v3_purp.c 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923
  1. /*
  2. * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include "internal/numbers.h"
  12. #include <openssl/x509v3.h>
  13. #include <openssl/x509_vfy.h>
  14. #include "crypto/x509.h"
  15. #include "internal/tsan_assist.h"
  16. static void x509v3_cache_extensions(X509 *x);
  17. static int check_ssl_ca(const X509 *x);
  18. static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
  19. int ca);
  20. static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
  21. int ca);
  22. static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
  23. int ca);
  24. static int purpose_smime(const X509 *x, int ca);
  25. static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
  26. int ca);
  27. static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
  28. int ca);
  29. static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
  30. int ca);
  31. static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
  32. int ca);
  33. static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
  34. static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
  35. static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
  36. static void xptable_free(X509_PURPOSE *p);
  37. static X509_PURPOSE xstandard[] = {
  38. {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
  39. check_purpose_ssl_client, "SSL client", "sslclient", NULL},
  40. {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
  41. check_purpose_ssl_server, "SSL server", "sslserver", NULL},
  42. {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
  43. check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
  44. {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
  45. "S/MIME signing", "smimesign", NULL},
  46. {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
  47. check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
  48. {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
  49. "CRL signing", "crlsign", NULL},
  50. {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any",
  51. NULL},
  52. {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
  53. "OCSP helper", "ocsphelper", NULL},
  54. {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
  55. check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign",
  56. NULL},
  57. };
  58. #define X509_PURPOSE_COUNT OSSL_NELEM(xstandard)
  59. static STACK_OF(X509_PURPOSE) *xptable = NULL;
  60. static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b)
  61. {
  62. return (*a)->purpose - (*b)->purpose;
  63. }
  64. /*
  65. * As much as I'd like to make X509_check_purpose use a "const" X509* I
  66. * really can't because it does recalculate hashes and do other non-const
  67. * things.
  68. */
  69. int X509_check_purpose(X509 *x, int id, int ca)
  70. {
  71. int idx;
  72. const X509_PURPOSE *pt;
  73. x509v3_cache_extensions(x);
  74. /* Return if side-effect only call */
  75. if (id == -1)
  76. return 1;
  77. idx = X509_PURPOSE_get_by_id(id);
  78. if (idx == -1)
  79. return -1;
  80. pt = X509_PURPOSE_get0(idx);
  81. return pt->check_purpose(pt, x, ca);
  82. }
  83. int X509_PURPOSE_set(int *p, int purpose)
  84. {
  85. if (X509_PURPOSE_get_by_id(purpose) == -1) {
  86. X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
  87. return 0;
  88. }
  89. *p = purpose;
  90. return 1;
  91. }
  92. int X509_PURPOSE_get_count(void)
  93. {
  94. if (!xptable)
  95. return X509_PURPOSE_COUNT;
  96. return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
  97. }
  98. X509_PURPOSE *X509_PURPOSE_get0(int idx)
  99. {
  100. if (idx < 0)
  101. return NULL;
  102. if (idx < (int)X509_PURPOSE_COUNT)
  103. return xstandard + idx;
  104. return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
  105. }
  106. int X509_PURPOSE_get_by_sname(const char *sname)
  107. {
  108. int i;
  109. X509_PURPOSE *xptmp;
  110. for (i = 0; i < X509_PURPOSE_get_count(); i++) {
  111. xptmp = X509_PURPOSE_get0(i);
  112. if (strcmp(xptmp->sname, sname) == 0)
  113. return i;
  114. }
  115. return -1;
  116. }
  117. int X509_PURPOSE_get_by_id(int purpose)
  118. {
  119. X509_PURPOSE tmp;
  120. int idx;
  121. if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
  122. return purpose - X509_PURPOSE_MIN;
  123. if (xptable == NULL)
  124. return -1;
  125. tmp.purpose = purpose;
  126. idx = sk_X509_PURPOSE_find(xptable, &tmp);
  127. if (idx < 0)
  128. return -1;
  129. return idx + X509_PURPOSE_COUNT;
  130. }
  131. int X509_PURPOSE_add(int id, int trust, int flags,
  132. int (*ck) (const X509_PURPOSE *, const X509 *, int),
  133. const char *name, const char *sname, void *arg)
  134. {
  135. int idx;
  136. X509_PURPOSE *ptmp;
  137. /*
  138. * This is set according to what we change: application can't set it
  139. */
  140. flags &= ~X509_PURPOSE_DYNAMIC;
  141. /* This will always be set for application modified trust entries */
  142. flags |= X509_PURPOSE_DYNAMIC_NAME;
  143. /* Get existing entry if any */
  144. idx = X509_PURPOSE_get_by_id(id);
  145. /* Need a new entry */
  146. if (idx == -1) {
  147. if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) {
  148. X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
  149. return 0;
  150. }
  151. ptmp->flags = X509_PURPOSE_DYNAMIC;
  152. } else
  153. ptmp = X509_PURPOSE_get0(idx);
  154. /* OPENSSL_free existing name if dynamic */
  155. if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
  156. OPENSSL_free(ptmp->name);
  157. OPENSSL_free(ptmp->sname);
  158. }
  159. /* dup supplied name */
  160. ptmp->name = OPENSSL_strdup(name);
  161. ptmp->sname = OPENSSL_strdup(sname);
  162. if (ptmp->name == NULL|| ptmp->sname == NULL) {
  163. X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
  164. goto err;
  165. }
  166. /* Keep the dynamic flag of existing entry */
  167. ptmp->flags &= X509_PURPOSE_DYNAMIC;
  168. /* Set all other flags */
  169. ptmp->flags |= flags;
  170. ptmp->purpose = id;
  171. ptmp->trust = trust;
  172. ptmp->check_purpose = ck;
  173. ptmp->usr_data = arg;
  174. /* If its a new entry manage the dynamic table */
  175. if (idx == -1) {
  176. if (xptable == NULL
  177. && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
  178. X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
  179. goto err;
  180. }
  181. if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
  182. X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
  183. goto err;
  184. }
  185. }
  186. return 1;
  187. err:
  188. if (idx == -1) {
  189. OPENSSL_free(ptmp->name);
  190. OPENSSL_free(ptmp->sname);
  191. OPENSSL_free(ptmp);
  192. }
  193. return 0;
  194. }
  195. static void xptable_free(X509_PURPOSE *p)
  196. {
  197. if (p == NULL)
  198. return;
  199. if (p->flags & X509_PURPOSE_DYNAMIC) {
  200. if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
  201. OPENSSL_free(p->name);
  202. OPENSSL_free(p->sname);
  203. }
  204. OPENSSL_free(p);
  205. }
  206. }
  207. void X509_PURPOSE_cleanup(void)
  208. {
  209. sk_X509_PURPOSE_pop_free(xptable, xptable_free);
  210. xptable = NULL;
  211. }
  212. int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
  213. {
  214. return xp->purpose;
  215. }
  216. char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
  217. {
  218. return xp->name;
  219. }
  220. char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
  221. {
  222. return xp->sname;
  223. }
  224. int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
  225. {
  226. return xp->trust;
  227. }
  228. static int nid_cmp(const int *a, const int *b)
  229. {
  230. return *a - *b;
  231. }
  232. DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
  233. IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
  234. int X509_supported_extension(X509_EXTENSION *ex)
  235. {
  236. /*
  237. * This table is a list of the NIDs of supported extensions: that is
  238. * those which are used by the verify process. If an extension is
  239. * critical and doesn't appear in this list then the verify process will
  240. * normally reject the certificate. The list must be kept in numerical
  241. * order because it will be searched using bsearch.
  242. */
  243. static const int supported_nids[] = {
  244. NID_netscape_cert_type, /* 71 */
  245. NID_key_usage, /* 83 */
  246. NID_subject_alt_name, /* 85 */
  247. NID_basic_constraints, /* 87 */
  248. NID_certificate_policies, /* 89 */
  249. NID_crl_distribution_points, /* 103 */
  250. NID_ext_key_usage, /* 126 */
  251. #ifndef OPENSSL_NO_RFC3779
  252. NID_sbgp_ipAddrBlock, /* 290 */
  253. NID_sbgp_autonomousSysNum, /* 291 */
  254. #endif
  255. NID_policy_constraints, /* 401 */
  256. NID_proxyCertInfo, /* 663 */
  257. NID_name_constraints, /* 666 */
  258. NID_policy_mappings, /* 747 */
  259. NID_inhibit_any_policy /* 748 */
  260. };
  261. int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
  262. if (ex_nid == NID_undef)
  263. return 0;
  264. if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids)))
  265. return 1;
  266. return 0;
  267. }
  268. static void setup_dp(X509 *x, DIST_POINT *dp)
  269. {
  270. X509_NAME *iname = NULL;
  271. int i;
  272. if (dp->reasons) {
  273. if (dp->reasons->length > 0)
  274. dp->dp_reasons = dp->reasons->data[0];
  275. if (dp->reasons->length > 1)
  276. dp->dp_reasons |= (dp->reasons->data[1] << 8);
  277. dp->dp_reasons &= CRLDP_ALL_REASONS;
  278. } else
  279. dp->dp_reasons = CRLDP_ALL_REASONS;
  280. if (!dp->distpoint || (dp->distpoint->type != 1))
  281. return;
  282. for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
  283. GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
  284. if (gen->type == GEN_DIRNAME) {
  285. iname = gen->d.directoryName;
  286. break;
  287. }
  288. }
  289. if (!iname)
  290. iname = X509_get_issuer_name(x);
  291. DIST_POINT_set_dpname(dp->distpoint, iname);
  292. }
  293. static void setup_crldp(X509 *x)
  294. {
  295. int i;
  296. x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
  297. for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
  298. setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
  299. }
  300. #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
  301. #define ku_reject(x, usage) \
  302. (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
  303. #define xku_reject(x, usage) \
  304. (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
  305. #define ns_reject(x, usage) \
  306. (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
  307. static void x509v3_cache_extensions(X509 *x)
  308. {
  309. BASIC_CONSTRAINTS *bs;
  310. PROXY_CERT_INFO_EXTENSION *pci;
  311. ASN1_BIT_STRING *usage;
  312. ASN1_BIT_STRING *ns;
  313. EXTENDED_KEY_USAGE *extusage;
  314. X509_EXTENSION *ex;
  315. int i;
  316. #ifdef tsan_ld_acq
  317. /* fast lock-free check, see end of the function for details. */
  318. if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached))
  319. return;
  320. #endif
  321. CRYPTO_THREAD_write_lock(x->lock);
  322. if (x->ex_flags & EXFLAG_SET) {
  323. CRYPTO_THREAD_unlock(x->lock);
  324. return;
  325. }
  326. X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
  327. /* V1 should mean no extensions ... */
  328. if (!X509_get_version(x))
  329. x->ex_flags |= EXFLAG_V1;
  330. /* Handle basic constraints */
  331. if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
  332. if (bs->ca)
  333. x->ex_flags |= EXFLAG_CA;
  334. if (bs->pathlen) {
  335. if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
  336. || !bs->ca) {
  337. x->ex_flags |= EXFLAG_INVALID;
  338. x->ex_pathlen = 0;
  339. } else
  340. x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
  341. } else
  342. x->ex_pathlen = -1;
  343. BASIC_CONSTRAINTS_free(bs);
  344. x->ex_flags |= EXFLAG_BCONS;
  345. }
  346. /* Handle proxy certificates */
  347. if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
  348. if (x->ex_flags & EXFLAG_CA
  349. || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
  350. || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
  351. x->ex_flags |= EXFLAG_INVALID;
  352. }
  353. if (pci->pcPathLengthConstraint) {
  354. x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
  355. } else
  356. x->ex_pcpathlen = -1;
  357. PROXY_CERT_INFO_EXTENSION_free(pci);
  358. x->ex_flags |= EXFLAG_PROXY;
  359. }
  360. /* Handle key usage */
  361. if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
  362. if (usage->length > 0) {
  363. x->ex_kusage = usage->data[0];
  364. if (usage->length > 1)
  365. x->ex_kusage |= usage->data[1] << 8;
  366. } else
  367. x->ex_kusage = 0;
  368. x->ex_flags |= EXFLAG_KUSAGE;
  369. ASN1_BIT_STRING_free(usage);
  370. }
  371. x->ex_xkusage = 0;
  372. if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
  373. x->ex_flags |= EXFLAG_XKUSAGE;
  374. for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
  375. switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
  376. case NID_server_auth:
  377. x->ex_xkusage |= XKU_SSL_SERVER;
  378. break;
  379. case NID_client_auth:
  380. x->ex_xkusage |= XKU_SSL_CLIENT;
  381. break;
  382. case NID_email_protect:
  383. x->ex_xkusage |= XKU_SMIME;
  384. break;
  385. case NID_code_sign:
  386. x->ex_xkusage |= XKU_CODE_SIGN;
  387. break;
  388. case NID_ms_sgc:
  389. case NID_ns_sgc:
  390. x->ex_xkusage |= XKU_SGC;
  391. break;
  392. case NID_OCSP_sign:
  393. x->ex_xkusage |= XKU_OCSP_SIGN;
  394. break;
  395. case NID_time_stamp:
  396. x->ex_xkusage |= XKU_TIMESTAMP;
  397. break;
  398. case NID_dvcs:
  399. x->ex_xkusage |= XKU_DVCS;
  400. break;
  401. case NID_anyExtendedKeyUsage:
  402. x->ex_xkusage |= XKU_ANYEKU;
  403. break;
  404. }
  405. }
  406. sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
  407. }
  408. if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
  409. if (ns->length > 0)
  410. x->ex_nscert = ns->data[0];
  411. else
  412. x->ex_nscert = 0;
  413. x->ex_flags |= EXFLAG_NSCERT;
  414. ASN1_BIT_STRING_free(ns);
  415. }
  416. x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
  417. x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
  418. /* Does subject name match issuer ? */
  419. if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
  420. x->ex_flags |= EXFLAG_SI;
  421. /* If SKID matches AKID also indicate self signed */
  422. if (X509_check_akid(x, x->akid) == X509_V_OK &&
  423. !ku_reject(x, KU_KEY_CERT_SIGN))
  424. x->ex_flags |= EXFLAG_SS;
  425. }
  426. x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
  427. x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
  428. if (!x->nc && (i != -1))
  429. x->ex_flags |= EXFLAG_INVALID;
  430. setup_crldp(x);
  431. #ifndef OPENSSL_NO_RFC3779
  432. x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
  433. x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
  434. NULL, NULL);
  435. #endif
  436. for (i = 0; i < X509_get_ext_count(x); i++) {
  437. ex = X509_get_ext(x, i);
  438. if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
  439. == NID_freshest_crl)
  440. x->ex_flags |= EXFLAG_FRESHEST;
  441. if (!X509_EXTENSION_get_critical(ex))
  442. continue;
  443. if (!X509_supported_extension(ex)) {
  444. x->ex_flags |= EXFLAG_CRITICAL;
  445. break;
  446. }
  447. }
  448. x509_init_sig_info(x);
  449. x->ex_flags |= EXFLAG_SET;
  450. #ifdef tsan_st_rel
  451. tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1);
  452. /*
  453. * Above store triggers fast lock-free check in the beginning of the
  454. * function. But one has to ensure that the structure is "stable", i.e.
  455. * all stores are visible on all processors. Hence the release fence.
  456. */
  457. #endif
  458. CRYPTO_THREAD_unlock(x->lock);
  459. }
  460. /*-
  461. * CA checks common to all purposes
  462. * return codes:
  463. * 0 not a CA
  464. * 1 is a CA
  465. * 2 basicConstraints absent so "maybe" a CA
  466. * 3 basicConstraints absent but self signed V1.
  467. * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
  468. */
  469. static int check_ca(const X509 *x)
  470. {
  471. /* keyUsage if present should allow cert signing */
  472. if (ku_reject(x, KU_KEY_CERT_SIGN))
  473. return 0;
  474. if (x->ex_flags & EXFLAG_BCONS) {
  475. if (x->ex_flags & EXFLAG_CA)
  476. return 1;
  477. /* If basicConstraints says not a CA then say so */
  478. else
  479. return 0;
  480. } else {
  481. /* we support V1 roots for... uh, I don't really know why. */
  482. if ((x->ex_flags & V1_ROOT) == V1_ROOT)
  483. return 3;
  484. /*
  485. * If key usage present it must have certSign so tolerate it
  486. */
  487. else if (x->ex_flags & EXFLAG_KUSAGE)
  488. return 4;
  489. /* Older certificates could have Netscape-specific CA types */
  490. else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
  491. return 5;
  492. /* can this still be regarded a CA certificate? I doubt it */
  493. return 0;
  494. }
  495. }
  496. void X509_set_proxy_flag(X509 *x)
  497. {
  498. x->ex_flags |= EXFLAG_PROXY;
  499. }
  500. void X509_set_proxy_pathlen(X509 *x, long l)
  501. {
  502. x->ex_pcpathlen = l;
  503. }
  504. int X509_check_ca(X509 *x)
  505. {
  506. x509v3_cache_extensions(x);
  507. return check_ca(x);
  508. }
  509. /* Check SSL CA: common checks for SSL client and server */
  510. static int check_ssl_ca(const X509 *x)
  511. {
  512. int ca_ret;
  513. ca_ret = check_ca(x);
  514. if (!ca_ret)
  515. return 0;
  516. /* check nsCertType if present */
  517. if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)
  518. return ca_ret;
  519. else
  520. return 0;
  521. }
  522. static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
  523. int ca)
  524. {
  525. if (xku_reject(x, XKU_SSL_CLIENT))
  526. return 0;
  527. if (ca)
  528. return check_ssl_ca(x);
  529. /* We need to do digital signatures or key agreement */
  530. if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
  531. return 0;
  532. /* nsCertType if present should allow SSL client use */
  533. if (ns_reject(x, NS_SSL_CLIENT))
  534. return 0;
  535. return 1;
  536. }
  537. /*
  538. * Key usage needed for TLS/SSL server: digital signature, encipherment or
  539. * key agreement. The ssl code can check this more thoroughly for individual
  540. * key types.
  541. */
  542. #define KU_TLS \
  543. KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT
  544. static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
  545. int ca)
  546. {
  547. if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
  548. return 0;
  549. if (ca)
  550. return check_ssl_ca(x);
  551. if (ns_reject(x, NS_SSL_SERVER))
  552. return 0;
  553. if (ku_reject(x, KU_TLS))
  554. return 0;
  555. return 1;
  556. }
  557. static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
  558. int ca)
  559. {
  560. int ret;
  561. ret = check_purpose_ssl_server(xp, x, ca);
  562. if (!ret || ca)
  563. return ret;
  564. /* We need to encipher or Netscape complains */
  565. if (ku_reject(x, KU_KEY_ENCIPHERMENT))
  566. return 0;
  567. return ret;
  568. }
  569. /* common S/MIME checks */
  570. static int purpose_smime(const X509 *x, int ca)
  571. {
  572. if (xku_reject(x, XKU_SMIME))
  573. return 0;
  574. if (ca) {
  575. int ca_ret;
  576. ca_ret = check_ca(x);
  577. if (!ca_ret)
  578. return 0;
  579. /* check nsCertType if present */
  580. if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)
  581. return ca_ret;
  582. else
  583. return 0;
  584. }
  585. if (x->ex_flags & EXFLAG_NSCERT) {
  586. if (x->ex_nscert & NS_SMIME)
  587. return 1;
  588. /* Workaround for some buggy certificates */
  589. if (x->ex_nscert & NS_SSL_CLIENT)
  590. return 2;
  591. return 0;
  592. }
  593. return 1;
  594. }
  595. static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
  596. int ca)
  597. {
  598. int ret;
  599. ret = purpose_smime(x, ca);
  600. if (!ret || ca)
  601. return ret;
  602. if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
  603. return 0;
  604. return ret;
  605. }
  606. static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
  607. int ca)
  608. {
  609. int ret;
  610. ret = purpose_smime(x, ca);
  611. if (!ret || ca)
  612. return ret;
  613. if (ku_reject(x, KU_KEY_ENCIPHERMENT))
  614. return 0;
  615. return ret;
  616. }
  617. static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
  618. int ca)
  619. {
  620. if (ca) {
  621. int ca_ret;
  622. if ((ca_ret = check_ca(x)) != 2)
  623. return ca_ret;
  624. else
  625. return 0;
  626. }
  627. if (ku_reject(x, KU_CRL_SIGN))
  628. return 0;
  629. return 1;
  630. }
  631. /*
  632. * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
  633. * is valid. Additional checks must be made on the chain.
  634. */
  635. static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
  636. {
  637. /*
  638. * Must be a valid CA. Should we really support the "I don't know" value
  639. * (2)?
  640. */
  641. if (ca)
  642. return check_ca(x);
  643. /* leaf certificate is checked in OCSP_verify() */
  644. return 1;
  645. }
  646. static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
  647. int ca)
  648. {
  649. int i_ext;
  650. /* If ca is true we must return if this is a valid CA certificate. */
  651. if (ca)
  652. return check_ca(x);
  653. /*
  654. * Check the optional key usage field:
  655. * if Key Usage is present, it must be one of digitalSignature
  656. * and/or nonRepudiation (other values are not consistent and shall
  657. * be rejected).
  658. */
  659. if ((x->ex_flags & EXFLAG_KUSAGE)
  660. && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
  661. !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
  662. return 0;
  663. /* Only time stamp key usage is permitted and it's required. */
  664. if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
  665. return 0;
  666. /* Extended Key Usage MUST be critical */
  667. i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
  668. if (i_ext >= 0) {
  669. X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
  670. if (!X509_EXTENSION_get_critical(ext))
  671. return 0;
  672. }
  673. return 1;
  674. }
  675. static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
  676. {
  677. return 1;
  678. }
  679. /*-
  680. * Various checks to see if one certificate issued the second.
  681. * This can be used to prune a set of possible issuer certificates
  682. * which have been looked up using some simple method such as by
  683. * subject name.
  684. * These are:
  685. * 1. Check issuer_name(subject) == subject_name(issuer)
  686. * 2. If akid(subject) exists, check that it matches issuer
  687. * 3. Check that issuer public key algorithm matches subject signature algorithm
  688. * 4. If key_usage(issuer) exists, check that it supports certificate signing
  689. * returns 0 for OK, positive for reason for mismatch, reasons match
  690. * codes for X509_verify_cert()
  691. */
  692. int X509_check_issued(X509 *issuer, X509 *subject)
  693. {
  694. if (X509_NAME_cmp(X509_get_subject_name(issuer),
  695. X509_get_issuer_name(subject)))
  696. return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
  697. x509v3_cache_extensions(issuer);
  698. x509v3_cache_extensions(subject);
  699. if (subject->akid) {
  700. int ret = X509_check_akid(issuer, subject->akid);
  701. if (ret != X509_V_OK)
  702. return ret;
  703. }
  704. {
  705. /*
  706. * Check if the subject signature algorithm matches the issuer's PUBKEY
  707. * algorithm
  708. */
  709. EVP_PKEY *i_pkey = X509_get0_pubkey(issuer);
  710. X509_ALGOR *s_algor = &subject->cert_info.signature;
  711. int s_pknid = NID_undef, s_mdnid = NID_undef;
  712. if (i_pkey == NULL)
  713. return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
  714. if (!OBJ_find_sigid_algs(OBJ_obj2nid(s_algor->algorithm),
  715. &s_mdnid, &s_pknid)
  716. || EVP_PKEY_type(s_pknid) != EVP_PKEY_base_id(i_pkey))
  717. return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
  718. }
  719. if (subject->ex_flags & EXFLAG_PROXY) {
  720. if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
  721. return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
  722. } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
  723. return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
  724. return X509_V_OK;
  725. }
  726. int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
  727. {
  728. if (!akid)
  729. return X509_V_OK;
  730. /* Check key ids (if present) */
  731. if (akid->keyid && issuer->skid &&
  732. ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
  733. return X509_V_ERR_AKID_SKID_MISMATCH;
  734. /* Check serial number */
  735. if (akid->serial &&
  736. ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
  737. return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
  738. /* Check issuer name */
  739. if (akid->issuer) {
  740. /*
  741. * Ugh, for some peculiar reason AKID includes SEQUENCE OF
  742. * GeneralName. So look for a DirName. There may be more than one but
  743. * we only take any notice of the first.
  744. */
  745. GENERAL_NAMES *gens;
  746. GENERAL_NAME *gen;
  747. X509_NAME *nm = NULL;
  748. int i;
  749. gens = akid->issuer;
  750. for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
  751. gen = sk_GENERAL_NAME_value(gens, i);
  752. if (gen->type == GEN_DIRNAME) {
  753. nm = gen->d.dirn;
  754. break;
  755. }
  756. }
  757. if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
  758. return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
  759. }
  760. return X509_V_OK;
  761. }
  762. uint32_t X509_get_extension_flags(X509 *x)
  763. {
  764. /* Call for side-effect of computing hash and caching extensions */
  765. X509_check_purpose(x, -1, -1);
  766. return x->ex_flags;
  767. }
  768. uint32_t X509_get_key_usage(X509 *x)
  769. {
  770. /* Call for side-effect of computing hash and caching extensions */
  771. X509_check_purpose(x, -1, -1);
  772. if (x->ex_flags & EXFLAG_KUSAGE)
  773. return x->ex_kusage;
  774. return UINT32_MAX;
  775. }
  776. uint32_t X509_get_extended_key_usage(X509 *x)
  777. {
  778. /* Call for side-effect of computing hash and caching extensions */
  779. X509_check_purpose(x, -1, -1);
  780. if (x->ex_flags & EXFLAG_XKUSAGE)
  781. return x->ex_xkusage;
  782. return UINT32_MAX;
  783. }
  784. const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
  785. {
  786. /* Call for side-effect of computing hash and caching extensions */
  787. X509_check_purpose(x, -1, -1);
  788. return x->skid;
  789. }
  790. const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)
  791. {
  792. /* Call for side-effect of computing hash and caching extensions */
  793. X509_check_purpose(x, -1, -1);
  794. return (x->akid != NULL ? x->akid->keyid : NULL);
  795. }
  796. const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x)
  797. {
  798. /* Call for side-effect of computing hash and caching extensions */
  799. X509_check_purpose(x, -1, -1);
  800. return (x->akid != NULL ? x->akid->issuer : NULL);
  801. }
  802. const ASN1_INTEGER *X509_get0_authority_serial(X509 *x)
  803. {
  804. /* Call for side-effect of computing hash and caching extensions */
  805. X509_check_purpose(x, -1, -1);
  806. return (x->akid != NULL ? x->akid->serial : NULL);
  807. }
  808. long X509_get_pathlen(X509 *x)
  809. {
  810. /* Called for side effect of caching extensions */
  811. if (X509_check_purpose(x, -1, -1) != 1
  812. || (x->ex_flags & EXFLAG_BCONS) == 0)
  813. return -1;
  814. return x->ex_pathlen;
  815. }
  816. long X509_get_proxy_pathlen(X509 *x)
  817. {
  818. /* Called for side effect of caching extensions */
  819. if (X509_check_purpose(x, -1, -1) != 1
  820. || (x->ex_flags & EXFLAG_PROXY) == 0)
  821. return -1;
  822. return x->ex_pcpathlen;
  823. }