From bc7535bc7fe30fbba222c316a3957da7d906603b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Sep 2006 17:25:02 +0000 Subject: [PATCH] Support for AKID in CRLs and partial support for IDP. Overhaul of CRL handling to support this. --- CHANGES | 12 +++ crypto/x509/x509_txt.c | 4 + crypto/x509/x509_vfy.c | 159 +++++++++++++++++++++++++++++++++++++--- crypto/x509/x509_vfy.h | 2 + crypto/x509v3/v3_purp.c | 81 ++++++++++++-------- crypto/x509v3/x509v3.h | 1 + 6 files changed, 218 insertions(+), 41 deletions(-) diff --git a/CHANGES b/CHANGES index d205bca4b..506e8fa4a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,18 @@ Changes between 0.9.8d and 0.9.9 [xx XXX xxxx] + *) Partial support for Issuing Distribution Point CRL extension. CRLs + partitioned by DP are handled but no indirect CRL or reason partitioning + (yet). Complete overhaul of CRL handling: now the most suitable CRL is + selected via a scoring technique which handles IDP and AKID in CRLs. + [Steve Henson] + + *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which + will ultimately be used for all verify operations: this will remove the + X509_STORE dependency on certificate verification and allow alternative + lookup methods. X509_STORE based implementations of these two callbacks. + [Steve Henson] + *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names. Modify get_crl() to find a valid (unexpired) CRL if possible. [Steve Henson] diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 7dd2b761d..92f47a07b 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -162,6 +162,10 @@ const char *X509_verify_cert_error_string(long n) return("invalid or inconsistent certificate policy extension"); case X509_V_ERR_NO_EXPLICIT_POLICY: return("no explicit policy"); + case X509_V_ERR_DIFFERENT_CRL_SCOPE: + return("Different CRL scope"); + case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: + return("Unsupported extension feature"); default: BIO_snprintf(buf,sizeof buf,"error number %ld",n); return(buf); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f1f5fb9b3..2292b27ff 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -78,6 +78,8 @@ static int check_trust(X509_STORE_CTX *ctx); static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); static int check_policy(X509_STORE_CTX *ctx); +static int crl_akid_check(X509_STORE_CTX *ctx, AUTHORITY_KEYID *akid); +static int idp_check_scope(X509 *x, X509_CRL *crl); static int internal_verify(X509_STORE_CTX *ctx); const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; @@ -649,30 +651,81 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) return 1; } -/* Lookup CRLs from the supplied list. Look for matching isser name - * and validity. If we can't find a valid CRL return the last one - * with matching name. This gives more meaningful error codes. Otherwise - * we'd get a CRL not found error if a CRL existed with matching name but - * was invalid. +/* Based on a set of possible CRLs decide which one is best suited + * to handle the current certificate. This is determined by a number + * of criteria. If any of the "must" criteria is not satisfied then + * the candidate CRL is rejected. If all "must" and all "should" are + * satisfied the CRL is accepted. If no CRL satisfies all criteria then + * a "best CRL" is used to provide some meaningful error information. + * + * CRL issuer name must match "nm" if not NULL. + * If IDP is present: + * a. it must be consistent. + * b. onlyuser, onlyCA, onlyAA should match certificate being checked. + * c. indirectCRL must be FALSE. + * d. onlysomereason must be absent. + * e. if name present a DP in certificate CRLDP must match. + * If AKID present it should match certificate AKID. + * Check time should fall between lastUpdate and nextUpdate. */ +/* IDP name field matches CRLDP or IDP name not present */ +#define CRL_SCORE_SCOPE 4 +/* AKID present and matches cert, or AKID not present */ +#define CRL_SCORE_AKID 2 +/* times OK */ +#define CRL_SCORE_TIME 1 + +#define CRL_SCORE_ALL 7 + +/* IDP flags which cause a CRL to be rejected */ + +#define IDP_REJECT (IDP_INVALID|IDP_INDIRECT|IDP_REASONS) + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_NAME *nm, STACK_OF(X509_CRL) *crls) { - int i; + int i, crl_score, best_score = -1; X509_CRL *crl, *best_crl = NULL; for (i = 0; i < sk_X509_CRL_num(crls); i++) { + crl_score = 0; crl = sk_X509_CRL_value(crls, i); if (nm && X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) continue; if (check_crl_time(ctx, crl, 0)) + crl_score |= CRL_SCORE_TIME; + + if (crl->idp_flags & IDP_PRESENT) + { + if (crl->idp_flags & IDP_REJECT) + continue; + if (idp_check_scope(ctx->current_cert, crl)) + crl_score |= CRL_SCORE_SCOPE; + } + else + crl_score |= CRL_SCORE_SCOPE; + + if (crl->akid) + { + if (crl_akid_check(ctx, crl->akid)) + crl_score |= CRL_SCORE_AKID; + } + else + crl_score |= CRL_SCORE_AKID; + + if (crl_score == CRL_SCORE_ALL) { *pcrl = crl; CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); return 1; } - best_crl = crl; + + if (crl_score > best_score) + { + best_crl = crl; + best_score = crl_score; + } } if (best_crl) { @@ -683,9 +736,71 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, return 0; } -/* Retrieve CRL corresponding to certificate: currently just a - * subject lookup: maybe use AKID later... +static int crl_akid_check(X509_STORE_CTX *ctx, AUTHORITY_KEYID *akid) + { + int cidx = ctx->error_depth; + if (cidx != sk_X509_num(ctx->chain) - 1) + cidx++; + if (X509_check_akid(sk_X509_value(ctx->chain, cidx), akid) == X509_V_OK) + return 1; + return 0; + } + + +/* Check IDP name matches at least one CRLDP name */ + +static int idp_check_scope(X509 *x, X509_CRL *crl) + { + int i, j, k; + GENERAL_NAMES *inames, *dnames; + if (crl->idp_flags & IDP_ONLYATTR) + return 0; + if (x->ex_flags & EXFLAG_CA) + { + if (crl->idp_flags & IDP_ONLYUSER) + return 0; + } + else + { + if (crl->idp_flags & IDP_ONLYCA) + return 0; + } + if (!crl->idp->distpoint) + return 1; + if (crl->idp->distpoint->type != 0) + return 1; + if (!x->crldp) + return 0; + inames = crl->idp->distpoint->name.fullname; + for (i = 0; i < sk_GENERAL_NAME_num(inames); i++) + { + GENERAL_NAME *igen = sk_GENERAL_NAME_value(inames, i); + for (j = 0; j < sk_DIST_POINT_num(x->crldp); j++) + { + DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, j); + /* We don't handle these at present */ + if (dp->reasons || dp->CRLissuer) + continue; + if (!dp->distpoint || (dp->distpoint->type != 0)) + continue; + dnames = dp->distpoint->name.fullname; + for (k = 0; k < sk_GENERAL_NAME_num(dnames); k++) + { + GENERAL_NAME *cgen = + sk_GENERAL_NAME_value(dnames, k); + if (!GENERAL_NAME_cmp(igen, cgen)) + return 1; + } + } + } + return 0; + } + +/* Retrieve CRL corresponding to current certificate. Currently only + * one CRL is retrieved. Multiple CRLs may be needed if we handle + * CRLs partitioned on reason code later. */ + static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) { int ok; @@ -765,6 +880,28 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) if(!ok) goto err; } + if (crl->idp_flags & IDP_PRESENT) + { + if (crl->idp_flags & IDP_INVALID) + { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + if (crl->idp_flags & (IDP_REASONS|IDP_INDIRECT)) + { + ctx->error = X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + if (!idp_check_scope(ctx->current_cert, crl)) + { + ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + } + /* Attempt to get issuer certificate public key */ ikey = X509_get_pubkey(issuer); @@ -843,6 +980,10 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) ext = sk_X509_EXTENSION_value(exts, idx); if (ext->critical > 0) { + /* We handle IDP now so permit it */ + if (OBJ_obj2nid(ext->object) == + NID_issuing_distribution_point) + continue; ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ok = ctx->verify_cb(0, ctx); diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index d546cd976..322637a6e 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -334,6 +334,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_INVALID_EXTENSION 41 #define X509_V_ERR_INVALID_POLICY_EXTENSION 42 #define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 /* The application is not happy */ diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index ee2f08fe2..47b7e0f32 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -644,39 +644,14 @@ int X509_check_issued(X509 *issuer, X509 *subject) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); - if(subject->akid) { - /* Check key ids (if present) */ - if(subject->akid->keyid && issuer->skid && - ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) ) - return X509_V_ERR_AKID_SKID_MISMATCH; - /* Check serial number */ - if(subject->akid->serial && - ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), - subject->akid->serial)) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; - /* Check issuer name */ - if(subject->akid->issuer) { - /* Ugh, for some peculiar reason AKID includes - * SEQUENCE OF GeneralName. So look for a DirName. - * There may be more than one but we only take any - * notice of the first. - */ - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - X509_NAME *nm = NULL; - int i; - gens = subject->akid->issuer; - for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - if(gen->type == GEN_DIRNAME) { - nm = gen->d.dirn; - break; - } - } - if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; + + if(subject->akid) + { + int ret = X509_check_akid(issuer, subject->akid); + if (ret != X509_V_OK) + return ret; } - } + if(subject->ex_flags & EXFLAG_PROXY) { if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) @@ -687,3 +662,45 @@ int X509_check_issued(X509 *issuer, X509 *subject) return X509_V_OK; } +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) + { + + if(!akid) + return X509_V_OK; + + /* Check key ids (if present) */ + if(akid->keyid && issuer->skid && + ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) ) + return X509_V_ERR_AKID_SKID_MISMATCH; + /* Check serial number */ + if(akid->serial && + ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial)) + return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; + /* Check issuer name */ + if(akid->issuer) + { + /* Ugh, for some peculiar reason AKID includes + * SEQUENCE OF GeneralName. So look for a DirName. + * There may be more than one but we only take any + * notice of the first. + */ + GENERAL_NAMES *gens; + GENERAL_NAME *gen; + X509_NAME *nm = NULL; + int i; + gens = akid->issuer; + for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) + { + gen = sk_GENERAL_NAME_value(gens, i); + if(gen->type == GEN_DIRNAME) + { + nm = gen->d.dirn; + break; + } + } + if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) + return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; + } + return X509_V_OK; + } + diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index da349e51f..26884d41e 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -632,6 +632,7 @@ int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); int X509_PURPOSE_get_count(void); X509_PURPOSE * X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname);