1 /* crypto/x509/x509_vfy.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
64 #include <openssl/crypto.h>
65 #include <openssl/lhash.h>
66 #include <openssl/buffer.h>
67 #include <openssl/evp.h>
68 #include <openssl/asn1.h>
69 #include <openssl/x509.h>
70 #include <openssl/x509v3.h>
71 #include <openssl/objects.h>
73 static int null_callback(int ok
, X509_STORE_CTX
*e
);
74 static int check_issued(X509_STORE_CTX
*ctx
, X509
*x
, X509
*issuer
);
75 static X509
*find_issuer(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
, X509
*x
);
76 static int check_chain_extensions(X509_STORE_CTX
*ctx
);
77 static int check_trust(X509_STORE_CTX
*ctx
);
78 static int check_revocation(X509_STORE_CTX
*ctx
);
79 static int check_cert(X509_STORE_CTX
*ctx
);
80 static int check_policy(X509_STORE_CTX
*ctx
);
81 static int internal_verify(X509_STORE_CTX
*ctx
);
82 const char X509_version
[] = "X.509" OPENSSL_VERSION_PTEXT
;
84 static int null_callback(int ok
, X509_STORE_CTX
*e
)
90 static int x509_subject_cmp(X509
**a
, X509
**b
)
92 return X509_subject_name_cmp(*a
, *b
);
96 int X509_verify_cert(X509_STORE_CTX
*ctx
)
98 X509
*x
, *xtmp
, *chain_ss
= NULL
;
100 X509_VERIFY_PARAM
*param
= ctx
->param
;
101 int depth
, i
, ok
= 0;
103 int (*cb
) (int xok
, X509_STORE_CTX
*xctx
);
104 STACK_OF(X509
) *sktmp
= NULL
;
105 if (ctx
->cert
== NULL
) {
106 X509err(X509_F_X509_VERIFY_CERT
, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY
);
113 * first we make sure the chain we are going to build is present and that
114 * the first entry is in place
116 if (ctx
->chain
== NULL
) {
117 if (((ctx
->chain
= sk_X509_new_null()) == NULL
) ||
118 (!sk_X509_push(ctx
->chain
, ctx
->cert
))) {
119 X509err(X509_F_X509_VERIFY_CERT
, ERR_R_MALLOC_FAILURE
);
122 CRYPTO_add(&ctx
->cert
->references
, 1, CRYPTO_LOCK_X509
);
123 ctx
->last_untrusted
= 1;
126 /* We use a temporary STACK so we can chop and hack at it */
127 if (ctx
->untrusted
!= NULL
128 && (sktmp
= sk_X509_dup(ctx
->untrusted
)) == NULL
) {
129 X509err(X509_F_X509_VERIFY_CERT
, ERR_R_MALLOC_FAILURE
);
133 num
= sk_X509_num(ctx
->chain
);
134 x
= sk_X509_value(ctx
->chain
, num
- 1);
135 depth
= param
->depth
;
138 /* If we have enough, we break */
140 break; /* FIXME: If this happens, we should take
141 * note of it and, if appropriate, use the
142 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
145 /* If we are self signed, we break */
146 if (ctx
->check_issued(ctx
, x
, x
))
149 /* If we were passed a cert chain, use it first */
150 if (ctx
->untrusted
!= NULL
) {
151 xtmp
= find_issuer(ctx
, sktmp
, x
);
153 if (!sk_X509_push(ctx
->chain
, xtmp
)) {
154 X509err(X509_F_X509_VERIFY_CERT
, ERR_R_MALLOC_FAILURE
);
157 CRYPTO_add(&xtmp
->references
, 1, CRYPTO_LOCK_X509
);
158 (void)sk_X509_delete_ptr(sktmp
, xtmp
);
159 ctx
->last_untrusted
++;
163 * reparse the full chain for the next one
172 * at this point, chain should contain a list of untrusted certificates.
173 * We now need to add at least one trusted one, if possible, otherwise we
178 * Examine last certificate in chain and see if it is self signed.
181 i
= sk_X509_num(ctx
->chain
);
182 x
= sk_X509_value(ctx
->chain
, i
- 1);
183 if (ctx
->check_issued(ctx
, x
, x
)) {
184 /* we have a self signed certificate */
185 if (sk_X509_num(ctx
->chain
) == 1) {
187 * We have a single self signed certificate: see if we can find
188 * it in the store. We must have an exact match to avoid possible
191 ok
= ctx
->get_issuer(&xtmp
, ctx
, x
);
192 if ((ok
<= 0) || X509_cmp(x
, xtmp
)) {
193 ctx
->error
= X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
;
194 ctx
->current_cert
= x
;
195 ctx
->error_depth
= i
- 1;
204 * We have a match: replace certificate with store version so
205 * we get any trust settings.
209 (void)sk_X509_set(ctx
->chain
, i
- 1, x
);
210 ctx
->last_untrusted
= 0;
214 * extract and save self signed certificate for later use
216 chain_ss
= sk_X509_pop(ctx
->chain
);
217 ctx
->last_untrusted
--;
219 x
= sk_X509_value(ctx
->chain
, num
- 1);
223 /* We now lookup certs from the certificate store */
225 /* If we have enough, we break */
229 /* If we are self signed, we break */
230 if (ctx
->check_issued(ctx
, x
, x
))
233 ok
= ctx
->get_issuer(&xtmp
, ctx
, x
);
241 if (!sk_X509_push(ctx
->chain
, x
)) {
243 X509err(X509_F_X509_VERIFY_CERT
, ERR_R_MALLOC_FAILURE
);
249 /* we now have our chain, lets check it... */
251 /* Is last certificate looked up self signed? */
252 if (!ctx
->check_issued(ctx
, x
, x
)) {
253 if ((chain_ss
== NULL
) || !ctx
->check_issued(ctx
, x
, chain_ss
)) {
254 if (ctx
->last_untrusted
>= num
)
255 ctx
->error
= X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
;
257 ctx
->error
= X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
;
258 ctx
->current_cert
= x
;
261 sk_X509_push(ctx
->chain
, chain_ss
);
263 ctx
->last_untrusted
= num
;
264 ctx
->current_cert
= chain_ss
;
265 ctx
->error
= X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
;
269 ctx
->error_depth
= num
- 1;
276 /* We have the chain complete: now we need to check its purpose */
277 ok
= check_chain_extensions(ctx
);
282 /* The chain extensions are OK: check trust */
284 if (param
->trust
> 0)
285 ok
= check_trust(ctx
);
290 /* We may as well copy down any DSA parameters that are required */
291 X509_get_pubkey_parameters(NULL
, ctx
->chain
);
294 * Check revocation status: we do this after copying parameters because
295 * they may be needed for CRL signature verification.
298 ok
= ctx
->check_revocation(ctx
);
302 /* At this point, we have a chain and need to verify it */
303 if (ctx
->verify
!= NULL
)
304 ok
= ctx
->verify(ctx
);
306 ok
= internal_verify(ctx
);
310 #ifndef OPENSSL_NO_RFC3779
311 /* RFC 3779 path validation, now that CRL check has been done */
312 ok
= v3_asid_validate_path(ctx
);
315 ok
= v3_addr_validate_path(ctx
);
320 /* If we get this far evaluate policies */
321 if (!bad_chain
&& (ctx
->param
->flags
& X509_V_FLAG_POLICY_CHECK
))
322 ok
= ctx
->check_policy(ctx
);
327 X509_get_pubkey_parameters(NULL
, ctx
->chain
);
331 if (chain_ss
!= NULL
)
337 * Given a STACK_OF(X509) find the issuer of cert (if any)
340 static X509
*find_issuer(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
, X509
*x
)
344 for (i
= 0; i
< sk_X509_num(sk
); i
++) {
345 issuer
= sk_X509_value(sk
, i
);
346 if (ctx
->check_issued(ctx
, x
, issuer
))
352 /* Given a possible certificate and issuer check them */
354 static int check_issued(X509_STORE_CTX
*ctx
, X509
*x
, X509
*issuer
)
357 ret
= X509_check_issued(issuer
, x
);
358 if (ret
== X509_V_OK
)
360 /* If we haven't asked for issuer errors don't set ctx */
361 if (!(ctx
->param
->flags
& X509_V_FLAG_CB_ISSUER_CHECK
))
365 ctx
->current_cert
= x
;
366 ctx
->current_issuer
= issuer
;
367 return ctx
->verify_cb(0, ctx
);
371 /* Alternative lookup method: look from a STACK stored in other_ctx */
373 static int get_issuer_sk(X509
**issuer
, X509_STORE_CTX
*ctx
, X509
*x
)
375 *issuer
= find_issuer(ctx
, ctx
->other_ctx
, x
);
377 CRYPTO_add(&(*issuer
)->references
, 1, CRYPTO_LOCK_X509
);
384 * Check a certificate chains extensions for consistency with the supplied
388 static int check_chain_extensions(X509_STORE_CTX
*ctx
)
390 #ifdef OPENSSL_NO_CHAIN_VERIFY
393 int i
, ok
= 0, must_be_ca
, plen
= 0;
395 int (*cb
) (int xok
, X509_STORE_CTX
*xctx
);
396 int proxy_path_length
= 0;
397 int allow_proxy_certs
=
398 ! !(ctx
->param
->flags
& X509_V_FLAG_ALLOW_PROXY_CERTS
);
402 * must_be_ca can have 1 of 3 values:
403 * -1: we accept both CA and non-CA certificates, to allow direct
404 * use of self-signed certificates (which are marked as CA).
405 * 0: we only accept non-CA certificates. This is currently not
406 * used, but the possibility is present for future extensions.
407 * 1: we only accept CA certificates. This is currently used for
408 * all certificates in the chain except the leaf certificate.
413 * A hack to keep people who don't want to modify their software happy
415 if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
416 allow_proxy_certs
= 1;
418 /* Check all untrusted certificates */
419 for (i
= 0; i
< ctx
->last_untrusted
; i
++) {
421 x
= sk_X509_value(ctx
->chain
, i
);
422 if (!(ctx
->param
->flags
& X509_V_FLAG_IGNORE_CRITICAL
)
423 && (x
->ex_flags
& EXFLAG_CRITICAL
)) {
424 ctx
->error
= X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
;
425 ctx
->error_depth
= i
;
426 ctx
->current_cert
= x
;
431 if (!allow_proxy_certs
&& (x
->ex_flags
& EXFLAG_PROXY
)) {
432 ctx
->error
= X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
;
433 ctx
->error_depth
= i
;
434 ctx
->current_cert
= x
;
439 ret
= X509_check_ca(x
);
440 switch (must_be_ca
) {
442 if ((ctx
->param
->flags
& X509_V_FLAG_X509_STRICT
)
443 && (ret
!= 1) && (ret
!= 0)) {
445 ctx
->error
= X509_V_ERR_INVALID_CA
;
452 ctx
->error
= X509_V_ERR_INVALID_NON_CA
;
458 || ((ctx
->param
->flags
& X509_V_FLAG_X509_STRICT
)
461 ctx
->error
= X509_V_ERR_INVALID_CA
;
467 ctx
->error_depth
= i
;
468 ctx
->current_cert
= x
;
473 if (ctx
->param
->purpose
> 0) {
474 ret
= X509_check_purpose(x
, ctx
->param
->purpose
, must_be_ca
> 0);
476 || ((ctx
->param
->flags
& X509_V_FLAG_X509_STRICT
)
478 ctx
->error
= X509_V_ERR_INVALID_PURPOSE
;
479 ctx
->error_depth
= i
;
480 ctx
->current_cert
= x
;
486 /* Check pathlen if not self issued */
487 if ((i
> 1) && !(x
->ex_flags
& EXFLAG_SI
)
488 && (x
->ex_pathlen
!= -1)
489 && (plen
> (x
->ex_pathlen
+ proxy_path_length
+ 1))) {
490 ctx
->error
= X509_V_ERR_PATH_LENGTH_EXCEEDED
;
491 ctx
->error_depth
= i
;
492 ctx
->current_cert
= x
;
497 /* Increment path length if not self issued */
498 if (!(x
->ex_flags
& EXFLAG_SI
))
501 * If this certificate is a proxy certificate, the next certificate
502 * must be another proxy certificate or a EE certificate. If not,
503 * the next certificate must be a CA certificate.
505 if (x
->ex_flags
& EXFLAG_PROXY
) {
506 if (x
->ex_pcpathlen
!= -1 && i
> x
->ex_pcpathlen
) {
507 ctx
->error
= X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
;
508 ctx
->error_depth
= i
;
509 ctx
->current_cert
= x
;
525 static int check_trust(X509_STORE_CTX
*ctx
)
527 #ifdef OPENSSL_NO_CHAIN_VERIFY
532 int (*cb
) (int xok
, X509_STORE_CTX
*xctx
);
534 /* For now just check the last certificate in the chain */
535 i
= sk_X509_num(ctx
->chain
) - 1;
536 x
= sk_X509_value(ctx
->chain
, i
);
537 ok
= X509_check_trust(x
, ctx
->param
->trust
, 0);
538 if (ok
== X509_TRUST_TRUSTED
)
540 ctx
->error_depth
= i
;
541 ctx
->current_cert
= x
;
542 if (ok
== X509_TRUST_REJECTED
)
543 ctx
->error
= X509_V_ERR_CERT_REJECTED
;
545 ctx
->error
= X509_V_ERR_CERT_UNTRUSTED
;
551 static int check_revocation(X509_STORE_CTX
*ctx
)
554 if (!(ctx
->param
->flags
& X509_V_FLAG_CRL_CHECK
))
556 if (ctx
->param
->flags
& X509_V_FLAG_CRL_CHECK_ALL
)
557 last
= sk_X509_num(ctx
->chain
) - 1;
560 for (i
= 0; i
<= last
; i
++) {
561 ctx
->error_depth
= i
;
562 ok
= check_cert(ctx
);
569 static int check_cert(X509_STORE_CTX
*ctx
)
571 X509_CRL
*crl
= NULL
;
574 cnum
= ctx
->error_depth
;
575 x
= sk_X509_value(ctx
->chain
, cnum
);
576 ctx
->current_cert
= x
;
577 /* Try to retrieve relevant CRL */
578 ok
= ctx
->get_crl(ctx
, &crl
, x
);
580 * If error looking up CRL, nothing we can do except notify callback
583 ctx
->error
= X509_V_ERR_UNABLE_TO_GET_CRL
;
584 ok
= ctx
->verify_cb(0, ctx
);
587 ctx
->current_crl
= crl
;
588 ok
= ctx
->check_crl(ctx
, crl
);
591 ok
= ctx
->cert_crl(ctx
, crl
, x
);
593 ctx
->current_crl
= NULL
;
599 /* Check CRL times against values in X509_STORE_CTX */
601 static int check_crl_time(X509_STORE_CTX
*ctx
, X509_CRL
*crl
, int notify
)
605 ctx
->current_crl
= crl
;
606 if (ctx
->param
->flags
& X509_V_FLAG_USE_CHECK_TIME
)
607 ptime
= &ctx
->param
->check_time
;
611 i
= X509_cmp_time(X509_CRL_get_lastUpdate(crl
), ptime
);
613 ctx
->error
= X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
;
614 if (!notify
|| !ctx
->verify_cb(0, ctx
))
619 ctx
->error
= X509_V_ERR_CRL_NOT_YET_VALID
;
620 if (!notify
|| !ctx
->verify_cb(0, ctx
))
624 if (X509_CRL_get_nextUpdate(crl
)) {
625 i
= X509_cmp_time(X509_CRL_get_nextUpdate(crl
), ptime
);
628 ctx
->error
= X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
;
629 if (!notify
|| !ctx
->verify_cb(0, ctx
))
634 ctx
->error
= X509_V_ERR_CRL_HAS_EXPIRED
;
635 if (!notify
|| !ctx
->verify_cb(0, ctx
))
640 ctx
->current_crl
= NULL
;
646 * Lookup CRLs from the supplied list. Look for matching isser name and
647 * validity. If we can't find a valid CRL return the last one with matching
648 * name. This gives more meaningful error codes. Otherwise we'd get a CRL not
649 * found error if a CRL existed with matching name but was invalid.
652 static int get_crl_sk(X509_STORE_CTX
*ctx
, X509_CRL
**pcrl
,
653 X509_NAME
*nm
, STACK_OF(X509_CRL
) *crls
)
656 X509_CRL
*crl
, *best_crl
= NULL
;
657 for (i
= 0; i
< sk_X509_CRL_num(crls
); i
++) {
658 crl
= sk_X509_CRL_value(crls
, i
);
659 if (X509_NAME_cmp(nm
, X509_CRL_get_issuer(crl
)))
661 if (check_crl_time(ctx
, crl
, 0)) {
663 CRYPTO_add(&crl
->references
, 1, CRYPTO_LOCK_X509
);
670 CRYPTO_add(&best_crl
->references
, 1, CRYPTO_LOCK_X509
);
677 * Retrieve CRL corresponding to certificate: currently just a subject
678 * lookup: maybe use AKID later...
680 static int get_crl(X509_STORE_CTX
*ctx
, X509_CRL
**pcrl
, X509
*x
)
683 X509_CRL
*crl
= NULL
;
686 nm
= X509_get_issuer_name(x
);
687 ok
= get_crl_sk(ctx
, &crl
, nm
, ctx
->crls
);
693 ok
= X509_STORE_get_by_subject(ctx
, X509_LU_CRL
, nm
, &xobj
);
696 /* If we got a near match from get_crl_sk use that */
704 *pcrl
= xobj
.data
.crl
;
710 /* Check CRL validity */
711 static int check_crl(X509_STORE_CTX
*ctx
, X509_CRL
*crl
)
714 EVP_PKEY
*ikey
= NULL
;
715 int ok
= 0, chnum
, cnum
;
716 cnum
= ctx
->error_depth
;
717 chnum
= sk_X509_num(ctx
->chain
) - 1;
719 * Find CRL issuer: if not last certificate then issuer is next
720 * certificate in chain.
723 issuer
= sk_X509_value(ctx
->chain
, cnum
+ 1);
725 issuer
= sk_X509_value(ctx
->chain
, chnum
);
726 /* If not self signed, can't check signature */
727 if (!ctx
->check_issued(ctx
, issuer
, issuer
)) {
728 ctx
->error
= X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
;
729 ok
= ctx
->verify_cb(0, ctx
);
736 /* Check for cRLSign bit if keyUsage present */
737 if ((issuer
->ex_flags
& EXFLAG_KUSAGE
) &&
738 !(issuer
->ex_kusage
& KU_CRL_SIGN
)) {
739 ctx
->error
= X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
;
740 ok
= ctx
->verify_cb(0, ctx
);
745 /* Attempt to get issuer certificate public key */
746 ikey
= X509_get_pubkey(issuer
);
749 ctx
->error
= X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
;
750 ok
= ctx
->verify_cb(0, ctx
);
754 /* Verify CRL signature */
755 if (X509_CRL_verify(crl
, ikey
) <= 0) {
756 ctx
->error
= X509_V_ERR_CRL_SIGNATURE_FAILURE
;
757 ok
= ctx
->verify_cb(0, ctx
);
764 ok
= check_crl_time(ctx
, crl
, 1);
775 /* Check certificate against CRL */
776 static int cert_crl(X509_STORE_CTX
*ctx
, X509_CRL
*crl
, X509
*x
)
780 STACK_OF(X509_EXTENSION
) *exts
;
782 /* Look for serial number of certificate in CRL */
783 rtmp
.serialNumber
= X509_get_serialNumber(x
);
785 * Sort revoked into serial number order if not already sorted. Do this
786 * under a lock to avoid race condition.
788 if (!sk_X509_REVOKED_is_sorted(crl
->crl
->revoked
)) {
789 CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL
);
790 sk_X509_REVOKED_sort(crl
->crl
->revoked
);
791 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL
);
793 idx
= sk_X509_REVOKED_find(crl
->crl
->revoked
, &rtmp
);
795 * If found assume revoked: want something cleverer than this to handle
796 * entry extensions in V2 CRLs.
799 ctx
->error
= X509_V_ERR_CERT_REVOKED
;
800 ok
= ctx
->verify_cb(0, ctx
);
805 if (ctx
->param
->flags
& X509_V_FLAG_IGNORE_CRITICAL
)
809 * See if we have any critical CRL extensions: since we currently don't
810 * handle any CRL extensions the CRL must be rejected. This code
811 * accesses the X509_CRL structure directly: applications shouldn't do
815 exts
= crl
->crl
->extensions
;
817 for (idx
= 0; idx
< sk_X509_EXTENSION_num(exts
); idx
++) {
818 ext
= sk_X509_EXTENSION_value(exts
, idx
);
819 if (ext
->critical
> 0) {
820 ctx
->error
= X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
;
821 ok
= ctx
->verify_cb(0, ctx
);
830 static int check_policy(X509_STORE_CTX
*ctx
)
833 ret
= X509_policy_check(&ctx
->tree
, &ctx
->explicit_policy
, ctx
->chain
,
834 ctx
->param
->policies
, ctx
->param
->flags
);
836 X509err(X509_F_CHECK_POLICY
, ERR_R_MALLOC_FAILURE
);
839 /* Invalid or inconsistent extensions */
842 * Locate certificates with bad extensions and notify callback.
846 for (i
= 1; i
< sk_X509_num(ctx
->chain
); i
++) {
847 x
= sk_X509_value(ctx
->chain
, i
);
848 if (!(x
->ex_flags
& EXFLAG_INVALID_POLICY
))
850 ctx
->current_cert
= x
;
851 ctx
->error
= X509_V_ERR_INVALID_POLICY_EXTENSION
;
852 ret
= ctx
->verify_cb(0, ctx
);
857 ctx
->current_cert
= NULL
;
858 ctx
->error
= X509_V_ERR_NO_EXPLICIT_POLICY
;
859 return ctx
->verify_cb(0, ctx
);
862 if (ctx
->param
->flags
& X509_V_FLAG_NOTIFY_POLICY
) {
863 ctx
->current_cert
= NULL
;
864 ctx
->error
= X509_V_OK
;
865 if (!ctx
->verify_cb(2, ctx
))
872 static int check_cert_time(X509_STORE_CTX
*ctx
, X509
*x
)
877 if (ctx
->param
->flags
& X509_V_FLAG_USE_CHECK_TIME
)
878 ptime
= &ctx
->param
->check_time
;
882 i
= X509_cmp_time(X509_get_notBefore(x
), ptime
);
884 ctx
->error
= X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
;
885 ctx
->current_cert
= x
;
886 if (!ctx
->verify_cb(0, ctx
))
891 ctx
->error
= X509_V_ERR_CERT_NOT_YET_VALID
;
892 ctx
->current_cert
= x
;
893 if (!ctx
->verify_cb(0, ctx
))
897 i
= X509_cmp_time(X509_get_notAfter(x
), ptime
);
899 ctx
->error
= X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
;
900 ctx
->current_cert
= x
;
901 if (!ctx
->verify_cb(0, ctx
))
906 ctx
->error
= X509_V_ERR_CERT_HAS_EXPIRED
;
907 ctx
->current_cert
= x
;
908 if (!ctx
->verify_cb(0, ctx
))
915 static int internal_verify(X509_STORE_CTX
*ctx
)
919 EVP_PKEY
*pkey
= NULL
;
920 int (*cb
) (int xok
, X509_STORE_CTX
*xctx
);
924 n
= sk_X509_num(ctx
->chain
);
925 ctx
->error_depth
= n
- 1;
927 xi
= sk_X509_value(ctx
->chain
, n
);
929 if (ctx
->check_issued(ctx
, xi
, xi
))
933 ctx
->error
= X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
;
934 ctx
->current_cert
= xi
;
939 ctx
->error_depth
= n
;
940 xs
= sk_X509_value(ctx
->chain
, n
);
944 /* ctx->error=0; not needed */
946 ctx
->error_depth
= n
;
949 * Skip signature check for self signed certificates unless
950 * explicitly asked for. It doesn't add any security and just wastes
955 || (ctx
->param
->flags
& X509_V_FLAG_CHECK_SS_SIGNATURE
))) {
956 if ((pkey
= X509_get_pubkey(xi
)) == NULL
) {
957 ctx
->error
= X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
;
958 ctx
->current_cert
= xi
;
962 } else if (X509_verify(xs
, pkey
) <= 0) {
963 ctx
->error
= X509_V_ERR_CERT_SIGNATURE_FAILURE
;
964 ctx
->current_cert
= xs
;
977 ok
= check_cert_time(ctx
, xs
);
981 /* The last error (if any) is still in the error value */
982 ctx
->current_issuer
= xi
;
983 ctx
->current_cert
= xs
;
991 xs
= sk_X509_value(ctx
->chain
, n
);
999 int X509_cmp_current_time(ASN1_TIME
*ctm
)
1001 return X509_cmp_time(ctm
, NULL
);
1004 int X509_cmp_time(ASN1_TIME
*ctm
, time_t *cmp_time
)
1009 char buff1
[24], buff2
[24], *p
;
1014 str
= (char *)ctm
->data
;
1015 if (ctm
->type
== V_ASN1_UTCTIME
) {
1016 if ((i
< 11) || (i
> 17))
1029 if ((*str
== 'Z') || (*str
== '-') || (*str
== '+')) {
1035 /* Skip any fractional seconds... */
1038 while ((*str
>= '0') && (*str
<= '9'))
1049 if ((*str
!= '+') && (*str
!= '-'))
1051 offset
= ((str
[1] - '0') * 10 + (str
[2] - '0')) * 60;
1052 offset
+= (str
[3] - '0') * 10 + (str
[4] - '0');
1056 atm
.type
= ctm
->type
;
1057 atm
.length
= sizeof(buff2
);
1058 atm
.data
= (unsigned char *)buff2
;
1060 if (X509_time_adj(&atm
, offset
* 60, cmp_time
) == NULL
)
1063 if (ctm
->type
== V_ASN1_UTCTIME
) {
1064 i
= (buff1
[0] - '0') * 10 + (buff1
[1] - '0');
1066 i
+= 100; /* cf. RFC 2459 */
1067 j
= (buff2
[0] - '0') * 10 + (buff2
[1] - '0');
1076 i
= strcmp(buff1
, buff2
);
1077 if (i
== 0) /* wait a second then return younger :-) */
1083 ASN1_TIME
*X509_gmtime_adj(ASN1_TIME
*s
, long adj
)
1085 return X509_time_adj(s
, adj
, NULL
);
1088 ASN1_TIME
*X509_time_adj(ASN1_TIME
*s
, long adj
, time_t *in_tm
)
1101 if (type
== V_ASN1_UTCTIME
)
1102 return ASN1_UTCTIME_set(s
, t
);
1103 if (type
== V_ASN1_GENERALIZEDTIME
)
1104 return ASN1_GENERALIZEDTIME_set(s
, t
);
1105 return ASN1_TIME_set(s
, t
);
1108 int X509_get_pubkey_parameters(EVP_PKEY
*pkey
, STACK_OF(X509
) *chain
)
1110 EVP_PKEY
*ktmp
= NULL
, *ktmp2
;
1113 if ((pkey
!= NULL
) && !EVP_PKEY_missing_parameters(pkey
))
1116 for (i
= 0; i
< sk_X509_num(chain
); i
++) {
1117 ktmp
= X509_get_pubkey(sk_X509_value(chain
, i
));
1119 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS
,
1120 X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY
);
1123 if (!EVP_PKEY_missing_parameters(ktmp
))
1126 EVP_PKEY_free(ktmp
);
1131 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS
,
1132 X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN
);
1136 /* first, populate the other certs */
1137 for (j
= i
- 1; j
>= 0; j
--) {
1138 ktmp2
= X509_get_pubkey(sk_X509_value(chain
, j
));
1139 EVP_PKEY_copy_parameters(ktmp2
, ktmp
);
1140 EVP_PKEY_free(ktmp2
);
1144 EVP_PKEY_copy_parameters(pkey
, ktmp
);
1145 EVP_PKEY_free(ktmp
);
1149 int X509_STORE_CTX_get_ex_new_index(long argl
, void *argp
,
1150 CRYPTO_EX_new
*new_func
,
1151 CRYPTO_EX_dup
*dup_func
,
1152 CRYPTO_EX_free
*free_func
)
1155 * This function is (usually) called only once, by
1156 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
1158 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX
, argl
, argp
,
1159 new_func
, dup_func
, free_func
);
1162 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX
*ctx
, int idx
, void *data
)
1164 return CRYPTO_set_ex_data(&ctx
->ex_data
, idx
, data
);
1167 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX
*ctx
, int idx
)
1169 return CRYPTO_get_ex_data(&ctx
->ex_data
, idx
);
1172 int X509_STORE_CTX_get_error(X509_STORE_CTX
*ctx
)
1177 void X509_STORE_CTX_set_error(X509_STORE_CTX
*ctx
, int err
)
1182 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX
*ctx
)
1184 return ctx
->error_depth
;
1187 X509
*X509_STORE_CTX_get_current_cert(X509_STORE_CTX
*ctx
)
1189 return ctx
->current_cert
;
1192 STACK_OF(X509
) *X509_STORE_CTX_get_chain(X509_STORE_CTX
*ctx
)
1197 STACK_OF(X509
) *X509_STORE_CTX_get1_chain(X509_STORE_CTX
*ctx
)
1201 STACK_OF(X509
) *chain
;
1202 if (!ctx
->chain
|| !(chain
= sk_X509_dup(ctx
->chain
)))
1204 for (i
= 0; i
< sk_X509_num(chain
); i
++) {
1205 x
= sk_X509_value(chain
, i
);
1206 CRYPTO_add(&x
->references
, 1, CRYPTO_LOCK_X509
);
1211 void X509_STORE_CTX_set_cert(X509_STORE_CTX
*ctx
, X509
*x
)
1216 void X509_STORE_CTX_set_chain(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
)
1218 ctx
->untrusted
= sk
;
1221 void X509_STORE_CTX_set0_crls(X509_STORE_CTX
*ctx
, STACK_OF(X509_CRL
) *sk
)
1226 int X509_STORE_CTX_set_purpose(X509_STORE_CTX
*ctx
, int purpose
)
1228 return X509_STORE_CTX_purpose_inherit(ctx
, 0, purpose
, 0);
1231 int X509_STORE_CTX_set_trust(X509_STORE_CTX
*ctx
, int trust
)
1233 return X509_STORE_CTX_purpose_inherit(ctx
, 0, 0, trust
);
1237 * This function is used to set the X509_STORE_CTX purpose and trust values.
1238 * This is intended to be used when another structure has its own trust and
1239 * purpose values which (if set) will be inherited by the ctx. If they aren't
1240 * set then we will usually have a default purpose in mind which should then
1241 * be used to set the trust value. An example of this is SSL use: an SSL
1242 * structure will have its own purpose and trust settings which the
1243 * application can set: if they aren't set then we use the default of SSL
1247 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX
*ctx
, int def_purpose
,
1248 int purpose
, int trust
)
1251 /* If purpose not set use default */
1253 purpose
= def_purpose
;
1254 /* If we have a purpose then check it is valid */
1257 idx
= X509_PURPOSE_get_by_id(purpose
);
1259 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
1260 X509_R_UNKNOWN_PURPOSE_ID
);
1263 ptmp
= X509_PURPOSE_get0(idx
);
1264 if (ptmp
->trust
== X509_TRUST_DEFAULT
) {
1265 idx
= X509_PURPOSE_get_by_id(def_purpose
);
1267 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
1268 X509_R_UNKNOWN_PURPOSE_ID
);
1271 ptmp
= X509_PURPOSE_get0(idx
);
1273 /* If trust not set then get from purpose default */
1275 trust
= ptmp
->trust
;
1278 idx
= X509_TRUST_get_by_id(trust
);
1280 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
1281 X509_R_UNKNOWN_TRUST_ID
);
1286 if (purpose
&& !ctx
->param
->purpose
)
1287 ctx
->param
->purpose
= purpose
;
1288 if (trust
&& !ctx
->param
->trust
)
1289 ctx
->param
->trust
= trust
;
1293 X509_STORE_CTX
*X509_STORE_CTX_new(void)
1295 X509_STORE_CTX
*ctx
;
1296 ctx
= (X509_STORE_CTX
*)OPENSSL_malloc(sizeof(X509_STORE_CTX
));
1298 X509err(X509_F_X509_STORE_CTX_NEW
, ERR_R_MALLOC_FAILURE
);
1301 memset(ctx
, 0, sizeof(X509_STORE_CTX
));
1305 void X509_STORE_CTX_free(X509_STORE_CTX
*ctx
)
1307 X509_STORE_CTX_cleanup(ctx
);
1311 int X509_STORE_CTX_init(X509_STORE_CTX
*ctx
, X509_STORE
*store
, X509
*x509
,
1312 STACK_OF(X509
) *chain
)
1316 ctx
->current_method
= 0;
1318 ctx
->untrusted
= chain
;
1320 ctx
->last_untrusted
= 0;
1321 ctx
->other_ctx
= NULL
;
1325 ctx
->explicit_policy
= 0;
1326 ctx
->error_depth
= 0;
1327 ctx
->current_cert
= NULL
;
1328 ctx
->current_issuer
= NULL
;
1331 ctx
->param
= X509_VERIFY_PARAM_new();
1334 X509err(X509_F_X509_STORE_CTX_INIT
, ERR_R_MALLOC_FAILURE
);
1339 * Inherit callbacks and flags from X509_STORE if not set use defaults.
1343 ret
= X509_VERIFY_PARAM_inherit(ctx
->param
, store
->param
);
1345 ctx
->param
->inh_flags
|= X509_VP_FLAG_DEFAULT
| X509_VP_FLAG_ONCE
;
1348 ctx
->verify_cb
= store
->verify_cb
;
1349 ctx
->cleanup
= store
->cleanup
;
1354 ret
= X509_VERIFY_PARAM_inherit(ctx
->param
,
1355 X509_VERIFY_PARAM_lookup("default"));
1358 X509err(X509_F_X509_STORE_CTX_INIT
, ERR_R_MALLOC_FAILURE
);
1362 if (store
&& store
->check_issued
)
1363 ctx
->check_issued
= store
->check_issued
;
1365 ctx
->check_issued
= check_issued
;
1367 if (store
&& store
->get_issuer
)
1368 ctx
->get_issuer
= store
->get_issuer
;
1370 ctx
->get_issuer
= X509_STORE_CTX_get1_issuer
;
1372 if (store
&& store
->verify_cb
)
1373 ctx
->verify_cb
= store
->verify_cb
;
1375 ctx
->verify_cb
= null_callback
;
1377 if (store
&& store
->verify
)
1378 ctx
->verify
= store
->verify
;
1380 ctx
->verify
= internal_verify
;
1382 if (store
&& store
->check_revocation
)
1383 ctx
->check_revocation
= store
->check_revocation
;
1385 ctx
->check_revocation
= check_revocation
;
1387 if (store
&& store
->get_crl
)
1388 ctx
->get_crl
= store
->get_crl
;
1390 ctx
->get_crl
= get_crl
;
1392 if (store
&& store
->check_crl
)
1393 ctx
->check_crl
= store
->check_crl
;
1395 ctx
->check_crl
= check_crl
;
1397 if (store
&& store
->cert_crl
)
1398 ctx
->cert_crl
= store
->cert_crl
;
1400 ctx
->cert_crl
= cert_crl
;
1402 ctx
->check_policy
= check_policy
;
1405 * This memset() can't make any sense anyway, so it's removed. As
1406 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
1407 * corresponding "new" here and remove this bogus initialisation.
1409 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
1410 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX
, ctx
,
1413 X509err(X509_F_X509_STORE_CTX_INIT
, ERR_R_MALLOC_FAILURE
);
1420 * Set alternative lookup method: just a STACK of trusted certificates. This
1421 * avoids X509_STORE nastiness where it isn't needed.
1424 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
)
1426 ctx
->other_ctx
= sk
;
1427 ctx
->get_issuer
= get_issuer_sk
;
1430 void X509_STORE_CTX_cleanup(X509_STORE_CTX
*ctx
)
1434 if (ctx
->param
!= NULL
) {
1435 X509_VERIFY_PARAM_free(ctx
->param
);
1438 if (ctx
->tree
!= NULL
) {
1439 X509_policy_tree_free(ctx
->tree
);
1442 if (ctx
->chain
!= NULL
) {
1443 sk_X509_pop_free(ctx
->chain
, X509_free
);
1446 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX
, ctx
, &(ctx
->ex_data
));
1447 memset(&ctx
->ex_data
, 0, sizeof(CRYPTO_EX_DATA
));
1450 void X509_STORE_CTX_set_depth(X509_STORE_CTX
*ctx
, int depth
)
1452 X509_VERIFY_PARAM_set_depth(ctx
->param
, depth
);
1455 void X509_STORE_CTX_set_flags(X509_STORE_CTX
*ctx
, unsigned long flags
)
1457 X509_VERIFY_PARAM_set_flags(ctx
->param
, flags
);
1460 void X509_STORE_CTX_set_time(X509_STORE_CTX
*ctx
, unsigned long flags
,
1463 X509_VERIFY_PARAM_set_time(ctx
->param
, t
);
1466 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX
*ctx
,
1467 int (*verify_cb
) (int, X509_STORE_CTX
*))
1469 ctx
->verify_cb
= verify_cb
;
1472 X509_POLICY_TREE
*X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX
*ctx
)
1477 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX
*ctx
)
1479 return ctx
->explicit_policy
;
1482 int X509_STORE_CTX_set_default(X509_STORE_CTX
*ctx
, const char *name
)
1484 const X509_VERIFY_PARAM
*param
;
1485 param
= X509_VERIFY_PARAM_lookup(name
);
1488 return X509_VERIFY_PARAM_inherit(ctx
->param
, param
);
1491 X509_VERIFY_PARAM
*X509_STORE_CTX_get0_param(X509_STORE_CTX
*ctx
)
1496 void X509_STORE_CTX_set0_param(X509_STORE_CTX
*ctx
, X509_VERIFY_PARAM
*param
)
1499 X509_VERIFY_PARAM_free(ctx
->param
);
1503 IMPLEMENT_STACK_OF(X509
)
1505 IMPLEMENT_ASN1_SET_OF(X509
)
1507 IMPLEMENT_STACK_OF(X509_NAME
)
1509 IMPLEMENT_STACK_OF(X509_ATTRIBUTE
)
1511 IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE
)