x509_trust.c 8.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297
  1. /*
  2. * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/x509v3.h>
  12. #include "crypto/x509.h"
  13. static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
  14. static void trtable_free(X509_TRUST *p);
  15. static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
  16. static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
  17. static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
  18. static int obj_trust(int id, X509 *x, int flags);
  19. static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
  20. /*
  21. * WARNING: the following table should be kept in order of trust and without
  22. * any gaps so we can just subtract the minimum trust value to get an index
  23. * into the table
  24. */
  25. static X509_TRUST trstandard[] = {
  26. {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
  27. {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth,
  28. NULL},
  29. {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth,
  30. NULL},
  31. {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect,
  32. NULL},
  33. {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign,
  34. NULL},
  35. {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign,
  36. NULL},
  37. {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP,
  38. NULL},
  39. {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
  40. };
  41. #define X509_TRUST_COUNT OSSL_NELEM(trstandard)
  42. static STACK_OF(X509_TRUST) *trtable = NULL;
  43. static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b)
  44. {
  45. return (*a)->trust - (*b)->trust;
  46. }
  47. int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
  48. int) {
  49. int (*oldtrust) (int, X509 *, int);
  50. oldtrust = default_trust;
  51. default_trust = trust;
  52. return oldtrust;
  53. }
  54. /* Returns X509_TRUST_TRUSTED, X509_TRUST_REJECTED, or X509_TRUST_UNTRUSTED */
  55. int X509_check_trust(X509 *x, int id, int flags)
  56. {
  57. X509_TRUST *pt;
  58. int idx;
  59. /* We get this as a default value */
  60. if (id == X509_TRUST_DEFAULT)
  61. return obj_trust(NID_anyExtendedKeyUsage, x,
  62. flags | X509_TRUST_DO_SS_COMPAT);
  63. idx = X509_TRUST_get_by_id(id);
  64. if (idx < 0)
  65. return default_trust(id, x, flags);
  66. pt = X509_TRUST_get0(idx);
  67. return pt->check_trust(pt, x, flags);
  68. }
  69. int X509_TRUST_get_count(void)
  70. {
  71. if (!trtable)
  72. return X509_TRUST_COUNT;
  73. return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
  74. }
  75. X509_TRUST *X509_TRUST_get0(int idx)
  76. {
  77. if (idx < 0)
  78. return NULL;
  79. if (idx < (int)X509_TRUST_COUNT)
  80. return trstandard + idx;
  81. return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
  82. }
  83. int X509_TRUST_get_by_id(int id)
  84. {
  85. X509_TRUST tmp;
  86. int idx;
  87. if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
  88. return id - X509_TRUST_MIN;
  89. if (trtable == NULL)
  90. return -1;
  91. tmp.trust = id;
  92. idx = sk_X509_TRUST_find(trtable, &tmp);
  93. if (idx < 0)
  94. return -1;
  95. return idx + X509_TRUST_COUNT;
  96. }
  97. int X509_TRUST_set(int *t, int trust)
  98. {
  99. if (X509_TRUST_get_by_id(trust) < 0) {
  100. ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST);
  101. return 0;
  102. }
  103. *t = trust;
  104. return 1;
  105. }
  106. int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
  107. const char *name, int arg1, void *arg2)
  108. {
  109. int idx;
  110. X509_TRUST *trtmp;
  111. /*
  112. * This is set according to what we change: application can't set it
  113. */
  114. flags &= ~X509_TRUST_DYNAMIC;
  115. /* This will always be set for application modified trust entries */
  116. flags |= X509_TRUST_DYNAMIC_NAME;
  117. /* Get existing entry if any */
  118. idx = X509_TRUST_get_by_id(id);
  119. /* Need a new entry */
  120. if (idx < 0) {
  121. if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL)
  122. return 0;
  123. trtmp->flags = X509_TRUST_DYNAMIC;
  124. } else
  125. trtmp = X509_TRUST_get0(idx);
  126. /* OPENSSL_free existing name if dynamic */
  127. if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
  128. OPENSSL_free(trtmp->name);
  129. /* dup supplied name */
  130. if ((trtmp->name = OPENSSL_strdup(name)) == NULL)
  131. goto err;
  132. /* Keep the dynamic flag of existing entry */
  133. trtmp->flags &= X509_TRUST_DYNAMIC;
  134. /* Set all other flags */
  135. trtmp->flags |= flags;
  136. trtmp->trust = id;
  137. trtmp->check_trust = ck;
  138. trtmp->arg1 = arg1;
  139. trtmp->arg2 = arg2;
  140. /* If its a new entry manage the dynamic table */
  141. if (idx < 0) {
  142. if (trtable == NULL
  143. && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
  144. ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB);
  145. goto err;
  146. }
  147. if (!sk_X509_TRUST_push(trtable, trtmp)) {
  148. ERR_raise(ERR_LIB_X509, ERR_R_CRYPTO_LIB);
  149. goto err;
  150. }
  151. }
  152. return 1;
  153. err:
  154. if (idx < 0) {
  155. OPENSSL_free(trtmp->name);
  156. OPENSSL_free(trtmp);
  157. }
  158. return 0;
  159. }
  160. static void trtable_free(X509_TRUST *p)
  161. {
  162. if (p == NULL)
  163. return;
  164. if (p->flags & X509_TRUST_DYNAMIC) {
  165. if (p->flags & X509_TRUST_DYNAMIC_NAME)
  166. OPENSSL_free(p->name);
  167. OPENSSL_free(p);
  168. }
  169. }
  170. void X509_TRUST_cleanup(void)
  171. {
  172. sk_X509_TRUST_pop_free(trtable, trtable_free);
  173. trtable = NULL;
  174. }
  175. int X509_TRUST_get_flags(const X509_TRUST *xp)
  176. {
  177. return xp->flags;
  178. }
  179. char *X509_TRUST_get0_name(const X509_TRUST *xp)
  180. {
  181. return xp->name;
  182. }
  183. int X509_TRUST_get_trust(const X509_TRUST *xp)
  184. {
  185. return xp->trust;
  186. }
  187. static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
  188. {
  189. /*
  190. * Declare the chain verified if the desired trust OID is not rejected in
  191. * any auxiliary trust info for this certificate, and the OID is either
  192. * expressly trusted, or else either "anyEKU" is trusted, or the
  193. * certificate is self-signed and X509_TRUST_NO_SS_COMPAT is not set.
  194. */
  195. flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU;
  196. return obj_trust(trust->arg1, x, flags);
  197. }
  198. static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
  199. {
  200. /*
  201. * Declare the chain verified only if the desired trust OID is not
  202. * rejected and is expressly trusted. Neither "anyEKU" nor "compat"
  203. * trust in self-signed certificates apply.
  204. */
  205. flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU);
  206. return obj_trust(trust->arg1, x, flags);
  207. }
  208. static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
  209. {
  210. /* Call for side-effect of setting EXFLAG_SS for self-signed-certs */
  211. if (X509_check_purpose(x, -1, 0) != 1)
  212. return X509_TRUST_UNTRUSTED;
  213. if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && (x->ex_flags & EXFLAG_SS))
  214. return X509_TRUST_TRUSTED;
  215. else
  216. return X509_TRUST_UNTRUSTED;
  217. }
  218. static int obj_trust(int id, X509 *x, int flags)
  219. {
  220. X509_CERT_AUX *ax = x->aux;
  221. int i;
  222. if (ax != NULL && ax->reject != NULL) {
  223. for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
  224. ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i);
  225. int nid = OBJ_obj2nid(obj);
  226. if (nid == id || (nid == NID_anyExtendedKeyUsage &&
  227. (flags & X509_TRUST_OK_ANY_EKU)))
  228. return X509_TRUST_REJECTED;
  229. }
  230. }
  231. if (ax != NULL && ax->trust != NULL) {
  232. for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
  233. ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i);
  234. int nid = OBJ_obj2nid(obj);
  235. if (nid == id || (nid == NID_anyExtendedKeyUsage &&
  236. (flags & X509_TRUST_OK_ANY_EKU)))
  237. return X509_TRUST_TRUSTED;
  238. }
  239. /*
  240. * Reject when explicit trust EKU are set and none match.
  241. *
  242. * Returning untrusted is enough for for full chains that end in
  243. * self-signed roots, because when explicit trust is specified it
  244. * suppresses the default blanket trust of self-signed objects.
  245. *
  246. * But for partial chains, this is not enough, because absent a similar
  247. * trust-self-signed policy, non matching EKUs are indistinguishable
  248. * from lack of EKU constraints.
  249. *
  250. * Therefore, failure to match any trusted purpose must trigger an
  251. * explicit reject.
  252. */
  253. return X509_TRUST_REJECTED;
  254. }
  255. if ((flags & X509_TRUST_DO_SS_COMPAT) == 0)
  256. return X509_TRUST_UNTRUSTED;
  257. /*
  258. * Not rejected, and there is no list of accepted uses, try compat.
  259. */
  260. return trust_compat(NULL, x, flags);
  261. }