summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_verify.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use EXFLAG_INVALID to handle out of memory and parse errors intobhe2021-03-131-1/+5
| | | | | | x509v3_cache_extensions(). ok tb@
* Fix checks of memory caps of constraints namestb2021-03-121-4/+7
| | | | | | | | | | | | | | | x509_internal.h defines caps on the number of name constraints and other names (such as subjectAltNames) that we want to allocate per cert chain. These limits are checked too late. In a particularly silly cert that jan found on ugos.ugm.ac.id 443, we ended up allocating six times 2048 x509_constraint_name structures before deciding that these are more than 512. Fix this by adding a names_max member to x509_constraints_names which is set on allocation against which each addition of a name is checked. cluebat/ok jsing ok inoguchi on earlier version
* Set is_trusted in x509_verify_ctx_add_chain()tb2021-02-261-2/+2
| | | | | | | | If we're about to add a chain we have a trust path, so we have at least one trusted certificate. This fixes a thinko from r1.31 and fixes the openssl(1) cms verify test. ok jsing (who had the same diff)
* Rename depth to num_untrusted so it identifies what it actually represents.jsing2021-02-251-6/+6
| | | | ok tb@
* Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.jsing2021-02-251-3/+2
| | | | | | | | | In x509_verify_ctx_set_xsc_chain(), an ENOMEM case is currently passing the last certificate and depth (which is no longer actually depth) to x509_verify_cert_error(). Given we've hit an ENOMEM situation, neither of these are useful so remove both. ok tb@
* Make the new validator check for EXFLAG_CRITICALtb2021-02-241-8/+15
| | | | | | | | | | | | | | | | | | | | | | As should be obvious from the name and the comment in x509_vfy.h int last_untrusted; /* index of last untrusted cert */ last_untrusted actually counts the number of untrusted certs at the bottom of the chain. Unfortunately, an earlier fix introducing x509_verify_set_xsc_chain() assumed that last_untrusted actually meant the index of the last untrusted cert in the chain, resulting in an off-by-one, which in turn led to x509_vfy_check_chain_extension() skipping the check for the EXFLAG_CRITICAL flag. A second bug in x509_verify_set_xsc_chain() assumed that it is always called with a trusted root, which is not necessarily the case anymore. Address this with a temporary fix which will have to be revisited once we will allow chains with more than one trusted cert. Reported with a test case by tobhe. ok jsing tobhe
* Set chain on xsc on chain build failure.jsing2021-01-091-1/+3
| | | | | | | | Prior to calling the callback, ensure that the current (invalid and likely incomplete) chain is set on the xsc. Some things (like auto chain) depend on this functionality. ok beck@
* Bail out early after finding an single chain if we are have been called frombeck2021-01-091-1/+9
| | | | | | | | x509_vfy and have an xsc. There's no point in finding more chains since that API can not return them, and all we do is trigger buggy callbacks in calling software. ok jsing@
* search the intermediates only after searching the root certs, clarifybeck2021-01-081-11/+15
| | | | | | | this in the comments. helps avoid annoying situations with the legacy callback ok jsing@
* Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier.jsing2021-01-051-1/+4
| | | | | | Yet another mostly meaningless error value... Noted by and ok tb@
* Gracefully handle root certificates being both trusted and untrusted.jsing2021-01-051-3/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | When a certificate (namely a root) is specified as both a trusted and untrusted certificate, the new verifier will find multiple chains - the first being back to the trusted root certificate and a second via the root that is untrusted, followed by the trusted root certificate. This situation can be triggered by a server that (unnecessarily) includes the root certificate in its certificate list. While this validates correctly (using the first chain), it means that we encounter a failure while building the second chain due to the root certificate already being in the chain. When this occurs we call the verify callback indicating a bad certificate. Some sensitive software (including bacula and icinga), treat this single bad chain callback as terminal, even though we successfully verify the certificate. Avoid this problem by simply dumping the chain if we encounter a situation where the certificate is already in the chain and also a trusted root - we'll have already picked up the trusted root as a shorter path. Issue with icinga2 initially reported by Theodore Wynnychenko. Fix tested by sthen@ for both bacula and icinga2. ok tb@
* Remove two reduntat memset calls.tb2020-12-161-3/+1
| | | | pointed out by jsing
* Plug leak in x509_verify_chain_dup()tb2020-11-181-2/+2
| | | | | | | | | | | | | | | x509_verify_chain_new() allocates a few members of a certificate chain: an empty stack of certificates, a list of errors encountered while validating the chain, and a list of name constraints. The function to copy a chain would allocate a new chain using x509_verify_chain_new() and then clobber its members by copies of the old chain. Fix this by replacing x509_verify_chain_new() with calloc(). Found by review while investigating the report by Hanno Zysik who found the same leak using valgrind. This is a cleaner version of my initial fix from jsing. ok jsing
* zap ugly empty line before closing bracetb2020-11-181-2/+1
|
* Use X509_V_OK instead of 0.jsing2020-11-161-4/+3
| | | | ok beck@ tb@
* Add back an X509_STORE_CTX error code assignment.jsing2020-11-161-2/+3
| | | | | | | | This was inadvertently removed in r1.19. Spotted by tb@ ok beck@ tb@
* Return the specific failure for a "self signed certificate" in the chainbeck2020-11-151-1/+14
| | | | | | | | | in order to be compatible with the openssl error craziness in the legacy verifier case. This will fix a regress problem noticed by znc ok tb@
* Handle additional certificate error cases in new X.509 verifier.jsing2020-11-111-11/+77
| | | | | | | | | | | | | | | | | | | | | | | With the old verifier, the verify callback can always return 1 instructing the verifier to simply continue regardless of a certificate verification failure (e.g. the certificate is expired or revoked). This would result in a chain being built, however the first error encountered would be persisted, which allows the caller to build the chain, have the verification process succeed, yet upon inspecting the error code note that the chain is not valid for some reason. Mimic this behaviour by keeping track of certificate errors while building chains - when we finish verification, find the certificate error closest to the leaf certificate and expose that via the X509_STORE_CTX. There are various corner cases that we also have to handle, like the fact that we keep an certificate error until we find the issuer, at which point we have to clear it. Issue reported by Ilya Shipitcin due to failing haproxy regression tests. With much discussion and input from beck@ and tb@! ok beck@ tb@
* Fix bad indent.jsing2020-11-031-7/+6
|
* Hook X509_STORE_CTX get_issuer() callback from new X509 verifier.jsing2020-11-031-3/+17
| | | | | | | | | | | If we fail to find a parent certificate from either the supplied roots or intermediates and we have a X509_STORE_CTX, call its get_issuer() callback to see if it can supply a suitable certificate. This makes things like certificates by directory (aka by_dir) work correctly. Issue noted by Uwe Werler <uwe@werler.is> ok beck@ tb@
* Add a safety net to ensure that we set an error on the store context.tb2020-10-261-1/+3
| | | | Suggested by and discussed with beck
* If x509_verify() fails, ensure that the error is also set on the storetb2020-10-261-10/+15
| | | | | | | context. This is what is returned in SSL_get_verify_result(). Spotted and initial diff from jeremy; discussed with jsing ok beck
* Make sure that x509_vfy_check_id() failure also sets ctx->error, not onlytb2020-10-261-3/+8
| | | | | | ctx->xsc->error. Will be needed in an upcoming diff. from beck
* Ensure leaf is set up on X509_STORE_CTX before verification.jsing2020-09-261-9/+7
| | | | | | | | | | | | | Previously the leaf certificate was only being set up on the X509_STORE_CTX after two verification steps were performed, however at least one of those steps could result in the verification callback being triggered and existing code breaking. Issue noticed by Raf Czlonka when attempting to connect to talk.google.com using profanity (which does not set SNI and ends up receiving an invalid certificate). ok beck@ deraadt@ tb@
* Ensure chain is set on the X509_STORE_CTX before triggering callback.jsing2020-09-231-12/+39
| | | | | | | | | | | | Various software expects the previous behaviour where the certificate chain is available on the X509_STORE_CTX when the verify callback is triggered. Issue hit by bket@ with lastpass-cli which has built in certificate pinning that is checked via the verify callback. Fix confirmed by bket@. ok beck@
* remove superfluous NULL checkbeck2020-09-191-2/+2
| | | | ok tb@
* Make check in x509_verify_ctx_set_max_signatures() consistent with others.jsing2020-09-161-4/+2
| | | | ok beck@
* Dedup code in x509_verify_ctx_new_from_xsc().jsing2020-09-161-14/+7
| | | | | | | Rather than duplicating code, have x509_verify_ctx_new_from_xsc() call x509_verify_ctx_new(), then handle the xsc specific parts. ok beck@
* set error_depth and current_cert to make more legacy callbacks that don't checkbeck2020-09-151-1/+3
| | | | | | happy ok tb@
* Deduplicate the time validation code between the legacy and newbeck2020-09-151-2/+2
| | | | | | verification code. ok jsing@
* Set error if we are given an NULL ctx in x509_verify, and set errorbeck2020-09-141-5/+3
| | | | | | | | to X509_V_ERR_OUT_OF_MEM instead of UNSPECIFIED in chain_append when allocation fails. noticed by ingo@ ok tb@
* nuke a stray spacetb2020-09-141-2/+2
|
* remove unneded variable "time"beck2020-09-141-3/+2
| | | | | noticed by llvm static analyzer ok tb@
* fix bug introduced on review where refactor made it possible tobeck2020-09-141-2/+2
| | | | | | | eat a NULL. found by clang static analyzer ok tb@
* Correctly fix double free introduced on review.beck2020-09-141-2/+1
| | | | | | | the roots for a ctx are only freed in the free function, not in the clear function, so that a ctx can be re-used with the same roots. ok tb@
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-0/+914
The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-02 02:31:35 +0000