1/* 2 * X.509 certificate parsing and verification 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 */ 7/* 8 * The ITU-T X.509 standard defines a certificate format for PKI. 9 * 10 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 11 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 12 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 13 * 14 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 15 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 16 * 17 * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf 18 */ 19 20#include "common.h" 21 22#if defined(MBEDTLS_X509_CRT_PARSE_C) 23 24#include "mbedtls/x509_crt.h" 25#include "x509_internal.h" 26#include "mbedtls/error.h" 27#include "mbedtls/oid.h" 28#include "mbedtls/platform_util.h" 29 30#include <string.h> 31 32#if defined(MBEDTLS_PEM_PARSE_C) 33#include "mbedtls/pem.h" 34#endif 35 36#if defined(MBEDTLS_USE_PSA_CRYPTO) 37#include "psa/crypto.h" 38#include "psa_util_internal.h" 39#include "mbedtls/psa_util.h" 40#endif /* MBEDTLS_USE_PSA_CRYPTO */ 41#include "pk_internal.h" 42 43#include "mbedtls/platform.h" 44 45#if defined(MBEDTLS_THREADING_C) 46#include "mbedtls/threading.h" 47#endif 48 49#if defined(MBEDTLS_HAVE_TIME) 50#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 51#define WIN32_LEAN_AND_MEAN 52#include <windows.h> 53#else 54#include <time.h> 55#endif 56#endif 57 58#if defined(MBEDTLS_FS_IO) 59#include <stdio.h> 60#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) 61#include <sys/types.h> 62#include <sys/stat.h> 63#if defined(__MBED__) 64#include <platform/mbed_retarget.h> 65#else 66#include <dirent.h> 67#endif /* __MBED__ */ 68#include <errno.h> 69#endif /* !_WIN32 || EFIX64 || EFI32 */ 70#endif 71 72/* 73 * Item in a verification chain: cert and flags for it 74 */ 75typedef struct { 76 mbedtls_x509_crt *crt; 77 uint32_t flags; 78} x509_crt_verify_chain_item; 79 80/* 81 * Max size of verification chain: end-entity + intermediates + trusted root 82 */ 83#define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) 84 85/* Default profile. Do not remove items unless there are serious security 86 * concerns. */ 87const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = 88{ 89 /* Hashes from SHA-256 and above. Note that this selection 90 * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */ 91 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | 92 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | 93 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 94 0xFFFFFFF, /* Any PK alg */ 95#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 96 /* Curves at or above 128-bit security level. Note that this selection 97 * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ 98 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | 99 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | 100 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | 101 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | 102 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | 103 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | 104 0, 105#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ 106 0, 107#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 108 2048, 109}; 110 111/* Next-generation profile. Currently identical to the default, but may 112 * be tightened at any time. */ 113const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = 114{ 115 /* Hashes from SHA-256 and above. */ 116 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | 117 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | 118 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 119 0xFFFFFFF, /* Any PK alg */ 120#if defined(MBEDTLS_ECP_C) 121 /* Curves at or above 128-bit security level. */ 122 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | 123 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | 124 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | 125 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | 126 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | 127 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | 128 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1), 129#else 130 0, 131#endif 132 2048, 133}; 134 135/* 136 * NSA Suite B Profile 137 */ 138const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = 139{ 140 /* Only SHA-256 and 384 */ 141 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | 142 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384), 143 /* Only ECDSA */ 144 MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | 145 MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), 146#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 147 /* Only NIST P-256 and P-384 */ 148 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | 149 MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), 150#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ 151 0, 152#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 153 0, 154}; 155 156/* 157 * Empty / all-forbidden profile 158 */ 159const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none = 160{ 161 0, 162 0, 163 0, 164 (uint32_t) -1, 165}; 166 167/* 168 * Check md_alg against profile 169 * Return 0 if md_alg is acceptable for this profile, -1 otherwise 170 */ 171static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, 172 mbedtls_md_type_t md_alg) 173{ 174 if (md_alg == MBEDTLS_MD_NONE) { 175 return -1; 176 } 177 178 if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { 179 return 0; 180 } 181 182 return -1; 183} 184 185/* 186 * Check pk_alg against profile 187 * Return 0 if pk_alg is acceptable for this profile, -1 otherwise 188 */ 189static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, 190 mbedtls_pk_type_t pk_alg) 191{ 192 if (pk_alg == MBEDTLS_PK_NONE) { 193 return -1; 194 } 195 196 if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { 197 return 0; 198 } 199 200 return -1; 201} 202 203/* 204 * Check key against profile 205 * Return 0 if pk is acceptable for this profile, -1 otherwise 206 */ 207static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, 208 const mbedtls_pk_context *pk) 209{ 210 const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); 211 212#if defined(MBEDTLS_RSA_C) 213 if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { 214 if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { 215 return 0; 216 } 217 218 return -1; 219 } 220#endif /* MBEDTLS_RSA_C */ 221 222#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 223 if (pk_alg == MBEDTLS_PK_ECDSA || 224 pk_alg == MBEDTLS_PK_ECKEY || 225 pk_alg == MBEDTLS_PK_ECKEY_DH) { 226 const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk); 227 228 if (gid == MBEDTLS_ECP_DP_NONE) { 229 return -1; 230 } 231 232 if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { 233 return 0; 234 } 235 236 return -1; 237 } 238#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 239 240 return -1; 241} 242 243/* 244 * Like memcmp, but case-insensitive and always returns -1 if different 245 */ 246static int x509_memcasecmp(const void *s1, const void *s2, size_t len) 247{ 248 size_t i; 249 unsigned char diff; 250 const unsigned char *n1 = s1, *n2 = s2; 251 252 for (i = 0; i < len; i++) { 253 diff = n1[i] ^ n2[i]; 254 255 if (diff == 0) { 256 continue; 257 } 258 259 if (diff == 32 && 260 ((n1[i] >= 'a' && n1[i] <= 'z') || 261 (n1[i] >= 'A' && n1[i] <= 'Z'))) { 262 continue; 263 } 264 265 return -1; 266 } 267 268 return 0; 269} 270 271/* 272 * Return 0 if name matches wildcard, -1 otherwise 273 */ 274static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name) 275{ 276 size_t i; 277 size_t cn_idx = 0, cn_len = strlen(cn); 278 279 /* We can't have a match if there is no wildcard to match */ 280 if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') { 281 return -1; 282 } 283 284 for (i = 0; i < cn_len; ++i) { 285 if (cn[i] == '.') { 286 cn_idx = i; 287 break; 288 } 289 } 290 291 if (cn_idx == 0) { 292 return -1; 293 } 294 295 if (cn_len - cn_idx == name->len - 1 && 296 x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { 297 return 0; 298 } 299 300 return -1; 301} 302 303/* 304 * Compare two X.509 strings, case-insensitive, and allowing for some encoding 305 * variations (but not all). 306 * 307 * Return 0 if equal, -1 otherwise. 308 */ 309static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b) 310{ 311 if (a->tag == b->tag && 312 a->len == b->len && 313 memcmp(a->p, b->p, b->len) == 0) { 314 return 0; 315 } 316 317 if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && 318 (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && 319 a->len == b->len && 320 x509_memcasecmp(a->p, b->p, b->len) == 0) { 321 return 0; 322 } 323 324 return -1; 325} 326 327/* 328 * Compare two X.509 Names (aka rdnSequence). 329 * 330 * See RFC 5280 section 7.1, though we don't implement the whole algorithm: 331 * we sometimes return unequal when the full algorithm would return equal, 332 * but never the other way. (In particular, we don't do Unicode normalisation 333 * or space folding.) 334 * 335 * Return 0 if equal, -1 otherwise. 336 */ 337static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b) 338{ 339 /* Avoid recursion, it might not be optimised by the compiler */ 340 while (a != NULL || b != NULL) { 341 if (a == NULL || b == NULL) { 342 return -1; 343 } 344 345 /* type */ 346 if (a->oid.tag != b->oid.tag || 347 a->oid.len != b->oid.len || 348 memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { 349 return -1; 350 } 351 352 /* value */ 353 if (x509_string_cmp(&a->val, &b->val) != 0) { 354 return -1; 355 } 356 357 /* structure of the list of sets */ 358 if (a->next_merged != b->next_merged) { 359 return -1; 360 } 361 362 a = a->next; 363 b = b->next; 364 } 365 366 /* a == NULL == b */ 367 return 0; 368} 369 370/* 371 * Reset (init or clear) a verify_chain 372 */ 373static void x509_crt_verify_chain_reset( 374 mbedtls_x509_crt_verify_chain *ver_chain) 375{ 376 size_t i; 377 378 for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { 379 ver_chain->items[i].crt = NULL; 380 ver_chain->items[i].flags = (uint32_t) -1; 381 } 382 383 ver_chain->len = 0; 384 385#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 386 ver_chain->trust_ca_cb_result = NULL; 387#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 388} 389 390/* 391 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 392 */ 393static int x509_get_version(unsigned char **p, 394 const unsigned char *end, 395 int *ver) 396{ 397 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 398 size_t len; 399 400 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 401 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 402 0)) != 0) { 403 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 404 *ver = 0; 405 return 0; 406 } 407 408 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); 409 } 410 411 end = *p + len; 412 413 if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { 414 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); 415 } 416 417 if (*p != end) { 418 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, 419 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 420 } 421 422 return 0; 423} 424 425/* 426 * Validity ::= SEQUENCE { 427 * notBefore Time, 428 * notAfter Time } 429 */ 430static int x509_get_dates(unsigned char **p, 431 const unsigned char *end, 432 mbedtls_x509_time *from, 433 mbedtls_x509_time *to) 434{ 435 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 436 size_t len; 437 438 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 439 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 440 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); 441 } 442 443 end = *p + len; 444 445 if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { 446 return ret; 447 } 448 449 if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { 450 return ret; 451 } 452 453 if (*p != end) { 454 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, 455 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 456 } 457 458 return 0; 459} 460 461/* 462 * X.509 v2/v3 unique identifier (not parsed) 463 */ 464static int x509_get_uid(unsigned char **p, 465 const unsigned char *end, 466 mbedtls_x509_buf *uid, int n) 467{ 468 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 469 470 if (*p == end) { 471 return 0; 472 } 473 474 uid->tag = **p; 475 476 if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, 477 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 478 n)) != 0) { 479 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 480 return 0; 481 } 482 483 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); 484 } 485 486 uid->p = *p; 487 *p += uid->len; 488 489 return 0; 490} 491 492static int x509_get_basic_constraints(unsigned char **p, 493 const unsigned char *end, 494 int *ca_istrue, 495 int *max_pathlen) 496{ 497 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 498 size_t len; 499 500 /* 501 * BasicConstraints ::= SEQUENCE { 502 * cA BOOLEAN DEFAULT FALSE, 503 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 504 */ 505 *ca_istrue = 0; /* DEFAULT FALSE */ 506 *max_pathlen = 0; /* endless */ 507 508 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 509 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 510 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 511 } 512 513 if (*p == end) { 514 return 0; 515 } 516 517 if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { 518 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 519 ret = mbedtls_asn1_get_int(p, end, ca_istrue); 520 } 521 522 if (ret != 0) { 523 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 524 } 525 526 if (*ca_istrue != 0) { 527 *ca_istrue = 1; 528 } 529 } 530 531 if (*p == end) { 532 return 0; 533 } 534 535 if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { 536 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 537 } 538 539 if (*p != end) { 540 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 541 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 542 } 543 544 /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer 545 * overflow, which is an undefined behavior. */ 546 if (*max_pathlen == INT_MAX) { 547 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 548 MBEDTLS_ERR_ASN1_INVALID_LENGTH); 549 } 550 551 (*max_pathlen)++; 552 553 return 0; 554} 555 556/* 557 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 558 * 559 * KeyPurposeId ::= OBJECT IDENTIFIER 560 */ 561static int x509_get_ext_key_usage(unsigned char **p, 562 const unsigned char *end, 563 mbedtls_x509_sequence *ext_key_usage) 564{ 565 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 566 567 if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) { 568 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 569 } 570 571 /* Sequence length must be >= 1 */ 572 if (ext_key_usage->buf.p == NULL) { 573 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 574 MBEDTLS_ERR_ASN1_INVALID_LENGTH); 575 } 576 577 return 0; 578} 579 580/* 581 * SubjectKeyIdentifier ::= KeyIdentifier 582 * 583 * KeyIdentifier ::= OCTET STRING 584 */ 585static int x509_get_subject_key_id(unsigned char **p, 586 const unsigned char *end, 587 mbedtls_x509_buf *subject_key_id) 588{ 589 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 590 size_t len = 0u; 591 592 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 593 MBEDTLS_ASN1_OCTET_STRING)) != 0) { 594 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 595 } 596 597 subject_key_id->len = len; 598 subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; 599 subject_key_id->p = *p; 600 *p += len; 601 602 if (*p != end) { 603 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 604 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 605 } 606 607 return 0; 608} 609 610/* 611 * AuthorityKeyIdentifier ::= SEQUENCE { 612 * keyIdentifier [0] KeyIdentifier OPTIONAL, 613 * authorityCertIssuer [1] GeneralNames OPTIONAL, 614 * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 615 * 616 * KeyIdentifier ::= OCTET STRING 617 */ 618static int x509_get_authority_key_id(unsigned char **p, 619 unsigned char *end, 620 mbedtls_x509_authority *authority_key_id) 621{ 622 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 623 size_t len = 0u; 624 625 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 626 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 627 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 628 } 629 630 if (*p + len != end) { 631 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 632 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 633 } 634 635 ret = mbedtls_asn1_get_tag(p, end, &len, 636 MBEDTLS_ASN1_CONTEXT_SPECIFIC); 637 638 /* KeyIdentifier is an OPTIONAL field */ 639 if (ret == 0) { 640 authority_key_id->keyIdentifier.len = len; 641 authority_key_id->keyIdentifier.p = *p; 642 /* Setting tag of the keyIdentfier intentionally to 0x04. 643 * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), 644 * its tag with the content is the payload of on OCTET STRING primitive */ 645 authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; 646 647 *p += len; 648 } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { 649 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 650 } 651 652 if (*p < end) { 653 /* Getting authorityCertIssuer using the required specific class tag [1] */ 654 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 655 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 656 1)) != 0) { 657 /* authorityCertIssuer and authorityCertSerialNumber MUST both 658 be present or both be absent. At this point we expect to have both. */ 659 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 660 } 661 /* "end" also includes the CertSerialNumber field so "len" shall be used */ 662 ret = mbedtls_x509_get_subject_alt_name_ext(p, 663 (*p+len), 664 &authority_key_id->authorityCertIssuer); 665 if (ret != 0) { 666 return ret; 667 } 668 669 /* Getting authorityCertSerialNumber using the required specific class tag [2] */ 670 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 671 MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { 672 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 673 } 674 authority_key_id->authorityCertSerialNumber.len = len; 675 authority_key_id->authorityCertSerialNumber.p = *p; 676 authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; 677 *p += len; 678 } 679 680 if (*p != end) { 681 return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 682 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; 683 } 684 685 return 0; 686} 687 688/* 689 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } 690 * 691 * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } 692 * 693 * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 694 * 695 * PolicyInformation ::= SEQUENCE { 696 * policyIdentifier CertPolicyId, 697 * policyQualifiers SEQUENCE SIZE (1..MAX) OF 698 * PolicyQualifierInfo OPTIONAL } 699 * 700 * CertPolicyId ::= OBJECT IDENTIFIER 701 * 702 * PolicyQualifierInfo ::= SEQUENCE { 703 * policyQualifierId PolicyQualifierId, 704 * qualifier ANY DEFINED BY policyQualifierId } 705 * 706 * -- policyQualifierIds for Internet policy qualifiers 707 * 708 * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 709 * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } 710 * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } 711 * 712 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) 713 * 714 * Qualifier ::= CHOICE { 715 * cPSuri CPSuri, 716 * userNotice UserNotice } 717 * 718 * CPSuri ::= IA5String 719 * 720 * UserNotice ::= SEQUENCE { 721 * noticeRef NoticeReference OPTIONAL, 722 * explicitText DisplayText OPTIONAL } 723 * 724 * NoticeReference ::= SEQUENCE { 725 * organization DisplayText, 726 * noticeNumbers SEQUENCE OF INTEGER } 727 * 728 * DisplayText ::= CHOICE { 729 * ia5String IA5String (SIZE (1..200)), 730 * visibleString VisibleString (SIZE (1..200)), 731 * bmpString BMPString (SIZE (1..200)), 732 * utf8String UTF8String (SIZE (1..200)) } 733 * 734 * NOTE: we only parse and use anyPolicy without qualifiers at this point 735 * as defined in RFC 5280. 736 */ 737static int x509_get_certificate_policies(unsigned char **p, 738 const unsigned char *end, 739 mbedtls_x509_sequence *certificate_policies) 740{ 741 int ret, parse_ret = 0; 742 size_t len; 743 mbedtls_asn1_buf *buf; 744 mbedtls_asn1_sequence *cur = certificate_policies; 745 746 /* Get main sequence tag */ 747 ret = mbedtls_asn1_get_tag(p, end, &len, 748 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); 749 if (ret != 0) { 750 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 751 } 752 753 if (*p + len != end) { 754 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 755 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 756 } 757 758 /* 759 * Cannot be an empty sequence. 760 */ 761 if (len == 0) { 762 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 763 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 764 } 765 766 while (*p < end) { 767 mbedtls_x509_buf policy_oid; 768 const unsigned char *policy_end; 769 770 /* 771 * Get the policy sequence 772 */ 773 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 774 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 775 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 776 } 777 778 policy_end = *p + len; 779 780 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, 781 MBEDTLS_ASN1_OID)) != 0) { 782 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 783 } 784 785 policy_oid.tag = MBEDTLS_ASN1_OID; 786 policy_oid.len = len; 787 policy_oid.p = *p; 788 789 /* 790 * Only AnyPolicy is currently supported when enforcing policy. 791 */ 792 if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) { 793 /* 794 * Set the parsing return code but continue parsing, in case this 795 * extension is critical. 796 */ 797 parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 798 } 799 800 /* Allocate and assign next pointer */ 801 if (cur->buf.p != NULL) { 802 if (cur->next != NULL) { 803 return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; 804 } 805 806 cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); 807 808 if (cur->next == NULL) { 809 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 810 MBEDTLS_ERR_ASN1_ALLOC_FAILED); 811 } 812 813 cur = cur->next; 814 } 815 816 buf = &(cur->buf); 817 buf->tag = policy_oid.tag; 818 buf->p = policy_oid.p; 819 buf->len = policy_oid.len; 820 821 *p += len; 822 823 /* 824 * If there is an optional qualifier, then *p < policy_end 825 * Check the Qualifier len to verify it doesn't exceed policy_end. 826 */ 827 if (*p < policy_end) { 828 if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, 829 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 830 0) { 831 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 832 } 833 /* 834 * Skip the optional policy qualifiers. 835 */ 836 *p += len; 837 } 838 839 if (*p != policy_end) { 840 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 841 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 842 } 843 } 844 845 /* Set final sequence entry's next pointer to NULL */ 846 cur->next = NULL; 847 848 if (*p != end) { 849 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 850 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 851 } 852 853 return parse_ret; 854} 855 856/* 857 * X.509 v3 extensions 858 * 859 */ 860static int x509_get_crt_ext(unsigned char **p, 861 const unsigned char *end, 862 mbedtls_x509_crt *crt, 863 mbedtls_x509_crt_ext_cb_t cb, 864 void *p_ctx) 865{ 866 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 867 size_t len; 868 unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; 869 870 if (*p == end) { 871 return 0; 872 } 873 874 if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { 875 return ret; 876 } 877 878 end = crt->v3_ext.p + crt->v3_ext.len; 879 while (*p < end) { 880 /* 881 * Extension ::= SEQUENCE { 882 * extnID OBJECT IDENTIFIER, 883 * critical BOOLEAN DEFAULT FALSE, 884 * extnValue OCTET STRING } 885 */ 886 mbedtls_x509_buf extn_oid = { 0, 0, NULL }; 887 int is_critical = 0; /* DEFAULT FALSE */ 888 int ext_type = 0; 889 890 if ((ret = mbedtls_asn1_get_tag(p, end, &len, 891 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 892 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 893 } 894 895 end_ext_data = *p + len; 896 897 /* Get extension ID */ 898 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, 899 MBEDTLS_ASN1_OID)) != 0) { 900 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 901 } 902 903 extn_oid.tag = MBEDTLS_ASN1_OID; 904 extn_oid.p = *p; 905 *p += extn_oid.len; 906 907 /* Get optional critical */ 908 if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && 909 (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { 910 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 911 } 912 913 /* Data should be octet string type */ 914 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, 915 MBEDTLS_ASN1_OCTET_STRING)) != 0) { 916 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); 917 } 918 919 start_ext_octet = *p; 920 end_ext_octet = *p + len; 921 922 if (end_ext_octet != end_ext_data) { 923 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 924 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 925 } 926 927 /* 928 * Detect supported extensions 929 */ 930 ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); 931 932 if (ret != 0) { 933 /* Give the callback (if any) a chance to handle the extension */ 934 if (cb != NULL) { 935 ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); 936 if (ret != 0 && is_critical) { 937 return ret; 938 } 939 *p = end_ext_octet; 940 continue; 941 } 942 943 /* No parser found, skip extension */ 944 *p = end_ext_octet; 945 946 if (is_critical) { 947 /* Data is marked as critical: fail */ 948 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 949 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 950 } 951 continue; 952 } 953 954 /* Forbid repeated extensions */ 955 if ((crt->ext_types & ext_type) != 0) { 956 return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; 957 } 958 959 crt->ext_types |= ext_type; 960 961 switch (ext_type) { 962 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: 963 /* Parse basic constraints */ 964 if ((ret = x509_get_basic_constraints(p, end_ext_octet, 965 &crt->ca_istrue, &crt->max_pathlen)) != 0) { 966 return ret; 967 } 968 break; 969 970 case MBEDTLS_X509_EXT_KEY_USAGE: 971 /* Parse key usage */ 972 if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet, 973 &crt->key_usage)) != 0) { 974 return ret; 975 } 976 break; 977 978 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: 979 /* Parse extended key usage */ 980 if ((ret = x509_get_ext_key_usage(p, end_ext_octet, 981 &crt->ext_key_usage)) != 0) { 982 return ret; 983 } 984 break; 985 986 case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: 987 /* Parse subject key identifier */ 988 if ((ret = x509_get_subject_key_id(p, end_ext_data, 989 &crt->subject_key_id)) != 0) { 990 return ret; 991 } 992 break; 993 994 case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: 995 /* Parse authority key identifier */ 996 if ((ret = x509_get_authority_key_id(p, end_ext_octet, 997 &crt->authority_key_id)) != 0) { 998 return ret; 999 } 1000 break; 1001 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: 1002 /* Parse subject alt name 1003 * SubjectAltName ::= GeneralNames 1004 */ 1005 if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, 1006 &crt->subject_alt_names)) != 0) { 1007 return ret; 1008 } 1009 break; 1010 1011 case MBEDTLS_X509_EXT_NS_CERT_TYPE: 1012 /* Parse netscape certificate type */ 1013 if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet, 1014 &crt->ns_cert_type)) != 0) { 1015 return ret; 1016 } 1017 break; 1018 1019 case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: 1020 /* Parse certificate policies type */ 1021 if ((ret = x509_get_certificate_policies(p, end_ext_octet, 1022 &crt->certificate_policies)) != 0) { 1023 /* Give the callback (if any) a chance to handle the extension 1024 * if it contains unsupported policies */ 1025 if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && 1026 cb(p_ctx, crt, &extn_oid, is_critical, 1027 start_ext_octet, end_ext_octet) == 0) { 1028 break; 1029 } 1030 1031 if (is_critical) { 1032 return ret; 1033 } else 1034 /* 1035 * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we 1036 * cannot interpret or enforce the policy. However, it is up to 1037 * the user to choose how to enforce the policies, 1038 * unless the extension is critical. 1039 */ 1040 if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { 1041 return ret; 1042 } 1043 } 1044 break; 1045 1046 default: 1047 /* 1048 * If this is a non-critical extension, which the oid layer 1049 * supports, but there isn't an x509 parser for it, 1050 * skip the extension. 1051 */ 1052 if (is_critical) { 1053 return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; 1054 } else { 1055 *p = end_ext_octet; 1056 } 1057 } 1058 } 1059 1060 if (*p != end) { 1061 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, 1062 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1063 } 1064 1065 return 0; 1066} 1067 1068/* 1069 * Parse and fill a single X.509 certificate in DER format 1070 */ 1071static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, 1072 const unsigned char *buf, 1073 size_t buflen, 1074 int make_copy, 1075 mbedtls_x509_crt_ext_cb_t cb, 1076 void *p_ctx) 1077{ 1078 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1079 size_t len; 1080 unsigned char *p, *end, *crt_end; 1081 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 1082 1083 memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); 1084 memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); 1085 memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); 1086 1087 /* 1088 * Check for valid input 1089 */ 1090 if (crt == NULL || buf == NULL) { 1091 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1092 } 1093 1094 /* Use the original buffer until we figure out actual length. */ 1095 p = (unsigned char *) buf; 1096 len = buflen; 1097 end = p + len; 1098 1099 /* 1100 * Certificate ::= SEQUENCE { 1101 * tbsCertificate TBSCertificate, 1102 * signatureAlgorithm AlgorithmIdentifier, 1103 * signatureValue BIT STRING } 1104 */ 1105 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1106 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 1107 mbedtls_x509_crt_free(crt); 1108 return MBEDTLS_ERR_X509_INVALID_FORMAT; 1109 } 1110 1111 end = crt_end = p + len; 1112 crt->raw.len = (size_t) (crt_end - buf); 1113 if (make_copy != 0) { 1114 /* Create and populate a new buffer for the raw field. */ 1115 crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); 1116 if (crt->raw.p == NULL) { 1117 return MBEDTLS_ERR_X509_ALLOC_FAILED; 1118 } 1119 1120 memcpy(crt->raw.p, buf, crt->raw.len); 1121 crt->own_buffer = 1; 1122 1123 p += crt->raw.len - len; 1124 end = crt_end = p + len; 1125 } else { 1126 crt->raw.p = (unsigned char *) buf; 1127 crt->own_buffer = 0; 1128 } 1129 1130 /* 1131 * TBSCertificate ::= SEQUENCE { 1132 */ 1133 crt->tbs.p = p; 1134 1135 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1136 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 1137 mbedtls_x509_crt_free(crt); 1138 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); 1139 } 1140 1141 end = p + len; 1142 crt->tbs.len = (size_t) (end - crt->tbs.p); 1143 1144 /* 1145 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1146 * 1147 * CertificateSerialNumber ::= INTEGER 1148 * 1149 * signature AlgorithmIdentifier 1150 */ 1151 if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || 1152 (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || 1153 (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, 1154 &sig_params1)) != 0) { 1155 mbedtls_x509_crt_free(crt); 1156 return ret; 1157 } 1158 1159 if (crt->version < 0 || crt->version > 2) { 1160 mbedtls_x509_crt_free(crt); 1161 return MBEDTLS_ERR_X509_UNKNOWN_VERSION; 1162 } 1163 1164 crt->version++; 1165 1166 if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, 1167 &crt->sig_md, &crt->sig_pk, 1168 &crt->sig_opts)) != 0) { 1169 mbedtls_x509_crt_free(crt); 1170 return ret; 1171 } 1172 1173 /* 1174 * issuer Name 1175 */ 1176 crt->issuer_raw.p = p; 1177 1178 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1179 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 1180 mbedtls_x509_crt_free(crt); 1181 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); 1182 } 1183 1184 if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { 1185 mbedtls_x509_crt_free(crt); 1186 return ret; 1187 } 1188 1189 crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); 1190 1191 /* 1192 * Validity ::= SEQUENCE { 1193 * notBefore Time, 1194 * notAfter Time } 1195 * 1196 */ 1197 if ((ret = x509_get_dates(&p, end, &crt->valid_from, 1198 &crt->valid_to)) != 0) { 1199 mbedtls_x509_crt_free(crt); 1200 return ret; 1201 } 1202 1203 /* 1204 * subject Name 1205 */ 1206 crt->subject_raw.p = p; 1207 1208 if ((ret = mbedtls_asn1_get_tag(&p, end, &len, 1209 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { 1210 mbedtls_x509_crt_free(crt); 1211 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); 1212 } 1213 1214 if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { 1215 mbedtls_x509_crt_free(crt); 1216 return ret; 1217 } 1218 1219 crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); 1220 1221 /* 1222 * SubjectPublicKeyInfo 1223 */ 1224 crt->pk_raw.p = p; 1225 if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { 1226 mbedtls_x509_crt_free(crt); 1227 return ret; 1228 } 1229 crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); 1230 1231 /* 1232 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 1233 * -- If present, version shall be v2 or v3 1234 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 1235 * -- If present, version shall be v2 or v3 1236 * extensions [3] EXPLICIT Extensions OPTIONAL 1237 * -- If present, version shall be v3 1238 */ 1239 if (crt->version == 2 || crt->version == 3) { 1240 ret = x509_get_uid(&p, end, &crt->issuer_id, 1); 1241 if (ret != 0) { 1242 mbedtls_x509_crt_free(crt); 1243 return ret; 1244 } 1245 } 1246 1247 if (crt->version == 2 || crt->version == 3) { 1248 ret = x509_get_uid(&p, end, &crt->subject_id, 2); 1249 if (ret != 0) { 1250 mbedtls_x509_crt_free(crt); 1251 return ret; 1252 } 1253 } 1254 1255 if (crt->version == 3) { 1256 ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); 1257 if (ret != 0) { 1258 mbedtls_x509_crt_free(crt); 1259 return ret; 1260 } 1261 } 1262 1263 if (p != end) { 1264 mbedtls_x509_crt_free(crt); 1265 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, 1266 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1267 } 1268 1269 end = crt_end; 1270 1271 /* 1272 * } 1273 * -- end of TBSCertificate 1274 * 1275 * signatureAlgorithm AlgorithmIdentifier, 1276 * signatureValue BIT STRING 1277 */ 1278 if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { 1279 mbedtls_x509_crt_free(crt); 1280 return ret; 1281 } 1282 1283 if (crt->sig_oid.len != sig_oid2.len || 1284 memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || 1285 sig_params1.tag != sig_params2.tag || 1286 sig_params1.len != sig_params2.len || 1287 (sig_params1.len != 0 && 1288 memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { 1289 mbedtls_x509_crt_free(crt); 1290 return MBEDTLS_ERR_X509_SIG_MISMATCH; 1291 } 1292 1293 if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { 1294 mbedtls_x509_crt_free(crt); 1295 return ret; 1296 } 1297 1298 if (p != end) { 1299 mbedtls_x509_crt_free(crt); 1300 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, 1301 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1302 } 1303 1304 return 0; 1305} 1306 1307/* 1308 * Parse one X.509 certificate in DER format from a buffer and add them to a 1309 * chained list 1310 */ 1311static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, 1312 const unsigned char *buf, 1313 size_t buflen, 1314 int make_copy, 1315 mbedtls_x509_crt_ext_cb_t cb, 1316 void *p_ctx) 1317{ 1318 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1319 mbedtls_x509_crt *crt = chain, *prev = NULL; 1320 1321 /* 1322 * Check for valid input 1323 */ 1324 if (crt == NULL || buf == NULL) { 1325 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1326 } 1327 1328 while (crt->version != 0 && crt->next != NULL) { 1329 prev = crt; 1330 crt = crt->next; 1331 } 1332 1333 /* 1334 * Add new certificate on the end of the chain if needed. 1335 */ 1336 if (crt->version != 0 && crt->next == NULL) { 1337 crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); 1338 1339 if (crt->next == NULL) { 1340 return MBEDTLS_ERR_X509_ALLOC_FAILED; 1341 } 1342 1343 prev = crt; 1344 mbedtls_x509_crt_init(crt->next); 1345 crt = crt->next; 1346 } 1347 1348 ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); 1349 if (ret != 0) { 1350 if (prev) { 1351 prev->next = NULL; 1352 } 1353 1354 if (crt != chain) { 1355 mbedtls_free(crt); 1356 } 1357 1358 return ret; 1359 } 1360 1361 return 0; 1362} 1363 1364int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, 1365 const unsigned char *buf, 1366 size_t buflen) 1367{ 1368 return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL); 1369} 1370 1371int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, 1372 const unsigned char *buf, 1373 size_t buflen, 1374 int make_copy, 1375 mbedtls_x509_crt_ext_cb_t cb, 1376 void *p_ctx) 1377{ 1378 return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx); 1379} 1380 1381int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, 1382 const unsigned char *buf, 1383 size_t buflen) 1384{ 1385 return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); 1386} 1387 1388/* 1389 * Parse one or more PEM certificates from a buffer and add them to the chained 1390 * list 1391 */ 1392int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, 1393 const unsigned char *buf, 1394 size_t buflen) 1395{ 1396#if defined(MBEDTLS_PEM_PARSE_C) 1397 int success = 0, first_error = 0, total_failed = 0; 1398 int buf_format = MBEDTLS_X509_FORMAT_DER; 1399#endif 1400 1401 /* 1402 * Check for valid input 1403 */ 1404 if (chain == NULL || buf == NULL) { 1405 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1406 } 1407 1408 /* 1409 * Determine buffer content. Buffer contains either one DER certificate or 1410 * one or more PEM certificates. 1411 */ 1412#if defined(MBEDTLS_PEM_PARSE_C) 1413 if (buflen != 0 && buf[buflen - 1] == '\0' && 1414 strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { 1415 buf_format = MBEDTLS_X509_FORMAT_PEM; 1416 } 1417 1418 if (buf_format == MBEDTLS_X509_FORMAT_DER) { 1419 return mbedtls_x509_crt_parse_der(chain, buf, buflen); 1420 } 1421#else 1422 return mbedtls_x509_crt_parse_der(chain, buf, buflen); 1423#endif 1424 1425#if defined(MBEDTLS_PEM_PARSE_C) 1426 if (buf_format == MBEDTLS_X509_FORMAT_PEM) { 1427 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1428 mbedtls_pem_context pem; 1429 1430 /* 1 rather than 0 since the terminating NULL byte is counted in */ 1431 while (buflen > 1) { 1432 size_t use_len; 1433 mbedtls_pem_init(&pem); 1434 1435 /* If we get there, we know the string is null-terminated */ 1436 ret = mbedtls_pem_read_buffer(&pem, 1437 "-----BEGIN CERTIFICATE-----", 1438 "-----END CERTIFICATE-----", 1439 buf, NULL, 0, &use_len); 1440 1441 if (ret == 0) { 1442 /* 1443 * Was PEM encoded 1444 */ 1445 buflen -= use_len; 1446 buf += use_len; 1447 } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { 1448 return ret; 1449 } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { 1450 mbedtls_pem_free(&pem); 1451 1452 /* 1453 * PEM header and footer were found 1454 */ 1455 buflen -= use_len; 1456 buf += use_len; 1457 1458 if (first_error == 0) { 1459 first_error = ret; 1460 } 1461 1462 total_failed++; 1463 continue; 1464 } else { 1465 break; 1466 } 1467 1468 ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); 1469 1470 mbedtls_pem_free(&pem); 1471 1472 if (ret != 0) { 1473 /* 1474 * Quit parsing on a memory error 1475 */ 1476 if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) { 1477 return ret; 1478 } 1479 1480 if (first_error == 0) { 1481 first_error = ret; 1482 } 1483 1484 total_failed++; 1485 continue; 1486 } 1487 1488 success = 1; 1489 } 1490 } 1491 1492 if (success) { 1493 return total_failed; 1494 } else if (first_error) { 1495 return first_error; 1496 } else { 1497 return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT; 1498 } 1499#endif /* MBEDTLS_PEM_PARSE_C */ 1500} 1501 1502#if defined(MBEDTLS_FS_IO) 1503/* 1504 * Load one or more certificates and add them to the chained list 1505 */ 1506int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) 1507{ 1508 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1509 size_t n; 1510 unsigned char *buf; 1511 1512 if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { 1513 return ret; 1514 } 1515 1516 ret = mbedtls_x509_crt_parse(chain, buf, n); 1517 1518 mbedtls_zeroize_and_free(buf, n); 1519 1520 return ret; 1521} 1522 1523int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) 1524{ 1525 int ret = 0; 1526#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 1527 int w_ret; 1528 WCHAR szDir[MAX_PATH]; 1529 char filename[MAX_PATH]; 1530 char *p; 1531 size_t len = strlen(path); 1532 1533 WIN32_FIND_DATAW file_data; 1534 HANDLE hFind; 1535 1536 if (len > MAX_PATH - 3) { 1537 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1538 } 1539 1540 memset(szDir, 0, sizeof(szDir)); 1541 memset(filename, 0, MAX_PATH); 1542 memcpy(filename, path, len); 1543 filename[len++] = '\\'; 1544 p = filename + len; 1545 filename[len++] = '*'; 1546 1547 /* 1548 * Note this function uses the code page CP_ACP which is the system default 1549 * ANSI codepage. The input string is always described in BYTES and the 1550 * output length is described in WCHARs. 1551 */ 1552 w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir, 1553 MAX_PATH - 3); 1554 if (w_ret == 0) { 1555 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1556 } 1557 1558 hFind = FindFirstFileW(szDir, &file_data); 1559 if (hFind == INVALID_HANDLE_VALUE) { 1560 return MBEDTLS_ERR_X509_FILE_IO_ERROR; 1561 } 1562 1563 len = MAX_PATH - len; 1564 do { 1565 memset(p, 0, len); 1566 1567 if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { 1568 continue; 1569 } 1570 w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, 1571 -1, p, (int) len, NULL, NULL); 1572 if (w_ret == 0) { 1573 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1574 goto cleanup; 1575 } 1576 1577 w_ret = mbedtls_x509_crt_parse_file(chain, filename); 1578 if (w_ret < 0) { 1579 ret++; 1580 } else { 1581 ret += w_ret; 1582 } 1583 } while (FindNextFileW(hFind, &file_data) != 0); 1584 1585 if (GetLastError() != ERROR_NO_MORE_FILES) { 1586 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1587 } 1588 1589cleanup: 1590 FindClose(hFind); 1591#else /* _WIN32 */ 1592 int t_ret; 1593 int snp_ret; 1594 struct stat sb; 1595 struct dirent *entry; 1596 char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; 1597 DIR *dir = opendir(path); 1598 1599 if (dir == NULL) { 1600 return MBEDTLS_ERR_X509_FILE_IO_ERROR; 1601 } 1602 1603#if defined(MBEDTLS_THREADING_C) 1604 if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) { 1605 closedir(dir); 1606 return ret; 1607 } 1608#endif /* MBEDTLS_THREADING_C */ 1609 1610 memset(&sb, 0, sizeof(sb)); 1611 1612 while ((entry = readdir(dir)) != NULL) { 1613 snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name), 1614 "%s/%s", path, entry->d_name); 1615 1616 if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) { 1617 ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 1618 goto cleanup; 1619 } else if (stat(entry_name, &sb) == -1) { 1620 if (errno == ENOENT) { 1621 /* Broken symbolic link - ignore this entry. 1622 stat(2) will return this error for either (a) a dangling 1623 symlink or (b) a missing file. 1624 Given that we have just obtained the filename from readdir, 1625 assume that it does exist and therefore treat this as a 1626 dangling symlink. */ 1627 continue; 1628 } else { 1629 /* Some other file error; report the error. */ 1630 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1631 goto cleanup; 1632 } 1633 } 1634 1635 if (!S_ISREG(sb.st_mode)) { 1636 continue; 1637 } 1638 1639 // Ignore parse errors 1640 // 1641 t_ret = mbedtls_x509_crt_parse_file(chain, entry_name); 1642 if (t_ret < 0) { 1643 ret++; 1644 } else { 1645 ret += t_ret; 1646 } 1647 } 1648 1649cleanup: 1650 closedir(dir); 1651 1652#if defined(MBEDTLS_THREADING_C) 1653 if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) { 1654 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; 1655 } 1656#endif /* MBEDTLS_THREADING_C */ 1657 1658#endif /* _WIN32 */ 1659 1660 return ret; 1661} 1662#endif /* MBEDTLS_FS_IO */ 1663 1664#if !defined(MBEDTLS_X509_REMOVE_INFO) 1665#define PRINT_ITEM(i) \ 1666 do { \ 1667 ret = mbedtls_snprintf(p, n, "%s" i, sep); \ 1668 MBEDTLS_X509_SAFE_SNPRINTF; \ 1669 sep = ", "; \ 1670 } while (0) 1671 1672#define CERT_TYPE(type, name) \ 1673 do { \ 1674 if (ns_cert_type & (type)) { \ 1675 PRINT_ITEM(name); \ 1676 } \ 1677 } while (0) 1678 1679#define KEY_USAGE(code, name) \ 1680 do { \ 1681 if (key_usage & (code)) { \ 1682 PRINT_ITEM(name); \ 1683 } \ 1684 } while (0) 1685 1686static int x509_info_ext_key_usage(char **buf, size_t *size, 1687 const mbedtls_x509_sequence *extended_key_usage) 1688{ 1689 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1690 const char *desc; 1691 size_t n = *size; 1692 char *p = *buf; 1693 const mbedtls_x509_sequence *cur = extended_key_usage; 1694 const char *sep = ""; 1695 1696 while (cur != NULL) { 1697 if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { 1698 desc = "???"; 1699 } 1700 1701 ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); 1702 MBEDTLS_X509_SAFE_SNPRINTF; 1703 1704 sep = ", "; 1705 1706 cur = cur->next; 1707 } 1708 1709 *size = n; 1710 *buf = p; 1711 1712 return 0; 1713} 1714 1715static int x509_info_cert_policies(char **buf, size_t *size, 1716 const mbedtls_x509_sequence *certificate_policies) 1717{ 1718 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1719 const char *desc; 1720 size_t n = *size; 1721 char *p = *buf; 1722 const mbedtls_x509_sequence *cur = certificate_policies; 1723 const char *sep = ""; 1724 1725 while (cur != NULL) { 1726 if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { 1727 desc = "???"; 1728 } 1729 1730 ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); 1731 MBEDTLS_X509_SAFE_SNPRINTF; 1732 1733 sep = ", "; 1734 1735 cur = cur->next; 1736 } 1737 1738 *size = n; 1739 *buf = p; 1740 1741 return 0; 1742} 1743 1744/* 1745 * Return an informational string about the certificate. 1746 */ 1747#define BEFORE_COLON 18 1748#define BC "18" 1749int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, 1750 const mbedtls_x509_crt *crt) 1751{ 1752 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1753 size_t n; 1754 char *p; 1755 char key_size_str[BEFORE_COLON]; 1756 1757 p = buf; 1758 n = size; 1759 1760 if (NULL == crt) { 1761 ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n"); 1762 MBEDTLS_X509_SAFE_SNPRINTF; 1763 1764 return (int) (size - n); 1765 } 1766 1767 ret = mbedtls_snprintf(p, n, "%scert. version : %d\n", 1768 prefix, crt->version); 1769 MBEDTLS_X509_SAFE_SNPRINTF; 1770 ret = mbedtls_snprintf(p, n, "%sserial number : ", 1771 prefix); 1772 MBEDTLS_X509_SAFE_SNPRINTF; 1773 1774 ret = mbedtls_x509_serial_gets(p, n, &crt->serial); 1775 MBEDTLS_X509_SAFE_SNPRINTF; 1776 1777 ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); 1778 MBEDTLS_X509_SAFE_SNPRINTF; 1779 ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); 1780 MBEDTLS_X509_SAFE_SNPRINTF; 1781 1782 ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); 1783 MBEDTLS_X509_SAFE_SNPRINTF; 1784 ret = mbedtls_x509_dn_gets(p, n, &crt->subject); 1785 MBEDTLS_X509_SAFE_SNPRINTF; 1786 1787 ret = mbedtls_snprintf(p, n, "\n%sissued on : " \ 1788 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 1789 crt->valid_from.year, crt->valid_from.mon, 1790 crt->valid_from.day, crt->valid_from.hour, 1791 crt->valid_from.min, crt->valid_from.sec); 1792 MBEDTLS_X509_SAFE_SNPRINTF; 1793 1794 ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \ 1795 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 1796 crt->valid_to.year, crt->valid_to.mon, 1797 crt->valid_to.day, crt->valid_to.hour, 1798 crt->valid_to.min, crt->valid_to.sec); 1799 MBEDTLS_X509_SAFE_SNPRINTF; 1800 1801 ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); 1802 MBEDTLS_X509_SAFE_SNPRINTF; 1803 1804 ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, 1805 crt->sig_md, crt->sig_opts); 1806 MBEDTLS_X509_SAFE_SNPRINTF; 1807 1808 /* Key size */ 1809 if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, 1810 mbedtls_pk_get_name(&crt->pk))) != 0) { 1811 return ret; 1812 } 1813 1814 ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, 1815 (int) mbedtls_pk_get_bitlen(&crt->pk)); 1816 MBEDTLS_X509_SAFE_SNPRINTF; 1817 1818 /* 1819 * Optional extensions 1820 */ 1821 1822 if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { 1823 ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix, 1824 crt->ca_istrue ? "true" : "false"); 1825 MBEDTLS_X509_SAFE_SNPRINTF; 1826 1827 if (crt->max_pathlen > 0) { 1828 ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); 1829 MBEDTLS_X509_SAFE_SNPRINTF; 1830 } 1831 } 1832 1833 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { 1834 ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); 1835 MBEDTLS_X509_SAFE_SNPRINTF; 1836 1837 if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n, 1838 &crt->subject_alt_names, 1839 prefix)) != 0) { 1840 return ret; 1841 } 1842 } 1843 1844 if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { 1845 ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); 1846 MBEDTLS_X509_SAFE_SNPRINTF; 1847 1848 if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { 1849 return ret; 1850 } 1851 } 1852 1853 if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { 1854 ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); 1855 MBEDTLS_X509_SAFE_SNPRINTF; 1856 1857 if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { 1858 return ret; 1859 } 1860 } 1861 1862 if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { 1863 ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix); 1864 MBEDTLS_X509_SAFE_SNPRINTF; 1865 1866 if ((ret = x509_info_ext_key_usage(&p, &n, 1867 &crt->ext_key_usage)) != 0) { 1868 return ret; 1869 } 1870 } 1871 1872 if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { 1873 ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); 1874 MBEDTLS_X509_SAFE_SNPRINTF; 1875 1876 if ((ret = x509_info_cert_policies(&p, &n, 1877 &crt->certificate_policies)) != 0) { 1878 return ret; 1879 } 1880 } 1881 1882 ret = mbedtls_snprintf(p, n, "\n"); 1883 MBEDTLS_X509_SAFE_SNPRINTF; 1884 1885 return (int) (size - n); 1886} 1887 1888struct x509_crt_verify_string { 1889 int code; 1890 const char *string; 1891}; 1892 1893#define X509_CRT_ERROR_INFO(err, err_str, info) { err, info }, 1894static const struct x509_crt_verify_string x509_crt_verify_strings[] = { 1895 MBEDTLS_X509_CRT_ERROR_INFO_LIST 1896 { 0, NULL } 1897}; 1898#undef X509_CRT_ERROR_INFO 1899 1900int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, 1901 uint32_t flags) 1902{ 1903 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 1904 const struct x509_crt_verify_string *cur; 1905 char *p = buf; 1906 size_t n = size; 1907 1908 for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) { 1909 if ((flags & cur->code) == 0) { 1910 continue; 1911 } 1912 1913 ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); 1914 MBEDTLS_X509_SAFE_SNPRINTF; 1915 flags ^= cur->code; 1916 } 1917 1918 if (flags != 0) { 1919 ret = mbedtls_snprintf(p, n, "%sUnknown reason " 1920 "(this should not happen)\n", prefix); 1921 MBEDTLS_X509_SAFE_SNPRINTF; 1922 } 1923 1924 return (int) (size - n); 1925} 1926#endif /* MBEDTLS_X509_REMOVE_INFO */ 1927 1928int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, 1929 unsigned int usage) 1930{ 1931 unsigned int usage_must, usage_may; 1932 unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY 1933 | MBEDTLS_X509_KU_DECIPHER_ONLY; 1934 1935 if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { 1936 return 0; 1937 } 1938 1939 usage_must = usage & ~may_mask; 1940 1941 if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { 1942 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1943 } 1944 1945 usage_may = usage & may_mask; 1946 1947 if (((crt->key_usage & may_mask) | usage_may) != usage_may) { 1948 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1949 } 1950 1951 return 0; 1952} 1953 1954int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, 1955 const char *usage_oid, 1956 size_t usage_len) 1957{ 1958 const mbedtls_x509_sequence *cur; 1959 1960 /* Extension is not mandatory, absent means no restriction */ 1961 if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { 1962 return 0; 1963 } 1964 1965 /* 1966 * Look for the requested usage (or wildcard ANY) in our list 1967 */ 1968 for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { 1969 const mbedtls_x509_buf *cur_oid = &cur->buf; 1970 1971 if (cur_oid->len == usage_len && 1972 memcmp(cur_oid->p, usage_oid, usage_len) == 0) { 1973 return 0; 1974 } 1975 1976 if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) { 1977 return 0; 1978 } 1979 } 1980 1981 return MBEDTLS_ERR_X509_BAD_INPUT_DATA; 1982} 1983 1984#if defined(MBEDTLS_X509_CRL_PARSE_C) 1985/* 1986 * Return 1 if the certificate is revoked, or 0 otherwise. 1987 */ 1988int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) 1989{ 1990 const mbedtls_x509_crl_entry *cur = &crl->entry; 1991 1992 while (cur != NULL && cur->serial.len != 0) { 1993 if (crt->serial.len == cur->serial.len && 1994 memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { 1995 return 1; 1996 } 1997 1998 cur = cur->next; 1999 } 2000 2001 return 0; 2002} 2003 2004/* 2005 * Check that the given certificate is not revoked according to the CRL. 2006 * Skip validation if no CRL for the given CA is present. 2007 */ 2008static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, 2009 mbedtls_x509_crl *crl_list, 2010 const mbedtls_x509_crt_profile *profile, 2011 const mbedtls_x509_time *now) 2012{ 2013 int flags = 0; 2014 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2015#if defined(MBEDTLS_USE_PSA_CRYPTO) 2016 psa_algorithm_t psa_algorithm; 2017#else 2018 const mbedtls_md_info_t *md_info; 2019#endif /* MBEDTLS_USE_PSA_CRYPTO */ 2020 size_t hash_length; 2021 2022 if (ca == NULL) { 2023 return flags; 2024 } 2025 2026 while (crl_list != NULL) { 2027 if (crl_list->version == 0 || 2028 x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { 2029 crl_list = crl_list->next; 2030 continue; 2031 } 2032 2033 /* 2034 * Check if the CA is configured to sign CRLs 2035 */ 2036 if (mbedtls_x509_crt_check_key_usage(ca, 2037 MBEDTLS_X509_KU_CRL_SIGN) != 0) { 2038 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2039 break; 2040 } 2041 2042 /* 2043 * Check if CRL is correctly signed by the trusted CA 2044 */ 2045 if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { 2046 flags |= MBEDTLS_X509_BADCRL_BAD_MD; 2047 } 2048 2049 if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { 2050 flags |= MBEDTLS_X509_BADCRL_BAD_PK; 2051 } 2052 2053#if defined(MBEDTLS_USE_PSA_CRYPTO) 2054 psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); 2055 if (psa_hash_compute(psa_algorithm, 2056 crl_list->tbs.p, 2057 crl_list->tbs.len, 2058 hash, 2059 sizeof(hash), 2060 &hash_length) != PSA_SUCCESS) { 2061 /* Note: this can't happen except after an internal error */ 2062 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2063 break; 2064 } 2065#else 2066 md_info = mbedtls_md_info_from_type(crl_list->sig_md); 2067 hash_length = mbedtls_md_get_size(md_info); 2068 if (mbedtls_md(md_info, 2069 crl_list->tbs.p, 2070 crl_list->tbs.len, 2071 hash) != 0) { 2072 /* Note: this can't happen except after an internal error */ 2073 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2074 break; 2075 } 2076#endif /* MBEDTLS_USE_PSA_CRYPTO */ 2077 2078 if (x509_profile_check_key(profile, &ca->pk) != 0) { 2079 flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2080 } 2081 2082 if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, 2083 crl_list->sig_md, hash, hash_length, 2084 crl_list->sig.p, crl_list->sig.len) != 0) { 2085 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2086 break; 2087 } 2088 2089#if defined(MBEDTLS_HAVE_TIME_DATE) 2090 /* 2091 * Check for validity of CRL (Do not drop out) 2092 */ 2093 if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) { 2094 flags |= MBEDTLS_X509_BADCRL_EXPIRED; 2095 } 2096 2097 if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) { 2098 flags |= MBEDTLS_X509_BADCRL_FUTURE; 2099 } 2100#else 2101 ((void) now); 2102#endif 2103 2104 /* 2105 * Check if certificate is revoked 2106 */ 2107 if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { 2108 flags |= MBEDTLS_X509_BADCERT_REVOKED; 2109 break; 2110 } 2111 2112 crl_list = crl_list->next; 2113 } 2114 2115 return flags; 2116} 2117#endif /* MBEDTLS_X509_CRL_PARSE_C */ 2118 2119/* 2120 * Check the signature of a certificate by its parent 2121 */ 2122static int x509_crt_check_signature(const mbedtls_x509_crt *child, 2123 mbedtls_x509_crt *parent, 2124 mbedtls_x509_crt_restart_ctx *rs_ctx) 2125{ 2126 size_t hash_len; 2127 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2128#if !defined(MBEDTLS_USE_PSA_CRYPTO) 2129 const mbedtls_md_info_t *md_info; 2130 md_info = mbedtls_md_info_from_type(child->sig_md); 2131 hash_len = mbedtls_md_get_size(md_info); 2132 2133 /* Note: hash errors can happen only after an internal error */ 2134 if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { 2135 return -1; 2136 } 2137#else 2138 psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); 2139 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2140 2141 status = psa_hash_compute(hash_alg, 2142 child->tbs.p, 2143 child->tbs.len, 2144 hash, 2145 sizeof(hash), 2146 &hash_len); 2147 if (status != PSA_SUCCESS) { 2148 return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; 2149 } 2150 2151#endif /* MBEDTLS_USE_PSA_CRYPTO */ 2152 /* Skip expensive computation on obvious mismatch */ 2153 if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { 2154 return -1; 2155 } 2156 2157#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2158 if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { 2159 return mbedtls_pk_verify_restartable(&parent->pk, 2160 child->sig_md, hash, hash_len, 2161 child->sig.p, child->sig.len, &rs_ctx->pk); 2162 } 2163#else 2164 (void) rs_ctx; 2165#endif 2166 2167 return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, 2168 child->sig_md, hash, hash_len, 2169 child->sig.p, child->sig.len); 2170} 2171 2172/* 2173 * Check if 'parent' is a suitable parent (signing CA) for 'child'. 2174 * Return 0 if yes, -1 if not. 2175 * 2176 * top means parent is a locally-trusted certificate 2177 */ 2178static int x509_crt_check_parent(const mbedtls_x509_crt *child, 2179 const mbedtls_x509_crt *parent, 2180 int top) 2181{ 2182 int need_ca_bit; 2183 2184 /* Parent must be the issuer */ 2185 if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { 2186 return -1; 2187 } 2188 2189 /* Parent must have the basicConstraints CA bit set as a general rule */ 2190 need_ca_bit = 1; 2191 2192 /* Exception: v1/v2 certificates that are locally trusted. */ 2193 if (top && parent->version < 3) { 2194 need_ca_bit = 0; 2195 } 2196 2197 if (need_ca_bit && !parent->ca_istrue) { 2198 return -1; 2199 } 2200 2201 if (need_ca_bit && 2202 mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { 2203 return -1; 2204 } 2205 2206 return 0; 2207} 2208 2209/* 2210 * Find a suitable parent for child in candidates, or return NULL. 2211 * 2212 * Here suitable is defined as: 2213 * 1. subject name matches child's issuer 2214 * 2. if necessary, the CA bit is set and key usage allows signing certs 2215 * 3. for trusted roots, the signature is correct 2216 * (for intermediates, the signature is checked and the result reported) 2217 * 4. pathlen constraints are satisfied 2218 * 2219 * If there's a suitable candidate which is also time-valid, return the first 2220 * such. Otherwise, return the first suitable candidate (or NULL if there is 2221 * none). 2222 * 2223 * The rationale for this rule is that someone could have a list of trusted 2224 * roots with two versions on the same root with different validity periods. 2225 * (At least one user reported having such a list and wanted it to just work.) 2226 * The reason we don't just require time-validity is that generally there is 2227 * only one version, and if it's expired we want the flags to state that 2228 * rather than NOT_TRUSTED, as would be the case if we required it here. 2229 * 2230 * The rationale for rule 3 (signature for trusted roots) is that users might 2231 * have two versions of the same CA with different keys in their list, and the 2232 * way we select the correct one is by checking the signature (as we don't 2233 * rely on key identifier extensions). (This is one way users might choose to 2234 * handle key rollover, another relies on self-issued certs, see [SIRO].) 2235 * 2236 * Arguments: 2237 * - [in] child: certificate for which we're looking for a parent 2238 * - [in] candidates: chained list of potential parents 2239 * - [out] r_parent: parent found (or NULL) 2240 * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 2241 * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top 2242 * of the chain, 0 otherwise 2243 * - [in] path_cnt: number of intermediates seen so far 2244 * - [in] self_cnt: number of self-signed intermediates seen so far 2245 * (will never be greater than path_cnt) 2246 * - [in-out] rs_ctx: context for restarting operations 2247 * 2248 * Return value: 2249 * - 0 on success 2250 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 2251 */ 2252static int x509_crt_find_parent_in( 2253 mbedtls_x509_crt *child, 2254 mbedtls_x509_crt *candidates, 2255 mbedtls_x509_crt **r_parent, 2256 int *r_signature_is_good, 2257 int top, 2258 unsigned path_cnt, 2259 unsigned self_cnt, 2260 mbedtls_x509_crt_restart_ctx *rs_ctx, 2261 const mbedtls_x509_time *now) 2262{ 2263 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2264 mbedtls_x509_crt *parent, *fallback_parent; 2265 int signature_is_good = 0, fallback_signature_is_good; 2266 2267#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2268 /* did we have something in progress? */ 2269 if (rs_ctx != NULL && rs_ctx->parent != NULL) { 2270 /* restore saved state */ 2271 parent = rs_ctx->parent; 2272 fallback_parent = rs_ctx->fallback_parent; 2273 fallback_signature_is_good = rs_ctx->fallback_signature_is_good; 2274 2275 /* clear saved state */ 2276 rs_ctx->parent = NULL; 2277 rs_ctx->fallback_parent = NULL; 2278 rs_ctx->fallback_signature_is_good = 0; 2279 2280 /* resume where we left */ 2281 goto check_signature; 2282 } 2283#endif 2284 2285 fallback_parent = NULL; 2286 fallback_signature_is_good = 0; 2287 2288 for (parent = candidates; parent != NULL; parent = parent->next) { 2289 /* basic parenting skills (name, CA bit, key usage) */ 2290 if (x509_crt_check_parent(child, parent, top) != 0) { 2291 continue; 2292 } 2293 2294 /* +1 because stored max_pathlen is 1 higher that the actual value */ 2295 if (parent->max_pathlen > 0 && 2296 (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { 2297 continue; 2298 } 2299 2300 /* Signature */ 2301#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2302check_signature: 2303#endif 2304 ret = x509_crt_check_signature(child, parent, rs_ctx); 2305 2306#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2307 if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { 2308 /* save state */ 2309 rs_ctx->parent = parent; 2310 rs_ctx->fallback_parent = fallback_parent; 2311 rs_ctx->fallback_signature_is_good = fallback_signature_is_good; 2312 2313 return ret; 2314 } 2315#else 2316 (void) ret; 2317#endif 2318 2319 signature_is_good = ret == 0; 2320 if (top && !signature_is_good) { 2321 continue; 2322 } 2323 2324#if defined(MBEDTLS_HAVE_TIME_DATE) 2325 /* optional time check */ 2326 if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */ 2327 mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */ 2328 if (fallback_parent == NULL) { 2329 fallback_parent = parent; 2330 fallback_signature_is_good = signature_is_good; 2331 } 2332 2333 continue; 2334 } 2335#else 2336 ((void) now); 2337#endif 2338 2339 *r_parent = parent; 2340 *r_signature_is_good = signature_is_good; 2341 2342 break; 2343 } 2344 2345 if (parent == NULL) { 2346 *r_parent = fallback_parent; 2347 *r_signature_is_good = fallback_signature_is_good; 2348 } 2349 2350 return 0; 2351} 2352 2353/* 2354 * Find a parent in trusted CAs or the provided chain, or return NULL. 2355 * 2356 * Searches in trusted CAs first, and return the first suitable parent found 2357 * (see find_parent_in() for definition of suitable). 2358 * 2359 * Arguments: 2360 * - [in] child: certificate for which we're looking for a parent, followed 2361 * by a chain of possible intermediates 2362 * - [in] trust_ca: list of locally trusted certificates 2363 * - [out] parent: parent found (or NULL) 2364 * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 2365 * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 2366 * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) 2367 * - [in] self_cnt: number of self-signed certs in the chain so far 2368 * (will always be no greater than path_cnt) 2369 * - [in-out] rs_ctx: context for restarting operations 2370 * 2371 * Return value: 2372 * - 0 on success 2373 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 2374 */ 2375static int x509_crt_find_parent( 2376 mbedtls_x509_crt *child, 2377 mbedtls_x509_crt *trust_ca, 2378 mbedtls_x509_crt **parent, 2379 int *parent_is_trusted, 2380 int *signature_is_good, 2381 unsigned path_cnt, 2382 unsigned self_cnt, 2383 mbedtls_x509_crt_restart_ctx *rs_ctx, 2384 const mbedtls_x509_time *now) 2385{ 2386 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2387 mbedtls_x509_crt *search_list; 2388 2389 *parent_is_trusted = 1; 2390 2391#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2392 /* restore then clear saved state if we have some stored */ 2393 if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { 2394 *parent_is_trusted = rs_ctx->parent_is_trusted; 2395 rs_ctx->parent_is_trusted = -1; 2396 } 2397#endif 2398 2399 while (1) { 2400 search_list = *parent_is_trusted ? trust_ca : child->next; 2401 2402 ret = x509_crt_find_parent_in(child, search_list, 2403 parent, signature_is_good, 2404 *parent_is_trusted, 2405 path_cnt, self_cnt, rs_ctx, now); 2406 2407#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2408 if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { 2409 /* save state */ 2410 rs_ctx->parent_is_trusted = *parent_is_trusted; 2411 return ret; 2412 } 2413#else 2414 (void) ret; 2415#endif 2416 2417 /* stop here if found or already in second iteration */ 2418 if (*parent != NULL || *parent_is_trusted == 0) { 2419 break; 2420 } 2421 2422 /* prepare second iteration */ 2423 *parent_is_trusted = 0; 2424 } 2425 2426 /* extra precaution against mistakes in the caller */ 2427 if (*parent == NULL) { 2428 *parent_is_trusted = 0; 2429 *signature_is_good = 0; 2430 } 2431 2432 return 0; 2433} 2434 2435/* 2436 * Check if an end-entity certificate is locally trusted 2437 * 2438 * Currently we require such certificates to be self-signed (actually only 2439 * check for self-issued as self-signatures are not checked) 2440 */ 2441static int x509_crt_check_ee_locally_trusted( 2442 mbedtls_x509_crt *crt, 2443 mbedtls_x509_crt *trust_ca) 2444{ 2445 mbedtls_x509_crt *cur; 2446 2447 /* must be self-issued */ 2448 if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { 2449 return -1; 2450 } 2451 2452 /* look for an exact match with trusted cert */ 2453 for (cur = trust_ca; cur != NULL; cur = cur->next) { 2454 if (crt->raw.len == cur->raw.len && 2455 memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { 2456 return 0; 2457 } 2458 } 2459 2460 /* too bad */ 2461 return -1; 2462} 2463 2464/* 2465 * Build and verify a certificate chain 2466 * 2467 * Given a peer-provided list of certificates EE, C1, ..., Cn and 2468 * a list of trusted certs R1, ... Rp, try to build and verify a chain 2469 * EE, Ci1, ... Ciq [, Rj] 2470 * such that every cert in the chain is a child of the next one, 2471 * jumping to a trusted root as early as possible. 2472 * 2473 * Verify that chain and return it with flags for all issues found. 2474 * 2475 * Special cases: 2476 * - EE == Rj -> return a one-element list containing it 2477 * - EE, Ci1, ..., Ciq cannot be continued with a trusted root 2478 * -> return that chain with NOT_TRUSTED set on Ciq 2479 * 2480 * Tests for (aspects of) this function should include at least: 2481 * - trusted EE 2482 * - EE -> trusted root 2483 * - EE -> intermediate CA -> trusted root 2484 * - if relevant: EE untrusted 2485 * - if relevant: EE -> intermediate, untrusted 2486 * with the aspect under test checked at each relevant level (EE, int, root). 2487 * For some aspects longer chains are required, but usually length 2 is 2488 * enough (but length 1 is not in general). 2489 * 2490 * Arguments: 2491 * - [in] crt: the cert list EE, C1, ..., Cn 2492 * - [in] trust_ca: the trusted list R1, ..., Rp 2493 * - [in] ca_crl, profile: as in verify_with_profile() 2494 * - [out] ver_chain: the built and verified chain 2495 * Only valid when return value is 0, may contain garbage otherwise! 2496 * Restart note: need not be the same when calling again to resume. 2497 * - [in-out] rs_ctx: context for restarting operations 2498 * 2499 * Return value: 2500 * - non-zero if the chain could not be fully built and examined 2501 * - 0 is the chain was successfully built and examined, 2502 * even if it was found to be invalid 2503 */ 2504static int x509_crt_verify_chain( 2505 mbedtls_x509_crt *crt, 2506 mbedtls_x509_crt *trust_ca, 2507 mbedtls_x509_crl *ca_crl, 2508 mbedtls_x509_crt_ca_cb_t f_ca_cb, 2509 void *p_ca_cb, 2510 const mbedtls_x509_crt_profile *profile, 2511 mbedtls_x509_crt_verify_chain *ver_chain, 2512 mbedtls_x509_crt_restart_ctx *rs_ctx) 2513{ 2514 /* Don't initialize any of those variables here, so that the compiler can 2515 * catch potential issues with jumping ahead when restarting */ 2516 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 2517 uint32_t *flags; 2518 mbedtls_x509_crt_verify_chain_item *cur; 2519 mbedtls_x509_crt *child; 2520 mbedtls_x509_crt *parent; 2521 int parent_is_trusted; 2522 int child_is_trusted; 2523 int signature_is_good; 2524 unsigned self_cnt; 2525 mbedtls_x509_crt *cur_trust_ca = NULL; 2526 mbedtls_x509_time now; 2527 2528#if defined(MBEDTLS_HAVE_TIME_DATE) 2529 if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { 2530 return MBEDTLS_ERR_X509_FATAL_ERROR; 2531 } 2532#endif 2533 2534#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2535 /* resume if we had an operation in progress */ 2536 if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { 2537 /* restore saved state */ 2538 *ver_chain = rs_ctx->ver_chain; /* struct copy */ 2539 self_cnt = rs_ctx->self_cnt; 2540 2541 /* restore derived state */ 2542 cur = &ver_chain->items[ver_chain->len - 1]; 2543 child = cur->crt; 2544 flags = &cur->flags; 2545 2546 goto find_parent; 2547 } 2548#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 2549 2550 child = crt; 2551 self_cnt = 0; 2552 parent_is_trusted = 0; 2553 child_is_trusted = 0; 2554 2555 while (1) { 2556 /* Add certificate to the verification chain */ 2557 cur = &ver_chain->items[ver_chain->len]; 2558 cur->crt = child; 2559 cur->flags = 0; 2560 ver_chain->len++; 2561 flags = &cur->flags; 2562 2563#if defined(MBEDTLS_HAVE_TIME_DATE) 2564 /* Check time-validity (all certificates) */ 2565 if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) { 2566 *flags |= MBEDTLS_X509_BADCERT_EXPIRED; 2567 } 2568 2569 if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) { 2570 *flags |= MBEDTLS_X509_BADCERT_FUTURE; 2571 } 2572#endif 2573 2574 /* Stop here for trusted roots (but not for trusted EE certs) */ 2575 if (child_is_trusted) { 2576 return 0; 2577 } 2578 2579 /* Check signature algorithm: MD & PK algs */ 2580 if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { 2581 *flags |= MBEDTLS_X509_BADCERT_BAD_MD; 2582 } 2583 2584 if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { 2585 *flags |= MBEDTLS_X509_BADCERT_BAD_PK; 2586 } 2587 2588 /* Special case: EE certs that are locally trusted */ 2589 if (ver_chain->len == 1 && 2590 x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { 2591 return 0; 2592 } 2593 2594#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2595find_parent: 2596#endif 2597 2598 /* Obtain list of potential trusted signers from CA callback, 2599 * or use statically provided list. */ 2600#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 2601 if (f_ca_cb != NULL) { 2602 mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); 2603 mbedtls_free(ver_chain->trust_ca_cb_result); 2604 ver_chain->trust_ca_cb_result = NULL; 2605 2606 ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); 2607 if (ret != 0) { 2608 return MBEDTLS_ERR_X509_FATAL_ERROR; 2609 } 2610 2611 cur_trust_ca = ver_chain->trust_ca_cb_result; 2612 } else 2613#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 2614 { 2615 ((void) f_ca_cb); 2616 ((void) p_ca_cb); 2617 cur_trust_ca = trust_ca; 2618 } 2619 2620 /* Look for a parent in trusted CAs or up the chain */ 2621 ret = x509_crt_find_parent(child, cur_trust_ca, &parent, 2622 &parent_is_trusted, &signature_is_good, 2623 ver_chain->len - 1, self_cnt, rs_ctx, 2624 &now); 2625 2626#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2627 if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { 2628 /* save state */ 2629 rs_ctx->in_progress = x509_crt_rs_find_parent; 2630 rs_ctx->self_cnt = self_cnt; 2631 rs_ctx->ver_chain = *ver_chain; /* struct copy */ 2632 2633 return ret; 2634 } 2635#else 2636 (void) ret; 2637#endif 2638 2639 /* No parent? We're done here */ 2640 if (parent == NULL) { 2641 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2642 return 0; 2643 } 2644 2645 /* Count intermediate self-issued (not necessarily self-signed) certs. 2646 * These can occur with some strategies for key rollover, see [SIRO], 2647 * and should be excluded from max_pathlen checks. */ 2648 if (ver_chain->len != 1 && 2649 x509_name_cmp(&child->issuer, &child->subject) == 0) { 2650 self_cnt++; 2651 } 2652 2653 /* path_cnt is 0 for the first intermediate CA, 2654 * and if parent is trusted it's not an intermediate CA */ 2655 if (!parent_is_trusted && 2656 ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { 2657 /* return immediately to avoid overflow the chain array */ 2658 return MBEDTLS_ERR_X509_FATAL_ERROR; 2659 } 2660 2661 /* signature was checked while searching parent */ 2662 if (!signature_is_good) { 2663 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2664 } 2665 2666 /* check size of signing key */ 2667 if (x509_profile_check_key(profile, &parent->pk) != 0) { 2668 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2669 } 2670 2671#if defined(MBEDTLS_X509_CRL_PARSE_C) 2672 /* Check trusted CA's CRL for the given crt */ 2673 *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now); 2674#else 2675 (void) ca_crl; 2676#endif 2677 2678 /* prepare for next iteration */ 2679 child = parent; 2680 parent = NULL; 2681 child_is_trusted = parent_is_trusted; 2682 signature_is_good = 0; 2683 } 2684} 2685 2686#ifdef _WIN32 2687#ifdef _MSC_VER 2688#pragma comment(lib, "ws2_32.lib") 2689#include <winsock2.h> 2690#include <ws2tcpip.h> 2691#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 2692#include <winsock2.h> 2693#include <ws2tcpip.h> 2694#else 2695/* inet_pton() is not supported, fallback to software version */ 2696#define MBEDTLS_TEST_SW_INET_PTON 2697#endif 2698#elif defined(__sun) 2699/* Solaris requires -lsocket -lnsl for inet_pton() */ 2700#elif defined(__has_include) 2701#if __has_include(<sys/socket.h>) 2702#include <sys/socket.h> 2703#endif 2704#if __has_include(<arpa/inet.h>) 2705#include <arpa/inet.h> 2706#endif 2707#endif 2708 2709/* Use whether or not AF_INET6 is defined to indicate whether or not to use 2710 * the platform inet_pton() or a local implementation (below). The local 2711 * implementation may be used even in cases where the platform provides 2712 * inet_pton(), e.g. when there are different includes required and/or the 2713 * platform implementation requires dependencies on additional libraries. 2714 * Specifically, Windows requires custom includes and additional link 2715 * dependencies, and Solaris requires additional link dependencies. 2716 * Also, as a coarse heuristic, use the local implementation if the compiler 2717 * does not support __has_include(), or if the definition of AF_INET6 is not 2718 * provided by headers included (or not) via __has_include() above. 2719 * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names 2720 * despite having a platform that has inet_pton. */ 2721#if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names 2722/* Definition located further below to possibly reduce compiler inlining */ 2723static int x509_inet_pton_ipv4(const char *src, void *dst); 2724 2725#define li_cton(c, n) \ 2726 (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0)) 2727 2728static int x509_inet_pton_ipv6(const char *src, void *dst) 2729{ 2730 const unsigned char *p = (const unsigned char *) src; 2731 int nonzero_groups = 0, num_digits, zero_group_start = -1; 2732 uint16_t addr[8]; 2733 do { 2734 /* note: allows excess leading 0's, e.g. 1:0002:3:... */ 2735 uint16_t group = num_digits = 0; 2736 for (uint8_t digit; num_digits < 4; num_digits++) { 2737 if (li_cton(*p, digit) == 0) { 2738 break; 2739 } 2740 group = (group << 4) | digit; 2741 p++; 2742 } 2743 if (num_digits != 0) { 2744 MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups); 2745 nonzero_groups++; 2746 if (*p == '\0') { 2747 break; 2748 } else if (*p == '.') { 2749 /* Don't accept IPv4 too early or late */ 2750 if ((nonzero_groups == 0 && zero_group_start == -1) || 2751 nonzero_groups >= 7) { 2752 break; 2753 } 2754 2755 /* Walk back to prior ':', then parse as IPv4-mapped */ 2756 int steps = 4; 2757 do { 2758 p--; 2759 steps--; 2760 } while (*p != ':' && steps > 0); 2761 2762 if (*p != ':') { 2763 break; 2764 } 2765 p++; 2766 nonzero_groups--; 2767 if (x509_inet_pton_ipv4((const char *) p, 2768 addr + nonzero_groups) != 0) { 2769 break; 2770 } 2771 2772 nonzero_groups += 2; 2773 p = (const unsigned char *) ""; 2774 break; 2775 } else if (*p != ':') { 2776 return -1; 2777 } 2778 } else { 2779 /* Don't accept a second zero group or an invalid delimiter */ 2780 if (zero_group_start != -1 || *p != ':') { 2781 return -1; 2782 } 2783 zero_group_start = nonzero_groups; 2784 2785 /* Accept a zero group at start, but it has to be a double colon */ 2786 if (zero_group_start == 0 && *++p != ':') { 2787 return -1; 2788 } 2789 2790 if (p[1] == '\0') { 2791 ++p; 2792 break; 2793 } 2794 } 2795 ++p; 2796 } while (nonzero_groups < 8); 2797 2798 if (*p != '\0') { 2799 return -1; 2800 } 2801 2802 if (zero_group_start != -1) { 2803 if (nonzero_groups > 6) { 2804 return -1; 2805 } 2806 int zero_groups = 8 - nonzero_groups; 2807 int groups_after_zero = nonzero_groups - zero_group_start; 2808 2809 /* Move the non-zero part to after the zeroes */ 2810 if (groups_after_zero) { 2811 memmove(addr + zero_group_start + zero_groups, 2812 addr + zero_group_start, 2813 groups_after_zero * sizeof(*addr)); 2814 } 2815 memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr)); 2816 } else { 2817 if (nonzero_groups != 8) { 2818 return -1; 2819 } 2820 } 2821 memcpy(dst, addr, sizeof(addr)); 2822 return 0; 2823} 2824 2825static int x509_inet_pton_ipv4(const char *src, void *dst) 2826{ 2827 const unsigned char *p = (const unsigned char *) src; 2828 uint8_t *res = (uint8_t *) dst; 2829 uint8_t digit, num_digits = 0; 2830 uint8_t num_octets = 0; 2831 uint16_t octet; 2832 2833 do { 2834 octet = num_digits = 0; 2835 do { 2836 digit = *p - '0'; 2837 if (digit > 9) { 2838 break; 2839 } 2840 2841 /* Don't allow leading zeroes. These might mean octal format, 2842 * which this implementation does not support. */ 2843 if (octet == 0 && num_digits > 0) { 2844 return -1; 2845 } 2846 2847 octet = octet * 10 + digit; 2848 num_digits++; 2849 p++; 2850 } while (num_digits < 3); 2851 2852 if (octet >= 256 || num_digits > 3 || num_digits == 0) { 2853 return -1; 2854 } 2855 *res++ = (uint8_t) octet; 2856 num_octets++; 2857 } while (num_octets < 4 && *p++ == '.'); 2858 return num_octets == 4 && *p == '\0' ? 0 : -1; 2859} 2860 2861#else 2862 2863static int x509_inet_pton_ipv6(const char *src, void *dst) 2864{ 2865 return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; 2866} 2867 2868static int x509_inet_pton_ipv4(const char *src, void *dst) 2869{ 2870 return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; 2871} 2872 2873#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names 2874 2875size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst) 2876{ 2877 return strchr(cn, ':') == NULL 2878 ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 2879 : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; 2880} 2881 2882/* 2883 * Check for CN match 2884 */ 2885static int x509_crt_check_cn(const mbedtls_x509_buf *name, 2886 const char *cn, size_t cn_len) 2887{ 2888 /* try exact match */ 2889 if (name->len == cn_len && 2890 x509_memcasecmp(cn, name->p, cn_len) == 0) { 2891 return 0; 2892 } 2893 2894 /* try wildcard match */ 2895 if (x509_check_wildcard(cn, name) == 0) { 2896 return 0; 2897 } 2898 2899 return -1; 2900} 2901 2902static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, 2903 const char *cn, size_t cn_len) 2904{ 2905 uint32_t ip[4]; 2906 cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip); 2907 if (cn_len == 0) { 2908 return -1; 2909 } 2910 2911 for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { 2912 const unsigned char san_type = (unsigned char) cur->buf.tag & 2913 MBEDTLS_ASN1_TAG_VALUE_MASK; 2914 if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && 2915 cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { 2916 return 0; 2917 } 2918 } 2919 2920 return -1; 2921} 2922 2923static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san, 2924 const char *cn, size_t cn_len) 2925{ 2926 for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { 2927 const unsigned char san_type = (unsigned char) cur->buf.tag & 2928 MBEDTLS_ASN1_TAG_VALUE_MASK; 2929 if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER && 2930 cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { 2931 return 0; 2932 } 2933 } 2934 2935 return -1; 2936} 2937 2938/* 2939 * Check for SAN match, see RFC 5280 Section 4.2.1.6 2940 */ 2941static int x509_crt_check_san(const mbedtls_x509_sequence *san, 2942 const char *cn, size_t cn_len) 2943{ 2944 int san_ip = 0; 2945 int san_uri = 0; 2946 /* Prioritize DNS name over other subtypes due to popularity */ 2947 for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { 2948 switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { 2949 case MBEDTLS_X509_SAN_DNS_NAME: 2950 if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { 2951 return 0; 2952 } 2953 break; 2954 case MBEDTLS_X509_SAN_IP_ADDRESS: 2955 san_ip = 1; 2956 break; 2957 case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: 2958 san_uri = 1; 2959 break; 2960 /* (We may handle other types here later.) */ 2961 default: /* Unrecognized type */ 2962 break; 2963 } 2964 } 2965 if (san_ip) { 2966 if (x509_crt_check_san_ip(san, cn, cn_len) == 0) { 2967 return 0; 2968 } 2969 } 2970 if (san_uri) { 2971 if (x509_crt_check_san_uri(san, cn, cn_len) == 0) { 2972 return 0; 2973 } 2974 } 2975 2976 return -1; 2977} 2978 2979/* 2980 * Verify the requested CN - only call this if cn is not NULL! 2981 */ 2982static void x509_crt_verify_name(const mbedtls_x509_crt *crt, 2983 const char *cn, 2984 uint32_t *flags) 2985{ 2986 const mbedtls_x509_name *name; 2987 size_t cn_len = strlen(cn); 2988 2989 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { 2990 if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { 2991 return; 2992 } 2993 } else { 2994 for (name = &crt->subject; name != NULL; name = name->next) { 2995 if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && 2996 x509_crt_check_cn(&name->val, cn, cn_len) == 0) { 2997 return; 2998 } 2999 } 3000 3001 } 3002 3003 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 3004} 3005 3006/* 3007 * Merge the flags for all certs in the chain, after calling callback 3008 */ 3009static int x509_crt_merge_flags_with_cb( 3010 uint32_t *flags, 3011 const mbedtls_x509_crt_verify_chain *ver_chain, 3012 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3013 void *p_vrfy) 3014{ 3015 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 3016 unsigned i; 3017 uint32_t cur_flags; 3018 const mbedtls_x509_crt_verify_chain_item *cur; 3019 3020 for (i = ver_chain->len; i != 0; --i) { 3021 cur = &ver_chain->items[i-1]; 3022 cur_flags = cur->flags; 3023 3024 if (NULL != f_vrfy) { 3025 if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { 3026 return ret; 3027 } 3028 } 3029 3030 *flags |= cur_flags; 3031 } 3032 3033 return 0; 3034} 3035 3036/* 3037 * Verify the certificate validity, with profile, restartable version 3038 * 3039 * This function: 3040 * - checks the requested CN (if any) 3041 * - checks the type and size of the EE cert's key, 3042 * as that isn't done as part of chain building/verification currently 3043 * - builds and verifies the chain 3044 * - then calls the callback and merges the flags 3045 * 3046 * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` 3047 * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the 3048 * verification routine to search for trusted signers, and CRLs will 3049 * be disabled. Otherwise, `trust_ca` will be used as the static list 3050 * of trusted signers, and `ca_crl` will be use as the static list 3051 * of CRLs. 3052 */ 3053static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, 3054 mbedtls_x509_crt *trust_ca, 3055 mbedtls_x509_crl *ca_crl, 3056 mbedtls_x509_crt_ca_cb_t f_ca_cb, 3057 void *p_ca_cb, 3058 const mbedtls_x509_crt_profile *profile, 3059 const char *cn, uint32_t *flags, 3060 int (*f_vrfy)(void *, 3061 mbedtls_x509_crt *, 3062 int, 3063 uint32_t *), 3064 void *p_vrfy, 3065 mbedtls_x509_crt_restart_ctx *rs_ctx) 3066{ 3067 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 3068 mbedtls_pk_type_t pk_type; 3069 mbedtls_x509_crt_verify_chain ver_chain; 3070 uint32_t ee_flags; 3071 3072 *flags = 0; 3073 ee_flags = 0; 3074 x509_crt_verify_chain_reset(&ver_chain); 3075 3076 if (profile == NULL) { 3077 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; 3078 goto exit; 3079 } 3080 3081 /* check name if requested */ 3082 if (cn != NULL) { 3083 x509_crt_verify_name(crt, cn, &ee_flags); 3084 } 3085 3086 /* Check the type and size of the key */ 3087 pk_type = mbedtls_pk_get_type(&crt->pk); 3088 3089 if (x509_profile_check_pk_alg(profile, pk_type) != 0) { 3090 ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; 3091 } 3092 3093 if (x509_profile_check_key(profile, &crt->pk) != 0) { 3094 ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 3095 } 3096 3097 /* Check the chain */ 3098 ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, 3099 f_ca_cb, p_ca_cb, profile, 3100 &ver_chain, rs_ctx); 3101 3102 if (ret != 0) { 3103 goto exit; 3104 } 3105 3106 /* Merge end-entity flags */ 3107 ver_chain.items[0].flags |= ee_flags; 3108 3109 /* Build final flags, calling callback on the way if any */ 3110 ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); 3111 3112exit: 3113 3114#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 3115 mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); 3116 mbedtls_free(ver_chain.trust_ca_cb_result); 3117 ver_chain.trust_ca_cb_result = NULL; 3118#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 3119 3120#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 3121 if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { 3122 mbedtls_x509_crt_restart_free(rs_ctx); 3123 } 3124#endif 3125 3126 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by 3127 * the SSL module for authmode optional, but non-zero return from the 3128 * callback means a fatal error so it shouldn't be ignored */ 3129 if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { 3130 ret = MBEDTLS_ERR_X509_FATAL_ERROR; 3131 } 3132 3133 if (ret != 0) { 3134 *flags = (uint32_t) -1; 3135 return ret; 3136 } 3137 3138 if (*flags != 0) { 3139 return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; 3140 } 3141 3142 return 0; 3143} 3144 3145 3146/* 3147 * Verify the certificate validity (default profile, not restartable) 3148 */ 3149int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, 3150 mbedtls_x509_crt *trust_ca, 3151 mbedtls_x509_crl *ca_crl, 3152 const char *cn, uint32_t *flags, 3153 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3154 void *p_vrfy) 3155{ 3156 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, 3157 NULL, NULL, 3158 &mbedtls_x509_crt_profile_default, 3159 cn, flags, 3160 f_vrfy, p_vrfy, NULL); 3161} 3162 3163/* 3164 * Verify the certificate validity (user-chosen profile, not restartable) 3165 */ 3166int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, 3167 mbedtls_x509_crt *trust_ca, 3168 mbedtls_x509_crl *ca_crl, 3169 const mbedtls_x509_crt_profile *profile, 3170 const char *cn, uint32_t *flags, 3171 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3172 void *p_vrfy) 3173{ 3174 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, 3175 NULL, NULL, 3176 profile, cn, flags, 3177 f_vrfy, p_vrfy, NULL); 3178} 3179 3180#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 3181/* 3182 * Verify the certificate validity (user-chosen profile, CA callback, 3183 * not restartable). 3184 */ 3185int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, 3186 mbedtls_x509_crt_ca_cb_t f_ca_cb, 3187 void *p_ca_cb, 3188 const mbedtls_x509_crt_profile *profile, 3189 const char *cn, uint32_t *flags, 3190 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3191 void *p_vrfy) 3192{ 3193 return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, 3194 f_ca_cb, p_ca_cb, 3195 profile, cn, flags, 3196 f_vrfy, p_vrfy, NULL); 3197} 3198#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 3199 3200int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, 3201 mbedtls_x509_crt *trust_ca, 3202 mbedtls_x509_crl *ca_crl, 3203 const mbedtls_x509_crt_profile *profile, 3204 const char *cn, uint32_t *flags, 3205 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 3206 void *p_vrfy, 3207 mbedtls_x509_crt_restart_ctx *rs_ctx) 3208{ 3209 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, 3210 NULL, NULL, 3211 profile, cn, flags, 3212 f_vrfy, p_vrfy, rs_ctx); 3213} 3214 3215 3216/* 3217 * Initialize a certificate chain 3218 */ 3219void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) 3220{ 3221 memset(crt, 0, sizeof(mbedtls_x509_crt)); 3222} 3223 3224/* 3225 * Unallocate all certificate data 3226 */ 3227void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) 3228{ 3229 mbedtls_x509_crt *cert_cur = crt; 3230 mbedtls_x509_crt *cert_prv; 3231 3232 while (cert_cur != NULL) { 3233 mbedtls_pk_free(&cert_cur->pk); 3234 3235#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 3236 mbedtls_free(cert_cur->sig_opts); 3237#endif 3238 3239 mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); 3240 mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); 3241 mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); 3242 mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); 3243 mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); 3244 mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); 3245 3246 if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { 3247 mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); 3248 } 3249 3250 cert_prv = cert_cur; 3251 cert_cur = cert_cur->next; 3252 3253 mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); 3254 if (cert_prv != crt) { 3255 mbedtls_free(cert_prv); 3256 } 3257 } 3258} 3259 3260#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 3261/* 3262 * Initialize a restart context 3263 */ 3264void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx) 3265{ 3266 mbedtls_pk_restart_init(&ctx->pk); 3267 3268 ctx->parent = NULL; 3269 ctx->fallback_parent = NULL; 3270 ctx->fallback_signature_is_good = 0; 3271 3272 ctx->parent_is_trusted = -1; 3273 3274 ctx->in_progress = x509_crt_rs_none; 3275 ctx->self_cnt = 0; 3276 x509_crt_verify_chain_reset(&ctx->ver_chain); 3277} 3278 3279/* 3280 * Free the components of a restart context 3281 */ 3282void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) 3283{ 3284 if (ctx == NULL) { 3285 return; 3286 } 3287 3288 mbedtls_pk_restart_free(&ctx->pk); 3289 mbedtls_x509_crt_restart_init(ctx); 3290} 3291#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 3292 3293int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) 3294{ 3295 if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { 3296 return crt->MBEDTLS_PRIVATE(ca_istrue); 3297 } 3298 return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; 3299} 3300 3301#endif /* MBEDTLS_X509_CRT_PARSE_C */ 3302