NCBI C++ ToolKit
x509_crt.c
Go to the documentation of this file.

Go to the SVN repository for this file.

1 /*
2  * X.509 certificate parsing and verification
3  *
4  * Copyright The Mbed TLS Contributors
5  * SPDX-License-Identifier: Apache-2.0
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License"); you may
8  * not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 /*
20  * The ITU-T X.509 standard defines a certificate format for PKI.
21  *
22  * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
23  * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
24  * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
25  *
26  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
27  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
28  *
29  * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
30  */
31 
32 #include "common.h"
33 
34 #if defined(MBEDTLS_X509_CRT_PARSE_C)
35 
36 #include "mbedtls/x509_crt.h"
37 #include "mbedtls/error.h"
38 #include "mbedtls/oid.h"
39 #include "mbedtls/platform_util.h"
40 
41 #include <string.h>
42 
43 #if defined(MBEDTLS_PEM_PARSE_C)
44 #include "mbedtls/pem.h"
45 #endif
46 
47 #if defined(MBEDTLS_USE_PSA_CRYPTO)
48 #include "psa/crypto.h"
49 #include "mbedtls/psa_util.h"
50 #endif
51 
52 #include "mbedtls/platform.h"
53 
54 #if defined(MBEDTLS_THREADING_C)
55 #include "mbedtls/threading.h"
56 #endif
57 
58 #if defined(MBEDTLS_HAVE_TIME)
59 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
60 #include <windows.h>
61 #else
62 #include <time.h>
63 #endif
64 #endif
65 
66 #if defined(MBEDTLS_FS_IO)
67 #include <stdio.h>
68 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
69 #include <sys/types.h>
70 #include <sys/stat.h>
71 #include <dirent.h>
72 #include <errno.h>
73 #endif /* !_WIN32 || EFIX64 || EFI32 */
74 #endif
75 
76 /*
77  * Item in a verification chain: cert and flags for it
78  */
79 typedef struct {
80  mbedtls_x509_crt *crt;
81  uint32_t flags;
82 } x509_crt_verify_chain_item;
83 
84 /*
85  * Max size of verification chain: end-entity + intermediates + trusted root
86  */
87 #define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
88 
89 /* Default profile. Do not remove items unless there are serious security
90  * concerns. */
91 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
92 {
93  /* Only SHA-2 hashes */
94  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) |
95  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
96  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
97  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
98  0xFFFFFFF, /* Any PK alg */
99  0xFFFFFFF, /* Any curve */
100  2048,
101 };
102 
103 /*
104  * Next-default profile
105  */
106 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
107 {
108  /* Hashes from SHA-256 and above */
109  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
110  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
111  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
112  0xFFFFFFF, /* Any PK alg */
113 #if defined(MBEDTLS_ECP_C)
114  /* Curves at or above 128-bit security level */
115  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
116  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) |
117  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) |
118  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) |
119  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
120  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
121  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1),
122 #else
123  0,
124 #endif
125  2048,
126 };
127 
128 /*
129  * NSA Suite B Profile
130  */
131 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
132 {
133  /* Only SHA-256 and 384 */
134  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
135  MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384),
136  /* Only ECDSA */
137  MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) |
138  MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY),
139 #if defined(MBEDTLS_ECP_C)
140  /* Only NIST P-256 and P-384 */
141  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
142  MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1),
143 #else
144  0,
145 #endif
146  0,
147 };
148 
149 /*
150  * Check md_alg against profile
151  * Return 0 if md_alg is acceptable for this profile, -1 otherwise
152  */
153 static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile,
154  mbedtls_md_type_t md_alg)
155 {
156  if (md_alg == MBEDTLS_MD_NONE) {
157  return -1;
158  }
159 
160  if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) {
161  return 0;
162  }
163 
164  return -1;
165 }
166 
167 /*
168  * Check pk_alg against profile
169  * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
170  */
171 static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile,
172  mbedtls_pk_type_t pk_alg)
173 {
174  if (pk_alg == MBEDTLS_PK_NONE) {
175  return -1;
176  }
177 
178  if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) {
179  return 0;
180  }
181 
182  return -1;
183 }
184 
185 /*
186  * Check key against profile
187  * Return 0 if pk is acceptable for this profile, -1 otherwise
188  */
189 static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
190  const mbedtls_pk_context *pk)
191 {
192  const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
193 
194 #if defined(MBEDTLS_RSA_C)
195  if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
196  if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
197  return 0;
198  }
199 
200  return -1;
201  }
202 #endif
203 
204 #if defined(MBEDTLS_ECP_C)
205  if (pk_alg == MBEDTLS_PK_ECDSA ||
206  pk_alg == MBEDTLS_PK_ECKEY ||
207  pk_alg == MBEDTLS_PK_ECKEY_DH) {
208  const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id;
209 
210  if (gid == MBEDTLS_ECP_DP_NONE) {
211  return -1;
212  }
213 
214  if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) {
215  return 0;
216  }
217 
218  return -1;
219  }
220 #endif
221 
222  return -1;
223 }
224 
225 /*
226  * Like memcmp, but case-insensitive and always returns -1 if different
227  */
228 static int x509_memcasecmp(const void *s1, const void *s2, size_t len)
229 {
230  size_t i;
231  unsigned char diff;
232  const unsigned char *n1 = s1, *n2 = s2;
233 
234  for (i = 0; i < len; i++) {
235  diff = n1[i] ^ n2[i];
236 
237  if (diff == 0) {
238  continue;
239  }
240 
241  if (diff == 32 &&
242  ((n1[i] >= 'a' && n1[i] <= 'z') ||
243  (n1[i] >= 'A' && n1[i] <= 'Z'))) {
244  continue;
245  }
246 
247  return -1;
248  }
249 
250  return 0;
251 }
252 
253 /*
254  * Return 0 if name matches wildcard, -1 otherwise
255  */
256 static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name)
257 {
258  size_t i;
259  size_t cn_idx = 0, cn_len = strlen(cn);
260 
261  /* We can't have a match if there is no wildcard to match */
262  if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') {
263  return -1;
264  }
265 
266  for (i = 0; i < cn_len; ++i) {
267  if (cn[i] == '.') {
268  cn_idx = i;
269  break;
270  }
271  }
272 
273  if (cn_idx == 0) {
274  return -1;
275  }
276 
277  if (cn_len - cn_idx == name->len - 1 &&
278  x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) {
279  return 0;
280  }
281 
282  return -1;
283 }
284 
285 /*
286  * Compare two X.509 strings, case-insensitive, and allowing for some encoding
287  * variations (but not all).
288  *
289  * Return 0 if equal, -1 otherwise.
290  */
291 static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b)
292 {
293  if (a->tag == b->tag &&
294  a->len == b->len &&
295  memcmp(a->p, b->p, b->len) == 0) {
296  return 0;
297  }
298 
299  if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
300  (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
301  a->len == b->len &&
302  x509_memcasecmp(a->p, b->p, b->len) == 0) {
303  return 0;
304  }
305 
306  return -1;
307 }
308 
309 /*
310  * Compare two X.509 Names (aka rdnSequence).
311  *
312  * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
313  * we sometimes return unequal when the full algorithm would return equal,
314  * but never the other way. (In particular, we don't do Unicode normalisation
315  * or space folding.)
316  *
317  * Return 0 if equal, -1 otherwise.
318  */
319 static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b)
320 {
321  /* Avoid recursion, it might not be optimised by the compiler */
322  while (a != NULL || b != NULL) {
323  if (a == NULL || b == NULL) {
324  return -1;
325  }
326 
327  /* type */
328  if (a->oid.tag != b->oid.tag ||
329  a->oid.len != b->oid.len ||
330  memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) {
331  return -1;
332  }
333 
334  /* value */
335  if (x509_string_cmp(&a->val, &b->val) != 0) {
336  return -1;
337  }
338 
339  /* structure of the list of sets */
340  if (a->next_merged != b->next_merged) {
341  return -1;
342  }
343 
344  a = a->next;
345  b = b->next;
346  }
347 
348  /* a == NULL == b */
349  return 0;
350 }
351 
352 /*
353  * Reset (init or clear) a verify_chain
354  */
355 static void x509_crt_verify_chain_reset(
356  mbedtls_x509_crt_verify_chain *ver_chain)
357 {
358  size_t i;
359 
360  for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) {
361  ver_chain->items[i].crt = NULL;
362  ver_chain->items[i].flags = (uint32_t) -1;
363  }
364 
365  ver_chain->len = 0;
366 
367 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
368  ver_chain->trust_ca_cb_result = NULL;
369 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
370 }
371 
372 /*
373  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
374  */
375 static int x509_get_version(unsigned char **p,
376  const unsigned char *end,
377  int *ver)
378 {
379  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
380  size_t len;
381 
382  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
383  MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
384  0)) != 0) {
385  if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
386  *ver = 0;
387  return 0;
388  }
389 
390  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
391  }
392 
393  end = *p + len;
394 
395  if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
396  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
397  }
398 
399  if (*p != end) {
400  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION,
401  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
402  }
403 
404  return 0;
405 }
406 
407 /*
408  * Validity ::= SEQUENCE {
409  * notBefore Time,
410  * notAfter Time }
411  */
412 static int x509_get_dates(unsigned char **p,
413  const unsigned char *end,
414  mbedtls_x509_time *from,
415  mbedtls_x509_time *to)
416 {
417  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
418  size_t len;
419 
420  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
421  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
422  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret);
423  }
424 
425  end = *p + len;
426 
427  if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) {
428  return ret;
429  }
430 
431  if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) {
432  return ret;
433  }
434 
435  if (*p != end) {
436  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
437  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
438  }
439 
440  return 0;
441 }
442 
443 /*
444  * X.509 v2/v3 unique identifier (not parsed)
445  */
446 static int x509_get_uid(unsigned char **p,
447  const unsigned char *end,
448  mbedtls_x509_buf *uid, int n)
449 {
450  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
451 
452  if (*p == end) {
453  return 0;
454  }
455 
456  uid->tag = **p;
457 
458  if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len,
459  MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
460  n)) != 0) {
461  if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
462  return 0;
463  }
464 
465  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
466  }
467 
468  uid->p = *p;
469  *p += uid->len;
470 
471  return 0;
472 }
473 
474 static int x509_get_basic_constraints(unsigned char **p,
475  const unsigned char *end,
476  int *ca_istrue,
477  int *max_pathlen)
478 {
479  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
480  size_t len;
481 
482  /*
483  * BasicConstraints ::= SEQUENCE {
484  * cA BOOLEAN DEFAULT FALSE,
485  * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
486  */
487  *ca_istrue = 0; /* DEFAULT FALSE */
488  *max_pathlen = 0; /* endless */
489 
490  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
491  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
492  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
493  }
494 
495  if (*p == end) {
496  return 0;
497  }
498 
499  if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) {
500  if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
501  ret = mbedtls_asn1_get_int(p, end, ca_istrue);
502  }
503 
504  if (ret != 0) {
505  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
506  }
507 
508  if (*ca_istrue != 0) {
509  *ca_istrue = 1;
510  }
511  }
512 
513  if (*p == end) {
514  return 0;
515  }
516 
517  if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) {
518  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
519  }
520 
521  if (*p != end) {
522  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
523  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
524  }
525 
526  /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
527  * overflow, which is an undefined behavior. */
528  if (*max_pathlen == INT_MAX) {
529  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
530  MBEDTLS_ERR_ASN1_INVALID_LENGTH);
531  }
532 
533  (*max_pathlen)++;
534 
535  return 0;
536 }
537 
538 static int x509_get_ns_cert_type(unsigned char **p,
539  const unsigned char *end,
540  unsigned char *ns_cert_type)
541 {
542  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
543  mbedtls_x509_bitstring bs = { 0, 0, NULL };
544 
545  if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) {
546  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
547  }
548 
549  if (bs.len != 1) {
550  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
551  MBEDTLS_ERR_ASN1_INVALID_LENGTH);
552  }
553 
554  /* Get actual bitstring */
555  *ns_cert_type = *bs.p;
556  return 0;
557 }
558 
559 static int x509_get_key_usage(unsigned char **p,
560  const unsigned char *end,
561  unsigned int *key_usage)
562 {
563  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
564  size_t i;
565  mbedtls_x509_bitstring bs = { 0, 0, NULL };
566 
567  if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) {
568  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
569  }
570 
571  if (bs.len < 1) {
572  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
573  MBEDTLS_ERR_ASN1_INVALID_LENGTH);
574  }
575 
576  /* Get actual bitstring */
577  *key_usage = 0;
578  for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) {
579  *key_usage |= (unsigned int) bs.p[i] << (8*i);
580  }
581 
582  return 0;
583 }
584 
585 /*
586  * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
587  *
588  * KeyPurposeId ::= OBJECT IDENTIFIER
589  */
590 static int x509_get_ext_key_usage(unsigned char **p,
591  const unsigned char *end,
592  mbedtls_x509_sequence *ext_key_usage)
593 {
594  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
595 
596  if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) {
597  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
598  }
599 
600  /* Sequence length must be >= 1 */
601  if (ext_key_usage->buf.p == NULL) {
602  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
603  MBEDTLS_ERR_ASN1_INVALID_LENGTH);
604  }
605 
606  return 0;
607 }
608 
609 /*
610  * SubjectAltName ::= GeneralNames
611  *
612  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
613  *
614  * GeneralName ::= CHOICE {
615  * otherName [0] OtherName,
616  * rfc822Name [1] IA5String,
617  * dNSName [2] IA5String,
618  * x400Address [3] ORAddress,
619  * directoryName [4] Name,
620  * ediPartyName [5] EDIPartyName,
621  * uniformResourceIdentifier [6] IA5String,
622  * iPAddress [7] OCTET STRING,
623  * registeredID [8] OBJECT IDENTIFIER }
624  *
625  * OtherName ::= SEQUENCE {
626  * type-id OBJECT IDENTIFIER,
627  * value [0] EXPLICIT ANY DEFINED BY type-id }
628  *
629  * EDIPartyName ::= SEQUENCE {
630  * nameAssigner [0] DirectoryString OPTIONAL,
631  * partyName [1] DirectoryString }
632  *
633  * NOTE: we list all types, but only use dNSName and otherName
634  * of type HwModuleName, as defined in RFC 4108, at this point.
635  */
636 static int x509_get_subject_alt_name(unsigned char **p,
637  const unsigned char *end,
638  mbedtls_x509_sequence *subject_alt_name)
639 {
640  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
641  size_t len, tag_len;
642  mbedtls_asn1_sequence *cur = subject_alt_name;
643 
644  /* Get main sequence tag */
645  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
646  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
647  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
648  }
649 
650  if (*p + len != end) {
651  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
652  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
653  }
654 
655  while (*p < end) {
656  mbedtls_x509_subject_alternative_name dummy_san_buf;
657  mbedtls_x509_buf tmp_san_buf;
658  memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
659 
660  tmp_san_buf.tag = **p;
661  (*p)++;
662 
663  if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) {
664  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
665  }
666 
667  tmp_san_buf.p = *p;
668  tmp_san_buf.len = tag_len;
669 
670  if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
671  MBEDTLS_ASN1_CONTEXT_SPECIFIC) {
672  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
673  MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
674  }
675 
676  /*
677  * Check that the SAN is structured correctly.
678  */
679  ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf);
680  /*
681  * In case the extension is malformed, return an error,
682  * and clear the allocated sequences.
683  */
684  if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
685  mbedtls_x509_sequence *seq_cur = subject_alt_name->next;
686  mbedtls_x509_sequence *seq_prv;
687  while (seq_cur != NULL) {
688  seq_prv = seq_cur;
689  seq_cur = seq_cur->next;
690  mbedtls_platform_zeroize(seq_prv,
691  sizeof(mbedtls_x509_sequence));
692  mbedtls_free(seq_prv);
693  }
694  subject_alt_name->next = NULL;
695  return ret;
696  }
697 
698  /* Allocate and assign next pointer */
699  if (cur->buf.p != NULL) {
700  if (cur->next != NULL) {
701  return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
702  }
703 
704  cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
705 
706  if (cur->next == NULL) {
707  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
708  MBEDTLS_ERR_ASN1_ALLOC_FAILED);
709  }
710 
711  cur = cur->next;
712  }
713 
714  cur->buf = tmp_san_buf;
715  *p += tmp_san_buf.len;
716  }
717 
718  /* Set final sequence entry's next pointer to NULL */
719  cur->next = NULL;
720 
721  if (*p != end) {
722  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
723  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
724  }
725 
726  return 0;
727 }
728 
729 /*
730  * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
731  *
732  * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
733  *
734  * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
735  *
736  * PolicyInformation ::= SEQUENCE {
737  * policyIdentifier CertPolicyId,
738  * policyQualifiers SEQUENCE SIZE (1..MAX) OF
739  * PolicyQualifierInfo OPTIONAL }
740  *
741  * CertPolicyId ::= OBJECT IDENTIFIER
742  *
743  * PolicyQualifierInfo ::= SEQUENCE {
744  * policyQualifierId PolicyQualifierId,
745  * qualifier ANY DEFINED BY policyQualifierId }
746  *
747  * -- policyQualifierIds for Internet policy qualifiers
748  *
749  * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
750  * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
751  * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
752  *
753  * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
754  *
755  * Qualifier ::= CHOICE {
756  * cPSuri CPSuri,
757  * userNotice UserNotice }
758  *
759  * CPSuri ::= IA5String
760  *
761  * UserNotice ::= SEQUENCE {
762  * noticeRef NoticeReference OPTIONAL,
763  * explicitText DisplayText OPTIONAL }
764  *
765  * NoticeReference ::= SEQUENCE {
766  * organization DisplayText,
767  * noticeNumbers SEQUENCE OF INTEGER }
768  *
769  * DisplayText ::= CHOICE {
770  * ia5String IA5String (SIZE (1..200)),
771  * visibleString VisibleString (SIZE (1..200)),
772  * bmpString BMPString (SIZE (1..200)),
773  * utf8String UTF8String (SIZE (1..200)) }
774  *
775  * NOTE: we only parse and use anyPolicy without qualifiers at this point
776  * as defined in RFC 5280.
777  */
778 static int x509_get_certificate_policies(unsigned char **p,
779  const unsigned char *end,
780  mbedtls_x509_sequence *certificate_policies)
781 {
782  int ret, parse_ret = 0;
783  size_t len;
784  mbedtls_asn1_buf *buf;
785  mbedtls_asn1_sequence *cur = certificate_policies;
786 
787  /* Get main sequence tag */
788  ret = mbedtls_asn1_get_tag(p, end, &len,
789  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
790  if (ret != 0) {
791  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
792  }
793 
794  if (*p + len != end) {
795  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
796  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
797  }
798 
799  /*
800  * Cannot be an empty sequence.
801  */
802  if (len == 0) {
803  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
804  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
805  }
806 
807  while (*p < end) {
808  mbedtls_x509_buf policy_oid;
809  const unsigned char *policy_end;
810 
811  /*
812  * Get the policy sequence
813  */
814  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
815  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
816  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
817  }
818 
819  policy_end = *p + len;
820 
821  if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
822  MBEDTLS_ASN1_OID)) != 0) {
823  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
824  }
825 
826  policy_oid.tag = MBEDTLS_ASN1_OID;
827  policy_oid.len = len;
828  policy_oid.p = *p;
829 
830  /*
831  * Only AnyPolicy is currently supported when enforcing policy.
832  */
833  if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) {
834  /*
835  * Set the parsing return code but continue parsing, in case this
836  * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
837  * is configured.
838  */
839  parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
840  }
841 
842  /* Allocate and assign next pointer */
843  if (cur->buf.p != NULL) {
844  if (cur->next != NULL) {
845  return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
846  }
847 
848  cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
849 
850  if (cur->next == NULL) {
851  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
852  MBEDTLS_ERR_ASN1_ALLOC_FAILED);
853  }
854 
855  cur = cur->next;
856  }
857 
858  buf = &(cur->buf);
859  buf->tag = policy_oid.tag;
860  buf->p = policy_oid.p;
861  buf->len = policy_oid.len;
862 
863  *p += len;
864 
865  /*
866  * If there is an optional qualifier, then *p < policy_end
867  * Check the Qualifier len to verify it doesn't exceed policy_end.
868  */
869  if (*p < policy_end) {
870  if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
871  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
872  0) {
873  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
874  }
875  /*
876  * Skip the optional policy qualifiers.
877  */
878  *p += len;
879  }
880 
881  if (*p != policy_end) {
882  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
883  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
884  }
885  }
886 
887  /* Set final sequence entry's next pointer to NULL */
888  cur->next = NULL;
889 
890  if (*p != end) {
891  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
892  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
893  }
894 
895  return parse_ret;
896 }
897 
898 /*
899  * X.509 v3 extensions
900  *
901  */
902 static int x509_get_crt_ext(unsigned char **p,
903  const unsigned char *end,
904  mbedtls_x509_crt *crt,
905  mbedtls_x509_crt_ext_cb_t cb,
906  void *p_ctx)
907 {
908  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
909  size_t len;
910  unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet;
911 
912  if (*p == end) {
913  return 0;
914  }
915 
916  if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) {
917  return ret;
918  }
919 
920  end = crt->v3_ext.p + crt->v3_ext.len;
921  while (*p < end) {
922  /*
923  * Extension ::= SEQUENCE {
924  * extnID OBJECT IDENTIFIER,
925  * critical BOOLEAN DEFAULT FALSE,
926  * extnValue OCTET STRING }
927  */
928  mbedtls_x509_buf extn_oid = { 0, 0, NULL };
929  int is_critical = 0; /* DEFAULT FALSE */
930  int ext_type = 0;
931 
932  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
933  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
934  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
935  }
936 
937  end_ext_data = *p + len;
938 
939  /* Get extension ID */
940  if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
941  MBEDTLS_ASN1_OID)) != 0) {
942  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
943  }
944 
945  extn_oid.tag = MBEDTLS_ASN1_OID;
946  extn_oid.p = *p;
947  *p += extn_oid.len;
948 
949  /* Get optional critical */
950  if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
951  (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
952  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
953  }
954 
955  /* Data should be octet string type */
956  if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
957  MBEDTLS_ASN1_OCTET_STRING)) != 0) {
958  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
959  }
960 
961  start_ext_octet = *p;
962  end_ext_octet = *p + len;
963 
964  if (end_ext_octet != end_ext_data) {
965  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
966  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
967  }
968 
969  /*
970  * Detect supported extensions
971  */
972  ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
973 
974  if (ret != 0) {
975  /* Give the callback (if any) a chance to handle the extension */
976  if (cb != NULL) {
977  ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet);
978  if (ret != 0 && is_critical) {
979  return ret;
980  }
981  *p = end_ext_octet;
982  continue;
983  }
984 
985  /* No parser found, skip extension */
986  *p = end_ext_octet;
987 
988 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
989  if (is_critical) {
990  /* Data is marked as critical: fail */
991  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
992  MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
993  }
994 #endif
995  continue;
996  }
997 
998  /* Forbid repeated extensions */
999  if ((crt->ext_types & ext_type) != 0) {
1000  return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
1001  }
1002 
1003  crt->ext_types |= ext_type;
1004 
1005  switch (ext_type) {
1006  case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
1007  /* Parse basic constraints */
1008  if ((ret = x509_get_basic_constraints(p, end_ext_octet,
1009  &crt->ca_istrue, &crt->max_pathlen)) != 0) {
1010  return ret;
1011  }
1012  break;
1013 
1014  case MBEDTLS_X509_EXT_KEY_USAGE:
1015  /* Parse key usage */
1016  if ((ret = x509_get_key_usage(p, end_ext_octet,
1017  &crt->key_usage)) != 0) {
1018  return ret;
1019  }
1020  break;
1021 
1022  case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
1023  /* Parse extended key usage */
1024  if ((ret = x509_get_ext_key_usage(p, end_ext_octet,
1025  &crt->ext_key_usage)) != 0) {
1026  return ret;
1027  }
1028  break;
1029 
1030  case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
1031  /* Parse subject alt name */
1032  if ((ret = x509_get_subject_alt_name(p, end_ext_octet,
1033  &crt->subject_alt_names)) != 0) {
1034  return ret;
1035  }
1036  break;
1037 
1038  case MBEDTLS_X509_EXT_NS_CERT_TYPE:
1039  /* Parse netscape certificate type */
1040  if ((ret = x509_get_ns_cert_type(p, end_ext_octet,
1041  &crt->ns_cert_type)) != 0) {
1042  return ret;
1043  }
1044  break;
1045 
1046  case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
1047  /* Parse certificate policies type */
1048  if ((ret = x509_get_certificate_policies(p, end_ext_octet,
1049  &crt->certificate_policies)) != 0) {
1050  /* Give the callback (if any) a chance to handle the extension
1051  * if it contains unsupported policies */
1052  if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
1053  cb(p_ctx, crt, &extn_oid, is_critical,
1054  start_ext_octet, end_ext_octet) == 0) {
1055  break;
1056  }
1057 
1058 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1059  if (is_critical) {
1060  return ret;
1061  } else
1062 #endif
1063  /*
1064  * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
1065  * cannot interpret or enforce the policy. However, it is up to
1066  * the user to choose how to enforce the policies,
1067  * unless the extension is critical.
1068  */
1069  if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
1070  return ret;
1071  }
1072  }
1073  break;
1074 
1075  default:
1076  /*
1077  * If this is a non-critical extension, which the oid layer
1078  * supports, but there isn't an x509 parser for it,
1079  * skip the extension.
1080  */
1081 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1082  if (is_critical) {
1083  return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
1084  } else
1085 #endif
1086  *p = end_ext_octet;
1087  }
1088  }
1089 
1090  if (*p != end) {
1091  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
1092  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1093  }
1094 
1095  return 0;
1096 }
1097 
1098 /*
1099  * Parse and fill a single X.509 certificate in DER format
1100  */
1101 static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
1102  const unsigned char *buf,
1103  size_t buflen,
1104  int make_copy,
1105  mbedtls_x509_crt_ext_cb_t cb,
1106  void *p_ctx)
1107 {
1108  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1109  size_t len;
1110  unsigned char *p, *end, *crt_end;
1111  mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
1112 
1113  memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
1114  memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
1115  memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
1116 
1117  /*
1118  * Check for valid input
1119  */
1120  if (crt == NULL || buf == NULL) {
1121  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1122  }
1123 
1124  /* Use the original buffer until we figure out actual length. */
1125  p = (unsigned char *) buf;
1126  len = buflen;
1127  end = p + len;
1128 
1129  /*
1130  * Certificate ::= SEQUENCE {
1131  * tbsCertificate TBSCertificate,
1132  * signatureAlgorithm AlgorithmIdentifier,
1133  * signatureValue BIT STRING }
1134  */
1135  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1136  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1137  mbedtls_x509_crt_free(crt);
1138  return MBEDTLS_ERR_X509_INVALID_FORMAT;
1139  }
1140 
1141  end = crt_end = p + len;
1142  crt->raw.len = crt_end - buf;
1143  if (make_copy != 0) {
1144  /* Create and populate a new buffer for the raw field. */
1145  crt->raw.p = p = mbedtls_calloc(1, crt->raw.len);
1146  if (crt->raw.p == NULL) {
1147  return MBEDTLS_ERR_X509_ALLOC_FAILED;
1148  }
1149 
1150  memcpy(crt->raw.p, buf, crt->raw.len);
1151  crt->own_buffer = 1;
1152 
1153  p += crt->raw.len - len;
1154  end = crt_end = p + len;
1155  } else {
1156  crt->raw.p = (unsigned char *) buf;
1157  crt->own_buffer = 0;
1158  }
1159 
1160  /*
1161  * TBSCertificate ::= SEQUENCE {
1162  */
1163  crt->tbs.p = p;
1164 
1165  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1166  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1167  mbedtls_x509_crt_free(crt);
1168  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
1169  }
1170 
1171  end = p + len;
1172  crt->tbs.len = end - crt->tbs.p;
1173 
1174  /*
1175  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1176  *
1177  * CertificateSerialNumber ::= INTEGER
1178  *
1179  * signature AlgorithmIdentifier
1180  */
1181  if ((ret = x509_get_version(&p, end, &crt->version)) != 0 ||
1182  (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 ||
1183  (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid,
1184  &sig_params1)) != 0) {
1185  mbedtls_x509_crt_free(crt);
1186  return ret;
1187  }
1188 
1189  if (crt->version < 0 || crt->version > 2) {
1190  mbedtls_x509_crt_free(crt);
1191  return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
1192  }
1193 
1194  crt->version++;
1195 
1196  if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1,
1197  &crt->sig_md, &crt->sig_pk,
1198  &crt->sig_opts)) != 0) {
1199  mbedtls_x509_crt_free(crt);
1200  return ret;
1201  }
1202 
1203  /*
1204  * issuer Name
1205  */
1206  crt->issuer_raw.p = p;
1207 
1208  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1209  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1210  mbedtls_x509_crt_free(crt);
1211  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
1212  }
1213 
1214  if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) {
1215  mbedtls_x509_crt_free(crt);
1216  return ret;
1217  }
1218 
1219  crt->issuer_raw.len = p - crt->issuer_raw.p;
1220 
1221  /*
1222  * Validity ::= SEQUENCE {
1223  * notBefore Time,
1224  * notAfter Time }
1225  *
1226  */
1227  if ((ret = x509_get_dates(&p, end, &crt->valid_from,
1228  &crt->valid_to)) != 0) {
1229  mbedtls_x509_crt_free(crt);
1230  return ret;
1231  }
1232 
1233  /*
1234  * subject Name
1235  */
1236  crt->subject_raw.p = p;
1237 
1238  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1239  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1240  mbedtls_x509_crt_free(crt);
1241  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
1242  }
1243 
1244  if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) {
1245  mbedtls_x509_crt_free(crt);
1246  return ret;
1247  }
1248 
1249  crt->subject_raw.len = p - crt->subject_raw.p;
1250 
1251  /*
1252  * SubjectPublicKeyInfo
1253  */
1254  crt->pk_raw.p = p;
1255  if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) {
1256  mbedtls_x509_crt_free(crt);
1257  return ret;
1258  }
1259  crt->pk_raw.len = p - crt->pk_raw.p;
1260 
1261  /*
1262  * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1263  * -- If present, version shall be v2 or v3
1264  * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1265  * -- If present, version shall be v2 or v3
1266  * extensions [3] EXPLICIT Extensions OPTIONAL
1267  * -- If present, version shall be v3
1268  */
1269  if (crt->version == 2 || crt->version == 3) {
1270  ret = x509_get_uid(&p, end, &crt->issuer_id, 1);
1271  if (ret != 0) {
1272  mbedtls_x509_crt_free(crt);
1273  return ret;
1274  }
1275  }
1276 
1277  if (crt->version == 2 || crt->version == 3) {
1278  ret = x509_get_uid(&p, end, &crt->subject_id, 2);
1279  if (ret != 0) {
1280  mbedtls_x509_crt_free(crt);
1281  return ret;
1282  }
1283  }
1284 
1285  int extensions_allowed = 1;
1286 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
1287  if (crt->version != 3) {
1288  extensions_allowed = 0;
1289  }
1290 #endif
1291  if (extensions_allowed) {
1292  ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx);
1293  if (ret != 0) {
1294  mbedtls_x509_crt_free(crt);
1295  return ret;
1296  }
1297  }
1298 
1299  if (p != end) {
1300  mbedtls_x509_crt_free(crt);
1301  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
1302  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1303  }
1304 
1305  end = crt_end;
1306 
1307  /*
1308  * }
1309  * -- end of TBSCertificate
1310  *
1311  * signatureAlgorithm AlgorithmIdentifier,
1312  * signatureValue BIT STRING
1313  */
1314  if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
1315  mbedtls_x509_crt_free(crt);
1316  return ret;
1317  }
1318 
1319  if (crt->sig_oid.len != sig_oid2.len ||
1320  memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 ||
1321  sig_params1.tag != sig_params2.tag ||
1322  sig_params1.len != sig_params2.len ||
1323  (sig_params1.len != 0 &&
1324  memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
1325  mbedtls_x509_crt_free(crt);
1326  return MBEDTLS_ERR_X509_SIG_MISMATCH;
1327  }
1328 
1329  if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) {
1330  mbedtls_x509_crt_free(crt);
1331  return ret;
1332  }
1333 
1334  if (p != end) {
1335  mbedtls_x509_crt_free(crt);
1336  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
1337  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1338  }
1339 
1340  return 0;
1341 }
1342 
1343 /*
1344  * Parse one X.509 certificate in DER format from a buffer and add them to a
1345  * chained list
1346  */
1347 static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain,
1348  const unsigned char *buf,
1349  size_t buflen,
1350  int make_copy,
1351  mbedtls_x509_crt_ext_cb_t cb,
1352  void *p_ctx)
1353 {
1354  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1355  mbedtls_x509_crt *crt = chain, *prev = NULL;
1356 
1357  /*
1358  * Check for valid input
1359  */
1360  if (crt == NULL || buf == NULL) {
1361  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1362  }
1363 
1364  while (crt->version != 0 && crt->next != NULL) {
1365  prev = crt;
1366  crt = crt->next;
1367  }
1368 
1369  /*
1370  * Add new certificate on the end of the chain if needed.
1371  */
1372  if (crt->version != 0 && crt->next == NULL) {
1373  crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
1374 
1375  if (crt->next == NULL) {
1376  return MBEDTLS_ERR_X509_ALLOC_FAILED;
1377  }
1378 
1379  prev = crt;
1380  mbedtls_x509_crt_init(crt->next);
1381  crt = crt->next;
1382  }
1383 
1384  ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx);
1385  if (ret != 0) {
1386  if (prev) {
1387  prev->next = NULL;
1388  }
1389 
1390  if (crt != chain) {
1391  mbedtls_free(crt);
1392  }
1393 
1394  return ret;
1395  }
1396 
1397  return 0;
1398 }
1399 
1400 int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
1401  const unsigned char *buf,
1402  size_t buflen)
1403 {
1404  return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL);
1405 }
1406 
1407 int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
1408  const unsigned char *buf,
1409  size_t buflen,
1410  int make_copy,
1411  mbedtls_x509_crt_ext_cb_t cb,
1412  void *p_ctx)
1413 {
1414  return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx);
1415 }
1416 
1417 int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
1418  const unsigned char *buf,
1419  size_t buflen)
1420 {
1421  return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL);
1422 }
1423 
1424 /*
1425  * Parse one or more PEM certificates from a buffer and add them to the chained
1426  * list
1427  */
1428 int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain,
1429  const unsigned char *buf,
1430  size_t buflen)
1431 {
1432 #if defined(MBEDTLS_PEM_PARSE_C)
1433  int success = 0, first_error = 0, total_failed = 0;
1434  int buf_format = MBEDTLS_X509_FORMAT_DER;
1435 #endif
1436 
1437  /*
1438  * Check for valid input
1439  */
1440  if (chain == NULL || buf == NULL) {
1441  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1442  }
1443 
1444  /*
1445  * Determine buffer content. Buffer contains either one DER certificate or
1446  * one or more PEM certificates.
1447  */
1448 #if defined(MBEDTLS_PEM_PARSE_C)
1449  if (buflen != 0 && buf[buflen - 1] == '\0' &&
1450  strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) {
1451  buf_format = MBEDTLS_X509_FORMAT_PEM;
1452  }
1453 
1454  if (buf_format == MBEDTLS_X509_FORMAT_DER) {
1455  return mbedtls_x509_crt_parse_der(chain, buf, buflen);
1456  }
1457 #else
1458  return mbedtls_x509_crt_parse_der(chain, buf, buflen);
1459 #endif
1460 
1461 #if defined(MBEDTLS_PEM_PARSE_C)
1462  if (buf_format == MBEDTLS_X509_FORMAT_PEM) {
1463  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1464  mbedtls_pem_context pem;
1465 
1466  /* 1 rather than 0 since the terminating NULL byte is counted in */
1467  while (buflen > 1) {
1468  size_t use_len;
1469  mbedtls_pem_init(&pem);
1470 
1471  /* If we get there, we know the string is null-terminated */
1472  ret = mbedtls_pem_read_buffer(&pem,
1473  "-----BEGIN CERTIFICATE-----",
1474  "-----END CERTIFICATE-----",
1475  buf, NULL, 0, &use_len);
1476 
1477  if (ret == 0) {
1478  /*
1479  * Was PEM encoded
1480  */
1481  buflen -= use_len;
1482  buf += use_len;
1483  } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) {
1484  return ret;
1485  } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
1486  mbedtls_pem_free(&pem);
1487 
1488  /*
1489  * PEM header and footer were found
1490  */
1491  buflen -= use_len;
1492  buf += use_len;
1493 
1494  if (first_error == 0) {
1495  first_error = ret;
1496  }
1497 
1498  total_failed++;
1499  continue;
1500  } else {
1501  break;
1502  }
1503 
1504  ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen);
1505 
1506  mbedtls_pem_free(&pem);
1507 
1508  if (ret != 0) {
1509  /*
1510  * Quit parsing on a memory error
1511  */
1512  if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) {
1513  return ret;
1514  }
1515 
1516  if (first_error == 0) {
1517  first_error = ret;
1518  }
1519 
1520  total_failed++;
1521  continue;
1522  }
1523 
1524  success = 1;
1525  }
1526  }
1527 
1528  if (success) {
1529  return total_failed;
1530  } else if (first_error) {
1531  return first_error;
1532  } else {
1533  return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
1534  }
1535 #endif /* MBEDTLS_PEM_PARSE_C */
1536 }
1537 
1538 #if defined(MBEDTLS_FS_IO)
1539 /*
1540  * Load one or more certificates and add them to the chained list
1541  */
1542 int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
1543 {
1544  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1545  size_t n;
1546  unsigned char *buf;
1547 
1548  if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
1549  return ret;
1550  }
1551 
1552  ret = mbedtls_x509_crt_parse(chain, buf, n);
1553 
1554  mbedtls_platform_zeroize(buf, n);
1555  mbedtls_free(buf);
1556 
1557  return ret;
1558 }
1559 
1560 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
1561 {
1562  int ret = 0;
1563 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1564  int w_ret;
1565  WCHAR szDir[MAX_PATH];
1566  char filename[MAX_PATH];
1567  char *p;
1568  size_t len = strlen(path);
1569 
1570  WIN32_FIND_DATAW file_data;
1571  HANDLE hFind;
1572 
1573  if (len > MAX_PATH - 3) {
1574  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1575  }
1576 
1577  memset(szDir, 0, sizeof(szDir));
1578  memset(filename, 0, MAX_PATH);
1579  memcpy(filename, path, len);
1580  filename[len++] = '\\';
1581  p = filename + len;
1582  filename[len++] = '*';
1583 
1584  w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
1585  MAX_PATH - 3);
1586  if (w_ret == 0) {
1587  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1588  }
1589 
1590  hFind = FindFirstFileW(szDir, &file_data);
1591  if (hFind == INVALID_HANDLE_VALUE) {
1592  return MBEDTLS_ERR_X509_FILE_IO_ERROR;
1593  }
1594 
1595  len = MAX_PATH - len;
1596  do {
1597  memset(p, 0, len);
1598 
1599  if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
1600  continue;
1601  }
1602 
1603  w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName,
1604  -1,
1605  p, (int) len,
1606  NULL, NULL);
1607  if (w_ret == 0) {
1608  ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1609  goto cleanup;
1610  }
1611 
1612  w_ret = mbedtls_x509_crt_parse_file(chain, filename);
1613  if (w_ret < 0) {
1614  ret++;
1615  } else {
1616  ret += w_ret;
1617  }
1618  } while (FindNextFileW(hFind, &file_data) != 0);
1619 
1620  if (GetLastError() != ERROR_NO_MORE_FILES) {
1621  ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1622  }
1623 
1624 cleanup:
1625  FindClose(hFind);
1626 #else /* _WIN32 */
1627  int t_ret;
1628  int snp_ret;
1629  struct stat sb;
1630  struct dirent *entry;
1631  char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
1632  DIR *dir = opendir(path);
1633 
1634  if (dir == NULL) {
1635  return MBEDTLS_ERR_X509_FILE_IO_ERROR;
1636  }
1637 
1638 #if defined(MBEDTLS_THREADING_C)
1639  if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) {
1640  closedir(dir);
1641  return ret;
1642  }
1643 #endif /* MBEDTLS_THREADING_C */
1644 
1645  memset(&sb, 0, sizeof(sb));
1646 
1647  while ((entry = readdir(dir)) != NULL) {
1648  snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name),
1649  "%s/%s", path, entry->d_name);
1650 
1651  if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) {
1652  ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
1653  goto cleanup;
1654  } else if (stat(entry_name, &sb) == -1) {
1655  if (errno == ENOENT) {
1656  /* Broken symbolic link - ignore this entry.
1657  stat(2) will return this error for either (a) a dangling
1658  symlink or (b) a missing file.
1659  Given that we have just obtained the filename from readdir,
1660  assume that it does exist and therefore treat this as a
1661  dangling symlink. */
1662  continue;
1663  } else {
1664  /* Some other file error; report the error. */
1665  ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1666  goto cleanup;
1667  }
1668  }
1669 
1670  if (!S_ISREG(sb.st_mode)) {
1671  continue;
1672  }
1673 
1674  // Ignore parse errors
1675  //
1676  t_ret = mbedtls_x509_crt_parse_file(chain, entry_name);
1677  if (t_ret < 0) {
1678  ret++;
1679  } else {
1680  ret += t_ret;
1681  }
1682  }
1683 
1684 cleanup:
1685  closedir(dir);
1686 
1687 #if defined(MBEDTLS_THREADING_C)
1688  if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) {
1689  ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
1690  }
1691 #endif /* MBEDTLS_THREADING_C */
1692 
1693 #endif /* _WIN32 */
1694 
1695  return ret;
1696 }
1697 #endif /* MBEDTLS_FS_IO */
1698 
1699 /*
1700  * OtherName ::= SEQUENCE {
1701  * type-id OBJECT IDENTIFIER,
1702  * value [0] EXPLICIT ANY DEFINED BY type-id }
1703  *
1704  * HardwareModuleName ::= SEQUENCE {
1705  * hwType OBJECT IDENTIFIER,
1706  * hwSerialNum OCTET STRING }
1707  *
1708  * NOTE: we currently only parse and use otherName of type HwModuleName,
1709  * as defined in RFC 4108.
1710  */
1711 static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
1712  mbedtls_x509_san_other_name *other_name)
1713 {
1714  int ret = 0;
1715  size_t len;
1716  unsigned char *p = subject_alt_name->p;
1717  const unsigned char *end = p + subject_alt_name->len;
1718  mbedtls_x509_buf cur_oid;
1719 
1720  if ((subject_alt_name->tag &
1721  (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) !=
1722  (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) {
1723  /*
1724  * The given subject alternative name is not of type "othername".
1725  */
1726  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1727  }
1728 
1729  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1730  MBEDTLS_ASN1_OID)) != 0) {
1731  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
1732  }
1733 
1734  cur_oid.tag = MBEDTLS_ASN1_OID;
1735  cur_oid.p = p;
1736  cur_oid.len = len;
1737 
1738  /*
1739  * Only HwModuleName is currently supported.
1740  */
1741  if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
1742  return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
1743  }
1744 
1745  p += len;
1746  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1747  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) !=
1748  0) {
1749  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
1750  }
1751 
1752  if (end != p + len) {
1753  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
1754  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1755  }
1756 
1757  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1758  MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1759  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
1760  }
1761 
1762  if (end != p + len) {
1763  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
1764  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1765  }
1766 
1767  if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) {
1768  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
1769  }
1770 
1771  other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID;
1772  other_name->value.hardware_module_name.oid.p = p;
1773  other_name->value.hardware_module_name.oid.len = len;
1774 
1775  p += len;
1776  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1777  MBEDTLS_ASN1_OCTET_STRING)) != 0) {
1778  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
1779  }
1780 
1781  other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
1782  other_name->value.hardware_module_name.val.p = p;
1783  other_name->value.hardware_module_name.val.len = len;
1784  p += len;
1785  if (p != end) {
1786  return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
1787  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1788  }
1789  return 0;
1790 }
1791 
1792 static int x509_info_subject_alt_name(char **buf, size_t *size,
1793  const mbedtls_x509_sequence
1794  *subject_alt_name,
1795  const char *prefix)
1796 {
1797  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1798  size_t i;
1799  size_t n = *size;
1800  char *p = *buf;
1801  const mbedtls_x509_sequence *cur = subject_alt_name;
1802  mbedtls_x509_subject_alternative_name san;
1803  int parse_ret;
1804 
1805  while (cur != NULL) {
1806  memset(&san, 0, sizeof(san));
1807  parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san);
1808  if (parse_ret != 0) {
1809  if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
1810  ret = mbedtls_snprintf(p, n, "\n%s <unsupported>", prefix);
1811  MBEDTLS_X509_SAFE_SNPRINTF;
1812  } else {
1813  ret = mbedtls_snprintf(p, n, "\n%s <malformed>", prefix);
1814  MBEDTLS_X509_SAFE_SNPRINTF;
1815  }
1816  cur = cur->next;
1817  continue;
1818  }
1819 
1820  switch (san.type) {
1821  /*
1822  * otherName
1823  */
1824  case MBEDTLS_X509_SAN_OTHER_NAME:
1825  {
1826  mbedtls_x509_san_other_name *other_name = &san.san.other_name;
1827 
1828  ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix);
1829  MBEDTLS_X509_SAFE_SNPRINTF;
1830 
1831  if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
1832  &other_name->value.hardware_module_name.oid) != 0) {
1833  ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
1834  MBEDTLS_X509_SAFE_SNPRINTF;
1835  ret =
1836  mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix);
1837  MBEDTLS_X509_SAFE_SNPRINTF;
1838 
1839  ret = mbedtls_oid_get_numeric_string(p,
1840  n,
1841  &other_name->value.hardware_module_name.oid);
1842  MBEDTLS_X509_SAFE_SNPRINTF;
1843 
1844  ret =
1845  mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix);
1846  MBEDTLS_X509_SAFE_SNPRINTF;
1847 
1848  for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) {
1849  ret = mbedtls_snprintf(p,
1850  n,
1851  "%02X",
1852  other_name->value.hardware_module_name.val.p[i]);
1853  MBEDTLS_X509_SAFE_SNPRINTF;
1854  }
1855  }/* MBEDTLS_OID_ON_HW_MODULE_NAME */
1856  }
1857  break;
1858 
1859  /*
1860  * dNSName
1861  */
1862  case MBEDTLS_X509_SAN_DNS_NAME:
1863  {
1864  ret = mbedtls_snprintf(p, n, "\n%s dNSName : ", prefix);
1865  MBEDTLS_X509_SAFE_SNPRINTF;
1866  if (san.san.unstructured_name.len >= n) {
1867  *p = '\0';
1868  return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
1869  }
1870 
1871  memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len);
1872  p += san.san.unstructured_name.len;
1873  n -= san.san.unstructured_name.len;
1874  }
1875  break;
1876 
1877  /*
1878  * Type not supported, skip item.
1879  */
1880  default:
1881  ret = mbedtls_snprintf(p, n, "\n%s <unsupported>", prefix);
1882  MBEDTLS_X509_SAFE_SNPRINTF;
1883  break;
1884  }
1885 
1886  cur = cur->next;
1887  }
1888 
1889  *p = '\0';
1890 
1891  *size = n;
1892  *buf = p;
1893 
1894  return 0;
1895 }
1896 
1897 int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
1898  mbedtls_x509_subject_alternative_name *san)
1899 {
1900  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1901  switch (san_buf->tag &
1902  (MBEDTLS_ASN1_TAG_CLASS_MASK |
1903  MBEDTLS_ASN1_TAG_VALUE_MASK)) {
1904  /*
1905  * otherName
1906  */
1907  case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME):
1908  {
1909  mbedtls_x509_san_other_name other_name;
1910 
1911  ret = x509_get_other_name(san_buf, &other_name);
1912  if (ret != 0) {
1913  return ret;
1914  }
1915 
1916  memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
1917  san->type = MBEDTLS_X509_SAN_OTHER_NAME;
1918  memcpy(&san->san.other_name,
1919  &other_name, sizeof(other_name));
1920 
1921  }
1922  break;
1923 
1924  /*
1925  * dNSName
1926  */
1927  case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME):
1928  {
1929  memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
1930  san->type = MBEDTLS_X509_SAN_DNS_NAME;
1931 
1932  memcpy(&san->san.unstructured_name,
1933  san_buf, sizeof(*san_buf));
1934 
1935  }
1936  break;
1937 
1938  /*
1939  * Type not supported
1940  */
1941  default:
1942  return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
1943  }
1944  return 0;
1945 }
1946 
1947 #define PRINT_ITEM(i) \
1948  { \
1949  ret = mbedtls_snprintf(p, n, "%s" i, sep); \
1950  MBEDTLS_X509_SAFE_SNPRINTF; \
1951  sep = ", "; \
1952  }
1953 
1954 #define CERT_TYPE(type, name) \
1955  if (ns_cert_type & (type)) \
1956  PRINT_ITEM(name);
1957 
1958 static int x509_info_cert_type(char **buf, size_t *size,
1959  unsigned char ns_cert_type)
1960 {
1961  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1962  size_t n = *size;
1963  char *p = *buf;
1964  const char *sep = "";
1965 
1966  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client");
1967  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server");
1968  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email");
1969  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing");
1970  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved");
1971  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA");
1972  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA");
1973  CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA");
1974 
1975  *size = n;
1976  *buf = p;
1977 
1978  return 0;
1979 }
1980 
1981 #define KEY_USAGE(code, name) \
1982  if (key_usage & (code)) \
1983  PRINT_ITEM(name);
1984 
1985 static int x509_info_key_usage(char **buf, size_t *size,
1986  unsigned int key_usage)
1987 {
1988  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1989  size_t n = *size;
1990  char *p = *buf;
1991  const char *sep = "";
1992 
1993  KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature");
1994  KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation");
1995  KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment");
1996  KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment");
1997  KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement");
1998  KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign");
1999  KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign");
2000  KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only");
2001  KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only");
2002 
2003  *size = n;
2004  *buf = p;
2005 
2006  return 0;
2007 }
2008 
2009 static int x509_info_ext_key_usage(char **buf, size_t *size,
2010  const mbedtls_x509_sequence *extended_key_usage)
2011 {
2012  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2013  const char *desc;
2014  size_t n = *size;
2015  char *p = *buf;
2016  const mbedtls_x509_sequence *cur = extended_key_usage;
2017  const char *sep = "";
2018 
2019  while (cur != NULL) {
2020  if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) {
2021  desc = "???";
2022  }
2023 
2024  ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
2025  MBEDTLS_X509_SAFE_SNPRINTF;
2026 
2027  sep = ", ";
2028 
2029  cur = cur->next;
2030  }
2031 
2032  *size = n;
2033  *buf = p;
2034 
2035  return 0;
2036 }
2037 
2038 static int x509_info_cert_policies(char **buf, size_t *size,
2039  const mbedtls_x509_sequence *certificate_policies)
2040 {
2041  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2042  const char *desc;
2043  size_t n = *size;
2044  char *p = *buf;
2045  const mbedtls_x509_sequence *cur = certificate_policies;
2046  const char *sep = "";
2047 
2048  while (cur != NULL) {
2049  if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) {
2050  desc = "???";
2051  }
2052 
2053  ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
2054  MBEDTLS_X509_SAFE_SNPRINTF;
2055 
2056  sep = ", ";
2057 
2058  cur = cur->next;
2059  }
2060 
2061  *size = n;
2062  *buf = p;
2063 
2064  return 0;
2065 }
2066 
2067 /*
2068  * Return an informational string about the certificate.
2069  */
2070 #define BEFORE_COLON 18
2071 #define BC "18"
2072 int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
2073  const mbedtls_x509_crt *crt)
2074 {
2075  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2076  size_t n;
2077  char *p;
2078  char key_size_str[BEFORE_COLON];
2079 
2080  p = buf;
2081  n = size;
2082 
2083  if (NULL == crt) {
2084  ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n");
2085  MBEDTLS_X509_SAFE_SNPRINTF;
2086 
2087  return (int) (size - n);
2088  }
2089 
2090  ret = mbedtls_snprintf(p, n, "%scert. version : %d\n",
2091  prefix, crt->version);
2092  MBEDTLS_X509_SAFE_SNPRINTF;
2093  ret = mbedtls_snprintf(p, n, "%sserial number : ",
2094  prefix);
2095  MBEDTLS_X509_SAFE_SNPRINTF;
2096 
2097  ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
2098  MBEDTLS_X509_SAFE_SNPRINTF;
2099 
2100  ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
2101  MBEDTLS_X509_SAFE_SNPRINTF;
2102  ret = mbedtls_x509_dn_gets(p, n, &crt->issuer);
2103  MBEDTLS_X509_SAFE_SNPRINTF;
2104 
2105  ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix);
2106  MBEDTLS_X509_SAFE_SNPRINTF;
2107  ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
2108  MBEDTLS_X509_SAFE_SNPRINTF;
2109 
2110  ret = mbedtls_snprintf(p, n, "\n%sissued on : " \
2111  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2112  crt->valid_from.year, crt->valid_from.mon,
2113  crt->valid_from.day, crt->valid_from.hour,
2114  crt->valid_from.min, crt->valid_from.sec);
2115  MBEDTLS_X509_SAFE_SNPRINTF;
2116 
2117  ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \
2118  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2119  crt->valid_to.year, crt->valid_to.mon,
2120  crt->valid_to.day, crt->valid_to.hour,
2121  crt->valid_to.min, crt->valid_to.sec);
2122  MBEDTLS_X509_SAFE_SNPRINTF;
2123 
2124  ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
2125  MBEDTLS_X509_SAFE_SNPRINTF;
2126 
2127  ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk,
2128  crt->sig_md, crt->sig_opts);
2129  MBEDTLS_X509_SAFE_SNPRINTF;
2130 
2131  /* Key size */
2132  if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
2133  mbedtls_pk_get_name(&crt->pk))) != 0) {
2134  return ret;
2135  }
2136 
2137  ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
2138  (int) mbedtls_pk_get_bitlen(&crt->pk));
2139  MBEDTLS_X509_SAFE_SNPRINTF;
2140 
2141  /*
2142  * Optional extensions
2143  */
2144 
2145  if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) {
2146  ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix,
2147  crt->ca_istrue ? "true" : "false");
2148  MBEDTLS_X509_SAFE_SNPRINTF;
2149 
2150  if (crt->max_pathlen > 0) {
2151  ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1);
2152  MBEDTLS_X509_SAFE_SNPRINTF;
2153  }
2154  }
2155 
2156  if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
2157  ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix);
2158  MBEDTLS_X509_SAFE_SNPRINTF;
2159 
2160  if ((ret = x509_info_subject_alt_name(&p, &n,
2161  &crt->subject_alt_names,
2162  prefix)) != 0) {
2163  return ret;
2164  }
2165  }
2166 
2167  if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) {
2168  ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix);
2169  MBEDTLS_X509_SAFE_SNPRINTF;
2170 
2171  if ((ret = x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) {
2172  return ret;
2173  }
2174  }
2175 
2176  if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) {
2177  ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix);
2178  MBEDTLS_X509_SAFE_SNPRINTF;
2179 
2180  if ((ret = x509_info_key_usage(&p, &n, crt->key_usage)) != 0) {
2181  return ret;
2182  }
2183  }
2184 
2185  if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) {
2186  ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix);
2187  MBEDTLS_X509_SAFE_SNPRINTF;
2188 
2189  if ((ret = x509_info_ext_key_usage(&p, &n,
2190  &crt->ext_key_usage)) != 0) {
2191  return ret;
2192  }
2193  }
2194 
2195  if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) {
2196  ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix);
2197  MBEDTLS_X509_SAFE_SNPRINTF;
2198 
2199  if ((ret = x509_info_cert_policies(&p, &n,
2200  &crt->certificate_policies)) != 0) {
2201  return ret;
2202  }
2203  }
2204 
2205  ret = mbedtls_snprintf(p, n, "\n");
2206  MBEDTLS_X509_SAFE_SNPRINTF;
2207 
2208  return (int) (size - n);
2209 }
2210 
2211 struct x509_crt_verify_string {
2212  int code;
2213  const char *string;
2214 };
2215 
2216 static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
2217  { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
2218  { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
2219  { MBEDTLS_X509_BADCERT_CN_MISMATCH,
2220  "The certificate Common Name (CN) does not match with the expected CN" },
2221  { MBEDTLS_X509_BADCERT_NOT_TRUSTED,
2222  "The certificate is not correctly signed by the trusted CA" },
2223  { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
2224  { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
2225  { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
2226  { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
2227  { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
2228  { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
2229  { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
2230  { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
2231  { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
2232  { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
2233  { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." },
2234  { MBEDTLS_X509_BADCERT_BAD_PK,
2235  "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
2236  { MBEDTLS_X509_BADCERT_BAD_KEY,
2237  "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
2238  { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." },
2239  { MBEDTLS_X509_BADCRL_BAD_PK,
2240  "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
2241  { MBEDTLS_X509_BADCRL_BAD_KEY,
2242  "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
2243  { 0, NULL }
2244 };
2245 
2246 int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
2247  uint32_t flags)
2248 {
2249  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2250  const struct x509_crt_verify_string *cur;
2251  char *p = buf;
2252  size_t n = size;
2253 
2254  for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) {
2255  if ((flags & cur->code) == 0) {
2256  continue;
2257  }
2258 
2259  ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string);
2260  MBEDTLS_X509_SAFE_SNPRINTF;
2261  flags ^= cur->code;
2262  }
2263 
2264  if (flags != 0) {
2265  ret = mbedtls_snprintf(p, n, "%sUnknown reason "
2266  "(this should not happen)\n", prefix);
2267  MBEDTLS_X509_SAFE_SNPRINTF;
2268  }
2269 
2270  return (int) (size - n);
2271 }
2272 
2273 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
2274 int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
2275  unsigned int usage)
2276 {
2277  unsigned int usage_must, usage_may;
2278  unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
2279  | MBEDTLS_X509_KU_DECIPHER_ONLY;
2280 
2281  if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) {
2282  return 0;
2283  }
2284 
2285  usage_must = usage & ~may_mask;
2286 
2287  if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) {
2288  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
2289  }
2290 
2291  usage_may = usage & may_mask;
2292 
2293  if (((crt->key_usage & may_mask) | usage_may) != usage_may) {
2294  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
2295  }
2296 
2297  return 0;
2298 }
2299 #endif
2300 
2301 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
2302 int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
2303  const char *usage_oid,
2304  size_t usage_len)
2305 {
2306  const mbedtls_x509_sequence *cur;
2307 
2308  /* Extension is not mandatory, absent means no restriction */
2309  if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) {
2310  return 0;
2311  }
2312 
2313  /*
2314  * Look for the requested usage (or wildcard ANY) in our list
2315  */
2316  for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) {
2317  const mbedtls_x509_buf *cur_oid = &cur->buf;
2318 
2319  if (cur_oid->len == usage_len &&
2320  memcmp(cur_oid->p, usage_oid, usage_len) == 0) {
2321  return 0;
2322  }
2323 
2324  if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) {
2325  return 0;
2326  }
2327  }
2328 
2329  return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
2330 }
2331 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
2332 
2333 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2334 /*
2335  * Return 1 if the certificate is revoked, or 0 otherwise.
2336  */
2337 int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
2338 {
2339  const mbedtls_x509_crl_entry *cur = &crl->entry;
2340 
2341  while (cur != NULL && cur->serial.len != 0) {
2342  if (crt->serial.len == cur->serial.len &&
2343  memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) {
2344  return 1;
2345  }
2346 
2347  cur = cur->next;
2348  }
2349 
2350  return 0;
2351 }
2352 
2353 /*
2354  * Check that the given certificate is not revoked according to the CRL.
2355  * Skip validation if no CRL for the given CA is present.
2356  */
2357 static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
2358  mbedtls_x509_crl *crl_list,
2359  const mbedtls_x509_crt_profile *profile)
2360 {
2361  int flags = 0;
2362  unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2363  const mbedtls_md_info_t *md_info;
2364 
2365  if (ca == NULL) {
2366  return flags;
2367  }
2368 
2369  while (crl_list != NULL) {
2370  if (crl_list->version == 0 ||
2371  x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) {
2372  crl_list = crl_list->next;
2373  continue;
2374  }
2375 
2376  /*
2377  * Check if the CA is configured to sign CRLs
2378  */
2379 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
2380  if (mbedtls_x509_crt_check_key_usage(ca,
2381  MBEDTLS_X509_KU_CRL_SIGN) != 0) {
2382  flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
2383  break;
2384  }
2385 #endif
2386 
2387  /*
2388  * Check if CRL is correctly signed by the trusted CA
2389  */
2390  if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) {
2391  flags |= MBEDTLS_X509_BADCRL_BAD_MD;
2392  }
2393 
2394  if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) {
2395  flags |= MBEDTLS_X509_BADCRL_BAD_PK;
2396  }
2397 
2398  md_info = mbedtls_md_info_from_type(crl_list->sig_md);
2399  if (mbedtls_md(md_info, crl_list->tbs.p, crl_list->tbs.len, hash) != 0) {
2400  /* Note: this can't happen except after an internal error */
2401  flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
2402  break;
2403  }
2404 
2405  if (x509_profile_check_key(profile, &ca->pk) != 0) {
2406  flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2407  }
2408 
2409  if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
2410  crl_list->sig_md, hash, mbedtls_md_get_size(md_info),
2411  crl_list->sig.p, crl_list->sig.len) != 0) {
2412  flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
2413  break;
2414  }
2415 
2416  /*
2417  * Check for validity of CRL (Do not drop out)
2418  */
2419  if (mbedtls_x509_time_is_past(&crl_list->next_update)) {
2420  flags |= MBEDTLS_X509_BADCRL_EXPIRED;
2421  }
2422 
2423  if (mbedtls_x509_time_is_future(&crl_list->this_update)) {
2424  flags |= MBEDTLS_X509_BADCRL_FUTURE;
2425  }
2426 
2427  /*
2428  * Check if certificate is revoked
2429  */
2430  if (mbedtls_x509_crt_is_revoked(crt, crl_list)) {
2431  flags |= MBEDTLS_X509_BADCERT_REVOKED;
2432  break;
2433  }
2434 
2435  crl_list = crl_list->next;
2436  }
2437 
2438  return flags;
2439 }
2440 #endif /* MBEDTLS_X509_CRL_PARSE_C */
2441 
2442 /*
2443  * Check the signature of a certificate by its parent
2444  */
2445 static int x509_crt_check_signature(const mbedtls_x509_crt *child,
2446  mbedtls_x509_crt *parent,
2447  mbedtls_x509_crt_restart_ctx *rs_ctx)
2448 {
2449  unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2450  size_t hash_len;
2451 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
2452  const mbedtls_md_info_t *md_info;
2453  md_info = mbedtls_md_info_from_type(child->sig_md);
2454  hash_len = mbedtls_md_get_size(md_info);
2455 
2456  /* Note: hash errors can happen only after an internal error */
2457  if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) {
2458  return -1;
2459  }
2460 #else
2461  psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
2462  psa_algorithm_t hash_alg = mbedtls_psa_translate_md(child->sig_md);
2463 
2464  if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) {
2465  return -1;
2466  }
2467 
2468  if (psa_hash_update(&hash_operation, child->tbs.p, child->tbs.len)
2469  != PSA_SUCCESS) {
2470  return -1;
2471  }
2472 
2473  if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len)
2474  != PSA_SUCCESS) {
2475  return -1;
2476  }
2477 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2478  /* Skip expensive computation on obvious mismatch */
2479  if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
2480  return -1;
2481  }
2482 
2483 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2484  if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) {
2485  return mbedtls_pk_verify_restartable(&parent->pk,
2486  child->sig_md, hash, hash_len,
2487  child->sig.p, child->sig.len, &rs_ctx->pk);
2488  }
2489 #else
2490  (void) rs_ctx;
2491 #endif
2492 
2493  return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk,
2494  child->sig_md, hash, hash_len,
2495  child->sig.p, child->sig.len);
2496 }
2497 
2498 /*
2499  * Check if 'parent' is a suitable parent (signing CA) for 'child'.
2500  * Return 0 if yes, -1 if not.
2501  *
2502  * top means parent is a locally-trusted certificate
2503  */
2504 static int x509_crt_check_parent(const mbedtls_x509_crt *child,
2505  const mbedtls_x509_crt *parent,
2506  int top)
2507 {
2508  int need_ca_bit;
2509 
2510  /* Parent must be the issuer */
2511  if (x509_name_cmp(&child->issuer, &parent->subject) != 0) {
2512  return -1;
2513  }
2514 
2515  /* Parent must have the basicConstraints CA bit set as a general rule */
2516  need_ca_bit = 1;
2517 
2518  /* Exception: v1/v2 certificates that are locally trusted. */
2519  if (top && parent->version < 3) {
2520  need_ca_bit = 0;
2521  }
2522 
2523  if (need_ca_bit && !parent->ca_istrue) {
2524  return -1;
2525  }
2526 
2527 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
2528  if (need_ca_bit &&
2529  mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) {
2530  return -1;
2531  }
2532 #endif
2533 
2534  return 0;
2535 }
2536 
2537 /*
2538  * Find a suitable parent for child in candidates, or return NULL.
2539  *
2540  * Here suitable is defined as:
2541  * 1. subject name matches child's issuer
2542  * 2. if necessary, the CA bit is set and key usage allows signing certs
2543  * 3. for trusted roots, the signature is correct
2544  * (for intermediates, the signature is checked and the result reported)
2545  * 4. pathlen constraints are satisfied
2546  *
2547  * If there's a suitable candidate which is also time-valid, return the first
2548  * such. Otherwise, return the first suitable candidate (or NULL if there is
2549  * none).
2550  *
2551  * The rationale for this rule is that someone could have a list of trusted
2552  * roots with two versions on the same root with different validity periods.
2553  * (At least one user reported having such a list and wanted it to just work.)
2554  * The reason we don't just require time-validity is that generally there is
2555  * only one version, and if it's expired we want the flags to state that
2556  * rather than NOT_TRUSTED, as would be the case if we required it here.
2557  *
2558  * The rationale for rule 3 (signature for trusted roots) is that users might
2559  * have two versions of the same CA with different keys in their list, and the
2560  * way we select the correct one is by checking the signature (as we don't
2561  * rely on key identifier extensions). (This is one way users might choose to
2562  * handle key rollover, another relies on self-issued certs, see [SIRO].)
2563  *
2564  * Arguments:
2565  * - [in] child: certificate for which we're looking for a parent
2566  * - [in] candidates: chained list of potential parents
2567  * - [out] r_parent: parent found (or NULL)
2568  * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
2569  * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
2570  * of the chain, 0 otherwise
2571  * - [in] path_cnt: number of intermediates seen so far
2572  * - [in] self_cnt: number of self-signed intermediates seen so far
2573  * (will never be greater than path_cnt)
2574  * - [in-out] rs_ctx: context for restarting operations
2575  *
2576  * Return value:
2577  * - 0 on success
2578  * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2579  */
2580 static int x509_crt_find_parent_in(
2581  mbedtls_x509_crt *child,
2582  mbedtls_x509_crt *candidates,
2583  mbedtls_x509_crt **r_parent,
2584  int *r_signature_is_good,
2585  int top,
2586  unsigned path_cnt,
2587  unsigned self_cnt,
2588  mbedtls_x509_crt_restart_ctx *rs_ctx)
2589 {
2590  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2591  mbedtls_x509_crt *parent, *fallback_parent;
2592  int signature_is_good = 0, fallback_signature_is_good;
2593 
2594 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2595  /* did we have something in progress? */
2596  if (rs_ctx != NULL && rs_ctx->parent != NULL) {
2597  /* restore saved state */
2598  parent = rs_ctx->parent;
2599  fallback_parent = rs_ctx->fallback_parent;
2600  fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
2601 
2602  /* clear saved state */
2603  rs_ctx->parent = NULL;
2604  rs_ctx->fallback_parent = NULL;
2605  rs_ctx->fallback_signature_is_good = 0;
2606 
2607  /* resume where we left */
2608  goto check_signature;
2609  }
2610 #endif
2611 
2612  fallback_parent = NULL;
2613  fallback_signature_is_good = 0;
2614 
2615  for (parent = candidates; parent != NULL; parent = parent->next) {
2616  /* basic parenting skills (name, CA bit, key usage) */
2617  if (x509_crt_check_parent(child, parent, top) != 0) {
2618  continue;
2619  }
2620 
2621  /* +1 because stored max_pathlen is 1 higher that the actual value */
2622  if (parent->max_pathlen > 0 &&
2623  (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) {
2624  continue;
2625  }
2626 
2627  /* Signature */
2628 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2629 check_signature:
2630 #endif
2631  ret = x509_crt_check_signature(child, parent, rs_ctx);
2632 
2633 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2634  if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2635  /* save state */
2636  rs_ctx->parent = parent;
2637  rs_ctx->fallback_parent = fallback_parent;
2638  rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
2639 
2640  return ret;
2641  }
2642 #else
2643  (void) ret;
2644 #endif
2645 
2646  signature_is_good = ret == 0;
2647  if (top && !signature_is_good) {
2648  continue;
2649  }
2650 
2651  /* optional time check */
2652  if (mbedtls_x509_time_is_past(&parent->valid_to) ||
2653  mbedtls_x509_time_is_future(&parent->valid_from)) {
2654  if (fallback_parent == NULL) {
2655  fallback_parent = parent;
2656  fallback_signature_is_good = signature_is_good;
2657  }
2658 
2659  continue;
2660  }
2661 
2662  *r_parent = parent;
2663  *r_signature_is_good = signature_is_good;
2664 
2665  break;
2666  }
2667 
2668  if (parent == NULL) {
2669  *r_parent = fallback_parent;
2670  *r_signature_is_good = fallback_signature_is_good;
2671  }
2672 
2673  return 0;
2674 }
2675 
2676 /*
2677  * Find a parent in trusted CAs or the provided chain, or return NULL.
2678  *
2679  * Searches in trusted CAs first, and return the first suitable parent found
2680  * (see find_parent_in() for definition of suitable).
2681  *
2682  * Arguments:
2683  * - [in] child: certificate for which we're looking for a parent, followed
2684  * by a chain of possible intermediates
2685  * - [in] trust_ca: list of locally trusted certificates
2686  * - [out] parent: parent found (or NULL)
2687  * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
2688  * - [out] signature_is_good: 1 if child signature by parent is valid, or 0
2689  * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
2690  * - [in] self_cnt: number of self-signed certs in the chain so far
2691  * (will always be no greater than path_cnt)
2692  * - [in-out] rs_ctx: context for restarting operations
2693  *
2694  * Return value:
2695  * - 0 on success
2696  * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2697  */
2698 static int x509_crt_find_parent(
2699  mbedtls_x509_crt *child,
2700  mbedtls_x509_crt *trust_ca,
2701  mbedtls_x509_crt **parent,
2702  int *parent_is_trusted,
2703  int *signature_is_good,
2704  unsigned path_cnt,
2705  unsigned self_cnt,
2706  mbedtls_x509_crt_restart_ctx *rs_ctx)
2707 {
2708  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2709  mbedtls_x509_crt *search_list;
2710 
2711  *parent_is_trusted = 1;
2712 
2713 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2714  /* restore then clear saved state if we have some stored */
2715  if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) {
2716  *parent_is_trusted = rs_ctx->parent_is_trusted;
2717  rs_ctx->parent_is_trusted = -1;
2718  }
2719 #endif
2720 
2721  while (1) {
2722  search_list = *parent_is_trusted ? trust_ca : child->next;
2723 
2724  ret = x509_crt_find_parent_in(child, search_list,
2725  parent, signature_is_good,
2726  *parent_is_trusted,
2727  path_cnt, self_cnt, rs_ctx);
2728 
2729 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2730  if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2731  /* save state */
2732  rs_ctx->parent_is_trusted = *parent_is_trusted;
2733  return ret;
2734  }
2735 #else
2736  (void) ret;
2737 #endif
2738 
2739  /* stop here if found or already in second iteration */
2740  if (*parent != NULL || *parent_is_trusted == 0) {
2741  break;
2742  }
2743 
2744  /* prepare second iteration */
2745  *parent_is_trusted = 0;
2746  }
2747 
2748  /* extra precaution against mistakes in the caller */
2749  if (*parent == NULL) {
2750  *parent_is_trusted = 0;
2751  *signature_is_good = 0;
2752  }
2753 
2754  return 0;
2755 }
2756 
2757 /*
2758  * Check if an end-entity certificate is locally trusted
2759  *
2760  * Currently we require such certificates to be self-signed (actually only
2761  * check for self-issued as self-signatures are not checked)
2762  */
2763 static int x509_crt_check_ee_locally_trusted(
2764  mbedtls_x509_crt *crt,
2765  mbedtls_x509_crt *trust_ca)
2766 {
2767  mbedtls_x509_crt *cur;
2768 
2769  /* must be self-issued */
2770  if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) {
2771  return -1;
2772  }
2773 
2774  /* look for an exact match with trusted cert */
2775  for (cur = trust_ca; cur != NULL; cur = cur->next) {
2776  if (crt->raw.len == cur->raw.len &&
2777  memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) {
2778  return 0;
2779  }
2780  }
2781 
2782  /* too bad */
2783  return -1;
2784 }
2785 
2786 /*
2787  * Build and verify a certificate chain
2788  *
2789  * Given a peer-provided list of certificates EE, C1, ..., Cn and
2790  * a list of trusted certs R1, ... Rp, try to build and verify a chain
2791  * EE, Ci1, ... Ciq [, Rj]
2792  * such that every cert in the chain is a child of the next one,
2793  * jumping to a trusted root as early as possible.
2794  *
2795  * Verify that chain and return it with flags for all issues found.
2796  *
2797  * Special cases:
2798  * - EE == Rj -> return a one-element list containing it
2799  * - EE, Ci1, ..., Ciq cannot be continued with a trusted root
2800  * -> return that chain with NOT_TRUSTED set on Ciq
2801  *
2802  * Tests for (aspects of) this function should include at least:
2803  * - trusted EE
2804  * - EE -> trusted root
2805  * - EE -> intermediate CA -> trusted root
2806  * - if relevant: EE untrusted
2807  * - if relevant: EE -> intermediate, untrusted
2808  * with the aspect under test checked at each relevant level (EE, int, root).
2809  * For some aspects longer chains are required, but usually length 2 is
2810  * enough (but length 1 is not in general).
2811  *
2812  * Arguments:
2813  * - [in] crt: the cert list EE, C1, ..., Cn
2814  * - [in] trust_ca: the trusted list R1, ..., Rp
2815  * - [in] ca_crl, profile: as in verify_with_profile()
2816  * - [out] ver_chain: the built and verified chain
2817  * Only valid when return value is 0, may contain garbage otherwise!
2818  * Restart note: need not be the same when calling again to resume.
2819  * - [in-out] rs_ctx: context for restarting operations
2820  *
2821  * Return value:
2822  * - non-zero if the chain could not be fully built and examined
2823  * - 0 is the chain was successfully built and examined,
2824  * even if it was found to be invalid
2825  */
2826 static int x509_crt_verify_chain(
2827  mbedtls_x509_crt *crt,
2828  mbedtls_x509_crt *trust_ca,
2829  mbedtls_x509_crl *ca_crl,
2830  mbedtls_x509_crt_ca_cb_t f_ca_cb,
2831  void *p_ca_cb,
2832  const mbedtls_x509_crt_profile *profile,
2833  mbedtls_x509_crt_verify_chain *ver_chain,
2834  mbedtls_x509_crt_restart_ctx *rs_ctx)
2835 {
2836  /* Don't initialize any of those variables here, so that the compiler can
2837  * catch potential issues with jumping ahead when restarting */
2838  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2839  uint32_t *flags;
2840  mbedtls_x509_crt_verify_chain_item *cur;
2841  mbedtls_x509_crt *child;
2842  mbedtls_x509_crt *parent;
2843  int parent_is_trusted;
2844  int child_is_trusted;
2845  int signature_is_good;
2846  unsigned self_cnt;
2847  mbedtls_x509_crt *cur_trust_ca = NULL;
2848 
2849 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2850  /* resume if we had an operation in progress */
2851  if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) {
2852  /* restore saved state */
2853  *ver_chain = rs_ctx->ver_chain; /* struct copy */
2854  self_cnt = rs_ctx->self_cnt;
2855 
2856  /* restore derived state */
2857  cur = &ver_chain->items[ver_chain->len - 1];
2858  child = cur->crt;
2859  flags = &cur->flags;
2860 
2861  goto find_parent;
2862  }
2863 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
2864 
2865  child = crt;
2866  self_cnt = 0;
2867  parent_is_trusted = 0;
2868  child_is_trusted = 0;
2869 
2870  while (1) {
2871  /* Add certificate to the verification chain */
2872  cur = &ver_chain->items[ver_chain->len];
2873  cur->crt = child;
2874  cur->flags = 0;
2875  ver_chain->len++;
2876  flags = &cur->flags;
2877 
2878  /* Check time-validity (all certificates) */
2879  if (mbedtls_x509_time_is_past(&child->valid_to)) {
2880  *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
2881  }
2882 
2883  if (mbedtls_x509_time_is_future(&child->valid_from)) {
2884  *flags |= MBEDTLS_X509_BADCERT_FUTURE;
2885  }
2886 
2887  /* Stop here for trusted roots (but not for trusted EE certs) */
2888  if (child_is_trusted) {
2889  return 0;
2890  }
2891 
2892  /* Check signature algorithm: MD & PK algs */
2893  if (x509_profile_check_md_alg(profile, child->sig_md) != 0) {
2894  *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
2895  }
2896 
2897  if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) {
2898  *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
2899  }
2900 
2901  /* Special case: EE certs that are locally trusted */
2902  if (ver_chain->len == 1 &&
2903  x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) {
2904  return 0;
2905  }
2906 
2907 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2908 find_parent:
2909 #endif
2910 
2911  /* Obtain list of potential trusted signers from CA callback,
2912  * or use statically provided list. */
2913 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
2914  if (f_ca_cb != NULL) {
2915  mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result);
2916  mbedtls_free(ver_chain->trust_ca_cb_result);
2917  ver_chain->trust_ca_cb_result = NULL;
2918 
2919  ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result);
2920  if (ret != 0) {
2921  return MBEDTLS_ERR_X509_FATAL_ERROR;
2922  }
2923 
2924  cur_trust_ca = ver_chain->trust_ca_cb_result;
2925  } else
2926 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
2927  {
2928  ((void) f_ca_cb);
2929  ((void) p_ca_cb);
2930  cur_trust_ca = trust_ca;
2931  }
2932 
2933  /* Look for a parent in trusted CAs or up the chain */
2934  ret = x509_crt_find_parent(child, cur_trust_ca, &parent,
2935  &parent_is_trusted, &signature_is_good,
2936  ver_chain->len - 1, self_cnt, rs_ctx);
2937 
2938 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2939  if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2940  /* save state */
2941  rs_ctx->in_progress = x509_crt_rs_find_parent;
2942  rs_ctx->self_cnt = self_cnt;
2943  rs_ctx->ver_chain = *ver_chain; /* struct copy */
2944 
2945  return ret;
2946  }
2947 #else
2948  (void) ret;
2949 #endif
2950 
2951  /* No parent? We're done here */
2952  if (parent == NULL) {
2953  *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2954  return 0;
2955  }
2956 
2957  /* Count intermediate self-issued (not necessarily self-signed) certs.
2958  * These can occur with some strategies for key rollover, see [SIRO],
2959  * and should be excluded from max_pathlen checks. */
2960  if (ver_chain->len != 1 &&
2961  x509_name_cmp(&child->issuer, &child->subject) == 0) {
2962  self_cnt++;
2963  }
2964 
2965  /* path_cnt is 0 for the first intermediate CA,
2966  * and if parent is trusted it's not an intermediate CA */
2967  if (!parent_is_trusted &&
2968  ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) {
2969  /* return immediately to avoid overflow the chain array */
2970  return MBEDTLS_ERR_X509_FATAL_ERROR;
2971  }
2972 
2973  /* signature was checked while searching parent */
2974  if (!signature_is_good) {
2975  *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2976  }
2977 
2978  /* check size of signing key */
2979  if (x509_profile_check_key(profile, &parent->pk) != 0) {
2980  *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2981  }
2982 
2983 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2984  /* Check trusted CA's CRL for the given crt */
2985  *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile);
2986 #else
2987  (void) ca_crl;
2988 #endif
2989 
2990  /* prepare for next iteration */
2991  child = parent;
2992  parent = NULL;
2993  child_is_trusted = parent_is_trusted;
2994  signature_is_good = 0;
2995  }
2996 }
2997 
2998 /*
2999  * Check for CN match
3000  */
3001 static int x509_crt_check_cn(const mbedtls_x509_buf *name,
3002  const char *cn, size_t cn_len)
3003 {
3004  /* try exact match */
3005  if (name->len == cn_len &&
3006  x509_memcasecmp(cn, name->p, cn_len) == 0) {
3007  return 0;
3008  }
3009 
3010  /* try wildcard match */
3011  if (x509_check_wildcard(cn, name) == 0) {
3012  return 0;
3013  }
3014 
3015  return -1;
3016 }
3017 
3018 /*
3019  * Check for SAN match, see RFC 5280 Section 4.2.1.6
3020  */
3021 static int x509_crt_check_san(const mbedtls_x509_buf *name,
3022  const char *cn, size_t cn_len)
3023 {
3024  const unsigned char san_type = (unsigned char) name->tag &
3025  MBEDTLS_ASN1_TAG_VALUE_MASK;
3026 
3027  /* dNSName */
3028  if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
3029  return x509_crt_check_cn(name, cn, cn_len);
3030  }
3031 
3032  /* (We may handle other types here later.) */
3033 
3034  /* Unrecognized type */
3035  return -1;
3036 }
3037 
3038 /*
3039  * Verify the requested CN - only call this if cn is not NULL!
3040  */
3041 static void x509_crt_verify_name(const mbedtls_x509_crt *crt,
3042  const char *cn,
3043  uint32_t *flags)
3044 {
3045  const mbedtls_x509_name *name;
3046  const mbedtls_x509_sequence *cur;
3047  size_t cn_len = strlen(cn);
3048 
3049  if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
3050  for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
3051  if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
3052  break;
3053  }
3054  }
3055 
3056  if (cur == NULL) {
3057  *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
3058  }
3059  } else {
3060  for (name = &crt->subject; name != NULL; name = name->next) {
3061  if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
3062  x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
3063  break;
3064  }
3065  }
3066 
3067  if (name == NULL) {
3068  *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
3069  }
3070  }
3071 }
3072 
3073 /*
3074  * Merge the flags for all certs in the chain, after calling callback
3075  */
3076 static int x509_crt_merge_flags_with_cb(
3077  uint32_t *flags,
3078  const mbedtls_x509_crt_verify_chain *ver_chain,
3079  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3080  void *p_vrfy)
3081 {
3082  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
3083  unsigned i;
3084  uint32_t cur_flags;
3085  const mbedtls_x509_crt_verify_chain_item *cur;
3086 
3087  for (i = ver_chain->len; i != 0; --i) {
3088  cur = &ver_chain->items[i-1];
3089  cur_flags = cur->flags;
3090 
3091  if (NULL != f_vrfy) {
3092  if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) {
3093  return ret;
3094  }
3095  }
3096 
3097  *flags |= cur_flags;
3098  }
3099 
3100  return 0;
3101 }
3102 
3103 /*
3104  * Verify the certificate validity, with profile, restartable version
3105  *
3106  * This function:
3107  * - checks the requested CN (if any)
3108  * - checks the type and size of the EE cert's key,
3109  * as that isn't done as part of chain building/verification currently
3110  * - builds and verifies the chain
3111  * - then calls the callback and merges the flags
3112  *
3113  * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb`
3114  * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the
3115  * verification routine to search for trusted signers, and CRLs will
3116  * be disabled. Otherwise, `trust_ca` will be used as the static list
3117  * of trusted signers, and `ca_crl` will be use as the static list
3118  * of CRLs.
3119  */
3120 static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
3121  mbedtls_x509_crt *trust_ca,
3122  mbedtls_x509_crl *ca_crl,
3123  mbedtls_x509_crt_ca_cb_t f_ca_cb,
3124  void *p_ca_cb,
3125  const mbedtls_x509_crt_profile *profile,
3126  const char *cn, uint32_t *flags,
3127  int (*f_vrfy)(void *,
3128  mbedtls_x509_crt *,
3129  int,
3130  uint32_t *),
3131  void *p_vrfy,
3132  mbedtls_x509_crt_restart_ctx *rs_ctx)
3133 {
3134  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
3135  mbedtls_pk_type_t pk_type;
3136  mbedtls_x509_crt_verify_chain ver_chain;
3137  uint32_t ee_flags;
3138 
3139  *flags = 0;
3140  ee_flags = 0;
3141  x509_crt_verify_chain_reset(&ver_chain);
3142 
3143  if (profile == NULL) {
3144  ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
3145  goto exit;
3146  }
3147 
3148  /* check name if requested */
3149  if (cn != NULL) {
3150  x509_crt_verify_name(crt, cn, &ee_flags);
3151  }
3152 
3153  /* Check the type and size of the key */
3154  pk_type = mbedtls_pk_get_type(&crt->pk);
3155 
3156  if (x509_profile_check_pk_alg(profile, pk_type) != 0) {
3157  ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
3158  }
3159 
3160  if (x509_profile_check_key(profile, &crt->pk) != 0) {
3161  ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
3162  }
3163 
3164  /* Check the chain */
3165  ret = x509_crt_verify_chain(crt, trust_ca, ca_crl,
3166  f_ca_cb, p_ca_cb, profile,
3167  &ver_chain, rs_ctx);
3168 
3169  if (ret != 0) {
3170  goto exit;
3171  }
3172 
3173  /* Merge end-entity flags */
3174  ver_chain.items[0].flags |= ee_flags;
3175 
3176  /* Build final flags, calling callback on the way if any */
3177  ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy);
3178 
3179 exit:
3180 
3181 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
3182  mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result);
3183  mbedtls_free(ver_chain.trust_ca_cb_result);
3184  ver_chain.trust_ca_cb_result = NULL;
3185 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
3186 
3187 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
3188  if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
3189  mbedtls_x509_crt_restart_free(rs_ctx);
3190  }
3191 #endif
3192 
3193  /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
3194  * the SSL module for authmode optional, but non-zero return from the
3195  * callback means a fatal error so it shouldn't be ignored */
3196  if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
3197  ret = MBEDTLS_ERR_X509_FATAL_ERROR;
3198  }
3199 
3200  if (ret != 0) {
3201  *flags = (uint32_t) -1;
3202  return ret;
3203  }
3204 
3205  if (*flags != 0) {
3206  return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
3207  }
3208 
3209  return 0;
3210 }
3211 
3212 
3213 /*
3214  * Verify the certificate validity (default profile, not restartable)
3215  */
3216 int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
3217  mbedtls_x509_crt *trust_ca,
3218  mbedtls_x509_crl *ca_crl,
3219  const char *cn, uint32_t *flags,
3220  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3221  void *p_vrfy)
3222 {
3223  return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3224  NULL, NULL,
3225  &mbedtls_x509_crt_profile_default,
3226  cn, flags,
3227  f_vrfy, p_vrfy, NULL);
3228 }
3229 
3230 /*
3231  * Verify the certificate validity (user-chosen profile, not restartable)
3232  */
3233 int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt,
3234  mbedtls_x509_crt *trust_ca,
3235  mbedtls_x509_crl *ca_crl,
3236  const mbedtls_x509_crt_profile *profile,
3237  const char *cn, uint32_t *flags,
3238  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3239  void *p_vrfy)
3240 {
3241  return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3242  NULL, NULL,
3243  profile, cn, flags,
3244  f_vrfy, p_vrfy, NULL);
3245 }
3246 
3247 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
3248 /*
3249  * Verify the certificate validity (user-chosen profile, CA callback,
3250  * not restartable).
3251  */
3252 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
3253  mbedtls_x509_crt_ca_cb_t f_ca_cb,
3254  void *p_ca_cb,
3255  const mbedtls_x509_crt_profile *profile,
3256  const char *cn, uint32_t *flags,
3257  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3258  void *p_vrfy)
3259 {
3260  return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL,
3261  f_ca_cb, p_ca_cb,
3262  profile, cn, flags,
3263  f_vrfy, p_vrfy, NULL);
3264 }
3265 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
3266 
3267 int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt,
3268  mbedtls_x509_crt *trust_ca,
3269  mbedtls_x509_crl *ca_crl,
3270  const mbedtls_x509_crt_profile *profile,
3271  const char *cn, uint32_t *flags,
3272  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3273  void *p_vrfy,
3274  mbedtls_x509_crt_restart_ctx *rs_ctx)
3275 {
3276  return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3277  NULL, NULL,
3278  profile, cn, flags,
3279  f_vrfy, p_vrfy, rs_ctx);
3280 }
3281 
3282 
3283 /*
3284  * Initialize a certificate chain
3285  */
3286 void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
3287 {
3288  memset(crt, 0, sizeof(mbedtls_x509_crt));
3289 }
3290 
3291 /*
3292  * Unallocate all certificate data
3293  */
3294 void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
3295 {
3296  mbedtls_x509_crt *cert_cur = crt;
3297  mbedtls_x509_crt *cert_prv;
3298  mbedtls_x509_name *name_cur;
3299  mbedtls_x509_name *name_prv;
3300  mbedtls_x509_sequence *seq_cur;
3301  mbedtls_x509_sequence *seq_prv;
3302 
3303  if (crt == NULL) {
3304  return;
3305  }
3306 
3307  do {
3308  mbedtls_pk_free(&cert_cur->pk);
3309 
3310 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
3311  mbedtls_free(cert_cur->sig_opts);
3312 #endif
3313 
3314  name_cur = cert_cur->issuer.next;
3315  while (name_cur != NULL) {
3316  name_prv = name_cur;
3317  name_cur = name_cur->next;
3318  mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
3319  mbedtls_free(name_prv);
3320  }
3321 
3322  name_cur = cert_cur->subject.next;
3323  while (name_cur != NULL) {
3324  name_prv = name_cur;
3325  name_cur = name_cur->next;
3326  mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
3327  mbedtls_free(name_prv);
3328  }
3329 
3330  seq_cur = cert_cur->ext_key_usage.next;
3331  while (seq_cur != NULL) {
3332  seq_prv = seq_cur;
3333  seq_cur = seq_cur->next;
3334  mbedtls_platform_zeroize(seq_prv,
3335  sizeof(mbedtls_x509_sequence));
3336  mbedtls_free(seq_prv);
3337  }
3338 
3339  seq_cur = cert_cur->subject_alt_names.next;
3340  while (seq_cur != NULL) {
3341  seq_prv = seq_cur;
3342  seq_cur = seq_cur->next;
3343  mbedtls_platform_zeroize(seq_prv,
3344  sizeof(mbedtls_x509_sequence));
3345  mbedtls_free(seq_prv);
3346  }
3347 
3348  seq_cur = cert_cur->certificate_policies.next;
3349  while (seq_cur != NULL) {
3350  seq_prv = seq_cur;
3351  seq_cur = seq_cur->next;
3352  mbedtls_platform_zeroize(seq_prv,
3353  sizeof(mbedtls_x509_sequence));
3354  mbedtls_free(seq_prv);
3355  }
3356 
3357  if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
3358  mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len);
3359  mbedtls_free(cert_cur->raw.p);
3360  }
3361 
3362  cert_cur = cert_cur->next;
3363  } while (cert_cur != NULL);
3364 
3365  cert_cur = crt;
3366  do {
3367  cert_prv = cert_cur;
3368  cert_cur = cert_cur->next;
3369 
3370  mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt));
3371  if (cert_prv != crt) {
3372  mbedtls_free(cert_prv);
3373  }
3374  } while (cert_cur != NULL);
3375 }
3376 
3377 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
3378 /*
3379  * Initialize a restart context
3380  */
3381 void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx)
3382 {
3383  mbedtls_pk_restart_init(&ctx->pk);
3384 
3385  ctx->parent = NULL;
3386  ctx->fallback_parent = NULL;
3387  ctx->fallback_signature_is_good = 0;
3388 
3389  ctx->parent_is_trusted = -1;
3390 
3391  ctx->in_progress = x509_crt_rs_none;
3392  ctx->self_cnt = 0;
3393  x509_crt_verify_chain_reset(&ctx->ver_chain);
3394 }
3395 
3396 /*
3397  * Free the components of a restart context
3398  */
3399 void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
3400 {
3401  if (ctx == NULL) {
3402  return;
3403  }
3404 
3405  mbedtls_pk_restart_free(&ctx->pk);
3406  mbedtls_x509_crt_restart_init(ctx);
3407 }
3408 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
3409 
3410 #endif /* MBEDTLS_X509_CRT_PARSE_C */
usage
const char * usage
Definition: agp_renumber.cpp:44
crypto.h
Platform Security Architecture cryptography module.
cleanup
static void cleanup(void)
Definition: ct_dynamic.c:30
flags
static uch flags
Definition: ct_nlmzip_trees.cpp:342
ctx
CS_CONTEXT * ctx
Definition: t0006.c:12
prev
static DLIST_TYPE *DLIST_NAME() prev(DLIST_LIST_TYPE *list, DLIST_TYPE *item)
Definition: dlist.tmpl.h:61
MBEDTLS_ERR_ECP_IN_PROGRESS
#define MBEDTLS_ERR_ECP_IN_PROGRESS
Operation in progress, call again with the same parameters to continue.
Definition: ecp.h:70
mbedtls_ecp_group_id
mbedtls_ecp_group_id
Domain-parameter identifiers: curve, subgroup, and generator.
Definition: ecp.h:120
MBEDTLS_ECP_DP_SECP384R1
@ MBEDTLS_ECP_DP_SECP384R1
Definition: ecp.h:125
MBEDTLS_ECP_DP_NONE
@ MBEDTLS_ECP_DP_NONE
Definition: ecp.h:121
MBEDTLS_ECP_DP_SECP256K1
@ MBEDTLS_ECP_DP_SECP256K1
Definition: ecp.h:133
MBEDTLS_ECP_DP_BP512R1
@ MBEDTLS_ECP_DP_BP512R1
Definition: ecp.h:129
MBEDTLS_ECP_DP_SECP521R1
@ MBEDTLS_ECP_DP_SECP521R1
Definition: ecp.h:126
MBEDTLS_ECP_DP_BP384R1
@ MBEDTLS_ECP_DP_BP384R1
Definition: ecp.h:128
MBEDTLS_ECP_DP_BP256R1
@ MBEDTLS_ECP_DP_BP256R1
Definition: ecp.h:127
MBEDTLS_ECP_DP_SECP256R1
@ MBEDTLS_ECP_DP_SECP256R1
Definition: ecp.h:124
NULL
#define NULL
Definition: ncbistd.hpp:225
MBEDTLS_ASN1_TAG_CLASS_MASK
#define MBEDTLS_ASN1_TAG_CLASS_MASK
Definition: asn1.h:120
MBEDTLS_ASN1_OCTET_STRING
#define MBEDTLS_ASN1_OCTET_STRING
Definition: asn1.h:80
MBEDTLS_OID_CMP
#define MBEDTLS_OID_CMP(oid_str, oid_buf)
Compares an mbedtls_asn1_buf structure to a reference OID.
Definition: asn1.h:135
MBEDTLS_ERR_ASN1_INVALID_LENGTH
#define MBEDTLS_ERR_ASN1_INVALID_LENGTH
Error when trying to determine the length or invalid length.
Definition: asn1.h:54
MBEDTLS_ASN1_PRINTABLE_STRING
#define MBEDTLS_ASN1_PRINTABLE_STRING
Definition: asn1.h:87
MBEDTLS_ASN1_SEQUENCE
#define MBEDTLS_ASN1_SEQUENCE
Definition: asn1.h:85
mbedtls_asn1_get_int
int mbedtls_asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
mbedtls_asn1_get_sequence_of
int mbedtls_asn1_get_sequence_of(unsigned char **p, const unsigned char *end, mbedtls_asn1_sequence *cur, int tag)
Parses and splits an ASN.1 "SEQUENCE OF <tag>".
MBEDTLS_ASN1_CONTEXT_SPECIFIC
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC
Definition: asn1.h:96
MBEDTLS_ASN1_CONSTRUCTED
#define MBEDTLS_ASN1_CONSTRUCTED
Definition: asn1.h:95
MBEDTLS_ASN1_TAG_VALUE_MASK
#define MBEDTLS_ASN1_TAG_VALUE_MASK
Definition: asn1.h:122
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:52
MBEDTLS_ERR_ASN1_ALLOC_FAILED
#define MBEDTLS_ERR_ASN1_ALLOC_FAILED
Memory allocation failed.
Definition: asn1.h:60
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:56
mbedtls_asn1_get_len
int mbedtls_asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
MBEDTLS_ASN1_OID
#define MBEDTLS_ASN1_OID
Definition: asn1.h:82
mbedtls_asn1_get_bitstring
int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end, mbedtls_asn1_bitstring *bs)
Retrieve a bitstring ASN.1 tag and its value.
mbedtls_asn1_get_tag
int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the element.
mbedtls_asn1_get_bool
int mbedtls_asn1_get_bool(unsigned char **p, const unsigned char *end, int *val)
Retrieve a boolean ASN.1 tag and its value.
MBEDTLS_ASN1_UTF8_STRING
#define MBEDTLS_ASN1_UTF8_STRING
Definition: asn1.h:84
hash_len
@ hash_len
Definition: sec_negotiate_gnutls.h:208
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
A value for an invalid file handle.
Definition: mdb.c:389
HANDLE
#define HANDLE
An abstraction for a file handle.
Definition: mdb.c:383
psa_algorithm_t
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:137
PSA_SUCCESS
#define PSA_SUCCESS
The action was completed successfully.
Definition: crypto_values.h:68
psa_hash_finish
psa_status_t psa_hash_finish(psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length)
Finish the calculation of the hash of a message.
psa_hash_update
psa_status_t psa_hash_update(psa_hash_operation_t *operation, const uint8_t *input, size_t input_length)
Add a message fragment to a multipart hash operation.
PSA_HASH_OPERATION_INIT
#define PSA_HASH_OPERATION_INIT
This macro returns a suitable initializer for a hash operation object of type psa_hash_operation_t.
Definition: crypto_struct.h:94
psa_hash_setup
psa_status_t psa_hash_setup(psa_hash_operation_t *operation, psa_algorithm_t alg)
Set up a multipart hash operation.
int
unsigned int
A callback function used to compare two keys in a database.
Definition: types.hpp:1210
mbedtls_x509_time_is_past
int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
Check a given mbedtls_x509_time against the system time and tell if it's in the past.
MBEDTLS_X509_BADCERT_NOT_TRUSTED
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED
The certificate is not correctly signed by the trusted CA.
Definition: x509.h:109
mbedtls_x509_time_is_future
int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
Check a given mbedtls_x509_time against the system time and tell if it's in the future.
MBEDTLS_X509_BADCRL_BAD_PK
#define MBEDTLS_X509_BADCRL_BAD_PK
The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).
Definition: x509.h:124
MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
Definition: x509.h:60
MBEDTLS_X509_BADCERT_SKIP_VERIFY
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY
Certificate verification was skipped.
Definition: x509.h:113
MBEDTLS_X509_BADCERT_KEY_USAGE
#define MBEDTLS_X509_BADCERT_KEY_USAGE
Usage does not match the keyUsage extension.
Definition: x509.h:117
mbedtls_x509_crt_restart_ctx
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:251
MBEDTLS_X509_BADCERT_BAD_MD
#define MBEDTLS_X509_BADCERT_BAD_MD
The certificate is signed with an unacceptable hash.
Definition: x509.h:120
MBEDTLS_ERR_X509_INVALID_FORMAT
#define MBEDTLS_ERR_X509_INVALID_FORMAT
The CRT/CRL/CSR format is invalid, e.g.
Definition: x509.h:64
MBEDTLS_X509_MAX_FILE_PATH_LEN
#define MBEDTLS_X509_MAX_FILE_PATH_LEN
Definition: x509_crt.h:172
MBEDTLS_ERR_X509_FATAL_ERROR
#define MBEDTLS_ERR_X509_FATAL_ERROR
A fatal error occurred, eg the chain is too long or the vrfy callback failed.
Definition: x509.h:98
MBEDTLS_ERR_X509_INVALID_VERSION
#define MBEDTLS_ERR_X509_INVALID_VERSION
The CRT/CRL/CSR version element is invalid.
Definition: x509.h:66
MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Max size of verification chain: end-entity + intermediates + trusted root.
Definition: x509_crt.h:203
mbedtls_x509_dn_gets
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written.
MBEDTLS_X509_BADCERT_EXPIRED
#define MBEDTLS_X509_BADCERT_EXPIRED
The certificate validity has expired.
Definition: x509.h:106
MBEDTLS_X509_BADCERT_CN_MISMATCH
#define MBEDTLS_X509_BADCERT_CN_MISMATCH
The certificate Common Name (CN) does not match with the expected CN.
Definition: x509.h:108
MBEDTLS_X509_BADCERT_OTHER
#define MBEDTLS_X509_BADCERT_OTHER
Other reason (can be used by verify callback)
Definition: x509.h:114
MBEDTLS_X509_BADCERT_MISSING
#define MBEDTLS_X509_BADCERT_MISSING
Certificate was missing.
Definition: x509.h:112
MBEDTLS_X509_BADCERT_BAD_PK
#define MBEDTLS_X509_BADCERT_BAD_PK
The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).
Definition: x509.h:121
MBEDTLS_ERR_X509_INVALID_EXTENSIONS
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition: x509.h:78
MBEDTLS_X509_BADCERT_NS_CERT_TYPE
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE
Usage does not match the nsCertType extension.
Definition: x509.h:119
MBEDTLS_ERR_X509_UNKNOWN_VERSION
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION
CRT/CRL/CSR has an unsupported version number.
Definition: x509.h:80
MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
Destination buffer is too small.
Definition: x509.h:96
MBEDTLS_X509_MAX_INTERMEDIATE_CA
#define MBEDTLS_X509_MAX_INTERMEDIATE_CA
Maximum number of intermediate CAs in a verification chain.
Definition: x509.h:52
MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
Certificate verification failed, e.g.
Definition: x509.h:86
MBEDTLS_X509_BADCRL_BAD_KEY
#define MBEDTLS_X509_BADCRL_BAD_KEY
The CRL is signed with an unacceptable key (eg bad curve, RSA too short).
Definition: x509.h:125
MBEDTLS_ERR_X509_INVALID_DATE
#define MBEDTLS_ERR_X509_INVALID_DATE
The date tag or value is invalid.
Definition: x509.h:74
MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
Usage does not match the extendedKeyUsage extension.
Definition: x509.h:118
MBEDTLS_ERR_X509_SIG_MISMATCH
#define MBEDTLS_ERR_X509_SIG_MISMATCH
Signature algorithms do not match.
Definition: x509.h:84
MBEDTLS_X509_BADCERT_FUTURE
#define MBEDTLS_X509_BADCERT_FUTURE
The certificate validity starts in the future.
Definition: x509.h:115
MBEDTLS_ERR_X509_ALLOC_FAILED
#define MBEDTLS_ERR_X509_ALLOC_FAILED
Allocation of memory failed.
Definition: x509.h:92
MBEDTLS_X509_BADCRL_NOT_TRUSTED
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED
The CRL is not correctly signed by the trusted CA.
Definition: x509.h:110
MBEDTLS_X509_BADCRL_BAD_MD
#define MBEDTLS_X509_BADCRL_BAD_MD
The CRL is signed with an unacceptable hash.
Definition: x509.h:123
MBEDTLS_ERR_X509_FILE_IO_ERROR
#define MBEDTLS_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
Definition: x509.h:94
MBEDTLS_X509_BADCRL_FUTURE
#define MBEDTLS_X509_BADCRL_FUTURE
The CRL is from the future.
Definition: x509.h:116
MBEDTLS_X509_BADCERT_REVOKED
#define MBEDTLS_X509_BADCERT_REVOKED
The certificate has been revoked (is on a CRL).
Definition: x509.h:107
MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
Format not recognized as DER or PEM.
Definition: x509.h:88
MBEDTLS_X509_BADCRL_EXPIRED
#define MBEDTLS_X509_BADCRL_EXPIRED
The CRL is expired.
Definition: x509.h:111
MBEDTLS_X509_ID_FLAG
#define MBEDTLS_X509_ID_FLAG(id)
Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE,...
Definition: x509_crt.h:147
MBEDTLS_ERR_X509_BAD_INPUT_DATA
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA
Input invalid.
Definition: x509.h:90
MBEDTLS_X509_BADCERT_BAD_KEY
#define MBEDTLS_X509_BADCERT_BAD_KEY
The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
Definition: x509.h:122
mbedtls_x509_serial_gets
int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
exit
exit(2)
buf
char * buf
Definition: lex.newick.cpp:1452
i
int i
Definition: lex.newick.cpp:1456
if
if(yy_accept[yy_current_state])
Definition: lex.newick.cpp:1081
n
yy_size_t n
Definition: lex.newick.cpp:1455
len
int len
Definition: lex.newick.cpp:1450
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:62
MBEDTLS_MD_SHA512
@ MBEDTLS_MD_SHA512
The SHA-512 message digest.
Definition: md.h:71
MBEDTLS_MD_SHA384
@ MBEDTLS_MD_SHA384
The SHA-384 message digest.
Definition: md.h:70
MBEDTLS_MD_NONE
@ MBEDTLS_MD_NONE
None.
Definition: md.h:63
MBEDTLS_MD_SHA256
@ MBEDTLS_MD_SHA256
The SHA-256 message digest.
Definition: md.h:69
MBEDTLS_MD_SHA224
@ MBEDTLS_MD_SHA224
The SHA-224 message digest.
Definition: md.h:68
mbedtls_md
MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the message-digest of a buffer, with respect to a configurable message-diges...
mbedtls_md_info_from_type
const mbedtls_md_info_t * mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
This function returns the message-digest information associated with the given digest type.
MBEDTLS_MD_MAX_SIZE
#define MBEDTLS_MD_MAX_SIZE
Definition: md.h:78
mbedtls_md_get_size
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
ncbi::grid::netcache::search::fields::size
const struct ncbi::grid::netcache::search::fields::SIZE size
a
unsigned int a
Definition: ncbi_localip.c:102
mbedtls_pem_read_buffer
#define mbedtls_pem_read_buffer
Definition: ncbicxx_rename_mbedtls.h:1115
mbedtls_x509_crt_parse_der
#define mbedtls_x509_crt_parse_der
Definition: ncbicxx_rename_mbedtls.h:2203
mbedtls_x509_crt_parse_der_nocopy
#define mbedtls_x509_crt_parse_der_nocopy
Definition: ncbicxx_rename_mbedtls.h:2205
mbedtls_x509_crt_profile_default
#define mbedtls_x509_crt_profile_default
Definition: ncbicxx_rename_mbedtls.h:2213
mbedtls_x509_crt_parse_der_with_ext_cb
#define mbedtls_x509_crt_parse_der_with_ext_cb
Definition: ncbicxx_rename_mbedtls.h:2207
mbedtls_x509_parse_subject_alt_name
#define mbedtls_x509_parse_subject_alt_name
Definition: ncbicxx_rename_mbedtls.h:2227
mbedtls_x509_crt_parse_file
#define mbedtls_x509_crt_parse_file
Definition: ncbicxx_rename_mbedtls.h:2209
mbedtls_x509_crt_is_revoked
#define mbedtls_x509_crt_is_revoked
Definition: ncbicxx_rename_mbedtls.h:2199
mbedtls_pem_init
#define mbedtls_pem_init
Definition: ncbicxx_rename_mbedtls.h:1113
mbedtls_x509_crt_profile_next
#define mbedtls_x509_crt_profile_next
Definition: ncbicxx_rename_mbedtls.h:2215
mbedtls_snprintf
#define mbedtls_snprintf
Definition: ncbicxx_rename_mbedtls.h:1205
mbedtls_pk_load_file
#define mbedtls_pk_load_file
Definition: ncbicxx_rename_mbedtls.h:1175
mbedtls_x509_crt_init
#define mbedtls_x509_crt_init
Definition: ncbicxx_rename_mbedtls.h:2197
mbedtls_x509_crt_check_extended_key_usage
#define mbedtls_x509_crt_check_extended_key_usage
Definition: ncbicxx_rename_mbedtls.h:2189
mbedtls_x509_crt_verify_restartable
#define mbedtls_x509_crt_verify_restartable
Definition: ncbicxx_rename_mbedtls.h:2223
mbedtls_x509_crt_free
#define mbedtls_x509_crt_free
Definition: ncbicxx_rename_mbedtls.h:2193
mbedtls_pem_free
#define mbedtls_pem_free
Definition: ncbicxx_rename_mbedtls.h:1111
mbedtls_pk_parse_subpubkey
#define mbedtls_pk_parse_subpubkey
Definition: ncbicxx_rename_mbedtls.h:1185
mbedtls_x509_crt_profile_suiteb
#define mbedtls_x509_crt_profile_suiteb
Definition: ncbicxx_rename_mbedtls.h:2217
mbedtls_x509_crt_check_key_usage
#define mbedtls_x509_crt_check_key_usage
Definition: ncbicxx_rename_mbedtls.h:2191
mbedtls_x509_crt_verify_info
#define mbedtls_x509_crt_verify_info
Definition: ncbicxx_rename_mbedtls.h:2221
mbedtls_x509_crt_parse
#define mbedtls_x509_crt_parse
Definition: ncbicxx_rename_mbedtls.h:2201
mbedtls_mutex_lock
#define mbedtls_mutex_lock
Definition: ncbicxx_rename_mbedtls.h:2107
mbedtls_x509_crt_info
#define mbedtls_x509_crt_info
Definition: ncbicxx_rename_mbedtls.h:2195
mbedtls_x509_crt_verify
#define mbedtls_x509_crt_verify
Definition: ncbicxx_rename_mbedtls.h:2219
mbedtls_threading_readdir_mutex
#define mbedtls_threading_readdir_mutex
Definition: ncbicxx_rename_mbedtls.h:2113
mbedtls_mutex_unlock
#define mbedtls_mutex_unlock
Definition: ncbicxx_rename_mbedtls.h:2109
mbedtls_x509_crt_parse_path
#define mbedtls_x509_crt_parse_path
Definition: ncbicxx_rename_mbedtls.h:2211
mbedtls_x509_crt_verify_with_profile
#define mbedtls_x509_crt_verify_with_profile
Definition: ncbicxx_rename_mbedtls.h:2225
oid.h
Object Identifier (OID) database.
MBEDTLS_OID_ON_HW_MODULE_NAME
#define MBEDTLS_OID_ON_HW_MODULE_NAME
id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 }
Definition: oid.h:222
MBEDTLS_OID_ANY_POLICY
#define MBEDTLS_OID_ANY_POLICY
anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
Definition: oid.h:178
mbedtls_oid_get_extended_key_usage
int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
Definition: oid.h:204
mbedtls_oid_get_x509_ext_type
int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type)
Translate an X.509 extension OID into local values.
mbedtls_oid_get_certificate_policies
int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc)
Translate certificate policies OID into description.
MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
Definition: oid.h:57
MBEDTLS_OID_AT_CN
#define MBEDTLS_OID_AT_CN
id-at-commonName AttributeType:= {id-at 3}
Definition: oid.h:136
mbedtls_oid_get_numeric_string
int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid)
Translate an ASN.1 OID into its numeric representation (e.g.
prefix
static const char * prefix[]
Definition: pcregrep.c:405
pem.h
Privacy Enhanced Mail (PEM) decoding.
MBEDTLS_ERR_PEM_BAD_INPUT_DATA
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
Definition: pem.h:56
MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:40
mbedtls_pk_get_name
const char * mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
Access the type name.
mbedtls_pk_can_do
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
Tell if a context can do the operation given by type.
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:95
MBEDTLS_PK_NONE
@ MBEDTLS_PK_NONE
Definition: pk.h:96
MBEDTLS_PK_ECDSA
@ MBEDTLS_PK_ECDSA
Definition: pk.h:100
MBEDTLS_PK_RSASSA_PSS
@ MBEDTLS_PK_RSASSA_PSS
Definition: pk.h:102
MBEDTLS_PK_RSA
@ MBEDTLS_PK_RSA
Definition: pk.h:97
MBEDTLS_PK_ECKEY_DH
@ MBEDTLS_PK_ECKEY_DH
Definition: pk.h:99
MBEDTLS_PK_ECKEY
@ MBEDTLS_PK_ECKEY
Definition: pk.h:98
mbedtls_pk_get_bitlen
size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx)
Get the size in bits of the underlying key.
mbedtls_pk_verify_ext
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len)
Verify signature, with options.
mbedtls_pk_verify_restartable
int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx)
Restartable version of mbedtls_pk_verify()
mbedtls_pk_get_type
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
Get the key type.
mbedtls_pk_free
void mbedtls_pk_free(mbedtls_pk_context *ctx)
Free the components of a mbedtls_pk_context.
platform.h
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
mbedtls_free
#define mbedtls_free
Definition: platform.h:168
mbedtls_calloc
#define mbedtls_calloc
Definition: platform.h:169
platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.
mbedtls_platform_zeroize
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
psa_util.h
Utility functions for the use of the PSA Crypto library.
WCHAR
unsigned short WCHAR
Definition: sqltypes.h:105
error.h
Error to string translation.
MBEDTLS_ERROR_ADD
#define MBEDTLS_ERROR_ADD(high, low)
Combines a high-level and low-level error code together.
Definition: error.h:130
MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
This is a bug in the library.
Definition: error.h:122
uint32_t
unsigned int uint32_t
Definition: stdint.h:126
hash
Definition: _hash_fun.h:40
mbedtls_asn1_bitstring
Container for ASN1 bit strings.
Definition: asn1.h:165
mbedtls_asn1_bitstring::len
size_t len
ASN1 length, in octets.
Definition: asn1.h:166
mbedtls_asn1_bitstring::p
unsigned char * p
Raw ASN1 data for the bit string.
Definition: asn1.h:168
mbedtls_asn1_buf
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:155
mbedtls_asn1_buf::len
size_t len
ASN1 length, in octets.
Definition: asn1.h:157
mbedtls_asn1_buf::p
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:158
mbedtls_asn1_buf::tag
int tag
ASN1 type, e.g.
Definition: asn1.h:156
mbedtls_asn1_named_data
Container for a sequence or list of 'named' ASN.1 data items.
Definition: asn1.h:184
mbedtls_asn1_named_data::oid
mbedtls_asn1_buf oid
The object identifier.
Definition: asn1.h:185
mbedtls_asn1_named_data::next
struct mbedtls_asn1_named_data * next
The next entry in the sequence.
Definition: asn1.h:187
mbedtls_asn1_named_data::val
mbedtls_asn1_buf val
The named value.
Definition: asn1.h:186
mbedtls_asn1_sequence
Container for a sequence of ASN.1 items.
Definition: asn1.h:175
mbedtls_asn1_sequence::buf
mbedtls_asn1_buf buf
Buffer containing the given ASN.1 item.
Definition: asn1.h:176
mbedtls_asn1_sequence::next
struct mbedtls_asn1_sequence * next
The next entry in the sequence.
Definition: asn1.h:177
mbedtls_md_info_t
Message digest information.
Definition: md_internal.h:45
mbedtls_pk_context
Public key container.
Definition: pk.h:197
mbedtls_x509_crl_entry
Certificate revocation list entry.
Definition: x509_crl.h:50
mbedtls_x509_crl_entry::serial
mbedtls_x509_buf serial
Definition: x509_crl.h:53
mbedtls_x509_crl_entry::next
struct mbedtls_x509_crl_entry * next
Definition: x509_crl.h:59
mbedtls_x509_crl
Certificate revocation list structure.
Definition: x509_crl.h:67
mbedtls_x509_crl::this_update
mbedtls_x509_time this_update
Definition: x509_crl.h:78
mbedtls_x509_crl::next
struct mbedtls_x509_crl * next
Definition: x509_crl.h:91
mbedtls_x509_crl::sig_md
mbedtls_md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
Definition: x509_crl.h:87
mbedtls_x509_crl::next_update
mbedtls_x509_time next_update
Definition: x509_crl.h:79
mbedtls_x509_crl::entry
mbedtls_x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
Definition: x509_crl.h:81
mbedtls_x509_crl::sig_pk
mbedtls_pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e....
Definition: x509_crl.h:88
mbedtls_x509_crl::sig
mbedtls_x509_buf sig
Definition: x509_crl.h:86
mbedtls_x509_crl::issuer
mbedtls_x509_name issuer
The parsed issuer data (named information object).
Definition: x509_crl.h:76
mbedtls_x509_crl::version
int version
CRL version (1=v1, 2=v2)
Definition: x509_crl.h:71
mbedtls_x509_crl::tbs
mbedtls_x509_buf tbs
The raw certificate body (DER).
Definition: x509_crl.h:69
mbedtls_x509_crl::sig_opts
void * sig_opts
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
Definition: x509_crl.h:89
mbedtls_x509_crt_profile
Security profile for certificate verification.
Definition: x509_crt.h:154
mbedtls_x509_crt_profile::rsa_min_bitlen
uint32_t rsa_min_bitlen
Minimum size for RSA keys.
Definition: x509_crt.h:160
mbedtls_x509_crt_profile::allowed_mds
uint32_t allowed_mds
MDs for signatures.
Definition: x509_crt.h:155
mbedtls_x509_crt_profile::allowed_pks
uint32_t allowed_pks
PK algs for public keys; this applies to all certificates in the provided chain.
Definition: x509_crt.h:156
mbedtls_x509_crt_profile::allowed_curves
uint32_t allowed_curves
Elliptic curves for ECDSA.
Definition: x509_crt.h:159
mbedtls_x509_crt_verify_chain_item
Item in a verification chain: cert and flags for it.
Definition: x509_crt.h:195
mbedtls_x509_crt_verify_chain_item::crt
mbedtls_x509_crt * crt
Definition: x509_crt.h:196
mbedtls_x509_crt_verify_chain_item::flags
uint32_t flags
Definition: x509_crt.h:197
mbedtls_x509_crt_verify_chain
Verification chain as built by mbedtls_crt_verify_chain()
Definition: x509_crt.h:208
mbedtls_x509_crt_verify_chain::len
unsigned len
Definition: x509_crt.h:210
mbedtls_x509_crt_verify_chain::items
mbedtls_x509_crt_verify_chain_item items[(MBEDTLS_X509_MAX_INTERMEDIATE_CA+2)]
Definition: x509_crt.h:209
mbedtls_x509_crt
Container for an X.509 certificate.
Definition: x509_crt.h:52
mbedtls_x509_crt::valid_to
mbedtls_x509_time valid_to
End time of certificate validity.
Definition: x509_crt.h:69
mbedtls_x509_crt::sig_oid
mbedtls_x509_buf sig_oid
Signature algorithm, e.g.
Definition: x509_crt.h:60
mbedtls_x509_crt::ca_istrue
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
Definition: x509_crt.h:82
mbedtls_x509_crt::subject_alt_names
mbedtls_x509_sequence subject_alt_names
Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and Other...
Definition: x509_crt.h:77
mbedtls_x509_crt::key_usage
unsigned int key_usage
Optional key usage extension value: See the values in x509.h.
Definition: x509_crt.h:85
mbedtls_x509_crt::tbs
mbedtls_x509_buf tbs
The raw certificate body (DER).
Definition: x509_crt.h:56
mbedtls_x509_crt::own_buffer
int own_buffer
Indicates if raw is owned by the structure or not.
Definition: x509_crt.h:53
mbedtls_x509_crt::raw
mbedtls_x509_buf raw
The raw certificate data (DER).
Definition: x509_crt.h:55
mbedtls_x509_crt::serial
mbedtls_x509_buf serial
Unique id for certificate issued by a specific CA.
Definition: x509_crt.h:59
mbedtls_x509_crt::sig_md
mbedtls_md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
Definition: x509_crt.h:92
mbedtls_x509_crt::ext_types
int ext_types
Bit string containing detected and parsed extensions.
Definition: x509_crt.h:81
mbedtls_x509_crt::pk
mbedtls_pk_context pk
Container for the public key context.
Definition: x509_crt.h:72
mbedtls_x509_crt::sig_pk
mbedtls_pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e....
Definition: x509_crt.h:93
mbedtls_x509_crt::sig_opts
void * sig_opts
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
Definition: x509_crt.h:94
mbedtls_x509_crt::v3_ext
mbedtls_x509_buf v3_ext
Optional X.509 v3 extensions.
Definition: x509_crt.h:76
mbedtls_x509_crt::issuer_id
mbedtls_x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
Definition: x509_crt.h:74
mbedtls_x509_crt::subject
mbedtls_x509_name subject
The parsed subject data (named information object).
Definition: x509_crt.h:66
mbedtls_x509_crt::certificate_policies
mbedtls_x509_sequence certificate_policies
Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of th...
Definition: x509_crt.h:79
mbedtls_x509_crt::version
int version
The X.509 version.
Definition: x509_crt.h:58
mbedtls_x509_crt::pk_raw
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:71
mbedtls_x509_crt::valid_from
mbedtls_x509_time valid_from
Start time of certificate validity.
Definition: x509_crt.h:68
mbedtls_x509_crt::max_pathlen
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
Definition: x509_crt.h:83
mbedtls_x509_crt::subject_raw
mbedtls_x509_buf subject_raw
The raw subject data (DER).
Definition: x509_crt.h:63
mbedtls_x509_crt::ext_key_usage
mbedtls_x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
Definition: x509_crt.h:87
mbedtls_x509_crt::next
struct mbedtls_x509_crt * next
Next certificate in the CA-chain.
Definition: x509_crt.h:96
mbedtls_x509_crt::subject_id
mbedtls_x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
Definition: x509_crt.h:75
mbedtls_x509_crt::ns_cert_type
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values in x509.h.
Definition: x509_crt.h:89
mbedtls_x509_crt::issuer
mbedtls_x509_name issuer
The parsed issuer data (named information object).
Definition: x509_crt.h:65
mbedtls_x509_crt::sig
mbedtls_x509_buf sig
Signature: hash of the tbs part signed with the private key.
Definition: x509_crt.h:91
mbedtls_x509_crt::issuer_raw
mbedtls_x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509_crt.h:62
mbedtls_x509_san_other_name
From RFC 5280 section 4.2.1.6: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER,...
Definition: x509_crt.h:106
mbedtls_x509_san_other_name::hardware_module_name
struct mbedtls_x509_san_other_name::@947::@948 hardware_module_name
From RFC 4108 section 5: HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER,...
mbedtls_x509_san_other_name::value
union mbedtls_x509_san_other_name::@947 value
mbedtls_x509_subject_alternative_name
A structure for holding the parsed Subject Alternative Name, according to type.
Definition: x509_crt.h:133
mbedtls_x509_subject_alternative_name::other_name
mbedtls_x509_san_other_name other_name
The otherName supported type.
Definition: x509_crt.h:136
mbedtls_x509_subject_alternative_name::unstructured_name
mbedtls_x509_buf unstructured_name
The buffer for the un constructed types.
Definition: x509_crt.h:137
mbedtls_x509_subject_alternative_name::san
union mbedtls_x509_subject_alternative_name::@949 san
A union of the supported SAN types.
mbedtls_x509_subject_alternative_name::type
int type
The SAN type, value of MBEDTLS_X509_SAN_XXX.
Definition: x509_crt.h:134
mbedtls_x509_time
Container for date and time (precision in seconds).
Definition: x509.h:250
mbedtls_x509_time::hour
int hour
Definition: x509.h:252
mbedtls_x509_time::day
int day
Date.
Definition: x509.h:251
mbedtls_x509_time::sec
int sec
Time.
Definition: x509.h:252
mbedtls_x509_time::year
int year
Definition: x509.h:251
mbedtls_x509_time::min
int min
Definition: x509.h:252
mbedtls_x509_time::mon
int mon
Definition: x509.h:251
psa_hash_operation_s
Definition: crypto_struct.h:83
x509_crt_verify_chain_item
Definition: x509_crt.c:79
x509_crt_verify_chain_item::crt
mbedtls_x509_crt * crt
Definition: x509_crt.c:80
x509_crt_verify_chain_item::flags
uint32_t flags
Definition: x509_crt.c:81
x509_crt_verify_string
Definition: x509_crt.c:2211
x509_crt_verify_string::code
int code
Definition: x509_crt.c:2212
x509_crt_verify_string::string
const char * string
Definition: x509_crt.c:2213
threading.h
Threading abstraction layer.
MBEDTLS_ERR_THREADING_MUTEX_ERROR
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR
Locking / unlocking / free failed with error code.
Definition: threading.h:45
MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
Definition: x509.h:174
MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
Definition: x509.h:177
MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
Definition: x509.h:178
MBEDTLS_X509_FORMAT_PEM
#define MBEDTLS_X509_FORMAT_PEM
Definition: x509.h:211
mbedtls_x509_get_name
int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
MBEDTLS_X509_KU_DIGITAL_SIGNATURE
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE
Definition: x509.h:156
MBEDTLS_X509_KU_DECIPHER_ONLY
#define MBEDTLS_X509_KU_DECIPHER_ONLY
Definition: x509.h:164
MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
Definition: x509.h:171
MBEDTLS_X509_NS_CERT_TYPE_EMAIL
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL
Definition: x509.h:173
MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
Definition: x509.h:172
MBEDTLS_X509_KU_KEY_CERT_SIGN
#define MBEDTLS_X509_KU_KEY_CERT_SIGN
Definition: x509.h:161
MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
Definition: x509.h:176
MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
Definition: x509.h:200
MBEDTLS_X509_SAFE_SNPRINTF
#define MBEDTLS_X509_SAFE_SNPRINTF
Definition: x509.h:366
mbedtls_x509_get_sig_alg
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
MBEDTLS_X509_SAN_OTHER_NAME
#define MBEDTLS_X509_SAN_OTHER_NAME
Definition: x509.h:142
MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
Definition: x509.h:197
mbedtls_x509_get_alg
int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
MBEDTLS_X509_KU_CRL_SIGN
#define MBEDTLS_X509_KU_CRL_SIGN
Definition: x509.h:162
MBEDTLS_X509_SAN_DNS_NAME
#define MBEDTLS_X509_SAN_DNS_NAME
Definition: x509.h:144
mbedtls_x509_get_ext
int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
MBEDTLS_X509_KU_NON_REPUDIATION
#define MBEDTLS_X509_KU_NON_REPUDIATION
Definition: x509.h:157
MBEDTLS_X509_EXT_KEY_USAGE
#define MBEDTLS_X509_EXT_KEY_USAGE
Definition: x509.h:191
MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
Definition: x509.h:194
mbedtls_x509_key_size_helper
int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name)
MBEDTLS_X509_KU_KEY_AGREEMENT
#define MBEDTLS_X509_KU_KEY_AGREEMENT
Definition: x509.h:160
MBEDTLS_X509_KU_ENCIPHER_ONLY
#define MBEDTLS_X509_KU_ENCIPHER_ONLY
Definition: x509.h:163
mbedtls_x509_sig_alg_gets
int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts)
mbedtls_x509_get_serial
int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
mbedtls_x509_get_sig
int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
MBEDTLS_X509_FORMAT_DER
#define MBEDTLS_X509_FORMAT_DER
Definition: x509.h:210
MBEDTLS_X509_KU_DATA_ENCIPHERMENT
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT
Definition: x509.h:159
mbedtls_x509_get_time
int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT
Definition: x509.h:158
MBEDTLS_X509_EXT_NS_CERT_TYPE
#define MBEDTLS_X509_EXT_NS_CERT_TYPE
Definition: x509.h:204
MBEDTLS_X509_NS_CERT_TYPE_RESERVED
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED
Definition: x509.h:175
x509_get_key_usage
static int x509_get_key_usage(unsigned char **p, const unsigned char *end, unsigned int *key_usage)
Definition: x509_crt.c:559
BEFORE_COLON
#define BEFORE_COLON
Definition: x509_crt.c:2070
x509_memcasecmp
static int x509_memcasecmp(const void *s1, const void *s2, size_t len)
Definition: x509_crt.c:228
x509_crt_check_parent
static int x509_crt_check_parent(const mbedtls_x509_crt *child, const mbedtls_x509_crt *parent, int top)
Definition: x509_crt.c:2504
x509_get_dates
static int x509_get_dates(unsigned char **p, const unsigned char *end, mbedtls_x509_time *from, mbedtls_x509_time *to)
Definition: x509_crt.c:412
KEY_USAGE
#define KEY_USAGE(code, name)
Definition: x509_crt.c:1981
x509_get_ext_key_usage
static int x509_get_ext_key_usage(unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *ext_key_usage)
Definition: x509_crt.c:590
x509_crt_check_cn
static int x509_crt_check_cn(const mbedtls_x509_buf *name, const char *cn, size_t cn_len)
Definition: x509_crt.c:3001
x509_crt_verify_chain
static int x509_crt_verify_chain(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb, const mbedtls_x509_crt_profile *profile, mbedtls_x509_crt_verify_chain *ver_chain, mbedtls_x509_crt_restart_ctx *rs_ctx)
Definition: x509_crt.c:2826
x509_get_ns_cert_type
static int x509_get_ns_cert_type(unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type)
Definition: x509_crt.c:538
x509_get_uid
static int x509_get_uid(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *uid, int n)
Definition: x509_crt.c:446
x509_string_cmp
static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b)
Definition: x509_crt.c:291
x509_get_version
static int x509_get_version(unsigned char **p, const unsigned char *end, int *ver)
Definition: x509_crt.c:375
x509_crt_check_san
static int x509_crt_check_san(const mbedtls_x509_buf *name, const char *cn, size_t cn_len)
Definition: x509_crt.c:3021
x509_profile_check_pk_alg
static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, mbedtls_pk_type_t pk_alg)
Definition: x509_crt.c:171
x509_info_subject_alt_name
static int x509_info_subject_alt_name(char **buf, size_t *size, const mbedtls_x509_sequence *subject_alt_name, const char *prefix)
Definition: x509_crt.c:1792
x509_crt_verify_chain_reset
static void x509_crt_verify_chain_reset(mbedtls_x509_crt_verify_chain *ver_chain)
Definition: x509_crt.c:355
x509_get_basic_constraints
static int x509_get_basic_constraints(unsigned char **p, const unsigned char *end, int *ca_istrue, int *max_pathlen)
Definition: x509_crt.c:474
mbedtls_x509_crt_parse_der_internal
static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Definition: x509_crt.c:1347
BC
#define BC
Definition: x509_crt.c:2071
x509_info_key_usage
static int x509_info_key_usage(char **buf, size_t *size, unsigned int key_usage)
Definition: x509_crt.c:1985
x509_crt_verify_name
static void x509_crt_verify_name(const mbedtls_x509_crt *crt, const char *cn, uint32_t *flags)
Definition: x509_crt.c:3041
x509_crt_find_parent
static int x509_crt_find_parent(mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crt **parent, int *parent_is_trusted, int *signature_is_good, unsigned path_cnt, unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx)
Definition: x509_crt.c:2698
x509_crt_verify_restartable_ca_cb
static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Definition: x509_crt.c:3120
x509_profile_check_md_alg
static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, mbedtls_md_type_t md_alg)
Definition: x509_crt.c:153
x509_get_subject_alt_name
static int x509_get_subject_alt_name(unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name)
Definition: x509_crt.c:636
x509_check_wildcard
static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name)
Definition: x509_crt.c:256
x509_info_ext_key_usage
static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage)
Definition: x509_crt.c:2009
x509_crt_find_parent_in
static int x509_crt_find_parent_in(mbedtls_x509_crt *child, mbedtls_x509_crt *candidates, mbedtls_x509_crt **r_parent, int *r_signature_is_good, int top, unsigned path_cnt, unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx)
Definition: x509_crt.c:2580
x509_name_cmp
static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b)
Definition: x509_crt.c:319
x509_crt_check_signature
static int x509_crt_check_signature(const mbedtls_x509_crt *child, mbedtls_x509_crt *parent, mbedtls_x509_crt_restart_ctx *rs_ctx)
Definition: x509_crt.c:2445
x509_get_other_name
static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, mbedtls_x509_san_other_name *other_name)
Definition: x509_crt.c:1711
x509_profile_check_key
static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, const mbedtls_pk_context *pk)
Definition: x509_crt.c:189
x509_crt_parse_der_core
static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Definition: x509_crt.c:1101
x509_get_certificate_policies
static int x509_get_certificate_policies(unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *certificate_policies)
Definition: x509_crt.c:778
x509_crt_merge_flags_with_cb
static int x509_crt_merge_flags_with_cb(uint32_t *flags, const mbedtls_x509_crt_verify_chain *ver_chain, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Definition: x509_crt.c:3076
x509_crt_verifycrl
static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, mbedtls_x509_crl *crl_list, const mbedtls_x509_crt_profile *profile)
Definition: x509_crt.c:2357
x509_info_cert_type
static int x509_info_cert_type(char **buf, size_t *size, unsigned char ns_cert_type)
Definition: x509_crt.c:1958
x509_info_cert_policies
static int x509_info_cert_policies(char **buf, size_t *size, const mbedtls_x509_sequence *certificate_policies)
Definition: x509_crt.c:2038
x509_crt_verify_strings
static const struct x509_crt_verify_string x509_crt_verify_strings[]
Definition: x509_crt.c:2216
CERT_TYPE
#define CERT_TYPE(type, name)
Definition: x509_crt.c:1954
x509_get_crt_ext
static int x509_get_crt_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_crt *crt, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Definition: x509_crt.c:902
x509_crt_check_ee_locally_trusted
static int x509_crt_check_ee_locally_trusted(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca)
Definition: x509_crt.c:2763
x509_crt.h
X.509 certificate parsing and writing.
Generated by doxygen 1.9.0
Modified on Sat Dec 02 09:22:38 2023 by modify_doxy.py rev. 669887