1 |
|
|
/* $OpenBSD: x509_vfy.c,v 1.49 2016/03/11 07:08:45 mmcc Exp $ */ |
2 |
|
|
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 |
|
|
* All rights reserved. |
4 |
|
|
* |
5 |
|
|
* This package is an SSL implementation written |
6 |
|
|
* by Eric Young (eay@cryptsoft.com). |
7 |
|
|
* The implementation was written so as to conform with Netscapes SSL. |
8 |
|
|
* |
9 |
|
|
* This library is free for commercial and non-commercial use as long as |
10 |
|
|
* the following conditions are aheared to. The following conditions |
11 |
|
|
* apply to all code found in this distribution, be it the RC4, RSA, |
12 |
|
|
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
13 |
|
|
* included with this distribution is covered by the same copyright terms |
14 |
|
|
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
15 |
|
|
* |
16 |
|
|
* Copyright remains Eric Young's, and as such any Copyright notices in |
17 |
|
|
* the code are not to be removed. |
18 |
|
|
* If this package is used in a product, Eric Young should be given attribution |
19 |
|
|
* as the author of the parts of the library used. |
20 |
|
|
* This can be in the form of a textual message at program startup or |
21 |
|
|
* in documentation (online or textual) provided with the package. |
22 |
|
|
* |
23 |
|
|
* Redistribution and use in source and binary forms, with or without |
24 |
|
|
* modification, are permitted provided that the following conditions |
25 |
|
|
* are met: |
26 |
|
|
* 1. Redistributions of source code must retain the copyright |
27 |
|
|
* notice, this list of conditions and the following disclaimer. |
28 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
29 |
|
|
* notice, this list of conditions and the following disclaimer in the |
30 |
|
|
* documentation and/or other materials provided with the distribution. |
31 |
|
|
* 3. All advertising materials mentioning features or use of this software |
32 |
|
|
* must display the following acknowledgement: |
33 |
|
|
* "This product includes cryptographic software written by |
34 |
|
|
* Eric Young (eay@cryptsoft.com)" |
35 |
|
|
* The word 'cryptographic' can be left out if the rouines from the library |
36 |
|
|
* being used are not cryptographic related :-). |
37 |
|
|
* 4. If you include any Windows specific code (or a derivative thereof) from |
38 |
|
|
* the apps directory (application code) you must include an acknowledgement: |
39 |
|
|
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
40 |
|
|
* |
41 |
|
|
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 |
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
43 |
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
44 |
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
45 |
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
46 |
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
47 |
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
48 |
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
49 |
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 |
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 |
|
|
* SUCH DAMAGE. |
52 |
|
|
* |
53 |
|
|
* The licence and distribution terms for any publically available version or |
54 |
|
|
* derivative of this code cannot be changed. i.e. this code cannot simply be |
55 |
|
|
* copied and put under another distribution licence |
56 |
|
|
* [including the GNU Public Licence.] |
57 |
|
|
*/ |
58 |
|
|
|
59 |
|
|
#include <errno.h> |
60 |
|
|
#include <stdio.h> |
61 |
|
|
#include <string.h> |
62 |
|
|
#include <time.h> |
63 |
|
|
#include <unistd.h> |
64 |
|
|
|
65 |
|
|
#include <openssl/opensslconf.h> |
66 |
|
|
|
67 |
|
|
#include <openssl/asn1.h> |
68 |
|
|
#include <openssl/buffer.h> |
69 |
|
|
#include <openssl/crypto.h> |
70 |
|
|
#include <openssl/err.h> |
71 |
|
|
#include <openssl/evp.h> |
72 |
|
|
#include <openssl/lhash.h> |
73 |
|
|
#include <openssl/objects.h> |
74 |
|
|
#include <openssl/x509.h> |
75 |
|
|
#include <openssl/x509v3.h> |
76 |
|
|
#include "x509_lcl.h" |
77 |
|
|
|
78 |
|
|
/* CRL score values */ |
79 |
|
|
|
80 |
|
|
/* No unhandled critical extensions */ |
81 |
|
|
|
82 |
|
|
#define CRL_SCORE_NOCRITICAL 0x100 |
83 |
|
|
|
84 |
|
|
/* certificate is within CRL scope */ |
85 |
|
|
|
86 |
|
|
#define CRL_SCORE_SCOPE 0x080 |
87 |
|
|
|
88 |
|
|
/* CRL times valid */ |
89 |
|
|
|
90 |
|
|
#define CRL_SCORE_TIME 0x040 |
91 |
|
|
|
92 |
|
|
/* Issuer name matches certificate */ |
93 |
|
|
|
94 |
|
|
#define CRL_SCORE_ISSUER_NAME 0x020 |
95 |
|
|
|
96 |
|
|
/* If this score or above CRL is probably valid */ |
97 |
|
|
|
98 |
|
|
#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) |
99 |
|
|
|
100 |
|
|
/* CRL issuer is certificate issuer */ |
101 |
|
|
|
102 |
|
|
#define CRL_SCORE_ISSUER_CERT 0x018 |
103 |
|
|
|
104 |
|
|
/* CRL issuer is on certificate path */ |
105 |
|
|
|
106 |
|
|
#define CRL_SCORE_SAME_PATH 0x008 |
107 |
|
|
|
108 |
|
|
/* CRL issuer matches CRL AKID */ |
109 |
|
|
|
110 |
|
|
#define CRL_SCORE_AKID 0x004 |
111 |
|
|
|
112 |
|
|
/* Have a delta CRL with valid times */ |
113 |
|
|
|
114 |
|
|
#define CRL_SCORE_TIME_DELTA 0x002 |
115 |
|
|
|
116 |
|
|
static int null_callback(int ok, X509_STORE_CTX *e); |
117 |
|
|
static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); |
118 |
|
|
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); |
119 |
|
|
static int check_chain_extensions(X509_STORE_CTX *ctx); |
120 |
|
|
static int check_name_constraints(X509_STORE_CTX *ctx); |
121 |
|
|
static int check_trust(X509_STORE_CTX *ctx); |
122 |
|
|
static int check_revocation(X509_STORE_CTX *ctx); |
123 |
|
|
static int check_cert(X509_STORE_CTX *ctx); |
124 |
|
|
static int check_policy(X509_STORE_CTX *ctx); |
125 |
|
|
|
126 |
|
|
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, |
127 |
|
|
unsigned int *preasons, X509_CRL *crl, X509 *x); |
128 |
|
|
static int get_crl_delta(X509_STORE_CTX *ctx, |
129 |
|
|
X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); |
130 |
|
|
static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, |
131 |
|
|
X509_CRL *base, STACK_OF(X509_CRL) *crls); |
132 |
|
|
static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, |
133 |
|
|
int *pcrl_score); |
134 |
|
|
static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, |
135 |
|
|
unsigned int *preasons); |
136 |
|
|
static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); |
137 |
|
|
static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, |
138 |
|
|
STACK_OF(X509) *crl_path); |
139 |
|
|
|
140 |
|
|
static int internal_verify(X509_STORE_CTX *ctx); |
141 |
|
|
|
142 |
|
|
static int |
143 |
|
|
null_callback(int ok, X509_STORE_CTX *e) |
144 |
|
11 |
{ |
145 |
|
11 |
return ok; |
146 |
|
|
} |
147 |
|
|
|
148 |
|
|
#if 0 |
149 |
|
|
static int |
150 |
|
|
x509_subject_cmp(X509 **a, X509 **b) |
151 |
|
|
{ |
152 |
|
|
return X509_subject_name_cmp(*a, *b); |
153 |
|
|
} |
154 |
|
|
#endif |
155 |
|
|
|
156 |
|
|
int |
157 |
|
|
X509_verify_cert(X509_STORE_CTX *ctx) |
158 |
|
6 |
{ |
159 |
|
6 |
X509 *x, *xtmp, *chain_ss = NULL; |
160 |
|
6 |
int bad_chain = 0; |
161 |
|
6 |
X509_VERIFY_PARAM *param = ctx->param; |
162 |
|
6 |
int depth, i, ok = 0; |
163 |
|
|
int num; |
164 |
|
|
int (*cb)(int xok, X509_STORE_CTX *xctx); |
165 |
|
6 |
STACK_OF(X509) *sktmp = NULL; |
166 |
|
|
|
167 |
✗✓ |
6 |
if (ctx->cert == NULL) { |
168 |
|
|
X509err(X509_F_X509_VERIFY_CERT, |
169 |
|
|
X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); |
170 |
|
|
return -1; |
171 |
|
|
} |
172 |
|
|
|
173 |
|
6 |
cb = ctx->verify_cb; |
174 |
|
|
|
175 |
|
|
/* first we make sure the chain we are going to build is |
176 |
|
|
* present and that the first entry is in place */ |
177 |
✓✗ |
6 |
if (ctx->chain == NULL) { |
178 |
✓✗✗✓
|
6 |
if (((ctx->chain = sk_X509_new_null()) == NULL) || |
179 |
|
|
(!sk_X509_push(ctx->chain, ctx->cert))) { |
180 |
|
|
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); |
181 |
|
|
goto end; |
182 |
|
|
} |
183 |
|
6 |
CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); |
184 |
|
6 |
ctx->last_untrusted = 1; |
185 |
|
|
} |
186 |
|
|
|
187 |
|
|
/* We use a temporary STACK so we can chop and hack at it */ |
188 |
✓✓✗✓
|
6 |
if (ctx->untrusted != NULL && |
189 |
|
|
(sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { |
190 |
|
|
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); |
191 |
|
|
goto end; |
192 |
|
|
} |
193 |
|
|
|
194 |
|
6 |
num = sk_X509_num(ctx->chain); |
195 |
|
6 |
x = sk_X509_value(ctx->chain, num - 1); |
196 |
|
6 |
depth = param->depth; |
197 |
|
|
|
198 |
|
|
for (;;) { |
199 |
|
|
/* If we have enough, we break */ |
200 |
✓✗ |
9 |
if (depth < num) |
201 |
|
|
break; /* FIXME: If this happens, we should take |
202 |
|
|
* note of it and, if appropriate, use the |
203 |
|
|
* X509_V_ERR_CERT_CHAIN_TOO_LONG error |
204 |
|
|
* code later. |
205 |
|
|
*/ |
206 |
|
|
|
207 |
|
|
/* If we are self signed, we break */ |
208 |
✗✓ |
9 |
if (ctx->check_issued(ctx, x, x)) |
209 |
|
|
break; |
210 |
|
|
|
211 |
|
|
/* If we were passed a cert chain, use it first */ |
212 |
✓✓ |
9 |
if (ctx->untrusted != NULL) { |
213 |
|
8 |
xtmp = find_issuer(ctx, sktmp, x); |
214 |
✓✓ |
8 |
if (xtmp != NULL) { |
215 |
✗✓ |
3 |
if (!sk_X509_push(ctx->chain, xtmp)) { |
216 |
|
|
X509err(X509_F_X509_VERIFY_CERT, |
217 |
|
|
ERR_R_MALLOC_FAILURE); |
218 |
|
|
goto end; |
219 |
|
|
} |
220 |
|
3 |
CRYPTO_add(&xtmp->references, 1, |
221 |
|
|
CRYPTO_LOCK_X509); |
222 |
|
3 |
(void)sk_X509_delete_ptr(sktmp, xtmp); |
223 |
|
3 |
ctx->last_untrusted++; |
224 |
|
3 |
x = xtmp; |
225 |
|
3 |
num++; |
226 |
|
|
/* reparse the full chain for |
227 |
|
|
* the next one */ |
228 |
|
3 |
continue; |
229 |
|
|
} |
230 |
|
|
} |
231 |
|
|
break; |
232 |
|
|
} |
233 |
|
6 |
sk_X509_free(sktmp); |
234 |
|
6 |
sktmp = NULL; |
235 |
|
|
|
236 |
|
|
/* at this point, chain should contain a list of untrusted |
237 |
|
|
* certificates. We now need to add at least one trusted one, |
238 |
|
|
* if possible, otherwise we complain. */ |
239 |
|
|
|
240 |
|
|
/* Examine last certificate in chain and see if it |
241 |
|
|
* is self signed. |
242 |
|
|
*/ |
243 |
|
|
|
244 |
|
6 |
i = sk_X509_num(ctx->chain); |
245 |
|
6 |
x = sk_X509_value(ctx->chain, i - 1); |
246 |
✗✓ |
6 |
if (ctx->check_issued(ctx, x, x)) { |
247 |
|
|
/* we have a self signed certificate */ |
248 |
|
|
if (sk_X509_num(ctx->chain) == 1) { |
249 |
|
|
/* We have a single self signed certificate: see if |
250 |
|
|
* we can find it in the store. We must have an exact |
251 |
|
|
* match to avoid possible impersonation. |
252 |
|
|
*/ |
253 |
|
|
ok = ctx->get_issuer(&xtmp, ctx, x); |
254 |
|
|
if ((ok <= 0) || X509_cmp(x, xtmp)) { |
255 |
|
|
ctx->error = |
256 |
|
|
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; |
257 |
|
|
ctx->current_cert = x; |
258 |
|
|
ctx->error_depth = i - 1; |
259 |
|
|
if (ok == 1) |
260 |
|
|
X509_free(xtmp); |
261 |
|
|
bad_chain = 1; |
262 |
|
|
ok = cb(0, ctx); |
263 |
|
|
if (!ok) |
264 |
|
|
goto end; |
265 |
|
|
} else { |
266 |
|
|
/* We have a match: replace certificate with store version |
267 |
|
|
* so we get any trust settings. |
268 |
|
|
*/ |
269 |
|
|
X509_free(x); |
270 |
|
|
x = xtmp; |
271 |
|
|
(void)sk_X509_set(ctx->chain, i - 1, x); |
272 |
|
|
ctx->last_untrusted = 0; |
273 |
|
|
} |
274 |
|
|
} else { |
275 |
|
|
/* extract and save self signed certificate for later use */ |
276 |
|
|
chain_ss = sk_X509_pop(ctx->chain); |
277 |
|
|
ctx->last_untrusted--; |
278 |
|
|
num--; |
279 |
|
|
x = sk_X509_value(ctx->chain, num - 1); |
280 |
|
|
} |
281 |
|
|
} |
282 |
|
|
|
283 |
|
|
/* We now lookup certs from the certificate store */ |
284 |
|
|
for (;;) { |
285 |
|
|
/* If we have enough, we break */ |
286 |
✓✗ |
10 |
if (depth < num) |
287 |
|
|
break; |
288 |
|
|
|
289 |
|
|
/* If we are self signed, we break */ |
290 |
✓✓ |
10 |
if (ctx->check_issued(ctx, x, x)) |
291 |
|
4 |
break; |
292 |
|
|
|
293 |
|
6 |
ok = ctx->get_issuer(&xtmp, ctx, x); |
294 |
✗✓ |
6 |
if (ok < 0) |
295 |
|
|
return ok; |
296 |
✓✓ |
6 |
if (ok == 0) |
297 |
|
2 |
break; |
298 |
|
|
|
299 |
|
4 |
x = xtmp; |
300 |
✗✓ |
4 |
if (!sk_X509_push(ctx->chain, x)) { |
301 |
|
|
X509_free(xtmp); |
302 |
|
|
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); |
303 |
|
|
return 0; |
304 |
|
|
} |
305 |
|
4 |
num++; |
306 |
|
4 |
} |
307 |
|
|
|
308 |
|
|
/* we now have our chain, lets check it... */ |
309 |
|
|
|
310 |
|
|
/* Is last certificate looked up self signed? */ |
311 |
✓✓ |
6 |
if (!ctx->check_issued(ctx, x, x)) { |
312 |
✗✓✗✗
|
4 |
if ((chain_ss == NULL) || |
313 |
|
|
!ctx->check_issued(ctx, x, chain_ss)) { |
314 |
✓✗ |
2 |
if (ctx->last_untrusted >= num) |
315 |
|
2 |
ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; |
316 |
|
|
else |
317 |
|
|
ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; |
318 |
|
2 |
ctx->current_cert = x; |
319 |
|
|
} else { |
320 |
|
|
|
321 |
|
|
if (!sk_X509_push(ctx->chain, chain_ss)) { |
322 |
|
|
X509_free(chain_ss); |
323 |
|
|
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); |
324 |
|
|
return 0; |
325 |
|
|
} |
326 |
|
|
num++; |
327 |
|
|
ctx->last_untrusted = num; |
328 |
|
|
ctx->current_cert = chain_ss; |
329 |
|
|
ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; |
330 |
|
|
chain_ss = NULL; |
331 |
|
|
} |
332 |
|
|
|
333 |
|
2 |
ctx->error_depth = num - 1; |
334 |
|
2 |
bad_chain = 1; |
335 |
|
2 |
ok = cb(0, ctx); |
336 |
✗✓ |
2 |
if (!ok) |
337 |
|
|
goto end; |
338 |
|
|
} |
339 |
|
|
|
340 |
|
|
/* We have the chain complete: now we need to check its purpose */ |
341 |
|
6 |
ok = check_chain_extensions(ctx); |
342 |
|
|
|
343 |
✗✓ |
6 |
if (!ok) |
344 |
|
|
goto end; |
345 |
|
|
|
346 |
|
|
/* Check name constraints */ |
347 |
|
|
|
348 |
|
6 |
ok = check_name_constraints(ctx); |
349 |
|
|
|
350 |
✗✓ |
6 |
if (!ok) |
351 |
|
|
goto end; |
352 |
|
|
|
353 |
|
|
/* The chain extensions are OK: check trust */ |
354 |
|
|
|
355 |
✓✗ |
6 |
if (param->trust > 0) |
356 |
|
6 |
ok = check_trust(ctx); |
357 |
|
|
|
358 |
✗✓ |
6 |
if (!ok) |
359 |
|
|
goto end; |
360 |
|
|
|
361 |
|
|
/* We may as well copy down any DSA parameters that are required */ |
362 |
|
6 |
X509_get_pubkey_parameters(NULL, ctx->chain); |
363 |
|
|
|
364 |
|
|
/* Check revocation status: we do this after copying parameters |
365 |
|
|
* because they may be needed for CRL signature verification. |
366 |
|
|
*/ |
367 |
|
|
|
368 |
|
6 |
ok = ctx->check_revocation(ctx); |
369 |
✗✓ |
6 |
if (!ok) |
370 |
|
|
goto end; |
371 |
|
|
|
372 |
|
|
/* At this point, we have a chain and need to verify it */ |
373 |
✓✗ |
6 |
if (ctx->verify != NULL) |
374 |
|
6 |
ok = ctx->verify(ctx); |
375 |
|
|
else |
376 |
|
|
ok = internal_verify(ctx); |
377 |
✗✓ |
6 |
if (!ok) |
378 |
|
|
goto end; |
379 |
|
|
|
380 |
|
|
/* If we get this far evaluate policies */ |
381 |
✓✓✗✓
|
6 |
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) |
382 |
|
|
ok = ctx->check_policy(ctx); |
383 |
✗✓ |
6 |
if (!ok) |
384 |
|
|
goto end; |
385 |
|
|
if (0) { |
386 |
|
|
end: |
387 |
|
|
X509_get_pubkey_parameters(NULL, ctx->chain); |
388 |
|
|
} |
389 |
✗✓ |
6 |
if (sktmp != NULL) |
390 |
|
|
sk_X509_free(sktmp); |
391 |
|
6 |
X509_free(chain_ss); |
392 |
|
6 |
return ok; |
393 |
|
|
} |
394 |
|
|
|
395 |
|
|
|
396 |
|
|
/* Given a STACK_OF(X509) find the issuer of cert (if any) |
397 |
|
|
*/ |
398 |
|
|
|
399 |
|
|
static X509 * |
400 |
|
|
find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) |
401 |
|
8 |
{ |
402 |
|
|
int i; |
403 |
|
8 |
X509 *issuer, *rv = NULL; |
404 |
|
|
|
405 |
✓✓ |
19 |
for (i = 0; i < sk_X509_num(sk); i++) { |
406 |
|
14 |
issuer = sk_X509_value(sk, i); |
407 |
✓✓ |
14 |
if (ctx->check_issued(ctx, x, issuer)) { |
408 |
|
3 |
rv = issuer; |
409 |
✓✗ |
3 |
if (x509_check_cert_time(ctx, rv, 1)) |
410 |
|
3 |
break; |
411 |
|
|
} |
412 |
|
|
} |
413 |
|
8 |
return rv; |
414 |
|
|
} |
415 |
|
|
|
416 |
|
|
/* Given a possible certificate and issuer check them */ |
417 |
|
|
|
418 |
|
|
static int |
419 |
|
|
check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) |
420 |
|
55 |
{ |
421 |
|
|
int ret; |
422 |
|
|
|
423 |
|
55 |
ret = X509_check_issued(issuer, x); |
424 |
✓✓ |
55 |
if (ret == X509_V_OK) |
425 |
|
19 |
return 1; |
426 |
|
|
/* If we haven't asked for issuer errors don't set ctx */ |
427 |
✓✗ |
36 |
if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) |
428 |
|
36 |
return 0; |
429 |
|
|
|
430 |
|
|
ctx->error = ret; |
431 |
|
|
ctx->current_cert = x; |
432 |
|
|
ctx->current_issuer = issuer; |
433 |
|
|
return ctx->verify_cb(0, ctx); |
434 |
|
|
} |
435 |
|
|
|
436 |
|
|
/* Alternative lookup method: look from a STACK stored in other_ctx */ |
437 |
|
|
|
438 |
|
|
static int |
439 |
|
|
get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) |
440 |
|
|
{ |
441 |
|
|
*issuer = find_issuer(ctx, ctx->other_ctx, x); |
442 |
|
|
if (*issuer) { |
443 |
|
|
CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); |
444 |
|
|
return 1; |
445 |
|
|
} else |
446 |
|
|
return 0; |
447 |
|
|
} |
448 |
|
|
|
449 |
|
|
/* Check a certificate chains extensions for consistency |
450 |
|
|
* with the supplied purpose |
451 |
|
|
*/ |
452 |
|
|
|
453 |
|
|
static int |
454 |
|
|
check_chain_extensions(X509_STORE_CTX *ctx) |
455 |
|
6 |
{ |
456 |
|
|
#ifdef OPENSSL_NO_CHAIN_VERIFY |
457 |
|
|
return 1; |
458 |
|
|
#else |
459 |
|
6 |
int i, ok = 0, must_be_ca, plen = 0; |
460 |
|
|
X509 *x; |
461 |
|
|
int (*cb)(int xok, X509_STORE_CTX *xctx); |
462 |
|
6 |
int proxy_path_length = 0; |
463 |
|
|
int purpose; |
464 |
|
|
int allow_proxy_certs; |
465 |
|
|
|
466 |
|
6 |
cb = ctx->verify_cb; |
467 |
|
|
|
468 |
|
|
/* must_be_ca can have 1 of 3 values: |
469 |
|
|
-1: we accept both CA and non-CA certificates, to allow direct |
470 |
|
|
use of self-signed certificates (which are marked as CA). |
471 |
|
|
0: we only accept non-CA certificates. This is currently not |
472 |
|
|
used, but the possibility is present for future extensions. |
473 |
|
|
1: we only accept CA certificates. This is currently used for |
474 |
|
|
all certificates in the chain except the leaf certificate. |
475 |
|
|
*/ |
476 |
|
6 |
must_be_ca = -1; |
477 |
|
|
|
478 |
|
|
/* CRL path validation */ |
479 |
✗✓ |
6 |
if (ctx->parent) { |
480 |
|
|
allow_proxy_certs = 0; |
481 |
|
|
purpose = X509_PURPOSE_CRL_SIGN; |
482 |
|
|
} else { |
483 |
|
6 |
allow_proxy_certs = |
484 |
|
|
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); |
485 |
|
6 |
purpose = ctx->param->purpose; |
486 |
|
|
} |
487 |
|
|
|
488 |
|
|
/* Check all untrusted certificates */ |
489 |
✓✓ |
15 |
for (i = 0; i < ctx->last_untrusted; i++) { |
490 |
|
|
int ret; |
491 |
|
9 |
x = sk_X509_value(ctx->chain, i); |
492 |
✓✗✗✓
|
9 |
if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && |
493 |
|
|
(x->ex_flags & EXFLAG_CRITICAL)) { |
494 |
|
|
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; |
495 |
|
|
ctx->error_depth = i; |
496 |
|
|
ctx->current_cert = x; |
497 |
|
|
ok = cb(0, ctx); |
498 |
|
|
if (!ok) |
499 |
|
|
goto end; |
500 |
|
|
} |
501 |
✓✗✗✓
|
9 |
if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { |
502 |
|
|
ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; |
503 |
|
|
ctx->error_depth = i; |
504 |
|
|
ctx->current_cert = x; |
505 |
|
|
ok = cb(0, ctx); |
506 |
|
|
if (!ok) |
507 |
|
|
goto end; |
508 |
|
|
} |
509 |
|
9 |
ret = X509_check_ca(x); |
510 |
✓✗✓ |
9 |
switch (must_be_ca) { |
511 |
|
|
case -1: |
512 |
✗✓✗✗
|
6 |
if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && |
513 |
|
|
(ret != 1) && (ret != 0)) { |
514 |
|
|
ret = 0; |
515 |
|
|
ctx->error = X509_V_ERR_INVALID_CA; |
516 |
|
|
} else |
517 |
|
6 |
ret = 1; |
518 |
|
|
break; |
519 |
|
|
case 0: |
520 |
|
|
if (ret != 0) { |
521 |
|
|
ret = 0; |
522 |
|
|
ctx->error = X509_V_ERR_INVALID_NON_CA; |
523 |
|
|
} else |
524 |
|
|
ret = 1; |
525 |
|
|
break; |
526 |
|
|
default: |
527 |
✓✗✗✓
|
3 |
if ((ret == 0) || |
528 |
|
|
((ctx->param->flags & X509_V_FLAG_X509_STRICT) && |
529 |
|
|
(ret != 1))) { |
530 |
|
|
ret = 0; |
531 |
|
|
ctx->error = X509_V_ERR_INVALID_CA; |
532 |
|
|
} else |
533 |
|
3 |
ret = 1; |
534 |
|
|
break; |
535 |
|
|
} |
536 |
✗✓ |
9 |
if (ret == 0) { |
537 |
|
|
ctx->error_depth = i; |
538 |
|
|
ctx->current_cert = x; |
539 |
|
|
ok = cb(0, ctx); |
540 |
|
|
if (!ok) |
541 |
|
|
goto end; |
542 |
|
|
} |
543 |
✓✗ |
9 |
if (ctx->param->purpose > 0) { |
544 |
|
9 |
ret = X509_check_purpose(x, purpose, must_be_ca > 0); |
545 |
✓✗✗✓
|
9 |
if ((ret == 0) || |
546 |
|
|
((ctx->param->flags & X509_V_FLAG_X509_STRICT) && |
547 |
|
|
(ret != 1))) { |
548 |
|
|
ctx->error = X509_V_ERR_INVALID_PURPOSE; |
549 |
|
|
ctx->error_depth = i; |
550 |
|
|
ctx->current_cert = x; |
551 |
|
|
ok = cb(0, ctx); |
552 |
|
|
if (!ok) |
553 |
|
|
goto end; |
554 |
|
|
} |
555 |
|
|
} |
556 |
|
|
/* Check pathlen if not self issued */ |
557 |
✗✓✗✗
✗✗✗✗
|
9 |
if ((i > 1) && !(x->ex_flags & EXFLAG_SI) && |
558 |
|
|
(x->ex_pathlen != -1) && |
559 |
|
|
(plen > (x->ex_pathlen + proxy_path_length + 1))) { |
560 |
|
|
ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; |
561 |
|
|
ctx->error_depth = i; |
562 |
|
|
ctx->current_cert = x; |
563 |
|
|
ok = cb(0, ctx); |
564 |
|
|
if (!ok) |
565 |
|
|
goto end; |
566 |
|
|
} |
567 |
|
|
/* Increment path length if not self issued */ |
568 |
✓✗ |
9 |
if (!(x->ex_flags & EXFLAG_SI)) |
569 |
|
9 |
plen++; |
570 |
|
|
/* If this certificate is a proxy certificate, the next |
571 |
|
|
certificate must be another proxy certificate or a EE |
572 |
|
|
certificate. If not, the next certificate must be a |
573 |
|
|
CA certificate. */ |
574 |
✗✓ |
9 |
if (x->ex_flags & EXFLAG_PROXY) { |
575 |
|
|
if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { |
576 |
|
|
ctx->error = |
577 |
|
|
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; |
578 |
|
|
ctx->error_depth = i; |
579 |
|
|
ctx->current_cert = x; |
580 |
|
|
ok = cb(0, ctx); |
581 |
|
|
if (!ok) |
582 |
|
|
goto end; |
583 |
|
|
} |
584 |
|
|
proxy_path_length++; |
585 |
|
|
must_be_ca = 0; |
586 |
|
|
} else |
587 |
|
9 |
must_be_ca = 1; |
588 |
|
|
} |
589 |
|
6 |
ok = 1; |
590 |
|
|
|
591 |
|
6 |
end: |
592 |
|
6 |
return ok; |
593 |
|
|
#endif |
594 |
|
|
} |
595 |
|
|
|
596 |
|
|
static int |
597 |
|
|
check_name_constraints(X509_STORE_CTX *ctx) |
598 |
|
6 |
{ |
599 |
|
|
X509 *x; |
600 |
|
|
int i, j, rv; |
601 |
|
|
|
602 |
|
|
/* Check name constraints for all certificates */ |
603 |
✓✓ |
19 |
for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { |
604 |
|
13 |
x = sk_X509_value(ctx->chain, i); |
605 |
|
|
/* Ignore self issued certs unless last in chain */ |
606 |
✓✓✓✓
|
13 |
if (i && (x->ex_flags & EXFLAG_SI)) |
607 |
|
4 |
continue; |
608 |
|
|
/* Check against constraints for all certificates higher in |
609 |
|
|
* chain including trust anchor. Trust anchor not strictly |
610 |
|
|
* speaking needed but if it includes constraints it is to be |
611 |
|
|
* assumed it expects them to be obeyed. |
612 |
|
|
*/ |
613 |
✓✓ |
19 |
for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { |
614 |
|
10 |
NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; |
615 |
✗✓ |
10 |
if (nc) { |
616 |
|
|
rv = NAME_CONSTRAINTS_check(x, nc); |
617 |
|
|
if (rv != X509_V_OK) { |
618 |
|
|
ctx->error = rv; |
619 |
|
|
ctx->error_depth = i; |
620 |
|
|
ctx->current_cert = x; |
621 |
|
|
if (!ctx->verify_cb(0, ctx)) |
622 |
|
|
return 0; |
623 |
|
|
} |
624 |
|
|
} |
625 |
|
|
} |
626 |
|
|
} |
627 |
|
6 |
return 1; |
628 |
|
|
} |
629 |
|
|
|
630 |
|
|
static int |
631 |
|
|
check_trust(X509_STORE_CTX *ctx) |
632 |
|
6 |
{ |
633 |
|
|
#ifdef OPENSSL_NO_CHAIN_VERIFY |
634 |
|
|
return 1; |
635 |
|
|
#else |
636 |
|
|
int i, ok; |
637 |
|
|
X509 *x; |
638 |
|
|
int (*cb)(int xok, X509_STORE_CTX *xctx); |
639 |
|
|
|
640 |
|
6 |
cb = ctx->verify_cb; |
641 |
|
|
/* For now just check the last certificate in the chain */ |
642 |
|
6 |
i = sk_X509_num(ctx->chain) - 1; |
643 |
|
6 |
x = sk_X509_value(ctx->chain, i); |
644 |
|
6 |
ok = X509_check_trust(x, ctx->param->trust, 0); |
645 |
✓✓ |
6 |
if (ok == X509_TRUST_TRUSTED) |
646 |
|
4 |
return 1; |
647 |
|
2 |
ctx->error_depth = i; |
648 |
|
2 |
ctx->current_cert = x; |
649 |
✗✓ |
2 |
if (ok == X509_TRUST_REJECTED) |
650 |
|
|
ctx->error = X509_V_ERR_CERT_REJECTED; |
651 |
|
|
else |
652 |
|
2 |
ctx->error = X509_V_ERR_CERT_UNTRUSTED; |
653 |
|
2 |
ok = cb(0, ctx); |
654 |
|
2 |
return ok; |
655 |
|
|
#endif |
656 |
|
|
} |
657 |
|
|
|
658 |
|
|
static int |
659 |
|
|
check_revocation(X509_STORE_CTX *ctx) |
660 |
|
6 |
{ |
661 |
|
|
int i, last, ok; |
662 |
|
|
|
663 |
✓✗ |
6 |
if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) |
664 |
|
6 |
return 1; |
665 |
|
|
if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) |
666 |
|
|
last = sk_X509_num(ctx->chain) - 1; |
667 |
|
|
else { |
668 |
|
|
/* If checking CRL paths this isn't the EE certificate */ |
669 |
|
|
if (ctx->parent) |
670 |
|
|
return 1; |
671 |
|
|
last = 0; |
672 |
|
|
} |
673 |
|
|
for (i = 0; i <= last; i++) { |
674 |
|
|
ctx->error_depth = i; |
675 |
|
|
ok = check_cert(ctx); |
676 |
|
|
if (!ok) |
677 |
|
|
return ok; |
678 |
|
|
} |
679 |
|
|
return 1; |
680 |
|
|
} |
681 |
|
|
|
682 |
|
|
static int |
683 |
|
|
check_cert(X509_STORE_CTX *ctx) |
684 |
|
|
{ |
685 |
|
|
X509_CRL *crl = NULL, *dcrl = NULL; |
686 |
|
|
X509 *x; |
687 |
|
|
int ok = 0, cnum; |
688 |
|
|
unsigned int last_reasons; |
689 |
|
|
|
690 |
|
|
cnum = ctx->error_depth; |
691 |
|
|
x = sk_X509_value(ctx->chain, cnum); |
692 |
|
|
ctx->current_cert = x; |
693 |
|
|
ctx->current_issuer = NULL; |
694 |
|
|
ctx->current_crl_score = 0; |
695 |
|
|
ctx->current_reasons = 0; |
696 |
|
|
while (ctx->current_reasons != CRLDP_ALL_REASONS) { |
697 |
|
|
last_reasons = ctx->current_reasons; |
698 |
|
|
/* Try to retrieve relevant CRL */ |
699 |
|
|
if (ctx->get_crl) |
700 |
|
|
ok = ctx->get_crl(ctx, &crl, x); |
701 |
|
|
else |
702 |
|
|
ok = get_crl_delta(ctx, &crl, &dcrl, x); |
703 |
|
|
/* If error looking up CRL, nothing we can do except |
704 |
|
|
* notify callback |
705 |
|
|
*/ |
706 |
|
|
if (!ok) { |
707 |
|
|
ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; |
708 |
|
|
ok = ctx->verify_cb(0, ctx); |
709 |
|
|
goto err; |
710 |
|
|
} |
711 |
|
|
ctx->current_crl = crl; |
712 |
|
|
ok = ctx->check_crl(ctx, crl); |
713 |
|
|
if (!ok) |
714 |
|
|
goto err; |
715 |
|
|
|
716 |
|
|
if (dcrl) { |
717 |
|
|
ok = ctx->check_crl(ctx, dcrl); |
718 |
|
|
if (!ok) |
719 |
|
|
goto err; |
720 |
|
|
ok = ctx->cert_crl(ctx, dcrl, x); |
721 |
|
|
if (!ok) |
722 |
|
|
goto err; |
723 |
|
|
} else |
724 |
|
|
ok = 1; |
725 |
|
|
|
726 |
|
|
/* Don't look in full CRL if delta reason is removefromCRL */ |
727 |
|
|
if (ok != 2) { |
728 |
|
|
ok = ctx->cert_crl(ctx, crl, x); |
729 |
|
|
if (!ok) |
730 |
|
|
goto err; |
731 |
|
|
} |
732 |
|
|
|
733 |
|
|
ctx->current_crl = NULL; |
734 |
|
|
X509_CRL_free(crl); |
735 |
|
|
X509_CRL_free(dcrl); |
736 |
|
|
crl = NULL; |
737 |
|
|
dcrl = NULL; |
738 |
|
|
/* If reasons not updated we wont get anywhere by |
739 |
|
|
* another iteration, so exit loop. |
740 |
|
|
*/ |
741 |
|
|
if (last_reasons == ctx->current_reasons) { |
742 |
|
|
ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; |
743 |
|
|
ok = ctx->verify_cb(0, ctx); |
744 |
|
|
goto err; |
745 |
|
|
} |
746 |
|
|
} |
747 |
|
|
|
748 |
|
|
err: |
749 |
|
|
ctx->current_crl = NULL; |
750 |
|
|
X509_CRL_free(crl); |
751 |
|
|
X509_CRL_free(dcrl); |
752 |
|
|
return ok; |
753 |
|
|
} |
754 |
|
|
|
755 |
|
|
/* Check CRL times against values in X509_STORE_CTX */ |
756 |
|
|
|
757 |
|
|
static int |
758 |
|
|
check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) |
759 |
|
|
{ |
760 |
|
|
time_t *ptime = NULL; |
761 |
|
|
int i; |
762 |
|
|
|
763 |
|
|
if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) |
764 |
|
|
return (1); |
765 |
|
|
|
766 |
|
|
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) |
767 |
|
|
ptime = &ctx->param->check_time; |
768 |
|
|
|
769 |
|
|
if (notify) |
770 |
|
|
ctx->current_crl = crl; |
771 |
|
|
|
772 |
|
|
i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); |
773 |
|
|
if (i == 0) { |
774 |
|
|
if (!notify) |
775 |
|
|
return 0; |
776 |
|
|
ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; |
777 |
|
|
if (!ctx->verify_cb(0, ctx)) |
778 |
|
|
return 0; |
779 |
|
|
} |
780 |
|
|
|
781 |
|
|
if (i > 0) { |
782 |
|
|
if (!notify) |
783 |
|
|
return 0; |
784 |
|
|
ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; |
785 |
|
|
if (!ctx->verify_cb(0, ctx)) |
786 |
|
|
return 0; |
787 |
|
|
} |
788 |
|
|
|
789 |
|
|
if (X509_CRL_get_nextUpdate(crl)) { |
790 |
|
|
i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); |
791 |
|
|
|
792 |
|
|
if (i == 0) { |
793 |
|
|
if (!notify) |
794 |
|
|
return 0; |
795 |
|
|
ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; |
796 |
|
|
if (!ctx->verify_cb(0, ctx)) |
797 |
|
|
return 0; |
798 |
|
|
} |
799 |
|
|
/* Ignore expiry of base CRL is delta is valid */ |
800 |
|
|
if ((i < 0) && |
801 |
|
|
!(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { |
802 |
|
|
if (!notify) |
803 |
|
|
return 0; |
804 |
|
|
ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; |
805 |
|
|
if (!ctx->verify_cb(0, ctx)) |
806 |
|
|
return 0; |
807 |
|
|
} |
808 |
|
|
} |
809 |
|
|
|
810 |
|
|
if (notify) |
811 |
|
|
ctx->current_crl = NULL; |
812 |
|
|
|
813 |
|
|
return 1; |
814 |
|
|
} |
815 |
|
|
|
816 |
|
|
static int |
817 |
|
|
get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, |
818 |
|
|
X509 **pissuer, int *pscore, unsigned int *preasons, |
819 |
|
|
STACK_OF(X509_CRL) *crls) |
820 |
|
|
{ |
821 |
|
|
int i, crl_score, best_score = *pscore; |
822 |
|
|
unsigned int reasons, best_reasons = 0; |
823 |
|
|
X509 *x = ctx->current_cert; |
824 |
|
|
X509_CRL *crl, *best_crl = NULL; |
825 |
|
|
X509 *crl_issuer = NULL, *best_crl_issuer = NULL; |
826 |
|
|
|
827 |
|
|
for (i = 0; i < sk_X509_CRL_num(crls); i++) { |
828 |
|
|
crl = sk_X509_CRL_value(crls, i); |
829 |
|
|
reasons = *preasons; |
830 |
|
|
crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); |
831 |
|
|
|
832 |
|
|
if (crl_score > best_score) { |
833 |
|
|
best_crl = crl; |
834 |
|
|
best_crl_issuer = crl_issuer; |
835 |
|
|
best_score = crl_score; |
836 |
|
|
best_reasons = reasons; |
837 |
|
|
} |
838 |
|
|
} |
839 |
|
|
|
840 |
|
|
if (best_crl) { |
841 |
|
|
if (*pcrl) |
842 |
|
|
X509_CRL_free(*pcrl); |
843 |
|
|
*pcrl = best_crl; |
844 |
|
|
*pissuer = best_crl_issuer; |
845 |
|
|
*pscore = best_score; |
846 |
|
|
*preasons = best_reasons; |
847 |
|
|
CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); |
848 |
|
|
if (*pdcrl) { |
849 |
|
|
X509_CRL_free(*pdcrl); |
850 |
|
|
*pdcrl = NULL; |
851 |
|
|
} |
852 |
|
|
get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); |
853 |
|
|
} |
854 |
|
|
|
855 |
|
|
if (best_score >= CRL_SCORE_VALID) |
856 |
|
|
return 1; |
857 |
|
|
|
858 |
|
|
return 0; |
859 |
|
|
} |
860 |
|
|
|
861 |
|
|
/* Compare two CRL extensions for delta checking purposes. They should be |
862 |
|
|
* both present or both absent. If both present all fields must be identical. |
863 |
|
|
*/ |
864 |
|
|
|
865 |
|
|
static int |
866 |
|
|
crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) |
867 |
|
|
{ |
868 |
|
|
ASN1_OCTET_STRING *exta, *extb; |
869 |
|
|
int i; |
870 |
|
|
|
871 |
|
|
i = X509_CRL_get_ext_by_NID(a, nid, -1); |
872 |
|
|
if (i >= 0) { |
873 |
|
|
/* Can't have multiple occurrences */ |
874 |
|
|
if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) |
875 |
|
|
return 0; |
876 |
|
|
exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); |
877 |
|
|
} else |
878 |
|
|
exta = NULL; |
879 |
|
|
|
880 |
|
|
i = X509_CRL_get_ext_by_NID(b, nid, -1); |
881 |
|
|
|
882 |
|
|
if (i >= 0) { |
883 |
|
|
if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) |
884 |
|
|
return 0; |
885 |
|
|
extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); |
886 |
|
|
} else |
887 |
|
|
extb = NULL; |
888 |
|
|
|
889 |
|
|
if (!exta && !extb) |
890 |
|
|
return 1; |
891 |
|
|
|
892 |
|
|
if (!exta || !extb) |
893 |
|
|
return 0; |
894 |
|
|
|
895 |
|
|
if (ASN1_OCTET_STRING_cmp(exta, extb)) |
896 |
|
|
return 0; |
897 |
|
|
|
898 |
|
|
return 1; |
899 |
|
|
} |
900 |
|
|
|
901 |
|
|
/* See if a base and delta are compatible */ |
902 |
|
|
|
903 |
|
|
static int |
904 |
|
|
check_delta_base(X509_CRL *delta, X509_CRL *base) |
905 |
|
|
{ |
906 |
|
|
/* Delta CRL must be a delta */ |
907 |
|
|
if (!delta->base_crl_number) |
908 |
|
|
return 0; |
909 |
|
|
/* Base must have a CRL number */ |
910 |
|
|
if (!base->crl_number) |
911 |
|
|
return 0; |
912 |
|
|
/* Issuer names must match */ |
913 |
|
|
if (X509_NAME_cmp(X509_CRL_get_issuer(base), |
914 |
|
|
X509_CRL_get_issuer(delta))) |
915 |
|
|
return 0; |
916 |
|
|
/* AKID and IDP must match */ |
917 |
|
|
if (!crl_extension_match(delta, base, NID_authority_key_identifier)) |
918 |
|
|
return 0; |
919 |
|
|
if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) |
920 |
|
|
return 0; |
921 |
|
|
/* Delta CRL base number must not exceed Full CRL number. */ |
922 |
|
|
if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) |
923 |
|
|
return 0; |
924 |
|
|
/* Delta CRL number must exceed full CRL number */ |
925 |
|
|
if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) |
926 |
|
|
return 1; |
927 |
|
|
return 0; |
928 |
|
|
} |
929 |
|
|
|
930 |
|
|
/* For a given base CRL find a delta... maybe extend to delta scoring |
931 |
|
|
* or retrieve a chain of deltas... |
932 |
|
|
*/ |
933 |
|
|
|
934 |
|
|
static void |
935 |
|
|
get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base, |
936 |
|
|
STACK_OF(X509_CRL) *crls) |
937 |
|
|
{ |
938 |
|
|
X509_CRL *delta; |
939 |
|
|
int i; |
940 |
|
|
|
941 |
|
|
if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) |
942 |
|
|
return; |
943 |
|
|
if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) |
944 |
|
|
return; |
945 |
|
|
for (i = 0; i < sk_X509_CRL_num(crls); i++) { |
946 |
|
|
delta = sk_X509_CRL_value(crls, i); |
947 |
|
|
if (check_delta_base(delta, base)) { |
948 |
|
|
if (check_crl_time(ctx, delta, 0)) |
949 |
|
|
*pscore |= CRL_SCORE_TIME_DELTA; |
950 |
|
|
CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); |
951 |
|
|
*dcrl = delta; |
952 |
|
|
return; |
953 |
|
|
} |
954 |
|
|
} |
955 |
|
|
*dcrl = NULL; |
956 |
|
|
} |
957 |
|
|
|
958 |
|
|
/* For a given CRL return how suitable it is for the supplied certificate 'x'. |
959 |
|
|
* The return value is a mask of several criteria. |
960 |
|
|
* If the issuer is not the certificate issuer this is returned in *pissuer. |
961 |
|
|
* The reasons mask is also used to determine if the CRL is suitable: if |
962 |
|
|
* no new reasons the CRL is rejected, otherwise reasons is updated. |
963 |
|
|
*/ |
964 |
|
|
|
965 |
|
|
static int |
966 |
|
|
get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, |
967 |
|
|
X509_CRL *crl, X509 *x) |
968 |
|
|
{ |
969 |
|
|
int crl_score = 0; |
970 |
|
|
unsigned int tmp_reasons = *preasons, crl_reasons; |
971 |
|
|
|
972 |
|
|
/* First see if we can reject CRL straight away */ |
973 |
|
|
|
974 |
|
|
/* Invalid IDP cannot be processed */ |
975 |
|
|
if (crl->idp_flags & IDP_INVALID) |
976 |
|
|
return 0; |
977 |
|
|
/* Reason codes or indirect CRLs need extended CRL support */ |
978 |
|
|
if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { |
979 |
|
|
if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) |
980 |
|
|
return 0; |
981 |
|
|
} else if (crl->idp_flags & IDP_REASONS) { |
982 |
|
|
/* If no new reasons reject */ |
983 |
|
|
if (!(crl->idp_reasons & ~tmp_reasons)) |
984 |
|
|
return 0; |
985 |
|
|
} |
986 |
|
|
/* Don't process deltas at this stage */ |
987 |
|
|
else if (crl->base_crl_number) |
988 |
|
|
return 0; |
989 |
|
|
/* If issuer name doesn't match certificate need indirect CRL */ |
990 |
|
|
if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { |
991 |
|
|
if (!(crl->idp_flags & IDP_INDIRECT)) |
992 |
|
|
return 0; |
993 |
|
|
} else |
994 |
|
|
crl_score |= CRL_SCORE_ISSUER_NAME; |
995 |
|
|
|
996 |
|
|
if (!(crl->flags & EXFLAG_CRITICAL)) |
997 |
|
|
crl_score |= CRL_SCORE_NOCRITICAL; |
998 |
|
|
|
999 |
|
|
/* Check expiry */ |
1000 |
|
|
if (check_crl_time(ctx, crl, 0)) |
1001 |
|
|
crl_score |= CRL_SCORE_TIME; |
1002 |
|
|
|
1003 |
|
|
/* Check authority key ID and locate certificate issuer */ |
1004 |
|
|
crl_akid_check(ctx, crl, pissuer, &crl_score); |
1005 |
|
|
|
1006 |
|
|
/* If we can't locate certificate issuer at this point forget it */ |
1007 |
|
|
|
1008 |
|
|
if (!(crl_score & CRL_SCORE_AKID)) |
1009 |
|
|
return 0; |
1010 |
|
|
|
1011 |
|
|
/* Check cert for matching CRL distribution points */ |
1012 |
|
|
|
1013 |
|
|
if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { |
1014 |
|
|
/* If no new reasons reject */ |
1015 |
|
|
if (!(crl_reasons & ~tmp_reasons)) |
1016 |
|
|
return 0; |
1017 |
|
|
tmp_reasons |= crl_reasons; |
1018 |
|
|
crl_score |= CRL_SCORE_SCOPE; |
1019 |
|
|
} |
1020 |
|
|
|
1021 |
|
|
*preasons = tmp_reasons; |
1022 |
|
|
|
1023 |
|
|
return crl_score; |
1024 |
|
|
} |
1025 |
|
|
|
1026 |
|
|
static void |
1027 |
|
|
crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, |
1028 |
|
|
int *pcrl_score) |
1029 |
|
|
{ |
1030 |
|
|
X509 *crl_issuer = NULL; |
1031 |
|
|
X509_NAME *cnm = X509_CRL_get_issuer(crl); |
1032 |
|
|
int cidx = ctx->error_depth; |
1033 |
|
|
int i; |
1034 |
|
|
|
1035 |
|
|
if (cidx != sk_X509_num(ctx->chain) - 1) |
1036 |
|
|
cidx++; |
1037 |
|
|
|
1038 |
|
|
crl_issuer = sk_X509_value(ctx->chain, cidx); |
1039 |
|
|
|
1040 |
|
|
if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { |
1041 |
|
|
if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { |
1042 |
|
|
*pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; |
1043 |
|
|
*pissuer = crl_issuer; |
1044 |
|
|
return; |
1045 |
|
|
} |
1046 |
|
|
} |
1047 |
|
|
|
1048 |
|
|
for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { |
1049 |
|
|
crl_issuer = sk_X509_value(ctx->chain, cidx); |
1050 |
|
|
if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) |
1051 |
|
|
continue; |
1052 |
|
|
if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { |
1053 |
|
|
*pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; |
1054 |
|
|
*pissuer = crl_issuer; |
1055 |
|
|
return; |
1056 |
|
|
} |
1057 |
|
|
} |
1058 |
|
|
|
1059 |
|
|
/* Anything else needs extended CRL support */ |
1060 |
|
|
|
1061 |
|
|
if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) |
1062 |
|
|
return; |
1063 |
|
|
|
1064 |
|
|
/* Otherwise the CRL issuer is not on the path. Look for it in the |
1065 |
|
|
* set of untrusted certificates. |
1066 |
|
|
*/ |
1067 |
|
|
for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { |
1068 |
|
|
crl_issuer = sk_X509_value(ctx->untrusted, i); |
1069 |
|
|
if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) |
1070 |
|
|
continue; |
1071 |
|
|
if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { |
1072 |
|
|
*pissuer = crl_issuer; |
1073 |
|
|
*pcrl_score |= CRL_SCORE_AKID; |
1074 |
|
|
return; |
1075 |
|
|
} |
1076 |
|
|
} |
1077 |
|
|
} |
1078 |
|
|
|
1079 |
|
|
/* Check the path of a CRL issuer certificate. This creates a new |
1080 |
|
|
* X509_STORE_CTX and populates it with most of the parameters from the |
1081 |
|
|
* parent. This could be optimised somewhat since a lot of path checking |
1082 |
|
|
* will be duplicated by the parent, but this will rarely be used in |
1083 |
|
|
* practice. |
1084 |
|
|
*/ |
1085 |
|
|
|
1086 |
|
|
static int |
1087 |
|
|
check_crl_path(X509_STORE_CTX *ctx, X509 *x) |
1088 |
|
|
{ |
1089 |
|
|
X509_STORE_CTX crl_ctx; |
1090 |
|
|
int ret; |
1091 |
|
|
|
1092 |
|
|
/* Don't allow recursive CRL path validation */ |
1093 |
|
|
if (ctx->parent) |
1094 |
|
|
return 0; |
1095 |
|
|
if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) { |
1096 |
|
|
ret = -1; |
1097 |
|
|
goto err; |
1098 |
|
|
} |
1099 |
|
|
|
1100 |
|
|
crl_ctx.crls = ctx->crls; |
1101 |
|
|
/* Copy verify params across */ |
1102 |
|
|
X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); |
1103 |
|
|
|
1104 |
|
|
crl_ctx.parent = ctx; |
1105 |
|
|
crl_ctx.verify_cb = ctx->verify_cb; |
1106 |
|
|
|
1107 |
|
|
/* Verify CRL issuer */ |
1108 |
|
|
ret = X509_verify_cert(&crl_ctx); |
1109 |
|
|
|
1110 |
|
|
if (ret <= 0) |
1111 |
|
|
goto err; |
1112 |
|
|
|
1113 |
|
|
/* Check chain is acceptable */ |
1114 |
|
|
ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); |
1115 |
|
|
|
1116 |
|
|
err: |
1117 |
|
|
X509_STORE_CTX_cleanup(&crl_ctx); |
1118 |
|
|
return ret; |
1119 |
|
|
} |
1120 |
|
|
|
1121 |
|
|
/* RFC3280 says nothing about the relationship between CRL path |
1122 |
|
|
* and certificate path, which could lead to situations where a |
1123 |
|
|
* certificate could be revoked or validated by a CA not authorised |
1124 |
|
|
* to do so. RFC5280 is more strict and states that the two paths must |
1125 |
|
|
* end in the same trust anchor, though some discussions remain... |
1126 |
|
|
* until this is resolved we use the RFC5280 version |
1127 |
|
|
*/ |
1128 |
|
|
|
1129 |
|
|
static int |
1130 |
|
|
check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, |
1131 |
|
|
STACK_OF(X509) *crl_path) |
1132 |
|
|
{ |
1133 |
|
|
X509 *cert_ta, *crl_ta; |
1134 |
|
|
|
1135 |
|
|
cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); |
1136 |
|
|
crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); |
1137 |
|
|
if (!X509_cmp(cert_ta, crl_ta)) |
1138 |
|
|
return 1; |
1139 |
|
|
return 0; |
1140 |
|
|
} |
1141 |
|
|
|
1142 |
|
|
/* Check for match between two dist point names: three separate cases. |
1143 |
|
|
* 1. Both are relative names and compare X509_NAME types. |
1144 |
|
|
* 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. |
1145 |
|
|
* 3. Both are full names and compare two GENERAL_NAMES. |
1146 |
|
|
* 4. One is NULL: automatic match. |
1147 |
|
|
*/ |
1148 |
|
|
|
1149 |
|
|
static int |
1150 |
|
|
idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) |
1151 |
|
|
{ |
1152 |
|
|
X509_NAME *nm = NULL; |
1153 |
|
|
GENERAL_NAMES *gens = NULL; |
1154 |
|
|
GENERAL_NAME *gena, *genb; |
1155 |
|
|
int i, j; |
1156 |
|
|
|
1157 |
|
|
if (!a || !b) |
1158 |
|
|
return 1; |
1159 |
|
|
if (a->type == 1) { |
1160 |
|
|
if (!a->dpname) |
1161 |
|
|
return 0; |
1162 |
|
|
/* Case 1: two X509_NAME */ |
1163 |
|
|
if (b->type == 1) { |
1164 |
|
|
if (!b->dpname) |
1165 |
|
|
return 0; |
1166 |
|
|
if (!X509_NAME_cmp(a->dpname, b->dpname)) |
1167 |
|
|
return 1; |
1168 |
|
|
else |
1169 |
|
|
return 0; |
1170 |
|
|
} |
1171 |
|
|
/* Case 2: set name and GENERAL_NAMES appropriately */ |
1172 |
|
|
nm = a->dpname; |
1173 |
|
|
gens = b->name.fullname; |
1174 |
|
|
} else if (b->type == 1) { |
1175 |
|
|
if (!b->dpname) |
1176 |
|
|
return 0; |
1177 |
|
|
/* Case 2: set name and GENERAL_NAMES appropriately */ |
1178 |
|
|
gens = a->name.fullname; |
1179 |
|
|
nm = b->dpname; |
1180 |
|
|
} |
1181 |
|
|
|
1182 |
|
|
/* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ |
1183 |
|
|
if (nm) { |
1184 |
|
|
for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { |
1185 |
|
|
gena = sk_GENERAL_NAME_value(gens, i); |
1186 |
|
|
if (gena->type != GEN_DIRNAME) |
1187 |
|
|
continue; |
1188 |
|
|
if (!X509_NAME_cmp(nm, gena->d.directoryName)) |
1189 |
|
|
return 1; |
1190 |
|
|
} |
1191 |
|
|
return 0; |
1192 |
|
|
} |
1193 |
|
|
|
1194 |
|
|
/* Else case 3: two GENERAL_NAMES */ |
1195 |
|
|
|
1196 |
|
|
for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { |
1197 |
|
|
gena = sk_GENERAL_NAME_value(a->name.fullname, i); |
1198 |
|
|
for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { |
1199 |
|
|
genb = sk_GENERAL_NAME_value(b->name.fullname, j); |
1200 |
|
|
if (!GENERAL_NAME_cmp(gena, genb)) |
1201 |
|
|
return 1; |
1202 |
|
|
} |
1203 |
|
|
} |
1204 |
|
|
|
1205 |
|
|
return 0; |
1206 |
|
|
} |
1207 |
|
|
|
1208 |
|
|
static int |
1209 |
|
|
crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) |
1210 |
|
|
{ |
1211 |
|
|
int i; |
1212 |
|
|
X509_NAME *nm = X509_CRL_get_issuer(crl); |
1213 |
|
|
|
1214 |
|
|
/* If no CRLissuer return is successful iff don't need a match */ |
1215 |
|
|
if (!dp->CRLissuer) |
1216 |
|
|
return !!(crl_score & CRL_SCORE_ISSUER_NAME); |
1217 |
|
|
for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { |
1218 |
|
|
GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); |
1219 |
|
|
if (gen->type != GEN_DIRNAME) |
1220 |
|
|
continue; |
1221 |
|
|
if (!X509_NAME_cmp(gen->d.directoryName, nm)) |
1222 |
|
|
return 1; |
1223 |
|
|
} |
1224 |
|
|
return 0; |
1225 |
|
|
} |
1226 |
|
|
|
1227 |
|
|
/* Check CRLDP and IDP */ |
1228 |
|
|
|
1229 |
|
|
static int |
1230 |
|
|
crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons) |
1231 |
|
|
{ |
1232 |
|
|
int i; |
1233 |
|
|
|
1234 |
|
|
if (crl->idp_flags & IDP_ONLYATTR) |
1235 |
|
|
return 0; |
1236 |
|
|
if (x->ex_flags & EXFLAG_CA) { |
1237 |
|
|
if (crl->idp_flags & IDP_ONLYUSER) |
1238 |
|
|
return 0; |
1239 |
|
|
} else { |
1240 |
|
|
if (crl->idp_flags & IDP_ONLYCA) |
1241 |
|
|
return 0; |
1242 |
|
|
} |
1243 |
|
|
*preasons = crl->idp_reasons; |
1244 |
|
|
for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { |
1245 |
|
|
DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); |
1246 |
|
|
if (crldp_check_crlissuer(dp, crl, crl_score)) { |
1247 |
|
|
if (!crl->idp || |
1248 |
|
|
idp_check_dp(dp->distpoint, crl->idp->distpoint)) { |
1249 |
|
|
*preasons &= dp->dp_reasons; |
1250 |
|
|
return 1; |
1251 |
|
|
} |
1252 |
|
|
} |
1253 |
|
|
} |
1254 |
|
|
if ((!crl->idp || !crl->idp->distpoint) && |
1255 |
|
|
(crl_score & CRL_SCORE_ISSUER_NAME)) |
1256 |
|
|
return 1; |
1257 |
|
|
return 0; |
1258 |
|
|
} |
1259 |
|
|
|
1260 |
|
|
/* Retrieve CRL corresponding to current certificate. |
1261 |
|
|
* If deltas enabled try to find a delta CRL too |
1262 |
|
|
*/ |
1263 |
|
|
|
1264 |
|
|
static int |
1265 |
|
|
get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) |
1266 |
|
|
{ |
1267 |
|
|
int ok; |
1268 |
|
|
X509 *issuer = NULL; |
1269 |
|
|
int crl_score = 0; |
1270 |
|
|
unsigned int reasons; |
1271 |
|
|
X509_CRL *crl = NULL, *dcrl = NULL; |
1272 |
|
|
STACK_OF(X509_CRL) *skcrl; |
1273 |
|
|
X509_NAME *nm = X509_get_issuer_name(x); |
1274 |
|
|
|
1275 |
|
|
reasons = ctx->current_reasons; |
1276 |
|
|
ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, |
1277 |
|
|
ctx->crls); |
1278 |
|
|
if (ok) |
1279 |
|
|
goto done; |
1280 |
|
|
|
1281 |
|
|
/* Lookup CRLs from store */ |
1282 |
|
|
skcrl = ctx->lookup_crls(ctx, nm); |
1283 |
|
|
|
1284 |
|
|
/* If no CRLs found and a near match from get_crl_sk use that */ |
1285 |
|
|
if (!skcrl && crl) |
1286 |
|
|
goto done; |
1287 |
|
|
|
1288 |
|
|
get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); |
1289 |
|
|
|
1290 |
|
|
sk_X509_CRL_pop_free(skcrl, X509_CRL_free); |
1291 |
|
|
|
1292 |
|
|
done: |
1293 |
|
|
|
1294 |
|
|
/* If we got any kind of CRL use it and return success */ |
1295 |
|
|
if (crl) { |
1296 |
|
|
ctx->current_issuer = issuer; |
1297 |
|
|
ctx->current_crl_score = crl_score; |
1298 |
|
|
ctx->current_reasons = reasons; |
1299 |
|
|
*pcrl = crl; |
1300 |
|
|
*pdcrl = dcrl; |
1301 |
|
|
return 1; |
1302 |
|
|
} |
1303 |
|
|
|
1304 |
|
|
return 0; |
1305 |
|
|
} |
1306 |
|
|
|
1307 |
|
|
/* Check CRL validity */ |
1308 |
|
|
static int |
1309 |
|
|
check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) |
1310 |
|
|
{ |
1311 |
|
|
X509 *issuer = NULL; |
1312 |
|
|
EVP_PKEY *ikey = NULL; |
1313 |
|
|
int ok = 0, chnum, cnum; |
1314 |
|
|
|
1315 |
|
|
cnum = ctx->error_depth; |
1316 |
|
|
chnum = sk_X509_num(ctx->chain) - 1; |
1317 |
|
|
/* if we have an alternative CRL issuer cert use that */ |
1318 |
|
|
if (ctx->current_issuer) { |
1319 |
|
|
issuer = ctx->current_issuer; |
1320 |
|
|
} else if (cnum < chnum) { |
1321 |
|
|
/* Else find CRL issuer: if not last certificate then issuer |
1322 |
|
|
* is next certificate in chain. |
1323 |
|
|
*/ |
1324 |
|
|
issuer = sk_X509_value(ctx->chain, cnum + 1); |
1325 |
|
|
} else { |
1326 |
|
|
issuer = sk_X509_value(ctx->chain, chnum); |
1327 |
|
|
/* If not self signed, can't check signature */ |
1328 |
|
|
if (!ctx->check_issued(ctx, issuer, issuer)) { |
1329 |
|
|
ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; |
1330 |
|
|
ok = ctx->verify_cb(0, ctx); |
1331 |
|
|
if (!ok) |
1332 |
|
|
goto err; |
1333 |
|
|
} |
1334 |
|
|
} |
1335 |
|
|
|
1336 |
|
|
if (issuer) { |
1337 |
|
|
/* Skip most tests for deltas because they have already |
1338 |
|
|
* been done |
1339 |
|
|
*/ |
1340 |
|
|
if (!crl->base_crl_number) { |
1341 |
|
|
/* Check for cRLSign bit if keyUsage present */ |
1342 |
|
|
if ((issuer->ex_flags & EXFLAG_KUSAGE) && |
1343 |
|
|
!(issuer->ex_kusage & KU_CRL_SIGN)) { |
1344 |
|
|
ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; |
1345 |
|
|
ok = ctx->verify_cb(0, ctx); |
1346 |
|
|
if (!ok) |
1347 |
|
|
goto err; |
1348 |
|
|
} |
1349 |
|
|
|
1350 |
|
|
if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { |
1351 |
|
|
ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; |
1352 |
|
|
ok = ctx->verify_cb(0, ctx); |
1353 |
|
|
if (!ok) |
1354 |
|
|
goto err; |
1355 |
|
|
} |
1356 |
|
|
|
1357 |
|
|
if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { |
1358 |
|
|
if (check_crl_path(ctx, |
1359 |
|
|
ctx->current_issuer) <= 0) { |
1360 |
|
|
ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; |
1361 |
|
|
ok = ctx->verify_cb(0, ctx); |
1362 |
|
|
if (!ok) |
1363 |
|
|
goto err; |
1364 |
|
|
} |
1365 |
|
|
} |
1366 |
|
|
|
1367 |
|
|
if (crl->idp_flags & IDP_INVALID) { |
1368 |
|
|
ctx->error = X509_V_ERR_INVALID_EXTENSION; |
1369 |
|
|
ok = ctx->verify_cb(0, ctx); |
1370 |
|
|
if (!ok) |
1371 |
|
|
goto err; |
1372 |
|
|
} |
1373 |
|
|
|
1374 |
|
|
|
1375 |
|
|
} |
1376 |
|
|
|
1377 |
|
|
if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { |
1378 |
|
|
ok = check_crl_time(ctx, crl, 1); |
1379 |
|
|
if (!ok) |
1380 |
|
|
goto err; |
1381 |
|
|
} |
1382 |
|
|
|
1383 |
|
|
/* Attempt to get issuer certificate public key */ |
1384 |
|
|
ikey = X509_get_pubkey(issuer); |
1385 |
|
|
|
1386 |
|
|
if (!ikey) { |
1387 |
|
|
ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; |
1388 |
|
|
ok = ctx->verify_cb(0, ctx); |
1389 |
|
|
if (!ok) |
1390 |
|
|
goto err; |
1391 |
|
|
} else { |
1392 |
|
|
/* Verify CRL signature */ |
1393 |
|
|
if (X509_CRL_verify(crl, ikey) <= 0) { |
1394 |
|
|
ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; |
1395 |
|
|
ok = ctx->verify_cb(0, ctx); |
1396 |
|
|
if (!ok) |
1397 |
|
|
goto err; |
1398 |
|
|
} |
1399 |
|
|
} |
1400 |
|
|
} |
1401 |
|
|
|
1402 |
|
|
ok = 1; |
1403 |
|
|
|
1404 |
|
|
err: |
1405 |
|
|
EVP_PKEY_free(ikey); |
1406 |
|
|
return ok; |
1407 |
|
|
} |
1408 |
|
|
|
1409 |
|
|
/* Check certificate against CRL */ |
1410 |
|
|
static int |
1411 |
|
|
cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) |
1412 |
|
|
{ |
1413 |
|
|
int ok; |
1414 |
|
|
X509_REVOKED *rev; |
1415 |
|
|
|
1416 |
|
|
/* The rules changed for this... previously if a CRL contained |
1417 |
|
|
* unhandled critical extensions it could still be used to indicate |
1418 |
|
|
* a certificate was revoked. This has since been changed since |
1419 |
|
|
* critical extension can change the meaning of CRL entries. |
1420 |
|
|
*/ |
1421 |
|
|
if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && |
1422 |
|
|
(crl->flags & EXFLAG_CRITICAL)) { |
1423 |
|
|
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; |
1424 |
|
|
ok = ctx->verify_cb(0, ctx); |
1425 |
|
|
if (!ok) |
1426 |
|
|
return 0; |
1427 |
|
|
} |
1428 |
|
|
/* Look for serial number of certificate in CRL |
1429 |
|
|
* If found make sure reason is not removeFromCRL. |
1430 |
|
|
*/ |
1431 |
|
|
if (X509_CRL_get0_by_cert(crl, &rev, x)) { |
1432 |
|
|
if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) |
1433 |
|
|
return 2; |
1434 |
|
|
ctx->error = X509_V_ERR_CERT_REVOKED; |
1435 |
|
|
ok = ctx->verify_cb(0, ctx); |
1436 |
|
|
if (!ok) |
1437 |
|
|
return 0; |
1438 |
|
|
} |
1439 |
|
|
|
1440 |
|
|
return 1; |
1441 |
|
|
} |
1442 |
|
|
|
1443 |
|
|
static int |
1444 |
|
|
check_policy(X509_STORE_CTX *ctx) |
1445 |
|
|
{ |
1446 |
|
|
int ret; |
1447 |
|
|
|
1448 |
|
|
if (ctx->parent) |
1449 |
|
|
return 1; |
1450 |
|
|
ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, |
1451 |
|
|
ctx->param->policies, ctx->param->flags); |
1452 |
|
|
if (ret == 0) { |
1453 |
|
|
X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); |
1454 |
|
|
return 0; |
1455 |
|
|
} |
1456 |
|
|
/* Invalid or inconsistent extensions */ |
1457 |
|
|
if (ret == -1) { |
1458 |
|
|
/* Locate certificates with bad extensions and notify |
1459 |
|
|
* callback. |
1460 |
|
|
*/ |
1461 |
|
|
X509 *x; |
1462 |
|
|
int i; |
1463 |
|
|
for (i = 1; i < sk_X509_num(ctx->chain); i++) { |
1464 |
|
|
x = sk_X509_value(ctx->chain, i); |
1465 |
|
|
if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) |
1466 |
|
|
continue; |
1467 |
|
|
ctx->current_cert = x; |
1468 |
|
|
ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; |
1469 |
|
|
if (!ctx->verify_cb(0, ctx)) |
1470 |
|
|
return 0; |
1471 |
|
|
} |
1472 |
|
|
return 1; |
1473 |
|
|
} |
1474 |
|
|
if (ret == -2) { |
1475 |
|
|
ctx->current_cert = NULL; |
1476 |
|
|
ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; |
1477 |
|
|
return ctx->verify_cb(0, ctx); |
1478 |
|
|
} |
1479 |
|
|
|
1480 |
|
|
if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { |
1481 |
|
|
ctx->current_cert = NULL; |
1482 |
|
|
ctx->error = X509_V_OK; |
1483 |
|
|
if (!ctx->verify_cb(2, ctx)) |
1484 |
|
|
return 0; |
1485 |
|
|
} |
1486 |
|
|
|
1487 |
|
|
return 1; |
1488 |
|
|
} |
1489 |
|
|
|
1490 |
|
|
int |
1491 |
|
|
x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet) |
1492 |
|
18 |
{ |
1493 |
|
18 |
time_t *ptime = NULL; |
1494 |
|
|
int i; |
1495 |
|
|
|
1496 |
✗✓ |
18 |
if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) |
1497 |
|
|
return (1); |
1498 |
|
|
|
1499 |
✗✓ |
18 |
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) |
1500 |
|
|
ptime = &ctx->param->check_time; |
1501 |
|
|
|
1502 |
|
18 |
i = X509_cmp_time(X509_get_notBefore(x), ptime); |
1503 |
✗✓ |
18 |
if (i == 0) { |
1504 |
|
|
if (quiet) |
1505 |
|
|
return 0; |
1506 |
|
|
ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; |
1507 |
|
|
ctx->current_cert = x; |
1508 |
|
|
if (!ctx->verify_cb(0, ctx)) |
1509 |
|
|
return 0; |
1510 |
|
|
} |
1511 |
|
|
|
1512 |
✗✓ |
18 |
if (i > 0) { |
1513 |
|
|
if (quiet) |
1514 |
|
|
return 0; |
1515 |
|
|
ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; |
1516 |
|
|
ctx->current_cert = x; |
1517 |
|
|
if (!ctx->verify_cb(0, ctx)) |
1518 |
|
|
return 0; |
1519 |
|
|
} |
1520 |
|
|
|
1521 |
|
18 |
i = X509_cmp_time(X509_get_notAfter(x), ptime); |
1522 |
✗✓ |
18 |
if (i == 0) { |
1523 |
|
|
if (quiet) |
1524 |
|
|
return 0; |
1525 |
|
|
ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; |
1526 |
|
|
ctx->current_cert = x; |
1527 |
|
|
if (!ctx->verify_cb(0, ctx)) |
1528 |
|
|
return 0; |
1529 |
|
|
} |
1530 |
|
|
|
1531 |
✗✓ |
18 |
if (i < 0) { |
1532 |
|
|
if (quiet) |
1533 |
|
|
return 0; |
1534 |
|
|
ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; |
1535 |
|
|
ctx->current_cert = x; |
1536 |
|
|
if (!ctx->verify_cb(0, ctx)) |
1537 |
|
|
return 0; |
1538 |
|
|
} |
1539 |
|
|
|
1540 |
|
18 |
return 1; |
1541 |
|
|
} |
1542 |
|
|
|
1543 |
|
|
static int |
1544 |
|
|
internal_verify(X509_STORE_CTX *ctx) |
1545 |
|
6 |
{ |
1546 |
|
6 |
int ok = 0, n; |
1547 |
|
|
X509 *xs, *xi; |
1548 |
|
6 |
EVP_PKEY *pkey = NULL; |
1549 |
|
|
int (*cb)(int xok, X509_STORE_CTX *xctx); |
1550 |
|
|
|
1551 |
|
6 |
cb = ctx->verify_cb; |
1552 |
|
|
|
1553 |
|
6 |
n = sk_X509_num(ctx->chain); |
1554 |
|
6 |
ctx->error_depth = n - 1; |
1555 |
|
6 |
n--; |
1556 |
|
6 |
xi = sk_X509_value(ctx->chain, n); |
1557 |
|
|
|
1558 |
✓✓ |
6 |
if (ctx->check_issued(ctx, xi, xi)) |
1559 |
|
4 |
xs = xi; |
1560 |
|
|
else { |
1561 |
✓✗ |
2 |
if (n <= 0) { |
1562 |
|
2 |
ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; |
1563 |
|
2 |
ctx->current_cert = xi; |
1564 |
|
2 |
ok = cb(0, ctx); |
1565 |
|
2 |
goto end; |
1566 |
|
|
} else { |
1567 |
|
|
n--; |
1568 |
|
|
ctx->error_depth = n; |
1569 |
|
|
xs = sk_X509_value(ctx->chain, n); |
1570 |
|
|
} |
1571 |
|
|
} |
1572 |
|
|
|
1573 |
|
|
/* ctx->error=0; not needed */ |
1574 |
✓✓ |
15 |
while (n >= 0) { |
1575 |
|
11 |
ctx->error_depth = n; |
1576 |
|
|
|
1577 |
|
|
/* Skip signature check for self signed certificates unless |
1578 |
|
|
* explicitly asked for. It doesn't add any security and |
1579 |
|
|
* just wastes time. |
1580 |
|
|
*/ |
1581 |
✓✓✓✓
✗✓ |
11 |
if (!xs->valid && (xs != xi || |
1582 |
|
|
(ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { |
1583 |
✗✓ |
5 |
if ((pkey = X509_get_pubkey(xi)) == NULL) { |
1584 |
|
|
ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; |
1585 |
|
|
ctx->current_cert = xi; |
1586 |
|
|
ok = (*cb)(0, ctx); |
1587 |
|
|
if (!ok) |
1588 |
|
|
goto end; |
1589 |
✗✓ |
5 |
} else if (X509_verify(xs, pkey) <= 0) { |
1590 |
|
|
ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; |
1591 |
|
|
ctx->current_cert = xs; |
1592 |
|
|
ok = (*cb)(0, ctx); |
1593 |
|
|
if (!ok) { |
1594 |
|
|
EVP_PKEY_free(pkey); |
1595 |
|
|
goto end; |
1596 |
|
|
} |
1597 |
|
|
} |
1598 |
|
5 |
EVP_PKEY_free(pkey); |
1599 |
|
5 |
pkey = NULL; |
1600 |
|
|
} |
1601 |
|
|
|
1602 |
|
11 |
xs->valid = 1; |
1603 |
|
|
|
1604 |
|
11 |
ok = x509_check_cert_time(ctx, xs, 0); |
1605 |
✗✓ |
11 |
if (!ok) |
1606 |
|
|
goto end; |
1607 |
|
|
|
1608 |
|
|
/* The last error (if any) is still in the error value */ |
1609 |
|
11 |
ctx->current_issuer = xi; |
1610 |
|
11 |
ctx->current_cert = xs; |
1611 |
|
11 |
ok = (*cb)(1, ctx); |
1612 |
✗✓ |
11 |
if (!ok) |
1613 |
|
|
goto end; |
1614 |
|
|
|
1615 |
|
11 |
n--; |
1616 |
✓✓ |
11 |
if (n >= 0) { |
1617 |
|
7 |
xi = xs; |
1618 |
|
7 |
xs = sk_X509_value(ctx->chain, n); |
1619 |
|
|
} |
1620 |
|
|
} |
1621 |
|
4 |
ok = 1; |
1622 |
|
|
|
1623 |
|
6 |
end: |
1624 |
|
6 |
return ok; |
1625 |
|
|
} |
1626 |
|
|
|
1627 |
|
|
int |
1628 |
|
|
X509_cmp_current_time(const ASN1_TIME *ctm) |
1629 |
|
|
{ |
1630 |
|
|
return X509_cmp_time(ctm, NULL); |
1631 |
|
|
} |
1632 |
|
|
|
1633 |
|
|
/* |
1634 |
|
|
* Compare a possibly unvalidated ASN1_TIME string against a time_t |
1635 |
|
|
* using RFC 5280 rules for the time string. If *cmp_time is NULL |
1636 |
|
|
* the current system time is used. |
1637 |
|
|
* |
1638 |
|
|
* XXX NOTE that unlike what you expect a "cmp" function to do in C, |
1639 |
|
|
* XXX this one is "special", and returns 0 for error. |
1640 |
|
|
* |
1641 |
|
|
* Returns: |
1642 |
|
|
* -1 if the ASN1_time is earlier than OR the same as *cmp_time. |
1643 |
|
|
* 1 if the ASN1_time is later than *cmp_time. |
1644 |
|
|
* 0 on error. |
1645 |
|
|
*/ |
1646 |
|
|
int |
1647 |
|
|
X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) |
1648 |
|
70 |
{ |
1649 |
|
|
time_t time1, time2; |
1650 |
|
|
struct tm tm1, tm2; |
1651 |
|
70 |
int ret = 0; |
1652 |
|
|
int type; |
1653 |
|
|
|
1654 |
✓✓ |
70 |
if (cmp_time == NULL) |
1655 |
|
36 |
time2 = time(NULL); |
1656 |
|
|
else |
1657 |
|
34 |
time2 = *cmp_time; |
1658 |
|
|
|
1659 |
|
70 |
memset(&tm1, 0, sizeof(tm1)); |
1660 |
|
|
|
1661 |
✗✓ |
70 |
if ((type = asn1_time_parse(ctm->data, ctm->length, &tm1, 0)) == -1) |
1662 |
|
|
goto out; /* invalid time */ |
1663 |
|
|
|
1664 |
|
|
/* RFC 5280 section 4.1.2.5 */ |
1665 |
✓✓ |
70 |
if (tm1.tm_year < 150 && type != V_ASN1_UTCTIME) |
1666 |
|
10 |
goto out; |
1667 |
✗✓ |
60 |
if (tm1.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) |
1668 |
|
|
goto out; |
1669 |
|
|
|
1670 |
|
|
/* |
1671 |
|
|
* Defensively fail if the time string is not representable as |
1672 |
|
|
* a time_t. A time_t must be sane if you care about times after |
1673 |
|
|
* Jan 19 2038. |
1674 |
|
|
*/ |
1675 |
✗✓ |
60 |
if ((time1 = timegm(&tm1)) == -1) |
1676 |
|
|
goto out; |
1677 |
|
|
|
1678 |
✗✓ |
60 |
if (gmtime_r(&time2, &tm2) == NULL) |
1679 |
|
|
goto out; |
1680 |
|
|
|
1681 |
|
60 |
ret = asn1_tm_cmp(&tm1, &tm2); |
1682 |
✓✓ |
60 |
if (ret == 0) |
1683 |
|
12 |
ret = -1; /* 0 is used for error, so map same to less than */ |
1684 |
|
70 |
out: |
1685 |
|
70 |
return (ret); |
1686 |
|
|
} |
1687 |
|
|
|
1688 |
|
|
ASN1_TIME * |
1689 |
|
|
X509_gmtime_adj(ASN1_TIME *s, long adj) |
1690 |
|
2 |
{ |
1691 |
|
2 |
return X509_time_adj(s, adj, NULL); |
1692 |
|
|
} |
1693 |
|
|
|
1694 |
|
|
ASN1_TIME * |
1695 |
|
|
X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time) |
1696 |
|
2 |
{ |
1697 |
|
2 |
return X509_time_adj_ex(s, 0, offset_sec, in_time); |
1698 |
|
|
} |
1699 |
|
|
|
1700 |
|
|
ASN1_TIME * |
1701 |
|
|
X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time) |
1702 |
|
2 |
{ |
1703 |
|
|
time_t t; |
1704 |
✓✗ |
2 |
if (in_time == NULL) |
1705 |
|
2 |
t = time(NULL); |
1706 |
|
|
else |
1707 |
|
|
t = *in_time; |
1708 |
|
|
|
1709 |
|
2 |
return ASN1_TIME_adj(s, t, offset_day, offset_sec); |
1710 |
|
|
} |
1711 |
|
|
|
1712 |
|
|
int |
1713 |
|
|
X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) |
1714 |
|
6 |
{ |
1715 |
|
6 |
EVP_PKEY *ktmp = NULL, *ktmp2; |
1716 |
|
|
int i, j; |
1717 |
|
|
|
1718 |
✗✓✗✗
|
6 |
if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) |
1719 |
|
|
return 1; |
1720 |
|
|
|
1721 |
✓✗ |
6 |
for (i = 0; i < sk_X509_num(chain); i++) { |
1722 |
|
6 |
ktmp = X509_get_pubkey(sk_X509_value(chain, i)); |
1723 |
✗✓ |
6 |
if (ktmp == NULL) { |
1724 |
|
|
X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, |
1725 |
|
|
X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); |
1726 |
|
|
return 0; |
1727 |
|
|
} |
1728 |
✓✗ |
6 |
if (!EVP_PKEY_missing_parameters(ktmp)) |
1729 |
|
6 |
break; |
1730 |
|
|
else { |
1731 |
|
|
EVP_PKEY_free(ktmp); |
1732 |
|
|
ktmp = NULL; |
1733 |
|
|
} |
1734 |
|
|
} |
1735 |
✗✓ |
6 |
if (ktmp == NULL) { |
1736 |
|
|
X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, |
1737 |
|
|
X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); |
1738 |
|
|
return 0; |
1739 |
|
|
} |
1740 |
|
|
|
1741 |
|
|
/* first, populate the other certs */ |
1742 |
✗✓ |
6 |
for (j = i - 1; j >= 0; j--) { |
1743 |
|
|
ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); |
1744 |
|
|
EVP_PKEY_copy_parameters(ktmp2, ktmp); |
1745 |
|
|
EVP_PKEY_free(ktmp2); |
1746 |
|
|
} |
1747 |
|
|
|
1748 |
✗✓ |
6 |
if (pkey != NULL) |
1749 |
|
|
EVP_PKEY_copy_parameters(pkey, ktmp); |
1750 |
|
6 |
EVP_PKEY_free(ktmp); |
1751 |
|
6 |
return 1; |
1752 |
|
|
} |
1753 |
|
|
|
1754 |
|
|
int |
1755 |
|
|
X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
1756 |
|
|
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
1757 |
|
2 |
{ |
1758 |
|
|
/* This function is (usually) called only once, by |
1759 |
|
|
* SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ |
1760 |
|
2 |
return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, |
1761 |
|
|
argl, argp, new_func, dup_func, free_func); |
1762 |
|
|
} |
1763 |
|
|
|
1764 |
|
|
int |
1765 |
|
|
X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) |
1766 |
|
2 |
{ |
1767 |
|
2 |
return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); |
1768 |
|
|
} |
1769 |
|
|
|
1770 |
|
|
void * |
1771 |
|
|
X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) |
1772 |
|
|
{ |
1773 |
|
|
return CRYPTO_get_ex_data(&ctx->ex_data, idx); |
1774 |
|
|
} |
1775 |
|
|
|
1776 |
|
|
int |
1777 |
|
|
X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) |
1778 |
|
|
{ |
1779 |
|
|
return ctx->error; |
1780 |
|
|
} |
1781 |
|
|
|
1782 |
|
|
void |
1783 |
|
|
X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) |
1784 |
|
|
{ |
1785 |
|
|
ctx->error = err; |
1786 |
|
|
} |
1787 |
|
|
|
1788 |
|
|
int |
1789 |
|
|
X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) |
1790 |
|
|
{ |
1791 |
|
|
return ctx->error_depth; |
1792 |
|
|
} |
1793 |
|
|
|
1794 |
|
|
X509 * |
1795 |
|
|
X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) |
1796 |
|
|
{ |
1797 |
|
|
return ctx->current_cert; |
1798 |
|
|
} |
1799 |
|
|
|
1800 |
|
|
STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) |
1801 |
|
|
{ |
1802 |
|
|
return ctx->chain; |
1803 |
|
|
} |
1804 |
|
|
|
1805 |
|
|
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) |
1806 |
|
2 |
{ |
1807 |
|
|
int i; |
1808 |
|
|
X509 *x; |
1809 |
|
|
STACK_OF(X509) *chain; |
1810 |
|
|
|
1811 |
✓✗✗✓
|
2 |
if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) |
1812 |
|
|
return NULL; |
1813 |
✓✓ |
7 |
for (i = 0; i < sk_X509_num(chain); i++) { |
1814 |
|
5 |
x = sk_X509_value(chain, i); |
1815 |
|
5 |
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
1816 |
|
|
} |
1817 |
|
2 |
return chain; |
1818 |
|
|
} |
1819 |
|
|
|
1820 |
|
|
X509 * |
1821 |
|
|
X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) |
1822 |
|
|
{ |
1823 |
|
|
return ctx->current_issuer; |
1824 |
|
|
} |
1825 |
|
|
|
1826 |
|
|
X509_CRL * |
1827 |
|
|
X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) |
1828 |
|
|
{ |
1829 |
|
|
return ctx->current_crl; |
1830 |
|
|
} |
1831 |
|
|
|
1832 |
|
|
X509_STORE_CTX * |
1833 |
|
|
X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) |
1834 |
|
|
{ |
1835 |
|
|
return ctx->parent; |
1836 |
|
|
} |
1837 |
|
|
|
1838 |
|
|
void |
1839 |
|
|
X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) |
1840 |
|
|
{ |
1841 |
|
|
ctx->cert = x; |
1842 |
|
|
} |
1843 |
|
|
|
1844 |
|
|
void |
1845 |
|
|
X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) |
1846 |
|
|
{ |
1847 |
|
|
ctx->untrusted = sk; |
1848 |
|
|
} |
1849 |
|
|
|
1850 |
|
|
void |
1851 |
|
|
X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) |
1852 |
|
2 |
{ |
1853 |
|
2 |
ctx->crls = sk; |
1854 |
|
2 |
} |
1855 |
|
|
|
1856 |
|
|
int |
1857 |
|
|
X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) |
1858 |
|
2 |
{ |
1859 |
|
2 |
return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); |
1860 |
|
|
} |
1861 |
|
|
|
1862 |
|
|
int |
1863 |
|
|
X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) |
1864 |
|
|
{ |
1865 |
|
|
return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); |
1866 |
|
|
} |
1867 |
|
|
|
1868 |
|
|
/* This function is used to set the X509_STORE_CTX purpose and trust |
1869 |
|
|
* values. This is intended to be used when another structure has its |
1870 |
|
|
* own trust and purpose values which (if set) will be inherited by |
1871 |
|
|
* the ctx. If they aren't set then we will usually have a default |
1872 |
|
|
* purpose in mind which should then be used to set the trust value. |
1873 |
|
|
* An example of this is SSL use: an SSL structure will have its own |
1874 |
|
|
* purpose and trust settings which the application can set: if they |
1875 |
|
|
* aren't set then we use the default of SSL client/server. |
1876 |
|
|
*/ |
1877 |
|
|
|
1878 |
|
|
int |
1879 |
|
|
X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, |
1880 |
|
|
int purpose, int trust) |
1881 |
|
2 |
{ |
1882 |
|
|
int idx; |
1883 |
|
|
|
1884 |
|
|
/* If purpose not set use default */ |
1885 |
✗✓ |
2 |
if (!purpose) |
1886 |
|
|
purpose = def_purpose; |
1887 |
|
|
/* If we have a purpose then check it is valid */ |
1888 |
✓✗ |
2 |
if (purpose) { |
1889 |
|
|
X509_PURPOSE *ptmp; |
1890 |
|
2 |
idx = X509_PURPOSE_get_by_id(purpose); |
1891 |
✗✓ |
2 |
if (idx == -1) { |
1892 |
|
|
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, |
1893 |
|
|
X509_R_UNKNOWN_PURPOSE_ID); |
1894 |
|
|
return 0; |
1895 |
|
|
} |
1896 |
|
2 |
ptmp = X509_PURPOSE_get0(idx); |
1897 |
✗✓ |
2 |
if (ptmp->trust == X509_TRUST_DEFAULT) { |
1898 |
|
|
idx = X509_PURPOSE_get_by_id(def_purpose); |
1899 |
|
|
if (idx == -1) { |
1900 |
|
|
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, |
1901 |
|
|
X509_R_UNKNOWN_PURPOSE_ID); |
1902 |
|
|
return 0; |
1903 |
|
|
} |
1904 |
|
|
ptmp = X509_PURPOSE_get0(idx); |
1905 |
|
|
} |
1906 |
|
|
/* If trust not set then get from purpose default */ |
1907 |
✓✗ |
2 |
if (!trust) |
1908 |
|
2 |
trust = ptmp->trust; |
1909 |
|
|
} |
1910 |
✓✗ |
2 |
if (trust) { |
1911 |
|
2 |
idx = X509_TRUST_get_by_id(trust); |
1912 |
✗✓ |
2 |
if (idx == -1) { |
1913 |
|
|
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, |
1914 |
|
|
X509_R_UNKNOWN_TRUST_ID); |
1915 |
|
|
return 0; |
1916 |
|
|
} |
1917 |
|
|
} |
1918 |
|
|
|
1919 |
✓✗✓✗
|
2 |
if (purpose && !ctx->param->purpose) |
1920 |
|
2 |
ctx->param->purpose = purpose; |
1921 |
✓✗✓✗
|
2 |
if (trust && !ctx->param->trust) |
1922 |
|
2 |
ctx->param->trust = trust; |
1923 |
|
2 |
return 1; |
1924 |
|
|
} |
1925 |
|
|
|
1926 |
|
|
X509_STORE_CTX * |
1927 |
|
|
X509_STORE_CTX_new(void) |
1928 |
|
|
{ |
1929 |
|
|
X509_STORE_CTX *ctx; |
1930 |
|
|
|
1931 |
|
|
ctx = calloc(1, sizeof(X509_STORE_CTX)); |
1932 |
|
|
if (!ctx) { |
1933 |
|
|
X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); |
1934 |
|
|
return NULL; |
1935 |
|
|
} |
1936 |
|
|
return ctx; |
1937 |
|
|
} |
1938 |
|
|
|
1939 |
|
|
void |
1940 |
|
|
X509_STORE_CTX_free(X509_STORE_CTX *ctx) |
1941 |
|
|
{ |
1942 |
|
|
if (ctx == NULL) |
1943 |
|
|
return; |
1944 |
|
|
|
1945 |
|
|
X509_STORE_CTX_cleanup(ctx); |
1946 |
|
|
free(ctx); |
1947 |
|
|
} |
1948 |
|
|
|
1949 |
|
|
int |
1950 |
|
|
X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, |
1951 |
|
|
STACK_OF(X509) *chain) |
1952 |
|
6 |
{ |
1953 |
|
6 |
int param_ret = 1; |
1954 |
|
|
|
1955 |
|
|
/* |
1956 |
|
|
* Make sure everything is initialized properly even in case of an |
1957 |
|
|
* early return due to an error. |
1958 |
|
|
* |
1959 |
|
|
* While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have |
1960 |
|
|
* freed everything and memset ex_data anyway. This also allows us |
1961 |
|
|
* to safely use X509_STORE_CTX variables from the stack which will |
1962 |
|
|
* have uninitialized data. |
1963 |
|
|
*/ |
1964 |
|
6 |
memset(ctx, 0, sizeof(*ctx)); |
1965 |
|
|
|
1966 |
|
|
/* |
1967 |
|
|
* Set values other than 0. Keep this in the same order as |
1968 |
|
|
* X509_STORE_CTX except for values that may fail. All fields that |
1969 |
|
|
* may fail should go last to make sure 'ctx' is as consistent as |
1970 |
|
|
* possible even on early exits. |
1971 |
|
|
*/ |
1972 |
|
6 |
ctx->ctx = store; |
1973 |
|
6 |
ctx->cert = x509; |
1974 |
|
6 |
ctx->untrusted = chain; |
1975 |
|
|
|
1976 |
✓✗✗✓
|
6 |
if (store && store->verify) |
1977 |
|
|
ctx->verify = store->verify; |
1978 |
|
|
else |
1979 |
|
6 |
ctx->verify = internal_verify; |
1980 |
|
|
|
1981 |
✓✗✓✓
|
8 |
if (store && store->verify_cb) |
1982 |
|
2 |
ctx->verify_cb = store->verify_cb; |
1983 |
|
|
else |
1984 |
|
4 |
ctx->verify_cb = null_callback; |
1985 |
|
|
|
1986 |
✓✗✗✓
|
6 |
if (store && store->get_issuer) |
1987 |
|
|
ctx->get_issuer = store->get_issuer; |
1988 |
|
|
else |
1989 |
|
6 |
ctx->get_issuer = X509_STORE_CTX_get1_issuer; |
1990 |
|
|
|
1991 |
✓✗✗✓
|
6 |
if (store && store->check_issued) |
1992 |
|
|
ctx->check_issued = store->check_issued; |
1993 |
|
|
else |
1994 |
|
6 |
ctx->check_issued = check_issued; |
1995 |
|
|
|
1996 |
✓✗✗✓
|
6 |
if (store && store->check_revocation) |
1997 |
|
|
ctx->check_revocation = store->check_revocation; |
1998 |
|
|
else |
1999 |
|
6 |
ctx->check_revocation = check_revocation; |
2000 |
|
|
|
2001 |
✓✗✗✓
|
6 |
if (store && store->get_crl) |
2002 |
|
|
ctx->get_crl = store->get_crl; |
2003 |
|
|
else |
2004 |
|
6 |
ctx->get_crl = NULL; |
2005 |
|
|
|
2006 |
✓✗✗✓
|
6 |
if (store && store->check_crl) |
2007 |
|
|
ctx->check_crl = store->check_crl; |
2008 |
|
|
else |
2009 |
|
6 |
ctx->check_crl = check_crl; |
2010 |
|
|
|
2011 |
✓✗✗✓
|
6 |
if (store && store->cert_crl) |
2012 |
|
|
ctx->cert_crl = store->cert_crl; |
2013 |
|
|
else |
2014 |
|
6 |
ctx->cert_crl = cert_crl; |
2015 |
|
|
|
2016 |
|
6 |
ctx->check_policy = check_policy; |
2017 |
|
|
|
2018 |
✓✗✗✓
|
6 |
if (store && store->lookup_certs) |
2019 |
|
|
ctx->lookup_certs = store->lookup_certs; |
2020 |
|
|
else |
2021 |
|
6 |
ctx->lookup_certs = X509_STORE_get1_certs; |
2022 |
|
|
|
2023 |
✓✗✗✓
|
6 |
if (store && store->lookup_crls) |
2024 |
|
|
ctx->lookup_crls = store->lookup_crls; |
2025 |
|
|
else |
2026 |
|
6 |
ctx->lookup_crls = X509_STORE_get1_crls; |
2027 |
|
|
|
2028 |
✓✗✗✓
|
6 |
if (store && store->cleanup) |
2029 |
|
|
ctx->cleanup = store->cleanup; |
2030 |
|
|
else |
2031 |
|
6 |
ctx->cleanup = NULL; |
2032 |
|
|
|
2033 |
|
6 |
ctx->param = X509_VERIFY_PARAM_new(); |
2034 |
✗✓ |
6 |
if (!ctx->param) { |
2035 |
|
|
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); |
2036 |
|
|
return 0; |
2037 |
|
|
} |
2038 |
|
|
|
2039 |
|
|
/* Inherit callbacks and flags from X509_STORE if not set |
2040 |
|
|
* use defaults. |
2041 |
|
|
*/ |
2042 |
✓✗ |
6 |
if (store) |
2043 |
|
6 |
param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); |
2044 |
|
|
else |
2045 |
|
|
ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; |
2046 |
|
|
|
2047 |
✓✗ |
6 |
if (param_ret) |
2048 |
|
6 |
param_ret = X509_VERIFY_PARAM_inherit(ctx->param, |
2049 |
|
|
X509_VERIFY_PARAM_lookup("default")); |
2050 |
|
|
|
2051 |
✗✓ |
6 |
if (param_ret == 0) { |
2052 |
|
|
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); |
2053 |
|
|
return 0; |
2054 |
|
|
} |
2055 |
|
|
|
2056 |
✗✓ |
6 |
if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, |
2057 |
|
|
&(ctx->ex_data)) == 0) { |
2058 |
|
|
X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); |
2059 |
|
|
return 0; |
2060 |
|
|
} |
2061 |
|
6 |
return 1; |
2062 |
|
|
} |
2063 |
|
|
|
2064 |
|
|
/* Set alternative lookup method: just a STACK of trusted certificates. |
2065 |
|
|
* This avoids X509_STORE nastiness where it isn't needed. |
2066 |
|
|
*/ |
2067 |
|
|
|
2068 |
|
|
void |
2069 |
|
|
X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) |
2070 |
|
|
{ |
2071 |
|
|
ctx->other_ctx = sk; |
2072 |
|
|
ctx->get_issuer = get_issuer_sk; |
2073 |
|
|
} |
2074 |
|
|
|
2075 |
|
|
void |
2076 |
|
|
X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) |
2077 |
|
6 |
{ |
2078 |
✗✓ |
6 |
if (ctx->cleanup) |
2079 |
|
|
ctx->cleanup(ctx); |
2080 |
✓✗ |
6 |
if (ctx->param != NULL) { |
2081 |
✓✗ |
6 |
if (ctx->parent == NULL) |
2082 |
|
6 |
X509_VERIFY_PARAM_free(ctx->param); |
2083 |
|
6 |
ctx->param = NULL; |
2084 |
|
|
} |
2085 |
✗✓ |
6 |
if (ctx->tree != NULL) { |
2086 |
|
|
X509_policy_tree_free(ctx->tree); |
2087 |
|
|
ctx->tree = NULL; |
2088 |
|
|
} |
2089 |
✓✗ |
6 |
if (ctx->chain != NULL) { |
2090 |
|
6 |
sk_X509_pop_free(ctx->chain, X509_free); |
2091 |
|
6 |
ctx->chain = NULL; |
2092 |
|
|
} |
2093 |
|
6 |
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, |
2094 |
|
|
ctx, &(ctx->ex_data)); |
2095 |
|
6 |
memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); |
2096 |
|
6 |
} |
2097 |
|
|
|
2098 |
|
|
void |
2099 |
|
|
X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) |
2100 |
|
|
{ |
2101 |
|
|
X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
2102 |
|
|
} |
2103 |
|
|
|
2104 |
|
|
void |
2105 |
|
|
X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) |
2106 |
|
|
{ |
2107 |
|
|
X509_VERIFY_PARAM_set_flags(ctx->param, flags); |
2108 |
|
|
} |
2109 |
|
|
|
2110 |
|
|
void |
2111 |
|
|
X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) |
2112 |
|
|
{ |
2113 |
|
|
X509_VERIFY_PARAM_set_time(ctx->param, t); |
2114 |
|
|
} |
2115 |
|
|
|
2116 |
|
|
void |
2117 |
|
|
X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, |
2118 |
|
|
int (*verify_cb)(int, X509_STORE_CTX *)) |
2119 |
|
|
{ |
2120 |
|
|
ctx->verify_cb = verify_cb; |
2121 |
|
|
} |
2122 |
|
|
|
2123 |
|
|
X509_POLICY_TREE * |
2124 |
|
|
X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) |
2125 |
|
|
{ |
2126 |
|
|
return ctx->tree; |
2127 |
|
|
} |
2128 |
|
|
|
2129 |
|
|
int |
2130 |
|
|
X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) |
2131 |
|
|
{ |
2132 |
|
|
return ctx->explicit_policy; |
2133 |
|
|
} |
2134 |
|
|
|
2135 |
|
|
int |
2136 |
|
|
X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) |
2137 |
|
4 |
{ |
2138 |
|
|
const X509_VERIFY_PARAM *param; |
2139 |
|
4 |
param = X509_VERIFY_PARAM_lookup(name); |
2140 |
✗✓ |
4 |
if (!param) |
2141 |
|
|
return 0; |
2142 |
|
4 |
return X509_VERIFY_PARAM_inherit(ctx->param, param); |
2143 |
|
|
} |
2144 |
|
|
|
2145 |
|
|
X509_VERIFY_PARAM * |
2146 |
|
|
X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) |
2147 |
|
2 |
{ |
2148 |
|
2 |
return ctx->param; |
2149 |
|
|
} |
2150 |
|
|
|
2151 |
|
|
void |
2152 |
|
|
X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) |
2153 |
|
|
{ |
2154 |
|
|
if (ctx->param) |
2155 |
|
|
X509_VERIFY_PARAM_free(ctx->param); |
2156 |
|
|
ctx->param = param; |
2157 |
|
|
} |