b6d4989e4bc1858b392e5a60b11933c08afc4337
[openssl.git] / crypto / x509 / x509_vfy.c
1 /* crypto/x509/x509_vfy.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include <time.h>
61 #include <errno.h>
62
63 #include "cryptlib.h"
64 #include <openssl/crypto.h>
65 #include <openssl/lhash.h>
66 #include <openssl/buffer.h>
67 #include <openssl/evp.h>
68 #include <openssl/asn1.h>
69 #include <openssl/x509.h>
70 #include <openssl/x509v3.h>
71 #include <openssl/objects.h>
72 #include "x509_lcl.h"
73
74 /* CRL score values */
75
76 /* No unhandled critical extensions */
77
78 #define CRL_SCORE_NOCRITICAL    0x100
79
80 /* certificate is within CRL scope */
81
82 #define CRL_SCORE_SCOPE         0x080
83
84 /* CRL times valid */
85
86 #define CRL_SCORE_TIME          0x040
87
88 /* Issuer name matches certificate */
89
90 #define CRL_SCORE_ISSUER_NAME   0x020
91
92 /* If this score or above CRL is probably valid */
93
94 #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
95
96 /* CRL issuer is certificate issuer */
97
98 #define CRL_SCORE_ISSUER_CERT   0x018
99
100 /* CRL issuer is on certificate path */
101
102 #define CRL_SCORE_SAME_PATH     0x008
103
104 /* CRL issuer matches CRL AKID */
105
106 #define CRL_SCORE_AKID          0x004
107
108 /* Have a delta CRL with valid times */
109
110 #define CRL_SCORE_TIME_DELTA    0x002
111
112 static int null_callback(int ok,X509_STORE_CTX *e);
113 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
114 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
115 static int check_chain_extensions(X509_STORE_CTX *ctx);
116 static int check_name_constraints(X509_STORE_CTX *ctx);
117 static int check_id(X509_STORE_CTX *ctx);
118 static int check_trust(X509_STORE_CTX *ctx);
119 static int check_revocation(X509_STORE_CTX *ctx);
120 static int check_cert(X509_STORE_CTX *ctx);
121 static int check_policy(X509_STORE_CTX *ctx);
122
123 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
124                         unsigned int *preasons,
125                         X509_CRL *crl, X509 *x);
126 static int get_crl_delta(X509_STORE_CTX *ctx,
127                                 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
128 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
129                         X509_CRL *base, STACK_OF(X509_CRL) *crls);
130 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
131                                 X509 **pissuer, int *pcrl_score);
132 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
133                                 unsigned int *preasons);
134 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
135 static int check_crl_chain(X509_STORE_CTX *ctx,
136                         STACK_OF(X509) *cert_path,
137                         STACK_OF(X509) *crl_path);
138
139 static int internal_verify(X509_STORE_CTX *ctx);
140 const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
141
142
143 static int null_callback(int ok, X509_STORE_CTX *e)
144         {
145         return ok;
146         }
147
148 #if 0
149 static int x509_subject_cmp(X509 **a, X509 **b)
150         {
151         return X509_subject_name_cmp(*a,*b);
152         }
153 #endif
154 /* Return 1 is a certificate is self signed */
155 static int cert_self_signed(X509 *x)
156         {
157         X509_check_purpose(x, -1, 0);
158         if (x->ex_flags & EXFLAG_SS)
159                 return 1;
160         else
161                 return 0;
162         }
163
164 /* Given a certificate try and find an exact match in the store */
165
166 static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
167         {
168         STACK_OF(X509) *certs;
169         X509 *xtmp = NULL;
170         int i;
171         /* Lookup all certs with matching subject name */
172         certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
173         if (certs == NULL)
174                 return NULL;
175         /* Look for exact match */
176         for (i = 0; i < sk_X509_num(certs); i++)
177                 {
178                 xtmp = sk_X509_value(certs, i);
179                 if (!X509_cmp(xtmp, x))
180                         break;
181                 }
182         if (i < sk_X509_num(certs))
183                 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
184         else
185                 xtmp = NULL;
186         sk_X509_pop_free(certs, X509_free);
187         return xtmp;
188         }
189
190 int X509_verify_cert(X509_STORE_CTX *ctx)
191         {
192         X509 *x,*xtmp,*chain_ss=NULL;
193         int bad_chain = 0;
194         X509_VERIFY_PARAM *param = ctx->param;
195         int depth,i,ok=0;
196         int num;
197         int (*cb)(int xok,X509_STORE_CTX *xctx);
198         STACK_OF(X509) *sktmp=NULL;
199         if (ctx->cert == NULL)
200                 {
201                 X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
202                 return -1;
203                 }
204
205         cb=ctx->verify_cb;
206
207         /* first we make sure the chain we are going to build is
208          * present and that the first entry is in place */
209         if (ctx->chain == NULL)
210                 {
211                 if (    ((ctx->chain=sk_X509_new_null()) == NULL) ||
212                         (!sk_X509_push(ctx->chain,ctx->cert)))
213                         {
214                         X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
215                         goto end;
216                         }
217                 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
218                 ctx->last_untrusted=1;
219                 }
220
221         /* We use a temporary STACK so we can chop and hack at it */
222         if (ctx->untrusted != NULL
223             && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
224                 {
225                 X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
226                 goto end;
227                 }
228
229         num=sk_X509_num(ctx->chain);
230         x=sk_X509_value(ctx->chain,num-1);
231         depth=param->depth;
232
233
234         for (;;)
235                 {
236                 /* If we have enough, we break */
237                 if (depth < num) break; /* FIXME: If this happens, we should take
238                                          * note of it and, if appropriate, use the
239                                          * X509_V_ERR_CERT_CHAIN_TOO_LONG error
240                                          * code later.
241                                          */
242
243                 /* If we are self signed, we break */
244                 if (cert_self_signed(x))
245                         break;
246                 /* If asked see if we can find issuer in trusted store first */
247                 if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
248                         {
249                         ok = ctx->get_issuer(&xtmp, ctx, x);
250                         if (ok < 0)
251                                 return ok;
252                         /* If successful for now free up cert so it
253                          * will be picked up again later.
254                          */
255                         if (ok > 0)
256                                 {
257                                 X509_free(xtmp);
258                                 break;
259                                 }
260                         }
261
262                 /* If we were passed a cert chain, use it first */
263                 if (ctx->untrusted != NULL)
264                         {
265                         xtmp=find_issuer(ctx, sktmp,x);
266                         if (xtmp != NULL)
267                                 {
268                                 if (!sk_X509_push(ctx->chain,xtmp))
269                                         {
270                                         X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
271                                         goto end;
272                                         }
273                                 CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
274                                 (void)sk_X509_delete_ptr(sktmp,xtmp);
275                                 ctx->last_untrusted++;
276                                 x=xtmp;
277                                 num++;
278                                 /* reparse the full chain for
279                                  * the next one */
280                                 continue;
281                                 }
282                         }
283                 break;
284                 }
285
286         /* at this point, chain should contain a list of untrusted
287          * certificates.  We now need to add at least one trusted one,
288          * if possible, otherwise we complain. */
289
290         /* Examine last certificate in chain and see if it
291          * is self signed.
292          */
293
294         i=sk_X509_num(ctx->chain);
295         x=sk_X509_value(ctx->chain,i-1);
296         if (cert_self_signed(x))
297                 {
298                 /* we have a self signed certificate */
299                 if (sk_X509_num(ctx->chain) == 1)
300                         {
301                         /* We have a single self signed certificate: see if
302                          * we can find it in the store. We must have an exact
303                          * match to avoid possible impersonation.
304                          */
305                         ok = ctx->get_issuer(&xtmp, ctx, x);
306                         if ((ok <= 0) || X509_cmp(x, xtmp)) 
307                                 {
308                                 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
309                                 ctx->current_cert=x;
310                                 ctx->error_depth=i-1;
311                                 if (ok == 1) X509_free(xtmp);
312                                 bad_chain = 1;
313                                 ok=cb(0,ctx);
314                                 if (!ok) goto end;
315                                 }
316                         else 
317                                 {
318                                 /* We have a match: replace certificate with store version
319                                  * so we get any trust settings.
320                                  */
321                                 X509_free(x);
322                                 x = xtmp;
323                                 (void)sk_X509_set(ctx->chain, i - 1, x);
324                                 ctx->last_untrusted=0;
325                                 }
326                         }
327                 else
328                         {
329                         /* extract and save self signed certificate for later use */
330                         chain_ss=sk_X509_pop(ctx->chain);
331                         ctx->last_untrusted--;
332                         num--;
333                         x=sk_X509_value(ctx->chain,num-1);
334                         }
335                 }
336
337         /* We now lookup certs from the certificate store */
338         for (;;)
339                 {
340                 /* If we have enough, we break */
341                 if (depth < num) break;
342
343                 /* If we are self signed, we break */
344                 if (cert_self_signed(x))
345                         break;
346
347                 ok = ctx->get_issuer(&xtmp, ctx, x);
348
349                 if (ok < 0) return ok;
350                 if (ok == 0) break;
351
352                 x = xtmp;
353                 if (!sk_X509_push(ctx->chain,x))
354                         {
355                         X509_free(xtmp);
356                         X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
357                         return 0;
358                         }
359                 num++;
360                 }
361
362         /* we now have our chain, lets check it... */
363
364         i = check_trust(ctx);
365
366         /* If explicitly rejected error */
367         if (i == X509_TRUST_REJECTED)
368                 goto end;
369         /* If not explicitly trusted then indicate error unless it's
370          * a single self signed certificate in which case we've indicated
371          * an error already and set bad_chain == 1
372          */
373         if (i != X509_TRUST_TRUSTED && !bad_chain)
374                 {
375                 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
376                         {
377                         if (ctx->last_untrusted >= num)
378                                 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
379                         else
380                                 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
381                         ctx->current_cert=x;
382                         }
383                 else
384                         {
385
386                         sk_X509_push(ctx->chain,chain_ss);
387                         num++;
388                         ctx->last_untrusted=num;
389                         ctx->current_cert=chain_ss;
390                         ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
391                         chain_ss=NULL;
392                         }
393
394                 ctx->error_depth=num-1;
395                 bad_chain = 1;
396                 ok=cb(0,ctx);
397                 if (!ok) goto end;
398                 }
399
400         /* We have the chain complete: now we need to check its purpose */
401         ok = check_chain_extensions(ctx);
402
403         if (!ok) goto end;
404
405         /* Check name constraints */
406
407         ok = check_name_constraints(ctx);
408         
409         if (!ok) goto end;
410
411         ok = check_id(ctx);
412
413         if (!ok) goto end;
414
415         /* We may as well copy down any DSA parameters that are required */
416         X509_get_pubkey_parameters(NULL,ctx->chain);
417
418         /* Check revocation status: we do this after copying parameters
419          * because they may be needed for CRL signature verification.
420          */
421
422         ok = ctx->check_revocation(ctx);
423         if(!ok) goto end;
424
425         i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
426                                                         ctx->param->flags);
427         if (i != X509_V_OK)
428                 {
429                 ctx->error = i;
430                 ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
431                 ok = cb(0, ctx);
432                 if (!ok)
433                         goto end;
434                 }
435
436         /* At this point, we have a chain and need to verify it */
437         if (ctx->verify != NULL)
438                 ok=ctx->verify(ctx);
439         else
440                 ok=internal_verify(ctx);
441         if(!ok) goto end;
442
443 #ifndef OPENSSL_NO_RFC3779
444         /* RFC 3779 path validation, now that CRL check has been done */
445         ok = v3_asid_validate_path(ctx);
446         if (!ok) goto end;
447         ok = v3_addr_validate_path(ctx);
448         if (!ok) goto end;
449 #endif
450
451         /* If we get this far evaluate policies */
452         if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
453                 ok = ctx->check_policy(ctx);
454         if(!ok) goto end;
455         if (0)
456                 {
457 end:
458                 X509_get_pubkey_parameters(NULL,ctx->chain);
459                 }
460         if (sktmp != NULL) sk_X509_free(sktmp);
461         if (chain_ss != NULL) X509_free(chain_ss);
462         return ok;
463         }
464
465
466 /* Given a STACK_OF(X509) find the issuer of cert (if any)
467  */
468
469 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
470 {
471         int i;
472         X509 *issuer, *rv = NULL;;
473         for (i = 0; i < sk_X509_num(sk); i++)
474                 {
475                 issuer = sk_X509_value(sk, i);
476                 if (ctx->check_issued(ctx, x, issuer))
477                         {
478                         rv = issuer;
479                         if (x509_check_cert_time(ctx, rv, 1))
480                                 break;
481                         }
482                 }
483         return rv;
484 }
485
486 /* Given a possible certificate and issuer check them */
487
488 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
489 {
490         int ret;
491         if (x == issuer)
492                 return cert_self_signed(x);
493         ret = X509_check_issued(issuer, x);
494         if (ret == X509_V_OK)
495                 {
496                 int i;
497                 X509 *ch;
498                 /* Special case: single self signed certificate */
499                 if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
500                         return 1;
501                 for (i = 0; i < sk_X509_num(ctx->chain); i++)
502                         {
503                         ch = sk_X509_value(ctx->chain, i);
504                         if (ch == issuer || !X509_cmp(ch, issuer))
505                                 {
506                                 ret = X509_V_ERR_PATH_LOOP;
507                                 break;
508                                 }
509                         }
510                 }
511
512         if (ret == X509_V_OK)
513                 return 1;
514         /* If we haven't asked for issuer errors don't set ctx */
515         if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
516                 return 0;
517
518         ctx->error = ret;
519         ctx->current_cert = x;
520         ctx->current_issuer = issuer;
521         return ctx->verify_cb(0, ctx);
522         return 0;
523 }
524
525 /* Alternative lookup method: look from a STACK stored in other_ctx */
526
527 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
528 {
529         *issuer = find_issuer(ctx, ctx->other_ctx, x);
530         if (*issuer)
531                 {
532                 CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
533                 return 1;
534                 }
535         else
536                 return 0;
537 }
538         
539
540 /* Check a certificate chains extensions for consistency
541  * with the supplied purpose
542  */
543
544 static int check_chain_extensions(X509_STORE_CTX *ctx)
545 {
546 #ifdef OPENSSL_NO_CHAIN_VERIFY
547         return 1;
548 #else
549         int i, ok=0, must_be_ca, plen = 0;
550         X509 *x;
551         int (*cb)(int xok,X509_STORE_CTX *xctx);
552         int proxy_path_length = 0;
553         int purpose;
554         int allow_proxy_certs;
555         cb=ctx->verify_cb;
556
557         /* must_be_ca can have 1 of 3 values:
558            -1: we accept both CA and non-CA certificates, to allow direct
559                use of self-signed certificates (which are marked as CA).
560            0:  we only accept non-CA certificates.  This is currently not
561                used, but the possibility is present for future extensions.
562            1:  we only accept CA certificates.  This is currently used for
563                all certificates in the chain except the leaf certificate.
564         */
565         must_be_ca = -1;
566
567         /* CRL path validation */
568         if (ctx->parent)
569                 {
570                 allow_proxy_certs = 0;
571                 purpose = X509_PURPOSE_CRL_SIGN;
572                 }
573         else
574                 {
575                 allow_proxy_certs =
576                         !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
577                 /* A hack to keep people who don't want to modify their
578                    software happy */
579                 if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
580                         allow_proxy_certs = 1;
581                 purpose = ctx->param->purpose;
582                 }
583
584         /* Check all untrusted certificates */
585         for (i = 0; i < ctx->last_untrusted; i++)
586                 {
587                 int ret;
588                 x = sk_X509_value(ctx->chain, i);
589                 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
590                         && (x->ex_flags & EXFLAG_CRITICAL))
591                         {
592                         ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
593                         ctx->error_depth = i;
594                         ctx->current_cert = x;
595                         ok=cb(0,ctx);
596                         if (!ok) goto end;
597                         }
598                 if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
599                         {
600                         ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
601                         ctx->error_depth = i;
602                         ctx->current_cert = x;
603                         ok=cb(0,ctx);
604                         if (!ok) goto end;
605                         }
606                 ret = X509_check_ca(x);
607                 switch(must_be_ca)
608                         {
609                 case -1:
610                         if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
611                                 && (ret != 1) && (ret != 0))
612                                 {
613                                 ret = 0;
614                                 ctx->error = X509_V_ERR_INVALID_CA;
615                                 }
616                         else
617                                 ret = 1;
618                         break;
619                 case 0:
620                         if (ret != 0)
621                                 {
622                                 ret = 0;
623                                 ctx->error = X509_V_ERR_INVALID_NON_CA;
624                                 }
625                         else
626                                 ret = 1;
627                         break;
628                 default:
629                         if ((ret == 0)
630                                 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
631                                         && (ret != 1)))
632                                 {
633                                 ret = 0;
634                                 ctx->error = X509_V_ERR_INVALID_CA;
635                                 }
636                         else
637                                 ret = 1;
638                         break;
639                         }
640                 if (ret == 0)
641                         {
642                         ctx->error_depth = i;
643                         ctx->current_cert = x;
644                         ok=cb(0,ctx);
645                         if (!ok) goto end;
646                         }
647                 if (ctx->param->purpose > 0)
648                         {
649                         ret = X509_check_purpose(x, purpose, must_be_ca > 0);
650                         if ((ret == 0)
651                                 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
652                                         && (ret != 1)))
653                                 {
654                                 ctx->error = X509_V_ERR_INVALID_PURPOSE;
655                                 ctx->error_depth = i;
656                                 ctx->current_cert = x;
657                                 ok=cb(0,ctx);
658                                 if (!ok) goto end;
659                                 }
660                         }
661                 /* Check pathlen if not self issued */
662                 if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
663                            && (x->ex_pathlen != -1)
664                            && (plen > (x->ex_pathlen + proxy_path_length + 1)))
665                         {
666                         ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
667                         ctx->error_depth = i;
668                         ctx->current_cert = x;
669                         ok=cb(0,ctx);
670                         if (!ok) goto end;
671                         }
672                 /* Increment path length if not self issued */
673                 if (!(x->ex_flags & EXFLAG_SI))
674                         plen++;
675                 /* If this certificate is a proxy certificate, the next
676                    certificate must be another proxy certificate or a EE
677                    certificate.  If not, the next certificate must be a
678                    CA certificate.  */
679                 if (x->ex_flags & EXFLAG_PROXY)
680                         {
681                         if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen)
682                                 {
683                                 ctx->error =
684                                         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
685                                 ctx->error_depth = i;
686                                 ctx->current_cert = x;
687                                 ok=cb(0,ctx);
688                                 if (!ok) goto end;
689                                 }
690                         proxy_path_length++;
691                         must_be_ca = 0;
692                         }
693                 else
694                         must_be_ca = 1;
695                 }
696         ok = 1;
697  end:
698         return ok;
699 #endif
700 }
701
702 static int check_name_constraints(X509_STORE_CTX *ctx)
703         {
704         X509 *x;
705         int i, j, rv;
706         /* Check name constraints for all certificates */
707         for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
708                 {
709                 x = sk_X509_value(ctx->chain, i);
710                 /* Ignore self issued certs unless last in chain */
711                 if (i && (x->ex_flags & EXFLAG_SI))
712                         continue;
713                 /* Check against constraints for all certificates higher in
714                  * chain including trust anchor. Trust anchor not strictly
715                  * speaking needed but if it includes constraints it is to be
716                  * assumed it expects them to be obeyed.
717                  */
718                 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--)
719                         {
720                         NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
721                         if (nc)
722                                 {
723                                 rv = NAME_CONSTRAINTS_check(x, nc);
724                                 if (rv != X509_V_OK)
725                                         {
726                                         ctx->error = rv;
727                                         ctx->error_depth = i;
728                                         ctx->current_cert = x;
729                                         if (!ctx->verify_cb(0,ctx))
730                                                 return 0;
731                                         }
732                                 }
733                         }
734                 }
735         return 1;
736         }
737
738 static int check_id_error(X509_STORE_CTX *ctx, int errcode)
739         {
740         ctx->error = errcode;
741         ctx->current_cert = ctx->cert;
742         ctx->error_depth = 0;
743         return ctx->verify_cb(0, ctx);
744         }
745
746 static int check_id(X509_STORE_CTX *ctx)
747         {
748         X509_VERIFY_PARAM *vpm = ctx->param;
749         X509_VERIFY_PARAM_ID *id = vpm->id;
750         X509 *x = ctx->cert;
751         if (id->host && !X509_check_host(x, id->host, 0, id->hostflags))
752                 {
753                 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
754                         return 0;
755                 }
756         if (id->email && !X509_check_email(x, id->email, id->emaillen, 0))
757                 {
758                 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
759                         return 0;
760                 }
761         if (id->ip && !X509_check_ip(x, id->ip, id->iplen, 0))
762                 {
763                 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
764                         return 0;
765                 }
766         return 1;
767         }
768
769 static int check_trust(X509_STORE_CTX *ctx)
770 {
771         int i, ok;
772         X509 *x = NULL;
773         int (*cb)(int xok,X509_STORE_CTX *xctx);
774         cb=ctx->verify_cb;
775         /* Check all trusted certificates in chain */
776         for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++)
777                 {
778                 x = sk_X509_value(ctx->chain, i);
779                 ok = X509_check_trust(x, ctx->param->trust, 0);
780                 /* If explicitly trusted return trusted */
781                 if (ok == X509_TRUST_TRUSTED)
782                         return X509_TRUST_TRUSTED;
783                 /* If explicitly rejected notify callback and reject if
784                  * not overridden.
785                  */
786                 if (ok == X509_TRUST_REJECTED)
787                         {
788                         ctx->error_depth = i;
789                         ctx->current_cert = x;
790                         ctx->error = X509_V_ERR_CERT_REJECTED;
791                         ok = cb(0, ctx);
792                         if (!ok)
793                                 return X509_TRUST_REJECTED;
794                         }
795                 }
796         /* If we accept partial chains and have at least one trusted
797          * certificate return success.
798          */
799         if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
800                 {
801                 X509 *mx;
802                 if (ctx->last_untrusted < sk_X509_num(ctx->chain))
803                         return X509_TRUST_TRUSTED;
804                 x = sk_X509_value(ctx->chain, 0);
805                 mx = lookup_cert_match(ctx, x);
806                 if (mx)
807                         {
808                         (void)sk_X509_set(ctx->chain, 0, mx);
809                         X509_free(x);
810                         ctx->last_untrusted = 0;
811                         return X509_TRUST_TRUSTED;
812                         }
813                 }
814
815         /* If no trusted certs in chain at all return untrusted and
816          * allow standard (no issuer cert) etc errors to be indicated.
817          */
818         return X509_TRUST_UNTRUSTED;
819 }
820
821 static int check_revocation(X509_STORE_CTX *ctx)
822         {
823         int i, last, ok;
824         if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
825                 return 1;
826         if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
827                 last = sk_X509_num(ctx->chain) - 1;
828         else
829                 {
830                 /* If checking CRL paths this isn't the EE certificate */
831                 if (ctx->parent)
832                         return 1;
833                 last = 0;
834                 }
835         for(i = 0; i <= last; i++)
836                 {
837                 ctx->error_depth = i;
838                 ok = check_cert(ctx);
839                 if (!ok) return ok;
840                 }
841         return 1;
842         }
843
844 static int check_cert(X509_STORE_CTX *ctx)
845         {
846         X509_CRL *crl = NULL, *dcrl = NULL;
847         X509 *x;
848         int ok, cnum;
849         unsigned int last_reasons;
850         cnum = ctx->error_depth;
851         x = sk_X509_value(ctx->chain, cnum);
852         ctx->current_cert = x;
853         ctx->current_issuer = NULL;
854         ctx->current_crl_score = 0;
855         ctx->current_reasons = 0;
856         while (ctx->current_reasons != CRLDP_ALL_REASONS)
857                 {
858                 last_reasons = ctx->current_reasons;
859                 /* Try to retrieve relevant CRL */
860                 if (ctx->get_crl)
861                         ok = ctx->get_crl(ctx, &crl, x);
862                 else
863                         ok = get_crl_delta(ctx, &crl, &dcrl, x);
864                 /* If error looking up CRL, nothing we can do except
865                  * notify callback
866                  */
867                 if(!ok)
868                         {
869                         ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
870                         ok = ctx->verify_cb(0, ctx);
871                         goto err;
872                         }
873                 ctx->current_crl = crl;
874                 ok = ctx->check_crl(ctx, crl);
875                 if (!ok)
876                         goto err;
877
878                 if (dcrl)
879                         {
880                         ok = ctx->check_crl(ctx, dcrl);
881                         if (!ok)
882                                 goto err;
883                         ok = ctx->cert_crl(ctx, dcrl, x);
884                         if (!ok)
885                                 goto err;
886                         }
887                 else
888                         ok = 1;
889
890                 /* Don't look in full CRL if delta reason is removefromCRL */
891                 if (ok != 2)
892                         {
893                         ok = ctx->cert_crl(ctx, crl, x);
894                         if (!ok)
895                                 goto err;
896                         }
897
898                 X509_CRL_free(crl);
899                 X509_CRL_free(dcrl);
900                 crl = NULL;
901                 dcrl = NULL;
902                 /* If reasons not updated we wont get anywhere by
903                  * another iteration, so exit loop.
904                  */
905                 if (last_reasons == ctx->current_reasons)
906                         {
907                         ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
908                         ok = ctx->verify_cb(0, ctx);
909                         goto err;
910                         }
911                 }
912         err:
913         X509_CRL_free(crl);
914         X509_CRL_free(dcrl);
915
916         ctx->current_crl = NULL;
917         return ok;
918
919         }
920
921 /* Check CRL times against values in X509_STORE_CTX */
922
923 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
924         {
925         time_t *ptime;
926         int i;
927         if (notify)
928                 ctx->current_crl = crl;
929         if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
930                 ptime = &ctx->param->check_time;
931         else
932                 ptime = NULL;
933
934         i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
935         if (i == 0)
936                 {
937                 if (!notify)
938                         return 0;
939                 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
940                 if (!ctx->verify_cb(0, ctx))
941                         return 0;
942                 }
943
944         if (i > 0)
945                 {
946                 if (!notify)
947                         return 0;
948                 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
949                 if (!ctx->verify_cb(0, ctx))
950                         return 0;
951                 }
952
953         if(X509_CRL_get_nextUpdate(crl))
954                 {
955                 i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
956
957                 if (i == 0)
958                         {
959                         if (!notify)
960                                 return 0;
961                         ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
962                         if (!ctx->verify_cb(0, ctx))
963                                 return 0;
964                         }
965                 /* Ignore expiry of base CRL is delta is valid */
966                 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA))
967                         {
968                         if (!notify)
969                                 return 0;
970                         ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
971                         if (!ctx->verify_cb(0, ctx))
972                                 return 0;
973                         }
974                 }
975
976         if (notify)
977                 ctx->current_crl = NULL;
978
979         return 1;
980         }
981
982 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
983                         X509 **pissuer, int *pscore, unsigned int *preasons,
984                         STACK_OF(X509_CRL) *crls)
985         {
986         int i, crl_score, best_score = *pscore;
987         unsigned int reasons, best_reasons = 0;
988         X509 *x = ctx->current_cert;
989         X509_CRL *crl, *best_crl = NULL;
990         X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
991
992         for (i = 0; i < sk_X509_CRL_num(crls); i++)
993                 {
994                 crl = sk_X509_CRL_value(crls, i);
995                 reasons = *preasons;
996                 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
997
998                 if (crl_score > best_score)
999                         {
1000                         best_crl = crl;
1001                         best_crl_issuer = crl_issuer;
1002                         best_score = crl_score;
1003                         best_reasons = reasons;
1004                         }
1005                 }
1006
1007         if (best_crl)
1008                 {
1009                 if (*pcrl)
1010                         X509_CRL_free(*pcrl);
1011                 *pcrl = best_crl;
1012                 *pissuer = best_crl_issuer;
1013                 *pscore = best_score;
1014                 *preasons = best_reasons;
1015                 CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
1016                 if (*pdcrl)
1017                         {
1018                         X509_CRL_free(*pdcrl);
1019                         *pdcrl = NULL;
1020                         }
1021                 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1022                 }
1023
1024         if (best_score >= CRL_SCORE_VALID)
1025                 return 1;
1026
1027         return 0;
1028         }
1029
1030 /* Compare two CRL extensions for delta checking purposes. They should be
1031  * both present or both absent. If both present all fields must be identical.
1032  */
1033
1034 static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
1035         {
1036         ASN1_OCTET_STRING *exta, *extb;
1037         int i;
1038         i = X509_CRL_get_ext_by_NID(a, nid, -1);
1039         if (i >= 0)
1040                 {
1041                 /* Can't have multiple occurrences */
1042                 if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1043                         return 0;
1044                 exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1045                 }
1046         else
1047                 exta = NULL;
1048
1049         i = X509_CRL_get_ext_by_NID(b, nid, -1);
1050
1051         if (i >= 0)
1052                 {
1053
1054                 if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1055                         return 0;
1056                 extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1057                 }
1058         else
1059                 extb = NULL;
1060
1061         if (!exta && !extb)
1062                 return 1;
1063
1064         if (!exta || !extb)
1065                 return 0;
1066
1067
1068         if (ASN1_OCTET_STRING_cmp(exta, extb))
1069                 return 0;
1070
1071         return 1;
1072         }
1073
1074 /* See if a base and delta are compatible */
1075
1076 static int check_delta_base(X509_CRL *delta, X509_CRL *base)
1077         {
1078         /* Delta CRL must be a delta */
1079         if (!delta->base_crl_number)
1080                         return 0;
1081         /* Base must have a CRL number */
1082         if (!base->crl_number)
1083                         return 0;
1084         /* Issuer names must match */
1085         if (X509_NAME_cmp(X509_CRL_get_issuer(base),
1086                                 X509_CRL_get_issuer(delta)))
1087                 return 0;
1088         /* AKID and IDP must match */
1089         if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1090                         return 0;
1091         if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1092                         return 0;
1093         /* Delta CRL base number must not exceed Full CRL number. */
1094         if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1095                         return 0;
1096         /* Delta CRL number must exceed full CRL number */
1097         if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1098                         return 1;
1099         return 0;
1100         }
1101
1102 /* For a given base CRL find a delta... maybe extend to delta scoring
1103  * or retrieve a chain of deltas...
1104  */
1105
1106 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1107                         X509_CRL *base, STACK_OF(X509_CRL) *crls)
1108         {
1109         X509_CRL *delta;
1110         int i;
1111         if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1112                 return;
1113         if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1114                 return;
1115         for (i = 0; i < sk_X509_CRL_num(crls); i++)
1116                 {
1117                 delta = sk_X509_CRL_value(crls, i);
1118                 if (check_delta_base(delta, base))
1119                         {
1120                         if (check_crl_time(ctx, delta, 0))
1121                                 *pscore |= CRL_SCORE_TIME_DELTA;
1122                         CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
1123                         *dcrl = delta;
1124                         return;
1125                         }
1126                 }
1127         *dcrl = NULL;
1128         }
1129
1130 /* For a given CRL return how suitable it is for the supplied certificate 'x'.
1131  * The return value is a mask of several criteria.
1132  * If the issuer is not the certificate issuer this is returned in *pissuer.
1133  * The reasons mask is also used to determine if the CRL is suitable: if
1134  * no new reasons the CRL is rejected, otherwise reasons is updated.
1135  */
1136
1137 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1138                         unsigned int *preasons,
1139                         X509_CRL *crl, X509 *x)
1140         {
1141
1142         int crl_score = 0;
1143         unsigned int tmp_reasons = *preasons, crl_reasons;
1144
1145         /* First see if we can reject CRL straight away */
1146
1147         /* Invalid IDP cannot be processed */
1148         if (crl->idp_flags & IDP_INVALID)
1149                 return 0;
1150         /* Reason codes or indirect CRLs need extended CRL support */
1151         if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1152                 {
1153                 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1154                         return 0;
1155                 }
1156         else if (crl->idp_flags & IDP_REASONS)
1157                 {
1158                 /* If no new reasons reject */
1159                 if (!(crl->idp_reasons & ~tmp_reasons))
1160                         return 0;
1161                 }
1162         /* Don't process deltas at this stage */
1163         else if (crl->base_crl_number)
1164                 return 0;
1165         /* If issuer name doesn't match certificate need indirect CRL */
1166         if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl)))
1167                 {
1168                 if (!(crl->idp_flags & IDP_INDIRECT))
1169                         return 0;
1170                 }
1171         else
1172                 crl_score |= CRL_SCORE_ISSUER_NAME;
1173
1174         if (!(crl->flags & EXFLAG_CRITICAL))
1175                 crl_score |= CRL_SCORE_NOCRITICAL;
1176
1177         /* Check expiry */
1178         if (check_crl_time(ctx, crl, 0))
1179                 crl_score |= CRL_SCORE_TIME;
1180
1181         /* Check authority key ID and locate certificate issuer */
1182         crl_akid_check(ctx, crl, pissuer, &crl_score);
1183
1184         /* If we can't locate certificate issuer at this point forget it */
1185
1186         if (!(crl_score & CRL_SCORE_AKID))
1187                 return 0;
1188
1189         /* Check cert for matching CRL distribution points */
1190
1191         if (crl_crldp_check(x, crl, crl_score, &crl_reasons))
1192                 {
1193                 /* If no new reasons reject */
1194                 if (!(crl_reasons & ~tmp_reasons))
1195                         return 0;
1196                 tmp_reasons |= crl_reasons;
1197                 crl_score |= CRL_SCORE_SCOPE;
1198                 }
1199
1200         *preasons = tmp_reasons;
1201
1202         return crl_score;
1203
1204         }
1205
1206 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1207                                 X509 **pissuer, int *pcrl_score)
1208         {
1209         X509 *crl_issuer = NULL;
1210         X509_NAME *cnm = X509_CRL_get_issuer(crl);
1211         int cidx = ctx->error_depth;
1212         int i;
1213
1214         if (cidx != sk_X509_num(ctx->chain) - 1)
1215                 cidx++;
1216
1217         crl_issuer = sk_X509_value(ctx->chain, cidx);
1218
1219         if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
1220                 {
1221                 if (*pcrl_score & CRL_SCORE_ISSUER_NAME)
1222                         {
1223                         *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT;
1224                         *pissuer = crl_issuer;
1225                         return;
1226                         }
1227                 }
1228
1229         for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
1230                 {
1231                 crl_issuer = sk_X509_value(ctx->chain, cidx);
1232                 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1233                         continue;
1234                 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
1235                         {
1236                         *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH;
1237                         *pissuer = crl_issuer;
1238                         return;
1239                         }
1240                 }
1241
1242         /* Anything else needs extended CRL support */
1243
1244         if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1245                 return;
1246
1247         /* Otherwise the CRL issuer is not on the path. Look for it in the
1248          * set of untrusted certificates.
1249          */
1250         for (i = 0; i < sk_X509_num(ctx->untrusted); i++)
1251                 {
1252                 crl_issuer = sk_X509_value(ctx->untrusted, i);
1253                 if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1254                         continue;
1255                 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
1256                         {
1257                         *pissuer = crl_issuer;
1258                         *pcrl_score |= CRL_SCORE_AKID;
1259                         return;
1260                         }
1261                 }
1262         }
1263
1264 /* Check the path of a CRL issuer certificate. This creates a new
1265  * X509_STORE_CTX and populates it with most of the parameters from the
1266  * parent. This could be optimised somewhat since a lot of path checking
1267  * will be duplicated by the parent, but this will rarely be used in 
1268  * practice.
1269  */
1270
1271 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1272         {
1273         X509_STORE_CTX crl_ctx;
1274         int ret;
1275         /* Don't allow recursive CRL path validation */
1276         if (ctx->parent)
1277                 return 0;
1278         if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1279                 return -1;
1280
1281         crl_ctx.crls = ctx->crls;
1282         /* Copy verify params across */
1283         X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1284
1285         crl_ctx.parent = ctx;
1286         crl_ctx.verify_cb = ctx->verify_cb;
1287
1288         /* Verify CRL issuer */
1289         ret = X509_verify_cert(&crl_ctx);
1290
1291         if (ret <= 0)
1292                 goto err;
1293
1294         /* Check chain is acceptable */
1295
1296         ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1297         err:
1298         X509_STORE_CTX_cleanup(&crl_ctx);
1299         return ret;
1300         }
1301
1302 /* RFC3280 says nothing about the relationship between CRL path
1303  * and certificate path, which could lead to situations where a
1304  * certificate could be revoked or validated by a CA not authorised
1305  * to do so. RFC5280 is more strict and states that the two paths must
1306  * end in the same trust anchor, though some discussions remain...
1307  * until this is resolved we use the RFC5280 version
1308  */
1309
1310 static int check_crl_chain(X509_STORE_CTX *ctx,
1311                         STACK_OF(X509) *cert_path,
1312                         STACK_OF(X509) *crl_path)
1313         {
1314         X509 *cert_ta, *crl_ta;
1315         cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1316         crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1317         if (!X509_cmp(cert_ta, crl_ta))
1318                 return 1;
1319         return 0;
1320         }
1321
1322 /* Check for match between two dist point names: three separate cases.
1323  * 1. Both are relative names and compare X509_NAME types.
1324  * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
1325  * 3. Both are full names and compare two GENERAL_NAMES.
1326  * 4. One is NULL: automatic match.
1327  */
1328
1329
1330 static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
1331         {
1332         X509_NAME *nm = NULL;
1333         GENERAL_NAMES *gens = NULL;
1334         GENERAL_NAME *gena, *genb;
1335         int i, j;
1336         if (!a || !b)
1337                 return 1;
1338         if (a->type == 1)
1339                 {
1340                 if (!a->dpname)
1341                         return 0;
1342                 /* Case 1: two X509_NAME */
1343                 if (b->type == 1)
1344                         {
1345                         if (!b->dpname)
1346                                 return 0;
1347                         if (!X509_NAME_cmp(a->dpname, b->dpname))
1348                                 return 1;
1349                         else
1350                                 return 0;
1351                         }
1352                 /* Case 2: set name and GENERAL_NAMES appropriately */
1353                 nm = a->dpname;
1354                 gens = b->name.fullname;
1355                 }
1356         else if (b->type == 1)
1357                 {
1358                 if (!b->dpname)
1359                         return 0;
1360                 /* Case 2: set name and GENERAL_NAMES appropriately */
1361                 gens = a->name.fullname;
1362                 nm = b->dpname;
1363                 }
1364
1365         /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1366         if (nm)
1367                 {
1368                 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
1369                         {
1370                         gena = sk_GENERAL_NAME_value(gens, i);  
1371                         if (gena->type != GEN_DIRNAME)
1372                                 continue;
1373                         if (!X509_NAME_cmp(nm, gena->d.directoryName))
1374                                 return 1;
1375                         }
1376                 return 0;
1377                 }
1378
1379         /* Else case 3: two GENERAL_NAMES */
1380
1381         for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++)
1382                 {
1383                 gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1384                 for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++)
1385                         {
1386                         genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1387                         if (!GENERAL_NAME_cmp(gena, genb))
1388                                 return 1;
1389                         }
1390                 }
1391
1392         return 0;
1393
1394         }
1395
1396 static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1397         {
1398         int i;
1399         X509_NAME *nm = X509_CRL_get_issuer(crl);
1400         /* If no CRLissuer return is successful iff don't need a match */
1401         if (!dp->CRLissuer)
1402                 return !!(crl_score & CRL_SCORE_ISSUER_NAME);
1403         for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
1404                 {
1405                 GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1406                 if (gen->type != GEN_DIRNAME)
1407                         continue;
1408                 if (!X509_NAME_cmp(gen->d.directoryName, nm))
1409                         return 1;
1410                 }
1411         return 0;
1412         }
1413
1414 /* Check CRLDP and IDP */
1415
1416 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1417                                 unsigned int *preasons)
1418         {
1419         int i;
1420         if (crl->idp_flags & IDP_ONLYATTR)
1421                 return 0;
1422         if (x->ex_flags & EXFLAG_CA)
1423                 {
1424                 if (crl->idp_flags & IDP_ONLYUSER)
1425                         return 0;
1426                 }
1427         else
1428                 {
1429                 if (crl->idp_flags & IDP_ONLYCA)
1430                         return 0;
1431                 }
1432         *preasons = crl->idp_reasons;
1433         for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
1434                 {
1435                 DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1436                 if (crldp_check_crlissuer(dp, crl, crl_score))
1437                         {
1438                         if (!crl->idp ||
1439                              idp_check_dp(dp->distpoint, crl->idp->distpoint))
1440                                 {
1441                                 *preasons &= dp->dp_reasons;
1442                                 return 1;
1443                                 }
1444                         }
1445                 }
1446         if ((!crl->idp || !crl->idp->distpoint) && (crl_score & CRL_SCORE_ISSUER_NAME))
1447                 return 1;
1448         return 0;
1449         }
1450
1451 /* Retrieve CRL corresponding to current certificate.
1452  * If deltas enabled try to find a delta CRL too
1453  */
1454         
1455 static int get_crl_delta(X509_STORE_CTX *ctx,
1456                                 X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1457         {
1458         int ok;
1459         X509 *issuer = NULL;
1460         int crl_score = 0;
1461         unsigned int reasons;
1462         X509_CRL *crl = NULL, *dcrl = NULL;
1463         STACK_OF(X509_CRL) *skcrl;
1464         X509_NAME *nm = X509_get_issuer_name(x);
1465         reasons = ctx->current_reasons;
1466         ok = get_crl_sk(ctx, &crl, &dcrl, 
1467                                 &issuer, &crl_score, &reasons, ctx->crls);
1468
1469         if (ok)
1470                 goto done;
1471
1472         /* Lookup CRLs from store */
1473
1474         skcrl = ctx->lookup_crls(ctx, nm);
1475
1476         /* If no CRLs found and a near match from get_crl_sk use that */
1477         if (!skcrl && crl)
1478                 goto done;
1479
1480         get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1481
1482         sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1483
1484         done:
1485
1486         /* If we got any kind of CRL use it and return success */
1487         if (crl)
1488                 {
1489                 ctx->current_issuer = issuer;
1490                 ctx->current_crl_score = crl_score;
1491                 ctx->current_reasons = reasons;
1492                 *pcrl = crl;
1493                 *pdcrl = dcrl;
1494                 return 1;
1495                 }
1496
1497         return 0;
1498         }
1499
1500 /* Check CRL validity */
1501 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1502         {
1503         X509 *issuer = NULL;
1504         EVP_PKEY *ikey = NULL;
1505         int ok = 0, chnum, cnum;
1506         cnum = ctx->error_depth;
1507         chnum = sk_X509_num(ctx->chain) - 1;
1508         /* if we have an alternative CRL issuer cert use that */
1509         if (ctx->current_issuer)
1510                 issuer = ctx->current_issuer;
1511
1512         /* Else find CRL issuer: if not last certificate then issuer
1513          * is next certificate in chain.
1514          */
1515         else if (cnum < chnum)
1516                 issuer = sk_X509_value(ctx->chain, cnum + 1);
1517         else
1518                 {
1519                 issuer = sk_X509_value(ctx->chain, chnum);
1520                 /* If not self signed, can't check signature */
1521                 if(!ctx->check_issued(ctx, issuer, issuer))
1522                         {
1523                         ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1524                         ok = ctx->verify_cb(0, ctx);
1525                         if(!ok) goto err;
1526                         }
1527                 }
1528
1529         if(issuer)
1530                 {
1531                 /* Skip most tests for deltas because they have already
1532                  * been done
1533                  */
1534                 if (!crl->base_crl_number)
1535                         {
1536                         /* Check for cRLSign bit if keyUsage present */
1537                         if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1538                                 !(issuer->ex_kusage & KU_CRL_SIGN))
1539                                 {
1540                                 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1541                                 ok = ctx->verify_cb(0, ctx);
1542                                 if(!ok) goto err;
1543                                 }
1544
1545                         if (!(ctx->current_crl_score & CRL_SCORE_SCOPE))
1546                                 {
1547                                 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1548                                 ok = ctx->verify_cb(0, ctx);
1549                                 if(!ok) goto err;
1550                                 }
1551
1552                         if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH))
1553                                 {
1554                                 if (check_crl_path(ctx, ctx->current_issuer) <= 0)
1555                                         {
1556                                         ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1557                                         ok = ctx->verify_cb(0, ctx);
1558                                         if(!ok) goto err;
1559                                         }
1560                                 }
1561
1562                         if (crl->idp_flags & IDP_INVALID)
1563                                 {
1564                                 ctx->error = X509_V_ERR_INVALID_EXTENSION;
1565                                 ok = ctx->verify_cb(0, ctx);
1566                                 if(!ok) goto err;
1567                                 }
1568
1569
1570                         }
1571
1572                 if (!(ctx->current_crl_score & CRL_SCORE_TIME))
1573                         {
1574                         ok = check_crl_time(ctx, crl, 1);
1575                         if (!ok)
1576                                 goto err;
1577                         }
1578
1579                 /* Attempt to get issuer certificate public key */
1580                 ikey = X509_get_pubkey(issuer);
1581
1582                 if(!ikey)
1583                         {
1584                         ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1585                         ok = ctx->verify_cb(0, ctx);
1586                         if (!ok) goto err;
1587                         }
1588                 else
1589                         {
1590                         int rv;
1591                         rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1592                         if (rv != X509_V_OK)
1593                                 {
1594                                 ctx->error=rv;
1595                                 ok = ctx->verify_cb(0, ctx);
1596                                 if (!ok)
1597                                         goto err;
1598                                 }
1599                         /* Verify CRL signature */
1600                         if(X509_CRL_verify(crl, ikey) <= 0)
1601                                 {
1602                                 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
1603                                 ok = ctx->verify_cb(0, ctx);
1604                                 if (!ok) goto err;
1605                                 }
1606                         }
1607                 }
1608
1609         ok = 1;
1610
1611         err:
1612         EVP_PKEY_free(ikey);
1613         return ok;
1614         }
1615
1616 /* Check certificate against CRL */
1617 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1618         {
1619         int ok;
1620         X509_REVOKED *rev;
1621         /* The rules changed for this... previously if a CRL contained
1622          * unhandled critical extensions it could still be used to indicate
1623          * a certificate was revoked. This has since been changed since 
1624          * critical extension can change the meaning of CRL entries.
1625          */
1626         if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1627                 && (crl->flags & EXFLAG_CRITICAL))
1628                 {
1629                 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1630                 ok = ctx->verify_cb(0, ctx);
1631                 if(!ok)
1632                         return 0;
1633                 }
1634         /* Look for serial number of certificate in CRL
1635          * If found make sure reason is not removeFromCRL.
1636          */
1637         if (X509_CRL_get0_by_cert(crl, &rev, x))
1638                 {
1639                 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1640                         return 2;
1641                 ctx->error = X509_V_ERR_CERT_REVOKED;
1642                 ok = ctx->verify_cb(0, ctx);
1643                 if (!ok)
1644                         return 0;
1645                 }
1646
1647         return 1;
1648         }
1649
1650 static int check_policy(X509_STORE_CTX *ctx)
1651         {
1652         int ret;
1653         if (ctx->parent)
1654                 return 1;
1655         ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1656                                 ctx->param->policies, ctx->param->flags);
1657         if (ret == 0)
1658                 {
1659                 X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);
1660                 return 0;
1661                 }
1662         /* Invalid or inconsistent extensions */
1663         if (ret == -1)
1664                 {
1665                 /* Locate certificates with bad extensions and notify
1666                  * callback.
1667                  */
1668                 X509 *x;
1669                 int i;
1670                 for (i = 1; i < sk_X509_num(ctx->chain); i++)
1671                         {
1672                         x = sk_X509_value(ctx->chain, i);
1673                         if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1674                                 continue;
1675                         ctx->current_cert = x;
1676                         ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1677                         if(!ctx->verify_cb(0, ctx))
1678                                 return 0;
1679                         }
1680                 return 1;
1681                 }
1682         if (ret == -2)
1683                 {
1684                 ctx->current_cert = NULL;
1685                 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1686                 return ctx->verify_cb(0, ctx);
1687                 }
1688
1689         if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
1690                 {
1691                 ctx->current_cert = NULL;
1692                 ctx->error = X509_V_OK;
1693                 if (!ctx->verify_cb(2, ctx))
1694                         return 0;
1695                 }
1696
1697         return 1;
1698         }
1699
1700 int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet)
1701         {
1702         time_t *ptime;
1703         int i;
1704
1705         if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1706                 ptime = &ctx->param->check_time;
1707         else
1708                 ptime = NULL;
1709
1710         i=X509_cmp_time(X509_get_notBefore(x), ptime);
1711         if (i == 0)
1712                 {
1713                 if (quiet)
1714                         return 0;
1715                 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1716                 ctx->current_cert=x;
1717                 if (!ctx->verify_cb(0, ctx))
1718                         return 0;
1719                 }
1720
1721         if (i > 0)
1722                 {
1723                 if (quiet)
1724                         return 0;
1725                 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
1726                 ctx->current_cert=x;
1727                 if (!ctx->verify_cb(0, ctx))
1728                         return 0;
1729                 }
1730
1731         i=X509_cmp_time(X509_get_notAfter(x), ptime);
1732         if (i == 0)
1733                 {
1734                 if (quiet)
1735                         return 0;
1736                 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1737                 ctx->current_cert=x;
1738                 if (!ctx->verify_cb(0, ctx))
1739                         return 0;
1740                 }
1741
1742         if (i < 0)
1743                 {
1744                 if (quiet)
1745                         return 0;
1746                 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
1747                 ctx->current_cert=x;
1748                 if (!ctx->verify_cb(0, ctx))
1749                         return 0;
1750                 }
1751
1752         return 1;
1753         }
1754
1755 static int internal_verify(X509_STORE_CTX *ctx)
1756         {
1757         int ok=0,n;
1758         X509 *xs,*xi;
1759         EVP_PKEY *pkey=NULL;
1760         int (*cb)(int xok,X509_STORE_CTX *xctx);
1761
1762         cb=ctx->verify_cb;
1763
1764         n=sk_X509_num(ctx->chain);
1765         ctx->error_depth=n-1;
1766         n--;
1767         xi=sk_X509_value(ctx->chain,n);
1768
1769         if (ctx->check_issued(ctx, xi, xi))
1770                 xs=xi;
1771         else
1772                 {
1773                 if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
1774                         {
1775                         xs = xi;
1776                         goto check_cert;
1777                         }
1778                 if (n <= 0)
1779                         {
1780                         ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1781                         ctx->current_cert=xi;
1782                         ok=cb(0,ctx);
1783                         goto end;
1784                         }
1785                 else
1786                         {
1787                         n--;
1788                         ctx->error_depth=n;
1789                         xs=sk_X509_value(ctx->chain,n);
1790                         }
1791                 }
1792
1793 /*      ctx->error=0;  not needed */
1794         while (n >= 0)
1795                 {
1796                 ctx->error_depth=n;
1797
1798                 /* Skip signature check for self signed certificates unless
1799                  * explicitly asked for. It doesn't add any security and
1800                  * just wastes time.
1801                  */
1802                 if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)))
1803                         {
1804                         if ((pkey=X509_get_pubkey(xi)) == NULL)
1805                                 {
1806                                 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1807                                 ctx->current_cert=xi;
1808                                 ok=(*cb)(0,ctx);
1809                                 if (!ok) goto end;
1810                                 }
1811                         else if (X509_verify(xs,pkey) <= 0)
1812                                 {
1813                                 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
1814                                 ctx->current_cert=xs;
1815                                 ok=(*cb)(0,ctx);
1816                                 if (!ok)
1817                                         {
1818                                         EVP_PKEY_free(pkey);
1819                                         goto end;
1820                                         }
1821                                 }
1822                         EVP_PKEY_free(pkey);
1823                         pkey=NULL;
1824                         }
1825
1826                 xs->valid = 1;
1827
1828                 check_cert:
1829                 ok = x509_check_cert_time(ctx, xs, 0);
1830                 if (!ok)
1831                         goto end;
1832
1833                 /* The last error (if any) is still in the error value */
1834                 ctx->current_issuer=xi;
1835                 ctx->current_cert=xs;
1836                 ok=(*cb)(1,ctx);
1837                 if (!ok) goto end;
1838
1839                 n--;
1840                 if (n >= 0)
1841                         {
1842                         xi=xs;
1843                         xs=sk_X509_value(ctx->chain,n);
1844                         }
1845                 }
1846         ok=1;
1847 end:
1848         return ok;
1849         }
1850
1851 int X509_cmp_current_time(const ASN1_TIME *ctm)
1852 {
1853         return X509_cmp_time(ctm, NULL);
1854 }
1855
1856 int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1857         {
1858         char *str;
1859         ASN1_TIME atm;
1860         long offset;
1861         char buff1[24],buff2[24],*p;
1862         int i,j;
1863
1864         p=buff1;
1865         i=ctm->length;
1866         str=(char *)ctm->data;
1867         if (ctm->type == V_ASN1_UTCTIME)
1868                 {
1869                 if ((i < 11) || (i > 17)) return 0;
1870                 memcpy(p,str,10);
1871                 p+=10;
1872                 str+=10;
1873                 }
1874         else
1875                 {
1876                 if (i < 13) return 0;
1877                 memcpy(p,str,12);
1878                 p+=12;
1879                 str+=12;
1880                 }
1881
1882         if ((*str == 'Z') || (*str == '-') || (*str == '+'))
1883                 { *(p++)='0'; *(p++)='0'; }
1884         else
1885                 { 
1886                 *(p++)= *(str++);
1887                 *(p++)= *(str++);
1888                 /* Skip any fractional seconds... */
1889                 if (*str == '.')
1890                         {
1891                         str++;
1892                         while ((*str >= '0') && (*str <= '9')) str++;
1893                         }
1894                 
1895                 }
1896         *(p++)='Z';
1897         *(p++)='\0';
1898
1899         if (*str == 'Z')
1900                 offset=0;
1901         else
1902                 {
1903                 if ((*str != '+') && (*str != '-'))
1904                         return 0;
1905                 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
1906                 offset+=(str[3]-'0')*10+(str[4]-'0');
1907                 if (*str == '-')
1908                         offset= -offset;
1909                 }
1910         atm.type=ctm->type;
1911         atm.flags = 0;
1912         atm.length=sizeof(buff2);
1913         atm.data=(unsigned char *)buff2;
1914
1915         if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
1916                 return 0;
1917
1918         if (ctm->type == V_ASN1_UTCTIME)
1919                 {
1920                 i=(buff1[0]-'0')*10+(buff1[1]-'0');
1921                 if (i < 50) i+=100; /* cf. RFC 2459 */
1922                 j=(buff2[0]-'0')*10+(buff2[1]-'0');
1923                 if (j < 50) j+=100;
1924
1925                 if (i < j) return -1;
1926                 if (i > j) return 1;
1927                 }
1928         i=strcmp(buff1,buff2);
1929         if (i == 0) /* wait a second then return younger :-) */
1930                 return -1;
1931         else
1932                 return i;
1933         }
1934
1935 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
1936 {
1937         return X509_time_adj(s, adj, NULL);
1938 }
1939
1940 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
1941         {
1942         return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1943         }
1944
1945 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
1946                                 int offset_day, long offset_sec, time_t *in_tm)
1947         {
1948         time_t t;
1949
1950         if (in_tm) t = *in_tm;
1951         else time(&t);
1952
1953         if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING))
1954                 {
1955                 if (s->type == V_ASN1_UTCTIME)
1956                         return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec);
1957                 if (s->type == V_ASN1_GENERALIZEDTIME)
1958                         return ASN1_GENERALIZEDTIME_adj(s, t, offset_day,
1959                                                                 offset_sec);
1960                 }
1961         return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1962         }
1963
1964 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
1965         {
1966         EVP_PKEY *ktmp=NULL,*ktmp2;
1967         int i,j;
1968
1969         if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
1970
1971         for (i=0; i<sk_X509_num(chain); i++)
1972                 {
1973                 ktmp=X509_get_pubkey(sk_X509_value(chain,i));
1974                 if (ktmp == NULL)
1975                         {
1976                         X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
1977                         return 0;
1978                         }
1979                 if (!EVP_PKEY_missing_parameters(ktmp))
1980                         break;
1981                 else
1982                         {
1983                         EVP_PKEY_free(ktmp);
1984                         ktmp=NULL;
1985                         }
1986                 }
1987         if (ktmp == NULL)
1988                 {
1989                 X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
1990                 return 0;
1991                 }
1992
1993         /* first, populate the other certs */
1994         for (j=i-1; j >= 0; j--)
1995                 {
1996                 ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
1997                 EVP_PKEY_copy_parameters(ktmp2,ktmp);
1998                 EVP_PKEY_free(ktmp2);
1999                 }
2000         
2001         if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
2002         EVP_PKEY_free(ktmp);
2003         return 1;
2004         }
2005
2006 /* Make a delta CRL as the diff between two full CRLs */
2007
2008 X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
2009                         EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
2010         {
2011         X509_CRL *crl = NULL;
2012         int i;
2013         STACK_OF(X509_REVOKED) *revs = NULL;
2014         /* CRLs can't be delta already */
2015         if (base->base_crl_number || newer->base_crl_number)
2016                         {
2017                         X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_ALREADY_DELTA);
2018                         return NULL;
2019                         }
2020         /* Base and new CRL must have a CRL number */
2021         if (!base->crl_number || !newer->crl_number)
2022                         {
2023                         X509err(X509_F_X509_CRL_DIFF, X509_R_NO_CRL_NUMBER);
2024                         return NULL;
2025                         }
2026         /* Issuer names must match */
2027         if (X509_NAME_cmp(X509_CRL_get_issuer(base),
2028                                 X509_CRL_get_issuer(newer)))
2029                         {
2030                         X509err(X509_F_X509_CRL_DIFF, X509_R_ISSUER_MISMATCH);
2031                         return NULL;
2032                         }
2033         /* AKID and IDP must match */
2034         if (!crl_extension_match(base, newer, NID_authority_key_identifier))
2035                         {
2036                         X509err(X509_F_X509_CRL_DIFF, X509_R_AKID_MISMATCH);
2037                         return NULL;
2038                         }
2039         if (!crl_extension_match(base, newer, NID_issuing_distribution_point))
2040                         {
2041                         X509err(X509_F_X509_CRL_DIFF, X509_R_IDP_MISMATCH);
2042                         return NULL;
2043                         }
2044         /* Newer CRL number must exceed full CRL number */
2045         if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0)
2046                         {
2047                         X509err(X509_F_X509_CRL_DIFF, X509_R_NEWER_CRL_NOT_NEWER);
2048                         return NULL;
2049                         }
2050         /* CRLs must verify */
2051         if (skey && (X509_CRL_verify(base, skey) <= 0 ||
2052                         X509_CRL_verify(newer, skey) <= 0))
2053                 {
2054                 X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_VERIFY_FAILURE);
2055                 return NULL;
2056                 }
2057         /* Create new CRL */
2058         crl = X509_CRL_new();
2059         if (!crl || !X509_CRL_set_version(crl, 1))
2060                 goto memerr;
2061         /* Set issuer name */
2062         if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2063                 goto memerr;
2064
2065         if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
2066                 goto memerr;
2067         if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
2068                 goto memerr;
2069
2070         /* Set base CRL number: must be critical */
2071
2072         if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
2073                 goto memerr;
2074
2075         /* Copy extensions across from newest CRL to delta: this will set
2076          * CRL number to correct value too.
2077          */
2078
2079         for (i = 0; i < X509_CRL_get_ext_count(newer); i++)
2080                 {
2081                 X509_EXTENSION *ext;
2082                 ext = X509_CRL_get_ext(newer, i);
2083                 if (!X509_CRL_add_ext(crl, ext, -1))
2084                         goto memerr;
2085                 }
2086
2087         /* Go through revoked entries, copying as needed */
2088
2089         revs = X509_CRL_get_REVOKED(newer);
2090
2091         for (i = 0; i < sk_X509_REVOKED_num(revs); i++)
2092                 {
2093                 X509_REVOKED *rvn, *rvtmp;
2094                 rvn = sk_X509_REVOKED_value(revs, i);
2095                 /* Add only if not also in base.
2096                  * TODO: need something cleverer here for some more complex
2097                  * CRLs covering multiple CAs.
2098                  */
2099                 if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber))
2100                         {
2101                         rvtmp = X509_REVOKED_dup(rvn);
2102                         if (!rvtmp)
2103                                 goto memerr;
2104                         if (!X509_CRL_add0_revoked(crl, rvtmp))
2105                                 {
2106                                 X509_REVOKED_free(rvtmp);
2107                                 goto memerr;
2108                                 }
2109                         }
2110                 }
2111         /* TODO: optionally prune deleted entries */
2112
2113         if (skey && md && !X509_CRL_sign(crl, skey, md))
2114                 goto memerr;
2115         
2116         return crl;
2117
2118         memerr:
2119         X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
2120         if (crl)
2121                 X509_CRL_free(crl);
2122         return NULL;
2123         }
2124
2125 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2126              CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2127         {
2128         /* This function is (usually) called only once, by
2129          * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
2130         return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
2131                         new_func, dup_func, free_func);
2132         }
2133
2134 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
2135         {
2136         return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
2137         }
2138
2139 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
2140         {
2141         return CRYPTO_get_ex_data(&ctx->ex_data,idx);
2142         }
2143
2144 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2145         {
2146         return ctx->error;
2147         }
2148
2149 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
2150         {
2151         ctx->error=err;
2152         }
2153
2154 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2155         {
2156         return ctx->error_depth;
2157         }
2158
2159 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
2160         {
2161         return ctx->current_cert;
2162         }
2163
2164 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
2165         {
2166         return ctx->chain;
2167         }
2168
2169 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
2170         {
2171         if (!ctx->chain)
2172                 return NULL;
2173         return X509_chain_up_ref(ctx->chain);
2174         }
2175
2176 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
2177         {
2178         return ctx->current_issuer;
2179         }
2180
2181 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
2182         {
2183         return ctx->current_crl;
2184         }
2185
2186 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
2187         {
2188         return ctx->parent;
2189         }
2190
2191 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
2192         {
2193         ctx->cert=x;
2194         }
2195
2196 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2197         {
2198         ctx->untrusted=sk;
2199         }
2200
2201 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
2202         {
2203         ctx->crls=sk;
2204         }
2205
2206 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
2207         {
2208         return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2209         }
2210
2211 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
2212         {
2213         return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2214         }
2215
2216 /* This function is used to set the X509_STORE_CTX purpose and trust
2217  * values. This is intended to be used when another structure has its
2218  * own trust and purpose values which (if set) will be inherited by
2219  * the ctx. If they aren't set then we will usually have a default
2220  * purpose in mind which should then be used to set the trust value.
2221  * An example of this is SSL use: an SSL structure will have its own
2222  * purpose and trust settings which the application can set: if they
2223  * aren't set then we use the default of SSL client/server.
2224  */
2225
2226 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2227                                 int purpose, int trust)
2228 {
2229         int idx;
2230         /* If purpose not set use default */
2231         if (!purpose) purpose = def_purpose;
2232         /* If we have a purpose then check it is valid */
2233         if (purpose)
2234                 {
2235                 X509_PURPOSE *ptmp;
2236                 idx = X509_PURPOSE_get_by_id(purpose);
2237                 if (idx == -1)
2238                         {
2239                         X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
2240                                                 X509_R_UNKNOWN_PURPOSE_ID);
2241                         return 0;
2242                         }
2243                 ptmp = X509_PURPOSE_get0(idx);
2244                 if (ptmp->trust == X509_TRUST_DEFAULT)
2245                         {
2246                         idx = X509_PURPOSE_get_by_id(def_purpose);
2247                         if (idx == -1)
2248                                 {
2249                                 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
2250                                                 X509_R_UNKNOWN_PURPOSE_ID);
2251                                 return 0;
2252                                 }
2253                         ptmp = X509_PURPOSE_get0(idx);
2254                         }
2255                 /* If trust not set then get from purpose default */
2256                 if (!trust) trust = ptmp->trust;
2257                 }
2258         if (trust)
2259                 {
2260                 idx = X509_TRUST_get_by_id(trust);
2261                 if (idx == -1)
2262                         {
2263                         X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
2264                                                 X509_R_UNKNOWN_TRUST_ID);
2265                         return 0;
2266                         }
2267                 }
2268
2269         if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;
2270         if (trust && !ctx->param->trust) ctx->param->trust = trust;
2271         return 1;
2272 }
2273
2274 X509_STORE_CTX *X509_STORE_CTX_new(void)
2275 {
2276         X509_STORE_CTX *ctx;
2277         ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2278         if (!ctx)
2279                 {
2280                 X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
2281                 return NULL;
2282                 }
2283         memset(ctx, 0, sizeof(X509_STORE_CTX));
2284         return ctx;
2285 }
2286
2287 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2288 {
2289         X509_STORE_CTX_cleanup(ctx);
2290         OPENSSL_free(ctx);
2291 }
2292
2293 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2294              STACK_OF(X509) *chain)
2295         {
2296         int ret = 1;
2297         ctx->ctx=store;
2298         ctx->current_method=0;
2299         ctx->cert=x509;
2300         ctx->untrusted=chain;
2301         ctx->crls = NULL;
2302         ctx->last_untrusted=0;
2303         ctx->other_ctx=NULL;
2304         ctx->valid=0;
2305         ctx->chain=NULL;
2306         ctx->error=0;
2307         ctx->explicit_policy=0;
2308         ctx->error_depth=0;
2309         ctx->current_cert=NULL;
2310         ctx->current_issuer=NULL;
2311         ctx->current_crl=NULL;
2312         ctx->current_crl_score=0;
2313         ctx->current_reasons=0;
2314         ctx->tree = NULL;
2315         ctx->parent = NULL;
2316
2317         ctx->param = X509_VERIFY_PARAM_new();
2318
2319         if (!ctx->param)
2320                 {
2321                 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
2322                 return 0;
2323                 }
2324
2325         /* Inherit callbacks and flags from X509_STORE if not set
2326          * use defaults.
2327          */
2328
2329
2330         if (store)
2331                 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2332         else
2333                 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
2334
2335         if (store)
2336                 {
2337                 ctx->verify_cb = store->verify_cb;
2338                 ctx->cleanup = store->cleanup;
2339                 }
2340         else
2341                 ctx->cleanup = 0;
2342
2343         if (ret)
2344                 ret = X509_VERIFY_PARAM_inherit(ctx->param,
2345                                         X509_VERIFY_PARAM_lookup("default"));
2346
2347         if (ret == 0)
2348                 {
2349                 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
2350                 return 0;
2351                 }
2352
2353         if (store && store->check_issued)
2354                 ctx->check_issued = store->check_issued;
2355         else
2356                 ctx->check_issued = check_issued;
2357
2358         if (store && store->get_issuer)
2359                 ctx->get_issuer = store->get_issuer;
2360         else
2361                 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2362
2363         if (store && store->verify_cb)
2364                 ctx->verify_cb = store->verify_cb;
2365         else
2366                 ctx->verify_cb = null_callback;
2367
2368         if (store && store->verify)
2369                 ctx->verify = store->verify;
2370         else
2371                 ctx->verify = internal_verify;
2372
2373         if (store && store->check_revocation)
2374                 ctx->check_revocation = store->check_revocation;
2375         else
2376                 ctx->check_revocation = check_revocation;
2377
2378         if (store && store->get_crl)
2379                 ctx->get_crl = store->get_crl;
2380         else
2381                 ctx->get_crl = NULL;
2382
2383         if (store && store->check_crl)
2384                 ctx->check_crl = store->check_crl;
2385         else
2386                 ctx->check_crl = check_crl;
2387
2388         if (store && store->cert_crl)
2389                 ctx->cert_crl = store->cert_crl;
2390         else
2391                 ctx->cert_crl = cert_crl;
2392
2393         if (store && store->lookup_certs)
2394                 ctx->lookup_certs = store->lookup_certs;
2395         else
2396                 ctx->lookup_certs = X509_STORE_get1_certs;
2397
2398         if (store && store->lookup_crls)
2399                 ctx->lookup_crls = store->lookup_crls;
2400         else
2401                 ctx->lookup_crls = X509_STORE_get1_crls;
2402
2403         ctx->check_policy = check_policy;
2404
2405
2406         /* This memset() can't make any sense anyway, so it's removed. As
2407          * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
2408          * corresponding "new" here and remove this bogus initialisation. */
2409         /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
2410         if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
2411                                 &(ctx->ex_data)))
2412                 {
2413                 OPENSSL_free(ctx);
2414                 X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
2415                 return 0;
2416                 }
2417         return 1;
2418         }
2419
2420 /* Set alternative lookup method: just a STACK of trusted certificates.
2421  * This avoids X509_STORE nastiness where it isn't needed.
2422  */
2423
2424 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2425 {
2426         ctx->other_ctx = sk;
2427         ctx->get_issuer = get_issuer_sk;
2428 }
2429
2430 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2431         {
2432         if (ctx->cleanup) ctx->cleanup(ctx);
2433         if (ctx->param != NULL)
2434                 {
2435                 if (ctx->parent == NULL)
2436                         X509_VERIFY_PARAM_free(ctx->param);
2437                 ctx->param=NULL;
2438                 }
2439         if (ctx->tree != NULL)
2440                 {
2441                 X509_policy_tree_free(ctx->tree);
2442                 ctx->tree=NULL;
2443                 }
2444         if (ctx->chain != NULL)
2445                 {
2446                 sk_X509_pop_free(ctx->chain,X509_free);
2447                 ctx->chain=NULL;
2448                 }
2449         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
2450         memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
2451         }
2452
2453 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2454         {
2455         X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2456         }
2457
2458 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2459         {
2460         X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2461         }
2462
2463 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
2464         {
2465         X509_VERIFY_PARAM_set_time(ctx->param, t);
2466         }
2467
2468 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2469                                   int (*verify_cb)(int, X509_STORE_CTX *))
2470         {
2471         ctx->verify_cb=verify_cb;
2472         }
2473
2474 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2475         {
2476         return ctx->tree;
2477         }
2478
2479 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2480         {
2481         return ctx->explicit_policy;
2482         }
2483
2484 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2485         {
2486         const X509_VERIFY_PARAM *param;
2487         param = X509_VERIFY_PARAM_lookup(name);
2488         if (!param)
2489                 return 0;
2490         return X509_VERIFY_PARAM_inherit(ctx->param, param);
2491         }
2492
2493 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2494         {
2495         return ctx->param;
2496         }
2497
2498 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2499         {
2500         if (ctx->param)
2501                 X509_VERIFY_PARAM_free(ctx->param);
2502         ctx->param = param;
2503         }
2504
2505 IMPLEMENT_STACK_OF(X509)
2506 IMPLEMENT_ASN1_SET_OF(X509)
2507
2508 IMPLEMENT_STACK_OF(X509_NAME)
2509
2510 IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
2511 IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)