1 /* crypto/x509/x509_vfy.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
64 #include <openssl/crypto.h>
65 #include <openssl/lhash.h>
66 #include <openssl/buffer.h>
67 #include <openssl/evp.h>
68 #include <openssl/asn1.h>
69 #include <openssl/x509.h>
70 #include <openssl/x509v3.h>
71 #include <openssl/objects.h>
73 static int null_callback(int ok
,X509_STORE_CTX
*e
);
74 static int check_issued(X509_STORE_CTX
*ctx
, X509
*x
, X509
*issuer
);
75 static X509
*find_issuer(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
, X509
*x
);
76 static int check_chain_extensions(X509_STORE_CTX
*ctx
);
77 static int check_trust(X509_STORE_CTX
*ctx
);
78 static int check_revocation(X509_STORE_CTX
*ctx
);
79 static int check_cert(X509_STORE_CTX
*ctx
);
80 static int check_policy(X509_STORE_CTX
*ctx
);
81 static int crl_akid_check(X509_STORE_CTX
*ctx
, AUTHORITY_KEYID
*akid
);
82 static int idp_check_scope(X509
*x
, X509_CRL
*crl
);
83 static int internal_verify(X509_STORE_CTX
*ctx
);
84 const char X509_version
[]="X.509" OPENSSL_VERSION_PTEXT
;
87 static int null_callback(int ok
, X509_STORE_CTX
*e
)
93 static int x509_subject_cmp(X509
**a
, X509
**b
)
95 return X509_subject_name_cmp(*a
,*b
);
99 int X509_verify_cert(X509_STORE_CTX
*ctx
)
101 X509
*x
,*xtmp
,*chain_ss
=NULL
;
104 X509_VERIFY_PARAM
*param
= ctx
->param
;
107 int (*cb
)(int xok
,X509_STORE_CTX
*xctx
);
108 STACK_OF(X509
) *sktmp
=NULL
;
109 if (ctx
->cert
== NULL
)
111 X509err(X509_F_X509_VERIFY_CERT
,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY
);
117 /* first we make sure the chain we are going to build is
118 * present and that the first entry is in place */
119 if (ctx
->chain
== NULL
)
121 if ( ((ctx
->chain
=sk_X509_new_null()) == NULL
) ||
122 (!sk_X509_push(ctx
->chain
,ctx
->cert
)))
124 X509err(X509_F_X509_VERIFY_CERT
,ERR_R_MALLOC_FAILURE
);
127 CRYPTO_add(&ctx
->cert
->references
,1,CRYPTO_LOCK_X509
);
128 ctx
->last_untrusted
=1;
131 /* We use a temporary STACK so we can chop and hack at it */
132 if (ctx
->untrusted
!= NULL
133 && (sktmp
=sk_X509_dup(ctx
->untrusted
)) == NULL
)
135 X509err(X509_F_X509_VERIFY_CERT
,ERR_R_MALLOC_FAILURE
);
139 num
=sk_X509_num(ctx
->chain
);
140 x
=sk_X509_value(ctx
->chain
,num
-1);
146 /* If we have enough, we break */
147 if (depth
< num
) break; /* FIXME: If this happens, we should take
148 * note of it and, if appropriate, use the
149 * X509_V_ERR_CERT_CHAIN_TOO_LONG error
153 /* If we are self signed, we break */
154 xn
=X509_get_issuer_name(x
);
155 if (ctx
->check_issued(ctx
, x
,x
)) break;
157 /* If we were passed a cert chain, use it first */
158 if (ctx
->untrusted
!= NULL
)
160 xtmp
=find_issuer(ctx
, sktmp
,x
);
163 if (!sk_X509_push(ctx
->chain
,xtmp
))
165 X509err(X509_F_X509_VERIFY_CERT
,ERR_R_MALLOC_FAILURE
);
168 CRYPTO_add(&xtmp
->references
,1,CRYPTO_LOCK_X509
);
169 sk_X509_delete_ptr(sktmp
,xtmp
);
170 ctx
->last_untrusted
++;
173 /* reparse the full chain for
181 /* at this point, chain should contain a list of untrusted
182 * certificates. We now need to add at least one trusted one,
183 * if possible, otherwise we complain. */
185 /* Examine last certificate in chain and see if it
189 i
=sk_X509_num(ctx
->chain
);
190 x
=sk_X509_value(ctx
->chain
,i
-1);
191 xn
= X509_get_subject_name(x
);
192 if (ctx
->check_issued(ctx
, x
, x
))
194 /* we have a self signed certificate */
195 if (sk_X509_num(ctx
->chain
) == 1)
197 /* We have a single self signed certificate: see if
198 * we can find it in the store. We must have an exact
199 * match to avoid possible impersonation.
201 ok
= ctx
->get_issuer(&xtmp
, ctx
, x
);
202 if ((ok
<= 0) || X509_cmp(x
, xtmp
))
204 ctx
->error
=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
;
206 ctx
->error_depth
=i
-1;
207 if (ok
== 1) X509_free(xtmp
);
214 /* We have a match: replace certificate with store version
215 * so we get any trust settings.
219 sk_X509_set(ctx
->chain
, i
- 1, x
);
220 ctx
->last_untrusted
=0;
225 /* extract and save self signed certificate for later use */
226 chain_ss
=sk_X509_pop(ctx
->chain
);
227 ctx
->last_untrusted
--;
229 x
=sk_X509_value(ctx
->chain
,num
-1);
233 /* We now lookup certs from the certificate store */
236 /* If we have enough, we break */
237 if (depth
< num
) break;
239 /* If we are self signed, we break */
240 xn
=X509_get_issuer_name(x
);
241 if (ctx
->check_issued(ctx
,x
,x
)) break;
243 ok
= ctx
->get_issuer(&xtmp
, ctx
, x
);
245 if (ok
< 0) return ok
;
249 if (!sk_X509_push(ctx
->chain
,x
))
252 X509err(X509_F_X509_VERIFY_CERT
,ERR_R_MALLOC_FAILURE
);
258 /* we now have our chain, lets check it... */
259 xn
=X509_get_issuer_name(x
);
261 /* Is last certificate looked up self signed? */
262 if (!ctx
->check_issued(ctx
,x
,x
))
264 if ((chain_ss
== NULL
) || !ctx
->check_issued(ctx
, x
, chain_ss
))
266 if (ctx
->last_untrusted
>= num
)
267 ctx
->error
=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
;
269 ctx
->error
=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
;
275 sk_X509_push(ctx
->chain
,chain_ss
);
277 ctx
->last_untrusted
=num
;
278 ctx
->current_cert
=chain_ss
;
279 ctx
->error
=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
;
283 ctx
->error_depth
=num
-1;
289 /* We have the chain complete: now we need to check its purpose */
290 ok
= check_chain_extensions(ctx
);
294 /* The chain extensions are OK: check trust */
296 if (param
->trust
> 0) ok
= check_trust(ctx
);
300 /* We may as well copy down any DSA parameters that are required */
301 X509_get_pubkey_parameters(NULL
,ctx
->chain
);
303 /* Check revocation status: we do this after copying parameters
304 * because they may be needed for CRL signature verification.
307 ok
= ctx
->check_revocation(ctx
);
310 /* At this point, we have a chain and need to verify it */
311 if (ctx
->verify
!= NULL
)
314 ok
=internal_verify(ctx
);
317 #ifndef OPENSSL_NO_RFC3779
318 /* RFC 3779 path validation, now that CRL check has been done */
319 ok
= v3_asid_validate_path(ctx
);
321 ok
= v3_addr_validate_path(ctx
);
325 /* If we get this far evaluate policies */
326 if (!bad_chain
&& (ctx
->param
->flags
& X509_V_FLAG_POLICY_CHECK
))
327 ok
= ctx
->check_policy(ctx
);
332 X509_get_pubkey_parameters(NULL
,ctx
->chain
);
334 if (sktmp
!= NULL
) sk_X509_free(sktmp
);
335 if (chain_ss
!= NULL
) X509_free(chain_ss
);
340 /* Given a STACK_OF(X509) find the issuer of cert (if any)
343 static X509
*find_issuer(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
, X509
*x
)
347 for (i
= 0; i
< sk_X509_num(sk
); i
++)
349 issuer
= sk_X509_value(sk
, i
);
350 if (ctx
->check_issued(ctx
, x
, issuer
))
356 /* Given a possible certificate and issuer check them */
358 static int check_issued(X509_STORE_CTX
*ctx
, X509
*x
, X509
*issuer
)
361 ret
= X509_check_issued(issuer
, x
);
362 if (ret
== X509_V_OK
)
364 /* If we haven't asked for issuer errors don't set ctx */
365 if (!(ctx
->param
->flags
& X509_V_FLAG_CB_ISSUER_CHECK
))
369 ctx
->current_cert
= x
;
370 ctx
->current_issuer
= issuer
;
371 return ctx
->verify_cb(0, ctx
);
375 /* Alternative lookup method: look from a STACK stored in other_ctx */
377 static int get_issuer_sk(X509
**issuer
, X509_STORE_CTX
*ctx
, X509
*x
)
379 *issuer
= find_issuer(ctx
, ctx
->other_ctx
, x
);
382 CRYPTO_add(&(*issuer
)->references
,1,CRYPTO_LOCK_X509
);
390 /* Check a certificate chains extensions for consistency
391 * with the supplied purpose
394 static int check_chain_extensions(X509_STORE_CTX
*ctx
)
396 #ifdef OPENSSL_NO_CHAIN_VERIFY
399 int i
, ok
=0, must_be_ca
;
401 int (*cb
)(int xok
,X509_STORE_CTX
*xctx
);
402 int proxy_path_length
= 0;
403 int allow_proxy_certs
=
404 !!(ctx
->param
->flags
& X509_V_FLAG_ALLOW_PROXY_CERTS
);
407 /* must_be_ca can have 1 of 3 values:
408 -1: we accept both CA and non-CA certificates, to allow direct
409 use of self-signed certificates (which are marked as CA).
410 0: we only accept non-CA certificates. This is currently not
411 used, but the possibility is present for future extensions.
412 1: we only accept CA certificates. This is currently used for
413 all certificates in the chain except the leaf certificate.
417 /* A hack to keep people who don't want to modify their software
419 if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
420 allow_proxy_certs
= 1;
422 /* Check all untrusted certificates */
423 for (i
= 0; i
< ctx
->last_untrusted
; i
++)
426 x
= sk_X509_value(ctx
->chain
, i
);
427 if (!(ctx
->param
->flags
& X509_V_FLAG_IGNORE_CRITICAL
)
428 && (x
->ex_flags
& EXFLAG_CRITICAL
))
430 ctx
->error
= X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
;
431 ctx
->error_depth
= i
;
432 ctx
->current_cert
= x
;
436 if (!allow_proxy_certs
&& (x
->ex_flags
& EXFLAG_PROXY
))
438 ctx
->error
= X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
;
439 ctx
->error_depth
= i
;
440 ctx
->current_cert
= x
;
444 ret
= X509_check_ca(x
);
448 if ((ctx
->param
->flags
& X509_V_FLAG_X509_STRICT
)
449 && (ret
!= 1) && (ret
!= 0))
452 ctx
->error
= X509_V_ERR_INVALID_CA
;
461 ctx
->error
= X509_V_ERR_INVALID_NON_CA
;
468 || ((ctx
->param
->flags
& X509_V_FLAG_X509_STRICT
)
472 ctx
->error
= X509_V_ERR_INVALID_CA
;
480 ctx
->error_depth
= i
;
481 ctx
->current_cert
= x
;
485 if (ctx
->param
->purpose
> 0)
487 ret
= X509_check_purpose(x
, ctx
->param
->purpose
,
490 || ((ctx
->param
->flags
& X509_V_FLAG_X509_STRICT
)
493 ctx
->error
= X509_V_ERR_INVALID_PURPOSE
;
494 ctx
->error_depth
= i
;
495 ctx
->current_cert
= x
;
501 if ((i
> 1) && (x
->ex_pathlen
!= -1)
502 && (i
> (x
->ex_pathlen
+ proxy_path_length
+ 1)))
504 ctx
->error
= X509_V_ERR_PATH_LENGTH_EXCEEDED
;
505 ctx
->error_depth
= i
;
506 ctx
->current_cert
= x
;
510 /* If this certificate is a proxy certificate, the next
511 certificate must be another proxy certificate or a EE
512 certificate. If not, the next certificate must be a
514 if (x
->ex_flags
& EXFLAG_PROXY
)
516 if (x
->ex_pcpathlen
!= -1 && i
> x
->ex_pcpathlen
)
519 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
;
520 ctx
->error_depth
= i
;
521 ctx
->current_cert
= x
;
537 static int check_trust(X509_STORE_CTX
*ctx
)
539 #ifdef OPENSSL_NO_CHAIN_VERIFY
544 int (*cb
)(int xok
,X509_STORE_CTX
*xctx
);
546 /* For now just check the last certificate in the chain */
547 i
= sk_X509_num(ctx
->chain
) - 1;
548 x
= sk_X509_value(ctx
->chain
, i
);
549 ok
= X509_check_trust(x
, ctx
->param
->trust
, 0);
550 if (ok
== X509_TRUST_TRUSTED
)
552 ctx
->error_depth
= i
;
553 ctx
->current_cert
= x
;
554 if (ok
== X509_TRUST_REJECTED
)
555 ctx
->error
= X509_V_ERR_CERT_REJECTED
;
557 ctx
->error
= X509_V_ERR_CERT_UNTRUSTED
;
563 static int check_revocation(X509_STORE_CTX
*ctx
)
566 if (!(ctx
->param
->flags
& X509_V_FLAG_CRL_CHECK
))
568 if (ctx
->param
->flags
& X509_V_FLAG_CRL_CHECK_ALL
)
569 last
= sk_X509_num(ctx
->chain
) - 1;
572 for(i
= 0; i
<= last
; i
++)
574 ctx
->error_depth
= i
;
575 ok
= check_cert(ctx
);
581 static int check_cert(X509_STORE_CTX
*ctx
)
583 X509_CRL
*crl
= NULL
;
586 cnum
= ctx
->error_depth
;
587 x
= sk_X509_value(ctx
->chain
, cnum
);
588 ctx
->current_cert
= x
;
589 /* Try to retrieve relevant CRL */
590 ok
= ctx
->get_crl(ctx
, &crl
, x
);
591 /* If error looking up CRL, nothing we can do except
596 ctx
->error
= X509_V_ERR_UNABLE_TO_GET_CRL
;
597 ok
= ctx
->verify_cb(0, ctx
);
600 ctx
->current_crl
= crl
;
601 ok
= ctx
->check_crl(ctx
, crl
);
603 ok
= ctx
->cert_crl(ctx
, crl
, x
);
605 ctx
->current_crl
= NULL
;
611 /* Check CRL times against values in X509_STORE_CTX */
613 static int check_crl_time(X509_STORE_CTX
*ctx
, X509_CRL
*crl
, int notify
)
617 ctx
->current_crl
= crl
;
618 if (ctx
->param
->flags
& X509_V_FLAG_USE_CHECK_TIME
)
619 ptime
= &ctx
->param
->check_time
;
623 i
=X509_cmp_time(X509_CRL_get_lastUpdate(crl
), ptime
);
626 ctx
->error
=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
;
627 if (!notify
|| !ctx
->verify_cb(0, ctx
))
633 ctx
->error
=X509_V_ERR_CRL_NOT_YET_VALID
;
634 if (!notify
|| !ctx
->verify_cb(0, ctx
))
638 if(X509_CRL_get_nextUpdate(crl
))
640 i
=X509_cmp_time(X509_CRL_get_nextUpdate(crl
), ptime
);
644 ctx
->error
=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
;
645 if (!notify
|| !ctx
->verify_cb(0, ctx
))
651 ctx
->error
=X509_V_ERR_CRL_HAS_EXPIRED
;
652 if (!notify
|| !ctx
->verify_cb(0, ctx
))
657 ctx
->current_crl
= NULL
;
662 /* Based on a set of possible CRLs decide which one is best suited
663 * to handle the current certificate. This is determined by a number
664 * of criteria. If any of the "must" criteria is not satisfied then
665 * the candidate CRL is rejected. If all "must" and all "should" are
666 * satisfied the CRL is accepted. If no CRL satisfies all criteria then
667 * a "best CRL" is used to provide some meaningful error information.
669 * CRL issuer name must match "nm" if not NULL.
671 * a. it must be consistent.
672 * b. onlyuser, onlyCA, onlyAA should match certificate being checked.
673 * c. indirectCRL must be FALSE.
674 * d. onlysomereason must be absent.
675 * e. if name present a DP in certificate CRLDP must match.
676 * If AKID present it should match certificate AKID.
677 * Check time should fall between lastUpdate and nextUpdate.
680 /* IDP name field matches CRLDP or IDP name not present */
681 #define CRL_SCORE_SCOPE 4
682 /* AKID present and matches cert, or AKID not present */
683 #define CRL_SCORE_AKID 2
685 #define CRL_SCORE_TIME 1
687 #define CRL_SCORE_ALL 7
689 /* IDP flags which cause a CRL to be rejected */
691 #define IDP_REJECT (IDP_INVALID|IDP_INDIRECT|IDP_REASONS)
693 static int get_crl_sk(X509_STORE_CTX
*ctx
, X509_CRL
**pcrl
,
694 X509_NAME
*nm
, STACK_OF(X509_CRL
) *crls
)
696 int i
, crl_score
, best_score
= -1;
697 X509_CRL
*crl
, *best_crl
= NULL
;
698 for (i
= 0; i
< sk_X509_CRL_num(crls
); i
++)
701 crl
= sk_X509_CRL_value(crls
, i
);
702 if (nm
&& X509_NAME_cmp(nm
, X509_CRL_get_issuer(crl
)))
704 if (check_crl_time(ctx
, crl
, 0))
705 crl_score
|= CRL_SCORE_TIME
;
707 if (crl
->idp_flags
& IDP_PRESENT
)
709 if (crl
->idp_flags
& IDP_REJECT
)
711 if (idp_check_scope(ctx
->current_cert
, crl
))
712 crl_score
|= CRL_SCORE_SCOPE
;
715 crl_score
|= CRL_SCORE_SCOPE
;
719 if (crl_akid_check(ctx
, crl
->akid
))
720 crl_score
|= CRL_SCORE_AKID
;
723 crl_score
|= CRL_SCORE_AKID
;
725 if (crl_score
== CRL_SCORE_ALL
)
728 CRYPTO_add(&crl
->references
, 1, CRYPTO_LOCK_X509_CRL
);
732 if (crl_score
> best_score
)
735 best_score
= crl_score
;
741 CRYPTO_add(&best_crl
->references
, 1, CRYPTO_LOCK_X509
);
747 static int crl_akid_check(X509_STORE_CTX
*ctx
, AUTHORITY_KEYID
*akid
)
749 int cidx
= ctx
->error_depth
;
750 if (cidx
!= sk_X509_num(ctx
->chain
) - 1)
752 if (X509_check_akid(sk_X509_value(ctx
->chain
, cidx
), akid
) == X509_V_OK
)
758 /* Check IDP name matches at least one CRLDP name */
760 static int idp_check_scope(X509
*x
, X509_CRL
*crl
)
763 GENERAL_NAMES
*inames
, *dnames
;
764 if (crl
->idp_flags
& IDP_ONLYATTR
)
766 if (x
->ex_flags
& EXFLAG_CA
)
768 if (crl
->idp_flags
& IDP_ONLYUSER
)
773 if (crl
->idp_flags
& IDP_ONLYCA
)
776 if (!crl
->idp
->distpoint
)
778 if (crl
->idp
->distpoint
->type
!= 0)
782 inames
= crl
->idp
->distpoint
->name
.fullname
;
783 for (i
= 0; i
< sk_GENERAL_NAME_num(inames
); i
++)
785 GENERAL_NAME
*igen
= sk_GENERAL_NAME_value(inames
, i
);
786 for (j
= 0; j
< sk_DIST_POINT_num(x
->crldp
); j
++)
788 DIST_POINT
*dp
= sk_DIST_POINT_value(x
->crldp
, j
);
789 /* We don't handle these at present */
790 if (dp
->reasons
|| dp
->CRLissuer
)
792 if (!dp
->distpoint
|| (dp
->distpoint
->type
!= 0))
794 dnames
= dp
->distpoint
->name
.fullname
;
795 for (k
= 0; k
< sk_GENERAL_NAME_num(dnames
); k
++)
798 sk_GENERAL_NAME_value(dnames
, k
);
799 if (!GENERAL_NAME_cmp(igen
, cgen
))
807 /* Retrieve CRL corresponding to current certificate. Currently only
808 * one CRL is retrieved. Multiple CRLs may be needed if we handle
809 * CRLs partitioned on reason code later.
812 static int get_crl(X509_STORE_CTX
*ctx
, X509_CRL
**pcrl
, X509
*x
)
815 X509_CRL
*crl
= NULL
;
816 STACK_OF(X509_CRL
) *skcrl
;
818 nm
= X509_get_issuer_name(x
);
819 ok
= get_crl_sk(ctx
, &crl
, nm
, ctx
->crls
);
826 /* Lookup CRLs from store */
828 skcrl
= ctx
->lookup_crls(ctx
, nm
);
830 /* If no CRLs found and a near match from get_crl_sk use that */
841 get_crl_sk(ctx
, &crl
, NULL
, skcrl
);
843 sk_X509_CRL_pop_free(skcrl
, X509_CRL_free
);
845 /* If we got any kind of CRL use it and return success */
855 /* Check CRL validity */
856 static int check_crl(X509_STORE_CTX
*ctx
, X509_CRL
*crl
)
859 EVP_PKEY
*ikey
= NULL
;
860 int ok
= 0, chnum
, cnum
;
861 cnum
= ctx
->error_depth
;
862 chnum
= sk_X509_num(ctx
->chain
) - 1;
863 /* Find CRL issuer: if not last certificate then issuer
864 * is next certificate in chain.
867 issuer
= sk_X509_value(ctx
->chain
, cnum
+ 1);
870 issuer
= sk_X509_value(ctx
->chain
, chnum
);
871 /* If not self signed, can't check signature */
872 if(!ctx
->check_issued(ctx
, issuer
, issuer
))
874 ctx
->error
= X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
;
875 ok
= ctx
->verify_cb(0, ctx
);
882 /* Check for cRLSign bit if keyUsage present */
883 if ((issuer
->ex_flags
& EXFLAG_KUSAGE
) &&
884 !(issuer
->ex_kusage
& KU_CRL_SIGN
))
886 ctx
->error
= X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
;
887 ok
= ctx
->verify_cb(0, ctx
);
891 if (crl
->idp_flags
& IDP_PRESENT
)
893 if (crl
->idp_flags
& IDP_INVALID
)
895 ctx
->error
= X509_V_ERR_INVALID_EXTENSION
;
896 ok
= ctx
->verify_cb(0, ctx
);
899 if (crl
->idp_flags
& (IDP_REASONS
|IDP_INDIRECT
))
901 ctx
->error
= X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
;
902 ok
= ctx
->verify_cb(0, ctx
);
905 if (!idp_check_scope(ctx
->current_cert
, crl
))
907 ctx
->error
= X509_V_ERR_DIFFERENT_CRL_SCOPE
;
908 ok
= ctx
->verify_cb(0, ctx
);
913 /* Attempt to get issuer certificate public key */
914 ikey
= X509_get_pubkey(issuer
);
918 ctx
->error
=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
;
919 ok
= ctx
->verify_cb(0, ctx
);
924 /* Verify CRL signature */
925 if(X509_CRL_verify(crl
, ikey
) <= 0)
927 ctx
->error
=X509_V_ERR_CRL_SIGNATURE_FAILURE
;
928 ok
= ctx
->verify_cb(0, ctx
);
934 ok
= check_crl_time(ctx
, crl
, 1);
945 /* Check certificate against CRL */
946 static int cert_crl(X509_STORE_CTX
*ctx
, X509_CRL
*crl
, X509
*x
)
949 /* Look for serial number of certificate in CRL
950 * If found assume revoked: want something cleverer than
951 * this to handle entry extensions in V2 CRLs.
953 if (X509_CRL_get0_by_serial(crl
, NULL
, X509_get_serialNumber(x
)) > 0)
955 ctx
->error
= X509_V_ERR_CERT_REVOKED
;
956 ok
= ctx
->verify_cb(0, ctx
);
961 if (crl
->flags
& EXFLAG_CRITICAL
)
963 if (ctx
->param
->flags
& X509_V_FLAG_IGNORE_CRITICAL
)
965 ctx
->error
= X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
;
966 ok
= ctx
->verify_cb(0, ctx
);
974 static int check_policy(X509_STORE_CTX
*ctx
)
977 ret
= X509_policy_check(&ctx
->tree
, &ctx
->explicit_policy
, ctx
->chain
,
978 ctx
->param
->policies
, ctx
->param
->flags
);
981 X509err(X509_F_CHECK_POLICY
,ERR_R_MALLOC_FAILURE
);
984 /* Invalid or inconsistent extensions */
987 /* Locate certificates with bad extensions and notify
992 for (i
= 1; i
< sk_X509_num(ctx
->chain
); i
++)
994 x
= sk_X509_value(ctx
->chain
, i
);
995 if (!(x
->ex_flags
& EXFLAG_INVALID_POLICY
))
997 ctx
->current_cert
= x
;
998 ctx
->error
= X509_V_ERR_INVALID_POLICY_EXTENSION
;
999 ret
= ctx
->verify_cb(0, ctx
);
1005 ctx
->current_cert
= NULL
;
1006 ctx
->error
= X509_V_ERR_NO_EXPLICIT_POLICY
;
1007 return ctx
->verify_cb(0, ctx
);
1010 if (ctx
->param
->flags
& X509_V_FLAG_NOTIFY_POLICY
)
1012 ctx
->current_cert
= NULL
;
1013 ctx
->error
= X509_V_OK
;
1014 if (!ctx
->verify_cb(2, ctx
))
1021 static int check_cert_time(X509_STORE_CTX
*ctx
, X509
*x
)
1026 if (ctx
->param
->flags
& X509_V_FLAG_USE_CHECK_TIME
)
1027 ptime
= &ctx
->param
->check_time
;
1031 i
=X509_cmp_time(X509_get_notBefore(x
), ptime
);
1034 ctx
->error
=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
;
1035 ctx
->current_cert
=x
;
1036 if (!ctx
->verify_cb(0, ctx
))
1042 ctx
->error
=X509_V_ERR_CERT_NOT_YET_VALID
;
1043 ctx
->current_cert
=x
;
1044 if (!ctx
->verify_cb(0, ctx
))
1048 i
=X509_cmp_time(X509_get_notAfter(x
), ptime
);
1051 ctx
->error
=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
;
1052 ctx
->current_cert
=x
;
1053 if (!ctx
->verify_cb(0, ctx
))
1059 ctx
->error
=X509_V_ERR_CERT_HAS_EXPIRED
;
1060 ctx
->current_cert
=x
;
1061 if (!ctx
->verify_cb(0, ctx
))
1068 static int internal_verify(X509_STORE_CTX
*ctx
)
1072 EVP_PKEY
*pkey
=NULL
;
1073 int (*cb
)(int xok
,X509_STORE_CTX
*xctx
);
1077 n
=sk_X509_num(ctx
->chain
);
1078 ctx
->error_depth
=n
-1;
1080 xi
=sk_X509_value(ctx
->chain
,n
);
1082 if (ctx
->check_issued(ctx
, xi
, xi
))
1088 ctx
->error
=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
;
1089 ctx
->current_cert
=xi
;
1097 xs
=sk_X509_value(ctx
->chain
,n
);
1101 /* ctx->error=0; not needed */
1107 if ((pkey
=X509_get_pubkey(xi
)) == NULL
)
1109 ctx
->error
=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
;
1110 ctx
->current_cert
=xi
;
1114 else if (X509_verify(xs
,pkey
) <= 0)
1115 /* XXX For the final trusted self-signed cert,
1116 * this is a waste of time. That check should
1117 * optional so that e.g. 'openssl x509' can be
1118 * used to detect invalid self-signatures, but
1119 * we don't verify again and again in SSL
1120 * handshakes and the like once the cert has
1121 * been declared trusted. */
1123 ctx
->error
=X509_V_ERR_CERT_SIGNATURE_FAILURE
;
1124 ctx
->current_cert
=xs
;
1128 EVP_PKEY_free(pkey
);
1132 EVP_PKEY_free(pkey
);
1138 ok
= check_cert_time(ctx
, xs
);
1142 /* The last error (if any) is still in the error value */
1143 ctx
->current_issuer
=xi
;
1144 ctx
->current_cert
=xs
;
1152 xs
=sk_X509_value(ctx
->chain
,n
);
1160 int X509_cmp_current_time(const ASN1_TIME
*ctm
)
1162 return X509_cmp_time(ctm
, NULL
);
1165 int X509_cmp_time(const ASN1_TIME
*ctm
, time_t *cmp_time
)
1170 char buff1
[24],buff2
[24],*p
;
1175 str
=(char *)ctm
->data
;
1176 if (ctm
->type
== V_ASN1_UTCTIME
)
1178 if ((i
< 11) || (i
> 17)) return 0;
1185 if (i
< 13) return 0;
1191 if ((*str
== 'Z') || (*str
== '-') || (*str
== '+'))
1192 { *(p
++)='0'; *(p
++)='0'; }
1197 /* Skip any fractional seconds... */
1201 while ((*str
>= '0') && (*str
<= '9')) str
++;
1212 if ((*str
!= '+') && (*str
!= '-'))
1214 offset
=((str
[1]-'0')*10+(str
[2]-'0'))*60;
1215 offset
+=(str
[3]-'0')*10+(str
[4]-'0');
1220 atm
.length
=sizeof(buff2
);
1221 atm
.data
=(unsigned char *)buff2
;
1223 if (X509_time_adj(&atm
,-offset
*60, cmp_time
) == NULL
)
1226 if (ctm
->type
== V_ASN1_UTCTIME
)
1228 i
=(buff1
[0]-'0')*10+(buff1
[1]-'0');
1229 if (i
< 50) i
+=100; /* cf. RFC 2459 */
1230 j
=(buff2
[0]-'0')*10+(buff2
[1]-'0');
1233 if (i
< j
) return -1;
1234 if (i
> j
) return 1;
1236 i
=strcmp(buff1
,buff2
);
1237 if (i
== 0) /* wait a second then return younger :-) */
1243 ASN1_TIME
*X509_gmtime_adj(ASN1_TIME
*s
, long adj
)
1245 return X509_time_adj(s
, adj
, NULL
);
1248 ASN1_TIME
*X509_time_adj(ASN1_TIME
*s
, long adj
, time_t *in_tm
)
1253 if (in_tm
) t
= *in_tm
;
1257 if (s
) type
= s
->type
;
1258 if (type
== V_ASN1_UTCTIME
) return ASN1_UTCTIME_set(s
,t
);
1259 if (type
== V_ASN1_GENERALIZEDTIME
) return ASN1_GENERALIZEDTIME_set(s
, t
);
1260 return ASN1_TIME_set(s
, t
);
1263 int X509_get_pubkey_parameters(EVP_PKEY
*pkey
, STACK_OF(X509
) *chain
)
1265 EVP_PKEY
*ktmp
=NULL
,*ktmp2
;
1268 if ((pkey
!= NULL
) && !EVP_PKEY_missing_parameters(pkey
)) return 1;
1270 for (i
=0; i
<sk_X509_num(chain
); i
++)
1272 ktmp
=X509_get_pubkey(sk_X509_value(chain
,i
));
1275 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS
,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY
);
1278 if (!EVP_PKEY_missing_parameters(ktmp
))
1282 EVP_PKEY_free(ktmp
);
1288 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS
,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN
);
1292 /* first, populate the other certs */
1293 for (j
=i
-1; j
>= 0; j
--)
1295 ktmp2
=X509_get_pubkey(sk_X509_value(chain
,j
));
1296 EVP_PKEY_copy_parameters(ktmp2
,ktmp
);
1297 EVP_PKEY_free(ktmp2
);
1300 if (pkey
!= NULL
) EVP_PKEY_copy_parameters(pkey
,ktmp
);
1301 EVP_PKEY_free(ktmp
);
1305 int X509_STORE_CTX_get_ex_new_index(long argl
, void *argp
, CRYPTO_EX_new
*new_func
,
1306 CRYPTO_EX_dup
*dup_func
, CRYPTO_EX_free
*free_func
)
1308 /* This function is (usually) called only once, by
1309 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
1310 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX
, argl
, argp
,
1311 new_func
, dup_func
, free_func
);
1314 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX
*ctx
, int idx
, void *data
)
1316 return CRYPTO_set_ex_data(&ctx
->ex_data
,idx
,data
);
1319 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX
*ctx
, int idx
)
1321 return CRYPTO_get_ex_data(&ctx
->ex_data
,idx
);
1324 int X509_STORE_CTX_get_error(X509_STORE_CTX
*ctx
)
1329 void X509_STORE_CTX_set_error(X509_STORE_CTX
*ctx
, int err
)
1334 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX
*ctx
)
1336 return ctx
->error_depth
;
1339 X509
*X509_STORE_CTX_get_current_cert(X509_STORE_CTX
*ctx
)
1341 return ctx
->current_cert
;
1344 STACK_OF(X509
) *X509_STORE_CTX_get_chain(X509_STORE_CTX
*ctx
)
1349 STACK_OF(X509
) *X509_STORE_CTX_get1_chain(X509_STORE_CTX
*ctx
)
1353 STACK_OF(X509
) *chain
;
1354 if (!ctx
->chain
|| !(chain
= sk_X509_dup(ctx
->chain
))) return NULL
;
1355 for (i
= 0; i
< sk_X509_num(chain
); i
++)
1357 x
= sk_X509_value(chain
, i
);
1358 CRYPTO_add(&x
->references
, 1, CRYPTO_LOCK_X509
);
1363 void X509_STORE_CTX_set_cert(X509_STORE_CTX
*ctx
, X509
*x
)
1368 void X509_STORE_CTX_set_chain(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
)
1373 void X509_STORE_CTX_set0_crls(X509_STORE_CTX
*ctx
, STACK_OF(X509_CRL
) *sk
)
1378 int X509_STORE_CTX_set_purpose(X509_STORE_CTX
*ctx
, int purpose
)
1380 return X509_STORE_CTX_purpose_inherit(ctx
, 0, purpose
, 0);
1383 int X509_STORE_CTX_set_trust(X509_STORE_CTX
*ctx
, int trust
)
1385 return X509_STORE_CTX_purpose_inherit(ctx
, 0, 0, trust
);
1388 /* This function is used to set the X509_STORE_CTX purpose and trust
1389 * values. This is intended to be used when another structure has its
1390 * own trust and purpose values which (if set) will be inherited by
1391 * the ctx. If they aren't set then we will usually have a default
1392 * purpose in mind which should then be used to set the trust value.
1393 * An example of this is SSL use: an SSL structure will have its own
1394 * purpose and trust settings which the application can set: if they
1395 * aren't set then we use the default of SSL client/server.
1398 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX
*ctx
, int def_purpose
,
1399 int purpose
, int trust
)
1402 /* If purpose not set use default */
1403 if (!purpose
) purpose
= def_purpose
;
1404 /* If we have a purpose then check it is valid */
1408 idx
= X509_PURPOSE_get_by_id(purpose
);
1411 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
1412 X509_R_UNKNOWN_PURPOSE_ID
);
1415 ptmp
= X509_PURPOSE_get0(idx
);
1416 if (ptmp
->trust
== X509_TRUST_DEFAULT
)
1418 idx
= X509_PURPOSE_get_by_id(def_purpose
);
1421 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
1422 X509_R_UNKNOWN_PURPOSE_ID
);
1425 ptmp
= X509_PURPOSE_get0(idx
);
1427 /* If trust not set then get from purpose default */
1428 if (!trust
) trust
= ptmp
->trust
;
1432 idx
= X509_TRUST_get_by_id(trust
);
1435 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT
,
1436 X509_R_UNKNOWN_TRUST_ID
);
1441 if (purpose
&& !ctx
->param
->purpose
) ctx
->param
->purpose
= purpose
;
1442 if (trust
&& !ctx
->param
->trust
) ctx
->param
->trust
= trust
;
1446 X509_STORE_CTX
*X509_STORE_CTX_new(void)
1448 X509_STORE_CTX
*ctx
;
1449 ctx
= (X509_STORE_CTX
*)OPENSSL_malloc(sizeof(X509_STORE_CTX
));
1452 X509err(X509_F_X509_STORE_CTX_NEW
,ERR_R_MALLOC_FAILURE
);
1455 memset(ctx
, 0, sizeof(X509_STORE_CTX
));
1459 void X509_STORE_CTX_free(X509_STORE_CTX
*ctx
)
1461 X509_STORE_CTX_cleanup(ctx
);
1465 int X509_STORE_CTX_init(X509_STORE_CTX
*ctx
, X509_STORE
*store
, X509
*x509
,
1466 STACK_OF(X509
) *chain
)
1470 ctx
->current_method
=0;
1472 ctx
->untrusted
=chain
;
1474 ctx
->last_untrusted
=0;
1475 ctx
->other_ctx
=NULL
;
1479 ctx
->explicit_policy
=0;
1481 ctx
->current_cert
=NULL
;
1482 ctx
->current_issuer
=NULL
;
1485 ctx
->param
= X509_VERIFY_PARAM_new();
1489 X509err(X509_F_X509_STORE_CTX_INIT
,ERR_R_MALLOC_FAILURE
);
1493 /* Inherit callbacks and flags from X509_STORE if not set
1499 ret
= X509_VERIFY_PARAM_inherit(ctx
->param
, store
->param
);
1501 ctx
->param
->flags
|= X509_VP_FLAG_DEFAULT
|X509_VP_FLAG_ONCE
;
1505 ctx
->verify_cb
= store
->verify_cb
;
1506 ctx
->cleanup
= store
->cleanup
;
1512 ret
= X509_VERIFY_PARAM_inherit(ctx
->param
,
1513 X509_VERIFY_PARAM_lookup("default"));
1517 X509err(X509_F_X509_STORE_CTX_INIT
,ERR_R_MALLOC_FAILURE
);
1521 if (store
&& store
->check_issued
)
1522 ctx
->check_issued
= store
->check_issued
;
1524 ctx
->check_issued
= check_issued
;
1526 if (store
&& store
->get_issuer
)
1527 ctx
->get_issuer
= store
->get_issuer
;
1529 ctx
->get_issuer
= X509_STORE_CTX_get1_issuer
;
1531 if (store
&& store
->verify_cb
)
1532 ctx
->verify_cb
= store
->verify_cb
;
1534 ctx
->verify_cb
= null_callback
;
1536 if (store
&& store
->verify
)
1537 ctx
->verify
= store
->verify
;
1539 ctx
->verify
= internal_verify
;
1541 if (store
&& store
->check_revocation
)
1542 ctx
->check_revocation
= store
->check_revocation
;
1544 ctx
->check_revocation
= check_revocation
;
1546 if (store
&& store
->get_crl
)
1547 ctx
->get_crl
= store
->get_crl
;
1549 ctx
->get_crl
= get_crl
;
1551 if (store
&& store
->check_crl
)
1552 ctx
->check_crl
= store
->check_crl
;
1554 ctx
->check_crl
= check_crl
;
1556 if (store
&& store
->cert_crl
)
1557 ctx
->cert_crl
= store
->cert_crl
;
1559 ctx
->cert_crl
= cert_crl
;
1561 if (store
&& store
->lookup_certs
)
1562 ctx
->lookup_certs
= store
->lookup_certs
;
1564 ctx
->lookup_certs
= X509_STORE_get1_certs
;
1566 if (store
&& store
->lookup_crls
)
1567 ctx
->lookup_crls
= store
->lookup_crls
;
1569 ctx
->lookup_crls
= X509_STORE_get1_crls
;
1571 ctx
->check_policy
= check_policy
;
1574 /* This memset() can't make any sense anyway, so it's removed. As
1575 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
1576 * corresponding "new" here and remove this bogus initialisation. */
1577 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
1578 if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX
, ctx
,
1582 X509err(X509_F_X509_STORE_CTX_INIT
,ERR_R_MALLOC_FAILURE
);
1588 /* Set alternative lookup method: just a STACK of trusted certificates.
1589 * This avoids X509_STORE nastiness where it isn't needed.
1592 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX
*ctx
, STACK_OF(X509
) *sk
)
1594 ctx
->other_ctx
= sk
;
1595 ctx
->get_issuer
= get_issuer_sk
;
1598 void X509_STORE_CTX_cleanup(X509_STORE_CTX
*ctx
)
1600 if (ctx
->cleanup
) ctx
->cleanup(ctx
);
1601 X509_VERIFY_PARAM_free(ctx
->param
);
1603 X509_policy_tree_free(ctx
->tree
);
1604 if (ctx
->chain
!= NULL
)
1606 sk_X509_pop_free(ctx
->chain
,X509_free
);
1609 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX
, ctx
, &(ctx
->ex_data
));
1610 memset(&ctx
->ex_data
,0,sizeof(CRYPTO_EX_DATA
));
1613 void X509_STORE_CTX_set_depth(X509_STORE_CTX
*ctx
, int depth
)
1615 X509_VERIFY_PARAM_set_depth(ctx
->param
, depth
);
1618 void X509_STORE_CTX_set_flags(X509_STORE_CTX
*ctx
, unsigned long flags
)
1620 X509_VERIFY_PARAM_set_flags(ctx
->param
, flags
);
1623 void X509_STORE_CTX_set_time(X509_STORE_CTX
*ctx
, unsigned long flags
, time_t t
)
1625 X509_VERIFY_PARAM_set_time(ctx
->param
, t
);
1628 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX
*ctx
,
1629 int (*verify_cb
)(int, X509_STORE_CTX
*))
1631 ctx
->verify_cb
=verify_cb
;
1634 X509_POLICY_TREE
*X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX
*ctx
)
1639 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX
*ctx
)
1641 return ctx
->explicit_policy
;
1644 int X509_STORE_CTX_set_default(X509_STORE_CTX
*ctx
, const char *name
)
1646 const X509_VERIFY_PARAM
*param
;
1647 param
= X509_VERIFY_PARAM_lookup(name
);
1650 return X509_VERIFY_PARAM_inherit(ctx
->param
, param
);
1653 X509_VERIFY_PARAM
*X509_STORE_CTX_get0_param(X509_STORE_CTX
*ctx
)
1658 void X509_STORE_CTX_set0_param(X509_STORE_CTX
*ctx
, X509_VERIFY_PARAM
*param
)
1661 X509_VERIFY_PARAM_free(ctx
->param
);
1665 IMPLEMENT_STACK_OF(X509
)
1666 IMPLEMENT_ASN1_SET_OF(X509
)
1668 IMPLEMENT_STACK_OF(X509_NAME
)
1670 IMPLEMENT_STACK_OF(X509_ATTRIBUTE
)
1671 IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE
)