x509_vfy.c source code [engine/third_party/boringssl/src/crypto/x509/x509_vfy.c]

1	/ Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)*
2	* All rights reserved.
3	*
4	* This package is an SSL implementation written
5	* by Eric Young (eay@cryptsoft.com).
6	* The implementation was written so as to conform with Netscapes SSL.
7	*
8	* This library is free for commercial and non-commercial use as long as
9	* the following conditions are aheared to. The following conditions
10	* apply to all code found in this distribution, be it the RC4, RSA,
11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
12	* included with this distribution is covered by the same copyright terms
13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
14	*
15	* Copyright remains Eric Young's, and as such any Copyright notices in
16	* the code are not to be removed.
17	* If this package is used in a product, Eric Young should be given attribution
18	* as the author of the parts of the library used.
19	* This can be in the form of a textual message at program startup or
20	* in documentation (online or textual) provided with the package.
21	*
22	* Redistribution and use in source and binary forms, with or without
23	* modification, are permitted provided that the following conditions
24	* are met:
25	* 1. Redistributions of source code must retain the copyright
26	* notice, this list of conditions and the following disclaimer.
27	* 2. Redistributions in binary form must reproduce the above copyright
28	* notice, this list of conditions and the following disclaimer in the
29	* documentation and/or other materials provided with the distribution.
30	* 3. All advertising materials mentioning features or use of this software
31	* must display the following acknowledgement:
32	* "This product includes cryptographic software written by
33	* Eric Young (eay@cryptsoft.com)"
34	* The word 'cryptographic' can be left out if the rouines from the library
35	* being used are not cryptographic related :-).
36	* 4. If you include any Windows specific code (or a derivative thereof) from
37	* the apps directory (application code) you must include an acknowledgement:
38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50	* SUCH DAMAGE.
51	*
52	* The licence and distribution terms for any publically available version or
53	* derivative of this code cannot be changed. i.e. this code cannot simply be
54	* copied and put under another distribution licence
55	* [including the GNU Public Licence.] */
56
57	#include <ctype.h>
58	#include <string.h>
59	#include <time.h>
60
61	#include <openssl/asn1.h>
62	#include <openssl/buf.h>
63	#include <openssl/err.h>
64	#include <openssl/evp.h>
65	#include <openssl/mem.h>
66	#include <openssl/obj.h>
67	#include <openssl/thread.h>
68	#include <openssl/x509.h>
69	#include <openssl/x509v3.h>
70
71	#include "vpm_int.h"
72	#include "../internal.h"
73	#include "../x509v3/internal.h"
74
75	static CRYPTO_EX_DATA_CLASS g_ex_data_class =
76	CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
77
78	/ CRL score values /
79
80	/ No unhandled critical extensions /
81
82	#define CRL_SCORE_NOCRITICAL 0x100
83
84	/ certificate is within CRL scope /
85
86	#define CRL_SCORE_SCOPE 0x080
87
88	/ CRL times valid /
89
90	#define CRL_SCORE_TIME 0x040
91
92	/ Issuer name matches certificate /
93
94	#define CRL_SCORE_ISSUER_NAME 0x020
95
96	/ If this score or above CRL is probably valid /
97
98	#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL\|CRL_SCORE_TIME\|CRL_SCORE_SCOPE)
99
100	/ CRL issuer is certificate issuer /
101
102	#define CRL_SCORE_ISSUER_CERT 0x018
103
104	/ CRL issuer is on certificate path /
105
106	#define CRL_SCORE_SAME_PATH 0x008
107
108	/ CRL issuer matches CRL AKID /
109
110	#define CRL_SCORE_AKID 0x004
111
112	/ Have a delta CRL with valid times /
113
114	#define CRL_SCORE_TIME_DELTA 0x002
115
116	static int null_callback(int ok, X509_STORE_CTX *e);
117	static int check_issued(X509_STORE_CTX ctx, X509 x, X509 *issuer);
118	static X509 find_issuer(X509_STORE_CTX ctx, STACK_OF(X509) sk, X509 x);
119	static int check_chain_extensions(X509_STORE_CTX *ctx);
120	static int check_name_constraints(X509_STORE_CTX *ctx);
121	static int check_id(X509_STORE_CTX *ctx);
122	static int check_trust(X509_STORE_CTX *ctx);
123	static int check_revocation(X509_STORE_CTX *ctx);
124	static int check_cert(X509_STORE_CTX *ctx);
125	static int check_policy(X509_STORE_CTX *ctx);
126
127	static int get_crl_score(X509_STORE_CTX ctx, X509 *pissuer,
128	unsigned int preasons, X509_CRL crl, X509 *x);
129	static int get_crl_delta(X509_STORE_CTX *ctx,
130	X509_CRL pcrl, X509_CRL pdcrl, X509 *x);
131	static void get_delta_sk(X509_STORE_CTX ctx, X509_CRL *dcrl,
132	int pcrl_score, X509_CRL base,
133	STACK_OF(X509_CRL) *crls);
134	static void crl_akid_check(X509_STORE_CTX ctx, X509_CRL crl, X509 **pissuer,
135	int *pcrl_score);
136	static int crl_crldp_check(X509 x, X509_CRL crl, int crl_score,
137	unsigned int *preasons);
138	static int check_crl_path(X509_STORE_CTX ctx, X509 x);
139	static int check_crl_chain(X509_STORE_CTX *ctx,
140	STACK_OF(X509) *cert_path,
141	STACK_OF(X509) *crl_path);
142
143	static int internal_verify(X509_STORE_CTX *ctx);
144
145	static int null_callback(int ok, X509_STORE_CTX *e)
146	{
147	return ok;
148	}
149
150	/ Return 1 is a certificate is self signed /
151	static int cert_self_signed(X509 *x)
152	{
153	X509_check_purpose(x, -`1`, `0`);
154	if (x->ex_flags & EXFLAG_SS)
155	return `1`;
156	else
157	return `0`;
158	}
159
160	/ Given a certificate try and find an exact match in the store /
161
162	static X509 lookup_cert_match(X509_STORE_CTX ctx, X509 *x)
163	{
164	STACK_OF(X509) *certs;
165	X509 *xtmp = NULL;
166	size_t i;
167	/ Lookup all certs with matching subject name /
168	certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
169	if (certs == NULL)
170	return NULL;
171	/ Look for exact match /
172	for (i = `0`; i < sk_X509_num(certs); i++) {
173	xtmp = sk_X509_value(certs, i);
174	if (!X509_cmp(xtmp, x))
175	break;
176	}
177	if (i < sk_X509_num(certs))
178	X509_up_ref(xtmp);
179	else
180	xtmp = NULL;
181	sk_X509_pop_free(certs, X509_free);
182	return xtmp;
183	}
184
185	int X509_verify_cert(X509_STORE_CTX *ctx)
186	{
187	X509 x, xtmp, xtmp2, chain_ss = NULL;
188	int bad_chain = `0`;
189	X509_VERIFY_PARAM *param = ctx->param;
190	int depth, i, ok = `0`;
191	int num, j, retry, trust;
192	int (cb) (int* xok, X509_STORE_CTX *xctx);
193	STACK_OF(X509) *sktmp = NULL;
194	if (ctx->cert == NULL) {
195	OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
196	ctx->error = X509_V_ERR_INVALID_CALL;
197	return -`1`;
198	}
199	if (ctx->chain != NULL) {
200	/*
201	* This X509_STORE_CTX has already been used to verify a cert. We
202	* cannot do another one.
203	*/
204	OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
205	ctx->error = X509_V_ERR_INVALID_CALL;
206	return -`1`;
207	}
208
209	cb = ctx->verify_cb;
210
211	/*
212	* first we make sure the chain we are going to build is present and that
213	* the first entry is in place
214	*/
215	ctx->chain = sk_X509_new_null();
216	if (ctx->chain == NULL \|\| !sk_X509_push(ctx->chain, ctx->cert)) {
217	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
218	ctx->error = X509_V_ERR_OUT_OF_MEM;
219	goto end;
220	}
221	X509_up_ref(ctx->cert);
222	ctx->last_untrusted = `1`;
223
224	/ We use a temporary STACK so we can chop and hack at it.*
225	* sktmp = ctx->untrusted ++ ctx->ctx->additional_untrusted */
226	if (ctx->untrusted != NULL
227	&& (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
228	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
229	ctx->error = X509_V_ERR_OUT_OF_MEM;
230	goto end;
231	}
232
233	if (ctx->ctx->additional_untrusted != NULL) {
234	if (sktmp == NULL) {
235	sktmp = sk_X509_new_null();
236	if (sktmp == NULL) {
237	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
238	ctx->error = X509_V_ERR_OUT_OF_MEM;
239	goto end;
240	}
241	}
242
243	for (size_t k = `0`; k < sk_X509_num(ctx->ctx->additional_untrusted);
244	k++) {
245	if (!sk_X509_push(sktmp,
246	sk_X509_value(ctx->ctx->additional_untrusted,
247	k))) {
248	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
249	ctx->error = X509_V_ERR_OUT_OF_MEM;
250	goto end;
251	}
252	}
253	}
254
255	num = sk_X509_num(ctx->chain);
256	x = sk_X509_value(ctx->chain, num - `1`);
257	depth = param->depth;
258
259	for (;;) {
260	/ If we have enough, we break /
261	if (depth < num)
262	break; / FIXME: If this happens, we should take*
263	* note of it and, if appropriate, use the
264	* X509_V_ERR_CERT_CHAIN_TOO_LONG error code
265	* later. */
266
267	/ If we are self signed, we break /
268	if (cert_self_signed(x))
269	break;
270	/*
271	* If asked see if we can find issuer in trusted store first
272	*/
273	if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
274	ok = ctx->get_issuer(&xtmp, ctx, x);
275	if (ok < `0`) {
276	ctx->error = X509_V_ERR_STORE_LOOKUP;
277	goto end;
278	}
279	/*
280	* If successful for now free up cert so it will be picked up
281	* again later.
282	*/
283	if (ok > `0`) {
284	X509_free(xtmp);
285	break;
286	}
287	}
288
289	/ If we were passed a cert chain, use it first /
290	if (sktmp != NULL) {
291	xtmp = find_issuer(ctx, sktmp, x);
292	if (xtmp != NULL) {
293	if (!sk_X509_push(ctx->chain, xtmp)) {
294	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
295	ctx->error = X509_V_ERR_OUT_OF_MEM;
296	ok = `0`;
297	goto end;
298	}
299	X509_up_ref(xtmp);
300	(void)sk_X509_delete_ptr(sktmp, xtmp);
301	ctx->last_untrusted++;
302	x = xtmp;
303	num++;
304	/*
305	* reparse the full chain for the next one
306	*/
307	continue;
308	}
309	}
310	break;
311	}
312
313	/ Remember how many untrusted certs we have /
314	j = num;
315	/*
316	* at this point, chain should contain a list of untrusted certificates.
317	* We now need to add at least one trusted one, if possible, otherwise we
318	* complain.
319	*/
320
321	do {
322	/*
323	* Examine last certificate in chain and see if it is self signed.
324	*/
325	i = sk_X509_num(ctx->chain);
326	x = sk_X509_value(ctx->chain, i - `1`);
327	if (cert_self_signed(x)) {
328	/ we have a self signed certificate /
329	if (sk_X509_num(ctx->chain) == `1`) {
330	/*
331	* We have a single self signed certificate: see if we can
332	* find it in the store. We must have an exact match to avoid
333	* possible impersonation.
334	*/
335	ok = ctx->get_issuer(&xtmp, ctx, x);
336	if ((ok <= `0`) \|\| X509_cmp(x, xtmp)) {
337	ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
338	ctx->current_cert = x;
339	ctx->error_depth = i - `1`;
340	if (ok == `1`)
341	X509_free(xtmp);
342	bad_chain = `1`;
343	ok = cb(`0`, ctx);
344	if (!ok)
345	goto end;
346	} else {
347	/*
348	* We have a match: replace certificate with store
349	* version so we get any trust settings.
350	*/
351	X509_free(x);
352	x = xtmp;
353	(void)sk_X509_set(ctx->chain, i - `1`, x);
354	ctx->last_untrusted = `0`;
355	}
356	} else {
357	/*
358	* extract and save self signed certificate for later use
359	*/
360	chain_ss = sk_X509_pop(ctx->chain);
361	ctx->last_untrusted--;
362	num--;
363	j--;
364	x = sk_X509_value(ctx->chain, num - `1`);
365	}
366	}
367	/ We now lookup certs from the certificate store /
368	for (;;) {
369	/ If we have enough, we break /
370	if (depth < num)
371	break;
372	/ If we are self signed, we break /
373	if (cert_self_signed(x))
374	break;
375	ok = ctx->get_issuer(&xtmp, ctx, x);
376
377	if (ok < `0`) {
378	ctx->error = X509_V_ERR_STORE_LOOKUP;
379	goto end;
380	}
381	if (ok == `0`)
382	break;
383	x = xtmp;
384	if (!sk_X509_push(ctx->chain, x)) {
385	X509_free(xtmp);
386	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
387	ctx->error = X509_V_ERR_OUT_OF_MEM;
388	ok = `0`;
389	goto end;
390	}
391	num++;
392	}
393
394	/ we now have our chain, lets check it... /
395	trust = check_trust(ctx);
396
397	/ If explicitly rejected error /
398	if (trust == X509_TRUST_REJECTED) {
399	ok = `0`;
400	goto end;
401	}
402	/*
403	* If it's not explicitly trusted then check if there is an alternative
404	* chain that could be used. We only do this if we haven't already
405	* checked via TRUSTED_FIRST and the user hasn't switched off alternate
406	* chain checking
407	*/
408	retry = `0`;
409	if (trust != X509_TRUST_TRUSTED
410	&& !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
411	&& !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
412	while (j-- > `1`) {
413	xtmp2 = sk_X509_value(ctx->chain, j - `1`);
414	ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
415	if (ok < `0`)
416	goto end;
417	/ Check if we found an alternate chain /
418	if (ok > `0`) {
419	/*
420	* Free up the found cert we'll add it again later
421	*/
422	X509_free(xtmp);
423
424	/*
425	* Dump all the certs above this point - we've found an
426	* alternate chain
427	*/
428	while (num > j) {
429	xtmp = sk_X509_pop(ctx->chain);
430	X509_free(xtmp);
431	num--;
432	}
433	ctx->last_untrusted = sk_X509_num(ctx->chain);
434	retry = `1`;
435	break;
436	}
437	}
438	}
439	} while (retry);
440
441	/*
442	* If not explicitly trusted then indicate error unless it's a single
443	* self signed certificate in which case we've indicated an error already
444	* and set bad_chain == 1
445	*/
446	if (trust != X509_TRUST_TRUSTED && !bad_chain) {
447	if ((chain_ss == NULL) \|\| !ctx->check_issued(ctx, x, chain_ss)) {
448	if (ctx->last_untrusted >= num)
449	ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
450	else
451	ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
452	ctx->current_cert = x;
453	} else {
454
455	sk_X509_push(ctx->chain, chain_ss);
456	num++;
457	ctx->last_untrusted = num;
458	ctx->current_cert = chain_ss;
459	ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
460	chain_ss = NULL;
461	}
462
463	ctx->error_depth = num - `1`;
464	bad_chain = `1`;
465	ok = cb(`0`, ctx);
466	if (!ok)
467	goto end;
468	}
469
470	/ We have the chain complete: now we need to check its purpose /
471	ok = check_chain_extensions(ctx);
472
473	if (!ok)
474	goto end;
475
476	ok = check_id(ctx);
477
478	if (!ok)
479	goto end;
480
481	/*
482	* Check revocation status: we do this after copying parameters because
483	* they may be needed for CRL signature verification.
484	*/
485
486	ok = ctx->check_revocation(ctx);
487	if (!ok)
488	goto end;
489
490	int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
491	ctx->param->flags);
492	if (err != X509_V_OK) {
493	ctx->error = err;
494	ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
495	ok = cb(`0`, ctx);
496	if (!ok)
497	goto end;
498	}
499
500	/ At this point, we have a chain and need to verify it /
501	if (ctx->verify != NULL)
502	ok = ctx->verify(ctx);
503	else
504	ok = internal_verify(ctx);
505	if (!ok)
506	goto end;
507
508	/ Check name constraints /
509
510	ok = check_name_constraints(ctx);
511	if (!ok)
512	goto end;
513
514	/ If we get this far evaluate policies /
515	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
516	ok = ctx->check_policy(ctx);
517
518	end:
519	if (sktmp != NULL)
520	sk_X509_free(sktmp);
521	if (chain_ss != NULL)
522	X509_free(chain_ss);
523
524	/ Safety net, error returns must set ctx->error /
525	if (ok <= `0` && ctx->error == X509_V_OK)
526	ctx->error = X509_V_ERR_UNSPECIFIED;
527	return ok;
528	}
529
530	/*
531	* Given a STACK_OF(X509) find the issuer of cert (if any)
532	*/
533
534	static X509 find_issuer(X509_STORE_CTX ctx, STACK_OF(X509) sk, X509 x)
535	{
536	size_t i;
537	X509 *issuer;
538	for (i = `0`; i < sk_X509_num(sk); i++) {
539	issuer = sk_X509_value(sk, i);
540	if (ctx->check_issued(ctx, x, issuer))
541	return issuer;
542	}
543	return NULL;
544	}
545
546	/ Given a possible certificate and issuer check them /
547
548	static int check_issued(X509_STORE_CTX ctx, X509 x, X509 *issuer)
549	{
550	int ret;
551	ret = X509_check_issued(issuer, x);
552	if (ret == X509_V_OK)
553	return `1`;
554	/ If we haven't asked for issuer errors don't set ctx /
555	if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
556	return `0`;
557
558	ctx->error = ret;
559	ctx->current_cert = x;
560	ctx->current_issuer = issuer;
561	return ctx->verify_cb(`0`, ctx);
562	}
563
564	/ Alternative lookup method: look from a STACK stored in other_ctx /
565
566	static int get_issuer_sk(X509 *issuer, X509_STORE_CTX ctx, X509 *x)
567	{
568	*issuer = find_issuer(ctx, ctx->other_ctx, x);
569	if (*issuer) {
570	X509_up_ref(*issuer);
571	return `1`;
572	} else
573	return `0`;
574	}
575
576	/*
577	* Check a certificate chains extensions for consistency with the supplied
578	* purpose
579	*/
580
581	static int check_chain_extensions(X509_STORE_CTX *ctx)
582	{
583	int i, ok = `0`, plen = `0`;
584	X509 *x;
585	int (cb) (int* xok, X509_STORE_CTX *xctx);
586	int proxy_path_length = `0`;
587	int purpose;
588	int allow_proxy_certs;
589	cb = ctx->verify_cb;
590
591	enum {
592	// ca_or_leaf allows either type of certificate so that direct use of
593	// self-signed certificates works.
594	ca_or_leaf,
595	must_be_ca,
596	must_not_be_ca,
597	} ca_requirement;
598
599	/ CRL path validation /
600	if (ctx->parent) {
601	allow_proxy_certs = `0`;
602	purpose = X509_PURPOSE_CRL_SIGN;
603	} else {
604	allow_proxy_certs =
605	! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
606	purpose = ctx->param->purpose;
607	}
608
609	ca_requirement = ca_or_leaf;
610
611	/ Check all untrusted certificates /
612	for (i = `0`; i < ctx->last_untrusted; i++) {
613	int ret;
614	x = sk_X509_value(ctx->chain, i);
615	if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
616	&& (x->ex_flags & EXFLAG_CRITICAL)) {
617	ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
618	ctx->error_depth = i;
619	ctx->current_cert = x;
620	ok = cb(`0`, ctx);
621	if (!ok)
622	goto end;
623	}
624	if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
625	ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
626	ctx->error_depth = i;
627	ctx->current_cert = x;
628	ok = cb(`0`, ctx);
629	if (!ok)
630	goto end;
631	}
632
633	switch (ca_requirement) {
634	case ca_or_leaf:
635	ret = `1`;
636	break;
637	case must_not_be_ca:
638	if (X509_check_ca(x)) {
639	ret = `0`;
640	ctx->error = X509_V_ERR_INVALID_NON_CA;
641	} else
642	ret = `1`;
643	break;
644	case must_be_ca:
645	if (!X509_check_ca(x)) {
646	ret = `0`;
647	ctx->error = X509_V_ERR_INVALID_CA;
648	} else
649	ret = `1`;
650	break;
651	default:
652	// impossible.
653	ret = `0`;
654	}
655
656	if (ret == `0`) {
657	ctx->error_depth = i;
658	ctx->current_cert = x;
659	ok = cb(`0`, ctx);
660	if (!ok)
661	goto end;
662	}
663	if (ctx->param->purpose > `0`) {
664	ret = X509_check_purpose(x, purpose, ca_requirement == must_be_ca);
665	if (ret != `1`) {
666	ret = `0`;
667	ctx->error = X509_V_ERR_INVALID_PURPOSE;
668	ctx->error_depth = i;
669	ctx->current_cert = x;
670	ok = cb(`0`, ctx);
671	if (!ok)
672	goto end;
673	}
674	}
675	/ Check pathlen if not self issued /
676	if ((i > `1`) && !(x->ex_flags & EXFLAG_SI)
677	&& (x->ex_pathlen != -`1`)
678	&& (plen > (x->ex_pathlen + proxy_path_length + `1`))) {
679	ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
680	ctx->error_depth = i;
681	ctx->current_cert = x;
682	ok = cb(`0`, ctx);
683	if (!ok)
684	goto end;
685	}
686	/ Increment path length if not self issued /
687	if (!(x->ex_flags & EXFLAG_SI))
688	plen++;
689	/*
690	* If this certificate is a proxy certificate, the next certificate
691	* must be another proxy certificate or a EE certificate. If not,
692	* the next certificate must be a CA certificate.
693	*/
694	if (x->ex_flags & EXFLAG_PROXY) {
695	if (x->ex_pcpathlen != -`1` && i > x->ex_pcpathlen) {
696	ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
697	ctx->error_depth = i;
698	ctx->current_cert = x;
699	ok = cb(`0`, ctx);
700	if (!ok)
701	goto end;
702	}
703	proxy_path_length++;
704	ca_requirement = must_not_be_ca;
705	} else {
706	ca_requirement = must_be_ca;
707	}
708	}
709	ok = `1`;
710	end:
711	return ok;
712	}
713
714	static int reject_dns_name_in_common_name(X509 *x509)
715	{
716	X509_NAME *name = X509_get_subject_name(x509);
717	int i = -`1`;
718	for (;;) {
719	i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
720	if (i == -`1`) {
721	return X509_V_OK;
722	}
723
724	X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
725	ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
726	unsigned char *idval;
727	int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
728	if (idlen < `0`) {
729	return X509_V_ERR_OUT_OF_MEM;
730	}
731	/ Only process attributes that look like host names. Note it is*
732	* important that this check be mirrored in \|X509_check_host\|. */
733	int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
734	OPENSSL_free(idval);
735	if (looks_like_dns) {
736	return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
737	}
738	}
739	}
740
741	static int check_name_constraints(X509_STORE_CTX *ctx)
742	{
743	int i, j, rv;
744	int has_name_constraints = `0`;
745	/ Check name constraints for all certificates /
746	for (i = sk_X509_num(ctx->chain) - `1`; i >= `0`; i--) {
747	X509 *x = sk_X509_value(ctx->chain, i);
748	/ Ignore self issued certs unless last in chain /
749	if (i && (x->ex_flags & EXFLAG_SI))
750	continue;
751	/*
752	* Check against constraints for all certificates higher in chain
753	* including trust anchor. Trust anchor not strictly speaking needed
754	* but if it includes constraints it is to be assumed it expects them
755	* to be obeyed.
756	*/
757	for (j = sk_X509_num(ctx->chain) - `1`; j > i; j--) {
758	NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
759	if (nc) {
760	has_name_constraints = `1`;
761	rv = NAME_CONSTRAINTS_check(x, nc);
762	switch (rv) {
763	case X509_V_OK:
764	continue;
765	case X509_V_ERR_OUT_OF_MEM:
766	ctx->error = rv;
767	return `0`;
768	default:
769	ctx->error = rv;
770	ctx->error_depth = i;
771	ctx->current_cert = x;
772	if (!ctx->verify_cb(`0`, ctx))
773	return `0`;
774	break;
775	}
776	}
777	}
778	}
779
780	/ Name constraints do not match against the common name, but*
781	* \|X509_check_host\| still implements the legacy behavior where, on
782	* certificates lacking a SAN list, DNS-like names in the common name are
783	* checked instead.
784	*
785	* While we could apply the name constraints to the common name, name
786	* constraints are rare enough that can hold such certificates to a higher
787	* standard. Note this does not make "DNS-like" heuristic failures any
788	* worse. A decorative common-name misidentified as a DNS name would fail
789	* the name constraint anyway. */
790	X509 *leaf = sk_X509_value(ctx->chain, `0`);
791	if (has_name_constraints && leaf->altname == NULL) {
792	rv = reject_dns_name_in_common_name(leaf);
793	switch (rv) {
794	case X509_V_OK:
795	break;
796	case X509_V_ERR_OUT_OF_MEM:
797	ctx->error = rv;
798	return `0`;
799	default:
800	ctx->error = rv;
801	ctx->error_depth = i;
802	ctx->current_cert = leaf;
803	if (!ctx->verify_cb(`0`, ctx))
804	return `0`;
805	break;
806	}
807	}
808
809	return `1`;
810	}
811
812	static int check_id_error(X509_STORE_CTX ctx, int* errcode)
813	{
814	ctx->error = errcode;
815	ctx->current_cert = ctx->cert;
816	ctx->error_depth = `0`;
817	return ctx->verify_cb(`0`, ctx);
818	}
819
820	static int check_hosts(X509 x, X509_VERIFY_PARAM_ID id)
821	{
822	size_t i;
823	size_t n = sk_OPENSSL_STRING_num(id->hosts);
824	char *name;
825
826	if (id->peername != NULL) {
827	OPENSSL_free(id->peername);
828	id->peername = NULL;
829	}
830	for (i = `0`; i < n; ++i) {
831	name = sk_OPENSSL_STRING_value(id->hosts, i);
832	if (X509_check_host(x, name, strlen(name), id->hostflags,
833	&id->peername) > `0`)
834	return `1`;
835	}
836	return n == `0`;
837	}
838
839	static int check_id(X509_STORE_CTX *ctx)
840	{
841	X509_VERIFY_PARAM *vpm = ctx->param;
842	X509_VERIFY_PARAM_ID *id = vpm->id;
843	X509 *x = ctx->cert;
844	if (id->poison) {
845	if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
846	return `0`;
847	}
848	if (id->hosts && check_hosts(x, id) <= `0`) {
849	if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
850	return `0`;
851	}
852	if (id->email && X509_check_email(x, id->email, id->emaillen, `0`) <= `0`) {
853	if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
854	return `0`;
855	}
856	if (id->ip && X509_check_ip(x, id->ip, id->iplen, `0`) <= `0`) {
857	if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
858	return `0`;
859	}
860	return `1`;
861	}
862
863	static int check_trust(X509_STORE_CTX *ctx)
864	{
865	size_t i;
866	int ok;
867	X509 *x = NULL;
868	int (cb) (int* xok, X509_STORE_CTX *xctx);
869	cb = ctx->verify_cb;
870	/ Check all trusted certificates in chain /
871	for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
872	x = sk_X509_value(ctx->chain, i);
873	ok = X509_check_trust(x, ctx->param->trust, `0`);
874	/ If explicitly trusted return trusted /
875	if (ok == X509_TRUST_TRUSTED)
876	return X509_TRUST_TRUSTED;
877	/*
878	* If explicitly rejected notify callback and reject if not
879	* overridden.
880	*/
881	if (ok == X509_TRUST_REJECTED) {
882	ctx->error_depth = i;
883	ctx->current_cert = x;
884	ctx->error = X509_V_ERR_CERT_REJECTED;
885	ok = cb(`0`, ctx);
886	if (!ok)
887	return X509_TRUST_REJECTED;
888	}
889	}
890	/*
891	* If we accept partial chains and have at least one trusted certificate
892	* return success.
893	*/
894	if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
895	X509 *mx;
896	if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
897	return X509_TRUST_TRUSTED;
898	x = sk_X509_value(ctx->chain, `0`);
899	mx = lookup_cert_match(ctx, x);
900	if (mx) {
901	(void)sk_X509_set(ctx->chain, `0`, mx);
902	X509_free(x);
903	ctx->last_untrusted = `0`;
904	return X509_TRUST_TRUSTED;
905	}
906	}
907
908	/*
909	* If no trusted certs in chain at all return untrusted and allow
910	* standard (no issuer cert) etc errors to be indicated.
911	*/
912	return X509_TRUST_UNTRUSTED;
913	}
914
915	static int check_revocation(X509_STORE_CTX *ctx)
916	{
917	int i, last, ok;
918	if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
919	return `1`;
920	if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
921	last = sk_X509_num(ctx->chain) - `1`;
922	else {
923	/ If checking CRL paths this isn't the EE certificate /
924	if (ctx->parent)
925	return `1`;
926	last = `0`;
927	}
928	for (i = `0`; i <= last; i++) {
929	ctx->error_depth = i;
930	ok = check_cert(ctx);
931	if (!ok)
932	return ok;
933	}
934	return `1`;
935	}
936
937	static int check_cert(X509_STORE_CTX *ctx)
938	{
939	X509_CRL crl = NULL, dcrl = NULL;
940	X509 *x;
941	int ok = `0`, cnum;
942	unsigned int last_reasons;
943	cnum = ctx->error_depth;
944	x = sk_X509_value(ctx->chain, cnum);
945	ctx->current_cert = x;
946	ctx->current_issuer = NULL;
947	ctx->current_crl_score = `0`;
948	ctx->current_reasons = `0`;
949	while (ctx->current_reasons != CRLDP_ALL_REASONS) {
950	last_reasons = ctx->current_reasons;
951	/ Try to retrieve relevant CRL /
952	if (ctx->get_crl)
953	ok = ctx->get_crl(ctx, &crl, x);
954	else
955	ok = get_crl_delta(ctx, &crl, &dcrl, x);
956	/*
957	* If error looking up CRL, nothing we can do except notify callback
958	*/
959	if (!ok) {
960	ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
961	ok = ctx->verify_cb(`0`, ctx);
962	goto err;
963	}
964	ctx->current_crl = crl;
965	ok = ctx->check_crl(ctx, crl);
966	if (!ok)
967	goto err;
968
969	if (dcrl) {
970	ok = ctx->check_crl(ctx, dcrl);
971	if (!ok)
972	goto err;
973	ok = ctx->cert_crl(ctx, dcrl, x);
974	if (!ok)
975	goto err;
976	} else
977	ok = `1`;
978
979	/ Don't look in full CRL if delta reason is removefromCRL /
980	if (ok != `2`) {
981	ok = ctx->cert_crl(ctx, crl, x);
982	if (!ok)
983	goto err;
984	}
985
986	X509_CRL_free(crl);
987	X509_CRL_free(dcrl);
988	crl = NULL;
989	dcrl = NULL;
990	/*
991	* If reasons not updated we wont get anywhere by another iteration,
992	* so exit loop.
993	*/
994	if (last_reasons == ctx->current_reasons) {
995	ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
996	ok = ctx->verify_cb(`0`, ctx);
997	goto err;
998	}
999	}
1000	err:
1001	X509_CRL_free(crl);
1002	X509_CRL_free(dcrl);
1003
1004	ctx->current_crl = NULL;
1005	return ok;
1006
1007	}
1008
1009	/ Check CRL times against values in X509_STORE_CTX /
1010
1011	static int check_crl_time(X509_STORE_CTX ctx, X509_CRL crl, int notify)
1012	{
1013	time_t *ptime;
1014	int i;
1015	if (notify)
1016	ctx->current_crl = crl;
1017	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1018	ptime = &ctx->param->check_time;
1019	else
1020	ptime = NULL;
1021
1022	i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
1023	if (i == `0`) {
1024	if (!notify)
1025	return `0`;
1026	ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
1027	if (!ctx->verify_cb(`0`, ctx))
1028	return `0`;
1029	}
1030
1031	if (i > `0`) {
1032	if (!notify)
1033	return `0`;
1034	ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
1035	if (!ctx->verify_cb(`0`, ctx))
1036	return `0`;
1037	}
1038
1039	if (X509_CRL_get_nextUpdate(crl)) {
1040	i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
1041
1042	if (i == `0`) {
1043	if (!notify)
1044	return `0`;
1045	ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
1046	if (!ctx->verify_cb(`0`, ctx))
1047	return `0`;
1048	}
1049	/ Ignore expiry of base CRL is delta is valid /
1050	if ((i < `0`) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
1051	if (!notify)
1052	return `0`;
1053	ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
1054	if (!ctx->verify_cb(`0`, ctx))
1055	return `0`;
1056	}
1057	}
1058
1059	if (notify)
1060	ctx->current_crl = NULL;
1061
1062	return `1`;
1063	}
1064
1065	static int get_crl_sk(X509_STORE_CTX ctx, X509_CRL pcrl, X509_CRL *pdcrl,
1066	X509 *pissuer, int* pscore, unsigned* int *preasons,
1067	STACK_OF(X509_CRL) *crls)
1068	{
1069	int crl_score, best_score = *pscore;
1070	size_t i;
1071	unsigned int reasons, best_reasons = `0`;
1072	X509 *x = ctx->current_cert;
1073	X509_CRL crl, best_crl = NULL;
1074	X509 crl_issuer = NULL, best_crl_issuer = NULL;
1075
1076	for (i = `0`; i < sk_X509_CRL_num(crls); i++) {
1077	crl = sk_X509_CRL_value(crls, i);
1078	reasons = *preasons;
1079	crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1080	if (crl_score < best_score \|\| crl_score == `0`)
1081	continue;
1082	/ If current CRL is equivalent use it if it is newer /
1083	if (crl_score == best_score && best_crl != NULL) {
1084	int day, sec;
1085	if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
1086	X509_CRL_get_lastUpdate(crl)) == `0`)
1087	continue;
1088	/*
1089	* ASN1_TIME_diff never returns inconsistent signs for \|day\|
1090	* and \|sec\|.
1091	*/
1092	if (day <= `0` && sec <= `0`)
1093	continue;
1094	}
1095	best_crl = crl;
1096	best_crl_issuer = crl_issuer;
1097	best_score = crl_score;
1098	best_reasons = reasons;
1099	}
1100
1101	if (best_crl) {
1102	if (*pcrl)
1103	X509_CRL_free(*pcrl);
1104	*pcrl = best_crl;
1105	*pissuer = best_crl_issuer;
1106	*pscore = best_score;
1107	*preasons = best_reasons;
1108	X509_CRL_up_ref(best_crl);
1109	if (*pdcrl) {
1110	X509_CRL_free(*pdcrl);
1111	*pdcrl = NULL;
1112	}
1113	get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1114	}
1115
1116	if (best_score >= CRL_SCORE_VALID)
1117	return `1`;
1118
1119	return `0`;
1120	}
1121
1122	/*
1123	* Compare two CRL extensions for delta checking purposes. They should be
1124	* both present or both absent. If both present all fields must be identical.
1125	*/
1126
1127	static int crl_extension_match(X509_CRL a, X509_CRL b, int nid)
1128	{
1129	ASN1_OCTET_STRING exta, extb;
1130	int i;
1131	i = X509_CRL_get_ext_by_NID(a, nid, -`1`);
1132	if (i >= `0`) {
1133	/ Can't have multiple occurrences /
1134	if (X509_CRL_get_ext_by_NID(a, nid, i) != -`1`)
1135	return `0`;
1136	exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1137	} else
1138	exta = NULL;
1139
1140	i = X509_CRL_get_ext_by_NID(b, nid, -`1`);
1141
1142	if (i >= `0`) {
1143
1144	if (X509_CRL_get_ext_by_NID(b, nid, i) != -`1`)
1145	return `0`;
1146	extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1147	} else
1148	extb = NULL;
1149
1150	if (!exta && !extb)
1151	return `1`;
1152
1153	if (!exta \|\| !extb)
1154	return `0`;
1155
1156	if (ASN1_OCTET_STRING_cmp(exta, extb))
1157	return `0`;
1158
1159	return `1`;
1160	}
1161
1162	/ See if a base and delta are compatible /
1163
1164	static int check_delta_base(X509_CRL delta, X509_CRL base)
1165	{
1166	/ Delta CRL must be a delta /
1167	if (!delta->base_crl_number)
1168	return `0`;
1169	/ Base must have a CRL number /
1170	if (!base->crl_number)
1171	return `0`;
1172	/ Issuer names must match /
1173	if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
1174	return `0`;
1175	/ AKID and IDP must match /
1176	if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1177	return `0`;
1178	if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1179	return `0`;
1180	/ Delta CRL base number must not exceed Full CRL number. /
1181	if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > `0`)
1182	return `0`;
1183	/ Delta CRL number must exceed full CRL number /
1184	if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > `0`)
1185	return `1`;
1186	return `0`;
1187	}
1188
1189	/*
1190	* For a given base CRL find a delta... maybe extend to delta scoring or
1191	* retrieve a chain of deltas...
1192	*/
1193
1194	static void get_delta_sk(X509_STORE_CTX ctx, X509_CRL dcrl, int* *pscore,
1195	X509_CRL base, STACK_OF(X509_CRL) crls)
1196	{
1197	X509_CRL *delta;
1198	size_t i;
1199	if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1200	return;
1201	if (!((ctx->current_cert->ex_flags \| base->flags) & EXFLAG_FRESHEST))
1202	return;
1203	for (i = `0`; i < sk_X509_CRL_num(crls); i++) {
1204	delta = sk_X509_CRL_value(crls, i);
1205	if (check_delta_base(delta, base)) {
1206	if (check_crl_time(ctx, delta, `0`))
1207	*pscore \|= CRL_SCORE_TIME_DELTA;
1208	X509_CRL_up_ref(delta);
1209	*dcrl = delta;
1210	return;
1211	}
1212	}
1213	*dcrl = NULL;
1214	}
1215
1216	/*
1217	* For a given CRL return how suitable it is for the supplied certificate
1218	* 'x'. The return value is a mask of several criteria. If the issuer is not
1219	* the certificate issuer this is returned in *pissuer. The reasons mask is
1220	* also used to determine if the CRL is suitable: if no new reasons the CRL
1221	* is rejected, otherwise reasons is updated.
1222	*/
1223
1224	static int get_crl_score(X509_STORE_CTX ctx, X509 *pissuer,
1225	unsigned int preasons, X509_CRL crl, X509 *x)
1226	{
1227
1228	int crl_score = `0`;
1229	unsigned int tmp_reasons = *preasons, crl_reasons;
1230
1231	/ First see if we can reject CRL straight away /
1232
1233	/ Invalid IDP cannot be processed /
1234	if (crl->idp_flags & IDP_INVALID)
1235	return `0`;
1236	/ Reason codes or indirect CRLs need extended CRL support /
1237	if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1238	if (crl->idp_flags & (IDP_INDIRECT \| IDP_REASONS))
1239	return `0`;
1240	} else if (crl->idp_flags & IDP_REASONS) {
1241	/ If no new reasons reject /
1242	if (!(crl->idp_reasons & ~tmp_reasons))
1243	return `0`;
1244	}
1245	/ Don't process deltas at this stage /
1246	else if (crl->base_crl_number)
1247	return `0`;
1248	/ If issuer name doesn't match certificate need indirect CRL /
1249	if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1250	if (!(crl->idp_flags & IDP_INDIRECT))
1251	return `0`;
1252	} else
1253	crl_score \|= CRL_SCORE_ISSUER_NAME;
1254
1255	if (!(crl->flags & EXFLAG_CRITICAL))
1256	crl_score \|= CRL_SCORE_NOCRITICAL;
1257
1258	/ Check expiry /
1259	if (check_crl_time(ctx, crl, `0`))
1260	crl_score \|= CRL_SCORE_TIME;
1261
1262	/ Check authority key ID and locate certificate issuer /
1263	crl_akid_check(ctx, crl, pissuer, &crl_score);
1264
1265	/ If we can't locate certificate issuer at this point forget it /
1266
1267	if (!(crl_score & CRL_SCORE_AKID))
1268	return `0`;
1269
1270	/ Check cert for matching CRL distribution points /
1271
1272	if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1273	/ If no new reasons reject /
1274	if (!(crl_reasons & ~tmp_reasons))
1275	return `0`;
1276	tmp_reasons \|= crl_reasons;
1277	crl_score \|= CRL_SCORE_SCOPE;
1278	}
1279
1280	*preasons = tmp_reasons;
1281
1282	return crl_score;
1283
1284	}
1285
1286	static void crl_akid_check(X509_STORE_CTX ctx, X509_CRL crl,
1287	X509 *pissuer, int* *pcrl_score)
1288	{
1289	X509 *crl_issuer = NULL;
1290	X509_NAME *cnm = X509_CRL_get_issuer(crl);
1291	int cidx = ctx->error_depth;
1292	size_t i;
1293
1294	if ((size_t)cidx != sk_X509_num(ctx->chain) - `1`)
1295	cidx++;
1296
1297	crl_issuer = sk_X509_value(ctx->chain, cidx);
1298
1299	if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1300	if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1301	*pcrl_score \|= CRL_SCORE_AKID \| CRL_SCORE_ISSUER_CERT;
1302	*pissuer = crl_issuer;
1303	return;
1304	}
1305	}
1306
1307	for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1308	crl_issuer = sk_X509_value(ctx->chain, cidx);
1309	if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1310	continue;
1311	if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1312	*pcrl_score \|= CRL_SCORE_AKID \| CRL_SCORE_SAME_PATH;
1313	*pissuer = crl_issuer;
1314	return;
1315	}
1316	}
1317
1318	/ Anything else needs extended CRL support /
1319
1320	if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1321	return;
1322
1323	/*
1324	* Otherwise the CRL issuer is not on the path. Look for it in the set of
1325	* untrusted certificates.
1326	*/
1327	for (i = `0`; i < sk_X509_num(ctx->untrusted); i++) {
1328	crl_issuer = sk_X509_value(ctx->untrusted, i);
1329	if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1330	continue;
1331	if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1332	*pissuer = crl_issuer;
1333	*pcrl_score \|= CRL_SCORE_AKID;
1334	return;
1335	}
1336	}
1337
1338	for (i = `0`; i < sk_X509_num(ctx->ctx->additional_untrusted); i++) {
1339	crl_issuer = sk_X509_value(ctx->ctx->additional_untrusted, i);
1340	if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1341	continue;
1342	if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1343	*pissuer = crl_issuer;
1344	*pcrl_score \|= CRL_SCORE_AKID;
1345	return;
1346	}
1347	}
1348	}
1349
1350	/*
1351	* Check the path of a CRL issuer certificate. This creates a new
1352	* X509_STORE_CTX and populates it with most of the parameters from the
1353	* parent. This could be optimised somewhat since a lot of path checking will
1354	* be duplicated by the parent, but this will rarely be used in practice.
1355	*/
1356
1357	static int check_crl_path(X509_STORE_CTX ctx, X509 x)
1358	{
1359	X509_STORE_CTX crl_ctx;
1360	int ret;
1361	/ Don't allow recursive CRL path validation /
1362	if (ctx->parent)
1363	return `0`;
1364	if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1365	return -`1`;
1366
1367	crl_ctx.crls = ctx->crls;
1368	/ Copy verify params across /
1369	X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1370
1371	crl_ctx.parent = ctx;
1372	crl_ctx.verify_cb = ctx->verify_cb;
1373
1374	/ Verify CRL issuer /
1375	ret = X509_verify_cert(&crl_ctx);
1376
1377	if (ret <= `0`)
1378	goto err;
1379
1380	/ Check chain is acceptable /
1381
1382	ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1383	err:
1384	X509_STORE_CTX_cleanup(&crl_ctx);
1385	return ret;
1386	}
1387
1388	/*
1389	* RFC3280 says nothing about the relationship between CRL path and
1390	* certificate path, which could lead to situations where a certificate could
1391	* be revoked or validated by a CA not authorised to do so. RFC5280 is more
1392	* strict and states that the two paths must end in the same trust anchor,
1393	* though some discussions remain... until this is resolved we use the
1394	* RFC5280 version
1395	*/
1396
1397	static int check_crl_chain(X509_STORE_CTX *ctx,
1398	STACK_OF(X509) *cert_path,
1399	STACK_OF(X509) *crl_path)
1400	{
1401	X509 cert_ta, crl_ta;
1402	cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - `1`);
1403	crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - `1`);
1404	if (!X509_cmp(cert_ta, crl_ta))
1405	return `1`;
1406	return `0`;
1407	}
1408
1409	/*
1410	* Check for match between two dist point names: three separate cases. 1.
1411	* Both are relative names and compare X509_NAME types. 2. One full, one
1412	* relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1413	* compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1414	*/
1415
1416	static int idp_check_dp(DIST_POINT_NAME a, DIST_POINT_NAME b)
1417	{
1418	X509_NAME *nm = NULL;
1419	GENERAL_NAMES *gens = NULL;
1420	GENERAL_NAME gena, genb;
1421	size_t i, j;
1422	if (!a \|\| !b)
1423	return `1`;
1424	if (a->type == `1`) {
1425	if (!a->dpname)
1426	return `0`;
1427	/ Case 1: two X509_NAME /
1428	if (b->type == `1`) {
1429	if (!b->dpname)
1430	return `0`;
1431	if (!X509_NAME_cmp(a->dpname, b->dpname))
1432	return `1`;
1433	else
1434	return `0`;
1435	}
1436	/ Case 2: set name and GENERAL_NAMES appropriately /
1437	nm = a->dpname;
1438	gens = b->name.fullname;
1439	} else if (b->type == `1`) {
1440	if (!b->dpname)
1441	return `0`;
1442	/ Case 2: set name and GENERAL_NAMES appropriately /
1443	gens = a->name.fullname;
1444	nm = b->dpname;
1445	}
1446
1447	/ Handle case 2 with one GENERAL_NAMES and one X509_NAME /
1448	if (nm) {
1449	for (i = `0`; i < sk_GENERAL_NAME_num(gens); i++) {
1450	gena = sk_GENERAL_NAME_value(gens, i);
1451	if (gena->type != GEN_DIRNAME)
1452	continue;
1453	if (!X509_NAME_cmp(nm, gena->d.directoryName))
1454	return `1`;
1455	}
1456	return `0`;
1457	}
1458
1459	/ Else case 3: two GENERAL_NAMES /
1460
1461	for (i = `0`; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1462	gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1463	for (j = `0`; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1464	genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1465	if (!GENERAL_NAME_cmp(gena, genb))
1466	return `1`;
1467	}
1468	}
1469
1470	return `0`;
1471
1472	}
1473
1474	static int crldp_check_crlissuer(DIST_POINT dp, X509_CRL crl, int crl_score)
1475	{
1476	size_t i;
1477	X509_NAME *nm = X509_CRL_get_issuer(crl);
1478	/ If no CRLissuer return is successful iff don't need a match /
1479	if (!dp->CRLissuer)
1480	return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
1481	for (i = `0`; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1482	GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1483	if (gen->type != GEN_DIRNAME)
1484	continue;
1485	if (!X509_NAME_cmp(gen->d.directoryName, nm))
1486	return `1`;
1487	}
1488	return `0`;
1489	}
1490
1491	/ Check CRLDP and IDP /
1492
1493	static int crl_crldp_check(X509 x, X509_CRL crl, int crl_score,
1494	unsigned int *preasons)
1495	{
1496	size_t i;
1497	if (crl->idp_flags & IDP_ONLYATTR)
1498	return `0`;
1499	if (x->ex_flags & EXFLAG_CA) {
1500	if (crl->idp_flags & IDP_ONLYUSER)
1501	return `0`;
1502	} else {
1503	if (crl->idp_flags & IDP_ONLYCA)
1504	return `0`;
1505	}
1506	*preasons = crl->idp_reasons;
1507	for (i = `0`; i < sk_DIST_POINT_num(x->crldp); i++) {
1508	DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1509	if (crldp_check_crlissuer(dp, crl, crl_score)) {
1510	if (!crl->idp \|\| idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1511	*preasons &= dp->dp_reasons;
1512	return `1`;
1513	}
1514	}
1515	}
1516	if ((!crl->idp \|\| !crl->idp->distpoint)
1517	&& (crl_score & CRL_SCORE_ISSUER_NAME))
1518	return `1`;
1519	return `0`;
1520	}
1521
1522	/*
1523	* Retrieve CRL corresponding to current certificate. If deltas enabled try
1524	* to find a delta CRL too
1525	*/
1526
1527	static int get_crl_delta(X509_STORE_CTX *ctx,
1528	X509_CRL pcrl, X509_CRL pdcrl, X509 *x)
1529	{
1530	int ok;
1531	X509 *issuer = NULL;
1532	int crl_score = `0`;
1533	unsigned int reasons;
1534	X509_CRL crl = NULL, dcrl = NULL;
1535	STACK_OF(X509_CRL) *skcrl;
1536	X509_NAME *nm = X509_get_issuer_name(x);
1537	reasons = ctx->current_reasons;
1538	ok = get_crl_sk(ctx, &crl, &dcrl,
1539	&issuer, &crl_score, &reasons, ctx->crls);
1540
1541	if (ok)
1542	goto done;
1543
1544	/ Lookup CRLs from store /
1545
1546	skcrl = ctx->lookup_crls(ctx, nm);
1547
1548	/ If no CRLs found and a near match from get_crl_sk use that /
1549	if (!skcrl && crl)
1550	goto done;
1551
1552	get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1553
1554	sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1555
1556	done:
1557
1558	/ If we got any kind of CRL use it and return success /
1559	if (crl) {
1560	ctx->current_issuer = issuer;
1561	ctx->current_crl_score = crl_score;
1562	ctx->current_reasons = reasons;
1563	*pcrl = crl;
1564	*pdcrl = dcrl;
1565	return `1`;
1566	}
1567
1568	return `0`;
1569	}
1570
1571	/ Check CRL validity /
1572	static int check_crl(X509_STORE_CTX ctx, X509_CRL crl)
1573	{
1574	X509 *issuer = NULL;
1575	EVP_PKEY *ikey = NULL;
1576	int ok = `0`, chnum, cnum;
1577	cnum = ctx->error_depth;
1578	chnum = sk_X509_num(ctx->chain) - `1`;
1579	/ if we have an alternative CRL issuer cert use that /
1580	if (ctx->current_issuer)
1581	issuer = ctx->current_issuer;
1582
1583	/*
1584	* Else find CRL issuer: if not last certificate then issuer is next
1585	* certificate in chain.
1586	*/
1587	else if (cnum < chnum)
1588	issuer = sk_X509_value(ctx->chain, cnum + `1`);
1589	else {
1590	issuer = sk_X509_value(ctx->chain, chnum);
1591	/ If not self signed, can't check signature /
1592	if (!ctx->check_issued(ctx, issuer, issuer)) {
1593	ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1594	ok = ctx->verify_cb(`0`, ctx);
1595	if (!ok)
1596	goto err;
1597	}
1598	}
1599
1600	if (issuer) {
1601	/*
1602	* Skip most tests for deltas because they have already been done
1603	*/
1604	if (!crl->base_crl_number) {
1605	/ Check for cRLSign bit if keyUsage present /
1606	if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1607	!(issuer->ex_kusage & KU_CRL_SIGN)) {
1608	ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1609	ok = ctx->verify_cb(`0`, ctx);
1610	if (!ok)
1611	goto err;
1612	}
1613
1614	if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1615	ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1616	ok = ctx->verify_cb(`0`, ctx);
1617	if (!ok)
1618	goto err;
1619	}
1620
1621	if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1622	if (check_crl_path(ctx, ctx->current_issuer) <= `0`) {
1623	ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1624	ok = ctx->verify_cb(`0`, ctx);
1625	if (!ok)
1626	goto err;
1627	}
1628	}
1629
1630	if (crl->idp_flags & IDP_INVALID) {
1631	ctx->error = X509_V_ERR_INVALID_EXTENSION;
1632	ok = ctx->verify_cb(`0`, ctx);
1633	if (!ok)
1634	goto err;
1635	}
1636
1637	}
1638
1639	if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1640	ok = check_crl_time(ctx, crl, `1`);
1641	if (!ok)
1642	goto err;
1643	}
1644
1645	/ Attempt to get issuer certificate public key /
1646	ikey = X509_get_pubkey(issuer);
1647
1648	if (!ikey) {
1649	ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1650	ok = ctx->verify_cb(`0`, ctx);
1651	if (!ok)
1652	goto err;
1653	} else {
1654	int rv;
1655	rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1656	if (rv != X509_V_OK) {
1657	ctx->error = rv;
1658	ok = ctx->verify_cb(`0`, ctx);
1659	if (!ok)
1660	goto err;
1661	}
1662	/ Verify CRL signature /
1663	if (X509_CRL_verify(crl, ikey) <= `0`) {
1664	ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1665	ok = ctx->verify_cb(`0`, ctx);
1666	if (!ok)
1667	goto err;
1668	}
1669	}
1670	}
1671
1672	ok = `1`;
1673
1674	err:
1675	EVP_PKEY_free(ikey);
1676	return ok;
1677	}
1678
1679	/ Check certificate against CRL /
1680	static int cert_crl(X509_STORE_CTX ctx, X509_CRL crl, X509 *x)
1681	{
1682	int ok;
1683	X509_REVOKED *rev;
1684	/*
1685	* The rules changed for this... previously if a CRL contained unhandled
1686	* critical extensions it could still be used to indicate a certificate
1687	* was revoked. This has since been changed since critical extension can
1688	* change the meaning of CRL entries.
1689	*/
1690	if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1691	&& (crl->flags & EXFLAG_CRITICAL)) {
1692	ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1693	ok = ctx->verify_cb(`0`, ctx);
1694	if (!ok)
1695	return `0`;
1696	}
1697	/*
1698	* Look for serial number of certificate in CRL If found make sure reason
1699	* is not removeFromCRL.
1700	*/
1701	if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1702	if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1703	return `2`;
1704	ctx->error = X509_V_ERR_CERT_REVOKED;
1705	ok = ctx->verify_cb(`0`, ctx);
1706	if (!ok)
1707	return `0`;
1708	}
1709
1710	return `1`;
1711	}
1712
1713	static int check_policy(X509_STORE_CTX *ctx)
1714	{
1715	int ret;
1716	if (ctx->parent)
1717	return `1`;
1718	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1719	ctx->param->policies, ctx->param->flags);
1720	if (ret == `0`) {
1721	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
1722	ctx->error = X509_V_ERR_OUT_OF_MEM;
1723	return `0`;
1724	}
1725	/ Invalid or inconsistent extensions /
1726	if (ret == -`1`) {
1727	/*
1728	* Locate certificates with bad extensions and notify callback.
1729	*/
1730	X509 *x;
1731	size_t i;
1732	for (i = `1`; i < sk_X509_num(ctx->chain); i++) {
1733	x = sk_X509_value(ctx->chain, i);
1734	if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1735	continue;
1736	ctx->current_cert = x;
1737	ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1738	if (!ctx->verify_cb(`0`, ctx))
1739	return `0`;
1740	}
1741	return `1`;
1742	}
1743	if (ret == -`2`) {
1744	ctx->current_cert = NULL;
1745	ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1746	return ctx->verify_cb(`0`, ctx);
1747	}
1748
1749	if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1750	ctx->current_cert = NULL;
1751	/*
1752	* Verification errors need to be "sticky", a callback may have allowed
1753	* an SSL handshake to continue despite an error, and we must then
1754	* remain in an error state. Therefore, we MUST NOT clear earlier
1755	* verification errors by setting the error to X509_V_OK.
1756	*/
1757	if (!ctx->verify_cb(`2`, ctx))
1758	return `0`;
1759	}
1760
1761	return `1`;
1762	}
1763
1764	static int check_cert_time(X509_STORE_CTX ctx, X509 x)
1765	{
1766	time_t *ptime;
1767	int i;
1768
1769	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1770	ptime = &ctx->param->check_time;
1771	else
1772	ptime = NULL;
1773
1774	i = X509_cmp_time(X509_get_notBefore(x), ptime);
1775	if (i == `0`) {
1776	ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1777	ctx->current_cert = x;
1778	if (!ctx->verify_cb(`0`, ctx))
1779	return `0`;
1780	}
1781
1782	if (i > `0`) {
1783	ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1784	ctx->current_cert = x;
1785	if (!ctx->verify_cb(`0`, ctx))
1786	return `0`;
1787	}
1788
1789	i = X509_cmp_time(X509_get_notAfter(x), ptime);
1790	if (i == `0`) {
1791	ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1792	ctx->current_cert = x;
1793	if (!ctx->verify_cb(`0`, ctx))
1794	return `0`;
1795	}
1796
1797	if (i < `0`) {
1798	ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1799	ctx->current_cert = x;
1800	if (!ctx->verify_cb(`0`, ctx))
1801	return `0`;
1802	}
1803
1804	return `1`;
1805	}
1806
1807	static int internal_verify(X509_STORE_CTX *ctx)
1808	{
1809	int ok = `0`, n;
1810	X509 xs, xi;
1811	EVP_PKEY *pkey = NULL;
1812	int (cb) (int* xok, X509_STORE_CTX *xctx);
1813
1814	cb = ctx->verify_cb;
1815
1816	n = sk_X509_num(ctx->chain);
1817	ctx->error_depth = n - `1`;
1818	n--;
1819	xi = sk_X509_value(ctx->chain, n);
1820
1821	if (ctx->check_issued(ctx, xi, xi))
1822	xs = xi;
1823	else {
1824	if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1825	xs = xi;
1826	goto check_cert;
1827	}
1828	if (n <= `0`) {
1829	ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1830	ctx->current_cert = xi;
1831	ok = cb(`0`, ctx);
1832	goto end;
1833	} else {
1834	n--;
1835	ctx->error_depth = n;
1836	xs = sk_X509_value(ctx->chain, n);
1837	}
1838	}
1839
1840	/ ctx->error=0; not needed /
1841	while (n >= `0`) {
1842	ctx->error_depth = n;
1843
1844	/*
1845	* Skip signature check for self signed certificates unless
1846	* explicitly asked for. It doesn't add any security and just wastes
1847	* time.
1848	*/
1849	if (xs != xi \|\| (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1850	if ((pkey = X509_get_pubkey(xi)) == NULL) {
1851	ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1852	ctx->current_cert = xi;
1853	ok = (*cb) (`0`, ctx);
1854	if (!ok)
1855	goto end;
1856	} else if (X509_verify(xs, pkey) <= `0`) {
1857	ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1858	ctx->current_cert = xs;
1859	ok = (*cb) (`0`, ctx);
1860	if (!ok) {
1861	EVP_PKEY_free(pkey);
1862	goto end;
1863	}
1864	}
1865	EVP_PKEY_free(pkey);
1866	pkey = NULL;
1867	}
1868
1869	check_cert:
1870	ok = check_cert_time(ctx, xs);
1871	if (!ok)
1872	goto end;
1873
1874	/ The last error (if any) is still in the error value /
1875	ctx->current_issuer = xi;
1876	ctx->current_cert = xs;
1877	ok = (*cb) (`1`, ctx);
1878	if (!ok)
1879	goto end;
1880
1881	n--;
1882	if (n >= `0`) {
1883	xi = xs;
1884	xs = sk_X509_value(ctx->chain, n);
1885	}
1886	}
1887	ok = `1`;
1888	end:
1889	return ok;
1890	}
1891
1892	int X509_cmp_current_time(const ASN1_TIME *ctm)
1893	{
1894	return X509_cmp_time(ctm, NULL);
1895	}
1896
1897	int X509_cmp_time(const ASN1_TIME ctm, time_t cmp_time)
1898	{
1899	static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - `1`;
1900	static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - `1`;
1901	ASN1_TIME *asn1_cmp_time = NULL;
1902	int i, day, sec, ret = `0`;
1903
1904	/*
1905	* Note that ASN.1 allows much more slack in the time format than RFC5280.
1906	* In RFC5280, the representation is fixed:
1907	* UTCTime: YYMMDDHHMMSSZ
1908	* GeneralizedTime: YYYYMMDDHHMMSSZ
1909	*
1910	* We do NOT currently enforce the following RFC 5280 requirement:
1911	* "CAs conforming to this profile MUST always encode certificate
1912	* validity dates through the year 2049 as UTCTime; certificate validity
1913	* dates in 2050 or later MUST be encoded as GeneralizedTime."
1914	*/
1915	switch (ctm->type) {
1916	case V_ASN1_UTCTIME:
1917	if (ctm->length != (int)(utctime_length))
1918	return `0`;
1919	break;
1920	case V_ASN1_GENERALIZEDTIME:
1921	if (ctm->length != (int)(generalizedtime_length))
1922	return `0`;
1923	break;
1924	default:
1925	return `0`;
1926	}
1927
1928	/**
1929	* Verify the format: the ASN.1 functions we use below allow a more
1930	* flexible format than what's mandated by RFC 5280.
1931	* Digit and date ranges will be verified in the conversion methods.
1932	*/
1933	for (i = `0`; i < ctm->length - `1`; i++) {
1934	if (!isdigit(ctm->data[i]))
1935	return `0`;
1936	}
1937	if (ctm->data[ctm->length - `1`] != `'Z'`)
1938	return `0`;
1939
1940	/*
1941	* There is ASN1_UTCTIME_cmp_time_t but no
1942	* ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
1943	* so we go through ASN.1
1944	*/
1945	asn1_cmp_time = X509_time_adj(NULL, `0`, cmp_time);
1946	if (asn1_cmp_time == NULL)
1947	goto err;
1948	if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
1949	goto err;
1950
1951	/*
1952	* X509_cmp_time comparison is <=.
1953	* The return value 0 is reserved for errors.
1954	*/
1955	ret = (day >= `0` && sec >= `0`) ? -`1` : `1`;
1956
1957	err:
1958	ASN1_TIME_free(asn1_cmp_time);
1959	return ret;
1960	}
1961
1962	ASN1_TIME X509_gmtime_adj(ASN1_TIME s, long adj)
1963	{
1964	return X509_time_adj(s, adj, NULL);
1965	}
1966
1967	ASN1_TIME X509_time_adj(ASN1_TIME s, long offset_sec, time_t *in_tm)
1968	{
1969	return X509_time_adj_ex(s, `0`, offset_sec, in_tm);
1970	}
1971
1972	ASN1_TIME X509_time_adj_ex(ASN1_TIME s,
1973	int offset_day, long offset_sec, time_t *in_tm)
1974	{
1975	time_t t = `0`;
1976
1977	if (in_tm)
1978	t = *in_tm;
1979	else
1980	time(&t);
1981
1982	if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
1983	if (s->type == V_ASN1_UTCTIME)
1984	return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
1985	if (s->type == V_ASN1_GENERALIZEDTIME)
1986	return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
1987	}
1988	return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1989	}
1990
1991	/ Make a delta CRL as the diff between two full CRLs /
1992
1993	X509_CRL X509_CRL_diff(X509_CRL base, X509_CRL *newer,
1994	EVP_PKEY skey, const* EVP_MD md, unsigned* int flags)
1995	{
1996	X509_CRL *crl = NULL;
1997	int i;
1998	size_t j;
1999	STACK_OF(X509_REVOKED) *revs = NULL;
2000	/ CRLs can't be delta already /
2001	if (base->base_crl_number \|\| newer->base_crl_number) {
2002	OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
2003	return NULL;
2004	}
2005	/ Base and new CRL must have a CRL number /
2006	if (!base->crl_number \|\| !newer->crl_number) {
2007	OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
2008	return NULL;
2009	}
2010	/ Issuer names must match /
2011	if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
2012	OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
2013	return NULL;
2014	}
2015	/ AKID and IDP must match /
2016	if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
2017	OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
2018	return NULL;
2019	}
2020	if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
2021	OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
2022	return NULL;
2023	}
2024	/ Newer CRL number must exceed full CRL number /
2025	if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= `0`) {
2026	OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
2027	return NULL;
2028	}
2029	/ CRLs must verify /
2030	if (skey && (X509_CRL_verify(base, skey) <= `0` \|\|
2031	X509_CRL_verify(newer, skey) <= `0`)) {
2032	OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
2033	return NULL;
2034	}
2035	/ Create new CRL /
2036	crl = X509_CRL_new();
2037	if (!crl \|\| !X509_CRL_set_version(crl, `1`))
2038	goto memerr;
2039	/ Set issuer name /
2040	if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2041	goto memerr;
2042
2043	if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
2044	goto memerr;
2045	if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
2046	goto memerr;
2047
2048	/ Set base CRL number: must be critical /
2049
2050	if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, `1`, `0`))
2051	goto memerr;
2052
2053	/*
2054	* Copy extensions across from newest CRL to delta: this will set CRL
2055	* number to correct value too.
2056	*/
2057
2058	for (i = `0`; i < X509_CRL_get_ext_count(newer); i++) {
2059	X509_EXTENSION *ext;
2060	ext = X509_CRL_get_ext(newer, i);
2061	if (!X509_CRL_add_ext(crl, ext, -`1`))
2062	goto memerr;
2063	}
2064
2065	/ Go through revoked entries, copying as needed /
2066
2067	revs = X509_CRL_get_REVOKED(newer);
2068
2069	for (j = `0`; j < sk_X509_REVOKED_num(revs); j++) {
2070	X509_REVOKED rvn, rvtmp;
2071	rvn = sk_X509_REVOKED_value(revs, j);
2072	/*
2073	* Add only if not also in base. TODO: need something cleverer here
2074	* for some more complex CRLs covering multiple CAs.
2075	*/
2076	if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
2077	rvtmp = X509_REVOKED_dup(rvn);
2078	if (!rvtmp)
2079	goto memerr;
2080	if (!X509_CRL_add0_revoked(crl, rvtmp)) {
2081	X509_REVOKED_free(rvtmp);
2082	goto memerr;
2083	}
2084	}
2085	}
2086	/ TODO: optionally prune deleted entries /
2087
2088	if (skey && md && !X509_CRL_sign(crl, skey, md))
2089	goto memerr;
2090
2091	return crl;
2092
2093	memerr:
2094	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2095	if (crl)
2096	X509_CRL_free(crl);
2097	return NULL;
2098	}
2099
2100	int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2101	CRYPTO_EX_unused * unused,
2102	CRYPTO_EX_dup *dup_unused,
2103	CRYPTO_EX_free *free_func)
2104	{
2105	/*
2106	* This function is (usually) called only once, by
2107	* SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
2108	*/
2109	int index;
2110	if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
2111	free_func)) {
2112	return -`1`;
2113	}
2114	return index;
2115	}
2116
2117	int X509_STORE_CTX_set_ex_data(X509_STORE_CTX ctx, int* idx, void *data)
2118	{
2119	return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
2120	}
2121
2122	void X509_STORE_CTX_get_ex_data(X509_STORE_CTX ctx, int idx)
2123	{
2124	return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2125	}
2126
2127	int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2128	{
2129	return ctx->error;
2130	}
2131
2132	void X509_STORE_CTX_set_error(X509_STORE_CTX ctx, int* err)
2133	{
2134	ctx->error = err;
2135	}
2136
2137	int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2138	{
2139	return ctx->error_depth;
2140	}
2141
2142	X509 X509_STORE_CTX_get_current_cert(X509_STORE_CTX ctx)
2143	{
2144	return ctx->current_cert;
2145	}
2146
2147	STACK_OF(X509) X509_STORE_CTX_get_chain(X509_STORE_CTX ctx)
2148	{
2149	return ctx->chain;
2150	}
2151
2152	STACK_OF(X509) X509_STORE_CTX_get1_chain(X509_STORE_CTX ctx)
2153	{
2154	if (!ctx->chain)
2155	return NULL;
2156	return X509_chain_up_ref(ctx->chain);
2157	}
2158
2159	X509 X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX ctx)
2160	{
2161	return ctx->current_issuer;
2162	}
2163
2164	X509_CRL X509_STORE_CTX_get0_current_crl(X509_STORE_CTX ctx)
2165	{
2166	return ctx->current_crl;
2167	}
2168
2169	X509_STORE_CTX X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX ctx)
2170	{
2171	return ctx->parent;
2172	}
2173
2174	void X509_STORE_CTX_set_cert(X509_STORE_CTX ctx, X509 x)
2175	{
2176	ctx->cert = x;
2177	}
2178
2179	void X509_STORE_CTX_set_chain(X509_STORE_CTX ctx, STACK_OF(X509) sk)
2180	{
2181	ctx->untrusted = sk;
2182	}
2183
2184	STACK_OF(X509) X509_STORE_CTX_get0_untrusted(X509_STORE_CTX ctx)
2185	{
2186	return ctx->untrusted;
2187	}
2188
2189	void X509_STORE_CTX_set0_crls(X509_STORE_CTX ctx, STACK_OF(X509_CRL) sk)
2190	{
2191	ctx->crls = sk;
2192	}
2193
2194	int X509_STORE_CTX_set_purpose(X509_STORE_CTX ctx, int* purpose)
2195	{
2196	return X509_STORE_CTX_purpose_inherit(ctx, `0`, purpose, `0`);
2197	}
2198
2199	int X509_STORE_CTX_set_trust(X509_STORE_CTX ctx, int* trust)
2200	{
2201	return X509_STORE_CTX_purpose_inherit(ctx, `0`, `0`, trust);
2202	}
2203
2204	/*
2205	* This function is used to set the X509_STORE_CTX purpose and trust values.
2206	* This is intended to be used when another structure has its own trust and
2207	* purpose values which (if set) will be inherited by the ctx. If they aren't
2208	* set then we will usually have a default purpose in mind which should then
2209	* be used to set the trust value. An example of this is SSL use: an SSL
2210	* structure will have its own purpose and trust settings which the
2211	* application can set: if they aren't set then we use the default of SSL
2212	* client/server.
2213	*/
2214
2215	int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX ctx, int* def_purpose,
2216	int purpose, int trust)
2217	{
2218	int idx;
2219	/ If purpose not set use default /
2220	if (!purpose)
2221	purpose = def_purpose;
2222	/ If we have a purpose then check it is valid /
2223	if (purpose) {
2224	X509_PURPOSE *ptmp;
2225	idx = X509_PURPOSE_get_by_id(purpose);
2226	if (idx == -`1`) {
2227	OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2228	return `0`;
2229	}
2230	ptmp = X509_PURPOSE_get0(idx);
2231	if (ptmp->trust == X509_TRUST_DEFAULT) {
2232	idx = X509_PURPOSE_get_by_id(def_purpose);
2233	if (idx == -`1`) {
2234	OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2235	return `0`;
2236	}
2237	ptmp = X509_PURPOSE_get0(idx);
2238	}
2239	/ If trust not set then get from purpose default /
2240	if (!trust)
2241	trust = ptmp->trust;
2242	}
2243	if (trust) {
2244	idx = X509_TRUST_get_by_id(trust);
2245	if (idx == -`1`) {
2246	OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2247	return `0`;
2248	}
2249	}
2250
2251	if (purpose && !ctx->param->purpose)
2252	ctx->param->purpose = purpose;
2253	if (trust && !ctx->param->trust)
2254	ctx->param->trust = trust;
2255	return `1`;
2256	}
2257
2258	X509_STORE_CTX X509_STORE_CTX_new(void*)
2259	{
2260	X509_STORE_CTX *ctx;
2261	ctx = (X509_STORE_CTX )OPENSSL_malloc(sizeof*(X509_STORE_CTX));
2262	if (!ctx) {
2263	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2264	return NULL;
2265	}
2266	X509_STORE_CTX_zero(ctx);
2267	return ctx;
2268	}
2269
2270	void X509_STORE_CTX_zero(X509_STORE_CTX *ctx)
2271	{
2272	OPENSSL_memset(ctx, `0`, sizeof(X509_STORE_CTX));
2273	}
2274
2275	void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2276	{
2277	if (ctx == NULL) {
2278	return;
2279	}
2280	X509_STORE_CTX_cleanup(ctx);
2281	OPENSSL_free(ctx);
2282	}
2283
2284	int X509_STORE_CTX_init(X509_STORE_CTX ctx, X509_STORE store, X509 *x509,
2285	STACK_OF(X509) *chain)
2286	{
2287	int ret = `1`;
2288
2289	X509_STORE_CTX_zero(ctx);
2290	ctx->ctx = store;
2291	ctx->cert = x509;
2292	ctx->untrusted = chain;
2293
2294	CRYPTO_new_ex_data(&ctx->ex_data);
2295
2296	ctx->param = X509_VERIFY_PARAM_new();
2297	if (!ctx->param)
2298	goto err;
2299
2300	/*
2301	* Inherit callbacks and flags from X509_STORE if not set use defaults.
2302	*/
2303
2304	if (store)
2305	ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2306	else
2307	ctx->param->inh_flags \|= X509_VP_FLAG_DEFAULT \| X509_VP_FLAG_ONCE;
2308
2309	if (store) {
2310	ctx->verify_cb = store->verify_cb;
2311	ctx->cleanup = store->cleanup;
2312	} else
2313	ctx->cleanup = `0`;
2314
2315	if (ret)
2316	ret = X509_VERIFY_PARAM_inherit(ctx->param,
2317	X509_VERIFY_PARAM_lookup("default"));
2318
2319	if (ret == `0`)
2320	goto err;
2321
2322	if (store && store->check_issued)
2323	ctx->check_issued = store->check_issued;
2324	else
2325	ctx->check_issued = check_issued;
2326
2327	if (store && store->get_issuer)
2328	ctx->get_issuer = store->get_issuer;
2329	else
2330	ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2331
2332	if (store && store->verify_cb)
2333	ctx->verify_cb = store->verify_cb;
2334	else
2335	ctx->verify_cb = null_callback;
2336
2337	if (store && store->verify)
2338	ctx->verify = store->verify;
2339	else
2340	ctx->verify = internal_verify;
2341
2342	if (store && store->check_revocation)
2343	ctx->check_revocation = store->check_revocation;
2344	else
2345	ctx->check_revocation = check_revocation;
2346
2347	if (store && store->get_crl)
2348	ctx->get_crl = store->get_crl;
2349	else
2350	ctx->get_crl = NULL;
2351
2352	if (store && store->check_crl)
2353	ctx->check_crl = store->check_crl;
2354	else
2355	ctx->check_crl = check_crl;
2356
2357	if (store && store->cert_crl)
2358	ctx->cert_crl = store->cert_crl;
2359	else
2360	ctx->cert_crl = cert_crl;
2361
2362	if (store && store->lookup_certs)
2363	ctx->lookup_certs = store->lookup_certs;
2364	else
2365	ctx->lookup_certs = X509_STORE_get1_certs;
2366
2367	if (store && store->lookup_crls)
2368	ctx->lookup_crls = store->lookup_crls;
2369	else
2370	ctx->lookup_crls = X509_STORE_get1_crls;
2371
2372	ctx->check_policy = check_policy;
2373
2374	return `1`;
2375
2376	err:
2377	CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2378	if (ctx->param != NULL) {
2379	X509_VERIFY_PARAM_free(ctx->param);
2380	}
2381
2382	OPENSSL_memset(ctx, `0`, sizeof(X509_STORE_CTX));
2383	OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2384	return `0`;
2385	}
2386
2387	/*
2388	* Set alternative lookup method: just a STACK of trusted certificates. This
2389	* avoids X509_STORE nastiness where it isn't needed.
2390	*/
2391
2392	void X509_STORE_CTX_trusted_stack(X509_STORE_CTX ctx, STACK_OF(X509) sk)
2393	{
2394	ctx->other_ctx = sk;
2395	ctx->get_issuer = get_issuer_sk;
2396	}
2397
2398	void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2399	{
2400	/ We need to be idempotent because, unfortunately, \|X509_STORE_CTX_free\|*
2401	* also calls this function. */
2402	if (ctx->cleanup != NULL) {
2403	ctx->cleanup(ctx);
2404	ctx->cleanup = NULL;
2405	}
2406	if (ctx->param != NULL) {
2407	if (ctx->parent == NULL)
2408	X509_VERIFY_PARAM_free(ctx->param);
2409	ctx->param = NULL;
2410	}
2411	if (ctx->tree != NULL) {
2412	X509_policy_tree_free(ctx->tree);
2413	ctx->tree = NULL;
2414	}
2415	if (ctx->chain != NULL) {
2416	sk_X509_pop_free(ctx->chain, X509_free);
2417	ctx->chain = NULL;
2418	}
2419	CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2420	OPENSSL_memset(&ctx->ex_data, `0`, sizeof(CRYPTO_EX_DATA));
2421	}
2422
2423	void X509_STORE_CTX_set_depth(X509_STORE_CTX ctx, int* depth)
2424	{
2425	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2426	}
2427
2428	void X509_STORE_CTX_set_flags(X509_STORE_CTX ctx, unsigned* long flags)
2429	{
2430	X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2431	}
2432
2433	void X509_STORE_CTX_set_time(X509_STORE_CTX ctx, unsigned* long flags,
2434	time_t t)
2435	{
2436	X509_VERIFY_PARAM_set_time(ctx->param, t);
2437	}
2438
2439	X509 X509_STORE_CTX_get0_cert(X509_STORE_CTX ctx)
2440	{
2441	return ctx->cert;
2442	}
2443
2444	void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2445	int (verify_cb) (int, X509_STORE_CTX ))
2446	{
2447	ctx->verify_cb = verify_cb;
2448	}
2449
2450	X509_POLICY_TREE X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX ctx)
2451	{
2452	return ctx->tree;
2453	}
2454
2455	int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2456	{
2457	return ctx->explicit_policy;
2458	}
2459
2460	int X509_STORE_CTX_set_default(X509_STORE_CTX ctx, const* char *name)
2461	{
2462	const X509_VERIFY_PARAM *param;
2463	param = X509_VERIFY_PARAM_lookup(name);
2464	if (!param)
2465	return `0`;
2466	return X509_VERIFY_PARAM_inherit(ctx->param, param);
2467	}
2468
2469	X509_VERIFY_PARAM X509_STORE_CTX_get0_param(X509_STORE_CTX ctx)
2470	{
2471	return ctx->param;
2472	}
2473
2474	void X509_STORE_CTX_set0_param(X509_STORE_CTX ctx, X509_VERIFY_PARAM param)
2475	{
2476	if (ctx->param)
2477	X509_VERIFY_PARAM_free(ctx->param);
2478	ctx->param = param;
2479	}
2480
2481	IMPLEMENT_ASN1_SET_OF(X509)
2482
2483	IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
2484

Browse the source code of engine/third_party/boringssl/src/crypto/x509/x509_vfy.c