NCBI C++ ToolKit
x509_crt.c
Go to the documentation of this file.

Go to the SVN repository for this file.

1 /*
2  * X.509 certificate parsing and verification
3  *
4  * Copyright The Mbed TLS Contributors
5  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 /*
8  * The ITU-T X.509 standard defines a certificate format for PKI.
9  *
10  * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
11  * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
12  * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
13  *
14  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
15  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
16  *
17  * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
18  */
19 
20 #include "common.h"
21 
22 #if defined(MBEDTLS_X509_CRT_PARSE_C)
23 
24 #include "mbedtls/x509_crt.h"
25 #include "x509_internal.h"
26 #include "mbedtls/error.h"
27 #include "mbedtls/oid.h"
28 #include "mbedtls/platform_util.h"
29 
30 #include <string.h>
31 
32 #if defined(MBEDTLS_PEM_PARSE_C)
33 #include "mbedtls/pem.h"
34 #endif
35 
36 #if defined(MBEDTLS_USE_PSA_CRYPTO)
37 #include "psa/crypto.h"
38 #include "psa_util_internal.h"
39 #include "mbedtls/psa_util.h"
40 #endif /* MBEDTLS_USE_PSA_CRYPTO */
41 #include "pk_internal.h"
42 
43 #include "mbedtls/platform.h"
44 
45 #if defined(MBEDTLS_THREADING_C)
46 #include "mbedtls/threading.h"
47 #endif
48 
49 #if defined(MBEDTLS_HAVE_TIME)
50 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
51 #define WIN32_LEAN_AND_MEAN
52 #include <windows.h>
53 #else
54 #include <time.h>
55 #endif
56 #endif
57 
58 #if defined(MBEDTLS_FS_IO)
59 #include <stdio.h>
60 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
61 #include <sys/types.h>
62 #include <sys/stat.h>
63 #if defined(__MBED__)
64 #include <platform/mbed_retarget.h>
65 #else
66 #include <dirent.h>
67 #endif /* __MBED__ */
68 #include <errno.h>
69 #endif /* !_WIN32 || EFIX64 || EFI32 */
70 #endif
71 
72 /*
73  * Item in a verification chain: cert and flags for it
74  */
75 typedef struct {
76  mbedtls_x509_crt *crt;
78 } x509_crt_verify_chain_item;
79 
80 /*
81  * Max size of verification chain: end-entity + intermediates + trusted root
82  */
83 #define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
84 
85 /* Default profile. Do not remove items unless there are serious security
86  * concerns. */
88 {
89  /* Hashes from SHA-256 and above. Note that this selection
90  * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */
94  0xFFFFFFF, /* Any PK alg */
95 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
96  /* Curves at or above 128-bit security level. Note that this selection
97  * should be aligned with ssl_preset_default_curves in ssl_tls.c. */
104  0,
105 #else /* MBEDTLS_PK_HAVE_ECC_KEYS */
106  0,
107 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
108  2048,
109 };
110 
111 /* Next-generation profile. Currently identical to the default, but may
112  * be tightened at any time. */
114 {
115  /* Hashes from SHA-256 and above. */
119  0xFFFFFFF, /* Any PK alg */
120 #if defined(MBEDTLS_ECP_C)
121  /* Curves at or above 128-bit security level. */
129 #else
130  0,
131 #endif
132  2048,
133 };
134 
135 /*
136  * NSA Suite B Profile
137  */
139 {
140  /* Only SHA-256 and 384 */
143  /* Only ECDSA */
146 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
147  /* Only NIST P-256 and P-384 */
150 #else /* MBEDTLS_PK_HAVE_ECC_KEYS */
151  0,
152 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
153  0,
154 };
155 
156 /*
157  * Empty / all-forbidden profile
158  */
160 {
161  0,
162  0,
163  0,
164  (uint32_t) -1,
165 };
166 
167 /*
168  * Check md_alg against profile
169  * Return 0 if md_alg is acceptable for this profile, -1 otherwise
170  */
171 static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile,
172  mbedtls_md_type_t md_alg)
173 {
174  if (md_alg == MBEDTLS_MD_NONE) {
175  return -1;
176  }
177 
178  if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) {
179  return 0;
180  }
181 
182  return -1;
183 }
184 
185 /*
186  * Check pk_alg against profile
187  * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
188  */
189 static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile,
190  mbedtls_pk_type_t pk_alg)
191 {
192  if (pk_alg == MBEDTLS_PK_NONE) {
193  return -1;
194  }
195 
196  if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) {
197  return 0;
198  }
199 
200  return -1;
201 }
202 
203 /*
204  * Check key against profile
205  * Return 0 if pk is acceptable for this profile, -1 otherwise
206  */
207 static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
208  const mbedtls_pk_context *pk)
209 {
210  const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
211 
212 #if defined(MBEDTLS_RSA_C)
213  if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
214  if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
215  return 0;
216  }
217 
218  return -1;
219  }
220 #endif /* MBEDTLS_RSA_C */
221 
222 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
223  if (pk_alg == MBEDTLS_PK_ECDSA ||
224  pk_alg == MBEDTLS_PK_ECKEY ||
225  pk_alg == MBEDTLS_PK_ECKEY_DH) {
226  const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk);
227 
228  if (gid == MBEDTLS_ECP_DP_NONE) {
229  return -1;
230  }
231 
232  if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) {
233  return 0;
234  }
235 
236  return -1;
237  }
238 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
239 
240  return -1;
241 }
242 
243 /*
244  * Like memcmp, but case-insensitive and always returns -1 if different
245  */
246 static int x509_memcasecmp(const void *s1, const void *s2, size_t len)
247 {
248  size_t i;
249  unsigned char diff;
250  const unsigned char *n1 = s1, *n2 = s2;
251 
252  for (i = 0; i < len; i++) {
253  diff = n1[i] ^ n2[i];
254 
255  if (diff == 0) {
256  continue;
257  }
258 
259  if (diff == 32 &&
260  ((n1[i] >= 'a' && n1[i] <= 'z') ||
261  (n1[i] >= 'A' && n1[i] <= 'Z'))) {
262  continue;
263  }
264 
265  return -1;
266  }
267 
268  return 0;
269 }
270 
271 /*
272  * Return 0 if name matches wildcard, -1 otherwise
273  */
274 static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name)
275 {
276  size_t i;
277  size_t cn_idx = 0, cn_len = strlen(cn);
278 
279  /* We can't have a match if there is no wildcard to match */
280  if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') {
281  return -1;
282  }
283 
284  for (i = 0; i < cn_len; ++i) {
285  if (cn[i] == '.') {
286  cn_idx = i;
287  break;
288  }
289  }
290 
291  if (cn_idx == 0) {
292  return -1;
293  }
294 
295  if (cn_len - cn_idx == name->len - 1 &&
296  x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) {
297  return 0;
298  }
299 
300  return -1;
301 }
302 
303 /*
304  * Compare two X.509 strings, case-insensitive, and allowing for some encoding
305  * variations (but not all).
306  *
307  * Return 0 if equal, -1 otherwise.
308  */
309 static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b)
310 {
311  if (a->tag == b->tag &&
312  a->len == b->len &&
313  memcmp(a->p, b->p, b->len) == 0) {
314  return 0;
315  }
316 
317  if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
319  a->len == b->len &&
320  x509_memcasecmp(a->p, b->p, b->len) == 0) {
321  return 0;
322  }
323 
324  return -1;
325 }
326 
327 /*
328  * Compare two X.509 Names (aka rdnSequence).
329  *
330  * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
331  * we sometimes return unequal when the full algorithm would return equal,
332  * but never the other way. (In particular, we don't do Unicode normalisation
333  * or space folding.)
334  *
335  * Return 0 if equal, -1 otherwise.
336  */
337 static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b)
338 {
339  /* Avoid recursion, it might not be optimised by the compiler */
340  while (a != NULL || b != NULL) {
341  if (a == NULL || b == NULL) {
342  return -1;
343  }
344 
345  /* type */
346  if (a->oid.tag != b->oid.tag ||
347  a->oid.len != b->oid.len ||
348  memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) {
349  return -1;
350  }
351 
352  /* value */
353  if (x509_string_cmp(&a->val, &b->val) != 0) {
354  return -1;
355  }
356 
357  /* structure of the list of sets */
358  if (a->next_merged != b->next_merged) {
359  return -1;
360  }
361 
362  a = a->next;
363  b = b->next;
364  }
365 
366  /* a == NULL == b */
367  return 0;
368 }
369 
370 /*
371  * Reset (init or clear) a verify_chain
372  */
373 static void x509_crt_verify_chain_reset(
375 {
376  size_t i;
377 
378  for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) {
379  ver_chain->items[i].crt = NULL;
380  ver_chain->items[i].flags = (uint32_t) -1;
381  }
382 
383  ver_chain->len = 0;
384 
385 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
386  ver_chain->trust_ca_cb_result = NULL;
387 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
388 }
389 
390 /*
391  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
392  */
393 static int x509_get_version(unsigned char **p,
394  const unsigned char *end,
395  int *ver)
396 {
398  size_t len;
399 
400  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
402  0)) != 0) {
403  if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
404  *ver = 0;
405  return 0;
406  }
407 
409  }
410 
411  end = *p + len;
412 
413  if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
415  }
416 
417  if (*p != end) {
420  }
421 
422  return 0;
423 }
424 
425 /*
426  * Validity ::= SEQUENCE {
427  * notBefore Time,
428  * notAfter Time }
429  */
430 static int x509_get_dates(unsigned char **p,
431  const unsigned char *end,
432  mbedtls_x509_time *from,
433  mbedtls_x509_time *to)
434 {
436  size_t len;
437 
438  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
441  }
442 
443  end = *p + len;
444 
445  if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) {
446  return ret;
447  }
448 
449  if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) {
450  return ret;
451  }
452 
453  if (*p != end) {
456  }
457 
458  return 0;
459 }
460 
461 /*
462  * X.509 v2/v3 unique identifier (not parsed)
463  */
464 static int x509_get_uid(unsigned char **p,
465  const unsigned char *end,
466  mbedtls_x509_buf *uid, int n)
467 {
469 
470  if (*p == end) {
471  return 0;
472  }
473 
474  uid->tag = **p;
475 
476  if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len,
478  n)) != 0) {
479  if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
480  return 0;
481  }
482 
484  }
485 
486  uid->p = *p;
487  *p += uid->len;
488 
489  return 0;
490 }
491 
492 static int x509_get_basic_constraints(unsigned char **p,
493  const unsigned char *end,
494  int *ca_istrue,
495  int *max_pathlen)
496 {
498  size_t len;
499 
500  /*
501  * BasicConstraints ::= SEQUENCE {
502  * cA BOOLEAN DEFAULT FALSE,
503  * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
504  */
505  *ca_istrue = 0; /* DEFAULT FALSE */
506  *max_pathlen = 0; /* endless */
507 
508  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
511  }
512 
513  if (*p == end) {
514  return 0;
515  }
516 
517  if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) {
518  if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
519  ret = mbedtls_asn1_get_int(p, end, ca_istrue);
520  }
521 
522  if (ret != 0) {
524  }
525 
526  if (*ca_istrue != 0) {
527  *ca_istrue = 1;
528  }
529  }
530 
531  if (*p == end) {
532  return 0;
533  }
534 
535  if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) {
537  }
538 
539  if (*p != end) {
542  }
543 
544  /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
545  * overflow, which is an undefined behavior. */
546  if (*max_pathlen == INT_MAX) {
549  }
550 
551  (*max_pathlen)++;
552 
553  return 0;
554 }
555 
556 /*
557  * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
558  *
559  * KeyPurposeId ::= OBJECT IDENTIFIER
560  */
561 static int x509_get_ext_key_usage(unsigned char **p,
562  const unsigned char *end,
563  mbedtls_x509_sequence *ext_key_usage)
564 {
566 
567  if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) {
569  }
570 
571  /* Sequence length must be >= 1 */
572  if (ext_key_usage->buf.p == NULL) {
575  }
576 
577  return 0;
578 }
579 
580 /*
581  * SubjectKeyIdentifier ::= KeyIdentifier
582  *
583  * KeyIdentifier ::= OCTET STRING
584  */
585 static int x509_get_subject_key_id(unsigned char **p,
586  const unsigned char *end,
587  mbedtls_x509_buf *subject_key_id)
588 {
590  size_t len = 0u;
591 
592  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
593  MBEDTLS_ASN1_OCTET_STRING)) != 0) {
595  }
596 
597  subject_key_id->len = len;
598  subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING;
599  subject_key_id->p = *p;
600  *p += len;
601 
602  if (*p != end) {
605  }
606 
607  return 0;
608 }
609 
610 /*
611  * AuthorityKeyIdentifier ::= SEQUENCE {
612  * keyIdentifier [0] KeyIdentifier OPTIONAL,
613  * authorityCertIssuer [1] GeneralNames OPTIONAL,
614  * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
615  *
616  * KeyIdentifier ::= OCTET STRING
617  */
618 static int x509_get_authority_key_id(unsigned char **p,
619  unsigned char *end,
620  mbedtls_x509_authority *authority_key_id)
621 {
623  size_t len = 0u;
624 
625  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
628  }
629 
630  if (*p + len != end) {
633  }
634 
635  ret = mbedtls_asn1_get_tag(p, end, &len,
637 
638  /* KeyIdentifier is an OPTIONAL field */
639  if (ret == 0) {
640  authority_key_id->keyIdentifier.len = len;
641  authority_key_id->keyIdentifier.p = *p;
642  /* Setting tag of the keyIdentfier intentionally to 0x04.
643  * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL),
644  * its tag with the content is the payload of on OCTET STRING primitive */
645  authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING;
646 
647  *p += len;
648  } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
650  }
651 
652  if (*p < end) {
653  /* Getting authorityCertIssuer using the required specific class tag [1] */
654  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
656  1)) != 0) {
657  /* authorityCertIssuer and authorityCertSerialNumber MUST both
658  be present or both be absent. At this point we expect to have both. */
660  }
661  /* "end" also includes the CertSerialNumber field so "len" shall be used */
663  (*p+len),
664  &authority_key_id->authorityCertIssuer);
665  if (ret != 0) {
666  return ret;
667  }
668 
669  /* Getting authorityCertSerialNumber using the required specific class tag [2] */
670  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
671  MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) {
673  }
674  authority_key_id->authorityCertSerialNumber.len = len;
675  authority_key_id->authorityCertSerialNumber.p = *p;
677  *p += len;
678  }
679 
680  if (*p != end) {
683  }
684 
685  return 0;
686 }
687 
688 /*
689  * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
690  *
691  * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
692  *
693  * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
694  *
695  * PolicyInformation ::= SEQUENCE {
696  * policyIdentifier CertPolicyId,
697  * policyQualifiers SEQUENCE SIZE (1..MAX) OF
698  * PolicyQualifierInfo OPTIONAL }
699  *
700  * CertPolicyId ::= OBJECT IDENTIFIER
701  *
702  * PolicyQualifierInfo ::= SEQUENCE {
703  * policyQualifierId PolicyQualifierId,
704  * qualifier ANY DEFINED BY policyQualifierId }
705  *
706  * -- policyQualifierIds for Internet policy qualifiers
707  *
708  * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
709  * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
710  * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
711  *
712  * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
713  *
714  * Qualifier ::= CHOICE {
715  * cPSuri CPSuri,
716  * userNotice UserNotice }
717  *
718  * CPSuri ::= IA5String
719  *
720  * UserNotice ::= SEQUENCE {
721  * noticeRef NoticeReference OPTIONAL,
722  * explicitText DisplayText OPTIONAL }
723  *
724  * NoticeReference ::= SEQUENCE {
725  * organization DisplayText,
726  * noticeNumbers SEQUENCE OF INTEGER }
727  *
728  * DisplayText ::= CHOICE {
729  * ia5String IA5String (SIZE (1..200)),
730  * visibleString VisibleString (SIZE (1..200)),
731  * bmpString BMPString (SIZE (1..200)),
732  * utf8String UTF8String (SIZE (1..200)) }
733  *
734  * NOTE: we only parse and use anyPolicy without qualifiers at this point
735  * as defined in RFC 5280.
736  */
737 static int x509_get_certificate_policies(unsigned char **p,
738  const unsigned char *end,
739  mbedtls_x509_sequence *certificate_policies)
740 {
741  int ret, parse_ret = 0;
742  size_t len;
744  mbedtls_asn1_sequence *cur = certificate_policies;
745 
746  /* Get main sequence tag */
747  ret = mbedtls_asn1_get_tag(p, end, &len,
749  if (ret != 0) {
751  }
752 
753  if (*p + len != end) {
756  }
757 
758  /*
759  * Cannot be an empty sequence.
760  */
761  if (len == 0) {
764  }
765 
766  while (*p < end) {
767  mbedtls_x509_buf policy_oid;
768  const unsigned char *policy_end;
769 
770  /*
771  * Get the policy sequence
772  */
773  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
776  }
777 
778  policy_end = *p + len;
779 
780  if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
781  MBEDTLS_ASN1_OID)) != 0) {
783  }
784 
785  policy_oid.tag = MBEDTLS_ASN1_OID;
786  policy_oid.len = len;
787  policy_oid.p = *p;
788 
789  /*
790  * Only AnyPolicy is currently supported when enforcing policy.
791  */
792  if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) {
793  /*
794  * Set the parsing return code but continue parsing, in case this
795  * extension is critical.
796  */
798  }
799 
800  /* Allocate and assign next pointer */
801  if (cur->buf.p != NULL) {
802  if (cur->next != NULL) {
804  }
805 
806  cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
807 
808  if (cur->next == NULL) {
811  }
812 
813  cur = cur->next;
814  }
815 
816  buf = &(cur->buf);
817  buf->tag = policy_oid.tag;
818  buf->p = policy_oid.p;
819  buf->len = policy_oid.len;
820 
821  *p += len;
822 
823  /*
824  * If there is an optional qualifier, then *p < policy_end
825  * Check the Qualifier len to verify it doesn't exceed policy_end.
826  */
827  if (*p < policy_end) {
828  if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
830  0) {
832  }
833  /*
834  * Skip the optional policy qualifiers.
835  */
836  *p += len;
837  }
838 
839  if (*p != policy_end) {
842  }
843  }
844 
845  /* Set final sequence entry's next pointer to NULL */
846  cur->next = NULL;
847 
848  if (*p != end) {
851  }
852 
853  return parse_ret;
854 }
855 
856 /*
857  * X.509 v3 extensions
858  *
859  */
860 static int x509_get_crt_ext(unsigned char **p,
861  const unsigned char *end,
862  mbedtls_x509_crt *crt,
863  mbedtls_x509_crt_ext_cb_t cb,
864  void *p_ctx)
865 {
867  size_t len;
868  unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet;
869 
870  if (*p == end) {
871  return 0;
872  }
873 
874  if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) {
875  return ret;
876  }
877 
878  end = crt->v3_ext.p + crt->v3_ext.len;
879  while (*p < end) {
880  /*
881  * Extension ::= SEQUENCE {
882  * extnID OBJECT IDENTIFIER,
883  * critical BOOLEAN DEFAULT FALSE,
884  * extnValue OCTET STRING }
885  */
886  mbedtls_x509_buf extn_oid = { 0, 0, NULL };
887  int is_critical = 0; /* DEFAULT FALSE */
888  int ext_type = 0;
889 
890  if ((ret = mbedtls_asn1_get_tag(p, end, &len,
893  }
894 
895  end_ext_data = *p + len;
896 
897  /* Get extension ID */
898  if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
899  MBEDTLS_ASN1_OID)) != 0) {
901  }
902 
903  extn_oid.tag = MBEDTLS_ASN1_OID;
904  extn_oid.p = *p;
905  *p += extn_oid.len;
906 
907  /* Get optional critical */
908  if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
911  }
912 
913  /* Data should be octet string type */
914  if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
915  MBEDTLS_ASN1_OCTET_STRING)) != 0) {
917  }
918 
919  start_ext_octet = *p;
920  end_ext_octet = *p + len;
921 
922  if (end_ext_octet != end_ext_data) {
925  }
926 
927  /*
928  * Detect supported extensions
929  */
930  ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
931 
932  if (ret != 0) {
933  /* Give the callback (if any) a chance to handle the extension */
934  if (cb != NULL) {
935  ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet);
936  if (ret != 0 && is_critical) {
937  return ret;
938  }
939  *p = end_ext_octet;
940  continue;
941  }
942 
943  /* No parser found, skip extension */
944  *p = end_ext_octet;
945 
946  if (is_critical) {
947  /* Data is marked as critical: fail */
950  }
951  continue;
952  }
953 
954  /* Forbid repeated extensions */
955  if ((crt->ext_types & ext_type) != 0) {
957  }
958 
959  crt->ext_types |= ext_type;
960 
961  switch (ext_type) {
963  /* Parse basic constraints */
964  if ((ret = x509_get_basic_constraints(p, end_ext_octet,
965  &crt->ca_istrue, &crt->max_pathlen)) != 0) {
966  return ret;
967  }
968  break;
969 
971  /* Parse key usage */
972  if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet,
973  &crt->key_usage)) != 0) {
974  return ret;
975  }
976  break;
977 
979  /* Parse extended key usage */
980  if ((ret = x509_get_ext_key_usage(p, end_ext_octet,
981  &crt->ext_key_usage)) != 0) {
982  return ret;
983  }
984  break;
985 
987  /* Parse subject key identifier */
988  if ((ret = x509_get_subject_key_id(p, end_ext_data,
989  &crt->subject_key_id)) != 0) {
990  return ret;
991  }
992  break;
993 
995  /* Parse authority key identifier */
996  if ((ret = x509_get_authority_key_id(p, end_ext_octet,
997  &crt->authority_key_id)) != 0) {
998  return ret;
999  }
1000  break;
1002  /* Parse subject alt name
1003  * SubjectAltName ::= GeneralNames
1004  */
1005  if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet,
1006  &crt->subject_alt_names)) != 0) {
1007  return ret;
1008  }
1009  break;
1010 
1012  /* Parse netscape certificate type */
1013  if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet,
1014  &crt->ns_cert_type)) != 0) {
1015  return ret;
1016  }
1017  break;
1018 
1020  /* Parse certificate policies type */
1021  if ((ret = x509_get_certificate_policies(p, end_ext_octet,
1022  &crt->certificate_policies)) != 0) {
1023  /* Give the callback (if any) a chance to handle the extension
1024  * if it contains unsupported policies */
1025  if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
1026  cb(p_ctx, crt, &extn_oid, is_critical,
1027  start_ext_octet, end_ext_octet) == 0) {
1028  break;
1029  }
1030 
1031  if (is_critical) {
1032  return ret;
1033  } else
1034  /*
1035  * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
1036  * cannot interpret or enforce the policy. However, it is up to
1037  * the user to choose how to enforce the policies,
1038  * unless the extension is critical.
1039  */
1041  return ret;
1042  }
1043  }
1044  break;
1045 
1046  default:
1047  /*
1048  * If this is a non-critical extension, which the oid layer
1049  * supports, but there isn't an x509 parser for it,
1050  * skip the extension.
1051  */
1052  if (is_critical) {
1054  } else {
1055  *p = end_ext_octet;
1056  }
1057  }
1058  }
1059 
1060  if (*p != end) {
1063  }
1064 
1065  return 0;
1066 }
1067 
1068 /*
1069  * Parse and fill a single X.509 certificate in DER format
1070  */
1071 static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
1072  const unsigned char *buf,
1073  size_t buflen,
1074  int make_copy,
1075  mbedtls_x509_crt_ext_cb_t cb,
1076  void *p_ctx)
1077 {
1079  size_t len;
1080  unsigned char *p, *end, *crt_end;
1081  mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
1082 
1083  memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
1084  memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
1085  memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
1086 
1087  /*
1088  * Check for valid input
1089  */
1090  if (crt == NULL || buf == NULL) {
1092  }
1093 
1094  /* Use the original buffer until we figure out actual length. */
1095  p = (unsigned char *) buf;
1096  len = buflen;
1097  end = p + len;
1098 
1099  /*
1100  * Certificate ::= SEQUENCE {
1101  * tbsCertificate TBSCertificate,
1102  * signatureAlgorithm AlgorithmIdentifier,
1103  * signatureValue BIT STRING }
1104  */
1105  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1107  mbedtls_x509_crt_free(crt);
1109  }
1110 
1111  end = crt_end = p + len;
1112  crt->raw.len = (size_t) (crt_end - buf);
1113  if (make_copy != 0) {
1114  /* Create and populate a new buffer for the raw field. */
1115  crt->raw.p = p = mbedtls_calloc(1, crt->raw.len);
1116  if (crt->raw.p == NULL) {
1118  }
1119 
1120  memcpy(crt->raw.p, buf, crt->raw.len);
1121  crt->own_buffer = 1;
1122 
1123  p += crt->raw.len - len;
1124  end = crt_end = p + len;
1125  } else {
1126  crt->raw.p = (unsigned char *) buf;
1127  crt->own_buffer = 0;
1128  }
1129 
1130  /*
1131  * TBSCertificate ::= SEQUENCE {
1132  */
1133  crt->tbs.p = p;
1134 
1135  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1137  mbedtls_x509_crt_free(crt);
1139  }
1140 
1141  end = p + len;
1142  crt->tbs.len = (size_t) (end - crt->tbs.p);
1143 
1144  /*
1145  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1146  *
1147  * CertificateSerialNumber ::= INTEGER
1148  *
1149  * signature AlgorithmIdentifier
1150  */
1151  if ((ret = x509_get_version(&p, end, &crt->version)) != 0 ||
1152  (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 ||
1153  (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid,
1154  &sig_params1)) != 0) {
1155  mbedtls_x509_crt_free(crt);
1156  return ret;
1157  }
1158 
1159  if (crt->version < 0 || crt->version > 2) {
1160  mbedtls_x509_crt_free(crt);
1162  }
1163 
1164  crt->version++;
1165 
1166  if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1,
1167  &crt->sig_md, &crt->sig_pk,
1168  &crt->sig_opts)) != 0) {
1169  mbedtls_x509_crt_free(crt);
1170  return ret;
1171  }
1172 
1173  /*
1174  * issuer Name
1175  */
1176  crt->issuer_raw.p = p;
1177 
1178  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1180  mbedtls_x509_crt_free(crt);
1182  }
1183 
1184  if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) {
1185  mbedtls_x509_crt_free(crt);
1186  return ret;
1187  }
1188 
1189  crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p);
1190 
1191  /*
1192  * Validity ::= SEQUENCE {
1193  * notBefore Time,
1194  * notAfter Time }
1195  *
1196  */
1197  if ((ret = x509_get_dates(&p, end, &crt->valid_from,
1198  &crt->valid_to)) != 0) {
1199  mbedtls_x509_crt_free(crt);
1200  return ret;
1201  }
1202 
1203  /*
1204  * subject Name
1205  */
1206  crt->subject_raw.p = p;
1207 
1208  if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1210  mbedtls_x509_crt_free(crt);
1212  }
1213 
1214  if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) {
1215  mbedtls_x509_crt_free(crt);
1216  return ret;
1217  }
1218 
1219  crt->subject_raw.len = (size_t) (p - crt->subject_raw.p);
1220 
1221  /*
1222  * SubjectPublicKeyInfo
1223  */
1224  crt->pk_raw.p = p;
1225  if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) {
1226  mbedtls_x509_crt_free(crt);
1227  return ret;
1228  }
1229  crt->pk_raw.len = (size_t) (p - crt->pk_raw.p);
1230 
1231  /*
1232  * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1233  * -- If present, version shall be v2 or v3
1234  * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1235  * -- If present, version shall be v2 or v3
1236  * extensions [3] EXPLICIT Extensions OPTIONAL
1237  * -- If present, version shall be v3
1238  */
1239  if (crt->version == 2 || crt->version == 3) {
1240  ret = x509_get_uid(&p, end, &crt->issuer_id, 1);
1241  if (ret != 0) {
1242  mbedtls_x509_crt_free(crt);
1243  return ret;
1244  }
1245  }
1246 
1247  if (crt->version == 2 || crt->version == 3) {
1248  ret = x509_get_uid(&p, end, &crt->subject_id, 2);
1249  if (ret != 0) {
1250  mbedtls_x509_crt_free(crt);
1251  return ret;
1252  }
1253  }
1254 
1255  if (crt->version == 3) {
1256  ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx);
1257  if (ret != 0) {
1258  mbedtls_x509_crt_free(crt);
1259  return ret;
1260  }
1261  }
1262 
1263  if (p != end) {
1264  mbedtls_x509_crt_free(crt);
1267  }
1268 
1269  end = crt_end;
1270 
1271  /*
1272  * }
1273  * -- end of TBSCertificate
1274  *
1275  * signatureAlgorithm AlgorithmIdentifier,
1276  * signatureValue BIT STRING
1277  */
1278  if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
1279  mbedtls_x509_crt_free(crt);
1280  return ret;
1281  }
1282 
1283  if (crt->sig_oid.len != sig_oid2.len ||
1284  memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 ||
1285  sig_params1.tag != sig_params2.tag ||
1286  sig_params1.len != sig_params2.len ||
1287  (sig_params1.len != 0 &&
1288  memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
1289  mbedtls_x509_crt_free(crt);
1291  }
1292 
1293  if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) {
1294  mbedtls_x509_crt_free(crt);
1295  return ret;
1296  }
1297 
1298  if (p != end) {
1299  mbedtls_x509_crt_free(crt);
1302  }
1303 
1304  return 0;
1305 }
1306 
1307 /*
1308  * Parse one X.509 certificate in DER format from a buffer and add them to a
1309  * chained list
1310  */
1311 static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain,
1312  const unsigned char *buf,
1313  size_t buflen,
1314  int make_copy,
1315  mbedtls_x509_crt_ext_cb_t cb,
1316  void *p_ctx)
1317 {
1319  mbedtls_x509_crt *crt = chain, *prev = NULL;
1320 
1321  /*
1322  * Check for valid input
1323  */
1324  if (crt == NULL || buf == NULL) {
1326  }
1327 
1328  while (crt->version != 0 && crt->next != NULL) {
1329  prev = crt;
1330  crt = crt->next;
1331  }
1332 
1333  /*
1334  * Add new certificate on the end of the chain if needed.
1335  */
1336  if (crt->version != 0 && crt->next == NULL) {
1337  crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
1338 
1339  if (crt->next == NULL) {
1341  }
1342 
1343  prev = crt;
1345  crt = crt->next;
1346  }
1347 
1348  ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx);
1349  if (ret != 0) {
1350  if (prev) {
1351  prev->next = NULL;
1352  }
1353 
1354  if (crt != chain) {
1355  mbedtls_free(crt);
1356  }
1357 
1358  return ret;
1359  }
1360 
1361  return 0;
1362 }
1363 
1365  const unsigned char *buf,
1366  size_t buflen)
1367 {
1368  return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL);
1369 }
1370 
1372  const unsigned char *buf,
1373  size_t buflen,
1374  int make_copy,
1375  mbedtls_x509_crt_ext_cb_t cb,
1376  void *p_ctx)
1377 {
1378  return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx);
1379 }
1380 
1382  const unsigned char *buf,
1383  size_t buflen)
1384 {
1385  return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL);
1386 }
1387 
1388 /*
1389  * Parse one or more PEM certificates from a buffer and add them to the chained
1390  * list
1391  */
1393  const unsigned char *buf,
1394  size_t buflen)
1395 {
1396 #if defined(MBEDTLS_PEM_PARSE_C)
1397  int success = 0, first_error = 0, total_failed = 0;
1398  int buf_format = MBEDTLS_X509_FORMAT_DER;
1399 #endif
1400 
1401  /*
1402  * Check for valid input
1403  */
1404  if (chain == NULL || buf == NULL) {
1406  }
1407 
1408  /*
1409  * Determine buffer content. Buffer contains either one DER certificate or
1410  * one or more PEM certificates.
1411  */
1412 #if defined(MBEDTLS_PEM_PARSE_C)
1413  if (buflen != 0 && buf[buflen - 1] == '\0' &&
1414  strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) {
1415  buf_format = MBEDTLS_X509_FORMAT_PEM;
1416  }
1417 
1418  if (buf_format == MBEDTLS_X509_FORMAT_DER) {
1419  return mbedtls_x509_crt_parse_der(chain, buf, buflen);
1420  }
1421 #else
1422  return mbedtls_x509_crt_parse_der(chain, buf, buflen);
1423 #endif
1424 
1425 #if defined(MBEDTLS_PEM_PARSE_C)
1426  if (buf_format == MBEDTLS_X509_FORMAT_PEM) {
1428  mbedtls_pem_context pem;
1429 
1430  /* 1 rather than 0 since the terminating NULL byte is counted in */
1431  while (buflen > 1) {
1432  size_t use_len;
1433  mbedtls_pem_init(&pem);
1434 
1435  /* If we get there, we know the string is null-terminated */
1436  ret = mbedtls_pem_read_buffer(&pem,
1437  "-----BEGIN CERTIFICATE-----",
1438  "-----END CERTIFICATE-----",
1439  buf, NULL, 0, &use_len);
1440 
1441  if (ret == 0) {
1442  /*
1443  * Was PEM encoded
1444  */
1445  buflen -= use_len;
1446  buf += use_len;
1447  } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) {
1448  return ret;
1449  } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
1450  mbedtls_pem_free(&pem);
1451 
1452  /*
1453  * PEM header and footer were found
1454  */
1455  buflen -= use_len;
1456  buf += use_len;
1457 
1458  if (first_error == 0) {
1459  first_error = ret;
1460  }
1461 
1462  total_failed++;
1463  continue;
1464  } else {
1465  break;
1466  }
1467 
1468  ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen);
1469 
1470  mbedtls_pem_free(&pem);
1471 
1472  if (ret != 0) {
1473  /*
1474  * Quit parsing on a memory error
1475  */
1476  if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) {
1477  return ret;
1478  }
1479 
1480  if (first_error == 0) {
1481  first_error = ret;
1482  }
1483 
1484  total_failed++;
1485  continue;
1486  }
1487 
1488  success = 1;
1489  }
1490  }
1491 
1492  if (success) {
1493  return total_failed;
1494  } else if (first_error) {
1495  return first_error;
1496  } else {
1498  }
1499 #endif /* MBEDTLS_PEM_PARSE_C */
1500 }
1501 
1502 #if defined(MBEDTLS_FS_IO)
1503 /*
1504  * Load one or more certificates and add them to the chained list
1505  */
1506 int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
1507 {
1509  size_t n;
1510  unsigned char *buf;
1511 
1512  if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
1513  return ret;
1514  }
1515 
1516  ret = mbedtls_x509_crt_parse(chain, buf, n);
1517 
1519 
1520  return ret;
1521 }
1522 
1523 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
1524 {
1525  int ret = 0;
1526 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1527  int w_ret;
1528  WCHAR szDir[MAX_PATH];
1529  char filename[MAX_PATH];
1530  char *p;
1531  size_t len = strlen(path);
1532 
1533  WIN32_FIND_DATAW file_data;
1534  HANDLE hFind;
1535 
1536  if (len > MAX_PATH - 3) {
1538  }
1539 
1540  memset(szDir, 0, sizeof(szDir));
1541  memset(filename, 0, MAX_PATH);
1542  memcpy(filename, path, len);
1543  filename[len++] = '\\';
1544  p = filename + len;
1545  filename[len++] = '*';
1546 
1547  /*
1548  * Note this function uses the code page CP_ACP which is the system default
1549  * ANSI codepage. The input string is always described in BYTES and the
1550  * output length is described in WCHARs.
1551  */
1552  w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
1553  MAX_PATH - 3);
1554  if (w_ret == 0) {
1556  }
1557 
1558  hFind = FindFirstFileW(szDir, &file_data);
1559  if (hFind == INVALID_HANDLE_VALUE) {
1561  }
1562 
1563  len = MAX_PATH - len;
1564  do {
1565  memset(p, 0, len);
1566 
1567  if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
1568  continue;
1569  }
1570  w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName,
1571  -1, p, (int) len, NULL, NULL);
1572  if (w_ret == 0) {
1574  goto cleanup;
1575  }
1576 
1577  w_ret = mbedtls_x509_crt_parse_file(chain, filename);
1578  if (w_ret < 0) {
1579  ret++;
1580  } else {
1581  ret += w_ret;
1582  }
1583  } while (FindNextFileW(hFind, &file_data) != 0);
1584 
1585  if (GetLastError() != ERROR_NO_MORE_FILES) {
1587  }
1588 
1589 cleanup:
1590  FindClose(hFind);
1591 #else /* _WIN32 */
1592  int t_ret;
1593  int snp_ret;
1594  struct stat sb;
1595  struct dirent *entry;
1596  char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
1597  DIR *dir = opendir(path);
1598 
1599  if (dir == NULL) {
1601  }
1602 
1603 #if defined(MBEDTLS_THREADING_C)
1605  closedir(dir);
1606  return ret;
1607  }
1608 #endif /* MBEDTLS_THREADING_C */
1609 
1610  memset(&sb, 0, sizeof(sb));
1611 
1612  while ((entry = readdir(dir)) != NULL) {
1613  snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name),
1614  "%s/%s", path, entry->d_name);
1615 
1616  if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) {
1618  goto cleanup;
1619  } else if (stat(entry_name, &sb) == -1) {
1620  if (errno == ENOENT) {
1621  /* Broken symbolic link - ignore this entry.
1622  stat(2) will return this error for either (a) a dangling
1623  symlink or (b) a missing file.
1624  Given that we have just obtained the filename from readdir,
1625  assume that it does exist and therefore treat this as a
1626  dangling symlink. */
1627  continue;
1628  } else {
1629  /* Some other file error; report the error. */
1631  goto cleanup;
1632  }
1633  }
1634 
1635  if (!S_ISREG(sb.st_mode)) {
1636  continue;
1637  }
1638 
1639  // Ignore parse errors
1640  //
1641  t_ret = mbedtls_x509_crt_parse_file(chain, entry_name);
1642  if (t_ret < 0) {
1643  ret++;
1644  } else {
1645  ret += t_ret;
1646  }
1647  }
1648 
1649 cleanup:
1650  closedir(dir);
1651 
1652 #if defined(MBEDTLS_THREADING_C)
1655  }
1656 #endif /* MBEDTLS_THREADING_C */
1657 
1658 #endif /* _WIN32 */
1659 
1660  return ret;
1661 }
1662 #endif /* MBEDTLS_FS_IO */
1663 
1664 #if !defined(MBEDTLS_X509_REMOVE_INFO)
1665 #define PRINT_ITEM(i) \
1666  do { \
1667  ret = mbedtls_snprintf(p, n, "%s" i, sep); \
1668  MBEDTLS_X509_SAFE_SNPRINTF; \
1669  sep = ", "; \
1670  } while (0)
1671 
1672 #define CERT_TYPE(type, name) \
1673  do { \
1674  if (ns_cert_type & (type)) { \
1675  PRINT_ITEM(name); \
1676  } \
1677  } while (0)
1678 
1679 #define KEY_USAGE(code, name) \
1680  do { \
1681  if (key_usage & (code)) { \
1682  PRINT_ITEM(name); \
1683  } \
1684  } while (0)
1685 
1686 static int x509_info_ext_key_usage(char **buf, size_t *size,
1687  const mbedtls_x509_sequence *extended_key_usage)
1688 {
1690  const char *desc;
1691  size_t n = *size;
1692  char *p = *buf;
1693  const mbedtls_x509_sequence *cur = extended_key_usage;
1694  const char *sep = "";
1695 
1696  while (cur != NULL) {
1697  if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) {
1698  desc = "???";
1699  }
1700 
1701  ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
1703 
1704  sep = ", ";
1705 
1706  cur = cur->next;
1707  }
1708 
1709  *size = n;
1710  *buf = p;
1711 
1712  return 0;
1713 }
1714 
1715 static int x509_info_cert_policies(char **buf, size_t *size,
1716  const mbedtls_x509_sequence *certificate_policies)
1717 {
1719  const char *desc;
1720  size_t n = *size;
1721  char *p = *buf;
1722  const mbedtls_x509_sequence *cur = certificate_policies;
1723  const char *sep = "";
1724 
1725  while (cur != NULL) {
1726  if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) {
1727  desc = "???";
1728  }
1729 
1730  ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
1732 
1733  sep = ", ";
1734 
1735  cur = cur->next;
1736  }
1737 
1738  *size = n;
1739  *buf = p;
1740 
1741  return 0;
1742 }
1743 
1744 /*
1745  * Return an informational string about the certificate.
1746  */
1747 #define BEFORE_COLON 18
1748 #define BC "18"
1749 int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
1750  const mbedtls_x509_crt *crt)
1751 {
1753  size_t n;
1754  char *p;
1755  char key_size_str[BEFORE_COLON];
1756 
1757  p = buf;
1758  n = size;
1759 
1760  if (NULL == crt) {
1761  ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n");
1763 
1764  return (int) (size - n);
1765  }
1766 
1767  ret = mbedtls_snprintf(p, n, "%scert. version : %d\n",
1768  prefix, crt->version);
1770  ret = mbedtls_snprintf(p, n, "%sserial number : ",
1771  prefix);
1773 
1774  ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
1776 
1777  ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
1779  ret = mbedtls_x509_dn_gets(p, n, &crt->issuer);
1781 
1782  ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix);
1784  ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
1786 
1787  ret = mbedtls_snprintf(p, n, "\n%sissued on : " \
1788  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1789  crt->valid_from.year, crt->valid_from.mon,
1790  crt->valid_from.day, crt->valid_from.hour,
1791  crt->valid_from.min, crt->valid_from.sec);
1793 
1794  ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \
1795  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1796  crt->valid_to.year, crt->valid_to.mon,
1797  crt->valid_to.day, crt->valid_to.hour,
1798  crt->valid_to.min, crt->valid_to.sec);
1800 
1801  ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
1803 
1804  ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk,
1805  crt->sig_md, crt->sig_opts);
1807 
1808  /* Key size */
1809  if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
1810  mbedtls_pk_get_name(&crt->pk))) != 0) {
1811  return ret;
1812  }
1813 
1814  ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
1815  (int) mbedtls_pk_get_bitlen(&crt->pk));
1817 
1818  /*
1819  * Optional extensions
1820  */
1821 
1822  if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) {
1823  ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix,
1824  crt->ca_istrue ? "true" : "false");
1826 
1827  if (crt->max_pathlen > 0) {
1828  ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1);
1830  }
1831  }
1832 
1833  if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
1834  ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix);
1836 
1837  if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n,
1838  &crt->subject_alt_names,
1839  prefix)) != 0) {
1840  return ret;
1841  }
1842  }
1843 
1844  if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) {
1845  ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix);
1847 
1848  if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) {
1849  return ret;
1850  }
1851  }
1852 
1853  if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) {
1854  ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix);
1856 
1857  if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) {
1858  return ret;
1859  }
1860  }
1861 
1862  if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) {
1863  ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix);
1865 
1866  if ((ret = x509_info_ext_key_usage(&p, &n,
1867  &crt->ext_key_usage)) != 0) {
1868  return ret;
1869  }
1870  }
1871 
1872  if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) {
1873  ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix);
1875 
1876  if ((ret = x509_info_cert_policies(&p, &n,
1877  &crt->certificate_policies)) != 0) {
1878  return ret;
1879  }
1880  }
1881 
1882  ret = mbedtls_snprintf(p, n, "\n");
1884 
1885  return (int) (size - n);
1886 }
1887 
1888 struct x509_crt_verify_string {
1889  int code;
1890  const char *string;
1891 };
1892 
1893 #define X509_CRT_ERROR_INFO(err, err_str, info) { err, info },
1894 static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
1896  { 0, NULL }
1897 };
1898 #undef X509_CRT_ERROR_INFO
1899 
1900 int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
1901  uint32_t flags)
1902 {
1904  const struct x509_crt_verify_string *cur;
1905  char *p = buf;
1906  size_t n = size;
1907 
1908  for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) {
1909  if ((flags & cur->code) == 0) {
1910  continue;
1911  }
1912 
1913  ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string);
1915  flags ^= cur->code;
1916  }
1917 
1918  if (flags != 0) {
1919  ret = mbedtls_snprintf(p, n, "%sUnknown reason "
1920  "(this should not happen)\n", prefix);
1922  }
1923 
1924  return (int) (size - n);
1925 }
1926 #endif /* MBEDTLS_X509_REMOVE_INFO */
1927 
1929  unsigned int usage)
1930 {
1931  unsigned int usage_must, usage_may;
1932  unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
1934 
1935  if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) {
1936  return 0;
1937  }
1938 
1939  usage_must = usage & ~may_mask;
1940 
1941  if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) {
1943  }
1944 
1945  usage_may = usage & may_mask;
1946 
1947  if (((crt->key_usage & may_mask) | usage_may) != usage_may) {
1949  }
1950 
1951  return 0;
1952 }
1953 
1955  const char *usage_oid,
1956  size_t usage_len)
1957 {
1958  const mbedtls_x509_sequence *cur;
1959 
1960  /* Extension is not mandatory, absent means no restriction */
1961  if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) {
1962  return 0;
1963  }
1964 
1965  /*
1966  * Look for the requested usage (or wildcard ANY) in our list
1967  */
1968  for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) {
1969  const mbedtls_x509_buf *cur_oid = &cur->buf;
1970 
1971  if (cur_oid->len == usage_len &&
1972  memcmp(cur_oid->p, usage_oid, usage_len) == 0) {
1973  return 0;
1974  }
1975 
1977  return 0;
1978  }
1979  }
1980 
1982 }
1983 
1984 #if defined(MBEDTLS_X509_CRL_PARSE_C)
1985 /*
1986  * Return 1 if the certificate is revoked, or 0 otherwise.
1987  */
1989 {
1990  const mbedtls_x509_crl_entry *cur = &crl->entry;
1991 
1992  while (cur != NULL && cur->serial.len != 0) {
1993  if (crt->serial.len == cur->serial.len &&
1994  memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) {
1995  return 1;
1996  }
1997 
1998  cur = cur->next;
1999  }
2000 
2001  return 0;
2002 }
2003 
2004 /*
2005  * Check that the given certificate is not revoked according to the CRL.
2006  * Skip validation if no CRL for the given CA is present.
2007  */
2008 static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
2009  mbedtls_x509_crl *crl_list,
2010  const mbedtls_x509_crt_profile *profile,
2011  const mbedtls_x509_time *now)
2012 {
2013  int flags = 0;
2014  unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2015 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2016  psa_algorithm_t psa_algorithm;
2017 #else
2018  const mbedtls_md_info_t *md_info;
2019 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2020  size_t hash_length;
2021 
2022  if (ca == NULL) {
2023  return flags;
2024  }
2025 
2026  while (crl_list != NULL) {
2027  if (crl_list->version == 0 ||
2028  x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) {
2029  crl_list = crl_list->next;
2030  continue;
2031  }
2032 
2033  /*
2034  * Check if the CA is configured to sign CRLs
2035  */
2037  MBEDTLS_X509_KU_CRL_SIGN) != 0) {
2039  break;
2040  }
2041 
2042  /*
2043  * Check if CRL is correctly signed by the trusted CA
2044  */
2045  if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) {
2047  }
2048 
2049  if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) {
2051  }
2052 
2053 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2054  psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md);
2055  if (psa_hash_compute(psa_algorithm,
2056  crl_list->tbs.p,
2057  crl_list->tbs.len,
2058  hash,
2059  sizeof(hash),
2060  &hash_length) != PSA_SUCCESS) {
2061  /* Note: this can't happen except after an internal error */
2063  break;
2064  }
2065 #else
2066  md_info = mbedtls_md_info_from_type(crl_list->sig_md);
2067  hash_length = mbedtls_md_get_size(md_info);
2068  if (mbedtls_md(md_info,
2069  crl_list->tbs.p,
2070  crl_list->tbs.len,
2071  hash) != 0) {
2072  /* Note: this can't happen except after an internal error */
2074  break;
2075  }
2076 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2077 
2078  if (x509_profile_check_key(profile, &ca->pk) != 0) {
2080  }
2081 
2082  if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
2083  crl_list->sig_md, hash, hash_length,
2084  crl_list->sig.p, crl_list->sig.len) != 0) {
2086  break;
2087  }
2088 
2089 #if defined(MBEDTLS_HAVE_TIME_DATE)
2090  /*
2091  * Check for validity of CRL (Do not drop out)
2092  */
2093  if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) {
2095  }
2096 
2097  if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) {
2099  }
2100 #else
2101  ((void) now);
2102 #endif
2103 
2104  /*
2105  * Check if certificate is revoked
2106  */
2107  if (mbedtls_x509_crt_is_revoked(crt, crl_list)) {
2109  break;
2110  }
2111 
2112  crl_list = crl_list->next;
2113  }
2114 
2115  return flags;
2116 }
2117 #endif /* MBEDTLS_X509_CRL_PARSE_C */
2118 
2119 /*
2120  * Check the signature of a certificate by its parent
2121  */
2122 static int x509_crt_check_signature(const mbedtls_x509_crt *child,
2123  mbedtls_x509_crt *parent,
2125 {
2126  size_t hash_len;
2127  unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2128 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
2129  const mbedtls_md_info_t *md_info;
2130  md_info = mbedtls_md_info_from_type(child->sig_md);
2131  hash_len = mbedtls_md_get_size(md_info);
2132 
2133  /* Note: hash errors can happen only after an internal error */
2134  if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) {
2135  return -1;
2136  }
2137 #else
2138  psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md);
2140 
2141  status = psa_hash_compute(hash_alg,
2142  child->tbs.p,
2143  child->tbs.len,
2144  hash,
2145  sizeof(hash),
2146  &hash_len);
2147  if (status != PSA_SUCCESS) {
2149  }
2150 
2151 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2152  /* Skip expensive computation on obvious mismatch */
2153  if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
2154  return -1;
2155  }
2156 
2157 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2158  if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) {
2159  return mbedtls_pk_verify_restartable(&parent->pk,
2160  child->sig_md, hash, hash_len,
2161  child->sig.p, child->sig.len, &rs_ctx->pk);
2162  }
2163 #else
2164  (void) rs_ctx;
2165 #endif
2166 
2167  return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk,
2168  child->sig_md, hash, hash_len,
2169  child->sig.p, child->sig.len);
2170 }
2171 
2172 /*
2173  * Check if 'parent' is a suitable parent (signing CA) for 'child'.
2174  * Return 0 if yes, -1 if not.
2175  *
2176  * top means parent is a locally-trusted certificate
2177  */
2178 static int x509_crt_check_parent(const mbedtls_x509_crt *child,
2179  const mbedtls_x509_crt *parent,
2180  int top)
2181 {
2182  int need_ca_bit;
2183 
2184  /* Parent must be the issuer */
2185  if (x509_name_cmp(&child->issuer, &parent->subject) != 0) {
2186  return -1;
2187  }
2188 
2189  /* Parent must have the basicConstraints CA bit set as a general rule */
2190  need_ca_bit = 1;
2191 
2192  /* Exception: v1/v2 certificates that are locally trusted. */
2193  if (top && parent->version < 3) {
2194  need_ca_bit = 0;
2195  }
2196 
2197  if (need_ca_bit && !parent->ca_istrue) {
2198  return -1;
2199  }
2200 
2201  if (need_ca_bit &&
2203  return -1;
2204  }
2205 
2206  return 0;
2207 }
2208 
2209 /*
2210  * Find a suitable parent for child in candidates, or return NULL.
2211  *
2212  * Here suitable is defined as:
2213  * 1. subject name matches child's issuer
2214  * 2. if necessary, the CA bit is set and key usage allows signing certs
2215  * 3. for trusted roots, the signature is correct
2216  * (for intermediates, the signature is checked and the result reported)
2217  * 4. pathlen constraints are satisfied
2218  *
2219  * If there's a suitable candidate which is also time-valid, return the first
2220  * such. Otherwise, return the first suitable candidate (or NULL if there is
2221  * none).
2222  *
2223  * The rationale for this rule is that someone could have a list of trusted
2224  * roots with two versions on the same root with different validity periods.
2225  * (At least one user reported having such a list and wanted it to just work.)
2226  * The reason we don't just require time-validity is that generally there is
2227  * only one version, and if it's expired we want the flags to state that
2228  * rather than NOT_TRUSTED, as would be the case if we required it here.
2229  *
2230  * The rationale for rule 3 (signature for trusted roots) is that users might
2231  * have two versions of the same CA with different keys in their list, and the
2232  * way we select the correct one is by checking the signature (as we don't
2233  * rely on key identifier extensions). (This is one way users might choose to
2234  * handle key rollover, another relies on self-issued certs, see [SIRO].)
2235  *
2236  * Arguments:
2237  * - [in] child: certificate for which we're looking for a parent
2238  * - [in] candidates: chained list of potential parents
2239  * - [out] r_parent: parent found (or NULL)
2240  * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
2241  * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
2242  * of the chain, 0 otherwise
2243  * - [in] path_cnt: number of intermediates seen so far
2244  * - [in] self_cnt: number of self-signed intermediates seen so far
2245  * (will never be greater than path_cnt)
2246  * - [in-out] rs_ctx: context for restarting operations
2247  *
2248  * Return value:
2249  * - 0 on success
2250  * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2251  */
2252 static int x509_crt_find_parent_in(
2253  mbedtls_x509_crt *child,
2254  mbedtls_x509_crt *candidates,
2255  mbedtls_x509_crt **r_parent,
2256  int *r_signature_is_good,
2257  int top,
2258  unsigned path_cnt,
2259  unsigned self_cnt,
2261  const mbedtls_x509_time *now)
2262 {
2264  mbedtls_x509_crt *parent, *fallback_parent;
2265  int signature_is_good = 0, fallback_signature_is_good;
2266 
2267 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2268  /* did we have something in progress? */
2269  if (rs_ctx != NULL && rs_ctx->parent != NULL) {
2270  /* restore saved state */
2271  parent = rs_ctx->parent;
2272  fallback_parent = rs_ctx->fallback_parent;
2273  fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
2274 
2275  /* clear saved state */
2276  rs_ctx->parent = NULL;
2277  rs_ctx->fallback_parent = NULL;
2278  rs_ctx->fallback_signature_is_good = 0;
2279 
2280  /* resume where we left */
2281  goto check_signature;
2282  }
2283 #endif
2284 
2285  fallback_parent = NULL;
2286  fallback_signature_is_good = 0;
2287 
2288  for (parent = candidates; parent != NULL; parent = parent->next) {
2289  /* basic parenting skills (name, CA bit, key usage) */
2290  if (x509_crt_check_parent(child, parent, top) != 0) {
2291  continue;
2292  }
2293 
2294  /* +1 because stored max_pathlen is 1 higher that the actual value */
2295  if (parent->max_pathlen > 0 &&
2296  (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) {
2297  continue;
2298  }
2299 
2300  /* Signature */
2301 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2302 check_signature:
2303 #endif
2304  ret = x509_crt_check_signature(child, parent, rs_ctx);
2305 
2306 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2307  if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2308  /* save state */
2309  rs_ctx->parent = parent;
2310  rs_ctx->fallback_parent = fallback_parent;
2311  rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
2312 
2313  return ret;
2314  }
2315 #else
2316  (void) ret;
2317 #endif
2318 
2319  signature_is_good = ret == 0;
2320  if (top && !signature_is_good) {
2321  continue;
2322  }
2323 
2324 #if defined(MBEDTLS_HAVE_TIME_DATE)
2325  /* optional time check */
2326  if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */
2327  mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */
2328  if (fallback_parent == NULL) {
2329  fallback_parent = parent;
2330  fallback_signature_is_good = signature_is_good;
2331  }
2332 
2333  continue;
2334  }
2335 #else
2336  ((void) now);
2337 #endif
2338 
2339  *r_parent = parent;
2340  *r_signature_is_good = signature_is_good;
2341 
2342  break;
2343  }
2344 
2345  if (parent == NULL) {
2346  *r_parent = fallback_parent;
2347  *r_signature_is_good = fallback_signature_is_good;
2348  }
2349 
2350  return 0;
2351 }
2352 
2353 /*
2354  * Find a parent in trusted CAs or the provided chain, or return NULL.
2355  *
2356  * Searches in trusted CAs first, and return the first suitable parent found
2357  * (see find_parent_in() for definition of suitable).
2358  *
2359  * Arguments:
2360  * - [in] child: certificate for which we're looking for a parent, followed
2361  * by a chain of possible intermediates
2362  * - [in] trust_ca: list of locally trusted certificates
2363  * - [out] parent: parent found (or NULL)
2364  * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
2365  * - [out] signature_is_good: 1 if child signature by parent is valid, or 0
2366  * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
2367  * - [in] self_cnt: number of self-signed certs in the chain so far
2368  * (will always be no greater than path_cnt)
2369  * - [in-out] rs_ctx: context for restarting operations
2370  *
2371  * Return value:
2372  * - 0 on success
2373  * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2374  */
2375 static int x509_crt_find_parent(
2376  mbedtls_x509_crt *child,
2377  mbedtls_x509_crt *trust_ca,
2378  mbedtls_x509_crt **parent,
2379  int *parent_is_trusted,
2380  int *signature_is_good,
2381  unsigned path_cnt,
2382  unsigned self_cnt,
2384  const mbedtls_x509_time *now)
2385 {
2387  mbedtls_x509_crt *search_list;
2388 
2389  *parent_is_trusted = 1;
2390 
2391 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2392  /* restore then clear saved state if we have some stored */
2393  if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) {
2394  *parent_is_trusted = rs_ctx->parent_is_trusted;
2395  rs_ctx->parent_is_trusted = -1;
2396  }
2397 #endif
2398 
2399  while (1) {
2400  search_list = *parent_is_trusted ? trust_ca : child->next;
2401 
2402  ret = x509_crt_find_parent_in(child, search_list,
2403  parent, signature_is_good,
2404  *parent_is_trusted,
2405  path_cnt, self_cnt, rs_ctx, now);
2406 
2407 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2408  if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2409  /* save state */
2410  rs_ctx->parent_is_trusted = *parent_is_trusted;
2411  return ret;
2412  }
2413 #else
2414  (void) ret;
2415 #endif
2416 
2417  /* stop here if found or already in second iteration */
2418  if (*parent != NULL || *parent_is_trusted == 0) {
2419  break;
2420  }
2421 
2422  /* prepare second iteration */
2423  *parent_is_trusted = 0;
2424  }
2425 
2426  /* extra precaution against mistakes in the caller */
2427  if (*parent == NULL) {
2428  *parent_is_trusted = 0;
2429  *signature_is_good = 0;
2430  }
2431 
2432  return 0;
2433 }
2434 
2435 /*
2436  * Check if an end-entity certificate is locally trusted
2437  *
2438  * Currently we require such certificates to be self-signed (actually only
2439  * check for self-issued as self-signatures are not checked)
2440  */
2441 static int x509_crt_check_ee_locally_trusted(
2442  mbedtls_x509_crt *crt,
2443  mbedtls_x509_crt *trust_ca)
2444 {
2445  mbedtls_x509_crt *cur;
2446 
2447  /* must be self-issued */
2448  if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) {
2449  return -1;
2450  }
2451 
2452  /* look for an exact match with trusted cert */
2453  for (cur = trust_ca; cur != NULL; cur = cur->next) {
2454  if (crt->raw.len == cur->raw.len &&
2455  memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) {
2456  return 0;
2457  }
2458  }
2459 
2460  /* too bad */
2461  return -1;
2462 }
2463 
2464 /*
2465  * Build and verify a certificate chain
2466  *
2467  * Given a peer-provided list of certificates EE, C1, ..., Cn and
2468  * a list of trusted certs R1, ... Rp, try to build and verify a chain
2469  * EE, Ci1, ... Ciq [, Rj]
2470  * such that every cert in the chain is a child of the next one,
2471  * jumping to a trusted root as early as possible.
2472  *
2473  * Verify that chain and return it with flags for all issues found.
2474  *
2475  * Special cases:
2476  * - EE == Rj -> return a one-element list containing it
2477  * - EE, Ci1, ..., Ciq cannot be continued with a trusted root
2478  * -> return that chain with NOT_TRUSTED set on Ciq
2479  *
2480  * Tests for (aspects of) this function should include at least:
2481  * - trusted EE
2482  * - EE -> trusted root
2483  * - EE -> intermediate CA -> trusted root
2484  * - if relevant: EE untrusted
2485  * - if relevant: EE -> intermediate, untrusted
2486  * with the aspect under test checked at each relevant level (EE, int, root).
2487  * For some aspects longer chains are required, but usually length 2 is
2488  * enough (but length 1 is not in general).
2489  *
2490  * Arguments:
2491  * - [in] crt: the cert list EE, C1, ..., Cn
2492  * - [in] trust_ca: the trusted list R1, ..., Rp
2493  * - [in] ca_crl, profile: as in verify_with_profile()
2494  * - [out] ver_chain: the built and verified chain
2495  * Only valid when return value is 0, may contain garbage otherwise!
2496  * Restart note: need not be the same when calling again to resume.
2497  * - [in-out] rs_ctx: context for restarting operations
2498  *
2499  * Return value:
2500  * - non-zero if the chain could not be fully built and examined
2501  * - 0 is the chain was successfully built and examined,
2502  * even if it was found to be invalid
2503  */
2504 static int x509_crt_verify_chain(
2505  mbedtls_x509_crt *crt,
2506  mbedtls_x509_crt *trust_ca,
2507  mbedtls_x509_crl *ca_crl,
2508  mbedtls_x509_crt_ca_cb_t f_ca_cb,
2509  void *p_ca_cb,
2510  const mbedtls_x509_crt_profile *profile,
2511  mbedtls_x509_crt_verify_chain *ver_chain,
2513 {
2514  /* Don't initialize any of those variables here, so that the compiler can
2515  * catch potential issues with jumping ahead when restarting */
2517  uint32_t *flags;
2519  mbedtls_x509_crt *child;
2520  mbedtls_x509_crt *parent;
2521  int parent_is_trusted;
2522  int child_is_trusted;
2523  int signature_is_good;
2524  unsigned self_cnt;
2525  mbedtls_x509_crt *cur_trust_ca = NULL;
2526  mbedtls_x509_time now;
2527 
2528 #if defined(MBEDTLS_HAVE_TIME_DATE)
2529  if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) {
2531  }
2532 #endif
2533 
2534 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2535  /* resume if we had an operation in progress */
2536  if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) {
2537  /* restore saved state */
2538  *ver_chain = rs_ctx->ver_chain; /* struct copy */
2539  self_cnt = rs_ctx->self_cnt;
2540 
2541  /* restore derived state */
2542  cur = &ver_chain->items[ver_chain->len - 1];
2543  child = cur->crt;
2544  flags = &cur->flags;
2545 
2546  goto find_parent;
2547  }
2548 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
2549 
2550  child = crt;
2551  self_cnt = 0;
2552  parent_is_trusted = 0;
2553  child_is_trusted = 0;
2554 
2555  while (1) {
2556  /* Add certificate to the verification chain */
2557  cur = &ver_chain->items[ver_chain->len];
2558  cur->crt = child;
2559  cur->flags = 0;
2560  ver_chain->len++;
2561  flags = &cur->flags;
2562 
2563 #if defined(MBEDTLS_HAVE_TIME_DATE)
2564  /* Check time-validity (all certificates) */
2565  if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) {
2567  }
2568 
2569  if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) {
2571  }
2572 #endif
2573 
2574  /* Stop here for trusted roots (but not for trusted EE certs) */
2575  if (child_is_trusted) {
2576  return 0;
2577  }
2578 
2579  /* Check signature algorithm: MD & PK algs */
2580  if (x509_profile_check_md_alg(profile, child->sig_md) != 0) {
2582  }
2583 
2584  if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) {
2586  }
2587 
2588  /* Special case: EE certs that are locally trusted */
2589  if (ver_chain->len == 1 &&
2590  x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) {
2591  return 0;
2592  }
2593 
2594 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2595 find_parent:
2596 #endif
2597 
2598  /* Obtain list of potential trusted signers from CA callback,
2599  * or use statically provided list. */
2600 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
2601  if (f_ca_cb != NULL) {
2602  mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result);
2603  mbedtls_free(ver_chain->trust_ca_cb_result);
2604  ver_chain->trust_ca_cb_result = NULL;
2605 
2606  ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result);
2607  if (ret != 0) {
2609  }
2610 
2611  cur_trust_ca = ver_chain->trust_ca_cb_result;
2612  } else
2613 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
2614  {
2615  ((void) f_ca_cb);
2616  ((void) p_ca_cb);
2617  cur_trust_ca = trust_ca;
2618  }
2619 
2620  /* Look for a parent in trusted CAs or up the chain */
2621  ret = x509_crt_find_parent(child, cur_trust_ca, &parent,
2622  &parent_is_trusted, &signature_is_good,
2623  ver_chain->len - 1, self_cnt, rs_ctx,
2624  &now);
2625 
2626 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2627  if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2628  /* save state */
2629  rs_ctx->in_progress = x509_crt_rs_find_parent;
2630  rs_ctx->self_cnt = self_cnt;
2631  rs_ctx->ver_chain = *ver_chain; /* struct copy */
2632 
2633  return ret;
2634  }
2635 #else
2636  (void) ret;
2637 #endif
2638 
2639  /* No parent? We're done here */
2640  if (parent == NULL) {
2642  return 0;
2643  }
2644 
2645  /* Count intermediate self-issued (not necessarily self-signed) certs.
2646  * These can occur with some strategies for key rollover, see [SIRO],
2647  * and should be excluded from max_pathlen checks. */
2648  if (ver_chain->len != 1 &&
2649  x509_name_cmp(&child->issuer, &child->subject) == 0) {
2650  self_cnt++;
2651  }
2652 
2653  /* path_cnt is 0 for the first intermediate CA,
2654  * and if parent is trusted it's not an intermediate CA */
2655  if (!parent_is_trusted &&
2656  ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) {
2657  /* return immediately to avoid overflow the chain array */
2659  }
2660 
2661  /* signature was checked while searching parent */
2662  if (!signature_is_good) {
2664  }
2665 
2666  /* check size of signing key */
2667  if (x509_profile_check_key(profile, &parent->pk) != 0) {
2669  }
2670 
2671 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2672  /* Check trusted CA's CRL for the given crt */
2673  *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now);
2674 #else
2675  (void) ca_crl;
2676 #endif
2677 
2678  /* prepare for next iteration */
2679  child = parent;
2680  parent = NULL;
2681  child_is_trusted = parent_is_trusted;
2682  signature_is_good = 0;
2683  }
2684 }
2685 
2686 #ifdef _WIN32
2687 #ifdef _MSC_VER
2688 #pragma comment(lib, "ws2_32.lib")
2689 #include <winsock2.h>
2690 #include <ws2tcpip.h>
2691 #elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600
2692 #include <winsock2.h>
2693 #include <ws2tcpip.h>
2694 #else
2695 /* inet_pton() is not supported, fallback to software version */
2696 #define MBEDTLS_TEST_SW_INET_PTON
2697 #endif
2698 #elif defined(__sun)
2699 /* Solaris requires -lsocket -lnsl for inet_pton() */
2700 #elif defined(__has_include)
2701 #if __has_include(<sys/socket.h>)
2702 #include <sys/socket.h>
2703 #endif
2704 #if __has_include(<arpa/inet.h>)
2705 #include <arpa/inet.h>
2706 #endif
2707 #endif
2708 
2709 /* Use whether or not AF_INET6 is defined to indicate whether or not to use
2710  * the platform inet_pton() or a local implementation (below). The local
2711  * implementation may be used even in cases where the platform provides
2712  * inet_pton(), e.g. when there are different includes required and/or the
2713  * platform implementation requires dependencies on additional libraries.
2714  * Specifically, Windows requires custom includes and additional link
2715  * dependencies, and Solaris requires additional link dependencies.
2716  * Also, as a coarse heuristic, use the local implementation if the compiler
2717  * does not support __has_include(), or if the definition of AF_INET6 is not
2718  * provided by headers included (or not) via __has_include() above.
2719  * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names
2720  * despite having a platform that has inet_pton. */
2721 #if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names
2722 /* Definition located further below to possibly reduce compiler inlining */
2723 static int x509_inet_pton_ipv4(const char *src, void *dst);
2724 
2725 #define li_cton(c, n) \
2726  (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0))
2727 
2728 static int x509_inet_pton_ipv6(const char *src, void *dst)
2729 {
2730  const unsigned char *p = (const unsigned char *) src;
2731  int nonzero_groups = 0, num_digits, zero_group_start = -1;
2732  uint16_t addr[8];
2733  do {
2734  /* note: allows excess leading 0's, e.g. 1:0002:3:... */
2735  uint16_t group = num_digits = 0;
2736  for (uint8_t digit; num_digits < 4; num_digits++) {
2737  if (li_cton(*p, digit) == 0) {
2738  break;
2739  }
2740  group = (group << 4) | digit;
2741  p++;
2742  }
2743  if (num_digits != 0) {
2744  MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
2745  nonzero_groups++;
2746  if (*p == '\0') {
2747  break;
2748  } else if (*p == '.') {
2749  /* Don't accept IPv4 too early or late */
2750  if ((nonzero_groups == 0 && zero_group_start == -1) ||
2751  nonzero_groups >= 7) {
2752  break;
2753  }
2754 
2755  /* Walk back to prior ':', then parse as IPv4-mapped */
2756  int steps = 4;
2757  do {
2758  p--;
2759  steps--;
2760  } while (*p != ':' && steps > 0);
2761 
2762  if (*p != ':') {
2763  break;
2764  }
2765  p++;
2766  nonzero_groups--;
2767  if (x509_inet_pton_ipv4((const char *) p,
2768  addr + nonzero_groups) != 0) {
2769  break;
2770  }
2771 
2772  nonzero_groups += 2;
2773  p = (const unsigned char *) "";
2774  break;
2775  } else if (*p != ':') {
2776  return -1;
2777  }
2778  } else {
2779  /* Don't accept a second zero group or an invalid delimiter */
2780  if (zero_group_start != -1 || *p != ':') {
2781  return -1;
2782  }
2783  zero_group_start = nonzero_groups;
2784 
2785  /* Accept a zero group at start, but it has to be a double colon */
2786  if (zero_group_start == 0 && *++p != ':') {
2787  return -1;
2788  }
2789 
2790  if (p[1] == '\0') {
2791  ++p;
2792  break;
2793  }
2794  }
2795  ++p;
2796  } while (nonzero_groups < 8);
2797 
2798  if (*p != '\0') {
2799  return -1;
2800  }
2801 
2802  if (zero_group_start != -1) {
2803  if (nonzero_groups > 6) {
2804  return -1;
2805  }
2806  int zero_groups = 8 - nonzero_groups;
2807  int groups_after_zero = nonzero_groups - zero_group_start;
2808 
2809  /* Move the non-zero part to after the zeroes */
2810  if (groups_after_zero) {
2811  memmove(addr + zero_group_start + zero_groups,
2812  addr + zero_group_start,
2813  groups_after_zero * sizeof(*addr));
2814  }
2815  memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr));
2816  } else {
2817  if (nonzero_groups != 8) {
2818  return -1;
2819  }
2820  }
2821  memcpy(dst, addr, sizeof(addr));
2822  return 0;
2823 }
2824 
2825 static int x509_inet_pton_ipv4(const char *src, void *dst)
2826 {
2827  const unsigned char *p = (const unsigned char *) src;
2828  uint8_t *res = (uint8_t *) dst;
2829  uint8_t digit, num_digits = 0;
2830  uint8_t num_octets = 0;
2831  uint16_t octet;
2832 
2833  do {
2834  octet = num_digits = 0;
2835  do {
2836  digit = *p - '0';
2837  if (digit > 9) {
2838  break;
2839  }
2840 
2841  /* Don't allow leading zeroes. These might mean octal format,
2842  * which this implementation does not support. */
2843  if (octet == 0 && num_digits > 0) {
2844  return -1;
2845  }
2846 
2847  octet = octet * 10 + digit;
2848  num_digits++;
2849  p++;
2850  } while (num_digits < 3);
2851 
2852  if (octet >= 256 || num_digits > 3 || num_digits == 0) {
2853  return -1;
2854  }
2855  *res++ = (uint8_t) octet;
2856  num_octets++;
2857  } while (num_octets < 4 && *p++ == '.');
2858  return num_octets == 4 && *p == '\0' ? 0 : -1;
2859 }
2860 
2861 #else
2862 
2863 static int x509_inet_pton_ipv6(const char *src, void *dst)
2864 {
2865  return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1;
2866 }
2867 
2868 static int x509_inet_pton_ipv4(const char *src, void *dst)
2869 {
2870  return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1;
2871 }
2872 
2873 #endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
2874 
2875 size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
2876 {
2877  return strchr(cn, ':') == NULL
2878  ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0
2879  : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0;
2880 }
2881 
2882 /*
2883  * Check for CN match
2884  */
2885 static int x509_crt_check_cn(const mbedtls_x509_buf *name,
2886  const char *cn, size_t cn_len)
2887 {
2888  /* try exact match */
2889  if (name->len == cn_len &&
2890  x509_memcasecmp(cn, name->p, cn_len) == 0) {
2891  return 0;
2892  }
2893 
2894  /* try wildcard match */
2895  if (x509_check_wildcard(cn, name) == 0) {
2896  return 0;
2897  }
2898 
2899  return -1;
2900 }
2901 
2902 static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san,
2903  const char *cn, size_t cn_len)
2904 {
2905  uint32_t ip[4];
2907  if (cn_len == 0) {
2908  return -1;
2909  }
2910 
2911  for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
2912  const unsigned char san_type = (unsigned char) cur->buf.tag &
2914  if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
2915  cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) {
2916  return 0;
2917  }
2918  }
2919 
2920  return -1;
2921 }
2922 
2923 static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san,
2924  const char *cn, size_t cn_len)
2925 {
2926  for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
2927  const unsigned char san_type = (unsigned char) cur->buf.tag &
2930  cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) {
2931  return 0;
2932  }
2933  }
2934 
2935  return -1;
2936 }
2937 
2938 /*
2939  * Check for SAN match, see RFC 5280 Section 4.2.1.6
2940  */
2941 static int x509_crt_check_san(const mbedtls_x509_sequence *san,
2942  const char *cn, size_t cn_len)
2943 {
2944  int san_ip = 0;
2945  int san_uri = 0;
2946  /* Prioritize DNS name over other subtypes due to popularity */
2947  for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
2948  switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
2950  if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
2951  return 0;
2952  }
2953  break;
2955  san_ip = 1;
2956  break;
2958  san_uri = 1;
2959  break;
2960  /* (We may handle other types here later.) */
2961  default: /* Unrecognized type */
2962  break;
2963  }
2964  }
2965  if (san_ip) {
2966  if (x509_crt_check_san_ip(san, cn, cn_len) == 0) {
2967  return 0;
2968  }
2969  }
2970  if (san_uri) {
2971  if (x509_crt_check_san_uri(san, cn, cn_len) == 0) {
2972  return 0;
2973  }
2974  }
2975 
2976  return -1;
2977 }
2978 
2979 /*
2980  * Verify the requested CN - only call this if cn is not NULL!
2981  */
2982 static void x509_crt_verify_name(const mbedtls_x509_crt *crt,
2983  const char *cn,
2984  uint32_t *flags)
2985 {
2986  const mbedtls_x509_name *name;
2987  size_t cn_len = strlen(cn);
2988 
2989  if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
2990  if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
2991  return;
2992  }
2993  } else {
2994  for (name = &crt->subject; name != NULL; name = name->next) {
2995  if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
2996  x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
2997  return;
2998  }
2999  }
3000 
3001  }
3002 
3004 }
3005 
3006 /*
3007  * Merge the flags for all certs in the chain, after calling callback
3008  */
3009 static int x509_crt_merge_flags_with_cb(
3010  uint32_t *flags,
3011  const mbedtls_x509_crt_verify_chain *ver_chain,
3012  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3013  void *p_vrfy)
3014 {
3016  unsigned i;
3017  uint32_t cur_flags;
3019 
3020  for (i = ver_chain->len; i != 0; --i) {
3021  cur = &ver_chain->items[i-1];
3022  cur_flags = cur->flags;
3023 
3024  if (NULL != f_vrfy) {
3025  if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) {
3026  return ret;
3027  }
3028  }
3029 
3030  *flags |= cur_flags;
3031  }
3032 
3033  return 0;
3034 }
3035 
3036 /*
3037  * Verify the certificate validity, with profile, restartable version
3038  *
3039  * This function:
3040  * - checks the requested CN (if any)
3041  * - checks the type and size of the EE cert's key,
3042  * as that isn't done as part of chain building/verification currently
3043  * - builds and verifies the chain
3044  * - then calls the callback and merges the flags
3045  *
3046  * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb`
3047  * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the
3048  * verification routine to search for trusted signers, and CRLs will
3049  * be disabled. Otherwise, `trust_ca` will be used as the static list
3050  * of trusted signers, and `ca_crl` will be use as the static list
3051  * of CRLs.
3052  */
3053 static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
3054  mbedtls_x509_crt *trust_ca,
3055  mbedtls_x509_crl *ca_crl,
3056  mbedtls_x509_crt_ca_cb_t f_ca_cb,
3057  void *p_ca_cb,
3058  const mbedtls_x509_crt_profile *profile,
3059  const char *cn, uint32_t *flags,
3060  int (*f_vrfy)(void *,
3061  mbedtls_x509_crt *,
3062  int,
3063  uint32_t *),
3064  void *p_vrfy,
3066 {
3068  mbedtls_pk_type_t pk_type;
3070  uint32_t ee_flags;
3071 
3072  *flags = 0;
3073  ee_flags = 0;
3074  x509_crt_verify_chain_reset(&ver_chain);
3075 
3076  if (profile == NULL) {
3078  goto exit;
3079  }
3080 
3081  /* check name if requested */
3082  if (cn != NULL) {
3083  x509_crt_verify_name(crt, cn, &ee_flags);
3084  }
3085 
3086  /* Check the type and size of the key */
3087  pk_type = mbedtls_pk_get_type(&crt->pk);
3088 
3089  if (x509_profile_check_pk_alg(profile, pk_type) != 0) {
3090  ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
3091  }
3092 
3093  if (x509_profile_check_key(profile, &crt->pk) != 0) {
3094  ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
3095  }
3096 
3097  /* Check the chain */
3098  ret = x509_crt_verify_chain(crt, trust_ca, ca_crl,
3099  f_ca_cb, p_ca_cb, profile,
3100  &ver_chain, rs_ctx);
3101 
3102  if (ret != 0) {
3103  goto exit;
3104  }
3105 
3106  /* Merge end-entity flags */
3107  ver_chain.items[0].flags |= ee_flags;
3108 
3109  /* Build final flags, calling callback on the way if any */
3110  ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy);
3111 
3112 exit:
3113 
3114 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
3115  mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result);
3116  mbedtls_free(ver_chain.trust_ca_cb_result);
3117  ver_chain.trust_ca_cb_result = NULL;
3118 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
3119 
3120 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
3121  if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
3122  mbedtls_x509_crt_restart_free(rs_ctx);
3123  }
3124 #endif
3125 
3126  /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
3127  * the SSL module for authmode optional, but non-zero return from the
3128  * callback means a fatal error so it shouldn't be ignored */
3131  }
3132 
3133  if (ret != 0) {
3134  *flags = (uint32_t) -1;
3135  return ret;
3136  }
3137 
3138  if (*flags != 0) {
3140  }
3141 
3142  return 0;
3143 }
3144 
3145 
3146 /*
3147  * Verify the certificate validity (default profile, not restartable)
3148  */
3150  mbedtls_x509_crt *trust_ca,
3151  mbedtls_x509_crl *ca_crl,
3152  const char *cn, uint32_t *flags,
3153  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3154  void *p_vrfy)
3155 {
3156  return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3157  NULL, NULL,
3159  cn, flags,
3160  f_vrfy, p_vrfy, NULL);
3161 }
3162 
3163 /*
3164  * Verify the certificate validity (user-chosen profile, not restartable)
3165  */
3167  mbedtls_x509_crt *trust_ca,
3168  mbedtls_x509_crl *ca_crl,
3169  const mbedtls_x509_crt_profile *profile,
3170  const char *cn, uint32_t *flags,
3171  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3172  void *p_vrfy)
3173 {
3174  return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3175  NULL, NULL,
3176  profile, cn, flags,
3177  f_vrfy, p_vrfy, NULL);
3178 }
3179 
3180 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
3181 /*
3182  * Verify the certificate validity (user-chosen profile, CA callback,
3183  * not restartable).
3184  */
3185 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
3186  mbedtls_x509_crt_ca_cb_t f_ca_cb,
3187  void *p_ca_cb,
3188  const mbedtls_x509_crt_profile *profile,
3189  const char *cn, uint32_t *flags,
3190  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3191  void *p_vrfy)
3192 {
3193  return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL,
3194  f_ca_cb, p_ca_cb,
3195  profile, cn, flags,
3196  f_vrfy, p_vrfy, NULL);
3197 }
3198 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
3199 
3201  mbedtls_x509_crt *trust_ca,
3202  mbedtls_x509_crl *ca_crl,
3203  const mbedtls_x509_crt_profile *profile,
3204  const char *cn, uint32_t *flags,
3205  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3206  void *p_vrfy,
3208 {
3209  return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3210  NULL, NULL,
3211  profile, cn, flags,
3212  f_vrfy, p_vrfy, rs_ctx);
3213 }
3214 
3215 
3216 /*
3217  * Initialize a certificate chain
3218  */
3220 {
3221  memset(crt, 0, sizeof(mbedtls_x509_crt));
3222 }
3223 
3224 /*
3225  * Unallocate all certificate data
3226  */
3228 {
3229  mbedtls_x509_crt *cert_cur = crt;
3230  mbedtls_x509_crt *cert_prv;
3231 
3232  while (cert_cur != NULL) {
3233  mbedtls_pk_free(&cert_cur->pk);
3234 
3235 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
3236  mbedtls_free(cert_cur->sig_opts);
3237 #endif
3238 
3245 
3246  if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
3247  mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len);
3248  }
3249 
3250  cert_prv = cert_cur;
3251  cert_cur = cert_cur->next;
3252 
3253  mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt));
3254  if (cert_prv != crt) {
3255  mbedtls_free(cert_prv);
3256  }
3257  }
3258 }
3259 
3260 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
3261 /*
3262  * Initialize a restart context
3263  */
3264 void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx)
3265 {
3266  mbedtls_pk_restart_init(&ctx->pk);
3267 
3268  ctx->parent = NULL;
3269  ctx->fallback_parent = NULL;
3270  ctx->fallback_signature_is_good = 0;
3271 
3272  ctx->parent_is_trusted = -1;
3273 
3274  ctx->in_progress = x509_crt_rs_none;
3275  ctx->self_cnt = 0;
3276  x509_crt_verify_chain_reset(&ctx->ver_chain);
3277 }
3278 
3279 /*
3280  * Free the components of a restart context
3281  */
3282 void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
3283 {
3284  if (ctx == NULL) {
3285  return;
3286  }
3287 
3288  mbedtls_pk_restart_free(&ctx->pk);
3289  mbedtls_x509_crt_restart_init(ctx);
3290 }
3291 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
3292 
3294 {
3295  if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) {
3296  return crt->MBEDTLS_PRIVATE(ca_istrue);
3297  }
3299 }
3300 
3301 #endif /* MBEDTLS_X509_CRT_PARSE_C */
const char * usage
#define MBEDTLS_PUT_UINT16_BE(n, data, offset)
Put in memory a 16 bits unsigned integer in big-endian order.
Definition: alignment.h:536
Platform Security Architecture cryptography module.
static uch flags
static const char ip[]
Definition: des.c:75
#define MBEDTLS_ERR_ECP_IN_PROGRESS
Operation in progress, call again with the same parameters to continue.
Definition: ecp.h:51
mbedtls_ecp_group_id
Domain-parameter identifiers: curve, subgroup, and generator.
Definition: ecp.h:102
@ MBEDTLS_ECP_DP_SECP384R1
Definition: ecp.h:107
@ MBEDTLS_ECP_DP_NONE
Definition: ecp.h:103
@ MBEDTLS_ECP_DP_SECP256K1
Definition: ecp.h:115
@ MBEDTLS_ECP_DP_BP512R1
Definition: ecp.h:111
@ MBEDTLS_ECP_DP_SECP521R1
Definition: ecp.h:108
@ MBEDTLS_ECP_DP_BP384R1
Definition: ecp.h:110
@ MBEDTLS_ECP_DP_BP256R1
Definition: ecp.h:109
@ MBEDTLS_ECP_DP_SECP256R1
Definition: ecp.h:106
static void cleanup(void)
Definition: ct_dynamic.c:30
CS_CONTEXT * ctx
Definition: t0006.c:12
static DLIST_TYPE *DLIST_NAME() prev(DLIST_LIST_TYPE *list, DLIST_TYPE *item)
Definition: dlist.tmpl.h:61
unsigned char uint8_t
Uint2 uint16_t
Uint4 uint32_t
string
Definition: cgiapp.hpp:687
#define NULL
Definition: ncbistd.hpp:225
size_t len
ASN1 length, in octets.
Definition: asn1.h:143
#define MBEDTLS_ASN1_OCTET_STRING
Definition: asn1.h:67
mbedtls_asn1_buf oid
The object identifier.
Definition: asn1.h:179
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:144
#define MBEDTLS_OID_CMP(oid_str, oid_buf)
Compares an mbedtls_asn1_buf structure to a reference OID.
Definition: asn1.h:121
#define MBEDTLS_ERR_ASN1_INVALID_LENGTH
Error when trying to determine the length or invalid length.
Definition: asn1.h:41
struct mbedtls_asn1_named_data * next
The next entry in the sequence.
Definition: asn1.h:189
#define MBEDTLS_ASN1_PRINTABLE_STRING
Definition: asn1.h:74
#define MBEDTLS_ASN1_SEQUENCE
Definition: asn1.h:72
#define MBEDTLS_ASN1_INTEGER
Definition: asn1.h:65
mbedtls_asn1_buf buf
Buffer containing the given ASN.1 item.
Definition: asn1.h:162
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC
Definition: asn1.h:83
#define MBEDTLS_ASN1_CONSTRUCTED
Definition: asn1.h:82
#define MBEDTLS_ASN1_TAG_VALUE_MASK
Definition: asn1.h:108
#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:39
#define MBEDTLS_ERR_ASN1_ALLOC_FAILED
Memory allocation failed.
Definition: asn1.h:47
int tag
ASN1 type, e.g.
Definition: asn1.h:142
struct mbedtls_asn1_sequence * next
The next entry in the sequence.
Definition: asn1.h:171
#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:43
#define MBEDTLS_ASN1_OID
Definition: asn1.h:69
mbedtls_asn1_buf val
The named value.
Definition: asn1.h:180
#define MBEDTLS_ASN1_UTF8_STRING
Definition: asn1.h:71
#define INVALID_HANDLE_VALUE
A value for an invalid file handle.
Definition: mdb.c:389
#define HANDLE
An abstraction for a file handle.
Definition: mdb.c:383
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:134
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:59
#define PSA_ERROR_CORRUPTION_DETECTED
A tampering attempt was detected.
#define PSA_SUCCESS
The action was completed successfully.
Definition: crypto_values.h:57
psa_status_t psa_hash_compute(psa_algorithm_t alg, const uint8_t *input, size_t input_length, uint8_t *hash, size_t hash_size, size_t *hash_length)
Calculate the hash (digest) of a message.
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED
The certificate is not correctly signed by the trusted CA.
Definition: x509.h:94
#define MBEDTLS_X509_CRT_ERROR_INFO_LIST
Definition: x509_crt.h:152
#define MBEDTLS_X509_BADCRL_BAD_PK
The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).
Definition: x509.h:109
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
Definition: x509.h:45
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:306
#define MBEDTLS_X509_BADCERT_BAD_MD
The certificate is signed with an unacceptable hash.
Definition: x509.h:105
#define MBEDTLS_ERR_X509_INVALID_FORMAT
The CRT/CRL/CSR format is invalid, e.g.
Definition: x509.h:49
#define MBEDTLS_X509_MAX_FILE_PATH_LEN
Definition: x509_crt.h:143
#define MBEDTLS_ERR_X509_FATAL_ERROR
A fatal error occurred, eg the chain is too long or the vrfy callback failed.
Definition: x509.h:83
#define MBEDTLS_ERR_X509_INVALID_VERSION
The CRT/CRL/CSR version element is invalid.
Definition: x509.h:51
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Max size of verification chain: end-entity + intermediates + trusted root.
Definition: x509_crt.h:258
#define MBEDTLS_X509_BADCERT_EXPIRED
The certificate validity has expired.
Definition: x509.h:91
#define MBEDTLS_X509_BADCERT_CN_MISMATCH
The certificate Common Name (CN) does not match with the expected CN.
Definition: x509.h:93
#define MBEDTLS_X509_BADCERT_BAD_PK
The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).
Definition: x509.h:106
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition: x509.h:63
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION
CRT/CRL/CSR has an unsupported version number.
Definition: x509.h:65
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
Destination buffer is too small.
Definition: x509.h:81
#define MBEDTLS_X509_MAX_INTERMEDIATE_CA
Maximum number of intermediate CAs in a verification chain.
Definition: x509.h:37
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
Certificate verification failed, e.g.
Definition: x509.h:71
#define MBEDTLS_ERR_X509_INVALID_DATE
The date tag or value is invalid.
Definition: x509.h:59
#define MBEDTLS_ERR_X509_SIG_MISMATCH
Signature algorithms do not match.
Definition: x509.h:69
#define MBEDTLS_X509_BADCERT_FUTURE
The certificate validity starts in the future.
Definition: x509.h:100
#define MBEDTLS_ERR_X509_ALLOC_FAILED
Allocation of memory failed.
Definition: x509.h:77
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED
The CRL is not correctly signed by the trusted CA.
Definition: x509.h:95
#define MBEDTLS_X509_BADCRL_BAD_MD
The CRL is signed with an unacceptable hash.
Definition: x509.h:108
#define MBEDTLS_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
Definition: x509.h:79
#define MBEDTLS_X509_BADCRL_FUTURE
The CRL is from the future.
Definition: x509.h:101
#define MBEDTLS_X509_BADCERT_REVOKED
The certificate has been revoked (is on a CRL).
Definition: x509.h:92
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
Format not recognized as DER or PEM.
Definition: x509.h:73
#define MBEDTLS_X509_BADCRL_EXPIRED
The CRL is expired.
Definition: x509.h:96
#define MBEDTLS_X509_ID_FLAG(id)
Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE,...
Definition: x509_crt.h:98
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA
Input invalid.
Definition: x509.h:75
#define MBEDTLS_X509_BADCERT_BAD_KEY
The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
Definition: x509.h:107
int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt)
Access the ca_istrue field.
exit(2)
char * buf
int i
if(yy_accept[yy_current_state])
yy_size_t n
int len
mbedtls_md_type_t
Supported message digests.
Definition: md.h:47
@ MBEDTLS_MD_SHA512
The SHA-512 message digest.
Definition: md.h:55
@ MBEDTLS_MD_SHA384
The SHA-384 message digest.
Definition: md.h:54
@ MBEDTLS_MD_NONE
None.
Definition: md.h:48
@ MBEDTLS_MD_SHA256
The SHA-256 message digest.
Definition: md.h:53
MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the message-digest of a buffer, with respect to a configurable message-diges...
const mbedtls_md_info_t * mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
This function returns the message-digest information associated with the given digest type.
#define MBEDTLS_MD_MAX_SIZE
Definition: md.h:79
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
const struct ncbi::grid::netcache::search::fields::SIZE size
unsigned int a
Definition: ncbi_localip.c:102
#define mbedtls_pem_read_buffer
#define mbedtls_x509_time_gmtime
#define mbedtls_x509_crt_parse_der
#define mbedtls_asn1_sequence_free
#define mbedtls_x509_crt_parse_der_nocopy
#define mbedtls_platform_zeroize
#define mbedtls_x509_crt_profile_default
#define mbedtls_x509_crt_parse_der_with_ext_cb
#define mbedtls_asn1_get_bool
#define mbedtls_x509_crt_parse_file
#define mbedtls_x509_crt_is_revoked
#define mbedtls_asn1_get_int
#define mbedtls_pem_init
#define mbedtls_x509_crt_profile_none
#define mbedtls_x509_crt_profile_next
#define mbedtls_snprintf
#define mbedtls_pk_load_file
#define mbedtls_x509_crt_init
#define mbedtls_x509_crt_check_extended_key_usage
#define mbedtls_zeroize_and_free
#define mbedtls_x509_crt_verify_restartable
#define mbedtls_asn1_free_named_data_list_shallow
#define mbedtls_x509_crt_free
#define mbedtls_pem_free
#define mbedtls_pk_parse_subpubkey
#define mbedtls_x509_crt_profile_suiteb
#define mbedtls_x509_crt_check_key_usage
#define mbedtls_asn1_get_tag
#define mbedtls_asn1_get_sequence_of
#define mbedtls_x509_crt_verify_info
#define mbedtls_x509_crt_parse
#define mbedtls_mutex_lock
#define mbedtls_x509_crt_info
#define mbedtls_x509_crt_verify
#define mbedtls_threading_readdir_mutex
#define mbedtls_mutex_unlock
#define mbedtls_x509_crt_parse_path
#define mbedtls_x509_crt_verify_with_profile
Object Identifier (OID) database.
#define MBEDTLS_OID_ANY_POLICY
anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
Definition: oid.h:170
int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
Definition: oid.h:196
int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type)
Translate an X.509 extension OID into local values.
int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc)
Translate certificate policies OID into description.
#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
Definition: oid.h:40
#define MBEDTLS_OID_AT_CN
id-at-commonName AttributeType:= {id-at 3}
Definition: oid.h:127
#define memmove(a, b, c)
Privacy Enhanced Mail (PEM) decoding.
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
Definition: pem.h:41
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:25
const char * mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
Access the type name.
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
Tell if a context can do the operation given by type.
mbedtls_pk_type_t
Public key types.
Definition: pk.h:73
@ MBEDTLS_PK_NONE
Definition: pk.h:74
@ MBEDTLS_PK_ECDSA
Definition: pk.h:78
@ MBEDTLS_PK_RSASSA_PSS
Definition: pk.h:80
@ MBEDTLS_PK_RSA
Definition: pk.h:75
@ MBEDTLS_PK_ECKEY_DH
Definition: pk.h:77
@ MBEDTLS_PK_ECKEY
Definition: pk.h:76
size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx)
Get the size in bits of the underlying key.
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len)
Verify signature, with options.
int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx)
Restartable version of mbedtls_pk_verify()
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
Get the key type.
void mbedtls_pk_free(mbedtls_pk_context *ctx)
Free the components of a mbedtls_pk_context.
Public Key abstraction layer: internal (i.e.
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
#define mbedtls_free
Definition: platform.h:166
#define mbedtls_calloc
Definition: platform.h:167
#define mbedtls_time
Definition: platform_time.h:71
Common and shared functions used by multiple modules in the Mbed TLS library.
Utility functions for the use of the PSA Crypto library.
Internal utility functions for use of PSA Crypto.
unsigned short WCHAR
Definition: sqltypes.h:105
Error to string translation.
#define MBEDTLS_ERROR_ADD(high, low)
Combines a high-level and low-level error code together.
Definition: error.h:113
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
This is a bug in the library.
Definition: error.h:100
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
Hardware accelerator failed.
Definition: error.h:103
#define uint32_t
Definition: config.h:42
#define uint8_t
Definition: config.h:54
Definition: inftrees.h:24
Definition: _hash_fun.h:40
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:141
Container for a sequence or list of 'named' ASN.1 data items.
Definition: asn1.h:178
Container for a sequence of ASN.1 items.
Definition: asn1.h:161
Message digest information.
Definition: md_wrap.h:29
Public key container.
Definition: pk.h:220
mbedtls_x509_buf authorityCertSerialNumber
Definition: x509.h:240
mbedtls_x509_sequence authorityCertIssuer
Definition: x509.h:239
mbedtls_x509_buf keyIdentifier
Definition: x509.h:238
Certificate revocation list entry.
Definition: x509_crl.h:39
mbedtls_x509_buf serial
The serial number of the revoked certificate.
Definition: x509_crl.h:43
struct mbedtls_x509_crl_entry * next
Next element in the linked list of entries.
Definition: x509_crl.h:56
Certificate revocation list structure.
Definition: x509_crl.h:64
mbedtls_x509_time this_update
Definition: x509_crl.h:75
struct mbedtls_x509_crl * next
Next element in the linked list of CRL.
Definition: x509_crl.h:91
mbedtls_x509_time next_update
Definition: x509_crl.h:76
mbedtls_x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
Definition: x509_crl.h:78
mbedtls_x509_name issuer
The parsed issuer data (named information object).
Definition: x509_crl.h:73
int version
CRL version (1=v1, 2=v2)
Definition: x509_crl.h:68
mbedtls_x509_buf tbs
The raw certificate body (DER).
Definition: x509_crl.h:66
Security profile for certificate verification.
Definition: x509_crt.h:125
uint32_t rsa_min_bitlen
Minimum size for RSA keys.
Definition: x509_crt.h:131
uint32_t allowed_mds
MDs for signatures.
Definition: x509_crt.h:126
uint32_t allowed_pks
PK algs for public keys; this applies to all certificates in the provided chain.
Definition: x509_crt.h:127
uint32_t allowed_curves
Elliptic curves for ECDSA.
Definition: x509_crt.h:130
Item in a verification chain: cert and flags for it.
Definition: x509_crt.h:250
Verification chain as built by mbedtls_crt_verify_chain()
Definition: x509_crt.h:263
Container for an X.509 certificate.
Definition: x509_crt.h:41
mbedtls_x509_time valid_to
End time of certificate validity.
Definition: x509_crt.h:58
mbedtls_x509_buf sig_oid
Signature algorithm, e.g.
Definition: x509_crt.h:49
int MBEDTLS_PRIVATE(own_buffer)
Indicates if raw is owned by the structure or not.
mbedtls_x509_sequence subject_alt_names
Optional list of raw entries of Subject Alternative Names extension.
Definition: x509_crt.h:66
mbedtls_x509_buf tbs
The raw certificate body (DER).
Definition: x509_crt.h:45
mbedtls_x509_authority authority_key_id
Optional X.509 v3 extension authority key identifier.
Definition: x509_crt.h:68
mbedtls_x509_buf subject_key_id
Optional X.509 v3 extension subject key identifier.
Definition: x509_crt.h:67
mbedtls_x509_buf raw
The raw certificate data (DER).
Definition: x509_crt.h:44
mbedtls_x509_buf serial
Unique id for certificate issued by a specific CA.
Definition: x509_crt.h:48
mbedtls_pk_context pk
Container for the public key context.
Definition: x509_crt.h:61
mbedtls_x509_buf v3_ext
Optional X.509 v3 extensions.
Definition: x509_crt.h:65
mbedtls_x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
Definition: x509_crt.h:63
mbedtls_x509_name subject
The parsed subject data (named information object).
Definition: x509_crt.h:55
mbedtls_x509_sequence certificate_policies
Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of th...
Definition: x509_crt.h:70
int version
The X.509 version.
Definition: x509_crt.h:47
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:60
mbedtls_x509_time valid_from
Start time of certificate validity.
Definition: x509_crt.h:57
mbedtls_x509_buf subject_raw
The raw subject data (DER).
Definition: x509_crt.h:52
mbedtls_x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
Definition: x509_crt.h:78
struct mbedtls_x509_crt * next
Next certificate in the linked list that constitutes the CA chain.
Definition: x509_crt.h:90
mbedtls_x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
Definition: x509_crt.h:64
mbedtls_x509_name issuer
The parsed issuer data (named information object).
Definition: x509_crt.h:54
mbedtls_x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509_crt.h:51
Container for date and time (precision in seconds).
Definition: x509.h:246
int day
Date.
Definition: x509.h:247
int sec
Time.
Definition: x509.h:248
Threading abstraction layer.
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR
Locking / unlocking / free failed with error code.
Definition: threading.h:25
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
Definition: x509.h:175
#define MBEDTLS_X509_FORMAT_PEM
Definition: x509.h:196
#define MBEDTLS_X509_KU_DECIPHER_ONLY
Definition: x509.h:149
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written.
#define MBEDTLS_X509_KU_KEY_CERT_SIGN
Definition: x509.h:146
int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2)
Compare pair of mbedtls_x509_time.
#define MBEDTLS_X509_SAN_IP_ADDRESS
Definition: x509.h:134
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
Definition: x509.h:185
#define MBEDTLS_X509_SAFE_SNPRINTF
Definition: x509.h:486
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
Definition: x509.h:182
#define MBEDTLS_X509_KU_CRL_SIGN
Definition: x509.h:147
#define MBEDTLS_X509_SAN_DNS_NAME
Definition: x509.h:129
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
This function parses a CN string as an IP address.
#define MBEDTLS_X509_EXT_KEY_USAGE
Definition: x509.h:176
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
Definition: x509.h:179
#define MBEDTLS_X509_KU_ENCIPHER_ONLY
Definition: x509.h:148
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER
Definition: x509.h:133
#define MBEDTLS_X509_FORMAT_DER
Definition: x509.h:195
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
Definition: x509.h:174
#define MBEDTLS_X509_EXT_NS_CERT_TYPE
Definition: x509.h:189
int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
X.509 certificate parsing and writing.
int mbedtls_x509_get_subject_alt_name(unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name)
int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
int mbedtls_x509_get_key_usage(unsigned char **p, const unsigned char *end, unsigned int *key_usage)
int mbedtls_x509_info_cert_type(char **buf, size_t *size, unsigned char ns_cert_type)
int mbedtls_x509_info_key_usage(char **buf, size_t *size, unsigned int key_usage)
int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name)
int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, const mbedtls_x509_sequence *subject_alt_name, const char *prefix)
int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts)
int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
int mbedtls_x509_get_ns_cert_type(unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type)
int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name)
Modified on Wed Sep 04 15:04:10 2024 by modify_doxy.py rev. 669887