Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

x509_crt.c@ 398

Last change on this file since 398 was 398, checked in by coas-nagasima, 5 years ago
mbedTLS版Azure IoT Hub接続サンプルのソースコードを追加
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc;charset=UTF-8`
File size: 79.3 KB

Line
1	/*
2	* X.509 certificate parsing and verification
3	*
4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5	* SPDX-License-Identifier: Apache-2.0
6	*
7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
8	* not use this file except in compliance with the License.
9	* You may obtain a copy of the License at
10	*
11	* http://www.apache.org/licenses/LICENSE-2.0
12	*
13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and
17	* limitations under the License.
18	*
19	* This file is part of mbed TLS (https://tls.mbed.org)
20	*/
21	/*
22	* The ITU-T X.509 standard defines a certificate format for PKI.
23	*
24	* http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
25	* http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
26	* http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
27	*
28	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
29	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
30	*
31	* [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
32	*/
33
34	#if !defined(MBEDTLS_CONFIG_FILE)
35	#include "mbedtls/config.h"
36	#else
37	#include MBEDTLS_CONFIG_FILE
38	#endif
39
40	#if defined(MBEDTLS_X509_CRT_PARSE_C)
41
42	#include "mbedtls/x509_crt.h"
43	#include "mbedtls/oid.h"
44	#include "mbedtls/platform_util.h"
45
46	#include <string.h>
47
48	#if defined(MBEDTLS_PEM_PARSE_C)
49	#include "mbedtls/pem.h"
50	#endif
51
52	#if defined(MBEDTLS_PLATFORM_C)
53	#include "mbedtls/platform.h"
54	#else
55	#include <stdio.h>
56	#include <stdlib.h>
57	#define mbedtls_free free
58	#define mbedtls_calloc calloc
59	#define mbedtls_snprintf snprintf
60	#endif
61
62	#if defined(MBEDTLS_THREADING_C)
63	#include "mbedtls/threading.h"
64	#endif
65
66	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
67	#include <windows.h>
68	#else
69	#include <time.h>
70	#endif
71
72	#if defined(MBEDTLS_FS_IO)
73	#include <stdio.h>
74	#if !defined(_WIN32) \|\| defined(EFIX64) \|\| defined(EFI32)
75	#include <sys/types.h>
76	#include <sys/stat.h>
77	#include <dirent.h>
78	#endif /* !_WIN32 \|\| EFIX64 \|\| EFI32 */
79	#endif
80
81	/*
82	* Item in a verification chain: cert and flags for it
83	*/
84	typedef struct {
85	mbedtls_x509_crt *crt;
86	uint32_t flags;
87	} x509_crt_verify_chain_item;
88
89	/*
90	* Max size of verification chain: end-entity + intermediates + trusted root
91	*/
92	#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
93
94	/*
95	* Default profile
96	*/
97	const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
98	{
99	#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
100	/* Allow SHA-1 (weak, but still safe in controlled environments) */
101	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) \|
102	#endif
103	/* Only SHA-2 hashes */
104	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) \|
105	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) \|
106	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) \|
107	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
108	0xFFFFFFF, /* Any PK alg */
109	0xFFFFFFF, /* Any curve */
110	2048,
111	};
112
113	/*
114	* Next-default profile
115	*/
116	const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
117	{
118	/* Hashes from SHA-256 and above */
119	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) \|
120	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) \|
121	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
122	0xFFFFFFF, /* Any PK alg */
123	#if defined(MBEDTLS_ECP_C)
124	/* Curves at or above 128-bit security level */
125	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) \|
126	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) \|
127	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) \|
128	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) \|
129	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) \|
130	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) \|
131	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
132	#else
133	0,
134	#endif
135	2048,
136	};
137
138	/*
139	* NSA Suite B Profile
140	*/
141	const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
142	{
143	/* Only SHA-256 and 384 */
144	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) \|
145	MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
146	/* Only ECDSA */
147	MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) \|
148	MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
149	#if defined(MBEDTLS_ECP_C)
150	/* Only NIST P-256 and P-384 */
151	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) \|
152	MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
153	#else
154	0,
155	#endif
156	0,
157	};
158
159	/*
160	* Check md_alg against profile
161	* Return 0 if md_alg is acceptable for this profile, -1 otherwise
162	*/
163	static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
164	mbedtls_md_type_t md_alg )
165	{
166	if( md_alg == MBEDTLS_MD_NONE )
167	return( -1 );
168
169	if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
170	return( 0 );
171
172	return( -1 );
173	}
174
175	/*
176	* Check pk_alg against profile
177	* Return 0 if pk_alg is acceptable for this profile, -1 otherwise
178	*/
179	static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
180	mbedtls_pk_type_t pk_alg )
181	{
182	if( pk_alg == MBEDTLS_PK_NONE )
183	return( -1 );
184
185	if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
186	return( 0 );
187
188	return( -1 );
189	}
190
191	/*
192	* Check key against profile
193	* Return 0 if pk is acceptable for this profile, -1 otherwise
194	*/
195	static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
196	const mbedtls_pk_context *pk )
197	{
198	const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk );
199
200	#if defined(MBEDTLS_RSA_C)
201	if( pk_alg == MBEDTLS_PK_RSA \|\| pk_alg == MBEDTLS_PK_RSASSA_PSS )
202	{
203	if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
204	return( 0 );
205
206	return( -1 );
207	}
208	#endif
209
210	#if defined(MBEDTLS_ECP_C)
211	if( pk_alg == MBEDTLS_PK_ECDSA \|\|
212	pk_alg == MBEDTLS_PK_ECKEY \|\|
213	pk_alg == MBEDTLS_PK_ECKEY_DH )
214	{
215	const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
216
217	if( gid == MBEDTLS_ECP_DP_NONE )
218	return( -1 );
219
220	if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
221	return( 0 );
222
223	return( -1 );
224	}
225	#endif
226
227	return( -1 );
228	}
229
230	/*
231	* Like memcmp, but case-insensitive and always returns -1 if different
232	*/
233	static int x509_memcasecmp( const void s1, const void s2, size_t len )
234	{
235	size_t i;
236	unsigned char diff;
237	const unsigned char n1 = s1, n2 = s2;
238
239	for( i = 0; i < len; i++ )
240	{
241	diff = n1[i] ^ n2[i];
242
243	if( diff == 0 )
244	continue;
245
246	if( diff == 32 &&
247	( ( n1[i] >= 'a' && n1[i] <= 'z' ) \|\|
248	( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
249	{
250	continue;
251	}
252
253	return( -1 );
254	}
255
256	return( 0 );
257	}
258
259	/*
260	* Return 0 if name matches wildcard, -1 otherwise
261	*/
262	static int x509_check_wildcard( const char cn, const mbedtls_x509_buf name )
263	{
264	size_t i;
265	size_t cn_idx = 0, cn_len = strlen( cn );
266
267	/* We can't have a match if there is no wildcard to match */
268	if( name->len < 3 \|\| name->p[0] != '*' \|\| name->p[1] != '.' )
269	return( -1 );
270
271	for( i = 0; i < cn_len; ++i )
272	{
273	if( cn[i] == '.' )
274	{
275	cn_idx = i;
276	break;
277	}
278	}
279
280	if( cn_idx == 0 )
281	return( -1 );
282
283	if( cn_len - cn_idx == name->len - 1 &&
284	x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
285	{
286	return( 0 );
287	}
288
289	return( -1 );
290	}
291
292	/*
293	* Compare two X.509 strings, case-insensitive, and allowing for some encoding
294	* variations (but not all).
295	*
296	* Return 0 if equal, -1 otherwise.
297	*/
298	static int x509_string_cmp( const mbedtls_x509_buf a, const mbedtls_x509_buf b )
299	{
300	if( a->tag == b->tag &&
301	a->len == b->len &&
302	memcmp( a->p, b->p, b->len ) == 0 )
303	{
304	return( 0 );
305	}
306
307	if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING \|\| a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
308	( b->tag == MBEDTLS_ASN1_UTF8_STRING \|\| b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
309	a->len == b->len &&
310	x509_memcasecmp( a->p, b->p, b->len ) == 0 )
311	{
312	return( 0 );
313	}
314
315	return( -1 );
316	}
317
318	/*
319	* Compare two X.509 Names (aka rdnSequence).
320	*
321	* See RFC 5280 section 7.1, though we don't implement the whole algorithm:
322	* we sometimes return unequal when the full algorithm would return equal,
323	* but never the other way. (In particular, we don't do Unicode normalisation
324	* or space folding.)
325	*
326	* Return 0 if equal, -1 otherwise.
327	*/
328	static int x509_name_cmp( const mbedtls_x509_name a, const mbedtls_x509_name b )
329	{
330	/* Avoid recursion, it might not be optimised by the compiler */
331	while( a != NULL \|\| b != NULL )
332	{
333	if( a == NULL \|\| b == NULL )
334	return( -1 );
335
336	/* type */
337	if( a->oid.tag != b->oid.tag \|\|
338	a->oid.len != b->oid.len \|\|
339	memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
340	{
341	return( -1 );
342	}
343
344	/* value */
345	if( x509_string_cmp( &a->val, &b->val ) != 0 )
346	return( -1 );
347
348	/* structure of the list of sets */
349	if( a->next_merged != b->next_merged )
350	return( -1 );
351
352	a = a->next;
353	b = b->next;
354	}
355
356	/* a == NULL == b */
357	return( 0 );
358	}
359
360	/*
361	* Reset (init or clear) a verify_chain
362	*/
363	static void x509_crt_verify_chain_reset(
364	mbedtls_x509_crt_verify_chain *ver_chain )
365	{
366	size_t i;
367
368	for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
369	{
370	ver_chain->items[i].crt = NULL;
371	ver_chain->items[i].flags = (uint32_t) -1;
372	}
373
374	ver_chain->len = 0;
375	}
376
377	/*
378	* Version ::= INTEGER { v1(0), v2(1), v3(2) }
379	*/
380	static int x509_get_version( unsigned char **p,
381	const unsigned char *end,
382	int *ver )
383	{
384	int ret;
385	size_t len;
386
387	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
388	MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| 0 ) ) != 0 )
389	{
390	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
391	{
392	*ver = 0;
393	return( 0 );
394	}
395
396	return( ret );
397	}
398
399	end = *p + len;
400
401	if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
402	return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
403
404	if( *p != end )
405	return( MBEDTLS_ERR_X509_INVALID_VERSION +
406	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
407
408	return( 0 );
409	}
410
411	/*
412	* Validity ::= SEQUENCE {
413	* notBefore Time,
414	* notAfter Time }
415	*/
416	static int x509_get_dates( unsigned char **p,
417	const unsigned char *end,
418	mbedtls_x509_time *from,
419	mbedtls_x509_time *to )
420	{
421	int ret;
422	size_t len;
423
424	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
425	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
426	return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
427
428	end = *p + len;
429
430	if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
431	return( ret );
432
433	if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
434	return( ret );
435
436	if( *p != end )
437	return( MBEDTLS_ERR_X509_INVALID_DATE +
438	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
439
440	return( 0 );
441	}
442
443	/*
444	* X.509 v2/v3 unique identifier (not parsed)
445	*/
446	static int x509_get_uid( unsigned char **p,
447	const unsigned char *end,
448	mbedtls_x509_buf *uid, int n )
449	{
450	int ret;
451
452	if( *p == end )
453	return( 0 );
454
455	uid->tag = **p;
456
457	if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
458	MBEDTLS_ASN1_CONTEXT_SPECIFIC \| MBEDTLS_ASN1_CONSTRUCTED \| n ) ) != 0 )
459	{
460	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
461	return( 0 );
462
463	return( ret );
464	}
465
466	uid->p = *p;
467	*p += uid->len;
468
469	return( 0 );
470	}
471
472	static int x509_get_basic_constraints( unsigned char **p,
473	const unsigned char *end,
474	int *ca_istrue,
475	int *max_pathlen )
476	{
477	int ret;
478	size_t len;
479
480	/*
481	* BasicConstraints ::= SEQUENCE {
482	* cA BOOLEAN DEFAULT FALSE,
483	* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
484	*/
485	ca_istrue = 0; / DEFAULT FALSE */
486	max_pathlen = 0; / endless */
487
488	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
489	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
490	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
491
492	if( *p == end )
493	return( 0 );
494
495	if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
496	{
497	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
498	ret = mbedtls_asn1_get_int( p, end, ca_istrue );
499
500	if( ret != 0 )
501	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
502
503	if( *ca_istrue != 0 )
504	*ca_istrue = 1;
505	}
506
507	if( *p == end )
508	return( 0 );
509
510	if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
511	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
512
513	if( *p != end )
514	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
515	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
516
517	(*max_pathlen)++;
518
519	return( 0 );
520	}
521
522	static int x509_get_ns_cert_type( unsigned char **p,
523	const unsigned char *end,
524	unsigned char *ns_cert_type)
525	{
526	int ret;
527	mbedtls_x509_bitstring bs = { 0, 0, NULL };
528
529	if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
530	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
531
532	if( bs.len != 1 )
533	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
534	MBEDTLS_ERR_ASN1_INVALID_LENGTH );
535
536	/* Get actual bitstring */
537	ns_cert_type = bs.p;
538	return( 0 );
539	}
540
541	static int x509_get_key_usage( unsigned char **p,
542	const unsigned char *end,
543	unsigned int *key_usage)
544	{
545	int ret;
546	size_t i;
547	mbedtls_x509_bitstring bs = { 0, 0, NULL };
548
549	if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
550	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
551
552	if( bs.len < 1 )
553	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
554	MBEDTLS_ERR_ASN1_INVALID_LENGTH );
555
556	/* Get actual bitstring */
557	*key_usage = 0;
558	for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
559	{
560	key_usage \|= (unsigned int) bs.p[i] << (8i);
561	}
562
563	return( 0 );
564	}
565
566	/*
567	* ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
568	*
569	* KeyPurposeId ::= OBJECT IDENTIFIER
570	*/
571	static int x509_get_ext_key_usage( unsigned char **p,
572	const unsigned char *end,
573	mbedtls_x509_sequence *ext_key_usage)
574	{
575	int ret;
576
577	if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
578	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
579
580	/* Sequence length must be >= 1 */
581	if( ext_key_usage->buf.p == NULL )
582	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
583	MBEDTLS_ERR_ASN1_INVALID_LENGTH );
584
585	return( 0 );
586	}
587
588	/*
589	* SubjectAltName ::= GeneralNames
590	*
591	* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
592	*
593	* GeneralName ::= CHOICE {
594	* otherName [0] OtherName,
595	* rfc822Name [1] IA5String,
596	* dNSName [2] IA5String,
597	* x400Address [3] ORAddress,
598	* directoryName [4] Name,
599	* ediPartyName [5] EDIPartyName,
600	* uniformResourceIdentifier [6] IA5String,
601	* iPAddress [7] OCTET STRING,
602	* registeredID [8] OBJECT IDENTIFIER }
603	*
604	* OtherName ::= SEQUENCE {
605	* type-id OBJECT IDENTIFIER,
606	* value [0] EXPLICIT ANY DEFINED BY type-id }
607	*
608	* EDIPartyName ::= SEQUENCE {
609	* nameAssigner [0] DirectoryString OPTIONAL,
610	* partyName [1] DirectoryString }
611	*
612	* NOTE: we only parse and use dNSName at this point.
613	*/
614	static int x509_get_subject_alt_name( unsigned char **p,
615	const unsigned char *end,
616	mbedtls_x509_sequence *subject_alt_name )
617	{
618	int ret;
619	size_t len, tag_len;
620	mbedtls_asn1_buf *buf;
621	unsigned char tag;
622	mbedtls_asn1_sequence *cur = subject_alt_name;
623
624	/* Get main sequence tag */
625	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
626	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
627	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
628
629	if( *p + len != end )
630	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
631	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
632
633	while( *p < end )
634	{
635	if( ( end - *p ) < 1 )
636	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
637	MBEDTLS_ERR_ASN1_OUT_OF_DATA );
638
639	tag = **p;
640	(*p)++;
641	if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
642	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
643
644	if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
645	MBEDTLS_ASN1_CONTEXT_SPECIFIC )
646	{
647	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
648	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
649	}
650
651	/* Skip everything but DNS name */
652	if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC \| 2 ) )
653	{
654	*p += tag_len;
655	continue;
656	}
657
658	/* Allocate and assign next pointer */
659	if( cur->buf.p != NULL )
660	{
661	if( cur->next != NULL )
662	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
663
664	cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
665
666	if( cur->next == NULL )
667	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
668	MBEDTLS_ERR_ASN1_ALLOC_FAILED );
669
670	cur = cur->next;
671	}
672
673	buf = &(cur->buf);
674	buf->tag = tag;
675	buf->p = *p;
676	buf->len = tag_len;
677	*p += buf->len;
678	}
679
680	/* Set final sequence entry's next pointer to NULL */
681	cur->next = NULL;
682
683	if( *p != end )
684	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
685	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
686
687	return( 0 );
688	}
689
690	/*
691	* X.509 v3 extensions
692	*
693	*/
694	static int x509_get_crt_ext( unsigned char **p,
695	const unsigned char *end,
696	mbedtls_x509_crt *crt )
697	{
698	int ret;
699	size_t len;
700	unsigned char end_ext_data, end_ext_octet;
701
702	if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
703	{
704	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
705	return( 0 );
706
707	return( ret );
708	}
709
710	while( *p < end )
711	{
712	/*
713	* Extension ::= SEQUENCE {
714	* extnID OBJECT IDENTIFIER,
715	* critical BOOLEAN DEFAULT FALSE,
716	* extnValue OCTET STRING }
717	*/
718	mbedtls_x509_buf extn_oid = {0, 0, NULL};
719	int is_critical = 0; /* DEFAULT FALSE */
720	int ext_type = 0;
721
722	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
723	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
724	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
725
726	end_ext_data = *p + len;
727
728	/* Get extension ID */
729	if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
730	MBEDTLS_ASN1_OID ) ) != 0 )
731	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
732
733	extn_oid.tag = MBEDTLS_ASN1_OID;
734	extn_oid.p = *p;
735	*p += extn_oid.len;
736
737	/* Get optional critical */
738	if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
739	( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
740	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
741
742	/* Data should be octet string type */
743	if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
744	MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
745	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
746
747	end_ext_octet = *p + len;
748
749	if( end_ext_octet != end_ext_data )
750	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
751	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
752
753	/*
754	* Detect supported extensions
755	*/
756	ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
757
758	if( ret != 0 )
759	{
760	/* No parser found, skip extension */
761	*p = end_ext_octet;
762
763	#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
764	if( is_critical )
765	{
766	/* Data is marked as critical: fail */
767	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
768	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
769	}
770	#endif
771	continue;
772	}
773
774	/* Forbid repeated extensions */
775	if( ( crt->ext_types & ext_type ) != 0 )
776	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
777
778	crt->ext_types \|= ext_type;
779
780	switch( ext_type )
781	{
782	case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
783	/* Parse basic constraints */
784	if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
785	&crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
786	return( ret );
787	break;
788
789	case MBEDTLS_X509_EXT_KEY_USAGE:
790	/* Parse key usage */
791	if( ( ret = x509_get_key_usage( p, end_ext_octet,
792	&crt->key_usage ) ) != 0 )
793	return( ret );
794	break;
795
796	case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
797	/* Parse extended key usage */
798	if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
799	&crt->ext_key_usage ) ) != 0 )
800	return( ret );
801	break;
802
803	case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
804	/* Parse subject alt name */
805	if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
806	&crt->subject_alt_names ) ) != 0 )
807	return( ret );
808	break;
809
810	case MBEDTLS_X509_EXT_NS_CERT_TYPE:
811	/* Parse netscape certificate type */
812	if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
813	&crt->ns_cert_type ) ) != 0 )
814	return( ret );
815	break;
816
817	default:
818	return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
819	}
820	}
821
822	if( *p != end )
823	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
824	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
825
826	return( 0 );
827	}
828
829	/*
830	* Parse and fill a single X.509 certificate in DER format
831	*/
832	static int x509_crt_parse_der_core( mbedtls_x509_crt crt, const unsigned char buf,
833	size_t buflen )
834	{
835	int ret;
836	size_t len;
837	unsigned char p, end, *crt_end;
838	mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
839
840	memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
841	memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
842	memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
843
844	/*
845	* Check for valid input
846	*/
847	if( crt == NULL \|\| buf == NULL )
848	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
849
850	// Use the original buffer until we figure out actual length
851	p = (unsigned char*) buf;
852	len = buflen;
853	end = p + len;
854
855	/*
856	* Certificate ::= SEQUENCE {
857	* tbsCertificate TBSCertificate,
858	* signatureAlgorithm AlgorithmIdentifier,
859	* signatureValue BIT STRING }
860	*/
861	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
862	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
863	{
864	mbedtls_x509_crt_free( crt );
865	return( MBEDTLS_ERR_X509_INVALID_FORMAT );
866	}
867
868	if( len > (size_t) ( end - p ) )
869	{
870	mbedtls_x509_crt_free( crt );
871	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
872	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
873	}
874	crt_end = p + len;
875
876	// Create and populate a new buffer for the raw field
877	crt->raw.len = crt_end - buf;
878	crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
879	if( p == NULL )
880	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
881
882	memcpy( p, buf, crt->raw.len );
883
884	// Direct pointers to the new buffer
885	p += crt->raw.len - len;
886	end = crt_end = p + len;
887
888	/*
889	* TBSCertificate ::= SEQUENCE {
890	*/
891	crt->tbs.p = p;
892
893	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
894	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
895	{
896	mbedtls_x509_crt_free( crt );
897	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
898	}
899
900	end = p + len;
901	crt->tbs.len = end - crt->tbs.p;
902
903	/*
904	* Version ::= INTEGER { v1(0), v2(1), v3(2) }
905	*
906	* CertificateSerialNumber ::= INTEGER
907	*
908	* signature AlgorithmIdentifier
909	*/
910	if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 \|\|
911	( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 \|\|
912	( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid,
913	&sig_params1 ) ) != 0 )
914	{
915	mbedtls_x509_crt_free( crt );
916	return( ret );
917	}
918
919	if( crt->version < 0 \|\| crt->version > 2 )
920	{
921	mbedtls_x509_crt_free( crt );
922	return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
923	}
924
925	crt->version++;
926
927	if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
928	&crt->sig_md, &crt->sig_pk,
929	&crt->sig_opts ) ) != 0 )
930	{
931	mbedtls_x509_crt_free( crt );
932	return( ret );
933	}
934
935	/*
936	* issuer Name
937	*/
938	crt->issuer_raw.p = p;
939
940	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
941	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
942	{
943	mbedtls_x509_crt_free( crt );
944	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
945	}
946
947	if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
948	{
949	mbedtls_x509_crt_free( crt );
950	return( ret );
951	}
952
953	crt->issuer_raw.len = p - crt->issuer_raw.p;
954
955	/*
956	* Validity ::= SEQUENCE {
957	* notBefore Time,
958	* notAfter Time }
959	*
960	*/
961	if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
962	&crt->valid_to ) ) != 0 )
963	{
964	mbedtls_x509_crt_free( crt );
965	return( ret );
966	}
967
968	/*
969	* subject Name
970	*/
971	crt->subject_raw.p = p;
972
973	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
974	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
975	{
976	mbedtls_x509_crt_free( crt );
977	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
978	}
979
980	if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
981	{
982	mbedtls_x509_crt_free( crt );
983	return( ret );
984	}
985
986	crt->subject_raw.len = p - crt->subject_raw.p;
987
988	/*
989	* SubjectPublicKeyInfo
990	*/
991	if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
992	{
993	mbedtls_x509_crt_free( crt );
994	return( ret );
995	}
996
997	/*
998	* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
999	* -- If present, version shall be v2 or v3
1000	* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1001	* -- If present, version shall be v2 or v3
1002	* extensions [3] EXPLICIT Extensions OPTIONAL
1003	* -- If present, version shall be v3
1004	*/
1005	if( crt->version == 2 \|\| crt->version == 3 )
1006	{
1007	ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1008	if( ret != 0 )
1009	{
1010	mbedtls_x509_crt_free( crt );
1011	return( ret );
1012	}
1013	}
1014
1015	if( crt->version == 2 \|\| crt->version == 3 )
1016	{
1017	ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1018	if( ret != 0 )
1019	{
1020	mbedtls_x509_crt_free( crt );
1021	return( ret );
1022	}
1023	}
1024
1025	#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
1026	if( crt->version == 3 )
1027	#endif
1028	{
1029	ret = x509_get_crt_ext( &p, end, crt );
1030	if( ret != 0 )
1031	{
1032	mbedtls_x509_crt_free( crt );
1033	return( ret );
1034	}
1035	}
1036
1037	if( p != end )
1038	{
1039	mbedtls_x509_crt_free( crt );
1040	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
1041	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
1042	}
1043
1044	end = crt_end;
1045
1046	/*
1047	* }
1048	* -- end of TBSCertificate
1049	*
1050	* signatureAlgorithm AlgorithmIdentifier,
1051	* signatureValue BIT STRING
1052	*/
1053	if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
1054	{
1055	mbedtls_x509_crt_free( crt );
1056	return( ret );
1057	}
1058
1059	if( crt->sig_oid.len != sig_oid2.len \|\|
1060	memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 \|\|
1061	sig_params1.len != sig_params2.len \|\|
1062	( sig_params1.len != 0 &&
1063	memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
1064	{
1065	mbedtls_x509_crt_free( crt );
1066	return( MBEDTLS_ERR_X509_SIG_MISMATCH );
1067	}
1068
1069	if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1070	{
1071	mbedtls_x509_crt_free( crt );
1072	return( ret );
1073	}
1074
1075	if( p != end )
1076	{
1077	mbedtls_x509_crt_free( crt );
1078	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
1079	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
1080	}
1081
1082	return( 0 );
1083	}
1084
1085	/*
1086	* Parse one X.509 certificate in DER format from a buffer and add them to a
1087	* chained list
1088	*/
1089	int mbedtls_x509_crt_parse_der( mbedtls_x509_crt chain, const unsigned char buf,
1090	size_t buflen )
1091	{
1092	int ret;
1093	mbedtls_x509_crt crt = chain, prev = NULL;
1094
1095	/*
1096	* Check for valid input
1097	*/
1098	if( crt == NULL \|\| buf == NULL )
1099	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1100
1101	while( crt->version != 0 && crt->next != NULL )
1102	{
1103	prev = crt;
1104	crt = crt->next;
1105	}
1106
1107	/*
1108	* Add new certificate on the end of the chain if needed.
1109	*/
1110	if( crt->version != 0 && crt->next == NULL )
1111	{
1112	crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
1113
1114	if( crt->next == NULL )
1115	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
1116
1117	prev = crt;
1118	mbedtls_x509_crt_init( crt->next );
1119	crt = crt->next;
1120	}
1121
1122	if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
1123	{
1124	if( prev )
1125	prev->next = NULL;
1126
1127	if( crt != chain )
1128	mbedtls_free( crt );
1129
1130	return( ret );
1131	}
1132
1133	return( 0 );
1134	}
1135
1136	/*
1137	* Parse one or more PEM certificates from a buffer and add them to the chained
1138	* list
1139	*/
1140	int mbedtls_x509_crt_parse( mbedtls_x509_crt chain, const unsigned char buf, size_t buflen )
1141	{
1142	#if defined(MBEDTLS_PEM_PARSE_C)
1143	int success = 0, first_error = 0, total_failed = 0;
1144	int buf_format = MBEDTLS_X509_FORMAT_DER;
1145	#endif
1146
1147	/*
1148	* Check for valid input
1149	*/
1150	if( chain == NULL \|\| buf == NULL )
1151	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1152
1153	/*
1154	* Determine buffer content. Buffer contains either one DER certificate or
1155	* one or more PEM certificates.
1156	*/
1157	#if defined(MBEDTLS_PEM_PARSE_C)
1158	if( buflen != 0 && buf[buflen - 1] == '\0' &&
1159	strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1160	{
1161	buf_format = MBEDTLS_X509_FORMAT_PEM;
1162	}
1163
1164	if( buf_format == MBEDTLS_X509_FORMAT_DER )
1165	return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1166	#else
1167	return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1168	#endif
1169
1170	#if defined(MBEDTLS_PEM_PARSE_C)
1171	if( buf_format == MBEDTLS_X509_FORMAT_PEM )
1172	{
1173	int ret;
1174	mbedtls_pem_context pem;
1175
1176	/* 1 rather than 0 since the terminating NULL byte is counted in */
1177	while( buflen > 1 )
1178	{
1179	size_t use_len;
1180	mbedtls_pem_init( &pem );
1181
1182	/* If we get there, we know the string is null-terminated */
1183	ret = mbedtls_pem_read_buffer( &pem,
1184	"-----BEGIN CERTIFICATE-----",
1185	"-----END CERTIFICATE-----",
1186	buf, NULL, 0, &use_len );
1187
1188	if( ret == 0 )
1189	{
1190	/*
1191	* Was PEM encoded
1192	*/
1193	buflen -= use_len;
1194	buf += use_len;
1195	}
1196	else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
1197	{
1198	return( ret );
1199	}
1200	else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1201	{
1202	mbedtls_pem_free( &pem );
1203
1204	/*
1205	* PEM header and footer were found
1206	*/
1207	buflen -= use_len;
1208	buf += use_len;
1209
1210	if( first_error == 0 )
1211	first_error = ret;
1212
1213	total_failed++;
1214	continue;
1215	}
1216	else
1217	break;
1218
1219	ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
1220
1221	mbedtls_pem_free( &pem );
1222
1223	if( ret != 0 )
1224	{
1225	/*
1226	* Quit parsing on a memory error
1227	*/
1228	if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
1229	return( ret );
1230
1231	if( first_error == 0 )
1232	first_error = ret;
1233
1234	total_failed++;
1235	continue;
1236	}
1237
1238	success = 1;
1239	}
1240	}
1241
1242	if( success )
1243	return( total_failed );
1244	else if( first_error )
1245	return( first_error );
1246	else
1247	return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
1248	#endif /* MBEDTLS_PEM_PARSE_C */
1249	}
1250
1251	#if defined(MBEDTLS_FS_IO)
1252	/*
1253	* Load one or more certificates and add them to the chained list
1254	*/
1255	int mbedtls_x509_crt_parse_file( mbedtls_x509_crt chain, const char path )
1256	{
1257	int ret;
1258	size_t n;
1259	unsigned char *buf;
1260
1261	if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
1262	return( ret );
1263
1264	ret = mbedtls_x509_crt_parse( chain, buf, n );
1265
1266	mbedtls_platform_zeroize( buf, n );
1267	mbedtls_free( buf );
1268
1269	return( ret );
1270	}
1271
1272	int mbedtls_x509_crt_parse_path( mbedtls_x509_crt chain, const char path )
1273	{
1274	int ret = 0;
1275	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1276	int w_ret;
1277	WCHAR szDir[MAX_PATH];
1278	char filename[MAX_PATH];
1279	char *p;
1280	size_t len = strlen( path );
1281
1282	WIN32_FIND_DATAW file_data;
1283	HANDLE hFind;
1284
1285	if( len > MAX_PATH - 3 )
1286	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1287
1288	memset( szDir, 0, sizeof(szDir) );
1289	memset( filename, 0, MAX_PATH );
1290	memcpy( filename, path, len );
1291	filename[len++] = '\\';
1292	p = filename + len;
1293	filename[len++] = '*';
1294
1295	w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
1296	MAX_PATH - 3 );
1297	if( w_ret == 0 )
1298	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1299
1300	hFind = FindFirstFileW( szDir, &file_data );
1301	if( hFind == INVALID_HANDLE_VALUE )
1302	return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1303
1304	len = MAX_PATH - len;
1305	do
1306	{
1307	memset( p, 0, len );
1308
1309	if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1310	continue;
1311
1312	w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1313	lstrlenW( file_data.cFileName ),
1314	p, (int) len - 1,
1315	NULL, NULL );
1316	if( w_ret == 0 )
1317	{
1318	ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1319	goto cleanup;
1320	}
1321
1322	w_ret = mbedtls_x509_crt_parse_file( chain, filename );
1323	if( w_ret < 0 )
1324	ret++;
1325	else
1326	ret += w_ret;
1327	}
1328	while( FindNextFileW( hFind, &file_data ) != 0 );
1329
1330	if( GetLastError() != ERROR_NO_MORE_FILES )
1331	ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1332
1333	cleanup:
1334	FindClose( hFind );
1335	#else /* _WIN32 */
1336	int t_ret;
1337	int snp_ret;
1338	struct stat sb;
1339	struct dirent *entry;
1340	char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
1341	DIR *dir = opendir( path );
1342
1343	if( dir == NULL )
1344	return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1345
1346	#if defined(MBEDTLS_THREADING_C)
1347	if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
1348	{
1349	closedir( dir );
1350	return( ret );
1351	}
1352	#endif /* MBEDTLS_THREADING_C */
1353
1354	while( ( entry = readdir( dir ) ) != NULL )
1355	{
1356	snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
1357	"%s/%s", path, entry->d_name );
1358
1359	if( snp_ret < 0 \|\| (size_t)snp_ret >= sizeof entry_name )
1360	{
1361	ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
1362	goto cleanup;
1363	}
1364	else if( stat( entry_name, &sb ) == -1 )
1365	{
1366	ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1367	goto cleanup;
1368	}
1369
1370	if( !S_ISREG( sb.st_mode ) )
1371	continue;
1372
1373	// Ignore parse errors
1374	//
1375	t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
1376	if( t_ret < 0 )
1377	ret++;
1378	else
1379	ret += t_ret;
1380	}
1381
1382	cleanup:
1383	closedir( dir );
1384
1385	#if defined(MBEDTLS_THREADING_C)
1386	if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
1387	ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
1388	#endif /* MBEDTLS_THREADING_C */
1389
1390	#endif /* _WIN32 */
1391
1392	return( ret );
1393	}
1394	#endif /* MBEDTLS_FS_IO */
1395
1396	static int x509_info_subject_alt_name( char *buf, size_t size,
1397	const mbedtls_x509_sequence *subject_alt_name )
1398	{
1399	size_t i;
1400	size_t n = *size;
1401	char p = buf;
1402	const mbedtls_x509_sequence *cur = subject_alt_name;
1403	const char *sep = "";
1404	size_t sep_len = 0;
1405
1406	while( cur != NULL )
1407	{
1408	if( cur->buf.len + sep_len >= n )
1409	{
1410	*p = '\0';
1411	return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
1412	}
1413
1414	n -= cur->buf.len + sep_len;
1415	for( i = 0; i < sep_len; i++ )
1416	*p++ = sep[i];
1417	for( i = 0; i < cur->buf.len; i++ )
1418	*p++ = cur->buf.p[i];
1419
1420	sep = ", ";
1421	sep_len = 2;
1422
1423	cur = cur->next;
1424	}
1425
1426	*p = '\0';
1427
1428	*size = n;
1429	*buf = p;
1430
1431	return( 0 );
1432	}
1433
1434	#define PRINT_ITEM(i) \
1435	{ \
1436	ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
1437	MBEDTLS_X509_SAFE_SNPRINTF; \
1438	sep = ", "; \
1439	}
1440
1441	#define CERT_TYPE(type,name) \
1442	if( ns_cert_type & type ) \
1443	PRINT_ITEM( name );
1444
1445	static int x509_info_cert_type( char *buf, size_t size,
1446	unsigned char ns_cert_type )
1447	{
1448	int ret;
1449	size_t n = *size;
1450	char p = buf;
1451	const char *sep = "";
1452
1453	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
1454	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
1455	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
1456	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
1457	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
1458	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
1459	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
1460	CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
1461
1462	*size = n;
1463	*buf = p;
1464
1465	return( 0 );
1466	}
1467
1468	#define KEY_USAGE(code,name) \
1469	if( key_usage & code ) \
1470	PRINT_ITEM( name );
1471
1472	static int x509_info_key_usage( char *buf, size_t size,
1473	unsigned int key_usage )
1474	{
1475	int ret;
1476	size_t n = *size;
1477	char p = buf;
1478	const char *sep = "";
1479
1480	KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
1481	KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
1482	KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
1483	KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
1484	KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
1485	KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
1486	KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
1487	KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" );
1488	KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" );
1489
1490	*size = n;
1491	*buf = p;
1492
1493	return( 0 );
1494	}
1495
1496	static int x509_info_ext_key_usage( char *buf, size_t size,
1497	const mbedtls_x509_sequence *extended_key_usage )
1498	{
1499	int ret;
1500	const char *desc;
1501	size_t n = *size;
1502	char p = buf;
1503	const mbedtls_x509_sequence *cur = extended_key_usage;
1504	const char *sep = "";
1505
1506	while( cur != NULL )
1507	{
1508	if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
1509	desc = "???";
1510
1511	ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
1512	MBEDTLS_X509_SAFE_SNPRINTF;
1513
1514	sep = ", ";
1515
1516	cur = cur->next;
1517	}
1518
1519	*size = n;
1520	*buf = p;
1521
1522	return( 0 );
1523	}
1524
1525	/*
1526	* Return an informational string about the certificate.
1527	*/
1528	#define BEFORE_COLON 18
1529	#define BC "18"
1530	int mbedtls_x509_crt_info( char buf, size_t size, const char prefix,
1531	const mbedtls_x509_crt *crt )
1532	{
1533	int ret;
1534	size_t n;
1535	char *p;
1536	char key_size_str[BEFORE_COLON];
1537
1538	p = buf;
1539	n = size;
1540
1541	if( NULL == crt )
1542	{
1543	ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
1544	MBEDTLS_X509_SAFE_SNPRINTF;
1545
1546	return( (int) ( size - n ) );
1547	}
1548
1549	ret = mbedtls_snprintf( p, n, "%scert. version : %d\n",
1550	prefix, crt->version );
1551	MBEDTLS_X509_SAFE_SNPRINTF;
1552	ret = mbedtls_snprintf( p, n, "%sserial number : ",
1553	prefix );
1554	MBEDTLS_X509_SAFE_SNPRINTF;
1555
1556	ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
1557	MBEDTLS_X509_SAFE_SNPRINTF;
1558
1559	ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
1560	MBEDTLS_X509_SAFE_SNPRINTF;
1561	ret = mbedtls_x509_dn_gets( p, n, &crt->issuer );
1562	MBEDTLS_X509_SAFE_SNPRINTF;
1563
1564	ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
1565	MBEDTLS_X509_SAFE_SNPRINTF;
1566	ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
1567	MBEDTLS_X509_SAFE_SNPRINTF;
1568
1569	ret = mbedtls_snprintf( p, n, "\n%sissued on : " \
1570	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
1571	crt->valid_from.year, crt->valid_from.mon,
1572	crt->valid_from.day, crt->valid_from.hour,
1573	crt->valid_from.min, crt->valid_from.sec );
1574	MBEDTLS_X509_SAFE_SNPRINTF;
1575
1576	ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \
1577	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
1578	crt->valid_to.year, crt->valid_to.mon,
1579	crt->valid_to.day, crt->valid_to.hour,
1580	crt->valid_to.min, crt->valid_to.sec );
1581	MBEDTLS_X509_SAFE_SNPRINTF;
1582
1583	ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
1584	MBEDTLS_X509_SAFE_SNPRINTF;
1585
1586	ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
1587	crt->sig_md, crt->sig_opts );
1588	MBEDTLS_X509_SAFE_SNPRINTF;
1589
1590	/* Key size */
1591	if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
1592	mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
1593	{
1594	return( ret );
1595	}
1596
1597	ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
1598	(int) mbedtls_pk_get_bitlen( &crt->pk ) );
1599	MBEDTLS_X509_SAFE_SNPRINTF;
1600
1601	/*
1602	* Optional extensions
1603	*/
1604
1605	if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
1606	{
1607	ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
1608	crt->ca_istrue ? "true" : "false" );
1609	MBEDTLS_X509_SAFE_SNPRINTF;
1610
1611	if( crt->max_pathlen > 0 )
1612	{
1613	ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
1614	MBEDTLS_X509_SAFE_SNPRINTF;
1615	}
1616	}
1617
1618	if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
1619	{
1620	ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
1621	MBEDTLS_X509_SAFE_SNPRINTF;
1622
1623	if( ( ret = x509_info_subject_alt_name( &p, &n,
1624	&crt->subject_alt_names ) ) != 0 )
1625	return( ret );
1626	}
1627
1628	if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
1629	{
1630	ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix );
1631	MBEDTLS_X509_SAFE_SNPRINTF;
1632
1633	if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
1634	return( ret );
1635	}
1636
1637	if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
1638	{
1639	ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix );
1640	MBEDTLS_X509_SAFE_SNPRINTF;
1641
1642	if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
1643	return( ret );
1644	}
1645
1646	if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
1647	{
1648	ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix );
1649	MBEDTLS_X509_SAFE_SNPRINTF;
1650
1651	if( ( ret = x509_info_ext_key_usage( &p, &n,
1652	&crt->ext_key_usage ) ) != 0 )
1653	return( ret );
1654	}
1655
1656	ret = mbedtls_snprintf( p, n, "\n" );
1657	MBEDTLS_X509_SAFE_SNPRINTF;
1658
1659	return( (int) ( size - n ) );
1660	}
1661
1662	struct x509_crt_verify_string {
1663	int code;
1664	const char *string;
1665	};
1666
1667	static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
1668	{ MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
1669	{ MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
1670	{ MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
1671	{ MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
1672	{ MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
1673	{ MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
1674	{ MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
1675	{ MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
1676	{ MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
1677	{ MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
1678	{ MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
1679	{ MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
1680	{ MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
1681	{ MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
1682	{ MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." },
1683	{ MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1684	{ MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
1685	{ MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." },
1686	{ MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1687	{ MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
1688	{ 0, NULL }
1689	};
1690
1691	int mbedtls_x509_crt_verify_info( char buf, size_t size, const char prefix,
1692	uint32_t flags )
1693	{
1694	int ret;
1695	const struct x509_crt_verify_string *cur;
1696	char *p = buf;
1697	size_t n = size;
1698
1699	for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
1700	{
1701	if( ( flags & cur->code ) == 0 )
1702	continue;
1703
1704	ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
1705	MBEDTLS_X509_SAFE_SNPRINTF;
1706	flags ^= cur->code;
1707	}
1708
1709	if( flags != 0 )
1710	{
1711	ret = mbedtls_snprintf( p, n, "%sUnknown reason "
1712	"(this should not happen)\n", prefix );
1713	MBEDTLS_X509_SAFE_SNPRINTF;
1714	}
1715
1716	return( (int) ( size - n ) );
1717	}
1718
1719	#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1720	int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
1721	unsigned int usage )
1722	{
1723	unsigned int usage_must, usage_may;
1724	unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
1725	\| MBEDTLS_X509_KU_DECIPHER_ONLY;
1726
1727	if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
1728	return( 0 );
1729
1730	usage_must = usage & ~may_mask;
1731
1732	if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
1733	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1734
1735	usage_may = usage & may_mask;
1736
1737	if( ( ( crt->key_usage & may_mask ) \| usage_may ) != usage_may )
1738	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1739
1740	return( 0 );
1741	}
1742	#endif
1743
1744	#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
1745	int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
1746	const char *usage_oid,
1747	size_t usage_len )
1748	{
1749	const mbedtls_x509_sequence *cur;
1750
1751	/* Extension is not mandatory, absent means no restriction */
1752	if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
1753	return( 0 );
1754
1755	/*
1756	* Look for the requested usage (or wildcard ANY) in our list
1757	*/
1758	for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
1759	{
1760	const mbedtls_x509_buf *cur_oid = &cur->buf;
1761
1762	if( cur_oid->len == usage_len &&
1763	memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
1764	{
1765	return( 0 );
1766	}
1767
1768	if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
1769	return( 0 );
1770	}
1771
1772	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1773	}
1774	#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
1775
1776	#if defined(MBEDTLS_X509_CRL_PARSE_C)
1777	/*
1778	* Return 1 if the certificate is revoked, or 0 otherwise.
1779	*/
1780	int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt crt, const mbedtls_x509_crl crl )
1781	{
1782	const mbedtls_x509_crl_entry *cur = &crl->entry;
1783
1784	while( cur != NULL && cur->serial.len != 0 )
1785	{
1786	if( crt->serial.len == cur->serial.len &&
1787	memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
1788	{
1789	if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
1790	return( 1 );
1791	}
1792
1793	cur = cur->next;
1794	}
1795
1796	return( 0 );
1797	}
1798
1799	/*
1800	* Check that the given certificate is not revoked according to the CRL.
1801	* Skip validation if no CRL for the given CA is present.
1802	*/
1803	static int x509_crt_verifycrl( mbedtls_x509_crt crt, mbedtls_x509_crt ca,
1804	mbedtls_x509_crl *crl_list,
1805	const mbedtls_x509_crt_profile *profile )
1806	{
1807	int flags = 0;
1808	unsigned char hash[MBEDTLS_MD_MAX_SIZE];
1809	const mbedtls_md_info_t *md_info;
1810
1811	if( ca == NULL )
1812	return( flags );
1813
1814	while( crl_list != NULL )
1815	{
1816	if( crl_list->version == 0 \|\|
1817	x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
1818	{
1819	crl_list = crl_list->next;
1820	continue;
1821	}
1822
1823	/*
1824	* Check if the CA is configured to sign CRLs
1825	*/
1826	#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1827	if( mbedtls_x509_crt_check_key_usage( ca,
1828	MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
1829	{
1830	flags \|= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1831	break;
1832	}
1833	#endif
1834
1835	/*
1836	* Check if CRL is correctly signed by the trusted CA
1837	*/
1838	if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
1839	flags \|= MBEDTLS_X509_BADCRL_BAD_MD;
1840
1841	if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
1842	flags \|= MBEDTLS_X509_BADCRL_BAD_PK;
1843
1844	md_info = mbedtls_md_info_from_type( crl_list->sig_md );
1845	if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
1846	{
1847	/* Note: this can't happen except after an internal error */
1848	flags \|= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1849	break;
1850	}
1851
1852	if( x509_profile_check_key( profile, &ca->pk ) != 0 )
1853	flags \|= MBEDTLS_X509_BADCERT_BAD_KEY;
1854
1855	if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
1856	crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
1857	crl_list->sig.p, crl_list->sig.len ) != 0 )
1858	{
1859	flags \|= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1860	break;
1861	}
1862
1863	/*
1864	* Check for validity of CRL (Do not drop out)
1865	*/
1866	if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
1867	flags \|= MBEDTLS_X509_BADCRL_EXPIRED;
1868
1869	if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
1870	flags \|= MBEDTLS_X509_BADCRL_FUTURE;
1871
1872	/*
1873	* Check if certificate is revoked
1874	*/
1875	if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
1876	{
1877	flags \|= MBEDTLS_X509_BADCERT_REVOKED;
1878	break;
1879	}
1880
1881	crl_list = crl_list->next;
1882	}
1883
1884	return( flags );
1885	}
1886	#endif /* MBEDTLS_X509_CRL_PARSE_C */
1887
1888	/*
1889	* Check the signature of a certificate by its parent
1890	*/
1891	static int x509_crt_check_signature( const mbedtls_x509_crt *child,
1892	mbedtls_x509_crt *parent,
1893	mbedtls_x509_crt_restart_ctx *rs_ctx )
1894	{
1895	const mbedtls_md_info_t *md_info;
1896	unsigned char hash[MBEDTLS_MD_MAX_SIZE];
1897
1898	md_info = mbedtls_md_info_from_type( child->sig_md );
1899	if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
1900	{
1901	/* Note: this can't happen except after an internal error */
1902	return( -1 );
1903	}
1904
1905	/* Skip expensive computation on obvious mismatch */
1906	if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
1907	return( -1 );
1908
1909	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1910	if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
1911	{
1912	return( mbedtls_pk_verify_restartable( &parent->pk,
1913	child->sig_md, hash, mbedtls_md_get_size( md_info ),
1914	child->sig.p, child->sig.len, &rs_ctx->pk ) );
1915	}
1916	#else
1917	(void) rs_ctx;
1918	#endif
1919
1920	return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
1921	child->sig_md, hash, mbedtls_md_get_size( md_info ),
1922	child->sig.p, child->sig.len ) );
1923	}
1924
1925	/*
1926	* Check if 'parent' is a suitable parent (signing CA) for 'child'.
1927	* Return 0 if yes, -1 if not.
1928	*
1929	* top means parent is a locally-trusted certificate
1930	*/
1931	static int x509_crt_check_parent( const mbedtls_x509_crt *child,
1932	const mbedtls_x509_crt *parent,
1933	int top )
1934	{
1935	int need_ca_bit;
1936
1937	/* Parent must be the issuer */
1938	if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
1939	return( -1 );
1940
1941	/* Parent must have the basicConstraints CA bit set as a general rule */
1942	need_ca_bit = 1;
1943
1944	/* Exception: v1/v2 certificates that are locally trusted. */
1945	if( top && parent->version < 3 )
1946	need_ca_bit = 0;
1947
1948	if( need_ca_bit && ! parent->ca_istrue )
1949	return( -1 );
1950
1951	#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1952	if( need_ca_bit &&
1953	mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
1954	{
1955	return( -1 );
1956	}
1957	#endif
1958
1959	return( 0 );
1960	}
1961
1962	/*
1963	* Find a suitable parent for child in candidates, or return NULL.
1964	*
1965	* Here suitable is defined as:
1966	* 1. subject name matches child's issuer
1967	* 2. if necessary, the CA bit is set and key usage allows signing certs
1968	* 3. for trusted roots, the signature is correct
1969	* (for intermediates, the signature is checked and the result reported)
1970	* 4. pathlen constraints are satisfied
1971	*
1972	* If there's a suitable candidate which is also time-valid, return the first
1973	* such. Otherwise, return the first suitable candidate (or NULL if there is
1974	* none).
1975	*
1976	* The rationale for this rule is that someone could have a list of trusted
1977	* roots with two versions on the same root with different validity periods.
1978	* (At least one user reported having such a list and wanted it to just work.)
1979	* The reason we don't just require time-validity is that generally there is
1980	* only one version, and if it's expired we want the flags to state that
1981	* rather than NOT_TRUSTED, as would be the case if we required it here.
1982	*
1983	* The rationale for rule 3 (signature for trusted roots) is that users might
1984	* have two versions of the same CA with different keys in their list, and the
1985	* way we select the correct one is by checking the signature (as we don't
1986	* rely on key identifier extensions). (This is one way users might choose to
1987	* handle key rollover, another relies on self-issued certs, see [SIRO].)
1988	*
1989	* Arguments:
1990	* - [in] child: certificate for which we're looking for a parent
1991	* - [in] candidates: chained list of potential parents
1992	* - [out] r_parent: parent found (or NULL)
1993	* - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
1994	* - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
1995	* of the chain, 0 otherwise
1996	* - [in] path_cnt: number of intermediates seen so far
1997	* - [in] self_cnt: number of self-signed intermediates seen so far
1998	* (will never be greater than path_cnt)
1999	* - [in-out] rs_ctx: context for restarting operations
2000	*
2001	* Return value:
2002	* - 0 on success
2003	* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2004	*/
2005	static int x509_crt_find_parent_in(
2006	mbedtls_x509_crt *child,
2007	mbedtls_x509_crt *candidates,
2008	mbedtls_x509_crt **r_parent,
2009	int *r_signature_is_good,
2010	int top,
2011	unsigned path_cnt,
2012	unsigned self_cnt,
2013	mbedtls_x509_crt_restart_ctx *rs_ctx )
2014	{
2015	int ret;
2016	mbedtls_x509_crt parent, fallback_parent;
2017	int signature_is_good, fallback_signature_is_good;
2018
2019	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2020	/* did we have something in progress? */
2021	if( rs_ctx != NULL && rs_ctx->parent != NULL )
2022	{
2023	/* restore saved state */
2024	parent = rs_ctx->parent;
2025	fallback_parent = rs_ctx->fallback_parent;
2026	fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
2027
2028	/* clear saved state */
2029	rs_ctx->parent = NULL;
2030	rs_ctx->fallback_parent = NULL;
2031	rs_ctx->fallback_signature_is_good = 0;
2032
2033	/* resume where we left */
2034	goto check_signature;
2035	}
2036	#endif
2037
2038	fallback_parent = NULL;
2039	fallback_signature_is_good = 0;
2040
2041	for( parent = candidates; parent != NULL; parent = parent->next )
2042	{
2043	/* basic parenting skills (name, CA bit, key usage) */
2044	if( x509_crt_check_parent( child, parent, top ) != 0 )
2045	continue;
2046
2047	/* +1 because stored max_pathlen is 1 higher that the actual value */
2048	if( parent->max_pathlen > 0 &&
2049	(size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
2050	{
2051	continue;
2052	}
2053
2054	/* Signature */
2055	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2056	check_signature:
2057	#endif
2058	ret = x509_crt_check_signature( child, parent, rs_ctx );
2059
2060	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2061	if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
2062	{
2063	/* save state */
2064	rs_ctx->parent = parent;
2065	rs_ctx->fallback_parent = fallback_parent;
2066	rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
2067
2068	return( ret );
2069	}
2070	#else
2071	(void) ret;
2072	#endif
2073
2074	signature_is_good = ret == 0;
2075	if( top && ! signature_is_good )
2076	continue;
2077
2078	/* optional time check */
2079	if( mbedtls_x509_time_is_past( &parent->valid_to ) \|\|
2080	mbedtls_x509_time_is_future( &parent->valid_from ) )
2081	{
2082	if( fallback_parent == NULL )
2083	{
2084	fallback_parent = parent;
2085	fallback_signature_is_good = signature_is_good;
2086	}
2087
2088	continue;
2089	}
2090
2091	break;
2092	}
2093
2094	if( parent != NULL )
2095	{
2096	*r_parent = parent;
2097	*r_signature_is_good = signature_is_good;
2098	}
2099	else
2100	{
2101	*r_parent = fallback_parent;
2102	*r_signature_is_good = fallback_signature_is_good;
2103	}
2104
2105	return( 0 );
2106	}
2107
2108	/*
2109	* Find a parent in trusted CAs or the provided chain, or return NULL.
2110	*
2111	* Searches in trusted CAs first, and return the first suitable parent found
2112	* (see find_parent_in() for definition of suitable).
2113	*
2114	* Arguments:
2115	* - [in] child: certificate for which we're looking for a parent, followed
2116	* by a chain of possible intermediates
2117	* - [in] trust_ca: list of locally trusted certificates
2118	* - [out] parent: parent found (or NULL)
2119	* - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
2120	* - [out] signature_is_good: 1 if child signature by parent is valid, or 0
2121	* - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
2122	* - [in] self_cnt: number of self-signed certs in the chain so far
2123	* (will always be no greater than path_cnt)
2124	* - [in-out] rs_ctx: context for restarting operations
2125	*
2126	* Return value:
2127	* - 0 on success
2128	* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2129	*/
2130	static int x509_crt_find_parent(
2131	mbedtls_x509_crt *child,
2132	mbedtls_x509_crt *trust_ca,
2133	mbedtls_x509_crt **parent,
2134	int *parent_is_trusted,
2135	int *signature_is_good,
2136	unsigned path_cnt,
2137	unsigned self_cnt,
2138	mbedtls_x509_crt_restart_ctx *rs_ctx )
2139	{
2140	int ret;
2141	mbedtls_x509_crt *search_list;
2142
2143	*parent_is_trusted = 1;
2144
2145	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2146	/* restore then clear saved state if we have some stored */
2147	if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 )
2148	{
2149	*parent_is_trusted = rs_ctx->parent_is_trusted;
2150	rs_ctx->parent_is_trusted = -1;
2151	}
2152	#endif
2153
2154	while( 1 ) {
2155	search_list = *parent_is_trusted ? trust_ca : child->next;
2156
2157	ret = x509_crt_find_parent_in( child, search_list,
2158	parent, signature_is_good,
2159	*parent_is_trusted,
2160	path_cnt, self_cnt, rs_ctx );
2161
2162	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2163	if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
2164	{
2165	/* save state */
2166	rs_ctx->parent_is_trusted = *parent_is_trusted;
2167	return( ret );
2168	}
2169	#else
2170	(void) ret;
2171	#endif
2172
2173	/* stop here if found or already in second iteration */
2174	if( parent != NULL \|\| parent_is_trusted == 0 )
2175	break;
2176
2177	/* prepare second iteration */
2178	*parent_is_trusted = 0;
2179	}
2180
2181	/* extra precaution against mistakes in the caller */
2182	if( *parent == NULL )
2183	{
2184	*parent_is_trusted = 0;
2185	*signature_is_good = 0;
2186	}
2187
2188	return( 0 );
2189	}
2190
2191	/*
2192	* Check if an end-entity certificate is locally trusted
2193	*
2194	* Currently we require such certificates to be self-signed (actually only
2195	* check for self-issued as self-signatures are not checked)
2196	*/
2197	static int x509_crt_check_ee_locally_trusted(
2198	mbedtls_x509_crt *crt,
2199	mbedtls_x509_crt *trust_ca )
2200	{
2201	mbedtls_x509_crt *cur;
2202
2203	/* must be self-issued */
2204	if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 )
2205	return( -1 );
2206
2207	/* look for an exact match with trusted cert */
2208	for( cur = trust_ca; cur != NULL; cur = cur->next )
2209	{
2210	if( crt->raw.len == cur->raw.len &&
2211	memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 )
2212	{
2213	return( 0 );
2214	}
2215	}
2216
2217	/* too bad */
2218	return( -1 );
2219	}
2220
2221	/*
2222	* Build and verify a certificate chain
2223	*
2224	* Given a peer-provided list of certificates EE, C1, ..., Cn and
2225	* a list of trusted certs R1, ... Rp, try to build and verify a chain
2226	* EE, Ci1, ... Ciq [, Rj]
2227	* such that every cert in the chain is a child of the next one,
2228	* jumping to a trusted root as early as possible.
2229	*
2230	* Verify that chain and return it with flags for all issues found.
2231	*
2232	* Special cases:
2233	* - EE == Rj -> return a one-element list containing it
2234	* - EE, Ci1, ..., Ciq cannot be continued with a trusted root
2235	* -> return that chain with NOT_TRUSTED set on Ciq
2236	*
2237	* Tests for (aspects of) this function should include at least:
2238	* - trusted EE
2239	* - EE -> trusted root
2240	* - EE -> intermedate CA -> trusted root
2241	* - if relevant: EE untrusted
2242	* - if relevant: EE -> intermediate, untrusted
2243	* with the aspect under test checked at each relevant level (EE, int, root).
2244	* For some aspects longer chains are required, but usually length 2 is
2245	* enough (but length 1 is not in general).
2246	*
2247	* Arguments:
2248	* - [in] crt: the cert list EE, C1, ..., Cn
2249	* - [in] trust_ca: the trusted list R1, ..., Rp
2250	* - [in] ca_crl, profile: as in verify_with_profile()
2251	* - [out] ver_chain: the built and verified chain
2252	* Only valid when return value is 0, may contain garbage otherwise!
2253	* Restart note: need not be the same when calling again to resume.
2254	* - [in-out] rs_ctx: context for restarting operations
2255	*
2256	* Return value:
2257	* - non-zero if the chain could not be fully built and examined
2258	* - 0 is the chain was successfully built and examined,
2259	* even if it was found to be invalid
2260	*/
2261	static int x509_crt_verify_chain(
2262	mbedtls_x509_crt *crt,
2263	mbedtls_x509_crt *trust_ca,
2264	mbedtls_x509_crl *ca_crl,
2265	const mbedtls_x509_crt_profile *profile,
2266	mbedtls_x509_crt_verify_chain *ver_chain,
2267	mbedtls_x509_crt_restart_ctx *rs_ctx )
2268	{
2269	/* Don't initialize any of those variables here, so that the compiler can
2270	* catch potential issues with jumping ahead when restarting */
2271	int ret;
2272	uint32_t *flags;
2273	mbedtls_x509_crt_verify_chain_item *cur;
2274	mbedtls_x509_crt *child;
2275	mbedtls_x509_crt *parent;
2276	int parent_is_trusted;
2277	int child_is_trusted;
2278	int signature_is_good;
2279	unsigned self_cnt;
2280
2281	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2282	/* resume if we had an operation in progress */
2283	if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent )
2284	{
2285	/* restore saved state */
2286	ver_chain = rs_ctx->ver_chain; / struct copy */
2287	self_cnt = rs_ctx->self_cnt;
2288
2289	/* restore derived state */
2290	cur = &ver_chain->items[ver_chain->len - 1];
2291	child = cur->crt;
2292	flags = &cur->flags;
2293
2294	goto find_parent;
2295	}
2296	#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
2297
2298	child = crt;
2299	self_cnt = 0;
2300	parent_is_trusted = 0;
2301	child_is_trusted = 0;
2302
2303	while( 1 ) {
2304	/* Add certificate to the verification chain */
2305	cur = &ver_chain->items[ver_chain->len];
2306	cur->crt = child;
2307	cur->flags = 0;
2308	ver_chain->len++;
2309	flags = &cur->flags;
2310
2311	/* Check time-validity (all certificates) */
2312	if( mbedtls_x509_time_is_past( &child->valid_to ) )
2313	*flags \|= MBEDTLS_X509_BADCERT_EXPIRED;
2314
2315	if( mbedtls_x509_time_is_future( &child->valid_from ) )
2316	*flags \|= MBEDTLS_X509_BADCERT_FUTURE;
2317
2318	/* Stop here for trusted roots (but not for trusted EE certs) */
2319	if( child_is_trusted )
2320	return( 0 );
2321
2322	/* Check signature algorithm: MD & PK algs */
2323	if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
2324	*flags \|= MBEDTLS_X509_BADCERT_BAD_MD;
2325
2326	if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
2327	*flags \|= MBEDTLS_X509_BADCERT_BAD_PK;
2328
2329	/* Special case: EE certs that are locally trusted */
2330	if( ver_chain->len == 1 &&
2331	x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
2332	{
2333	return( 0 );
2334	}
2335
2336	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2337	find_parent:
2338	#endif
2339	/* Look for a parent in trusted CAs or up the chain */
2340	ret = x509_crt_find_parent( child, trust_ca, &parent,
2341	&parent_is_trusted, &signature_is_good,
2342	ver_chain->len - 1, self_cnt, rs_ctx );
2343
2344	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2345	if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
2346	{
2347	/* save state */
2348	rs_ctx->in_progress = x509_crt_rs_find_parent;
2349	rs_ctx->self_cnt = self_cnt;
2350	rs_ctx->ver_chain = ver_chain; / struct copy */
2351
2352	return( ret );
2353	}
2354	#else
2355	(void) ret;
2356	#endif
2357
2358	/* No parent? We're done here */
2359	if( parent == NULL )
2360	{
2361	*flags \|= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2362	return( 0 );
2363	}
2364
2365	/* Count intermediate self-issued (not necessarily self-signed) certs.
2366	* These can occur with some strategies for key rollover, see [SIRO],
2367	* and should be excluded from max_pathlen checks. */
2368	if( ver_chain->len != 1 &&
2369	x509_name_cmp( &child->issuer, &child->subject ) == 0 )
2370	{
2371	self_cnt++;
2372	}
2373
2374	/* path_cnt is 0 for the first intermediate CA,
2375	* and if parent is trusted it's not an intermediate CA */
2376	if( ! parent_is_trusted &&
2377	ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
2378	{
2379	/* return immediately to avoid overflow the chain array */
2380	return( MBEDTLS_ERR_X509_FATAL_ERROR );
2381	}
2382
2383	/* signature was checked while searching parent */
2384	if( ! signature_is_good )
2385	*flags \|= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2386
2387	/* check size of signing key */
2388	if( x509_profile_check_key( profile, &parent->pk ) != 0 )
2389	*flags \|= MBEDTLS_X509_BADCERT_BAD_KEY;
2390
2391	#if defined(MBEDTLS_X509_CRL_PARSE_C)
2392	/* Check trusted CA's CRL for the given crt */
2393	*flags \|= x509_crt_verifycrl( child, parent, ca_crl, profile );
2394	#else
2395	(void) ca_crl;
2396	#endif
2397
2398	/* prepare for next iteration */
2399	child = parent;
2400	parent = NULL;
2401	child_is_trusted = parent_is_trusted;
2402	signature_is_good = 0;
2403	}
2404	}
2405
2406	/*
2407	* Check for CN match
2408	*/
2409	static int x509_crt_check_cn( const mbedtls_x509_buf *name,
2410	const char *cn, size_t cn_len )
2411	{
2412	/* try exact match */
2413	if( name->len == cn_len &&
2414	x509_memcasecmp( cn, name->p, cn_len ) == 0 )
2415	{
2416	return( 0 );
2417	}
2418
2419	/* try wildcard match */
2420	if( x509_check_wildcard( cn, name ) == 0 )
2421	{
2422	return( 0 );
2423	}
2424
2425	return( -1 );
2426	}
2427
2428	/*
2429	* Verify the requested CN - only call this if cn is not NULL!
2430	*/
2431	static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
2432	const char *cn,
2433	uint32_t *flags )
2434	{
2435	const mbedtls_x509_name *name;
2436	const mbedtls_x509_sequence *cur;
2437	size_t cn_len = strlen( cn );
2438
2439	if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
2440	{
2441	for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
2442	{
2443	if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
2444	break;
2445	}
2446
2447	if( cur == NULL )
2448	*flags \|= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2449	}
2450	else
2451	{
2452	for( name = &crt->subject; name != NULL; name = name->next )
2453	{
2454	if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
2455	x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
2456	{
2457	break;
2458	}
2459	}
2460
2461	if( name == NULL )
2462	*flags \|= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2463	}
2464	}
2465
2466	/*
2467	* Merge the flags for all certs in the chain, after calling callback
2468	*/
2469	static int x509_crt_merge_flags_with_cb(
2470	uint32_t *flags,
2471	const mbedtls_x509_crt_verify_chain *ver_chain,
2472	int (f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ),
2473	void *p_vrfy )
2474	{
2475	int ret;
2476	unsigned i;
2477	uint32_t cur_flags;
2478	const mbedtls_x509_crt_verify_chain_item *cur;
2479
2480	for( i = ver_chain->len; i != 0; --i )
2481	{
2482	cur = &ver_chain->items[i-1];
2483	cur_flags = cur->flags;
2484
2485	if( NULL != f_vrfy )
2486	if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 )
2487	return( ret );
2488
2489	*flags \|= cur_flags;
2490	}
2491
2492	return( 0 );
2493	}
2494
2495	/*
2496	* Verify the certificate validity (default profile, not restartable)
2497	*/
2498	int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
2499	mbedtls_x509_crt *trust_ca,
2500	mbedtls_x509_crl *ca_crl,
2501	const char cn, uint32_t flags,
2502	int (f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ),
2503	void *p_vrfy )
2504	{
2505	return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
2506	&mbedtls_x509_crt_profile_default, cn, flags,
2507	f_vrfy, p_vrfy, NULL ) );
2508	}
2509
2510	/*
2511	* Verify the certificate validity (user-chosen profile, not restartable)
2512	*/
2513	int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
2514	mbedtls_x509_crt *trust_ca,
2515	mbedtls_x509_crl *ca_crl,
2516	const mbedtls_x509_crt_profile *profile,
2517	const char cn, uint32_t flags,
2518	int (f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ),
2519	void *p_vrfy )
2520	{
2521	return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
2522	profile, cn, flags, f_vrfy, p_vrfy, NULL ) );
2523	}
2524
2525	/*
2526	* Verify the certificate validity, with profile, restartable version
2527	*
2528	* This function:
2529	* - checks the requested CN (if any)
2530	* - checks the type and size of the EE cert's key,
2531	* as that isn't done as part of chain building/verification currently
2532	* - builds and verifies the chain
2533	* - then calls the callback and merges the flags
2534	*/
2535	int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
2536	mbedtls_x509_crt *trust_ca,
2537	mbedtls_x509_crl *ca_crl,
2538	const mbedtls_x509_crt_profile *profile,
2539	const char cn, uint32_t flags,
2540	int (f_vrfy)(void , mbedtls_x509_crt , int, uint32_t ),
2541	void *p_vrfy,
2542	mbedtls_x509_crt_restart_ctx *rs_ctx )
2543	{
2544	int ret;
2545	mbedtls_pk_type_t pk_type;
2546	mbedtls_x509_crt_verify_chain ver_chain;
2547	uint32_t ee_flags;
2548
2549	*flags = 0;
2550	ee_flags = 0;
2551	x509_crt_verify_chain_reset( &ver_chain );
2552
2553	if( profile == NULL )
2554	{
2555	ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
2556	goto exit;
2557	}
2558
2559	/* check name if requested */
2560	if( cn != NULL )
2561	x509_crt_verify_name( crt, cn, &ee_flags );
2562
2563	/* Check the type and size of the key */
2564	pk_type = mbedtls_pk_get_type( &crt->pk );
2565
2566	if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
2567	ee_flags \|= MBEDTLS_X509_BADCERT_BAD_PK;
2568
2569	if( x509_profile_check_key( profile, &crt->pk ) != 0 )
2570	ee_flags \|= MBEDTLS_X509_BADCERT_BAD_KEY;
2571
2572	/* Check the chain */
2573	ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
2574	&ver_chain, rs_ctx );
2575
2576	if( ret != 0 )
2577	goto exit;
2578
2579	/* Merge end-entity flags */
2580	ver_chain.items[0].flags \|= ee_flags;
2581
2582	/* Build final flags, calling callback on the way if any */
2583	ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
2584
2585	exit:
2586	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2587	if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
2588	mbedtls_x509_crt_restart_free( rs_ctx );
2589	#endif
2590
2591	/* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
2592	* the SSL module for authmode optional, but non-zero return from the
2593	* callback means a fatal error so it shouldn't be ignored */
2594	if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
2595	ret = MBEDTLS_ERR_X509_FATAL_ERROR;
2596
2597	if( ret != 0 )
2598	{
2599	*flags = (uint32_t) -1;
2600	return( ret );
2601	}
2602
2603	if( *flags != 0 )
2604	return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
2605
2606	return( 0 );
2607	}
2608
2609	/*
2610	* Initialize a certificate chain
2611	*/
2612	void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
2613	{
2614	memset( crt, 0, sizeof(mbedtls_x509_crt) );
2615	}
2616
2617	/*
2618	* Unallocate all certificate data
2619	*/
2620	void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
2621	{
2622	mbedtls_x509_crt *cert_cur = crt;
2623	mbedtls_x509_crt *cert_prv;
2624	mbedtls_x509_name *name_cur;
2625	mbedtls_x509_name *name_prv;
2626	mbedtls_x509_sequence *seq_cur;
2627	mbedtls_x509_sequence *seq_prv;
2628
2629	if( crt == NULL )
2630	return;
2631
2632	do
2633	{
2634	mbedtls_pk_free( &cert_cur->pk );
2635
2636	#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
2637	mbedtls_free( cert_cur->sig_opts );
2638	#endif
2639
2640	name_cur = cert_cur->issuer.next;
2641	while( name_cur != NULL )
2642	{
2643	name_prv = name_cur;
2644	name_cur = name_cur->next;
2645	mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
2646	mbedtls_free( name_prv );
2647	}
2648
2649	name_cur = cert_cur->subject.next;
2650	while( name_cur != NULL )
2651	{
2652	name_prv = name_cur;
2653	name_cur = name_cur->next;
2654	mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
2655	mbedtls_free( name_prv );
2656	}
2657
2658	seq_cur = cert_cur->ext_key_usage.next;
2659	while( seq_cur != NULL )
2660	{
2661	seq_prv = seq_cur;
2662	seq_cur = seq_cur->next;
2663	mbedtls_platform_zeroize( seq_prv,
2664	sizeof( mbedtls_x509_sequence ) );
2665	mbedtls_free( seq_prv );
2666	}
2667
2668	seq_cur = cert_cur->subject_alt_names.next;
2669	while( seq_cur != NULL )
2670	{
2671	seq_prv = seq_cur;
2672	seq_cur = seq_cur->next;
2673	mbedtls_platform_zeroize( seq_prv,
2674	sizeof( mbedtls_x509_sequence ) );
2675	mbedtls_free( seq_prv );
2676	}
2677
2678	if( cert_cur->raw.p != NULL )
2679	{
2680	mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len );
2681	mbedtls_free( cert_cur->raw.p );
2682	}
2683
2684	cert_cur = cert_cur->next;
2685	}
2686	while( cert_cur != NULL );
2687
2688	cert_cur = crt;
2689	do
2690	{
2691	cert_prv = cert_cur;
2692	cert_cur = cert_cur->next;
2693
2694	mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
2695	if( cert_prv != crt )
2696	mbedtls_free( cert_prv );
2697	}
2698	while( cert_cur != NULL );
2699	}
2700
2701	#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2702	/*
2703	* Initialize a restart context
2704	*/
2705	void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
2706	{
2707	mbedtls_pk_restart_init( &ctx->pk );
2708
2709	ctx->parent = NULL;
2710	ctx->fallback_parent = NULL;
2711	ctx->fallback_signature_is_good = 0;
2712
2713	ctx->parent_is_trusted = -1;
2714
2715	ctx->in_progress = x509_crt_rs_none;
2716	ctx->self_cnt = 0;
2717	x509_crt_verify_chain_reset( &ctx->ver_chain );
2718	}
2719
2720	/*
2721	* Free the components of a restart context
2722	*/
2723	void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx )
2724	{
2725	if( ctx == NULL )
2726	return;
2727
2728	mbedtls_pk_restart_free( &ctx->pk );
2729	mbedtls_x509_crt_restart_init( ctx );
2730	}
2731	#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
2732
2733	#endif /* MBEDTLS_X509_CRT_PARSE_C */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: azure_iot_hub_mbedtls/trunk/mbedtls-2.16.1/library/x509_crt.c@ 398

Download in other formats: