]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/x509/x509_vfy.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Check that the subject name in a proxy cert complies to RFC 3820
[thirdparty/openssl.git] / crypto / x509 / x509_vfy.c
CommitLineData
d02b48c6 1/* crypto/x509/x509_vfy.c */
58964a49 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
10621efd 8 *
d02b48c6
RE		 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
10621efd 15 *
d02b48c6
RE		 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
10621efd 22 *
d02b48c6
RE		 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
10621efd 37 * 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6
RE		 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
10621efd 40 *
d02b48c6
RE		 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
10621efd 52 *
d02b48c6
RE		 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include <errno.h>
d02b48c6
RE		 62
63#include "cryptlib.h"
17f389bb 64#include <openssl/crypto.h>
ec577822
BM		 65#include <openssl/lhash.h>
66#include <openssl/buffer.h>
67#include <openssl/evp.h>
68#include <openssl/asn1.h>
69#include <openssl/x509.h>
11262391 70#include <openssl/x509v3.h>
ec577822 71#include <openssl/objects.h>
d02b48c6 72
d43c4497
DSH		 73/* CRL score values */
74
75/* No unhandled critical extensions */
76
10621efd 77#define CRL_SCORE_NOCRITICAL 0x100
d43c4497
DSH		 78
79/* certificate is within CRL scope */
80
10621efd 81#define CRL_SCORE_SCOPE 0x080
d43c4497
DSH		 82
83/* CRL times valid */
84
10621efd 85#define CRL_SCORE_TIME 0x040
d43c4497
DSH		 86
87/* Issuer name matches certificate */
88
10621efd 89#define CRL_SCORE_ISSUER_NAME 0x020
d43c4497
DSH		 90
91/* If this score or above CRL is probably valid */
92
93#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
94
95/* CRL issuer is certificate issuer */
96
10621efd 97#define CRL_SCORE_ISSUER_CERT 0x018
d43c4497
DSH		 98
99/* CRL issuer is on certificate path */
100
10621efd 101#define CRL_SCORE_SAME_PATH 0x008
d43c4497
DSH		 102
103/* CRL issuer matches CRL AKID */
104
10621efd 105#define CRL_SCORE_AKID 0x004
d43c4497
DSH		 106
107/* Have a delta CRL with valid times */
108
10621efd 109#define CRL_SCORE_TIME_DELTA 0x002
d43c4497 110
10621efd 111static int null_callback(int ok, X509_STORE_CTX *e);
2f043896
DSH		 112static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
113static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
30b415b0 114static int check_chain_extensions(X509_STORE_CTX *ctx);
e9746e03 115static int check_name_constraints(X509_STORE_CTX *ctx);
51630a37 116static int check_trust(X509_STORE_CTX *ctx);
b545dc67
DSH		 117static int check_revocation(X509_STORE_CTX *ctx);
118static int check_cert(X509_STORE_CTX *ctx);
5d7c222d 119static int check_policy(X509_STORE_CTX *ctx);
4b96839f
DSH		 120
121static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
10621efd 122 unsigned int *preasons, X509_CRL *crl, X509 *x);
d43c4497 123static int get_crl_delta(X509_STORE_CTX *ctx,
10621efd
MC		 124 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
125static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
126 int *pcrl_score, X509_CRL *base,
127 STACK_OF(X509_CRL) *crls);
128static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
129 int *pcrl_score);
4b96839f 130static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
10621efd 131 unsigned int *preasons);
9d84d4ed
DSH		 132static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
133static int check_crl_chain(X509_STORE_CTX *ctx,
10621efd
MC		 134 STACK_OF(X509) *cert_path,
135 STACK_OF(X509) *crl_path);
4b96839f 136
d02b48c6 137static int internal_verify(X509_STORE_CTX *ctx);
10621efd 138const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT;
d02b48c6 139
6b691a5c 140static int null_callback(int ok, X509_STORE_CTX *e)
10621efd
MC		 141{
142 return ok;
143}
d02b48c6
RE		 144
145#if 0
6b691a5c 146static int x509_subject_cmp(X509 **a, X509 **b)
10621efd
MC		 147{
148 return X509_subject_name_cmp(*a, *b);
149}
d02b48c6
RE		 150#endif
151
6b691a5c 152int X509_verify_cert(X509_STORE_CTX *ctx)
10621efd 153{
f7bf8e02 154 X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
10621efd
MC		 155 int bad_chain = 0;
156 X509_VERIFY_PARAM *param = ctx->param;
157 int depth, i, ok = 0;
f7bf8e02 158 int num, j, retry;
10621efd
MC		 159 int (*cb) (int xok, X509_STORE_CTX *xctx);
160 STACK_OF(X509) *sktmp = NULL;
161 if (ctx->cert == NULL) {
162 X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
3d4f83a5 163 ctx->error = X509_V_ERR_INVALID_CALL;
10621efd
MC		 164 return -1;
165 }
b3b1eb57
MC		 166 if (ctx->chain != NULL) {
167 /*
168 * This X509_STORE_CTX has already been used to verify a cert. We
169 * cannot do another one.
170 */
171 X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3d4f83a5 172 ctx->error = X509_V_ERR_INVALID_CALL;
b3b1eb57
MC		 173 return -1;
174 }
10621efd
MC		 175
176 cb = ctx->verify_cb;
177
178 /*
179 * first we make sure the chain we are going to build is present and that
180 * the first entry is in place
181 */
b3b1eb57
MC		 182 if (((ctx->chain = sk_X509_new_null()) == NULL) ||
183 (!sk_X509_push(ctx->chain, ctx->cert))) {
184 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
3d4f83a5
VD		 185 ctx->error = X509_V_ERR_OUT_OF_MEM;
186 ok = -1;
b3b1eb57 187 goto end;
10621efd 188 }
b3b1eb57
MC		 189 CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
190 ctx->last_untrusted = 1;
10621efd
MC		 191
192 /* We use a temporary STACK so we can chop and hack at it */
193 if (ctx->untrusted != NULL
194 && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
195 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
3d4f83a5
VD		 196 ctx->error = X509_V_ERR_OUT_OF_MEM;
197 ok = -1;
10621efd
MC		 198 goto end;
199 }
200
201 num = sk_X509_num(ctx->chain);
202 x = sk_X509_value(ctx->chain, num - 1);
203 depth = param->depth;
204
205 for (;;) {
206 /* If we have enough, we break */
207 if (depth < num)
208 break; /* FIXME: If this happens, we should take
209 * note of it and, if appropriate, use the
210 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
211 * later. */
212
213 /* If we are self signed, we break */
214 if (ctx->check_issued(ctx, x, x))
215 break;
216
217 /* If we were passed a cert chain, use it first */
218 if (ctx->untrusted != NULL) {
219 xtmp = find_issuer(ctx, sktmp, x);
220 if (xtmp != NULL) {
221 if (!sk_X509_push(ctx->chain, xtmp)) {
222 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
3d4f83a5
VD		 223 ctx->error = X509_V_ERR_OUT_OF_MEM;
224 ok = -1;
10621efd
MC		 225 goto end;
226 }
227 CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
228 (void)sk_X509_delete_ptr(sktmp, xtmp);
229 ctx->last_untrusted++;
230 x = xtmp;
231 num++;
232 /*
233 * reparse the full chain for the next one
234 */
235 continue;
236 }
237 }
238 break;
239 }
240
f7bf8e02
MC		 241 /* Remember how many untrusted certs we have */
242 j = num;
10621efd
MC		 243 /*
244 * at this point, chain should contain a list of untrusted certificates.
245 * We now need to add at least one trusted one, if possible, otherwise we
246 * complain.
247 */
248
f7bf8e02
MC		 249 do {
250 /*
251 * Examine last certificate in chain and see if it is self signed.
252 */
253 i = sk_X509_num(ctx->chain);
254 x = sk_X509_value(ctx->chain, i - 1);
255 if (ctx->check_issued(ctx, x, x)) {
256 /* we have a self signed certificate */
257 if (sk_X509_num(ctx->chain) == 1) {
258 /*
259 * We have a single self signed certificate: see if we can
260 * find it in the store. We must have an exact match to avoid
261 * possible impersonation.
262 */
263 ok = ctx->get_issuer(&xtmp, ctx, x);
264 if ((ok <= 0) || X509_cmp(x, xtmp)) {
265 ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
266 ctx->current_cert = x;
267 ctx->error_depth = i - 1;
268 if (ok == 1)
269 X509_free(xtmp);
270 bad_chain = 1;
271 ok = cb(0, ctx);
272 if (!ok)
273 goto end;
274 } else {
275 /*
276 * We have a match: replace certificate with store
277 * version so we get any trust settings.
278 */
279 X509_free(x);
280 x = xtmp;
281 (void)sk_X509_set(ctx->chain, i - 1, x);
282 ctx->last_untrusted = 0;
283 }
10621efd
MC		 284 } else {
285 /*
f7bf8e02 286 * extract and save self signed certificate for later use
10621efd 287 */
f7bf8e02
MC		 288 chain_ss = sk_X509_pop(ctx->chain);
289 ctx->last_untrusted--;
290 num--;
291 j--;
292 x = sk_X509_value(ctx->chain, num - 1);
10621efd 293 }
10621efd 294 }
f7bf8e02
MC		 295 /* We now lookup certs from the certificate store */
296 for (;;) {
297 /* If we have enough, we break */
298 if (depth < num)
299 break;
300 /* If we are self signed, we break */
301 if (ctx->check_issued(ctx, x, x))
302 break;
303 ok = ctx->get_issuer(&xtmp, ctx, x);
3d4f83a5
VD		 304 if (ok < 0) {
305 ctx->error = X509_V_ERR_STORE_LOOKUP;
306 goto end;
307 }
f7bf8e02
MC		 308 if (ok == 0)
309 break;
310 x = xtmp;
311 if (!sk_X509_push(ctx->chain, x)) {
312 X509_free(xtmp);
313 X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
3d4f83a5
VD		 314 ctx->error = X509_V_ERR_OUT_OF_MEM;
315 ok = -1;
316 goto end;
f7bf8e02
MC		 317 }
318 num++;
319 }
10621efd 320
f7bf8e02
MC		 321 /*
322 * If we haven't got a least one certificate from our store then check
cf1bf3f0
MC		 323 * if there is an alternative chain that could be used. We only do this
324 * if the user hasn't switched off alternate chain checking
f7bf8e02
MC		 325 */
326 retry = 0;
cb22d2ae 327 if (num == ctx->last_untrusted &&
cf1bf3f0 328 !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
f7bf8e02
MC		 329 while (j-- > 1) {
330 xtmp2 = sk_X509_value(ctx->chain, j - 1);
331 ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
3d4f83a5
VD		 332 if (ok < 0) {
333 ctx->error = X509_V_ERR_STORE_LOOKUP;
f7bf8e02 334 goto end;
3d4f83a5 335 }
f7bf8e02
MC		 336 /* Check if we found an alternate chain */
337 if (ok > 0) {
338 /*
339 * Free up the found cert we'll add it again later
340 */
341 X509_free(xtmp);
10621efd 342
f7bf8e02
MC		 343 /*
344 * Dump all the certs above this point - we've found an
345 * alternate chain
346 */
347 while (num > j) {
348 xtmp = sk_X509_pop(ctx->chain);
349 X509_free(xtmp);
350 num--;
f7bf8e02 351 }
9a0db453 352 ctx->last_untrusted = sk_X509_num(ctx->chain);
f7bf8e02
MC		 353 retry = 1;
354 break;
355 }
356 }
10621efd 357 }
f7bf8e02 358 } while (retry);
10621efd
MC		 359
360 /* Is last certificate looked up self signed? */
361 if (!ctx->check_issued(ctx, x, x)) {
362 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
363 if (ctx->last_untrusted >= num)
364 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
365 else
366 ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
367 ctx->current_cert = x;
368 } else {
369
370 sk_X509_push(ctx->chain, chain_ss);
371 num++;
372 ctx->last_untrusted = num;
373 ctx->current_cert = chain_ss;
374 ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
375 chain_ss = NULL;
376 }
377
378 ctx->error_depth = num - 1;
379 bad_chain = 1;
380 ok = cb(0, ctx);
381 if (!ok)
382 goto end;
383 }
384
385 /* We have the chain complete: now we need to check its purpose */
386 ok = check_chain_extensions(ctx);
387
388 if (!ok)
389 goto end;
390
391 /* Check name constraints */
392
393 ok = check_name_constraints(ctx);
394
395 if (!ok)
396 goto end;
397
398 /* The chain extensions are OK: check trust */
399
400 if (param->trust > 0)
401 ok = check_trust(ctx);
402
403 if (!ok)
404 goto end;
405
406 /* We may as well copy down any DSA parameters that are required */
407 X509_get_pubkey_parameters(NULL, ctx->chain);
408
409 /*
410 * Check revocation status: we do this after copying parameters because
411 * they may be needed for CRL signature verification.
412 */
413
414 ok = ctx->check_revocation(ctx);
415 if (!ok)
416 goto end;
417
418 /* At this point, we have a chain and need to verify it */
419 if (ctx->verify != NULL)
420 ok = ctx->verify(ctx);
421 else
422 ok = internal_verify(ctx);
423 if (!ok)
424 goto end;
5d7c222d 425
10ca15f3 426#ifndef OPENSSL_NO_RFC3779
10621efd
MC		 427 /* RFC 3779 path validation, now that CRL check has been done */
428 ok = v3_asid_validate_path(ctx);
429 if (!ok)
430 goto end;
431 ok = v3_addr_validate_path(ctx);
432 if (!ok)
433 goto end;
96ea4ae9
BL		 434#endif
435
10621efd
MC		 436 /* If we get this far evaluate policies */
437 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
438 ok = ctx->check_policy(ctx);
439 if (!ok)
440 goto end;
441 if (0) {
442 end:
443 X509_get_pubkey_parameters(NULL, ctx->chain);
444 }
445 if (sktmp != NULL)
446 sk_X509_free(sktmp);
447 if (chain_ss != NULL)
448 X509_free(chain_ss);
3d4f83a5
VD		 449
450 /* Safety net, error returns must set ctx->error */
451 if (ok <= 0 && ctx->error == X509_V_OK)
452 ctx->error = X509_V_ERR_UNSPECIFIED;
10621efd
MC		 453 return ok;
454}
455
456/*
457 * Given a STACK_OF(X509) find the issuer of cert (if any)
2f043896
DSH		 458 */
459
460static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
461{
10621efd
MC		 462 int i;
463 X509 *issuer;
464 for (i = 0; i < sk_X509_num(sk); i++) {
465 issuer = sk_X509_value(sk, i);
466 if (ctx->check_issued(ctx, x, issuer))
467 return issuer;
468 }
469 return NULL;
2f043896
DSH		 470}
471
472/* Given a possible certificate and issuer check them */
473
474static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
475{
10621efd
MC		 476 int ret;
477 ret = X509_check_issued(issuer, x);
478 if (ret == X509_V_OK)
479 return 1;
480 /* If we haven't asked for issuer errors don't set ctx */
481 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
482 return 0;
483
484 ctx->error = ret;
485 ctx->current_cert = x;
486 ctx->current_issuer = issuer;
487 return ctx->verify_cb(0, ctx);
488 return 0;
2f043896
DSH		 489}
490
491/* Alternative lookup method: look from a STACK stored in other_ctx */
492
493static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
494{
10621efd
MC		 495 *issuer = find_issuer(ctx, ctx->other_ctx, x);
496 if (*issuer) {
497 CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
498 return 1;
499 } else
500 return 0;
2f043896 501}
2f043896 502
10621efd
MC		 503/*
504 * Check a certificate chains extensions for consistency with the supplied
505 * purpose
11262391
DSH		 506 */
507
30b415b0 508static int check_chain_extensions(X509_STORE_CTX *ctx)
11262391 509{
cf1b7d96 510#ifdef OPENSSL_NO_CHAIN_VERIFY
10621efd 511 return 1;
11262391 512#else
10621efd
MC		 513 int i, ok = 0, must_be_ca, plen = 0;
514 X509 *x;
515 int (*cb) (int xok, X509_STORE_CTX *xctx);
516 int proxy_path_length = 0;
517 int purpose;
518 int allow_proxy_certs;
519 cb = ctx->verify_cb;
520
cda8845d
MC		 521 /*-
522 * must_be_ca can have 1 of 3 values:
523 * -1: we accept both CA and non-CA certificates, to allow direct
524 * use of self-signed certificates (which are marked as CA).
525 * 0: we only accept non-CA certificates. This is currently not
526 * used, but the possibility is present for future extensions.
527 * 1: we only accept CA certificates. This is currently used for
528 * all certificates in the chain except the leaf certificate.
529 */
10621efd
MC		 530 must_be_ca = -1;
531
532 /* CRL path validation */
533 if (ctx->parent) {
534 allow_proxy_certs = 0;
535 purpose = X509_PURPOSE_CRL_SIGN;
536 } else {
537 allow_proxy_certs =
538 ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
539 /*
540 * A hack to keep people who don't want to modify their software
541 * happy
542 */
543 if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
544 allow_proxy_certs = 1;
545 purpose = ctx->param->purpose;
546 }
547
548 /* Check all untrusted certificates */
549 for (i = 0; i < ctx->last_untrusted; i++) {
550 int ret;
551 x = sk_X509_value(ctx->chain, i);
552 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
553 && (x->ex_flags & EXFLAG_CRITICAL)) {
554 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
555 ctx->error_depth = i;
556 ctx->current_cert = x;
557 ok = cb(0, ctx);
558 if (!ok)
559 goto end;
560 }
561 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
562 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
563 ctx->error_depth = i;
564 ctx->current_cert = x;
565 ok = cb(0, ctx);
566 if (!ok)
567 goto end;
568 }
569 ret = X509_check_ca(x);
570 switch (must_be_ca) {
571 case -1:
572 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
573 && (ret != 1) && (ret != 0)) {
574 ret = 0;
575 ctx->error = X509_V_ERR_INVALID_CA;
576 } else
577 ret = 1;
578 break;
579 case 0:
580 if (ret != 0) {
581 ret = 0;
582 ctx->error = X509_V_ERR_INVALID_NON_CA;
583 } else
584 ret = 1;
585 break;
586 default:
587 if ((ret == 0)
588 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
589 && (ret != 1))) {
590 ret = 0;
591 ctx->error = X509_V_ERR_INVALID_CA;
592 } else
593 ret = 1;
594 break;
595 }
596 if (ret == 0) {
597 ctx->error_depth = i;
598 ctx->current_cert = x;
599 ok = cb(0, ctx);
600 if (!ok)
601 goto end;
602 }
603 if (ctx->param->purpose > 0) {
604 ret = X509_check_purpose(x, purpose, must_be_ca > 0);
605 if ((ret == 0)
606 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
607 && (ret != 1))) {
608 ctx->error = X509_V_ERR_INVALID_PURPOSE;
609 ctx->error_depth = i;
610 ctx->current_cert = x;
611 ok = cb(0, ctx);
612 if (!ok)
613 goto end;
614 }
615 }
616 /* Check pathlen if not self issued */
617 if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
618 && (x->ex_pathlen != -1)
619 && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
620 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
621 ctx->error_depth = i;
622 ctx->current_cert = x;
623 ok = cb(0, ctx);
624 if (!ok)
625 goto end;
626 }
627 /* Increment path length if not self issued */
628 if (!(x->ex_flags & EXFLAG_SI))
629 plen++;
630 /*
631 * If this certificate is a proxy certificate, the next certificate
632 * must be another proxy certificate or a EE certificate. If not,
633 * the next certificate must be a CA certificate.
634 */
635 if (x->ex_flags & EXFLAG_PROXY) {
636 if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
637 ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
638 ctx->error_depth = i;
639 ctx->current_cert = x;
640 ok = cb(0, ctx);
641 if (!ok)
642 goto end;
643 }
644 proxy_path_length++;
645 must_be_ca = 0;
646 } else
647 must_be_ca = 1;
648 }
649 ok = 1;
82aec1cc 650 end:
10621efd 651 return ok;
11262391
DSH		 652#endif
653}
654
e9746e03 655static int check_name_constraints(X509_STORE_CTX *ctx)
10621efd
MC		 656{
657 X509 *x;
658 int i, j, rv;
659 /* Check name constraints for all certificates */
660 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
661 x = sk_X509_value(ctx->chain, i);
662 /* Ignore self issued certs unless last in chain */
663 if (i && (x->ex_flags & EXFLAG_SI))
664 continue;
26576cf9
RL		 665
666 /*
667 * Proxy certificates policy has an extra constraint, where the
668 * certificate subject MUST be the issuer with a single CN entry
669 * added.
670 * (RFC 3820: 3.4, 4.1.3 (a)(4))
671 */
672 if (x->ex_flags & EXFLAG_PROXY) {
673 X509_NAME *tmpsubject = X509_get_subject_name(x);
674 X509_NAME *tmpissuer = X509_get_issuer_name(x);
675 X509_NAME_ENTRY *tmpentry = NULL;
676 int last_object_nid = 0;
677 int err = X509_V_OK;
678 int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1;
679
680 /* Check that there are at least two RDNs */
681 if (last_object_loc < 1) {
682 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
683 goto proxy_name_done;
684 }
685
686 /*
687 * Check that there is exactly one more RDN in subject as
688 * there is in issuer.
689 */
690 if (X509_NAME_entry_count(tmpsubject)
691 != X509_NAME_entry_count(tmpissuer) + 1) {
692 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
693 goto proxy_name_done;
694 }
695
696 /*
697 * Check that the last subject component isn't part of a
698 * multivalued RDN
699 */
700 if (X509_NAME_get_entry(tmpsubject, last_object_loc)->set
701 == X509_NAME_get_entry(tmpsubject, last_object_loc - 1)->set) {
702 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
703 goto proxy_name_done;
704 }
705
706 /*
707 * Check that the last subject RDN is a commonName, and that
708 * all the previous RDNs match the issuer exactly
709 */
710 tmpsubject = X509_NAME_dup(tmpsubject);
711 if (tmpsubject == NULL) {
712 X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
713 ctx->error = X509_V_ERR_OUT_OF_MEM;
714 return 0;
715 }
716
717 tmpentry =
718 X509_NAME_delete_entry(tmpsubject, last_object_loc);
719 last_object_nid =
720 OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
721
722 if (last_object_nid != NID_commonName
723 || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
724 err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
725 }
726
727 X509_NAME_ENTRY_free(tmpentry);
728 X509_NAME_free(tmpsubject);
729
730 proxy_name_done:
731 if (err != X509_V_OK) {
732 ctx->error = err;
733 ctx->error_depth = i;
734 ctx->current_cert = x;
735 if (!ctx->verify_cb(0, ctx))
736 return 0;
737 }
738 }
739
10621efd
MC		 740 /*
741 * Check against constraints for all certificates higher in chain
742 * including trust anchor. Trust anchor not strictly speaking needed
743 * but if it includes constraints it is to be assumed it expects them
744 * to be obeyed.
745 */
746 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
747 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
748 if (nc) {
749 rv = NAME_CONSTRAINTS_check(x, nc);
3d4f83a5
VD		 750 switch (rv) {
751 case X509_V_OK:
752 continue;
753 case X509_V_ERR_OUT_OF_MEM:
754 ctx->error = rv;
755 return 0;
756 default:
10621efd
MC		 757 ctx->error = rv;
758 ctx->error_depth = i;
759 ctx->current_cert = x;
760 if (!ctx->verify_cb(0, ctx))
761 return 0;
3d4f83a5 762 break;
10621efd
MC		 763 }
764 }
765 }
766 }
767 return 1;
768}
e9746e03 769
51630a37
DSH		 770static int check_trust(X509_STORE_CTX *ctx)
771{
cf1b7d96 772#ifdef OPENSSL_NO_CHAIN_VERIFY
10621efd 773 return 1;
51630a37 774#else
10621efd
MC		 775 int i, ok;
776 X509 *x;
777 int (*cb) (int xok, X509_STORE_CTX *xctx);
778 cb = ctx->verify_cb;
51630a37 779/* For now just check the last certificate in the chain */
10621efd
MC		 780 i = sk_X509_num(ctx->chain) - 1;
781 x = sk_X509_value(ctx->chain, i);
782 ok = X509_check_trust(x, ctx->param->trust, 0);
783 if (ok == X509_TRUST_TRUSTED)
784 return 1;
785 ctx->error_depth = i;
786 ctx->current_cert = x;
787 if (ok == X509_TRUST_REJECTED)
788 ctx->error = X509_V_ERR_CERT_REJECTED;
789 else
790 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
791 ok = cb(0, ctx);
792 return ok;
51630a37
DSH		 793#endif
794}
795
b545dc67 796static int check_revocation(X509_STORE_CTX *ctx)
10621efd
MC		 797{
798 int i, last, ok;
799 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
800 return 1;
801 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
802 last = sk_X509_num(ctx->chain) - 1;
803 else {
804 /* If checking CRL paths this isn't the EE certificate */
805 if (ctx->parent)
806 return 1;
807 last = 0;
808 }
809 for (i = 0; i <= last; i++) {
810 ctx->error_depth = i;
811 ok = check_cert(ctx);
812 if (!ok)
813 return ok;
814 }
815 return 1;
816}
b545dc67
DSH		 817
818static int check_cert(X509_STORE_CTX *ctx)
10621efd
MC		 819{
820 X509_CRL *crl = NULL, *dcrl = NULL;
821 X509 *x;
822 int ok, cnum;
823 unsigned int last_reasons;
824 cnum = ctx->error_depth;
825 x = sk_X509_value(ctx->chain, cnum);
826 ctx->current_cert = x;
827 ctx->current_issuer = NULL;
828 ctx->current_crl_score = 0;
829 ctx->current_reasons = 0;
830 while (ctx->current_reasons != CRLDP_ALL_REASONS) {
831 last_reasons = ctx->current_reasons;
832 /* Try to retrieve relevant CRL */
833 if (ctx->get_crl)
834 ok = ctx->get_crl(ctx, &crl, x);
835 else
836 ok = get_crl_delta(ctx, &crl, &dcrl, x);
837 /*
838 * If error looking up CRL, nothing we can do except notify callback
839 */
840 if (!ok) {
841 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
842 ok = ctx->verify_cb(0, ctx);
843 goto err;
844 }
845 ctx->current_crl = crl;
846 ok = ctx->check_crl(ctx, crl);
847 if (!ok)
848 goto err;
849
850 if (dcrl) {
851 ok = ctx->check_crl(ctx, dcrl);
852 if (!ok)
853 goto err;
854 ok = ctx->cert_crl(ctx, dcrl, x);
855 if (!ok)
856 goto err;
857 } else
858 ok = 1;
859
860 /* Don't look in full CRL if delta reason is removefromCRL */
861 if (ok != 2) {
862 ok = ctx->cert_crl(ctx, crl, x);
863 if (!ok)
864 goto err;
865 }
866
867 X509_CRL_free(crl);
868 X509_CRL_free(dcrl);
869 crl = NULL;
870 dcrl = NULL;
871 /*
872 * If reasons not updated we wont get anywhere by another iteration,
873 * so exit loop.
874 */
875 if (last_reasons == ctx->current_reasons) {
876 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
877 ok = ctx->verify_cb(0, ctx);
878 goto err;
879 }
880 }
881 err:
882 X509_CRL_free(crl);
883 X509_CRL_free(dcrl);
884
885 ctx->current_crl = NULL;
886 return ok;
887
888}
b545dc67 889
e1a27eb3
DSH		 890/* Check CRL times against values in X509_STORE_CTX */
891
892static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
10621efd
MC		 893{
894 time_t *ptime;
895 int i;
896 if (notify)
897 ctx->current_crl = crl;
898 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
899 ptime = &ctx->param->check_time;
900 else
901 ptime = NULL;
902
903 i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
904 if (i == 0) {
905 if (!notify)
906 return 0;
907 ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
908 if (!ctx->verify_cb(0, ctx))
909 return 0;
910 }
911
912 if (i > 0) {
913 if (!notify)
914 return 0;
915 ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
916 if (!ctx->verify_cb(0, ctx))
917 return 0;
918 }
919
920 if (X509_CRL_get_nextUpdate(crl)) {
921 i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
922
923 if (i == 0) {
924 if (!notify)
925 return 0;
926 ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
927 if (!ctx->verify_cb(0, ctx))
928 return 0;
929 }
930 /* Ignore expiry of base CRL is delta is valid */
931 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
932 if (!notify)
933 return 0;
934 ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
935 if (!ctx->verify_cb(0, ctx))
936 return 0;
937 }
938 }
939
940 if (notify)
941 ctx->current_crl = NULL;
942
943 return 1;
944}
e1a27eb3 945
d43c4497 946static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
10621efd
MC		 947 X509 **pissuer, int *pscore, unsigned int *preasons,
948 STACK_OF(X509_CRL) *crls)
949{
950 int i, crl_score, best_score = *pscore;
951 unsigned int reasons, best_reasons = 0;
952 X509 *x = ctx->current_cert;
953 X509_CRL *crl, *best_crl = NULL;
954 X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
955
956 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
957 crl = sk_X509_CRL_value(crls, i);
958 reasons = *preasons;
959 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
960
961 if (crl_score > best_score) {
962 best_crl = crl;
963 best_crl_issuer = crl_issuer;
964 best_score = crl_score;
965 best_reasons = reasons;
966 }
967 }
968
969 if (best_crl) {
970 if (*pcrl)
971 X509_CRL_free(*pcrl);
972 *pcrl = best_crl;
973 *pissuer = best_crl_issuer;
974 *pscore = best_score;
975 *preasons = best_reasons;
976 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
977 if (*pdcrl) {
978 X509_CRL_free(*pdcrl);
979 *pdcrl = NULL;
980 }
981 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
982 }
983
984 if (best_score >= CRL_SCORE_VALID)
985 return 1;
986
987 return 0;
988}
989
990/*
991 * Compare two CRL extensions for delta checking purposes. They should be
d43c4497
DSH		 992 * both present or both absent. If both present all fields must be identical.
993 */
994
995static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
10621efd
MC		 996{
997 ASN1_OCTET_STRING *exta, *extb;
998 int i;
999 i = X509_CRL_get_ext_by_NID(a, nid, -1);
1000 if (i >= 0) {
1001 /* Can't have multiple occurrences */
1002 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1003 return 0;
1004 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1005 } else
1006 exta = NULL;
d43c4497 1007
10621efd 1008 i = X509_CRL_get_ext_by_NID(b, nid, -1);
d43c4497 1009
10621efd 1010 if (i >= 0) {
d43c4497 1011
10621efd
MC		 1012 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1013 return 0;
1014 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1015 } else
1016 extb = NULL;
d43c4497 1017
10621efd
MC		 1018 if (!exta && !extb)
1019 return 1;
d43c4497 1020
10621efd
MC		 1021 if (!exta || !extb)
1022 return 0;
d43c4497 1023
10621efd
MC		 1024 if (ASN1_OCTET_STRING_cmp(exta, extb))
1025 return 0;
d43c4497 1026
10621efd
MC		 1027 return 1;
1028}
d43c4497
DSH		 1029
1030/* See if a base and delta are compatible */
1031
1032static int check_delta_base(X509_CRL *delta, X509_CRL *base)
10621efd
MC		 1033{
1034 /* Delta CRL must be a delta */
1035 if (!delta->base_crl_number)
1036 return 0;
1037 /* Base must have a CRL number */
1038 if (!base->crl_number)
1039 return 0;
1040 /* Issuer names must match */
1041 if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
1042 return 0;
1043 /* AKID and IDP must match */
1044 if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1045 return 0;
1046 if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1047 return 0;
1048 /* Delta CRL base number must not exceed Full CRL number. */
1049 if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1050 return 0;
1051 /* Delta CRL number must exceed full CRL number */
1052 if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1053 return 1;
1054 return 0;
1055}
1056
1057/*
1058 * For a given base CRL find a delta... maybe extend to delta scoring or
1059 * retrieve a chain of deltas...
d43c4497
DSH		 1060 */
1061
1062static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
10621efd
MC		 1063 X509_CRL *base, STACK_OF(X509_CRL) *crls)
1064{
1065 X509_CRL *delta;
1066 int i;
1067 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1068 return;
1069 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1070 return;
1071 for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1072 delta = sk_X509_CRL_value(crls, i);
1073 if (check_delta_base(delta, base)) {
1074 if (check_crl_time(ctx, delta, 0))
1075 *pscore |= CRL_SCORE_TIME_DELTA;
1076 CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
1077 *dcrl = delta;
1078 return;
1079 }
1080 }
1081 *dcrl = NULL;
1082}
1083
1084/*
1085 * For a given CRL return how suitable it is for the supplied certificate
1086 * 'x'. The return value is a mask of several criteria. If the issuer is not
1087 * the certificate issuer this is returned in *pissuer. The reasons mask is
1088 * also used to determine if the CRL is suitable: if no new reasons the CRL
1089 * is rejected, otherwise reasons is updated.
4b96839f
DSH		 1090 */
1091
1092static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
10621efd
MC		 1093 unsigned int *preasons, X509_CRL *crl, X509 *x)
1094{
1095
1096 int crl_score = 0;
1097 unsigned int tmp_reasons = *preasons, crl_reasons;
1098
1099 /* First see if we can reject CRL straight away */
1100
1101 /* Invalid IDP cannot be processed */
1102 if (crl->idp_flags & IDP_INVALID)
1103 return 0;
1104 /* Reason codes or indirect CRLs need extended CRL support */
1105 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1106 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1107 return 0;
1108 } else if (crl->idp_flags & IDP_REASONS) {
1109 /* If no new reasons reject */
1110 if (!(crl->idp_reasons & ~tmp_reasons))
1111 return 0;
1112 }
1113 /* Don't process deltas at this stage */
1114 else if (crl->base_crl_number)
1115 return 0;
1116 /* If issuer name doesn't match certificate need indirect CRL */
1117 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1118 if (!(crl->idp_flags & IDP_INDIRECT))
1119 return 0;
1120 } else
1121 crl_score |= CRL_SCORE_ISSUER_NAME;
1122
1123 if (!(crl->flags & EXFLAG_CRITICAL))
1124 crl_score |= CRL_SCORE_NOCRITICAL;
1125
1126 /* Check expiry */
1127 if (check_crl_time(ctx, crl, 0))
1128 crl_score |= CRL_SCORE_TIME;
1129
1130 /* Check authority key ID and locate certificate issuer */
1131 crl_akid_check(ctx, crl, pissuer, &crl_score);
1132
1133 /* If we can't locate certificate issuer at this point forget it */
1134
1135 if (!(crl_score & CRL_SCORE_AKID))
1136 return 0;
1137
1138 /* Check cert for matching CRL distribution points */
1139
1140 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1141 /* If no new reasons reject */
1142 if (!(crl_reasons & ~tmp_reasons))
1143 return 0;
1144 tmp_reasons |= crl_reasons;
1145 crl_score |= CRL_SCORE_SCOPE;
1146 }
1147
1148 *preasons = tmp_reasons;
1149
1150 return crl_score;
1151
1152}
4b96839f
DSH		 1153
1154static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
10621efd
MC		 1155 X509 **pissuer, int *pcrl_score)
1156{
1157 X509 *crl_issuer = NULL;
1158 X509_NAME *cnm = X509_CRL_get_issuer(crl);
1159 int cidx = ctx->error_depth;
1160 int i;
1161
1162 if (cidx != sk_X509_num(ctx->chain) - 1)
1163 cidx++;
1164
1165 crl_issuer = sk_X509_value(ctx->chain, cidx);
1166
1167 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1168 if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1169 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1170 *pissuer = crl_issuer;
1171 return;
1172 }
1173 }
1174
1175 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) {
1176 crl_issuer = sk_X509_value(ctx->chain, cidx);
1177 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1178 continue;
1179 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1180 *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1181 *pissuer = crl_issuer;
1182 return;
1183 }
1184 }
1185
1186 /* Anything else needs extended CRL support */
1187
1188 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1189 return;
1190
1191 /*
1192 * Otherwise the CRL issuer is not on the path. Look for it in the set of
1193 * untrusted certificates.
1194 */
1195 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1196 crl_issuer = sk_X509_value(ctx->untrusted, i);
1197 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1198 continue;
1199 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1200 *pissuer = crl_issuer;
1201 *pcrl_score |= CRL_SCORE_AKID;
1202 return;
1203 }
1204 }
1205}
1206
1207/*
1208 * Check the path of a CRL issuer certificate. This creates a new
9d84d4ed 1209 * X509_STORE_CTX and populates it with most of the parameters from the
10621efd
MC		 1210 * parent. This could be optimised somewhat since a lot of path checking will
1211 * be duplicated by the parent, but this will rarely be used in practice.
9d84d4ed
DSH		 1212 */
1213
1214static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
10621efd
MC		 1215{
1216 X509_STORE_CTX crl_ctx;
1217 int ret;
1218 /* Don't allow recursive CRL path validation */
1219 if (ctx->parent)
1220 return 0;
1221 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1222 return -1;
1223
1224 crl_ctx.crls = ctx->crls;
1225 /* Copy verify params across */
1226 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1227
1228 crl_ctx.parent = ctx;
1229 crl_ctx.verify_cb = ctx->verify_cb;
1230
1231 /* Verify CRL issuer */
1232 ret = X509_verify_cert(&crl_ctx);
1233
1234 if (ret <= 0)
1235 goto err;
1236
1237 /* Check chain is acceptable */
1238
1239 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1240 err:
1241 X509_STORE_CTX_cleanup(&crl_ctx);
1242 return ret;
1243}
1244
1245/*
1246 * RFC3280 says nothing about the relationship between CRL path and
1247 * certificate path, which could lead to situations where a certificate could
1248 * be revoked or validated by a CA not authorised to do so. RFC5280 is more
1249 * strict and states that the two paths must end in the same trust anchor,
1250 * though some discussions remain... until this is resolved we use the
1251 * RFC5280 version
9d84d4ed
DSH		 1252 */
1253
1254static int check_crl_chain(X509_STORE_CTX *ctx,
10621efd
MC		 1255 STACK_OF(X509) *cert_path,
1256 STACK_OF(X509) *crl_path)
1257{
1258 X509 *cert_ta, *crl_ta;
1259 cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1260 crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1261 if (!X509_cmp(cert_ta, crl_ta))
1262 return 1;
1263 return 0;
1264}
9d84d4ed 1265
3e9a08ec
TH		 1266/*-
1267 * Check for match between two dist point names: three separate cases.
3e727a3b
DSH		 1268 * 1. Both are relative names and compare X509_NAME types.
1269 * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
1270 * 3. Both are full names and compare two GENERAL_NAMES.
d0fff69d 1271 * 4. One is NULL: automatic match.
3e727a3b
DSH		 1272 */
1273
3e727a3b 1274static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
10621efd
MC		 1275{
1276 X509_NAME *nm = NULL;
1277 GENERAL_NAMES *gens = NULL;
1278 GENERAL_NAME *gena, *genb;
1279 int i, j;
1280 if (!a || !b)
1281 return 1;
1282 if (a->type == 1) {
1283 if (!a->dpname)
1284 return 0;
1285 /* Case 1: two X509_NAME */
1286 if (b->type == 1) {
1287 if (!b->dpname)
1288 return 0;
1289 if (!X509_NAME_cmp(a->dpname, b->dpname))
1290 return 1;
1291 else
1292 return 0;
1293 }
1294 /* Case 2: set name and GENERAL_NAMES appropriately */
1295 nm = a->dpname;
1296 gens = b->name.fullname;
1297 } else if (b->type == 1) {
1298 if (!b->dpname)
1299 return 0;
1300 /* Case 2: set name and GENERAL_NAMES appropriately */
1301 gens = a->name.fullname;
1302 nm = b->dpname;
1303 }
1304
1305 /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1306 if (nm) {
1307 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1308 gena = sk_GENERAL_NAME_value(gens, i);
1309 if (gena->type != GEN_DIRNAME)
1310 continue;
1311 if (!X509_NAME_cmp(nm, gena->d.directoryName))
1312 return 1;
1313 }
1314 return 0;
1315 }
1316
1317 /* Else case 3: two GENERAL_NAMES */
1318
1319 for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1320 gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1321 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1322 genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1323 if (!GENERAL_NAME_cmp(gena, genb))
1324 return 1;
1325 }
1326 }
1327
1328 return 0;
1329
1330}
bc7535bc 1331
4b96839f 1332static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
10621efd
MC		 1333{
1334 int i;
1335 X509_NAME *nm = X509_CRL_get_issuer(crl);
1336 /* If no CRLissuer return is successful iff don't need a match */
1337 if (!dp->CRLissuer)
1338 return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
1339 for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1340 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1341 if (gen->type != GEN_DIRNAME)
1342 continue;
1343 if (!X509_NAME_cmp(gen->d.directoryName, nm))
1344 return 1;
1345 }
1346 return 0;
1347}
d0fff69d 1348
4b96839f 1349/* Check CRLDP and IDP */
bc7535bc 1350
4b96839f 1351static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
10621efd
MC		 1352 unsigned int *preasons)
1353{
1354 int i;
1355 if (crl->idp_flags & IDP_ONLYATTR)
1356 return 0;
1357 if (x->ex_flags & EXFLAG_CA) {
1358 if (crl->idp_flags & IDP_ONLYUSER)
1359 return 0;
1360 } else {
1361 if (crl->idp_flags & IDP_ONLYCA)
1362 return 0;
1363 }
1364 *preasons = crl->idp_reasons;
1365 for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1366 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1367 if (crldp_check_crlissuer(dp, crl, crl_score)) {
1368 if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1369 *preasons &= dp->dp_reasons;
1370 return 1;
1371 }
1372 }
1373 }
1374 if ((!crl->idp || !crl->idp->distpoint)
1375 && (crl_score & CRL_SCORE_ISSUER_NAME))
1376 return 1;
1377 return 0;
1378}
1379
1380/*
1381 * Retrieve CRL corresponding to current certificate. If deltas enabled try
1382 * to find a delta CRL too
b545dc67 1383 */
10621efd 1384
d43c4497 1385static int get_crl_delta(X509_STORE_CTX *ctx,
10621efd
MC		 1386 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1387{
1388 int ok;
1389 X509 *issuer = NULL;
1390 int crl_score = 0;
1391 unsigned int reasons;
1392 X509_CRL *crl = NULL, *dcrl = NULL;
1393 STACK_OF(X509_CRL) *skcrl;
1394 X509_NAME *nm = X509_get_issuer_name(x);
1395 reasons = ctx->current_reasons;
1396 ok = get_crl_sk(ctx, &crl, &dcrl,
1397 &issuer, &crl_score, &reasons, ctx->crls);
1398
1399 if (ok)
1400 goto done;
1401
1402 /* Lookup CRLs from store */
1403
1404 skcrl = ctx->lookup_crls(ctx, nm);
1405
1406 /* If no CRLs found and a near match from get_crl_sk use that */
1407 if (!skcrl && crl)
1408 goto done;
1409
1410 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1411
1412 sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1413
1414 done:
1415
1416 /* If we got any kind of CRL use it and return success */
1417 if (crl) {
1418 ctx->current_issuer = issuer;
1419 ctx->current_crl_score = crl_score;
1420 ctx->current_reasons = reasons;
1421 *pcrl = crl;
1422 *pdcrl = dcrl;
1423 return 1;
1424 }
1425
1426 return 0;
1427}
b545dc67
DSH		 1428
1429/* Check CRL validity */
1430static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
10621efd
MC		 1431{
1432 X509 *issuer = NULL;
1433 EVP_PKEY *ikey = NULL;
1434 int ok = 0, chnum, cnum;
1435 cnum = ctx->error_depth;
1436 chnum = sk_X509_num(ctx->chain) - 1;
1437 /* if we have an alternative CRL issuer cert use that */
1438 if (ctx->current_issuer)
1439 issuer = ctx->current_issuer;
1440
1441 /*
1442 * Else find CRL issuer: if not last certificate then issuer is next
1443 * certificate in chain.
1444 */
1445 else if (cnum < chnum)
1446 issuer = sk_X509_value(ctx->chain, cnum + 1);
1447 else {
1448 issuer = sk_X509_value(ctx->chain, chnum);
1449 /* If not self signed, can't check signature */
1450 if (!ctx->check_issued(ctx, issuer, issuer)) {
1451 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1452 ok = ctx->verify_cb(0, ctx);
1453 if (!ok)
1454 goto err;
1455 }
1456 }
1457
1458 if (issuer) {
1459 /*
1460 * Skip most tests for deltas because they have already been done
1461 */
1462 if (!crl->base_crl_number) {
1463 /* Check for cRLSign bit if keyUsage present */
1464 if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1465 !(issuer->ex_kusage & KU_CRL_SIGN)) {
1466 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1467 ok = ctx->verify_cb(0, ctx);
1468 if (!ok)
1469 goto err;
1470 }
1471
1472 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1473 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1474 ok = ctx->verify_cb(0, ctx);
1475 if (!ok)
1476 goto err;
1477 }
1478
1479 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1480 if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1481 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1482 ok = ctx->verify_cb(0, ctx);
1483 if (!ok)
1484 goto err;
1485 }
1486 }
1487
1488 if (crl->idp_flags & IDP_INVALID) {
1489 ctx->error = X509_V_ERR_INVALID_EXTENSION;
1490 ok = ctx->verify_cb(0, ctx);
1491 if (!ok)
1492 goto err;
1493 }
1494
1495 }
1496
1497 if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1498 ok = check_crl_time(ctx, crl, 1);
1499 if (!ok)
1500 goto err;
1501 }
1502
1503 /* Attempt to get issuer certificate public key */
1504 ikey = X509_get_pubkey(issuer);
1505
1506 if (!ikey) {
1507 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1508 ok = ctx->verify_cb(0, ctx);
1509 if (!ok)
1510 goto err;
1511 } else {
1512 /* Verify CRL signature */
1513 if (X509_CRL_verify(crl, ikey) <= 0) {
1514 ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1515 ok = ctx->verify_cb(0, ctx);
1516 if (!ok)
1517 goto err;
1518 }
1519 }
1520 }
1521
1522 ok = 1;
1523
1524 err:
1525 EVP_PKEY_free(ikey);
1526 return ok;
1527}
b545dc67
DSH		 1528
1529/* Check certificate against CRL */
1530static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
10621efd
MC		 1531{
1532 int ok;
1533 X509_REVOKED *rev;
1534 /*
1535 * The rules changed for this... previously if a CRL contained unhandled
1536 * critical extensions it could still be used to indicate a certificate
1537 * was revoked. This has since been changed since critical extension can
1538 * change the meaning of CRL entries.
1539 */
1540 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1541 && (crl->flags & EXFLAG_CRITICAL)) {
1542 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1543 ok = ctx->verify_cb(0, ctx);
1544 if (!ok)
1545 return 0;
1546 }
1547 /*
1548 * Look for serial number of certificate in CRL If found make sure reason
1549 * is not removeFromCRL.
1550 */
1551 if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1552 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1553 return 2;
1554 ctx->error = X509_V_ERR_CERT_REVOKED;
1555 ok = ctx->verify_cb(0, ctx);
1556 if (!ok)
1557 return 0;
1558 }
1559
1560 return 1;
1561}
b545dc67 1562
5d7c222d 1563static int check_policy(X509_STORE_CTX *ctx)
10621efd
MC		 1564{
1565 int ret;
1566 if (ctx->parent)
1567 return 1;
1568 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1569 ctx->param->policies, ctx->param->flags);
1570 if (ret == 0) {
1571 X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
3d4f83a5 1572 ctx->error = X509_V_ERR_OUT_OF_MEM;
10621efd
MC		 1573 return 0;
1574 }
1575 /* Invalid or inconsistent extensions */
1576 if (ret == -1) {
1577 /*
1578 * Locate certificates with bad extensions and notify callback.
1579 */
1580 X509 *x;
1581 int i;
1582 for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1583 x = sk_X509_value(ctx->chain, i);
1584 if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1585 continue;
1586 ctx->current_cert = x;
1587 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1588 if (!ctx->verify_cb(0, ctx))
1589 return 0;
1590 }
1591 return 1;
1592 }
1593 if (ret == -2) {
1594 ctx->current_cert = NULL;
1595 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1596 return ctx->verify_cb(0, ctx);
1597 }
1598
1599 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1600 ctx->current_cert = NULL;
3d4f83a5
VD		 1601 /*
1602 * Verification errors need to be "sticky", a callback may have allowed
1603 * an SSL handshake to continue despite an error, and we must then
1604 * remain in an error state. Therefore, we MUST NOT clear earlier
1605 * verification errors by setting the error to X509_V_OK.
1606 */
10621efd
MC		 1607 if (!ctx->verify_cb(2, ctx))
1608 return 0;
1609 }
1610
1611 return 1;
1612}
5d7c222d 1613
e1a27eb3 1614static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
10621efd
MC		 1615{
1616 time_t *ptime;
1617 int i;
1618
1619 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1620 ptime = &ctx->param->check_time;
1621 else
1622 ptime = NULL;
1623
1624 i = X509_cmp_time(X509_get_notBefore(x), ptime);
1625 if (i == 0) {
1626 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1627 ctx->current_cert = x;
1628 if (!ctx->verify_cb(0, ctx))
1629 return 0;
1630 }
1631
1632 if (i > 0) {
1633 ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1634 ctx->current_cert = x;
1635 if (!ctx->verify_cb(0, ctx))
1636 return 0;
1637 }
1638
1639 i = X509_cmp_time(X509_get_notAfter(x), ptime);
1640 if (i == 0) {
1641 ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1642 ctx->current_cert = x;
1643 if (!ctx->verify_cb(0, ctx))
1644 return 0;
1645 }
1646
1647 if (i < 0) {
1648 ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1649 ctx->current_cert = x;
1650 if (!ctx->verify_cb(0, ctx))
1651 return 0;
1652 }
1653
1654 return 1;
1655}
e1a27eb3 1656
6b691a5c 1657static int internal_verify(X509_STORE_CTX *ctx)
10621efd
MC		 1658{
1659 int ok = 0, n;
1660 X509 *xs, *xi;
1661 EVP_PKEY *pkey = NULL;
1662 int (*cb) (int xok, X509_STORE_CTX *xctx);
1663
1664 cb = ctx->verify_cb;
1665
1666 n = sk_X509_num(ctx->chain);
1667 ctx->error_depth = n - 1;
1668 n--;
1669 xi = sk_X509_value(ctx->chain, n);
1670
1671 if (ctx->check_issued(ctx, xi, xi))
1672 xs = xi;
1673 else {
1674 if (n <= 0) {
1675 ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1676 ctx->current_cert = xi;
1677 ok = cb(0, ctx);
1678 goto end;
1679 } else {
1680 n--;
1681 ctx->error_depth = n;
1682 xs = sk_X509_value(ctx->chain, n);
1683 }
1684 }
1685
1686/* ctx->error=0; not needed */
1687 while (n >= 0) {
1688 ctx->error_depth = n;
1689
1690 /*
1691 * Skip signature check for self signed certificates unless
1692 * explicitly asked for. It doesn't add any security and just wastes
1693 * time.
1694 */
1695 if (!xs->valid
1696 && (xs != xi
1697 || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
1698 if ((pkey = X509_get_pubkey(xi)) == NULL) {
1699 ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1700 ctx->current_cert = xi;
1701 ok = (*cb) (0, ctx);
1702 if (!ok)
1703 goto end;
1704 } else if (X509_verify(xs, pkey) <= 0) {
1705 ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1706 ctx->current_cert = xs;
1707 ok = (*cb) (0, ctx);
1708 if (!ok) {
1709 EVP_PKEY_free(pkey);
1710 goto end;
1711 }
1712 }
1713 EVP_PKEY_free(pkey);
1714 pkey = NULL;
1715 }
1716
1717 xs->valid = 1;
1718
1719 ok = check_cert_time(ctx, xs);
1720 if (!ok)
1721 goto end;
1722
1723 /* The last error (if any) is still in the error value */
1724 ctx->current_issuer = xi;
1725 ctx->current_cert = xs;
1726 ok = (*cb) (1, ctx);
1727 if (!ok)
1728 goto end;
1729
1730 n--;
1731 if (n >= 0) {
1732 xi = xs;
1733 xs = sk_X509_value(ctx->chain, n);
1734 }
1735 }
1736 ok = 1;
1737 end:
1738 return ok;
1739}
d02b48c6 1740
91b73acb 1741int X509_cmp_current_time(const ASN1_TIME *ctm)
bbb72003 1742{
10621efd 1743 return X509_cmp_time(ctm, NULL);
bbb72003
DSH		 1744}
1745
91b73acb 1746int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
10621efd
MC		 1747{
1748 char *str;
1749 ASN1_TIME atm;
1750 long offset;
1751 char buff1[24], buff2[24], *p;
370ac320 1752 int i, j, remaining;
10621efd
MC		 1753
1754 p = buff1;
370ac320 1755 remaining = ctm->length;
10621efd 1756 str = (char *)ctm->data;
370ac320
EK		 1757 /*
1758 * Note that the following (historical) code allows much more slack in the
1759 * time format than RFC5280. In RFC5280, the representation is fixed:
1760 * UTCTime: YYMMDDHHMMSSZ
1761 * GeneralizedTime: YYYYMMDDHHMMSSZ
1762 */
10621efd 1763 if (ctm->type == V_ASN1_UTCTIME) {
370ac320
EK		 1764 /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
1765 int min_length = sizeof("YYMMDDHHMMZ") - 1;
1766 int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
1767 if (remaining < min_length || remaining > max_length)
10621efd
MC		 1768 return 0;
1769 memcpy(p, str, 10);
1770 p += 10;
1771 str += 10;
370ac320 1772 remaining -= 10;
10621efd 1773 } else {
370ac320
EK		 1774 /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
1775 int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
1776 int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
1777 if (remaining < min_length || remaining > max_length)
10621efd
MC		 1778 return 0;
1779 memcpy(p, str, 12);
1780 p += 12;
1781 str += 12;
370ac320 1782 remaining -= 12;
10621efd
MC		 1783 }
1784
1785 if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
1786 *(p++) = '0';
1787 *(p++) = '0';
1788 } else {
370ac320
EK		 1789 /* SS (seconds) */
1790 if (remaining < 2)
1791 return 0;
10621efd
MC		 1792 *(p++) = *(str++);
1793 *(p++) = *(str++);
370ac320
EK		 1794 remaining -= 2;
1795 /*
1796 * Skip any (up to three) fractional seconds...
1797 * TODO(emilia): in RFC5280, fractional seconds are forbidden.
1798 * Can we just kill them altogether?
1799 */
1800 if (remaining && *str == '.') {
10621efd 1801 str++;
370ac320
EK		 1802 remaining--;
1803 for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
1804 if (*str < '0' || *str > '9')
1805 break;
1806 }
10621efd
MC		 1807 }
1808
1809 }
1810 *(p++) = 'Z';
1811 *(p++) = '\0';
1812
370ac320
EK		 1813 /* We now need either a terminating 'Z' or an offset. */
1814 if (!remaining)
1815 return 0;
1816 if (*str == 'Z') {
1817 if (remaining != 1)
1818 return 0;
10621efd 1819 offset = 0;
370ac320
EK		 1820 } else {
1821 /* (+-)HHMM */
10621efd
MC		 1822 if ((*str != '+') && (*str != '-'))
1823 return 0;
370ac320
EK		 1824 /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
1825 if (remaining != 5)
1826 return 0;
1827 if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
1828 str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
1829 return 0;
10621efd
MC		 1830 offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
1831 offset += (str[3] - '0') * 10 + (str[4] - '0');
1832 if (*str == '-')
1833 offset = -offset;
1834 }
1835 atm.type = ctm->type;
1836 atm.flags = 0;
1837 atm.length = sizeof(buff2);
1838 atm.data = (unsigned char *)buff2;
1839
1840 if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
1841 return 0;
1842
1843 if (ctm->type == V_ASN1_UTCTIME) {
1844 i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
1845 if (i < 50)
1846 i += 100; /* cf. RFC 2459 */
1847 j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
1848 if (j < 50)
1849 j += 100;
1850
1851 if (i < j)
1852 return -1;
1853 if (i > j)
1854 return 1;
1855 }
1856 i = strcmp(buff1, buff2);
1857 if (i == 0) /* wait a second then return younger :-) */
1858 return -1;
1859 else
1860 return i;
1861}
d02b48c6 1862
284ef5f3 1863ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
bbb72003 1864{
10621efd 1865 return X509_time_adj(s, adj, NULL);
bbb72003
DSH		 1866}
1867
87d3a0cd 1868ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
10621efd
MC		 1869{
1870 return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1871}
87d3a0cd
DSH		 1872
1873ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
10621efd
MC		 1874 int offset_day, long offset_sec, time_t *in_tm)
1875{
1876 time_t t;
1877
1878 if (in_tm)
1879 t = *in_tm;
1880 else
1881 time(&t);
1882
1883 if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
1884 if (s->type == V_ASN1_UTCTIME)
1885 return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
1886 if (s->type == V_ASN1_GENERALIZEDTIME)
1887 return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
1888 }
1889 return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1890}
d02b48c6 1891
7e258a56 1892int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
10621efd
MC		 1893{
1894 EVP_PKEY *ktmp = NULL, *ktmp2;
1895 int i, j;
1896
1897 if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
1898 return 1;
1899
1900 for (i = 0; i < sk_X509_num(chain); i++) {
1901 ktmp = X509_get_pubkey(sk_X509_value(chain, i));
1902 if (ktmp == NULL) {
1903 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
1904 X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
1905 return 0;
1906 }
1907 if (!EVP_PKEY_missing_parameters(ktmp))
1908 break;
1909 else {
1910 EVP_PKEY_free(ktmp);
1911 ktmp = NULL;
1912 }
1913 }
1914 if (ktmp == NULL) {
1915 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
1916 X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
1917 return 0;
1918 }
1919
1920 /* first, populate the other certs */
1921 for (j = i - 1; j >= 0; j--) {
1922 ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
1923 EVP_PKEY_copy_parameters(ktmp2, ktmp);
1924 EVP_PKEY_free(ktmp2);
1925 }
1926
1927 if (pkey != NULL)
1928 EVP_PKEY_copy_parameters(pkey, ktmp);
1929 EVP_PKEY_free(ktmp);
1930 return 1;
1931}
1932
1933int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
1934 CRYPTO_EX_new *new_func,
1935 CRYPTO_EX_dup *dup_func,
1936 CRYPTO_EX_free *free_func)
1937{
1938 /*
1939 * This function is (usually) called only once, by
1940 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
1941 */
1942 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
1943 new_func, dup_func, free_func);
1944}
58964a49 1945
6b691a5c 1946int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
10621efd
MC		 1947{
1948 return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
1949}
58964a49 1950
6b691a5c 1951void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
10621efd
MC		 1952{
1953 return CRYPTO_get_ex_data(&ctx->ex_data, idx);
1954}
58964a49 1955
6b691a5c 1956int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
10621efd
MC		 1957{
1958 return ctx->error;
1959}
58964a49 1960
6b691a5c 1961void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
10621efd
MC		 1962{
1963 ctx->error = err;
1964}
58964a49 1965
6b691a5c 1966int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
10621efd
MC		 1967{
1968 return ctx->error_depth;
1969}
58964a49 1970
6b691a5c 1971X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
10621efd
MC		 1972{
1973 return ctx->current_cert;
1974}
58964a49 1975
7e258a56 1976STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
10621efd
MC		 1977{
1978 return ctx->chain;
1979}
58964a49 1980
c7cb16a8 1981STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
10621efd
MC		 1982{
1983 int i;
1984 X509 *x;
1985 STACK_OF(X509) *chain;
1986 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain)))
1987 return NULL;
1988 for (i = 0; i < sk_X509_num(chain); i++) {
1989 x = sk_X509_value(chain, i);
1990 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1991 }
1992 return chain;
1993}
25f923dd 1994
4a7f7171 1995X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
10621efd
MC		 1996{
1997 return ctx->current_issuer;
1998}
4a7f7171
DSH		 1999
2000X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
10621efd
MC		 2001{
2002 return ctx->current_crl;
2003}
4a7f7171
DSH		 2004
2005X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
10621efd
MC		 2006{
2007 return ctx->parent;
2008}
4a7f7171 2009
6b691a5c 2010void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
10621efd
MC		 2011{
2012 ctx->cert = x;
2013}
58964a49 2014
6b691a5c 2015void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
10621efd
MC		 2016{
2017 ctx->untrusted = sk;
2018}
58964a49 2019
e1a27eb3 2020void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
10621efd
MC		 2021{
2022 ctx->crls = sk;
2023}
e1a27eb3 2024
13938ace 2025int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
10621efd
MC		 2026{
2027 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2028}
11262391 2029
bb7cd4e3 2030int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
10621efd
MC		 2031{
2032 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2033}
2034
2035/*
2036 * This function is used to set the X509_STORE_CTX purpose and trust values.
2037 * This is intended to be used when another structure has its own trust and
2038 * purpose values which (if set) will be inherited by the ctx. If they aren't
2039 * set then we will usually have a default purpose in mind which should then
2040 * be used to set the trust value. An example of this is SSL use: an SSL
2041 * structure will have its own purpose and trust settings which the
2042 * application can set: if they aren't set then we use the default of SSL
2043 * client/server.
13938ace
DSH		 2044 */
2045
2046int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
10621efd
MC		 2047 int purpose, int trust)
2048{
2049 int idx;
2050 /* If purpose not set use default */
2051 if (!purpose)
2052 purpose = def_purpose;
2053 /* If we have a purpose then check it is valid */
2054 if (purpose) {
2055 X509_PURPOSE *ptmp;
2056 idx = X509_PURPOSE_get_by_id(purpose);
2057 if (idx == -1) {
2058 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
2059 X509_R_UNKNOWN_PURPOSE_ID);
2060 return 0;
2061 }
2062 ptmp = X509_PURPOSE_get0(idx);
2063 if (ptmp->trust == X509_TRUST_DEFAULT) {
2064 idx = X509_PURPOSE_get_by_id(def_purpose);
2065 if (idx == -1) {
2066 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
2067 X509_R_UNKNOWN_PURPOSE_ID);
2068 return 0;
2069 }
2070 ptmp = X509_PURPOSE_get0(idx);
2071 }
2072 /* If trust not set then get from purpose default */
2073 if (!trust)
2074 trust = ptmp->trust;
2075 }
2076 if (trust) {
2077 idx = X509_TRUST_get_by_id(trust);
2078 if (idx == -1) {
2079 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
2080 X509_R_UNKNOWN_TRUST_ID);
2081 return 0;
2082 }
2083 }
2084
2085 if (purpose && !ctx->param->purpose)
2086 ctx->param->purpose = purpose;
2087 if (trust && !ctx->param->trust)
2088 ctx->param->trust = trust;
2089 return 1;
51630a37
DSH		 2090}
2091
2f043896
DSH		 2092X509_STORE_CTX *X509_STORE_CTX_new(void)
2093{
10621efd
MC		 2094 X509_STORE_CTX *ctx;
2095 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2096 if (!ctx) {
2097 X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
2098 return NULL;
2099 }
2100 memset(ctx, 0, sizeof(X509_STORE_CTX));
2101 return ctx;
2f043896
DSH		 2102}
2103
2104void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2105{
76b49a8a
RS		 2106 if (!ctx)
2107 return;
10621efd
MC		 2108 X509_STORE_CTX_cleanup(ctx);
2109 OPENSSL_free(ctx);
2f043896
DSH		 2110}
2111
79aa04ef 2112int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
10621efd
MC		 2113 STACK_OF(X509) *chain)
2114{
2115 int ret = 1;
2116 ctx->ctx = store;
2117 ctx->current_method = 0;
2118 ctx->cert = x509;
2119 ctx->untrusted = chain;
2120 ctx->crls = NULL;
2121 ctx->last_untrusted = 0;
2122 ctx->other_ctx = NULL;
2123 ctx->valid = 0;
2124 ctx->chain = NULL;
2125 ctx->error = 0;
2126 ctx->explicit_policy = 0;
2127 ctx->error_depth = 0;
2128 ctx->current_cert = NULL;
2129 ctx->current_issuer = NULL;
2130 ctx->current_crl = NULL;
2131 ctx->current_crl_score = 0;
2132 ctx->current_reasons = 0;
2133 ctx->tree = NULL;
2134 ctx->parent = NULL;
737d57d0
VD		 2135 /* Zero ex_data to make sure we're cleanup-safe */
2136 memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
10621efd
MC		 2137
2138 ctx->param = X509_VERIFY_PARAM_new();
10621efd
MC		 2139 if (!ctx->param) {
2140 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
2141 return 0;
2142 }
2143
2144 /*
2145 * Inherit callbacks and flags from X509_STORE if not set use defaults.
2146 */
10621efd
MC		 2147 if (store)
2148 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2149 else
2150 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
2151
2152 if (store) {
2153 ctx->verify_cb = store->verify_cb;
737d57d0 2154 /* Seems to always be 0 in OpenSSL, else must be idempotent */
10621efd
MC		 2155 ctx->cleanup = store->cleanup;
2156 } else
2157 ctx->cleanup = 0;
2158
2159 if (ret)
2160 ret = X509_VERIFY_PARAM_inherit(ctx->param,
2161 X509_VERIFY_PARAM_lookup("default"));
2162
2163 if (ret == 0) {
2164 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
737d57d0 2165 goto err;
10621efd
MC		 2166 }
2167
2168 if (store && store->check_issued)
2169 ctx->check_issued = store->check_issued;
2170 else
2171 ctx->check_issued = check_issued;
2172
2173 if (store && store->get_issuer)
2174 ctx->get_issuer = store->get_issuer;
2175 else
2176 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2177
2178 if (store && store->verify_cb)
2179 ctx->verify_cb = store->verify_cb;
2180 else
2181 ctx->verify_cb = null_callback;
2182
2183 if (store && store->verify)
2184 ctx->verify = store->verify;
2185 else
2186 ctx->verify = internal_verify;
2187
2188 if (store && store->check_revocation)
2189 ctx->check_revocation = store->check_revocation;
2190 else
2191 ctx->check_revocation = check_revocation;
2192
2193 if (store && store->get_crl)
2194 ctx->get_crl = store->get_crl;
2195 else
2196 ctx->get_crl = NULL;
2197
2198 if (store && store->check_crl)
2199 ctx->check_crl = store->check_crl;
2200 else
2201 ctx->check_crl = check_crl;
2202
2203 if (store && store->cert_crl)
2204 ctx->cert_crl = store->cert_crl;
2205 else
2206 ctx->cert_crl = cert_crl;
2207
2208 if (store && store->lookup_certs)
2209 ctx->lookup_certs = store->lookup_certs;
2210 else
2211 ctx->lookup_certs = X509_STORE_get1_certs;
2212
2213 if (store && store->lookup_crls)
2214 ctx->lookup_crls = store->lookup_crls;
2215 else
2216 ctx->lookup_crls = X509_STORE_get1_crls;
2217
2218 ctx->check_policy = check_policy;
2219
737d57d0
VD		 2220 if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
2221 &ctx->ex_data))
2222 return 1;
2223 X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
2224
2225 err:
10621efd 2226 /*
737d57d0
VD		 2227 * On error clean up allocated storage, if the store context was not
2228 * allocated with X509_STORE_CTX_new() this is our last chance to do so.
10621efd 2229 */
737d57d0
VD		 2230 X509_STORE_CTX_cleanup(ctx);
2231 return 0;
10621efd
MC		 2232}
2233
2234/*
2235 * Set alternative lookup method: just a STACK of trusted certificates. This
2236 * avoids X509_STORE nastiness where it isn't needed.
2f043896
DSH		 2237 */
2238
2239void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2240{
10621efd
MC		 2241 ctx->other_ctx = sk;
2242 ctx->get_issuer = get_issuer_sk;
2f043896
DSH		 2243}
2244
2245void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
10621efd 2246{
737d57d0
VD		 2247 /*
2248 * We need to be idempotent because, unfortunately, free() also calls
2249 * cleanup(), so the natural call sequence new(), init(), cleanup(), free()
2250 * calls cleanup() for the same object twice! Thus we must zero the
2251 * pointers below after they're freed!
2252 */
2253 /* Seems to always be 0 in OpenSSL, do this at most once. */
2254 if (ctx->cleanup != NULL) {
10621efd 2255 ctx->cleanup(ctx);
737d57d0
VD		 2256 ctx->cleanup = NULL;
2257 }
10621efd
MC		 2258 if (ctx->param != NULL) {
2259 if (ctx->parent == NULL)
2260 X509_VERIFY_PARAM_free(ctx->param);
2261 ctx->param = NULL;
2262 }
2263 if (ctx->tree != NULL) {
2264 X509_policy_tree_free(ctx->tree);
2265 ctx->tree = NULL;
2266 }
2267 if (ctx->chain != NULL) {
2268 sk_X509_pop_free(ctx->chain, X509_free);
2269 ctx->chain = NULL;
2270 }
2271 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
2272 memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2273}
13938ace 2274
5d7c222d 2275void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
10621efd
MC		 2276{
2277 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2278}
bbb72003 2279
5d7c222d 2280void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
10621efd
MC		 2281{
2282 X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2283}
5d7c222d 2284
10621efd
MC		 2285void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2286 time_t t)
2287{
2288 X509_VERIFY_PARAM_set_time(ctx->param, t);
2289}
bbb72003 2290
db089ad6 2291void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
10621efd
MC		 2292 int (*verify_cb) (int, X509_STORE_CTX *))
2293{
2294 ctx->verify_cb = verify_cb;
2295}
db089ad6 2296
5d7c222d 2297X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
10621efd
MC		 2298{
2299 return ctx->tree;
2300}
5d7c222d
DSH		 2301
2302int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
10621efd
MC		 2303{
2304 return ctx->explicit_policy;
2305}
5d7c222d
DSH		 2306
2307int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
10621efd
MC		 2308{
2309 const X509_VERIFY_PARAM *param;
2310 param = X509_VERIFY_PARAM_lookup(name);
2311 if (!param)
2312 return 0;
2313 return X509_VERIFY_PARAM_inherit(ctx->param, param);
2314}
5d7c222d
DSH		 2315
2316X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
10621efd
MC		 2317{
2318 return ctx->param;
2319}
5d7c222d
DSH		 2320
2321void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
10621efd
MC		 2322{
2323 if (ctx->param)
2324 X509_VERIFY_PARAM_free(ctx->param);
2325 ctx->param = param;
2326}
5d7c222d 2327
f73e07cf 2328IMPLEMENT_STACK_OF(X509)
10621efd 2329
f73e07cf 2330IMPLEMENT_ASN1_SET_OF(X509)
d500de16 2331
f73e07cf 2332IMPLEMENT_STACK_OF(X509_NAME)
d500de16 2333
f5fedc04 2334IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
10621efd 2335
d500de16 2336IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
A mirror of the official openssl repository