x509_vfy.c

openssl包含TLS

			if ((ret == 0)
				|| ((ctx->flags & X509_V_FLAG_X509_STRICT)
					&& (ret != 1)))
				{
				ret = 0;
				ctx->error = X509_V_ERR_INVALID_CA;
				}
			else
				ret = 1;
			break;
			}
		if (ret == 0)
			{
			ctx->error_depth = i;
			ctx->current_cert = x;
			ok=cb(0,ctx);
			if (!ok) goto end;
			}
		if (ctx->purpose > 0)
			{
			ret = X509_check_purpose(x, ctx->purpose,
				must_be_ca > 0);
			if ((ret == 0)
				|| ((ctx->flags & X509_V_FLAG_X509_STRICT)
					&& (ret != 1)))
				{
				ctx->error = X509_V_ERR_INVALID_PURPOSE;
				ctx->error_depth = i;
				ctx->current_cert = x;
				ok=cb(0,ctx);
				if (!ok) goto end;
				}
			}
		/* Check pathlen */
		if ((i > 1) && (x->ex_pathlen != -1)
			   && (i > (x->ex_pathlen + proxy_path_length + 1)))
			{
			ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
			ctx->error_depth = i;
			ctx->current_cert = x;
			ok=cb(0,ctx);
			if (!ok) goto end;
			}
		/* If this certificate is a proxy certificate, the next
		   certificate must be another proxy certificate or a EE
		   certificate.  If not, the next certificate must be a
		   CA certificate.  */
		if (x->ex_flags & EXFLAG_PROXY)
			{
			PROXY_CERT_INFO_EXTENSION *pci =
				X509_get_ext_d2i(x, NID_proxyCertInfo,
					NULL, NULL);
			if (pci->pcPathLengthConstraint &&
				ASN1_INTEGER_get(pci->pcPathLengthConstraint)
				< i)
				{
				PROXY_CERT_INFO_EXTENSION_free(pci);
				ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
				ctx->error_depth = i;
				ctx->current_cert = x;
				ok=cb(0,ctx);
				if (!ok) goto end;
				}
			PROXY_CERT_INFO_EXTENSION_free(pci);
			proxy_path_length++;
			must_be_ca = 0;
			}
		else
			must_be_ca = 1;
		}
	ok = 1;
 end:
	return ok;
#endif
}

static int check_trust(X509_STORE_CTX *ctx)
{
#ifdef OPENSSL_NO_CHAIN_VERIFY
	return 1;
#else
	int i, ok;
	X509 *x;
	int (*cb)();
	cb=ctx->verify_cb;
/* For now just check the last certificate in the chain */
	i = sk_X509_num(ctx->chain) - 1;
	x = sk_X509_value(ctx->chain, i);
	ok = X509_check_trust(x, ctx->trust, 0);
	if (ok == X509_TRUST_TRUSTED)
		return 1;
	ctx->error_depth = i;
	ctx->current_cert = x;
	if (ok == X509_TRUST_REJECTED)
		ctx->error = X509_V_ERR_CERT_REJECTED;
	else
		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
	ok = cb(0, ctx);
	return ok;
#endif
}

static int check_revocation(X509_STORE_CTX *ctx)
	{
	int i, last, ok;
	if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
		return 1;
	if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
		last = sk_X509_num(ctx->chain) - 1;
	else
		last = 0;
	for(i = 0; i <= last; i++)
		{
		ctx->error_depth = i;
		ok = check_cert(ctx);
		if (!ok) return ok;
		}
	return 1;
	}

static int check_cert(X509_STORE_CTX *ctx)
	{
	X509_CRL *crl = NULL;
	X509 *x;
	int ok, cnum;
	cnum = ctx->error_depth;
	x = sk_X509_value(ctx->chain, cnum);
	ctx->current_cert = x;
	/* Try to retrieve relevant CRL */
	ok = ctx->get_crl(ctx, &crl, x);
	/* If error looking up CRL, nothing we can do except
	 * notify callback
	 */
	if(!ok)
		{
		ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
		ok = ctx->verify_cb(0, ctx);
		goto err;
		}
	ctx->current_crl = crl;
	ok = ctx->check_crl(ctx, crl);
	if (!ok) goto err;
	ok = ctx->cert_crl(ctx, crl, x);
	err:
	ctx->current_crl = NULL;
	X509_CRL_free(crl);
	return ok;

	}

/* Retrieve CRL corresponding to certificate: currently just a
 * subject lookup: maybe use AKID later...
 * Also might look up any included CRLs too (e.g PKCS#7 signedData).
 */
static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
	{
	int ok;
	X509_OBJECT xobj;
	ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
	if (!ok) return 0;
	*crl = xobj.data.crl;
	return 1;
	}

/* Check CRL validity */
static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
	{
	X509 *issuer = NULL;
	EVP_PKEY *ikey = NULL;
	int ok = 0, chnum, cnum, i;
	time_t *ptime;
	cnum = ctx->error_depth;
	chnum = sk_X509_num(ctx->chain) - 1;
	/* Find CRL issuer: if not last certificate then issuer
	 * is next certificate in chain.
	 */
	if(cnum < chnum)
		issuer = sk_X509_value(ctx->chain, cnum + 1);
	else
		{
		issuer = sk_X509_value(ctx->chain, chnum);
		/* If not self signed, can't check signature */
		if(!ctx->check_issued(ctx, issuer, issuer))
			{
			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
			ok = ctx->verify_cb(0, ctx);
			if(!ok) goto err;
			}
		}

	if(issuer)
		{
		/* Check for cRLSign bit if keyUsage present */
		if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
			!(issuer->ex_kusage & KU_CRL_SIGN))
			{
			ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
			ok = ctx->verify_cb(0, ctx);
			if(!ok) goto err;
			}

		/* Attempt to get issuer certificate public key */
		ikey = X509_get_pubkey(issuer);

		if(!ikey)
			{
			ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
			ok = ctx->verify_cb(0, ctx);
			if (!ok) goto err;
			}
		else
			{
			/* Verify CRL signature */
			if(X509_CRL_verify(crl, ikey) <= 0)
				{
				ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
				ok = ctx->verify_cb(0, ctx);
				if (!ok) goto err;
				}
			}
		}

	/* OK, CRL signature valid check times */
	if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
		ptime = &ctx->check_time;
	else
		ptime = NULL;

	i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
	if (i == 0)
		{
		ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
		ok = ctx->verify_cb(0, ctx);
		if (!ok) goto err;
		}

	if (i > 0)
		{
		ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
		ok = ctx->verify_cb(0, ctx);
		if (!ok) goto err;
		}

	if(X509_CRL_get_nextUpdate(crl))
		{
		i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);

		if (i == 0)
			{
			ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
			ok = ctx->verify_cb(0, ctx);
			if (!ok) goto err;
			}

		if (i < 0)
			{
			ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
			ok = ctx->verify_cb(0, ctx);
			if (!ok) goto err;
			}
		}

	ok = 1;

	err:
	EVP_PKEY_free(ikey);
	return ok;
	}

/* Check certificate against CRL */
static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
	{
	int idx, ok;
	X509_REVOKED rtmp;
	STACK_OF(X509_EXTENSION) *exts;
	X509_EXTENSION *ext;
	/* Look for serial number of certificate in CRL */
	rtmp.serialNumber = X509_get_serialNumber(x);
	/* Sort revoked into serial number order if not already sorted.
	 * Do this under a lock to avoid race condition.
 	 */
	if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
		{
		CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
		sk_X509_REVOKED_sort(crl->crl->revoked);
		CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
		}
	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
	/* If found assume revoked: want something cleverer than
	 * this to handle entry extensions in V2 CRLs.
	 */
	if(idx >= 0)
		{
		ctx->error = X509_V_ERR_CERT_REVOKED;
		ok = ctx->verify_cb(0, ctx);
		if (!ok) return 0;
		}

	if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
		return 1;

	/* See if we have any critical CRL extensions: since we
	 * currently don't handle any CRL extensions the CRL must be
	 * rejected. 
	 * This code accesses the X509_CRL structure directly: applications
	 * shouldn't do this.
	 */

	exts = crl->crl->extensions;

	for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
		{
		ext = sk_X509_EXTENSION_value(exts, idx);
		if (ext->critical > 0)
			{
			ctx->error =
				X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
			ok = ctx->verify_cb(0, ctx);
			if(!ok) return 0;
			break;
			}
		}
	return 1;
	}

static int internal_verify(X509_STORE_CTX *ctx)
	{
	int i,ok=0,n;
	X509 *xs,*xi;
	EVP_PKEY *pkey=NULL;
	time_t *ptime;
	int (*cb)();

	cb=ctx->verify_cb;

	n=sk_X509_num(ctx->chain);
	ctx->error_depth=n-1;
	n--;
	xi=sk_X509_value(ctx->chain,n);
	if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
		ptime = &ctx->check_time;
	else
		ptime = NULL;
	if (ctx->check_issued(ctx, xi, xi))
		xs=xi;
	else
		{
		if (n <= 0)
			{
			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
			ctx->current_cert=xi;
			ok=cb(0,ctx);
			goto end;
			}
		else
			{
			n--;
			ctx->error_depth=n;
			xs=sk_X509_value(ctx->chain,n);
			}
		}

/*	ctx->error=0;  not needed */
	while (n >= 0)
		{
		ctx->error_depth=n;
		if (!xs->valid)
			{
			if ((pkey=X509_get_pubkey(xi)) == NULL)
				{
				ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
				ctx->current_cert=xi;
				ok=(*cb)(0,ctx);
				if (!ok) goto end;
				}
			else if (X509_verify(xs,pkey) <= 0)
				/* XXX  For the final trusted self-signed cert,
				 * this is a waste of time.  That check should
				 * optional so that e.g. 'openssl x509' can be
				 * used to detect invalid self-signatures, but
				 * we don't verify again and again in SSL
				 * handshakes and the like once the cert has
				 * been declared trusted. */
				{
				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
				ctx->current_cert=xs;
				ok=(*cb)(0,ctx);
				if (!ok)
					{
					EVP_PKEY_free(pkey);
					goto end;
					}
				}
			EVP_PKEY_free(pkey);
			pkey=NULL;

			i=X509_cmp_time(X509_get_notBefore(xs), ptime);
			if (i == 0)
				{
				ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
				ctx->current_cert=xs;
				ok=(*cb)(0,ctx);
				if (!ok) goto end;
				}
			if (i > 0)
				{
				ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
				ctx->current_cert=xs;
				ok=(*cb)(0,ctx);
				if (!ok) goto end;
				}
			xs->valid=1;
			}

		i=X509_cmp_time(X509_get_notAfter(xs), ptime);
		if (i == 0)
			{
			ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
			ctx->current_cert=xs;
			ok=(*cb)(0,ctx);
			if (!ok) goto end;
			}

		if (i < 0)
			{
			ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
			ctx->current_cert=xs;
			ok=(*cb)(0,ctx);
			if (!ok) goto end;
			}

		/* The last error (if any) is still in the error value */
		ctx->current_issuer=xi;
		ctx->current_cert=xs;
		ok=(*cb)(1,ctx);
		if (!ok) goto end;

		n--;
		if (n >= 0)
			{
			xi=xs;
			xs=sk_X509_value(ctx->chain,n);
			}
		}
	ok=1;