929 return x509->ex_pathlen;
930 }
931