static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_name_constraints(X509_STORE_CTX *ctx);
static int check_trust(X509_STORE_CTX *ctx);
static int check_revocation(X509_STORE_CTX *ctx);
static int check_cert(X509_STORE_CTX *ctx);
static int check_policy(X509_STORE_CTX *ctx);
static int crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer);
-static int idp_check_scope(X509 *x, X509_CRL *crl);
+static int idp_check_scope(X509 *x, X509_CRL *crl, int *pimatch);
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
+static int check_crl_chain(X509_STORE_CTX *ctx,
+ STACK_OF(X509) *cert_path,
+ STACK_OF(X509) *crl_path);
static int internal_verify(X509_STORE_CTX *ctx);
const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
if (!ok) goto end;
+ /* Check name constraints */
+
+ ok = check_name_constraints(ctx);
+
+ if (!ok) goto end;
+
/* The chain extensions are OK: check trust */
if (param->trust > 0) ok = check_trust(ctx);
X509 *x;
int (*cb)(int xok,X509_STORE_CTX *xctx);
int proxy_path_length = 0;
- int allow_proxy_certs =
- !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+ int purpose;
+ int allow_proxy_certs;
cb=ctx->verify_cb;
/* must_be_ca can have 1 of 3 values:
*/
must_be_ca = -1;
- /* A hack to keep people who don't want to modify their software
- happy */
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
- allow_proxy_certs = 1;
+ /* CRL path validation */
+ if (ctx->parent)
+ {
+ allow_proxy_certs = 0;
+ purpose = X509_PURPOSE_CRL_SIGN;
+ }
+ else
+ {
+ allow_proxy_certs =
+ !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+ /* A hack to keep people who don't want to modify their
+ software happy */
+ if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ allow_proxy_certs = 1;
+ purpose = ctx->param->purpose;
+ }
/* Check all untrusted certificates */
for (i = 0; i < ctx->last_untrusted; i++)
}
if (ctx->param->purpose > 0)
{
- ret = X509_check_purpose(x, ctx->param->purpose,
- must_be_ca > 0);
+ ret = X509_check_purpose(x, purpose, must_be_ca > 0);
if ((ret == 0)
|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
&& (ret != 1)))
#endif
}
+static int check_name_constraints(X509_STORE_CTX *ctx)
+ {
+ X509 *x;
+ int i, j, rv;
+ /* Check name constraints for all certificates */
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ {
+ x = sk_X509_value(ctx->chain, i);
+ /* Ignore self issued certs unless last in chain */
+ if (i && (x->ex_flags & EXFLAG_SI))
+ continue;
+ /* Check against constraints for all certificates higher in
+ * chain including trust anchor. Trust anchor not strictly
+ * speaking needed but if it includes constraints it is to be
+ * assumed it expects them to be obeyed.
+ */
+ for (j = sk_X509_num(ctx->chain) - 1; j > i; j--)
+ {
+ NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+ if (nc)
+ {
+ rv = NAME_CONSTRAINTS_check(x, nc);
+ if (rv != X509_V_OK)
+ {
+ ctx->error = rv;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ if (!ctx->verify_cb(0,ctx))
+ return 0;
+ }
+ }
+ }
+ }
+ return 1;
+ }
+
static int check_trust(X509_STORE_CTX *ctx)
{
#ifdef OPENSSL_NO_CHAIN_VERIFY
/* IDP flags which cause a CRL to be rejected */
-#define IDP_REJECT (IDP_INVALID|IDP_INDIRECT|IDP_REASONS)
+#define IDP_REJECT (IDP_INVALID|IDP_REASONS)
static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
X509_NAME *nm, STACK_OF(X509_CRL) *crls)
X509 *crl_issuer, *best_crl_issuer = NULL;
for (i = 0; i < sk_X509_CRL_num(crls); i++)
{
+ int imatch = 1;
crl_score = 0;
crl_issuer = NULL;
crl = sk_X509_CRL_value(crls, i);
if (nm && X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
- continue;
+ {
+ /* Issuer name does not match: could be indirect */
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+ continue;
+ if (!(crl->idp_flags & IDP_INDIRECT))
+ continue;
+ imatch = 0;
+ }
if (check_crl_time(ctx, crl, 0))
crl_score |= CRL_SCORE_TIME;
{
if (crl->idp_flags & IDP_REJECT)
continue;
- if (idp_check_scope(ctx->current_cert, crl))
+ if (idp_check_scope(ctx->current_cert, crl, &imatch))
crl_score |= CRL_SCORE_SCOPE;
}
else
crl_score |= CRL_SCORE_SCOPE;
+ /* If no issuer match at this point try next CRL */
+ if (!imatch)
+ continue;
+
if (crl_akid_check(ctx, crl, &crl_issuer))
crl_score |= CRL_SCORE_AKID;
/* If CRL matches criteria and issuer is not different use it */
static int crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer)
{
X509 *crl_issuer;
+ X509_NAME *cnm = X509_CRL_get_issuer(crl);
int cidx = ctx->error_depth;
+ int i;
if (!crl->akid)
return 1;
if (cidx != sk_X509_num(ctx->chain) - 1)
crl_issuer = sk_X509_value(ctx->chain, cidx);
if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
return 1;
- /* If crl_issuer is self issued we may get a match further along the
- * chain.
+ for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
+ {
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+ continue;
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
+ {
+ *pissuer = crl_issuer;
+ return 1;
+ }
+ }
+
+ /* Anything else needs extended CRL support */
+
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+ return 0;
+
+ /* Otherwise the CRL issuer is not on the path. Look for it in the
+ * set of untrusted certificates.
*/
- if (crl_issuer->ex_flags & EXFLAG_SI)
+ for (i = 0; i < sk_X509_num(ctx->untrusted); i++)
{
- for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
+ crl_issuer = sk_X509_value(ctx->untrusted, i);
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer),
+ X509_CRL_get_issuer(crl)))
+ continue;
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
{
- crl_issuer = sk_X509_value(ctx->chain, cidx);
- if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
+ if (check_crl_path(ctx, crl_issuer))
{
*pissuer = crl_issuer;
return 1;
}
- if (!(crl_issuer->ex_flags & EXFLAG_SI))
- break;
}
}
-
+
+ return 0;
+ }
+
+/* Check the path of a CRL issuer certificate. This creates a new
+ * X509_STORE_CTX and populates it with most of the parameters from the
+ * parent. This could be optimised somewhat since a lot of path checking
+ * will be duplicated by the parent, but this will rarely be used in
+ * practice.
+ */
+
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
+ {
+ X509_STORE_CTX crl_ctx;
+ int ret;
+ if (ctx->parent)
+ return 0;
+ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+ return -1;
+
+ crl_ctx.crls = ctx->crls;
+ /* Copy verify params across */
+ X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
+
+ crl_ctx.parent = ctx;
+ crl_ctx.verify_cb = ctx->verify_cb;
+
+ /* Verify CRL issuer */
+ ret = X509_verify_cert(&crl_ctx);
+
+ /* Maybe send path check result back to parent? */
+ if (!ret)
+ goto err;
+
+ /* Check chain is acceptable */
+
+ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
+
+ err:
+ X509_STORE_CTX_cleanup(&crl_ctx);
+ return ret;
+ }
+
+/* RFC3280 says nothing about the relationship between CRL path
+ * and certificate path, which could lead to situations where a
+ * certificate could be revoked or validated by a CA not authorised
+ * to do so. RFC5280 is more strict and states that the two paths must
+ * end in the same trust anchor, though some discussions remain...
+ * until this is resolved we use the RFC5280 version
+ */
+
+static int check_crl_chain(X509_STORE_CTX *ctx,
+ STACK_OF(X509) *cert_path,
+ STACK_OF(X509) *crl_path)
+ {
+ X509 *cert_ta, *crl_ta;
+ cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
+ crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
+ if (!X509_cmp(cert_ta, crl_ta))
+ return 1;
return 0;
}
* 1. Both are relative names and compare X509_NAME types.
* 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
* 3. Both are full names and compare two GENERAL_NAMES.
+ * 4. One is NULL: automatic match.
*/
GENERAL_NAMES *gens = NULL;
GENERAL_NAME *gena, *genb;
int i, j;
+ if (!a || !b)
+ return 1;
if (a->type == 1)
{
if (!a->dpname)
}
+static int idp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int *pimatch)
+ {
+ int i;
+ X509_NAME *nm = X509_CRL_get_issuer(crl);
+ /* If no CRLissuer return is successful iff don't need a match */
+ if (!dp->CRLissuer)
+ return *pimatch;
+ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
+ {
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+ if (gen->type != GEN_DIRNAME)
+ continue;
+ if (!X509_NAME_cmp(gen->d.directoryName, nm))
+ {
+ *pimatch = 1;
+ return 1;
+ }
+ }
+ return 0;
+ }
+
/* Check IDP name matches at least one CRLDP name */
-static int idp_check_scope(X509 *x, X509_CRL *crl)
+static int idp_check_scope(X509 *x, X509_CRL *crl, int *pimatch)
{
int i;
if (crl->idp_flags & IDP_ONLYATTR)
if (crl->idp_flags & IDP_ONLYCA)
return 0;
}
- if (!crl->idp->distpoint)
+ if (!crl->idp->distpoint && *pimatch)
return 1;
- if (!x->crldp)
- return 0;
for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
{
DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
/* We don't handle these at present */
- if (dp->reasons || dp->CRLissuer)
+ if (dp->reasons)
continue;
if (idp_check_dp(dp->distpoint, crl->idp->distpoint))
- return 1;
+ {
+ if (idp_check_crlissuer(dp, crl, pimatch))
+ return 1;
+ }
}
return 0;
}
if (crl->idp_flags & IDP_PRESENT)
{
+ int dmy = 1;
if (crl->idp_flags & IDP_INVALID)
{
ctx->error = X509_V_ERR_INVALID_EXTENSION;
ok = ctx->verify_cb(0, ctx);
if(!ok) goto err;
}
- if (crl->idp_flags & (IDP_REASONS|IDP_INDIRECT))
+ if (crl->idp_flags & IDP_REASONS)
{
ctx->error = X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE;
ok = ctx->verify_cb(0, ctx);
if(!ok) goto err;
}
- if (!idp_check_scope(ctx->current_cert, crl))
+ if (!idp_check_scope(ctx->current_cert, crl, &dmy))
{
ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
ok = ctx->verify_cb(0, ctx);
* If found assume revoked: want something cleverer than
* this to handle entry extensions in V2 CRLs.
*/
- if (X509_CRL_get0_by_serial(crl, NULL, X509_get_serialNumber(x)) > 0)
+ if (X509_CRL_get0_by_cert(crl, NULL, x) > 0)
{
ctx->error = X509_V_ERR_CERT_REVOKED;
ok = ctx->verify_cb(0, ctx);
static int check_policy(X509_STORE_CTX *ctx)
{
int ret;
+ if (ctx->parent)
+ return 1;
ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
ctx->param->policies, ctx->param->flags);
if (ret == 0)
continue;
ctx->current_cert = x;
ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
- ret = ctx->verify_cb(0, ctx);
+ if(!ctx->verify_cb(0, ctx))
+ return 0;
}
return 1;
}
ctx->current_cert=NULL;
ctx->current_issuer=NULL;
ctx->tree = NULL;
+ ctx->parent = NULL;
ctx->param = X509_VERIFY_PARAM_new();
if (ctx->cleanup) ctx->cleanup(ctx);
if (ctx->param != NULL)
{
- X509_VERIFY_PARAM_free(ctx->param);
+ if (ctx->parent == NULL)
+ X509_VERIFY_PARAM_free(ctx->param);
ctx->param=NULL;
}
if (ctx->tree != NULL)