GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/x509/x509_vfy.c Lines: 330 990 33.3 %
Date: 2017-11-13 Branches: 201 747 26.9 %

Line Branch Exec Source
1
/* $OpenBSD: x509_vfy.c,v 1.66 2017/08/27 01:39:26 beck Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
59
#include <errno.h>
60
#include <stdio.h>
61
#include <string.h>
62
#include <time.h>
63
#include <unistd.h>
64
65
#include <openssl/opensslconf.h>
66
67
#include <openssl/asn1.h>
68
#include <openssl/buffer.h>
69
#include <openssl/crypto.h>
70
#include <openssl/err.h>
71
#include <openssl/evp.h>
72
#include <openssl/lhash.h>
73
#include <openssl/objects.h>
74
#include <openssl/x509.h>
75
#include <openssl/x509v3.h>
76
#include "asn1_locl.h"
77
#include "vpm_int.h"
78
#include "x509_lcl.h"
79
80
/* CRL score values */
81
82
/* No unhandled critical extensions */
83
84
#define CRL_SCORE_NOCRITICAL	0x100
85
86
/* certificate is within CRL scope */
87
88
#define CRL_SCORE_SCOPE		0x080
89
90
/* CRL times valid */
91
92
#define CRL_SCORE_TIME		0x040
93
94
/* Issuer name matches certificate */
95
96
#define CRL_SCORE_ISSUER_NAME	0x020
97
98
/* If this score or above CRL is probably valid */
99
100
#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
101
102
/* CRL issuer is certificate issuer */
103
104
#define CRL_SCORE_ISSUER_CERT	0x018
105
106
/* CRL issuer is on certificate path */
107
108
#define CRL_SCORE_SAME_PATH	0x008
109
110
/* CRL issuer matches CRL AKID */
111
112
#define CRL_SCORE_AKID		0x004
113
114
/* Have a delta CRL with valid times */
115
116
#define CRL_SCORE_TIME_DELTA	0x002
117
118
static int null_callback(int ok, X509_STORE_CTX *e);
119
static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
120
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
121
static int check_chain_extensions(X509_STORE_CTX *ctx);
122
static int check_name_constraints(X509_STORE_CTX *ctx);
123
static int check_trust(X509_STORE_CTX *ctx);
124
static int check_revocation(X509_STORE_CTX *ctx);
125
static int check_cert(X509_STORE_CTX *ctx);
126
static int check_policy(X509_STORE_CTX *ctx);
127
128
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
129
    unsigned int *preasons, X509_CRL *crl, X509 *x);
130
static int get_crl_delta(X509_STORE_CTX *ctx,
131
    X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
132
static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
133
    X509_CRL *base, STACK_OF(X509_CRL) *crls);
134
static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
135
    int *pcrl_score);
136
static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
137
    unsigned int *preasons);
138
static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
139
static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
140
    STACK_OF(X509) *crl_path);
141
static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time,
142
    int clamp_notafter);
143
144
static int internal_verify(X509_STORE_CTX *ctx);
145
146
int ASN1_time_tm_clamp_notafter(struct tm *tm);
147
148
static int
149
null_callback(int ok, X509_STORE_CTX *e)
150
{
151
5396
	return ok;
152
}
153
154
#if 0
155
static int
156
x509_subject_cmp(X509 **a, X509 **b)
157
{
158
	return X509_subject_name_cmp(*a, *b);
159
}
160
#endif
161
162
/* Return 1 is a certificate is self signed */
163
static int
164
cert_self_signed(X509 *x)
165
{
166
13934
	X509_check_purpose(x, -1, 0);
167
6967
	if (x->ex_flags & EXFLAG_SS)
168
3534
		return 1;
169
	else
170
3433
		return 0;
171
6967
}
172
173
static int
174
check_id_error(X509_STORE_CTX *ctx, int errcode)
175
{
176
	ctx->error = errcode;
177
	ctx->current_cert = ctx->cert;
178
	ctx->error_depth = 0;
179
	return ctx->verify_cb(0, ctx);
180
}
181
182
static int
183
check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
184
{
185
	size_t i;
186
	size_t n = sk_OPENSSL_STRING_num(id->hosts);
187
	char *name;
188
189
	free(id->peername);
190
	id->peername = NULL;
191
192
	for (i = 0; i < n; ++i) {
193
		name = sk_OPENSSL_STRING_value(id->hosts, i);
194
		if (X509_check_host(x, name, strlen(name), id->hostflags,
195
		    &id->peername) > 0)
196
			return 1;
197
	}
198
	return n == 0;
199
}
200
201
static int
202
check_id(X509_STORE_CTX *ctx)
203
{
204
2464
	X509_VERIFY_PARAM *vpm = ctx->param;
205
1232
	X509_VERIFY_PARAM_ID *id = vpm->id;
206
1232
	X509 *x = ctx->cert;
207
208

1232
	if (id->hosts && check_hosts(x, id) <= 0) {
209
		if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
210
			return 0;
211
	}
212

1232
	if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0)
213
	    <= 0) {
214
		if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
215
			return 0;
216
	}
217

1232
	if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
218
		if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
219
			return 0;
220
	}
221
1232
	return 1;
222
1232
}
223
224
int
225
X509_verify_cert(X509_STORE_CTX *ctx)
226
{
227
2984
	X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
228
	int bad_chain = 0;
229
1492
	X509_VERIFY_PARAM *param = ctx->param;
230
	int depth, i, ok = 0;
231
	int num, j, retry, trust;
232
	int (*cb) (int xok, X509_STORE_CTX *xctx);
233
	STACK_OF(X509) *sktmp = NULL;
234
235
1492
	if (ctx->cert == NULL) {
236
		X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
237
		ctx->error = X509_V_ERR_INVALID_CALL;
238
		return -1;
239
	}
240
1492
	if (ctx->chain != NULL) {
241
		/*
242
		 * This X509_STORE_CTX has already been used to verify
243
		 * a cert. We cannot do another one.
244
		 */
245
		X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
246
		ctx->error = X509_V_ERR_INVALID_CALL;
247
		return -1;
248
	}
249
1492
	if (ctx->error != X509_V_ERR_INVALID_CALL) {
250
		/*
251
		 * This X509_STORE_CTX has not been properly initialized.
252
		 */
253
		X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
254
		ctx->error = X509_V_ERR_INVALID_CALL;
255
		return -1;
256
	}
257
1492
	ctx->error = X509_V_OK; /* Initialize to OK */
258
259
1492
	cb = ctx->verify_cb;
260
261
	/*
262
	 * First we make sure the chain we are going to build is
263
	 * present and that the first entry is in place.
264
	 */
265
1492
	ctx->chain = sk_X509_new_null();
266

2984
	if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
267
		X509error(ERR_R_MALLOC_FAILURE);
268
		ctx->error = X509_V_ERR_OUT_OF_MEM;
269
		goto end;
270
	}
271
1492
	X509_up_ref(ctx->cert);
272
1492
	ctx->last_untrusted = 1;
273
274
	/* We use a temporary STACK so we can chop and hack at it */
275

2791
	if (ctx->untrusted != NULL &&
276
1299
	    (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
277
		X509error(ERR_R_MALLOC_FAILURE);
278
		ctx->error = X509_V_ERR_OUT_OF_MEM;
279
		goto end;
280
	}
281
282
1492
	num = sk_X509_num(ctx->chain);
283
1492
	x = sk_X509_value(ctx->chain, num - 1);
284
1492
	depth = param->depth;
285
286
1492
	for (;;) {
287
		/* If we have enough, we break */
288
		/* FIXME: If this happens, we should take
289
		 * note of it and, if appropriate, use the
290
		 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
291
		 * later.
292
		 */
293
2692
		if (depth < num)
294
			break;
295
		/* If we are self signed, we break */
296
2692
		if (cert_self_signed(x))
297
			break;
298
		/*
299
		 * If asked see if we can find issuer in trusted store first
300
		 */
301
1539
		if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
302
			ok = ctx->get_issuer(&xtmp, ctx, x);
303
			if (ok < 0) {
304
				ctx->error = X509_V_ERR_STORE_LOOKUP;
305
				goto end;
306
			}
307
			/*
308
			 * If successful for now free up cert so it
309
			 * will be picked up again later.
310
			 */
311
			if (ok > 0) {
312
				X509_free(xtmp);
313
				break;
314
			}
315
		}
316
		/* If we were passed a cert chain, use it first */
317
1539
		if (ctx->untrusted != NULL) {
318
1346
			xtmp = find_issuer(ctx, sktmp, x);
319
1346
			if (xtmp != NULL) {
320
1200
				if (!sk_X509_push(ctx->chain, xtmp)) {
321
					X509error(ERR_R_MALLOC_FAILURE);
322
					ctx->error = X509_V_ERR_OUT_OF_MEM;
323
					ok = 0;
324
					goto end;
325
				}
326
1200
				X509_up_ref(xtmp);
327
1200
				(void)sk_X509_delete_ptr(sktmp, xtmp);
328
1200
				ctx->last_untrusted++;
329
1200
				x = xtmp;
330
1200
				num++;
331
				/*
332
				 * reparse the full chain for the next one
333
				 */
334
1200
				continue;
335
			}
336
		}
337
		break;
338
	}
339
	/* Remember how many untrusted certs we have */
340
	j = num;
341
342
	/*
343
	 * At this point, chain should contain a list of untrusted
344
	 * certificates.  We now need to add at least one trusted one,
345
	 * if possible, otherwise we complain.
346
	 */
347
348
1492
	do {
349
		/*
350
		 * Examine last certificate in chain and see if it is
351
		 * self signed.
352
		 */
353
1492
		i = sk_X509_num(ctx->chain);
354
1492
		x = sk_X509_value(ctx->chain, i - 1);
355
1492
		if (cert_self_signed(x)) {
356
			/* we have a self signed certificate */
357
1153
			if (i == 1) {
358
				/*
359
				 * We have a single self signed
360
				 * certificate: see if we can find it
361
				 * in the store. We must have an exact
362
				 * match to avoid possible
363
				 * impersonation.
364
				 */
365
				ok = ctx->get_issuer(&xtmp, ctx, x);
366
				if ((ok <= 0) || X509_cmp(x, xtmp)) {
367
					ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
368
					ctx->current_cert = x;
369
					ctx->error_depth = i - 1;
370
					if (ok == 1)
371
						X509_free(xtmp);
372
					bad_chain = 1;
373
					ok = cb(0, ctx);
374
					if (!ok)
375
						goto end;
376
				} else {
377
					/*
378
					 * We have a match: replace
379
					 * certificate with store
380
					 * version so we get any trust
381
					 * settings.
382
					 */
383
					X509_free(x);
384
					x = xtmp;
385
					(void)sk_X509_set(ctx->chain, i - 1, x);
386
					ctx->last_untrusted = 0;
387
				}
388
			} else {
389
				/*
390
				 * extract and save self signed
391
				 * certificate for later use
392
				 */
393
1153
				chain_ss = sk_X509_pop(ctx->chain);
394
1153
				ctx->last_untrusted--;
395
1153
				num--;
396
1153
				j--;
397
1153
				x = sk_X509_value(ctx->chain, num - 1);
398
			}
399
		}
400
		/* We now lookup certs from the certificate store */
401
2783
		for (;;) {
402
			/* If we have enough, we break */
403
2783
			if (depth < num)
404
				break;
405
			/* If we are self signed, we break */
406
2783
			if (cert_self_signed(x))
407
				break;
408
1555
			ok = ctx->get_issuer(&xtmp, ctx, x);
409
410
1555
			if (ok < 0) {
411
				ctx->error = X509_V_ERR_STORE_LOOKUP;
412
				goto end;
413
			}
414
1555
			if (ok == 0)
415
				break;
416
1291
			x = xtmp;
417
1291
			if (!sk_X509_push(ctx->chain, x)) {
418
				X509_free(xtmp);
419
				X509error(ERR_R_MALLOC_FAILURE);
420
				ctx->error = X509_V_ERR_OUT_OF_MEM;
421
				ok = 0;
422
				goto end;
423
			}
424
1291
			num++;
425
		}
426
427
		/* we now have our chain, lets check it... */
428
1492
		trust = check_trust(ctx);
429
430
		/* If explicitly rejected error */
431
1492
		if (trust == X509_TRUST_REJECTED) {
432
			ok = 0;
433
			goto end;
434
		}
435
		/*
436
		 * If it's not explicitly trusted then check if there
437
		 * is an alternative chain that could be used. We only
438
		 * do this if we haven't already checked via
439
		 * TRUSTED_FIRST and the user hasn't switched off
440
		 * alternate chain checking
441
		 */
442
		retry = 0;
443

1756
		if (trust != X509_TRUST_TRUSTED &&
444
264
		    !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
445
264
		    !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
446
528
			while (j-- > 1) {
447
				xtmp2 = sk_X509_value(ctx->chain, j - 1);
448
				ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
449
				if (ok < 0)
450
					goto end;
451
				/* Check if we found an alternate chain */
452
				if (ok > 0) {
453
					/*
454
					 * Free up the found cert
455
					 * we'll add it again later
456
					 */
457
					X509_free(xtmp);
458
					/*
459
					 * Dump all the certs above
460
					 * this point - we've found an
461
					 * alternate chain
462
					 */
463
					while (num > j) {
464
						xtmp = sk_X509_pop(ctx->chain);
465
						X509_free(xtmp);
466
						num--;
467
					}
468
					ctx->last_untrusted = sk_X509_num(ctx->chain);
469
					retry = 1;
470
					break;
471
				}
472
			}
473
		}
474
1492
	} while (retry);
475
476
	/*
477
	 * If not explicitly trusted then indicate error unless it's a single
478
	 * self signed certificate in which case we've indicated an error already
479
	 * and set bad_chain == 1
480
	 */
481
1492
	if (trust != X509_TRUST_TRUSTED && !bad_chain) {
482

264
		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
483
264
			if (ctx->last_untrusted >= num)
484
				ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
485
			else
486
				ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
487
264
			ctx->current_cert = x;
488
264
		} else {
489
			if (!sk_X509_push(ctx->chain, chain_ss)) {
490
				X509_free(chain_ss);
491
				X509error(ERR_R_MALLOC_FAILURE);
492
				return 0;
493
			}
494
			num++;
495
			ctx->last_untrusted = num;
496
			ctx->current_cert = chain_ss;
497
			ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
498
			chain_ss = NULL;
499
		}
500
501
264
		ctx->error_depth = num - 1;
502
		bad_chain = 1;
503
264
		ok = cb(0, ctx);
504
264
		if (!ok)
505
			goto end;
506
	}
507
508
	/* We have the chain complete: now we need to check its purpose */
509
1234
	ok = check_chain_extensions(ctx);
510
1234
	if (!ok)
511
		goto end;
512
513
	/* Check name constraints */
514
1232
	ok = check_name_constraints(ctx);
515
1232
	if (!ok)
516
		goto end;
517
518
1232
	ok = check_id(ctx);
519
1232
	if (!ok)
520
		goto end;
521
	/*
522
	 * Check revocation status: we do this after copying parameters because
523
	 * they may be needed for CRL signature verification.
524
	 */
525
1232
	ok = ctx->check_revocation(ctx);
526
1232
	if (!ok)
527
		goto end;
528
529
	/* At this point, we have a chain and need to verify it */
530
1232
	if (ctx->verify != NULL)
531
1232
		ok = ctx->verify(ctx);
532
	else
533
		ok = internal_verify(ctx);
534
2464
	if (!ok)
535
		goto end;
536
537
	/* If we get this far evaluate policies */
538
2458
	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
539
		ok = ctx->check_policy(ctx);
540
541
 end:
542
1492
	if (sktmp != NULL)
543
1299
		sk_X509_free(sktmp);
544
1492
	X509_free(chain_ss);
545
546
	/* Safety net, error returns must set ctx->error */
547

1752
	if (ok <= 0 && ctx->error == X509_V_OK)
548
		ctx->error = X509_V_ERR_UNSPECIFIED;
549
1492
	return ok;
550
1492
}
551
552
/* Given a STACK_OF(X509) find the issuer of cert (if any)
553
 */
554
555
static X509 *
556
find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
557
{
558
	int i;
559
	X509 *issuer, *rv = NULL;
560
561
6728
	for (i = 0; i < sk_X509_num(sk); i++) {
562
2545
		issuer = sk_X509_value(sk, i);
563
2545
		if (ctx->check_issued(ctx, x, issuer)) {
564
			rv = issuer;
565
1200
			if (x509_check_cert_time(ctx, rv, -1))
566
				break;
567
		}
568
	}
569
1346
	return rv;
570
}
571
572
/* Given a possible certificate and issuer check them */
573
574
static int
575
check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
576
{
577
	int ret;
578
579
10136
	ret = X509_check_issued(issuer, x);
580
5068
	if (ret == X509_V_OK)
581
3715
		return 1;
582
	/* If we haven't asked for issuer errors don't set ctx */
583
1353
	if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
584
1351
		return 0;
585
586
2
	ctx->error = ret;
587
2
	ctx->current_cert = x;
588
2
	ctx->current_issuer = issuer;
589
2
	return ctx->verify_cb(0, ctx);
590
5068
}
591
592
/* Alternative lookup method: look from a STACK stored in other_ctx */
593
594
static int
595
get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
596
{
597
	*issuer = find_issuer(ctx, ctx->other_ctx, x);
598
	if (*issuer) {
599
		CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
600
		return 1;
601
	} else
602
		return 0;
603
}
604
605
/* Check a certificate chains extensions for consistency
606
 * with the supplied purpose
607
 */
608
609
static int
610
check_chain_extensions(X509_STORE_CTX *ctx)
611
{
612
#ifdef OPENSSL_NO_CHAIN_VERIFY
613
	return 1;
614
#else
615
	int i, ok = 0, must_be_ca, plen = 0;
616
	X509 *x;
617
	int (*cb)(int xok, X509_STORE_CTX *xctx);
618
	int proxy_path_length = 0;
619
	int purpose;
620
	int allow_proxy_certs;
621
622
2468
	cb = ctx->verify_cb;
623
624
	/* must_be_ca can have 1 of 3 values:
625
	   -1: we accept both CA and non-CA certificates, to allow direct
626
	       use of self-signed certificates (which are marked as CA).
627
	   0:  we only accept non-CA certificates.  This is currently not
628
	       used, but the possibility is present for future extensions.
629
	   1:  we only accept CA certificates.  This is currently used for
630
	       all certificates in the chain except the leaf certificate.
631
	*/
632
	must_be_ca = -1;
633
634
	/* CRL path validation */
635
1234
	if (ctx->parent) {
636
		allow_proxy_certs = 0;
637
		purpose = X509_PURPOSE_CRL_SIGN;
638
	} else {
639
		allow_proxy_certs =
640
1234
		    !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
641
1234
		purpose = ctx->param->purpose;
642
	}
643
644
	/* Check all untrusted certificates */
645
5026
	for (i = 0; i < ctx->last_untrusted; i++) {
646
		int ret;
647
1281
		x = sk_X509_value(ctx->chain, i);
648

2562
		if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
649
1281
		    (x->ex_flags & EXFLAG_CRITICAL)) {
650
			ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
651
			ctx->error_depth = i;
652
			ctx->current_cert = x;
653
			ok = cb(0, ctx);
654
			if (!ok)
655
				goto end;
656
		}
657

2562
		if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
658
			ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
659
			ctx->error_depth = i;
660
			ctx->current_cert = x;
661
			ok = cb(0, ctx);
662
			if (!ok)
663
				goto end;
664
		}
665
1281
		ret = X509_check_ca(x);
666
1281
		switch (must_be_ca) {
667
		case -1:
668
3702
			if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) &&
669
2468
			    (ret != 1) && (ret != 0)) {
670
				ret = 0;
671
				ctx->error = X509_V_ERR_INVALID_CA;
672
			} else
673
				ret = 1;
674
			break;
675
		case 0:
676
			if (ret != 0) {
677
				ret = 0;
678
				ctx->error = X509_V_ERR_INVALID_NON_CA;
679
			} else
680
				ret = 1;
681
			break;
682
		default:
683
47
			if ((ret == 0) ||
684
90
			    ((ctx->param->flags & X509_V_FLAG_X509_STRICT) &&
685
45
			    (ret != 1))) {
686
				ret = 0;
687
2
				ctx->error = X509_V_ERR_INVALID_CA;
688
2
			} else
689
				ret = 1;
690
			break;
691
		}
692
1281
		if (ret == 0) {
693
2
			ctx->error_depth = i;
694
2
			ctx->current_cert = x;
695
2
			ok = cb(0, ctx);
696
2
			if (!ok)
697
2
				goto end;
698
		}
699
1279
		if (ctx->param->purpose > 0) {
700
1224
			ret = X509_check_purpose(x, purpose, must_be_ca > 0);
701
1224
			if ((ret == 0) ||
702
2448
			    ((ctx->param->flags & X509_V_FLAG_X509_STRICT) &&
703
1224
			    (ret != 1))) {
704
				ctx->error = X509_V_ERR_INVALID_PURPOSE;
705
				ctx->error_depth = i;
706
				ctx->current_cert = x;
707
				ok = cb(0, ctx);
708
				if (!ok)
709
					goto end;
710
			}
711
		}
712
		/* Check pathlen if not self issued */
713

1279
		if ((i > 1) && !(x->ex_flags & EXFLAG_SI) &&
714
		    (x->ex_pathlen != -1) &&
715
		    (plen > (x->ex_pathlen + proxy_path_length + 1))) {
716
			ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
717
			ctx->error_depth = i;
718
			ctx->current_cert = x;
719
			ok = cb(0, ctx);
720
			if (!ok)
721
				goto end;
722
		}
723
		/* Increment path length if not self issued */
724
1279
		if (!(x->ex_flags & EXFLAG_SI))
725
1279
			plen++;
726
		/* If this certificate is a proxy certificate, the next
727
		   certificate must be another proxy certificate or a EE
728
		   certificate.  If not, the next certificate must be a
729
		   CA certificate.  */
730
1279
		if (x->ex_flags & EXFLAG_PROXY) {
731
			if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
732
				ctx->error =
733
				    X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
734
				ctx->error_depth = i;
735
				ctx->current_cert = x;
736
				ok = cb(0, ctx);
737
				if (!ok)
738
					goto end;
739
			}
740
			proxy_path_length++;
741
			must_be_ca = 0;
742
		} else
743
			must_be_ca = 1;
744
1279
	}
745
1232
	ok = 1;
746
747
end:
748
1234
	return ok;
749
#endif
750
1234
}
751
752
static int
753
check_name_constraints(X509_STORE_CTX *ctx)
754
{
755
	X509 *x;
756
	int i, j, rv;
757
758
	/* Check name constraints for all certificates */
759
8828
	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
760
2566
		x = sk_X509_value(ctx->chain, i);
761
		/* Ignore self issued certs unless last in chain */
762

3900
		if (i && (x->ex_flags & EXFLAG_SI))
763
			continue;
764
		/* Check against constraints for all certificates higher in
765
		 * chain including trust anchor. Trust anchor not strictly
766
		 * speaking needed but if it includes constraints it is to be
767
		 * assumed it expects them to be obeyed.
768
		 */
769
5564
		for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
770
1442
			NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
771
1442
			if (nc) {
772
				rv = NAME_CONSTRAINTS_check(x, nc);
773
				if (rv != X509_V_OK) {
774
					ctx->error = rv;
775
					ctx->error_depth = i;
776
					ctx->current_cert = x;
777
					if (!ctx->verify_cb(0, ctx))
778
						return 0;
779
				}
780
			}
781
1442
		}
782
	}
783
1232
	return 1;
784
1232
}
785
786
/* Given a certificate try and find an exact match in the store */
787
788
static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
789
{
790
	STACK_OF(X509) *certs;
791
	X509 *xtmp = NULL;
792
	size_t i;
793
794
	/* Lookup all certs with matching subject name */
795
	certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
796
	if (certs == NULL)
797
		return NULL;
798
799
	/* Look for exact match */
800
	for (i = 0; i < sk_X509_num(certs); i++) {
801
		xtmp = sk_X509_value(certs, i);
802
		if (!X509_cmp(xtmp, x))
803
			break;
804
	}
805
806
	if (i < sk_X509_num(certs))
807
		X509_up_ref(xtmp);
808
	else
809
		xtmp = NULL;
810
811
	sk_X509_pop_free(certs, X509_free);
812
	return xtmp;
813
}
814
815
static int check_trust(X509_STORE_CTX *ctx)
816
{
817
	size_t i;
818
	int ok;
819
	X509 *x = NULL;
820
	int (*cb) (int xok, X509_STORE_CTX *xctx);
821
822
2984
	cb = ctx->verify_cb;
823
	/* Check all trusted certificates in chain */
824
3110
	for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
825
1291
		x = sk_X509_value(ctx->chain, i);
826
1291
		ok = X509_check_trust(x, ctx->param->trust, 0);
827
828
		/* If explicitly trusted return trusted */
829
1291
		if (ok == X509_TRUST_TRUSTED)
830
1228
			return X509_TRUST_TRUSTED;
831
		/*
832
		 * If explicitly rejected notify callback and reject if not
833
		 * overridden.
834
		 */
835
63
		if (ok == X509_TRUST_REJECTED) {
836
			ctx->error_depth = i;
837
			ctx->current_cert = x;
838
			ctx->error = X509_V_ERR_CERT_REJECTED;
839
			ok = cb(0, ctx);
840
			if (!ok)
841
				return X509_TRUST_REJECTED;
842
		}
843
	}
844
	/*
845
	 * If we accept partial chains and have at least one trusted certificate
846
	 * return success.
847
	 */
848
264
	if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
849
		X509 *mx;
850
		if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
851
			return X509_TRUST_TRUSTED;
852
		x = sk_X509_value(ctx->chain, 0);
853
		mx = lookup_cert_match(ctx, x);
854
		if (mx) {
855
			(void)sk_X509_set(ctx->chain, 0, mx);
856
			X509_free(x);
857
			ctx->last_untrusted = 0;
858
			return X509_TRUST_TRUSTED;
859
		}
860
	}
861
862
	/*
863
	 * If no trusted certs in chain at all return untrusted and allow
864
	 * standard (no issuer cert) etc errors to be indicated.
865
	 */
866
264
	return X509_TRUST_UNTRUSTED;
867
1492
}
868
869
static int
870
check_revocation(X509_STORE_CTX *ctx)
871
{
872
	int i, last, ok;
873
874
2464
	if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
875
1232
		return 1;
876
	if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
877
		last = sk_X509_num(ctx->chain) - 1;
878
	else {
879
		/* If checking CRL paths this isn't the EE certificate */
880
		if (ctx->parent)
881
			return 1;
882
		last = 0;
883
	}
884
	for (i = 0; i <= last; i++) {
885
		ctx->error_depth = i;
886
		ok = check_cert(ctx);
887
		if (!ok)
888
			return ok;
889
	}
890
	return 1;
891
1232
}
892
893
static int
894
check_cert(X509_STORE_CTX *ctx)
895
{
896
	X509_CRL *crl = NULL, *dcrl = NULL;
897
	X509 *x;
898
	int ok = 0, cnum;
899
	unsigned int last_reasons;
900
901
	cnum = ctx->error_depth;
902
	x = sk_X509_value(ctx->chain, cnum);
903
	ctx->current_cert = x;
904
	ctx->current_issuer = NULL;
905
	ctx->current_crl_score = 0;
906
	ctx->current_reasons = 0;
907
	while (ctx->current_reasons != CRLDP_ALL_REASONS) {
908
		last_reasons = ctx->current_reasons;
909
		/* Try to retrieve relevant CRL */
910
		if (ctx->get_crl)
911
			ok = ctx->get_crl(ctx, &crl, x);
912
		else
913
			ok = get_crl_delta(ctx, &crl, &dcrl, x);
914
		/* If error looking up CRL, nothing we can do except
915
		 * notify callback
916
		 */
917
		if (!ok) {
918
			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
919
			ok = ctx->verify_cb(0, ctx);
920
			goto err;
921
		}
922
		ctx->current_crl = crl;
923
		ok = ctx->check_crl(ctx, crl);
924
		if (!ok)
925
			goto err;
926
927
		if (dcrl) {
928
			ok = ctx->check_crl(ctx, dcrl);
929
			if (!ok)
930
				goto err;
931
			ok = ctx->cert_crl(ctx, dcrl, x);
932
			if (!ok)
933
				goto err;
934
		} else
935
			ok = 1;
936
937
		/* Don't look in full CRL if delta reason is removefromCRL */
938
		if (ok != 2) {
939
			ok = ctx->cert_crl(ctx, crl, x);
940
			if (!ok)
941
				goto err;
942
		}
943
944
		ctx->current_crl = NULL;
945
		X509_CRL_free(crl);
946
		X509_CRL_free(dcrl);
947
		crl = NULL;
948
		dcrl = NULL;
949
		/* If reasons not updated we wont get anywhere by
950
		 * another iteration, so exit loop.
951
		 */
952
		if (last_reasons == ctx->current_reasons) {
953
			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
954
			ok = ctx->verify_cb(0, ctx);
955
			goto err;
956
		}
957
	}
958
959
err:
960
	ctx->current_crl = NULL;
961
	X509_CRL_free(crl);
962
	X509_CRL_free(dcrl);
963
	return ok;
964
}
965
966
/* Check CRL times against values in X509_STORE_CTX */
967
968
static int
969
check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
970
{
971
	time_t *ptime = NULL;
972
	int i;
973
974
	if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
975
		return (1);
976
977
	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
978
		ptime = &ctx->param->check_time;
979
980
	if (notify)
981
		ctx->current_crl = crl;
982
983
	i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
984
	if (i == 0) {
985
		if (!notify)
986
			return 0;
987
		ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
988
		if (!ctx->verify_cb(0, ctx))
989
			return 0;
990
	}
991
992
	if (i > 0) {
993
		if (!notify)
994
			return 0;
995
		ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
996
		if (!ctx->verify_cb(0, ctx))
997
			return 0;
998
	}
999
1000
	if (X509_CRL_get_nextUpdate(crl)) {
1001
		i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
1002
1003
		if (i == 0) {
1004
			if (!notify)
1005
				return 0;
1006
			ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
1007
			if (!ctx->verify_cb(0, ctx))
1008
				return 0;
1009
		}
1010
		/* Ignore expiry of base CRL is delta is valid */
1011
		if ((i < 0) &&
1012
		    !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
1013
			if (!notify)
1014
				return 0;
1015
			ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
1016
			if (!ctx->verify_cb(0, ctx))
1017
				return 0;
1018
		}
1019
	}
1020
1021
	if (notify)
1022
		ctx->current_crl = NULL;
1023
1024
	return 1;
1025
}
1026
1027
static int
1028
get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1029
    X509 **pissuer, int *pscore, unsigned int *preasons,
1030
    STACK_OF(X509_CRL) *crls)
1031
{
1032
	int i, crl_score, best_score = *pscore;
1033
	unsigned int reasons, best_reasons = 0;
1034
	X509 *x = ctx->current_cert;
1035
	X509_CRL *crl, *best_crl = NULL;
1036
	X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
1037
1038
	for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1039
		crl = sk_X509_CRL_value(crls, i);
1040
		reasons = *preasons;
1041
		crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1042
1043
		if (crl_score > best_score) {
1044
			best_crl = crl;
1045
			best_crl_issuer = crl_issuer;
1046
			best_score = crl_score;
1047
			best_reasons = reasons;
1048
		}
1049
	}
1050
1051
	if (best_crl) {
1052
		if (*pcrl)
1053
			X509_CRL_free(*pcrl);
1054
		*pcrl = best_crl;
1055
		*pissuer = best_crl_issuer;
1056
		*pscore = best_score;
1057
		*preasons = best_reasons;
1058
		CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
1059
		if (*pdcrl) {
1060
			X509_CRL_free(*pdcrl);
1061
			*pdcrl = NULL;
1062
		}
1063
		get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1064
	}
1065
1066
	if (best_score >= CRL_SCORE_VALID)
1067
		return 1;
1068
1069
	return 0;
1070
}
1071
1072
/* Compare two CRL extensions for delta checking purposes. They should be
1073
 * both present or both absent. If both present all fields must be identical.
1074
 */
1075
1076
static int
1077
crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
1078
{
1079
	ASN1_OCTET_STRING *exta, *extb;
1080
	int i;
1081
1082
	i = X509_CRL_get_ext_by_NID(a, nid, -1);
1083
	if (i >= 0) {
1084
		/* Can't have multiple occurrences */
1085
		if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1086
			return 0;
1087
		exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1088
	} else
1089
		exta = NULL;
1090
1091
	i = X509_CRL_get_ext_by_NID(b, nid, -1);
1092
1093
	if (i >= 0) {
1094
		if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1095
			return 0;
1096
		extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1097
	} else
1098
		extb = NULL;
1099
1100
	if (!exta && !extb)
1101
		return 1;
1102
1103
	if (!exta || !extb)
1104
		return 0;
1105
1106
	if (ASN1_OCTET_STRING_cmp(exta, extb))
1107
		return 0;
1108
1109
	return 1;
1110
}
1111
1112
/* See if a base and delta are compatible */
1113
1114
static int
1115
check_delta_base(X509_CRL *delta, X509_CRL *base)
1116
{
1117
	/* Delta CRL must be a delta */
1118
	if (!delta->base_crl_number)
1119
		return 0;
1120
	/* Base must have a CRL number */
1121
	if (!base->crl_number)
1122
		return 0;
1123
	/* Issuer names must match */
1124
	if (X509_NAME_cmp(X509_CRL_get_issuer(base),
1125
	    X509_CRL_get_issuer(delta)))
1126
		return 0;
1127
	/* AKID and IDP must match */
1128
	if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1129
		return 0;
1130
	if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1131
		return 0;
1132
	/* Delta CRL base number must not exceed Full CRL number. */
1133
	if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1134
		return 0;
1135
	/* Delta CRL number must exceed full CRL number */
1136
	if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1137
		return 1;
1138
	return 0;
1139
}
1140
1141
/* For a given base CRL find a delta... maybe extend to delta scoring
1142
 * or retrieve a chain of deltas...
1143
 */
1144
1145
static void
1146
get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base,
1147
    STACK_OF(X509_CRL) *crls)
1148
{
1149
	X509_CRL *delta;
1150
	int i;
1151
1152
	if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1153
		return;
1154
	if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1155
		return;
1156
	for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1157
		delta = sk_X509_CRL_value(crls, i);
1158
		if (check_delta_base(delta, base)) {
1159
			if (check_crl_time(ctx, delta, 0))
1160
				*pscore |= CRL_SCORE_TIME_DELTA;
1161
			CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
1162
			*dcrl = delta;
1163
			return;
1164
		}
1165
	}
1166
	*dcrl = NULL;
1167
}
1168
1169
/* For a given CRL return how suitable it is for the supplied certificate 'x'.
1170
 * The return value is a mask of several criteria.
1171
 * If the issuer is not the certificate issuer this is returned in *pissuer.
1172
 * The reasons mask is also used to determine if the CRL is suitable: if
1173
 * no new reasons the CRL is rejected, otherwise reasons is updated.
1174
 */
1175
1176
static int
1177
get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons,
1178
    X509_CRL *crl, X509 *x)
1179
{
1180
	int crl_score = 0;
1181
	unsigned int tmp_reasons = *preasons, crl_reasons;
1182
1183
	/* First see if we can reject CRL straight away */
1184
1185
	/* Invalid IDP cannot be processed */
1186
	if (crl->idp_flags & IDP_INVALID)
1187
		return 0;
1188
	/* Reason codes or indirect CRLs need extended CRL support */
1189
	if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1190
		if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1191
			return 0;
1192
	} else if (crl->idp_flags & IDP_REASONS) {
1193
		/* If no new reasons reject */
1194
		if (!(crl->idp_reasons & ~tmp_reasons))
1195
			return 0;
1196
	}
1197
	/* Don't process deltas at this stage */
1198
	else if (crl->base_crl_number)
1199
		return 0;
1200
	/* If issuer name doesn't match certificate need indirect CRL */
1201
	if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1202
		if (!(crl->idp_flags & IDP_INDIRECT))
1203
			return 0;
1204
	} else
1205
		crl_score |= CRL_SCORE_ISSUER_NAME;
1206
1207
	if (!(crl->flags & EXFLAG_CRITICAL))
1208
		crl_score |= CRL_SCORE_NOCRITICAL;
1209
1210
	/* Check expiry */
1211
	if (check_crl_time(ctx, crl, 0))
1212
		crl_score |= CRL_SCORE_TIME;
1213
1214
	/* Check authority key ID and locate certificate issuer */
1215
	crl_akid_check(ctx, crl, pissuer, &crl_score);
1216
1217
	/* If we can't locate certificate issuer at this point forget it */
1218
1219
	if (!(crl_score & CRL_SCORE_AKID))
1220
		return 0;
1221
1222
	/* Check cert for matching CRL distribution points */
1223
1224
	if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1225
		/* If no new reasons reject */
1226
		if (!(crl_reasons & ~tmp_reasons))
1227
			return 0;
1228
		tmp_reasons |= crl_reasons;
1229
		crl_score |= CRL_SCORE_SCOPE;
1230
	}
1231
1232
	*preasons = tmp_reasons;
1233
1234
	return crl_score;
1235
}
1236
1237
static void
1238
crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
1239
    int *pcrl_score)
1240
{
1241
	X509 *crl_issuer = NULL;
1242
	X509_NAME *cnm = X509_CRL_get_issuer(crl);
1243
	int cidx = ctx->error_depth;
1244
	int i;
1245
1246
	if (cidx != sk_X509_num(ctx->chain) - 1)
1247
		cidx++;
1248
1249
	crl_issuer = sk_X509_value(ctx->chain, cidx);
1250
1251
	if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1252
		if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1253
			*pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT;
1254
			*pissuer = crl_issuer;
1255
			return;
1256
		}
1257
	}
1258
1259
	for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) {
1260
		crl_issuer = sk_X509_value(ctx->chain, cidx);
1261
		if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1262
			continue;
1263
		if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1264
			*pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH;
1265
			*pissuer = crl_issuer;
1266
			return;
1267
		}
1268
	}
1269
1270
	/* Anything else needs extended CRL support */
1271
1272
	if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1273
		return;
1274
1275
	/* Otherwise the CRL issuer is not on the path. Look for it in the
1276
	 * set of untrusted certificates.
1277
	 */
1278
	for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1279
		crl_issuer = sk_X509_value(ctx->untrusted, i);
1280
		if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1281
			continue;
1282
		if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1283
			*pissuer = crl_issuer;
1284
			*pcrl_score |= CRL_SCORE_AKID;
1285
			return;
1286
		}
1287
	}
1288
}
1289
1290
/* Check the path of a CRL issuer certificate. This creates a new
1291
 * X509_STORE_CTX and populates it with most of the parameters from the
1292
 * parent. This could be optimised somewhat since a lot of path checking
1293
 * will be duplicated by the parent, but this will rarely be used in
1294
 * practice.
1295
 */
1296
1297
static int
1298
check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1299
{
1300
	X509_STORE_CTX crl_ctx;
1301
	int ret;
1302
1303
	/* Don't allow recursive CRL path validation */
1304
	if (ctx->parent)
1305
		return 0;
1306
	if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) {
1307
		ret = -1;
1308
		goto err;
1309
	}
1310
1311
	crl_ctx.crls = ctx->crls;
1312
	/* Copy verify params across */
1313
	X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1314
1315
	crl_ctx.parent = ctx;
1316
	crl_ctx.verify_cb = ctx->verify_cb;
1317
1318
	/* Verify CRL issuer */
1319
	ret = X509_verify_cert(&crl_ctx);
1320
1321
	if (ret <= 0)
1322
		goto err;
1323
1324
	/* Check chain is acceptable */
1325
	ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1326
1327
err:
1328
	X509_STORE_CTX_cleanup(&crl_ctx);
1329
	return ret;
1330
}
1331
1332
/* RFC3280 says nothing about the relationship between CRL path
1333
 * and certificate path, which could lead to situations where a
1334
 * certificate could be revoked or validated by a CA not authorised
1335
 * to do so. RFC5280 is more strict and states that the two paths must
1336
 * end in the same trust anchor, though some discussions remain...
1337
 * until this is resolved we use the RFC5280 version
1338
 */
1339
1340
static int
1341
check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
1342
    STACK_OF(X509) *crl_path)
1343
{
1344
	X509 *cert_ta, *crl_ta;
1345
1346
	cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1347
	crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1348
	if (!X509_cmp(cert_ta, crl_ta))
1349
		return 1;
1350
	return 0;
1351
}
1352
1353
/* Check for match between two dist point names: three separate cases.
1354
 * 1. Both are relative names and compare X509_NAME types.
1355
 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
1356
 * 3. Both are full names and compare two GENERAL_NAMES.
1357
 * 4. One is NULL: automatic match.
1358
 */
1359
1360
static int
1361
idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
1362
{
1363
	X509_NAME *nm = NULL;
1364
	GENERAL_NAMES *gens = NULL;
1365
	GENERAL_NAME *gena, *genb;
1366
	int i, j;
1367
1368
	if (!a || !b)
1369
		return 1;
1370
	if (a->type == 1) {
1371
		if (!a->dpname)
1372
			return 0;
1373
		/* Case 1: two X509_NAME */
1374
		if (b->type == 1) {
1375
			if (!b->dpname)
1376
				return 0;
1377
			if (!X509_NAME_cmp(a->dpname, b->dpname))
1378
				return 1;
1379
			else
1380
				return 0;
1381
		}
1382
		/* Case 2: set name and GENERAL_NAMES appropriately */
1383
		nm = a->dpname;
1384
		gens = b->name.fullname;
1385
	} else if (b->type == 1) {
1386
		if (!b->dpname)
1387
			return 0;
1388
		/* Case 2: set name and GENERAL_NAMES appropriately */
1389
		gens = a->name.fullname;
1390
		nm = b->dpname;
1391
	}
1392
1393
	/* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1394
	if (nm) {
1395
		for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1396
			gena = sk_GENERAL_NAME_value(gens, i);
1397
			if (gena->type != GEN_DIRNAME)
1398
				continue;
1399
			if (!X509_NAME_cmp(nm, gena->d.directoryName))
1400
				return 1;
1401
		}
1402
		return 0;
1403
	}
1404
1405
	/* Else case 3: two GENERAL_NAMES */
1406
1407
	for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1408
		gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1409
		for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1410
			genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1411
			if (!GENERAL_NAME_cmp(gena, genb))
1412
				return 1;
1413
		}
1414
	}
1415
1416
	return 0;
1417
}
1418
1419
static int
1420
crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1421
{
1422
	int i;
1423
	X509_NAME *nm = X509_CRL_get_issuer(crl);
1424
1425
	/* If no CRLissuer return is successful iff don't need a match */
1426
	if (!dp->CRLissuer)
1427
		return !!(crl_score & CRL_SCORE_ISSUER_NAME);
1428
	for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1429
		GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1430
		if (gen->type != GEN_DIRNAME)
1431
			continue;
1432
		if (!X509_NAME_cmp(gen->d.directoryName, nm))
1433
			return 1;
1434
	}
1435
	return 0;
1436
}
1437
1438
/* Check CRLDP and IDP */
1439
1440
static int
1441
crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons)
1442
{
1443
	int i;
1444
1445
	if (crl->idp_flags & IDP_ONLYATTR)
1446
		return 0;
1447
	if (x->ex_flags & EXFLAG_CA) {
1448
		if (crl->idp_flags & IDP_ONLYUSER)
1449
			return 0;
1450
	} else {
1451
		if (crl->idp_flags & IDP_ONLYCA)
1452
			return 0;
1453
	}
1454
	*preasons = crl->idp_reasons;
1455
	for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1456
		DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1457
		if (crldp_check_crlissuer(dp, crl, crl_score)) {
1458
			if (!crl->idp ||
1459
			    idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1460
				*preasons &= dp->dp_reasons;
1461
				return 1;
1462
			}
1463
		}
1464
	}
1465
	if ((!crl->idp || !crl->idp->distpoint) &&
1466
	    (crl_score & CRL_SCORE_ISSUER_NAME))
1467
		return 1;
1468
	return 0;
1469
}
1470
1471
/* Retrieve CRL corresponding to current certificate.
1472
 * If deltas enabled try to find a delta CRL too
1473
 */
1474
1475
static int
1476
get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1477
{
1478
	int ok;
1479
	X509 *issuer = NULL;
1480
	int crl_score = 0;
1481
	unsigned int reasons;
1482
	X509_CRL *crl = NULL, *dcrl = NULL;
1483
	STACK_OF(X509_CRL) *skcrl;
1484
	X509_NAME *nm = X509_get_issuer_name(x);
1485
1486
	reasons = ctx->current_reasons;
1487
	ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons,
1488
	    ctx->crls);
1489
	if (ok)
1490
		goto done;
1491
1492
	/* Lookup CRLs from store */
1493
	skcrl = ctx->lookup_crls(ctx, nm);
1494
1495
	/* If no CRLs found and a near match from get_crl_sk use that */
1496
	if (!skcrl && crl)
1497
		goto done;
1498
1499
	get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1500
1501
	sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1502
1503
done:
1504
1505
	/* If we got any kind of CRL use it and return success */
1506
	if (crl) {
1507
		ctx->current_issuer = issuer;
1508
		ctx->current_crl_score = crl_score;
1509
		ctx->current_reasons = reasons;
1510
		*pcrl = crl;
1511
		*pdcrl = dcrl;
1512
		return 1;
1513
	}
1514
1515
	return 0;
1516
}
1517
1518
/* Check CRL validity */
1519
static int
1520
check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1521
{
1522
	X509 *issuer = NULL;
1523
	EVP_PKEY *ikey = NULL;
1524
	int ok = 0, chnum, cnum;
1525
1526
	cnum = ctx->error_depth;
1527
	chnum = sk_X509_num(ctx->chain) - 1;
1528
	/* if we have an alternative CRL issuer cert use that */
1529
	if (ctx->current_issuer) {
1530
		issuer = ctx->current_issuer;
1531
	} else if (cnum < chnum) {
1532
		/* Else find CRL issuer: if not last certificate then issuer
1533
	 	* is next certificate in chain.
1534
	 	*/
1535
		issuer = sk_X509_value(ctx->chain, cnum + 1);
1536
	} else {
1537
		issuer = sk_X509_value(ctx->chain, chnum);
1538
		/* If not self signed, can't check signature */
1539
		if (!ctx->check_issued(ctx, issuer, issuer)) {
1540
			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1541
			ok = ctx->verify_cb(0, ctx);
1542
			if (!ok)
1543
				goto err;
1544
		}
1545
	}
1546
1547
	if (issuer) {
1548
		/* Skip most tests for deltas because they have already
1549
		 * been done
1550
		 */
1551
		if (!crl->base_crl_number) {
1552
			/* Check for cRLSign bit if keyUsage present */
1553
			if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1554
			    !(issuer->ex_kusage & KU_CRL_SIGN)) {
1555
				ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1556
				ok = ctx->verify_cb(0, ctx);
1557
				if (!ok)
1558
					goto err;
1559
			}
1560
1561
			if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1562
				ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1563
				ok = ctx->verify_cb(0, ctx);
1564
				if (!ok)
1565
					goto err;
1566
			}
1567
1568
			if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1569
				if (check_crl_path(ctx,
1570
				    ctx->current_issuer) <= 0) {
1571
					ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1572
					ok = ctx->verify_cb(0, ctx);
1573
					if (!ok)
1574
						goto err;
1575
				}
1576
			}
1577
1578
			if (crl->idp_flags & IDP_INVALID) {
1579
				ctx->error = X509_V_ERR_INVALID_EXTENSION;
1580
				ok = ctx->verify_cb(0, ctx);
1581
				if (!ok)
1582
					goto err;
1583
			}
1584
1585
1586
		}
1587
1588
		if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1589
			ok = check_crl_time(ctx, crl, 1);
1590
			if (!ok)
1591
				goto err;
1592
		}
1593
1594
		/* Attempt to get issuer certificate public key */
1595
		ikey = X509_get_pubkey(issuer);
1596
1597
		if (!ikey) {
1598
			ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1599
			ok = ctx->verify_cb(0, ctx);
1600
			if (!ok)
1601
				goto err;
1602
		} else {
1603
			/* Verify CRL signature */
1604
			if (X509_CRL_verify(crl, ikey) <= 0) {
1605
				ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1606
				ok = ctx->verify_cb(0, ctx);
1607
				if (!ok)
1608
					goto err;
1609
			}
1610
		}
1611
	}
1612
1613
	ok = 1;
1614
1615
err:
1616
	EVP_PKEY_free(ikey);
1617
	return ok;
1618
}
1619
1620
/* Check certificate against CRL */
1621
static int
1622
cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1623
{
1624
	int ok;
1625
	X509_REVOKED *rev;
1626
1627
	/* The rules changed for this... previously if a CRL contained
1628
	 * unhandled critical extensions it could still be used to indicate
1629
	 * a certificate was revoked. This has since been changed since
1630
	 * critical extension can change the meaning of CRL entries.
1631
	 */
1632
	if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
1633
	    (crl->flags & EXFLAG_CRITICAL)) {
1634
		ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1635
		ok = ctx->verify_cb(0, ctx);
1636
		if (!ok)
1637
			return 0;
1638
	}
1639
	/* Look for serial number of certificate in CRL
1640
	 * If found make sure reason is not removeFromCRL.
1641
	 */
1642
	if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1643
		if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1644
			return 2;
1645
		ctx->error = X509_V_ERR_CERT_REVOKED;
1646
		ok = ctx->verify_cb(0, ctx);
1647
		if (!ok)
1648
			return 0;
1649
	}
1650
1651
	return 1;
1652
}
1653
1654
static int
1655
check_policy(X509_STORE_CTX *ctx)
1656
{
1657
	int ret;
1658
1659
	if (ctx->parent)
1660
		return 1;
1661
	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1662
	    ctx->param->policies, ctx->param->flags);
1663
	if (ret == 0) {
1664
		X509error(ERR_R_MALLOC_FAILURE);
1665
		return 0;
1666
	}
1667
	/* Invalid or inconsistent extensions */
1668
	if (ret == -1) {
1669
		/* Locate certificates with bad extensions and notify
1670
		 * callback.
1671
		 */
1672
		X509 *x;
1673
		int i;
1674
		for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1675
			x = sk_X509_value(ctx->chain, i);
1676
			if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1677
				continue;
1678
			ctx->current_cert = x;
1679
			ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1680
			if (!ctx->verify_cb(0, ctx))
1681
				return 0;
1682
		}
1683
		return 1;
1684
	}
1685
	if (ret == -2) {
1686
		ctx->current_cert = NULL;
1687
		ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1688
		return ctx->verify_cb(0, ctx);
1689
	}
1690
1691
	if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1692
		ctx->current_cert = NULL;
1693
		ctx->error = X509_V_OK;
1694
		if (!ctx->verify_cb(2, ctx))
1695
			return 0;
1696
	}
1697
1698
	return 1;
1699
}
1700
1701
/*
1702
 * Inform the verify callback of an error.
1703
 *
1704
 * If x is not NULL it is the error cert, otherwise use the chain cert
1705
 * at depth.
1706
 *
1707
 * If err is not X509_V_OK, that's the error value, otherwise leave
1708
 * unchanged (presumably set by the caller).
1709
 *
1710
 * Returns 0 to abort verification with an error, non-zero to continue.
1711
 */
1712
static int
1713
verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err)
1714
{
1715
12
	ctx->error_depth = depth;
1716
18
	ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth);
1717
6
	if (err != X509_V_OK)
1718
6
		ctx->error = err;
1719
6
	return ctx->verify_cb(0, ctx);
1720
}
1721
1722
/*
1723
 * Check certificate validity times.
1724
 *
1725
 * If depth >= 0, invoke verification callbacks on error, otherwise just return
1726
 * the validation status.
1727
 *
1728
 * Return 1 on success, 0 otherwise.
1729
 */
1730
int
1731
x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
1732
{
1733
	time_t *ptime;
1734
	int i;
1735
1736
10102
	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1737
		ptime = &ctx->param->check_time;
1738
5051
	else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
1739
		return 1;
1740
	else
1741
		ptime = NULL;
1742
1743
5051
	i = X509_cmp_time(X509_get_notBefore(x), ptime);
1744
5051
	if (i >= 0 && depth < 0)
1745
		return 0;
1746

5051
	if (i == 0 && !verify_cb_cert(ctx, x, depth,
1747
	    X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD))
1748
		return 0;
1749

5051
	if (i > 0 && !verify_cb_cert(ctx, x, depth,
1750
		X509_V_ERR_CERT_NOT_YET_VALID))
1751
		return 0;
1752
1753
5051
	i = X509_cmp_time_internal(X509_get_notAfter(x), ptime, 1);
1754
5051
	if (i <= 0 && depth < 0)
1755
		return 0;
1756

5051
	if (i == 0 && !verify_cb_cert(ctx, x, depth,
1757
	    X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD))
1758
		return 0;
1759

5051
	if (i < 0 && !verify_cb_cert(ctx, x, depth,
1760
	    X509_V_ERR_CERT_HAS_EXPIRED))
1761
		return 0;
1762
5051
	return 1;
1763
5051
}
1764
1765
static int
1766
internal_verify(X509_STORE_CTX *ctx)
1767
{
1768
2464
	int n = sk_X509_num(ctx->chain) - 1;
1769
1232
	X509 *xi = sk_X509_value(ctx->chain, n);
1770
	X509 *xs;
1771
1772
1232
	if (ctx->check_issued(ctx, xi, xi))
1773
1226
		xs = xi;
1774
	else {
1775
6
		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1776
			xs = xi;
1777
			goto check_cert;
1778
		}
1779
6
		if (n <= 0)
1780
6
			return verify_cb_cert(ctx, xi, 0,
1781
			    X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE);
1782
		n--;
1783
		ctx->error_depth = n;
1784
		xs = sk_X509_value(ctx->chain, n);
1785
	}
1786
1787
	/*
1788
	 * Do not clear ctx->error=0, it must be "sticky", only the
1789
	 * user's callback is allowed to reset errors (at its own
1790
	 * peril).
1791
	 */
1792
7572
	while (n >= 0) {
1793
1794
		/*
1795
		 * Skip signature check for self signed certificates
1796
		 * unless explicitly asked for.  It doesn't add any
1797
		 * security and just wastes time.  If the issuer's
1798
		 * public key is unusable, report the issuer
1799
		 * certificate and its depth (rather than the depth of
1800
		 * the subject).
1801
		 */
1802

3786
		if (xs != xi || (ctx->param->flags &
1803
			X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1804
			EVP_PKEY *pkey;
1805
1334
			if ((pkey = X509_get_pubkey(xi)) == NULL) {
1806
				if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n,
1807
					X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
1808
					return 0;
1809
1334
			} else if (X509_verify(xs, pkey) <= 0) {
1810
				if (!verify_cb_cert(ctx, xs, n,
1811
					X509_V_ERR_CERT_SIGNATURE_FAILURE)) {
1812
					EVP_PKEY_free(pkey);
1813
					return 0;
1814
				}
1815
			}
1816
1334
			EVP_PKEY_free(pkey);
1817
1334
		}
1818
check_cert:
1819
		/* Calls verify callback as needed */
1820
2560
		if (!x509_check_cert_time(ctx, xs, n))
1821
			return 0;
1822
1823
		/*
1824
		 * Signal success at this depth.  However, the
1825
		 * previous error (if any) is retained.
1826
		 */
1827
2560
		ctx->current_issuer = xi;
1828
2560
		ctx->current_cert = xs;
1829
2560
		ctx->error_depth = n;
1830
2560
		if (!ctx->verify_cb(1, ctx))
1831
			return 0;
1832
1833
2560
		if (--n >= 0) {
1834
			xi = xs;
1835
1334
			xs = sk_X509_value(ctx->chain, n);
1836
1334
		}
1837
	}
1838
1226
	return 1;
1839
1232
}
1840
1841
int
1842
X509_cmp_current_time(const ASN1_TIME *ctm)
1843
{
1844
	return X509_cmp_time(ctm, NULL);
1845
}
1846
1847
/*
1848
 * Compare a possibly unvalidated ASN1_TIME string against a time_t
1849
 * using RFC 5280 rules for the time string. If *cmp_time is NULL
1850
 * the current system time is used.
1851
 *
1852
 * XXX NOTE that unlike what you expect a "cmp" function to do in C,
1853
 * XXX this one is "special", and returns 0 for error.
1854
 *
1855
 * Returns:
1856
 * -1 if the ASN1_time is earlier than OR the same as *cmp_time.
1857
 * 1 if the ASN1_time is later than *cmp_time.
1858
 * 0 on error.
1859
 */
1860
static int
1861
X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter)
1862
{
1863
20408
	time_t time1, time2;
1864
10204
	struct tm tm1, tm2;
1865
	int ret = 0;
1866
	int type;
1867
1868
10204
	if (cmp_time == NULL)
1869
10102
		time2 = time(NULL);
1870
	else
1871
102
		time2 = *cmp_time;
1872
1873
10204
	memset(&tm1, 0, sizeof(tm1));
1874
1875
10204
	type = ASN1_time_parse(ctm->data, ctm->length, &tm1, ctm->type);
1876
10204
	if (type == -1)
1877
		goto out; /* invalid time */
1878
1879
	/* RFC 5280 section 4.1.2.5 */
1880
10204
	if (tm1.tm_year < 150 && type != V_ASN1_UTCTIME)
1881
		goto out;
1882
10174
	if (tm1.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME)
1883
		goto out;
1884
1885
10174
	if (clamp_notafter) {
1886
		/* Allow for completely broken operating systems. */
1887
5051
		if (!ASN1_time_tm_clamp_notafter(&tm1))
1888
			goto out;
1889
	}
1890
1891
	/*
1892
	 * Defensively fail if the time string is not representable as
1893
	 * a time_t. A time_t must be sane if you care about times after
1894
	 * Jan 19 2038.
1895
	 */
1896
10174
	if ((time1 = timegm(&tm1)) == -1)
1897
		goto out;
1898
1899
10174
	if (gmtime_r(&time2, &tm2) == NULL)
1900
		goto out;
1901
1902
10174
	ret = ASN1_time_tm_cmp(&tm1, &tm2);
1903
10174
	if (ret == 0)
1904
		ret = -1; /* 0 is used for error, so map same to less than */
1905
 out:
1906
10204
	return (ret);
1907
10204
}
1908
1909
int
1910
X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1911
{
1912
10306
	return X509_cmp_time_internal(ctm, cmp_time, 0);
1913
}
1914
1915
1916
ASN1_TIME *
1917
X509_gmtime_adj(ASN1_TIME *s, long adj)
1918
{
1919
84
	return X509_time_adj(s, adj, NULL);
1920
}
1921
1922
ASN1_TIME *
1923
X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time)
1924
{
1925
84
	return X509_time_adj_ex(s, 0, offset_sec, in_time);
1926
}
1927
1928
ASN1_TIME *
1929
X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time)
1930
{
1931
	time_t t;
1932
128
	if (in_time == NULL)
1933
64
		t = time(NULL);
1934
	else
1935
		t = *in_time;
1936
1937
64
	return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1938
}
1939
1940
int
1941
X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
1942
{
1943
	EVP_PKEY *ktmp = NULL, *ktmp2;
1944
	int i, j;
1945
1946
	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
1947
		return 1;
1948
1949
	for (i = 0; i < sk_X509_num(chain); i++) {
1950
		ktmp = X509_get_pubkey(sk_X509_value(chain, i));
1951
		if (ktmp == NULL) {
1952
			X509error(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
1953
			return 0;
1954
		}
1955
		if (!EVP_PKEY_missing_parameters(ktmp))
1956
			break;
1957
		else {
1958
			EVP_PKEY_free(ktmp);
1959
			ktmp = NULL;
1960
		}
1961
	}
1962
	if (ktmp == NULL) {
1963
		X509error(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
1964
		return 0;
1965
	}
1966
1967
	/* first, populate the other certs */
1968
	for (j = i - 1; j >= 0; j--) {
1969
		ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
1970
		EVP_PKEY_copy_parameters(ktmp2, ktmp);
1971
		EVP_PKEY_free(ktmp2);
1972
	}
1973
1974
	if (pkey != NULL)
1975
		EVP_PKEY_copy_parameters(pkey, ktmp);
1976
	EVP_PKEY_free(ktmp);
1977
	return 1;
1978
}
1979
1980
int
1981
X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1982
    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
1983
{
1984
	/* This function is (usually) called only once, by
1985
	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
1986
626
	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX,
1987
	    argl, argp, new_func, dup_func, free_func);
1988
}
1989
1990
int
1991
X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
1992
{
1993
2582
	return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
1994
}
1995
1996
void *
1997
X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
1998
{
1999
	return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2000
}
2001
2002
int
2003
X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2004
{
2005
48
	return ctx->error;
2006
}
2007
2008
void
2009
X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
2010
{
2011
	ctx->error = err;
2012
}
2013
2014
int
2015
X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2016
{
2017
8
	return ctx->error_depth;
2018
}
2019
2020
X509 *
2021
X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
2022
{
2023
16
	return ctx->current_cert;
2024
}
2025
2026
STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
2027
{
2028
	return ctx->chain;
2029
}
2030
2031
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
2032
{
2033
	int i;
2034
	X509 *x;
2035
	STACK_OF(X509) *chain;
2036
2037

24
	if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain)))
2038
		return NULL;
2039
48
	for (i = 0; i < sk_X509_num(chain); i++) {
2040
16
		x = sk_X509_value(chain, i);
2041
16
		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2042
	}
2043
8
	return chain;
2044
8
}
2045
2046
X509 *
2047
X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
2048
{
2049
	return ctx->current_issuer;
2050
}
2051
2052
X509_CRL *
2053
X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
2054
{
2055
	return ctx->current_crl;
2056
}
2057
2058
X509_STORE_CTX *
2059
X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
2060
{
2061
	return ctx->parent;
2062
}
2063
2064
void
2065
X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
2066
{
2067
4
	ctx->cert = x;
2068
2
}
2069
2070
void
2071
X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2072
{
2073
	ctx->untrusted = sk;
2074
}
2075
2076
void
2077
X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
2078
{
2079
16
	ctx->crls = sk;
2080
8
}
2081
2082
int
2083
X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
2084
{
2085
12
	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2086
}
2087
2088
int
2089
X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
2090
{
2091
	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2092
}
2093
2094
/* This function is used to set the X509_STORE_CTX purpose and trust
2095
 * values. This is intended to be used when another structure has its
2096
 * own trust and purpose values which (if set) will be inherited by
2097
 * the ctx. If they aren't set then we will usually have a default
2098
 * purpose in mind which should then be used to set the trust value.
2099
 * An example of this is SSL use: an SSL structure will have its own
2100
 * purpose and trust settings which the application can set: if they
2101
 * aren't set then we use the default of SSL client/server.
2102
 */
2103
2104
int
2105
X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2106
    int purpose, int trust)
2107
{
2108
	int idx;
2109
2110
	/* If purpose not set use default */
2111
12
	if (!purpose)
2112
		purpose = def_purpose;
2113
	/* If we have a purpose then check it is valid */
2114
6
	if (purpose) {
2115
		X509_PURPOSE *ptmp;
2116
6
		idx = X509_PURPOSE_get_by_id(purpose);
2117
6
		if (idx == -1) {
2118
			X509error(X509_R_UNKNOWN_PURPOSE_ID);
2119
			return 0;
2120
		}
2121
6
		ptmp = X509_PURPOSE_get0(idx);
2122
6
		if (ptmp->trust == X509_TRUST_DEFAULT) {
2123
			idx = X509_PURPOSE_get_by_id(def_purpose);
2124
			if (idx == -1) {
2125
				X509error(X509_R_UNKNOWN_PURPOSE_ID);
2126
				return 0;
2127
			}
2128
			ptmp = X509_PURPOSE_get0(idx);
2129
		}
2130
		/* If trust not set then get from purpose default */
2131
6
		if (!trust)
2132
6
			trust = ptmp->trust;
2133
6
	}
2134
6
	if (trust) {
2135
6
		idx = X509_TRUST_get_by_id(trust);
2136
6
		if (idx == -1) {
2137
			X509error(X509_R_UNKNOWN_TRUST_ID);
2138
			return 0;
2139
		}
2140
	}
2141
2142

12
	if (purpose && !ctx->param->purpose)
2143
6
		ctx->param->purpose = purpose;
2144

12
	if (trust && !ctx->param->trust)
2145
6
		ctx->param->trust = trust;
2146
6
	return 1;
2147
6
}
2148
2149
X509_STORE_CTX *
2150
X509_STORE_CTX_new(void)
2151
{
2152
	X509_STORE_CTX *ctx;
2153
2154
4
	ctx = calloc(1, sizeof(X509_STORE_CTX));
2155
2
	if (!ctx) {
2156
		X509error(ERR_R_MALLOC_FAILURE);
2157
		return NULL;
2158
	}
2159
2
	return ctx;
2160
2
}
2161
2162
void
2163
X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2164
{
2165
4
	if (ctx == NULL)
2166
		return;
2167
2168
2
	X509_STORE_CTX_cleanup(ctx);
2169
2
	free(ctx);
2170
4
}
2171
2172
int
2173
X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2174
    STACK_OF(X509) *chain)
2175
{
2176
	int param_ret = 1;
2177
2178
	/*
2179
	 * Make sure everything is initialized properly even in case of an
2180
	 * early return due to an error.
2181
	 *
2182
	 * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have
2183
	 * freed everything and memset ex_data anyway.  This also allows us
2184
	 * to safely use X509_STORE_CTX variables from the stack which will
2185
	 * have uninitialized data.
2186
	 */
2187
3000
	memset(ctx, 0, sizeof(*ctx));
2188
2189
	/*
2190
	 * Start with this set to not valid - it will be set to valid
2191
	 * in X509_verify_cert.
2192
	 */
2193
1500
	ctx->error = X509_V_ERR_INVALID_CALL;
2194
2195
	/*
2196
	 * Set values other than 0.  Keep this in the same order as
2197
	 * X509_STORE_CTX except for values that may fail.  All fields that
2198
	 * may fail should go last to make sure 'ctx' is as consistent as
2199
	 * possible even on early exits.
2200
	 */
2201
1500
	ctx->ctx = store;
2202
1500
	ctx->cert = x509;
2203
1500
	ctx->untrusted = chain;
2204
2205

3000
	if (store && store->verify)
2206
		ctx->verify = store->verify;
2207
	else
2208
		ctx->verify = internal_verify;
2209
2210

3000
	if (store && store->verify_cb)
2211
14
		ctx->verify_cb = store->verify_cb;
2212
	else
2213
		ctx->verify_cb = null_callback;
2214
2215

3000
	if (store && store->get_issuer)
2216
		ctx->get_issuer = store->get_issuer;
2217
	else
2218
		ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2219
2220

3000
	if (store && store->check_issued)
2221
		ctx->check_issued = store->check_issued;
2222
	else
2223
		ctx->check_issued = check_issued;
2224
2225

3000
	if (store && store->check_revocation)
2226
		ctx->check_revocation = store->check_revocation;
2227
	else
2228
		ctx->check_revocation = check_revocation;
2229
2230

3000
	if (store && store->get_crl)
2231
		ctx->get_crl = store->get_crl;
2232
	else
2233
		ctx->get_crl = NULL;
2234
2235

3000
	if (store && store->check_crl)
2236
		ctx->check_crl = store->check_crl;
2237
	else
2238
		ctx->check_crl = check_crl;
2239
2240

3000
	if (store && store->cert_crl)
2241
		ctx->cert_crl = store->cert_crl;
2242
	else
2243
		ctx->cert_crl = cert_crl;
2244
2245
1500
	ctx->check_policy = check_policy;
2246
2247

3000
	if (store && store->lookup_certs)
2248
		ctx->lookup_certs = store->lookup_certs;
2249
	else
2250
		ctx->lookup_certs = X509_STORE_get1_certs;
2251
2252

3000
	if (store && store->lookup_crls)
2253
		ctx->lookup_crls = store->lookup_crls;
2254
	else
2255
		ctx->lookup_crls = X509_STORE_get1_crls;
2256
2257

3000
	if (store && store->cleanup)
2258
		ctx->cleanup = store->cleanup;
2259
	else
2260
		ctx->cleanup = NULL;
2261
2262
1500
	ctx->param = X509_VERIFY_PARAM_new();
2263
1500
	if (!ctx->param) {
2264
		X509error(ERR_R_MALLOC_FAILURE);
2265
		return 0;
2266
	}
2267
2268
	/* Inherit callbacks and flags from X509_STORE if not set
2269
	 * use defaults.
2270
	 */
2271
1500
	if (store)
2272
1500
		param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2273
	else
2274
		ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
2275
2276
1500
	if (param_ret)
2277
3000
		param_ret = X509_VERIFY_PARAM_inherit(ctx->param,
2278
1500
		    X509_VERIFY_PARAM_lookup("default"));
2279
2280
1500
	if (param_ret == 0) {
2281
		X509error(ERR_R_MALLOC_FAILURE);
2282
		return 0;
2283
	}
2284
2285
3000
	if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
2286
3000
	    &(ctx->ex_data)) == 0) {
2287
		X509error(ERR_R_MALLOC_FAILURE);
2288
		return 0;
2289
	}
2290
1500
	return 1;
2291
1500
}
2292
2293
/* Set alternative lookup method: just a STACK of trusted certificates.
2294
 * This avoids X509_STORE nastiness where it isn't needed.
2295
 */
2296
2297
void
2298
X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2299
{
2300
	ctx->other_ctx = sk;
2301
	ctx->get_issuer = get_issuer_sk;
2302
}
2303
2304
void
2305
X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2306
{
2307
3000
	if (ctx->cleanup)
2308
		ctx->cleanup(ctx);
2309
1500
	if (ctx->param != NULL) {
2310
1500
		if (ctx->parent == NULL)
2311
1500
			X509_VERIFY_PARAM_free(ctx->param);
2312
1500
		ctx->param = NULL;
2313
1500
	}
2314
1500
	if (ctx->tree != NULL) {
2315
		X509_policy_tree_free(ctx->tree);
2316
		ctx->tree = NULL;
2317
	}
2318
1500
	if (ctx->chain != NULL) {
2319
1492
		sk_X509_pop_free(ctx->chain, X509_free);
2320
1492
		ctx->chain = NULL;
2321
1492
	}
2322
1500
	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX,
2323
1500
	    ctx, &(ctx->ex_data));
2324
1500
	memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2325
1500
}
2326
2327
void
2328
X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2329
{
2330
	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2331
}
2332
2333
void
2334
X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2335
{
2336
4
	X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2337
2
}
2338
2339
void
2340
X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
2341
{
2342
	X509_VERIFY_PARAM_set_time(ctx->param, t);
2343
}
2344
2345
void
2346
X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2347
    int (*verify_cb)(int, X509_STORE_CTX *))
2348
{
2349
88
	ctx->verify_cb = verify_cb;
2350
44
}
2351
2352
X509_POLICY_TREE *
2353
X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2354
{
2355
	return ctx->tree;
2356
}
2357
2358
int
2359
X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2360
{
2361
	return ctx->explicit_policy;
2362
}
2363
2364
int
2365
X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2366
{
2367
	const X509_VERIFY_PARAM *param;
2368
2598
	param = X509_VERIFY_PARAM_lookup(name);
2369
1299
	if (!param)
2370
		return 0;
2371
1299
	return X509_VERIFY_PARAM_inherit(ctx->param, param);
2372
1299
}
2373
2374
X509_VERIFY_PARAM *
2375
X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2376
{
2377
2582
	return ctx->param;
2378
}
2379
2380
void
2381
X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2382
{
2383
	if (ctx->param)
2384
		X509_VERIFY_PARAM_free(ctx->param);
2385
	ctx->param = param;
2386
}