xref: /reactos/dll/3rdparty/mbedtls/x509_crt.c (revision b5218987)
1 /*
2  *  X.509 certificate parsing and verification
3  *
4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  *
7  *  This file is provided under the Apache License 2.0, or the
8  *  GNU General Public License v2.0 or later.
9  *
10  *  **********
11  *  Apache License 2.0:
12  *
13  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
14  *  not use this file except in compliance with the License.
15  *  You may obtain a copy of the License at
16  *
17  *  http://www.apache.org/licenses/LICENSE-2.0
18  *
19  *  Unless required by applicable law or agreed to in writing, software
20  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22  *  See the License for the specific language governing permissions and
23  *  limitations under the License.
24  *
25  *  **********
26  *
27  *  **********
28  *  GNU General Public License v2.0 or later:
29  *
30  *  This program is free software; you can redistribute it and/or modify
31  *  it under the terms of the GNU General Public License as published by
32  *  the Free Software Foundation; either version 2 of the License, or
33  *  (at your option) any later version.
34  *
35  *  This program is distributed in the hope that it will be useful,
36  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
37  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
38  *  GNU General Public License for more details.
39  *
40  *  You should have received a copy of the GNU General Public License along
41  *  with this program; if not, write to the Free Software Foundation, Inc.,
42  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43  *
44  *  **********
45  *
46  *  This file is part of mbed TLS (https://tls.mbed.org)
47  */
48 /*
49  *  The ITU-T X.509 standard defines a certificate format for PKI.
50  *
51  *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
52  *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
53  *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
54  *
55  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
56  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
57  */
58 
59 #if !defined(MBEDTLS_CONFIG_FILE)
60 #include "mbedtls/config.h"
61 #else
62 #include MBEDTLS_CONFIG_FILE
63 #endif
64 
65 #if defined(MBEDTLS_X509_CRT_PARSE_C)
66 
67 #include "mbedtls/x509_crt.h"
68 #include "mbedtls/oid.h"
69 
70 #include <string.h>
71 
72 #if defined(MBEDTLS_PEM_PARSE_C)
73 #include "mbedtls/pem.h"
74 #endif
75 
76 #if defined(MBEDTLS_PLATFORM_C)
77 #include "mbedtls/platform.h"
78 #else
79 #include <stdio.h>
80 #include <stdlib.h>
81 #define mbedtls_free       free
82 #define mbedtls_calloc    calloc
83 #define mbedtls_snprintf   snprintf
84 #endif
85 
86 #if defined(MBEDTLS_THREADING_C)
87 #include "mbedtls/threading.h"
88 #endif
89 
90 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
91 #include <windows.h>
92 #else
93 #include <time.h>
94 #endif
95 
96 #if defined(MBEDTLS_FS_IO)
97 #include <stdio.h>
98 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
99 #include <sys/types.h>
100 #include <sys/stat.h>
101 #include <dirent.h>
102 #endif /* !_WIN32 || EFIX64 || EFI32 */
103 #endif
104 
105 /* Implementation that should never be optimized out by the compiler */
106 static void mbedtls_zeroize( void *v, size_t n ) {
107     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
108 }
109 
110 /*
111  * Default profile
112  */
113 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
114 {
115 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
116     /* Allow SHA-1 (weak, but still safe in controlled environments) */
117     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
118 #endif
119     /* Only SHA-2 hashes */
120     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
121     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
122     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
123     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
124     0xFFFFFFF, /* Any PK alg    */
125     0xFFFFFFF, /* Any curve     */
126     2048,
127 };
128 
129 /*
130  * Next-default profile
131  */
132 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
133 {
134     /* Hashes from SHA-256 and above */
135     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
136     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
137     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
138     0xFFFFFFF, /* Any PK alg    */
139 #if defined(MBEDTLS_ECP_C)
140     /* Curves at or above 128-bit security level */
141     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
142     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
143     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
144     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
145     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
146     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
147     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
148 #else
149     0,
150 #endif
151     2048,
152 };
153 
154 /*
155  * NSA Suite B Profile
156  */
157 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
158 {
159     /* Only SHA-256 and 384 */
160     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
161     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
162     /* Only ECDSA */
163     MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
164     MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
165 #if defined(MBEDTLS_ECP_C)
166     /* Only NIST P-256 and P-384 */
167     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
168     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
169 #else
170     0,
171 #endif
172     0,
173 };
174 
175 /*
176  * Check md_alg against profile
177  * Return 0 if md_alg acceptable for this profile, -1 otherwise
178  */
179 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
180                                       mbedtls_md_type_t md_alg )
181 {
182     if( md_alg == MBEDTLS_MD_NONE )
183         return( -1 );
184 
185     if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
186         return( 0 );
187 
188     return( -1 );
189 }
190 
191 /*
192  * Check pk_alg against profile
193  * Return 0 if pk_alg acceptable for this profile, -1 otherwise
194  */
195 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
196                                       mbedtls_pk_type_t pk_alg )
197 {
198     if( pk_alg == MBEDTLS_PK_NONE )
199         return( -1 );
200 
201     if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
202         return( 0 );
203 
204     return( -1 );
205 }
206 
207 /*
208  * Check key against profile
209  * Return 0 if pk_alg acceptable for this profile, -1 otherwise
210  */
211 static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
212                                    mbedtls_pk_type_t pk_alg,
213                                    const mbedtls_pk_context *pk )
214 {
215 #if defined(MBEDTLS_RSA_C)
216     if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
217     {
218         if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
219             return( 0 );
220 
221         return( -1 );
222     }
223 #endif
224 
225 #if defined(MBEDTLS_ECP_C)
226     if( pk_alg == MBEDTLS_PK_ECDSA ||
227         pk_alg == MBEDTLS_PK_ECKEY ||
228         pk_alg == MBEDTLS_PK_ECKEY_DH )
229     {
230         mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
231 
232         if( gid == MBEDTLS_ECP_DP_NONE )
233             return( -1 );
234 
235         if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
236             return( 0 );
237 
238         return( -1 );
239     }
240 #endif
241 
242     return( -1 );
243 }
244 
245 /*
246  *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
247  */
248 static int x509_get_version( unsigned char **p,
249                              const unsigned char *end,
250                              int *ver )
251 {
252     int ret;
253     size_t len;
254 
255     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
256             MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
257     {
258         if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
259         {
260             *ver = 0;
261             return( 0 );
262         }
263 
264         return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
265     }
266 
267     end = *p + len;
268 
269     if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
270         return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
271 
272     if( *p != end )
273         return( MBEDTLS_ERR_X509_INVALID_VERSION +
274                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
275 
276     return( 0 );
277 }
278 
279 /*
280  *  Validity ::= SEQUENCE {
281  *       notBefore      Time,
282  *       notAfter       Time }
283  */
284 static int x509_get_dates( unsigned char **p,
285                            const unsigned char *end,
286                            mbedtls_x509_time *from,
287                            mbedtls_x509_time *to )
288 {
289     int ret;
290     size_t len;
291 
292     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
293             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
294         return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
295 
296     end = *p + len;
297 
298     if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
299         return( ret );
300 
301     if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
302         return( ret );
303 
304     if( *p != end )
305         return( MBEDTLS_ERR_X509_INVALID_DATE +
306                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
307 
308     return( 0 );
309 }
310 
311 /*
312  * X.509 v2/v3 unique identifier (not parsed)
313  */
314 static int x509_get_uid( unsigned char **p,
315                          const unsigned char *end,
316                          mbedtls_x509_buf *uid, int n )
317 {
318     int ret;
319 
320     if( *p == end )
321         return( 0 );
322 
323     uid->tag = **p;
324 
325     if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
326             MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
327     {
328         if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
329             return( 0 );
330 
331         return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
332     }
333 
334     uid->p = *p;
335     *p += uid->len;
336 
337     return( 0 );
338 }
339 
340 static int x509_get_basic_constraints( unsigned char **p,
341                                        const unsigned char *end,
342                                        int *ca_istrue,
343                                        int *max_pathlen )
344 {
345     int ret;
346     size_t len;
347 
348     /*
349      * BasicConstraints ::= SEQUENCE {
350      *      cA                      BOOLEAN DEFAULT FALSE,
351      *      pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
352      */
353     *ca_istrue = 0; /* DEFAULT FALSE */
354     *max_pathlen = 0; /* endless */
355 
356     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
357             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
358         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
359 
360     if( *p == end )
361         return( 0 );
362 
363     if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
364     {
365         if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
366             ret = mbedtls_asn1_get_int( p, end, ca_istrue );
367 
368         if( ret != 0 )
369             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
370 
371         if( *ca_istrue != 0 )
372             *ca_istrue = 1;
373     }
374 
375     if( *p == end )
376         return( 0 );
377 
378     if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
379         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
380 
381     if( *p != end )
382         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
383                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
384 
385     /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
386      * overflow, which is an undefined behavior. */
387     if( *max_pathlen == INT_MAX )
388         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
389                 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
390 
391     (*max_pathlen)++;
392 
393     return( 0 );
394 }
395 
396 static int x509_get_ns_cert_type( unsigned char **p,
397                                        const unsigned char *end,
398                                        unsigned char *ns_cert_type)
399 {
400     int ret;
401     mbedtls_x509_bitstring bs = { 0, 0, NULL };
402 
403     if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
404         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
405 
406     if( bs.len != 1 )
407         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
408                 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
409 
410     /* Get actual bitstring */
411     *ns_cert_type = *bs.p;
412     return( 0 );
413 }
414 
415 static int x509_get_key_usage( unsigned char **p,
416                                const unsigned char *end,
417                                unsigned int *key_usage)
418 {
419     int ret;
420     size_t i;
421     mbedtls_x509_bitstring bs = { 0, 0, NULL };
422 
423     if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
424         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
425 
426     if( bs.len < 1 )
427         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
428                 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
429 
430     /* Get actual bitstring */
431     *key_usage = 0;
432     for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
433     {
434         *key_usage |= (unsigned int) bs.p[i] << (8*i);
435     }
436 
437     return( 0 );
438 }
439 
440 /*
441  * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
442  *
443  * KeyPurposeId ::= OBJECT IDENTIFIER
444  */
445 static int x509_get_ext_key_usage( unsigned char **p,
446                                const unsigned char *end,
447                                mbedtls_x509_sequence *ext_key_usage)
448 {
449     int ret;
450 
451     if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
452         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
453 
454     /* Sequence length must be >= 1 */
455     if( ext_key_usage->buf.p == NULL )
456         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
457                 MBEDTLS_ERR_ASN1_INVALID_LENGTH );
458 
459     return( 0 );
460 }
461 
462 /*
463  * SubjectAltName ::= GeneralNames
464  *
465  * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
466  *
467  * GeneralName ::= CHOICE {
468  *      otherName                       [0]     OtherName,
469  *      rfc822Name                      [1]     IA5String,
470  *      dNSName                         [2]     IA5String,
471  *      x400Address                     [3]     ORAddress,
472  *      directoryName                   [4]     Name,
473  *      ediPartyName                    [5]     EDIPartyName,
474  *      uniformResourceIdentifier       [6]     IA5String,
475  *      iPAddress                       [7]     OCTET STRING,
476  *      registeredID                    [8]     OBJECT IDENTIFIER }
477  *
478  * OtherName ::= SEQUENCE {
479  *      type-id    OBJECT IDENTIFIER,
480  *      value      [0] EXPLICIT ANY DEFINED BY type-id }
481  *
482  * EDIPartyName ::= SEQUENCE {
483  *      nameAssigner            [0]     DirectoryString OPTIONAL,
484  *      partyName               [1]     DirectoryString }
485  *
486  * NOTE: we only parse and use dNSName at this point.
487  */
488 static int x509_get_subject_alt_name( unsigned char **p,
489                                       const unsigned char *end,
490                                       mbedtls_x509_sequence *subject_alt_name )
491 {
492     int ret;
493     size_t len, tag_len;
494     mbedtls_asn1_buf *buf;
495     unsigned char tag;
496     mbedtls_asn1_sequence *cur = subject_alt_name;
497 
498     /* Get main sequence tag */
499     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
500             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
501         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
502 
503     if( *p + len != end )
504         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
505                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
506 
507     while( *p < end )
508     {
509         if( ( end - *p ) < 1 )
510             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
511                     MBEDTLS_ERR_ASN1_OUT_OF_DATA );
512 
513         tag = **p;
514         (*p)++;
515         if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
516             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
517 
518         if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
519                 MBEDTLS_ASN1_CONTEXT_SPECIFIC )
520         {
521             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
522                     MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
523         }
524 
525         /* Skip everything but DNS name */
526         if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
527         {
528             *p += tag_len;
529             continue;
530         }
531 
532         /* Allocate and assign next pointer */
533         if( cur->buf.p != NULL )
534         {
535             if( cur->next != NULL )
536                 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
537 
538             cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
539 
540             if( cur->next == NULL )
541                 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
542                         MBEDTLS_ERR_ASN1_ALLOC_FAILED );
543 
544             cur = cur->next;
545         }
546 
547         buf = &(cur->buf);
548         buf->tag = tag;
549         buf->p = *p;
550         buf->len = tag_len;
551         *p += buf->len;
552     }
553 
554     /* Set final sequence entry's next pointer to NULL */
555     cur->next = NULL;
556 
557     if( *p != end )
558         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
559                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
560 
561     return( 0 );
562 }
563 
564 /*
565  * X.509 v3 extensions
566  *
567  */
568 static int x509_get_crt_ext( unsigned char **p,
569                              const unsigned char *end,
570                              mbedtls_x509_crt *crt )
571 {
572     int ret;
573     size_t len;
574     unsigned char *end_ext_data, *end_ext_octet;
575 
576     if( *p == end )
577         return( 0 );
578 
579     if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
580         return( ret );
581 
582     end = crt->v3_ext.p + crt->v3_ext.len;
583     while( *p < end )
584     {
585         /*
586          * Extension  ::=  SEQUENCE  {
587          *      extnID      OBJECT IDENTIFIER,
588          *      critical    BOOLEAN DEFAULT FALSE,
589          *      extnValue   OCTET STRING  }
590          */
591         mbedtls_x509_buf extn_oid = {0, 0, NULL};
592         int is_critical = 0; /* DEFAULT FALSE */
593         int ext_type = 0;
594 
595         if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
596                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
597             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
598 
599         end_ext_data = *p + len;
600 
601         /* Get extension ID */
602         if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
603                                           MBEDTLS_ASN1_OID ) ) != 0 )
604             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
605 
606         extn_oid.tag = MBEDTLS_ASN1_OID;
607         extn_oid.p = *p;
608         *p += extn_oid.len;
609 
610         /* Get optional critical */
611         if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
612             ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
613             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
614 
615         /* Data should be octet string type */
616         if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
617                 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
618             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
619 
620         end_ext_octet = *p + len;
621 
622         if( end_ext_octet != end_ext_data )
623             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
624                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
625 
626         /*
627          * Detect supported extensions
628          */
629         ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
630 
631         if( ret != 0 )
632         {
633             /* No parser found, skip extension */
634             *p = end_ext_octet;
635 
636 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
637             if( is_critical )
638             {
639                 /* Data is marked as critical: fail */
640                 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
641                         MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
642             }
643 #endif
644             continue;
645         }
646 
647         /* Forbid repeated extensions */
648         if( ( crt->ext_types & ext_type ) != 0 )
649             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
650 
651         crt->ext_types |= ext_type;
652 
653         switch( ext_type )
654         {
655         case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
656             /* Parse basic constraints */
657             if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
658                     &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
659                 return( ret );
660             break;
661 
662         case MBEDTLS_X509_EXT_KEY_USAGE:
663             /* Parse key usage */
664             if( ( ret = x509_get_key_usage( p, end_ext_octet,
665                     &crt->key_usage ) ) != 0 )
666                 return( ret );
667             break;
668 
669         case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
670             /* Parse extended key usage */
671             if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
672                     &crt->ext_key_usage ) ) != 0 )
673                 return( ret );
674             break;
675 
676         case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
677             /* Parse subject alt name */
678             if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
679                     &crt->subject_alt_names ) ) != 0 )
680                 return( ret );
681             break;
682 
683         case MBEDTLS_X509_EXT_NS_CERT_TYPE:
684             /* Parse netscape certificate type */
685             if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
686                     &crt->ns_cert_type ) ) != 0 )
687                 return( ret );
688             break;
689 
690         default:
691             return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
692         }
693     }
694 
695     if( *p != end )
696         return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
697                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
698 
699     return( 0 );
700 }
701 
702 /*
703  * Parse and fill a single X.509 certificate in DER format
704  */
705 static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
706                                     size_t buflen )
707 {
708     int ret;
709     size_t len;
710     unsigned char *p, *end, *crt_end;
711     mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
712 
713     memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
714     memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
715     memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
716 
717     /*
718      * Check for valid input
719      */
720     if( crt == NULL || buf == NULL )
721         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
722 
723     // Use the original buffer until we figure out actual length
724     p = (unsigned char*) buf;
725     len = buflen;
726     end = p + len;
727 
728     /*
729      * Certificate  ::=  SEQUENCE  {
730      *      tbsCertificate       TBSCertificate,
731      *      signatureAlgorithm   AlgorithmIdentifier,
732      *      signatureValue       BIT STRING  }
733      */
734     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
735             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
736     {
737         mbedtls_x509_crt_free( crt );
738         return( MBEDTLS_ERR_X509_INVALID_FORMAT );
739     }
740 
741     if( len > (size_t) ( end - p ) )
742     {
743         mbedtls_x509_crt_free( crt );
744         return( MBEDTLS_ERR_X509_INVALID_FORMAT +
745                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
746     }
747     crt_end = p + len;
748 
749     // Create and populate a new buffer for the raw field
750     crt->raw.len = crt_end - buf;
751     crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
752     if( p == NULL )
753         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
754 
755     memcpy( p, buf, crt->raw.len );
756 
757     // Direct pointers to the new buffer
758     p += crt->raw.len - len;
759     end = crt_end = p + len;
760 
761     /*
762      * TBSCertificate  ::=  SEQUENCE  {
763      */
764     crt->tbs.p = p;
765 
766     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
767             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
768     {
769         mbedtls_x509_crt_free( crt );
770         return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
771     }
772 
773     end = p + len;
774     crt->tbs.len = end - crt->tbs.p;
775 
776     /*
777      * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
778      *
779      * CertificateSerialNumber  ::=  INTEGER
780      *
781      * signature            AlgorithmIdentifier
782      */
783     if( ( ret = x509_get_version(  &p, end, &crt->version  ) ) != 0 ||
784         ( ret = mbedtls_x509_get_serial(   &p, end, &crt->serial   ) ) != 0 ||
785         ( ret = mbedtls_x509_get_alg(      &p, end, &crt->sig_oid,
786                                             &sig_params1 ) ) != 0 )
787     {
788         mbedtls_x509_crt_free( crt );
789         return( ret );
790     }
791 
792     if( crt->version < 0 || crt->version > 2 )
793     {
794         mbedtls_x509_crt_free( crt );
795         return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
796     }
797 
798     crt->version++;
799 
800     if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
801                                   &crt->sig_md, &crt->sig_pk,
802                                   &crt->sig_opts ) ) != 0 )
803     {
804         mbedtls_x509_crt_free( crt );
805         return( ret );
806     }
807 
808     /*
809      * issuer               Name
810      */
811     crt->issuer_raw.p = p;
812 
813     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
814             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
815     {
816         mbedtls_x509_crt_free( crt );
817         return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
818     }
819 
820     if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
821     {
822         mbedtls_x509_crt_free( crt );
823         return( ret );
824     }
825 
826     crt->issuer_raw.len = p - crt->issuer_raw.p;
827 
828     /*
829      * Validity ::= SEQUENCE {
830      *      notBefore      Time,
831      *      notAfter       Time }
832      *
833      */
834     if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
835                                          &crt->valid_to ) ) != 0 )
836     {
837         mbedtls_x509_crt_free( crt );
838         return( ret );
839     }
840 
841     /*
842      * subject              Name
843      */
844     crt->subject_raw.p = p;
845 
846     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
847             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
848     {
849         mbedtls_x509_crt_free( crt );
850         return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
851     }
852 
853     if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
854     {
855         mbedtls_x509_crt_free( crt );
856         return( ret );
857     }
858 
859     crt->subject_raw.len = p - crt->subject_raw.p;
860 
861     /*
862      * SubjectPublicKeyInfo
863      */
864     if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
865     {
866         mbedtls_x509_crt_free( crt );
867         return( ret );
868     }
869 
870     /*
871      *  issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
872      *                       -- If present, version shall be v2 or v3
873      *  subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
874      *                       -- If present, version shall be v2 or v3
875      *  extensions      [3]  EXPLICIT Extensions OPTIONAL
876      *                       -- If present, version shall be v3
877      */
878     if( crt->version == 2 || crt->version == 3 )
879     {
880         ret = x509_get_uid( &p, end, &crt->issuer_id,  1 );
881         if( ret != 0 )
882         {
883             mbedtls_x509_crt_free( crt );
884             return( ret );
885         }
886     }
887 
888     if( crt->version == 2 || crt->version == 3 )
889     {
890         ret = x509_get_uid( &p, end, &crt->subject_id,  2 );
891         if( ret != 0 )
892         {
893             mbedtls_x509_crt_free( crt );
894             return( ret );
895         }
896     }
897 
898 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
899     if( crt->version == 3 )
900 #endif
901     {
902         ret = x509_get_crt_ext( &p, end, crt );
903         if( ret != 0 )
904         {
905             mbedtls_x509_crt_free( crt );
906             return( ret );
907         }
908     }
909 
910     if( p != end )
911     {
912         mbedtls_x509_crt_free( crt );
913         return( MBEDTLS_ERR_X509_INVALID_FORMAT +
914                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
915     }
916 
917     end = crt_end;
918 
919     /*
920      *  }
921      *  -- end of TBSCertificate
922      *
923      *  signatureAlgorithm   AlgorithmIdentifier,
924      *  signatureValue       BIT STRING
925      */
926     if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
927     {
928         mbedtls_x509_crt_free( crt );
929         return( ret );
930     }
931 
932     if( crt->sig_oid.len != sig_oid2.len ||
933         memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
934         sig_params1.len != sig_params2.len ||
935         ( sig_params1.len != 0 &&
936           memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
937     {
938         mbedtls_x509_crt_free( crt );
939         return( MBEDTLS_ERR_X509_SIG_MISMATCH );
940     }
941 
942     if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
943     {
944         mbedtls_x509_crt_free( crt );
945         return( ret );
946     }
947 
948     if( p != end )
949     {
950         mbedtls_x509_crt_free( crt );
951         return( MBEDTLS_ERR_X509_INVALID_FORMAT +
952                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
953     }
954 
955     return( 0 );
956 }
957 
958 /*
959  * Parse one X.509 certificate in DER format from a buffer and add them to a
960  * chained list
961  */
962 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
963                         size_t buflen )
964 {
965     int ret;
966     mbedtls_x509_crt *crt = chain, *prev = NULL;
967 
968     /*
969      * Check for valid input
970      */
971     if( crt == NULL || buf == NULL )
972         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
973 
974     while( crt->version != 0 && crt->next != NULL )
975     {
976         prev = crt;
977         crt = crt->next;
978     }
979 
980     /*
981      * Add new certificate on the end of the chain if needed.
982      */
983     if( crt->version != 0 && crt->next == NULL )
984     {
985         crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
986 
987         if( crt->next == NULL )
988             return( MBEDTLS_ERR_X509_ALLOC_FAILED );
989 
990         prev = crt;
991         mbedtls_x509_crt_init( crt->next );
992         crt = crt->next;
993     }
994 
995     if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
996     {
997         if( prev )
998             prev->next = NULL;
999 
1000         if( crt != chain )
1001             mbedtls_free( crt );
1002 
1003         return( ret );
1004     }
1005 
1006     return( 0 );
1007 }
1008 
1009 /*
1010  * Parse one or more PEM certificates from a buffer and add them to the chained
1011  * list
1012  */
1013 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
1014 {
1015 #if defined(MBEDTLS_PEM_PARSE_C)
1016     int success = 0, first_error = 0, total_failed = 0;
1017     int buf_format = MBEDTLS_X509_FORMAT_DER;
1018 #endif
1019 
1020     /*
1021      * Check for valid input
1022      */
1023     if( chain == NULL || buf == NULL )
1024         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1025 
1026     /*
1027      * Determine buffer content. Buffer contains either one DER certificate or
1028      * one or more PEM certificates.
1029      */
1030 #if defined(MBEDTLS_PEM_PARSE_C)
1031     if( buflen != 0 && buf[buflen - 1] == '\0' &&
1032         strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1033     {
1034         buf_format = MBEDTLS_X509_FORMAT_PEM;
1035     }
1036 
1037     if( buf_format == MBEDTLS_X509_FORMAT_DER )
1038         return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1039 #else
1040     return mbedtls_x509_crt_parse_der( chain, buf, buflen );
1041 #endif
1042 
1043 #if defined(MBEDTLS_PEM_PARSE_C)
1044     if( buf_format == MBEDTLS_X509_FORMAT_PEM )
1045     {
1046         int ret;
1047         mbedtls_pem_context pem;
1048 
1049         /* 1 rather than 0 since the terminating NULL byte is counted in */
1050         while( buflen > 1 )
1051         {
1052             size_t use_len;
1053             mbedtls_pem_init( &pem );
1054 
1055             /* If we get there, we know the string is null-terminated */
1056             ret = mbedtls_pem_read_buffer( &pem,
1057                            "-----BEGIN CERTIFICATE-----",
1058                            "-----END CERTIFICATE-----",
1059                            buf, NULL, 0, &use_len );
1060 
1061             if( ret == 0 )
1062             {
1063                 /*
1064                  * Was PEM encoded
1065                  */
1066                 buflen -= use_len;
1067                 buf += use_len;
1068             }
1069             else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
1070             {
1071                 return( ret );
1072             }
1073             else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
1074             {
1075                 mbedtls_pem_free( &pem );
1076 
1077                 /*
1078                  * PEM header and footer were found
1079                  */
1080                 buflen -= use_len;
1081                 buf += use_len;
1082 
1083                 if( first_error == 0 )
1084                     first_error = ret;
1085 
1086                 total_failed++;
1087                 continue;
1088             }
1089             else
1090                 break;
1091 
1092             ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
1093 
1094             mbedtls_pem_free( &pem );
1095 
1096             if( ret != 0 )
1097             {
1098                 /*
1099                  * Quit parsing on a memory error
1100                  */
1101                 if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
1102                     return( ret );
1103 
1104                 if( first_error == 0 )
1105                     first_error = ret;
1106 
1107                 total_failed++;
1108                 continue;
1109             }
1110 
1111             success = 1;
1112         }
1113     }
1114 
1115     if( success )
1116         return( total_failed );
1117     else if( first_error )
1118         return( first_error );
1119     else
1120         return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
1121 #endif /* MBEDTLS_PEM_PARSE_C */
1122 }
1123 
1124 #if defined(MBEDTLS_FS_IO)
1125 /*
1126  * Load one or more certificates and add them to the chained list
1127  */
1128 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
1129 {
1130     int ret;
1131     size_t n;
1132     unsigned char *buf;
1133 
1134     if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
1135         return( ret );
1136 
1137     ret = mbedtls_x509_crt_parse( chain, buf, n );
1138 
1139     mbedtls_zeroize( buf, n );
1140     mbedtls_free( buf );
1141 
1142     return( ret );
1143 }
1144 
1145 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
1146 {
1147     int ret = 0;
1148 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1149     int w_ret;
1150     WCHAR szDir[MAX_PATH];
1151     char filename[MAX_PATH];
1152     char *p;
1153     size_t len = strlen( path );
1154 
1155     WIN32_FIND_DATAW file_data;
1156     HANDLE hFind;
1157 
1158     if( len > MAX_PATH - 3 )
1159         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1160 
1161     memset( szDir, 0, sizeof(szDir) );
1162     memset( filename, 0, MAX_PATH );
1163     memcpy( filename, path, len );
1164     filename[len++] = '\\';
1165     p = filename + len;
1166     filename[len++] = '*';
1167 
1168     w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
1169                                  MAX_PATH - 3 );
1170     if( w_ret == 0 )
1171         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1172 
1173     hFind = FindFirstFileW( szDir, &file_data );
1174     if( hFind == INVALID_HANDLE_VALUE )
1175         return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1176 
1177     len = MAX_PATH - len;
1178     do
1179     {
1180         memset( p, 0, len );
1181 
1182         if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1183             continue;
1184 
1185         w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1186                                      lstrlenW( file_data.cFileName ),
1187                                      p, (int) len - 1,
1188                                      NULL, NULL );
1189         if( w_ret == 0 )
1190         {
1191             ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1192             goto cleanup;
1193         }
1194 
1195         w_ret = mbedtls_x509_crt_parse_file( chain, filename );
1196         if( w_ret < 0 )
1197             ret++;
1198         else
1199             ret += w_ret;
1200     }
1201     while( FindNextFileW( hFind, &file_data ) != 0 );
1202 
1203     if( GetLastError() != ERROR_NO_MORE_FILES )
1204         ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1205 
1206 cleanup:
1207     FindClose( hFind );
1208 #else /* _WIN32 */
1209     int t_ret;
1210     int snp_ret;
1211     struct stat sb;
1212     struct dirent *entry;
1213     char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
1214     DIR *dir = opendir( path );
1215 
1216     if( dir == NULL )
1217         return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
1218 
1219 #if defined(MBEDTLS_THREADING_C)
1220     if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
1221     {
1222         closedir( dir );
1223         return( ret );
1224     }
1225 #endif /* MBEDTLS_THREADING_C */
1226 
1227     while( ( entry = readdir( dir ) ) != NULL )
1228     {
1229         snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
1230                                     "%s/%s", path, entry->d_name );
1231 
1232         if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
1233         {
1234             ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
1235             goto cleanup;
1236         }
1237         else if( stat( entry_name, &sb ) == -1 )
1238         {
1239             ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1240             goto cleanup;
1241         }
1242 
1243         if( !S_ISREG( sb.st_mode ) )
1244             continue;
1245 
1246         // Ignore parse errors
1247         //
1248         t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
1249         if( t_ret < 0 )
1250             ret++;
1251         else
1252             ret += t_ret;
1253     }
1254 
1255 cleanup:
1256     closedir( dir );
1257 
1258 #if defined(MBEDTLS_THREADING_C)
1259     if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
1260         ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
1261 #endif /* MBEDTLS_THREADING_C */
1262 
1263 #endif /* _WIN32 */
1264 
1265     return( ret );
1266 }
1267 #endif /* MBEDTLS_FS_IO */
1268 
1269 static int x509_info_subject_alt_name( char **buf, size_t *size,
1270                                        const mbedtls_x509_sequence *subject_alt_name )
1271 {
1272     size_t i;
1273     size_t n = *size;
1274     char *p = *buf;
1275     const mbedtls_x509_sequence *cur = subject_alt_name;
1276     const char *sep = "";
1277     size_t sep_len = 0;
1278 
1279     while( cur != NULL )
1280     {
1281         if( cur->buf.len + sep_len >= n )
1282         {
1283             *p = '\0';
1284             return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
1285         }
1286 
1287         n -= cur->buf.len + sep_len;
1288         for( i = 0; i < sep_len; i++ )
1289             *p++ = sep[i];
1290         for( i = 0; i < cur->buf.len; i++ )
1291             *p++ = cur->buf.p[i];
1292 
1293         sep = ", ";
1294         sep_len = 2;
1295 
1296         cur = cur->next;
1297     }
1298 
1299     *p = '\0';
1300 
1301     *size = n;
1302     *buf = p;
1303 
1304     return( 0 );
1305 }
1306 
1307 #define PRINT_ITEM(i)                           \
1308     {                                           \
1309         ret = mbedtls_snprintf( p, n, "%s" i, sep );    \
1310         MBEDTLS_X509_SAFE_SNPRINTF;                        \
1311         sep = ", ";                             \
1312     }
1313 
1314 #define CERT_TYPE(type,name)                    \
1315     if( ns_cert_type & type )                   \
1316         PRINT_ITEM( name );
1317 
1318 static int x509_info_cert_type( char **buf, size_t *size,
1319                                 unsigned char ns_cert_type )
1320 {
1321     int ret;
1322     size_t n = *size;
1323     char *p = *buf;
1324     const char *sep = "";
1325 
1326     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT,         "SSL Client" );
1327     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER,         "SSL Server" );
1328     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL,              "Email" );
1329     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING,     "Object Signing" );
1330     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED,           "Reserved" );
1331     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA,             "SSL CA" );
1332     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA,           "Email CA" );
1333     CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA,  "Object Signing CA" );
1334 
1335     *size = n;
1336     *buf = p;
1337 
1338     return( 0 );
1339 }
1340 
1341 #define KEY_USAGE(code,name)    \
1342     if( key_usage & code )      \
1343         PRINT_ITEM( name );
1344 
1345 static int x509_info_key_usage( char **buf, size_t *size,
1346                                 unsigned int key_usage )
1347 {
1348     int ret;
1349     size_t n = *size;
1350     char *p = *buf;
1351     const char *sep = "";
1352 
1353     KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE,    "Digital Signature" );
1354     KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION,      "Non Repudiation" );
1355     KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT,     "Key Encipherment" );
1356     KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT,    "Data Encipherment" );
1357     KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT,        "Key Agreement" );
1358     KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN,        "Key Cert Sign" );
1359     KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN,             "CRL Sign" );
1360     KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY,        "Encipher Only" );
1361     KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY,        "Decipher Only" );
1362 
1363     *size = n;
1364     *buf = p;
1365 
1366     return( 0 );
1367 }
1368 
1369 static int x509_info_ext_key_usage( char **buf, size_t *size,
1370                                     const mbedtls_x509_sequence *extended_key_usage )
1371 {
1372     int ret;
1373     const char *desc;
1374     size_t n = *size;
1375     char *p = *buf;
1376     const mbedtls_x509_sequence *cur = extended_key_usage;
1377     const char *sep = "";
1378 
1379     while( cur != NULL )
1380     {
1381         if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
1382             desc = "???";
1383 
1384         ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
1385         MBEDTLS_X509_SAFE_SNPRINTF;
1386 
1387         sep = ", ";
1388 
1389         cur = cur->next;
1390     }
1391 
1392     *size = n;
1393     *buf = p;
1394 
1395     return( 0 );
1396 }
1397 
1398 /*
1399  * Like memcmp, but case-insensitive and always returns -1 if different
1400  */
1401 static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
1402 {
1403     size_t i;
1404     unsigned char diff;
1405     const unsigned char *n1 = s1, *n2 = s2;
1406 
1407     for( i = 0; i < len; i++ )
1408     {
1409         diff = n1[i] ^ n2[i];
1410 
1411         if( diff == 0 )
1412             continue;
1413 
1414         if( diff == 32 &&
1415             ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
1416               ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
1417         {
1418             continue;
1419         }
1420 
1421         return( -1 );
1422     }
1423 
1424     return( 0 );
1425 }
1426 
1427 /*
1428  * Return 0 if name matches wildcard, -1 otherwise
1429  */
1430 static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
1431 {
1432     size_t i;
1433     size_t cn_idx = 0, cn_len = strlen( cn );
1434 
1435     if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
1436         return( 0 );
1437 
1438     for( i = 0; i < cn_len; ++i )
1439     {
1440         if( cn[i] == '.' )
1441         {
1442             cn_idx = i;
1443             break;
1444         }
1445     }
1446 
1447     if( cn_idx == 0 )
1448         return( -1 );
1449 
1450     if( cn_len - cn_idx == name->len - 1 &&
1451         x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
1452     {
1453         return( 0 );
1454     }
1455 
1456     return( -1 );
1457 }
1458 
1459 /*
1460  * Compare two X.509 strings, case-insensitive, and allowing for some encoding
1461  * variations (but not all).
1462  *
1463  * Return 0 if equal, -1 otherwise.
1464  */
1465 static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
1466 {
1467     if( a->tag == b->tag &&
1468         a->len == b->len &&
1469         memcmp( a->p, b->p, b->len ) == 0 )
1470     {
1471         return( 0 );
1472     }
1473 
1474     if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
1475         ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
1476         a->len == b->len &&
1477         x509_memcasecmp( a->p, b->p, b->len ) == 0 )
1478     {
1479         return( 0 );
1480     }
1481 
1482     return( -1 );
1483 }
1484 
1485 /*
1486  * Compare two X.509 Names (aka rdnSequence).
1487  *
1488  * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
1489  * we sometimes return unequal when the full algorithm would return equal,
1490  * but never the other way. (In particular, we don't do Unicode normalisation
1491  * or space folding.)
1492  *
1493  * Return 0 if equal, -1 otherwise.
1494  */
1495 static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
1496 {
1497     /* Avoid recursion, it might not be optimised by the compiler */
1498     while( a != NULL || b != NULL )
1499     {
1500         if( a == NULL || b == NULL )
1501             return( -1 );
1502 
1503         /* type */
1504         if( a->oid.tag != b->oid.tag ||
1505             a->oid.len != b->oid.len ||
1506             memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
1507         {
1508             return( -1 );
1509         }
1510 
1511         /* value */
1512         if( x509_string_cmp( &a->val, &b->val ) != 0 )
1513             return( -1 );
1514 
1515         /* structure of the list of sets */
1516         if( a->next_merged != b->next_merged )
1517             return( -1 );
1518 
1519         a = a->next;
1520         b = b->next;
1521     }
1522 
1523     /* a == NULL == b */
1524     return( 0 );
1525 }
1526 
1527 /*
1528  * Return an informational string about the certificate.
1529  */
1530 #define BEFORE_COLON    18
1531 #define BC              "18"
1532 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
1533                    const mbedtls_x509_crt *crt )
1534 {
1535     int ret;
1536     size_t n;
1537     char *p;
1538     char key_size_str[BEFORE_COLON];
1539 
1540     p = buf;
1541     n = size;
1542 
1543     if( NULL == crt )
1544     {
1545         ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
1546         MBEDTLS_X509_SAFE_SNPRINTF;
1547 
1548         return( (int) ( size - n ) );
1549     }
1550 
1551     ret = mbedtls_snprintf( p, n, "%scert. version     : %d\n",
1552                                prefix, crt->version );
1553     MBEDTLS_X509_SAFE_SNPRINTF;
1554     ret = mbedtls_snprintf( p, n, "%sserial number     : ",
1555                                prefix );
1556     MBEDTLS_X509_SAFE_SNPRINTF;
1557 
1558     ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
1559     MBEDTLS_X509_SAFE_SNPRINTF;
1560 
1561     ret = mbedtls_snprintf( p, n, "\n%sissuer name       : ", prefix );
1562     MBEDTLS_X509_SAFE_SNPRINTF;
1563     ret = mbedtls_x509_dn_gets( p, n, &crt->issuer  );
1564     MBEDTLS_X509_SAFE_SNPRINTF;
1565 
1566     ret = mbedtls_snprintf( p, n, "\n%ssubject name      : ", prefix );
1567     MBEDTLS_X509_SAFE_SNPRINTF;
1568     ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
1569     MBEDTLS_X509_SAFE_SNPRINTF;
1570 
1571     ret = mbedtls_snprintf( p, n, "\n%sissued  on        : " \
1572                    "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1573                    crt->valid_from.year, crt->valid_from.mon,
1574                    crt->valid_from.day,  crt->valid_from.hour,
1575                    crt->valid_from.min,  crt->valid_from.sec );
1576     MBEDTLS_X509_SAFE_SNPRINTF;
1577 
1578     ret = mbedtls_snprintf( p, n, "\n%sexpires on        : " \
1579                    "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1580                    crt->valid_to.year, crt->valid_to.mon,
1581                    crt->valid_to.day,  crt->valid_to.hour,
1582                    crt->valid_to.min,  crt->valid_to.sec );
1583     MBEDTLS_X509_SAFE_SNPRINTF;
1584 
1585     ret = mbedtls_snprintf( p, n, "\n%ssigned using      : ", prefix );
1586     MBEDTLS_X509_SAFE_SNPRINTF;
1587 
1588     ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
1589                              crt->sig_md, crt->sig_opts );
1590     MBEDTLS_X509_SAFE_SNPRINTF;
1591 
1592     /* Key size */
1593     if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
1594                                       mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
1595     {
1596         return( ret );
1597     }
1598 
1599     ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
1600                           (int) mbedtls_pk_get_bitlen( &crt->pk ) );
1601     MBEDTLS_X509_SAFE_SNPRINTF;
1602 
1603     /*
1604      * Optional extensions
1605      */
1606 
1607     if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
1608     {
1609         ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
1610                         crt->ca_istrue ? "true" : "false" );
1611         MBEDTLS_X509_SAFE_SNPRINTF;
1612 
1613         if( crt->max_pathlen > 0 )
1614         {
1615             ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
1616             MBEDTLS_X509_SAFE_SNPRINTF;
1617         }
1618     }
1619 
1620     if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
1621     {
1622         ret = mbedtls_snprintf( p, n, "\n%ssubject alt name  : ", prefix );
1623         MBEDTLS_X509_SAFE_SNPRINTF;
1624 
1625         if( ( ret = x509_info_subject_alt_name( &p, &n,
1626                                             &crt->subject_alt_names ) ) != 0 )
1627             return( ret );
1628     }
1629 
1630     if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
1631     {
1632         ret = mbedtls_snprintf( p, n, "\n%scert. type        : ", prefix );
1633         MBEDTLS_X509_SAFE_SNPRINTF;
1634 
1635         if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
1636             return( ret );
1637     }
1638 
1639     if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
1640     {
1641         ret = mbedtls_snprintf( p, n, "\n%skey usage         : ", prefix );
1642         MBEDTLS_X509_SAFE_SNPRINTF;
1643 
1644         if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
1645             return( ret );
1646     }
1647 
1648     if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
1649     {
1650         ret = mbedtls_snprintf( p, n, "\n%sext key usage     : ", prefix );
1651         MBEDTLS_X509_SAFE_SNPRINTF;
1652 
1653         if( ( ret = x509_info_ext_key_usage( &p, &n,
1654                                              &crt->ext_key_usage ) ) != 0 )
1655             return( ret );
1656     }
1657 
1658     ret = mbedtls_snprintf( p, n, "\n" );
1659     MBEDTLS_X509_SAFE_SNPRINTF;
1660 
1661     return( (int) ( size - n ) );
1662 }
1663 
1664 struct x509_crt_verify_string {
1665     int code;
1666     const char *string;
1667 };
1668 
1669 static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
1670     { MBEDTLS_X509_BADCERT_EXPIRED,       "The certificate validity has expired" },
1671     { MBEDTLS_X509_BADCERT_REVOKED,       "The certificate has been revoked (is on a CRL)" },
1672     { MBEDTLS_X509_BADCERT_CN_MISMATCH,   "The certificate Common Name (CN) does not match with the expected CN" },
1673     { MBEDTLS_X509_BADCERT_NOT_TRUSTED,   "The certificate is not correctly signed by the trusted CA" },
1674     { MBEDTLS_X509_BADCRL_NOT_TRUSTED,    "The CRL is not correctly signed by the trusted CA" },
1675     { MBEDTLS_X509_BADCRL_EXPIRED,        "The CRL is expired" },
1676     { MBEDTLS_X509_BADCERT_MISSING,       "Certificate was missing" },
1677     { MBEDTLS_X509_BADCERT_SKIP_VERIFY,   "Certificate verification was skipped" },
1678     { MBEDTLS_X509_BADCERT_OTHER,         "Other reason (can be used by verify callback)" },
1679     { MBEDTLS_X509_BADCERT_FUTURE,        "The certificate validity starts in the future" },
1680     { MBEDTLS_X509_BADCRL_FUTURE,         "The CRL is from the future" },
1681     { MBEDTLS_X509_BADCERT_KEY_USAGE,     "Usage does not match the keyUsage extension" },
1682     { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
1683     { MBEDTLS_X509_BADCERT_NS_CERT_TYPE,  "Usage does not match the nsCertType extension" },
1684     { MBEDTLS_X509_BADCERT_BAD_MD,        "The certificate is signed with an unacceptable hash." },
1685     { MBEDTLS_X509_BADCERT_BAD_PK,        "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1686     { MBEDTLS_X509_BADCERT_BAD_KEY,       "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
1687     { MBEDTLS_X509_BADCRL_BAD_MD,         "The CRL is signed with an unacceptable hash." },
1688     { MBEDTLS_X509_BADCRL_BAD_PK,         "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1689     { MBEDTLS_X509_BADCRL_BAD_KEY,        "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
1690     { 0, NULL }
1691 };
1692 
1693 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
1694                           uint32_t flags )
1695 {
1696     int ret;
1697     const struct x509_crt_verify_string *cur;
1698     char *p = buf;
1699     size_t n = size;
1700 
1701     for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
1702     {
1703         if( ( flags & cur->code ) == 0 )
1704             continue;
1705 
1706         ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
1707         MBEDTLS_X509_SAFE_SNPRINTF;
1708         flags ^= cur->code;
1709     }
1710 
1711     if( flags != 0 )
1712     {
1713         ret = mbedtls_snprintf( p, n, "%sUnknown reason "
1714                                        "(this should not happen)\n", prefix );
1715         MBEDTLS_X509_SAFE_SNPRINTF;
1716     }
1717 
1718     return( (int) ( size - n ) );
1719 }
1720 
1721 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1722 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
1723                                       unsigned int usage )
1724 {
1725     unsigned int usage_must, usage_may;
1726     unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
1727                           | MBEDTLS_X509_KU_DECIPHER_ONLY;
1728 
1729     if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
1730         return( 0 );
1731 
1732     usage_must = usage & ~may_mask;
1733 
1734     if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
1735         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1736 
1737     usage_may = usage & may_mask;
1738 
1739     if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
1740         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1741 
1742     return( 0 );
1743 }
1744 #endif
1745 
1746 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
1747 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
1748                                        const char *usage_oid,
1749                                        size_t usage_len )
1750 {
1751     const mbedtls_x509_sequence *cur;
1752 
1753     /* Extension is not mandatory, absent means no restriction */
1754     if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
1755         return( 0 );
1756 
1757     /*
1758      * Look for the requested usage (or wildcard ANY) in our list
1759      */
1760     for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
1761     {
1762         const mbedtls_x509_buf *cur_oid = &cur->buf;
1763 
1764         if( cur_oid->len == usage_len &&
1765             memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
1766         {
1767             return( 0 );
1768         }
1769 
1770         if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
1771             return( 0 );
1772     }
1773 
1774     return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
1775 }
1776 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
1777 
1778 #if defined(MBEDTLS_X509_CRL_PARSE_C)
1779 /*
1780  * Return 1 if the certificate is revoked, or 0 otherwise.
1781  */
1782 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
1783 {
1784     const mbedtls_x509_crl_entry *cur = &crl->entry;
1785 
1786     while( cur != NULL && cur->serial.len != 0 )
1787     {
1788         if( crt->serial.len == cur->serial.len &&
1789             memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
1790         {
1791             if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
1792                 return( 1 );
1793         }
1794 
1795         cur = cur->next;
1796     }
1797 
1798     return( 0 );
1799 }
1800 
1801 /*
1802  * Check that the given certificate is not revoked according to the CRL.
1803  * Skip validation if no CRL for the given CA is present.
1804  */
1805 static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
1806                                mbedtls_x509_crl *crl_list,
1807                                const mbedtls_x509_crt_profile *profile )
1808 {
1809     int flags = 0;
1810     unsigned char hash[MBEDTLS_MD_MAX_SIZE];
1811     const mbedtls_md_info_t *md_info;
1812 
1813     if( ca == NULL )
1814         return( flags );
1815 
1816     while( crl_list != NULL )
1817     {
1818         if( crl_list->version == 0 ||
1819             x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 )
1820         {
1821             crl_list = crl_list->next;
1822             continue;
1823         }
1824 
1825         /*
1826          * Check if the CA is configured to sign CRLs
1827          */
1828 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1829         if( mbedtls_x509_crt_check_key_usage( ca,
1830                                               MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
1831         {
1832             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1833             break;
1834         }
1835 #endif
1836 
1837         /*
1838          * Check if CRL is correctly signed by the trusted CA
1839          */
1840         if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
1841             flags |= MBEDTLS_X509_BADCRL_BAD_MD;
1842 
1843         if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
1844             flags |= MBEDTLS_X509_BADCRL_BAD_PK;
1845 
1846         md_info = mbedtls_md_info_from_type( crl_list->sig_md );
1847         if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
1848         {
1849             /* Note: this can't happen except after an internal error */
1850             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1851             break;
1852         }
1853 
1854         if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 )
1855             flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
1856 
1857         if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
1858                            crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
1859                            crl_list->sig.p, crl_list->sig.len ) != 0 )
1860         {
1861             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
1862             break;
1863         }
1864 
1865         /*
1866          * Check for validity of CRL (Do not drop out)
1867          */
1868         if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
1869             flags |= MBEDTLS_X509_BADCRL_EXPIRED;
1870 
1871         if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
1872             flags |= MBEDTLS_X509_BADCRL_FUTURE;
1873 
1874         /*
1875          * Check if certificate is revoked
1876          */
1877         if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
1878         {
1879             flags |= MBEDTLS_X509_BADCERT_REVOKED;
1880             break;
1881         }
1882 
1883         crl_list = crl_list->next;
1884     }
1885 
1886     return( flags );
1887 }
1888 #endif /* MBEDTLS_X509_CRL_PARSE_C */
1889 
1890 /*
1891  * Check if 'parent' is a suitable parent (signing CA) for 'child'.
1892  * Return 0 if yes, -1 if not.
1893  *
1894  * top means parent is a locally-trusted certificate
1895  * bottom means child is the end entity cert
1896  */
1897 static int x509_crt_check_parent( const mbedtls_x509_crt *child,
1898                                   const mbedtls_x509_crt *parent,
1899                                   int top, int bottom )
1900 {
1901     int need_ca_bit;
1902 
1903     /* Parent must be the issuer */
1904     if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
1905         return( -1 );
1906 
1907     /* Parent must have the basicConstraints CA bit set as a general rule */
1908     need_ca_bit = 1;
1909 
1910     /* Exception: v1/v2 certificates that are locally trusted. */
1911     if( top && parent->version < 3 )
1912         need_ca_bit = 0;
1913 
1914     /* Exception: self-signed end-entity certs that are locally trusted. */
1915     if( top && bottom &&
1916         child->raw.len == parent->raw.len &&
1917         memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 )
1918     {
1919         need_ca_bit = 0;
1920     }
1921 
1922     if( need_ca_bit && ! parent->ca_istrue )
1923         return( -1 );
1924 
1925 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1926     if( need_ca_bit &&
1927         mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
1928     {
1929         return( -1 );
1930     }
1931 #endif
1932 
1933     return( 0 );
1934 }
1935 
1936 /*
1937  * Verify a certificate with no parent inside the chain
1938  * (either the parent is a trusted root, or there is no parent)
1939  *
1940  * See comments for mbedtls_x509_crt_verify_with_profile()
1941  * (also for notation used below)
1942  *
1943  * This function is called in two cases:
1944  *  - child was found to have a parent in trusted roots, in which case we're
1945  *    called with trust_ca pointing directly to that parent (not the full list)
1946  *      - this is cases 1, 2 and 3 of the comment on verify_with_profile()
1947  *      - case 1 is special as child and trust_ca point to copies of the same
1948  *        certificate then
1949  *  - child was found to have no parent either in the chain or in trusted CAs
1950  *      - this is cases 4 and 5 of the comment on verify_with_profile()
1951  *
1952  * For historical reasons, the function currently does not assume that
1953  * trust_ca points directly to the right root in the first case, and it
1954  * doesn't know in which case it starts, so it always starts by searching for
1955  * a parent in trust_ca.
1956  */
1957 static int x509_crt_verify_top(
1958                 mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca,
1959                 mbedtls_x509_crl *ca_crl,
1960                 const mbedtls_x509_crt_profile *profile,
1961                 int path_cnt, int self_cnt, uint32_t *flags,
1962                 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
1963                 void *p_vrfy )
1964 {
1965     int ret;
1966     uint32_t ca_flags = 0;
1967     int check_path_cnt;
1968     unsigned char hash[MBEDTLS_MD_MAX_SIZE];
1969     const mbedtls_md_info_t *md_info;
1970     mbedtls_x509_crt *future_past_ca = NULL;
1971 
1972     if( mbedtls_x509_time_is_past( &child->valid_to ) )
1973         *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
1974 
1975     if( mbedtls_x509_time_is_future( &child->valid_from ) )
1976         *flags |= MBEDTLS_X509_BADCERT_FUTURE;
1977 
1978     if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
1979         *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
1980 
1981     if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
1982         *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
1983 
1984     /*
1985      * Child is the top of the chain. Check against the trust_ca list.
1986      */
1987     *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
1988 
1989     md_info = mbedtls_md_info_from_type( child->sig_md );
1990     if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
1991     {
1992         /* Note: this can't happen except after an internal error */
1993         /* Cannot check signature, no need to try any CA */
1994         trust_ca = NULL;
1995     }
1996 
1997     for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
1998     {
1999         if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
2000             continue;
2001 
2002         check_path_cnt = path_cnt + 1;
2003 
2004         /*
2005          * Reduce check_path_cnt to check against if top of the chain is
2006          * the same as the trusted CA
2007          */
2008         if( child->subject_raw.len == trust_ca->subject_raw.len &&
2009             memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
2010                     child->subject_raw.len ) == 0 )
2011         {
2012             check_path_cnt--;
2013         }
2014 
2015         /* Self signed certificates do not count towards the limit */
2016         if( trust_ca->max_pathlen > 0 &&
2017             trust_ca->max_pathlen < check_path_cnt - self_cnt )
2018         {
2019             continue;
2020         }
2021 
2022         if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
2023                            child->sig_md, hash, mbedtls_md_get_size( md_info ),
2024                            child->sig.p, child->sig.len ) != 0 )
2025         {
2026             continue;
2027         }
2028 
2029         if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ||
2030             mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
2031         {
2032             if ( future_past_ca == NULL )
2033                 future_past_ca = trust_ca;
2034 
2035             continue;
2036         }
2037 
2038         break;
2039     }
2040 
2041     if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
2042     {
2043         /*
2044          * Top of chain is signed by a trusted CA
2045          */
2046         *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2047 
2048         if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
2049             *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2050     }
2051 
2052     /*
2053      * If top of chain is not the same as the trusted CA send a verify request
2054      * to the callback for any issues with validity and CRL presence for the
2055      * trusted CA certificate.
2056      */
2057     if( trust_ca != NULL &&
2058         ( child->subject_raw.len != trust_ca->subject_raw.len ||
2059           memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
2060                   child->subject_raw.len ) != 0 ) )
2061     {
2062 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2063         /* Check trusted CA's CRL for the chain's top crt */
2064         *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile );
2065 #else
2066         ((void) ca_crl);
2067 #endif
2068 
2069         if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
2070             ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
2071 
2072         if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
2073             ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
2074 
2075         if( NULL != f_vrfy )
2076         {
2077             if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
2078                                 &ca_flags ) ) != 0 )
2079             {
2080                 return( ret );
2081             }
2082         }
2083     }
2084 
2085     /* Call callback on top cert */
2086     if( NULL != f_vrfy )
2087     {
2088         if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
2089             return( ret );
2090     }
2091 
2092     *flags |= ca_flags;
2093 
2094     return( 0 );
2095 }
2096 
2097 /*
2098  * Verify a certificate with a parent inside the chain
2099  *
2100  * See comments for mbedtls_x509_crt_verify_with_profile()
2101  */
2102 static int x509_crt_verify_child(
2103                 mbedtls_x509_crt *child, mbedtls_x509_crt *parent,
2104                 mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl,
2105                 const mbedtls_x509_crt_profile *profile,
2106                 int path_cnt, int self_cnt, uint32_t *flags,
2107                 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2108                 void *p_vrfy )
2109 {
2110     int ret;
2111     uint32_t parent_flags = 0;
2112     unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2113     mbedtls_x509_crt *grandparent;
2114     const mbedtls_md_info_t *md_info;
2115 
2116     /* Counting intermediate self signed certificates */
2117     if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
2118         self_cnt++;
2119 
2120     /* path_cnt is 0 for the first intermediate CA */
2121     if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
2122     {
2123         /* return immediately as the goal is to avoid unbounded recursion */
2124         return( MBEDTLS_ERR_X509_FATAL_ERROR );
2125     }
2126 
2127     if( mbedtls_x509_time_is_past( &child->valid_to ) )
2128         *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
2129 
2130     if( mbedtls_x509_time_is_future( &child->valid_from ) )
2131         *flags |= MBEDTLS_X509_BADCERT_FUTURE;
2132 
2133     if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
2134         *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
2135 
2136     if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
2137         *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
2138 
2139     md_info = mbedtls_md_info_from_type( child->sig_md );
2140     if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
2141     {
2142         /* Note: this can't happen except after an internal error */
2143         *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2144     }
2145     else
2146     {
2147         if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
2148             *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2149 
2150         if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
2151                            child->sig_md, hash, mbedtls_md_get_size( md_info ),
2152                            child->sig.p, child->sig.len ) != 0 )
2153         {
2154             *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2155         }
2156     }
2157 
2158 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2159     /* Check trusted CA's CRL for the given crt */
2160     *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
2161 #endif
2162 
2163     /* Look for a grandparent in trusted CAs */
2164     for( grandparent = trust_ca;
2165          grandparent != NULL;
2166          grandparent = grandparent->next )
2167     {
2168         if( x509_crt_check_parent( parent, grandparent,
2169                                    0, path_cnt == 0 ) == 0 )
2170             break;
2171     }
2172 
2173     if( grandparent != NULL )
2174     {
2175         ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile,
2176                                 path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy );
2177         if( ret != 0 )
2178             return( ret );
2179     }
2180     else
2181     {
2182         /* Look for a grandparent upwards the chain */
2183         for( grandparent = parent->next;
2184              grandparent != NULL;
2185              grandparent = grandparent->next )
2186         {
2187             /* +2 because the current step is not yet accounted for
2188              * and because max_pathlen is one higher than it should be.
2189              * Also self signed certificates do not count to the limit. */
2190             if( grandparent->max_pathlen > 0 &&
2191                 grandparent->max_pathlen < 2 + path_cnt - self_cnt )
2192             {
2193                 continue;
2194             }
2195 
2196             if( x509_crt_check_parent( parent, grandparent,
2197                                        0, path_cnt == 0 ) == 0 )
2198                 break;
2199         }
2200 
2201         /* Is our parent part of the chain or at the top? */
2202         if( grandparent != NULL )
2203         {
2204             ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
2205                                          profile, path_cnt + 1, self_cnt, &parent_flags,
2206                                          f_vrfy, p_vrfy );
2207             if( ret != 0 )
2208                 return( ret );
2209         }
2210         else
2211         {
2212             ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
2213                                        path_cnt + 1, self_cnt, &parent_flags,
2214                                        f_vrfy, p_vrfy );
2215             if( ret != 0 )
2216                 return( ret );
2217         }
2218     }
2219 
2220     /* child is verified to be a child of the parent, call verify callback */
2221     if( NULL != f_vrfy )
2222         if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
2223             return( ret );
2224 
2225     *flags |= parent_flags;
2226 
2227     return( 0 );
2228 }
2229 
2230 /*
2231  * Verify the certificate validity
2232  */
2233 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
2234                      mbedtls_x509_crt *trust_ca,
2235                      mbedtls_x509_crl *ca_crl,
2236                      const char *cn, uint32_t *flags,
2237                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2238                      void *p_vrfy )
2239 {
2240     return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
2241                 &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
2242 }
2243 
2244 
2245 /*
2246  * Verify the certificate validity, with profile
2247  *
2248  * The chain building/verification is spread accross 4 functions:
2249  *  - this one
2250  *  - x509_crt_verify_child()
2251  *  - x509_crt_verify_top()
2252  *  - x509_crt_check_parent()
2253  *
2254  * There are five main cases to consider. Let's introduce some notation:
2255  *  - E means the end-entity certificate
2256  *  - I an intermediate CA
2257  *  - R the trusted root CA this chain anchors to
2258  *  - T the list of trusted roots (R and possible some others)
2259  *
2260  * The main cases with the calling sequence of the crt_verify_xxx() are:
2261  *  1. E = R (explicitly trusted EE cert)
2262  *      verify(E, T) -> verify_top(E, R)
2263  *  2. E -> R (EE signed by trusted root)
2264  *      verify(E, T) -> verify_top(E, R)
2265  *  3. E -> I -> R (EE signed by intermediate signed by trusted root)
2266  *      verify(E, T) -> verify_child(E, I, T) -> verify_top(I, R)
2267  *      (plus variant with multiple intermediates)
2268  *  4. E -> I (EE signed by intermediate that's not trusted)
2269  *      verify(E, T) -> verify_child(E, I, T) -> verify_top(I, T)
2270  *      (plus variant with multiple intermediates)
2271  *  5. E (EE not trusted)
2272  *      verify(E, T) -> verify_top(E, T)
2273  *
2274  * Note: this notation and case numbering is also used in x509_crt_verify_top()
2275  */
2276 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
2277                      mbedtls_x509_crt *trust_ca,
2278                      mbedtls_x509_crl *ca_crl,
2279                      const mbedtls_x509_crt_profile *profile,
2280                      const char *cn, uint32_t *flags,
2281                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
2282                      void *p_vrfy )
2283 {
2284     size_t cn_len;
2285     int ret;
2286     int pathlen = 0, selfsigned = 0;
2287     mbedtls_x509_crt *parent;
2288     mbedtls_x509_name *name;
2289     mbedtls_x509_sequence *cur = NULL;
2290     mbedtls_pk_type_t pk_type;
2291 
2292     *flags = 0;
2293 
2294     if( profile == NULL )
2295     {
2296         ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
2297         goto exit;
2298     }
2299 
2300     if( cn != NULL )
2301     {
2302         name = &crt->subject;
2303         cn_len = strlen( cn );
2304 
2305         if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
2306         {
2307             cur = &crt->subject_alt_names;
2308 
2309             while( cur != NULL )
2310             {
2311                 if( cur->buf.len == cn_len &&
2312                     x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
2313                     break;
2314 
2315                 if( cur->buf.len > 2 &&
2316                     memcmp( cur->buf.p, "*.", 2 ) == 0 &&
2317                     x509_check_wildcard( cn, &cur->buf ) == 0 )
2318                 {
2319                     break;
2320                 }
2321 
2322                 cur = cur->next;
2323             }
2324 
2325             if( cur == NULL )
2326                 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2327         }
2328         else
2329         {
2330             while( name != NULL )
2331             {
2332                 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
2333                 {
2334                     if( name->val.len == cn_len &&
2335                         x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
2336                         break;
2337 
2338                     if( name->val.len > 2 &&
2339                         memcmp( name->val.p, "*.", 2 ) == 0 &&
2340                         x509_check_wildcard( cn, &name->val ) == 0 )
2341                         break;
2342                 }
2343 
2344                 name = name->next;
2345             }
2346 
2347             if( name == NULL )
2348                 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
2349         }
2350     }
2351 
2352     /* Check the type and size of the key */
2353     pk_type = mbedtls_pk_get_type( &crt->pk );
2354 
2355     if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
2356         *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
2357 
2358     if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
2359         *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2360 
2361     /* Look for a parent in trusted CAs */
2362     for( parent = trust_ca; parent != NULL; parent = parent->next )
2363     {
2364         if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
2365             break;
2366     }
2367 
2368     if( parent != NULL )
2369     {
2370         ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
2371                                    pathlen, selfsigned, flags, f_vrfy, p_vrfy );
2372         if( ret != 0 )
2373             goto exit;
2374     }
2375     else
2376     {
2377         /* Look for a parent upwards the chain */
2378         for( parent = crt->next; parent != NULL; parent = parent->next )
2379             if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
2380                 break;
2381 
2382         /* Are we part of the chain or at the top? */
2383         if( parent != NULL )
2384         {
2385             ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
2386                                          pathlen, selfsigned, flags, f_vrfy, p_vrfy );
2387             if( ret != 0 )
2388                 goto exit;
2389         }
2390         else
2391         {
2392             ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
2393                                        pathlen, selfsigned, flags, f_vrfy, p_vrfy );
2394             if( ret != 0 )
2395                 goto exit;
2396         }
2397     }
2398 
2399 exit:
2400     /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
2401      * the SSL module for authmode optional, but non-zero return from the
2402      * callback means a fatal error so it shouldn't be ignored */
2403     if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
2404         ret = MBEDTLS_ERR_X509_FATAL_ERROR;
2405 
2406     if( ret != 0 )
2407     {
2408         *flags = (uint32_t) -1;
2409         return( ret );
2410     }
2411 
2412     if( *flags != 0 )
2413         return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
2414 
2415     return( 0 );
2416 }
2417 
2418 /*
2419  * Initialize a certificate chain
2420  */
2421 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
2422 {
2423     memset( crt, 0, sizeof(mbedtls_x509_crt) );
2424 }
2425 
2426 /*
2427  * Unallocate all certificate data
2428  */
2429 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
2430 {
2431     mbedtls_x509_crt *cert_cur = crt;
2432     mbedtls_x509_crt *cert_prv;
2433     mbedtls_x509_name *name_cur;
2434     mbedtls_x509_name *name_prv;
2435     mbedtls_x509_sequence *seq_cur;
2436     mbedtls_x509_sequence *seq_prv;
2437 
2438     if( crt == NULL )
2439         return;
2440 
2441     do
2442     {
2443         mbedtls_pk_free( &cert_cur->pk );
2444 
2445 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
2446         mbedtls_free( cert_cur->sig_opts );
2447 #endif
2448 
2449         name_cur = cert_cur->issuer.next;
2450         while( name_cur != NULL )
2451         {
2452             name_prv = name_cur;
2453             name_cur = name_cur->next;
2454             mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
2455             mbedtls_free( name_prv );
2456         }
2457 
2458         name_cur = cert_cur->subject.next;
2459         while( name_cur != NULL )
2460         {
2461             name_prv = name_cur;
2462             name_cur = name_cur->next;
2463             mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
2464             mbedtls_free( name_prv );
2465         }
2466 
2467         seq_cur = cert_cur->ext_key_usage.next;
2468         while( seq_cur != NULL )
2469         {
2470             seq_prv = seq_cur;
2471             seq_cur = seq_cur->next;
2472             mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
2473             mbedtls_free( seq_prv );
2474         }
2475 
2476         seq_cur = cert_cur->subject_alt_names.next;
2477         while( seq_cur != NULL )
2478         {
2479             seq_prv = seq_cur;
2480             seq_cur = seq_cur->next;
2481             mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
2482             mbedtls_free( seq_prv );
2483         }
2484 
2485         if( cert_cur->raw.p != NULL )
2486         {
2487             mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len );
2488             mbedtls_free( cert_cur->raw.p );
2489         }
2490 
2491         cert_cur = cert_cur->next;
2492     }
2493     while( cert_cur != NULL );
2494 
2495     cert_cur = crt;
2496     do
2497     {
2498         cert_prv = cert_cur;
2499         cert_cur = cert_cur->next;
2500 
2501         mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
2502         if( cert_prv != crt )
2503             mbedtls_free( cert_prv );
2504     }
2505     while( cert_cur != NULL );
2506 }
2507 
2508 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2509