1 /* 2 * X.509 certificate parsing and verification 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 * 7 * This file is provided under the Apache License 2.0, or the 8 * GNU General Public License v2.0 or later. 9 * 10 * ********** 11 * Apache License 2.0: 12 * 13 * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 * not use this file except in compliance with the License. 15 * You may obtain a copy of the License at 16 * 17 * http://www.apache.org/licenses/LICENSE-2.0 18 * 19 * Unless required by applicable law or agreed to in writing, software 20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 * See the License for the specific language governing permissions and 23 * limitations under the License. 24 * 25 * ********** 26 * 27 * ********** 28 * GNU General Public License v2.0 or later: 29 * 30 * This program is free software; you can redistribute it and/or modify 31 * it under the terms of the GNU General Public License as published by 32 * the Free Software Foundation; either version 2 of the License, or 33 * (at your option) any later version. 34 * 35 * This program is distributed in the hope that it will be useful, 36 * but WITHOUT ANY WARRANTY; without even the implied warranty of 37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 38 * GNU General Public License for more details. 39 * 40 * You should have received a copy of the GNU General Public License along 41 * with this program; if not, write to the Free Software Foundation, Inc., 42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 43 * 44 * ********** 45 */ 46 /* 47 * The ITU-T X.509 standard defines a certificate format for PKI. 48 * 49 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 50 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 51 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 52 * 53 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 54 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 55 * 56 * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf 57 */ 58 59 #if !defined(MBEDTLS_CONFIG_FILE) 60 #include "mbedtls/config.h" 61 #else 62 #include MBEDTLS_CONFIG_FILE 63 #endif 64 65 #if defined(MBEDTLS_X509_CRT_PARSE_C) 66 67 #include "mbedtls/x509_crt.h" 68 #include "mbedtls/oid.h" 69 #include "mbedtls/platform_util.h" 70 71 #include <string.h> 72 73 #if defined(MBEDTLS_PEM_PARSE_C) 74 #include "mbedtls/pem.h" 75 #endif 76 77 #if defined(MBEDTLS_PLATFORM_C) 78 #include "mbedtls/platform.h" 79 #else 80 #include <stdio.h> 81 #include <stdlib.h> 82 #define mbedtls_free free 83 #define mbedtls_calloc calloc 84 #define mbedtls_snprintf snprintf 85 #endif 86 87 #if defined(MBEDTLS_THREADING_C) 88 #include "mbedtls/threading.h" 89 #endif 90 91 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 92 #include <windows.h> 93 #else 94 #include <time.h> 95 #endif 96 97 #if defined(MBEDTLS_FS_IO) 98 #include <stdio.h> 99 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) 100 #include <sys/types.h> 101 #include <sys/stat.h> 102 #include <dirent.h> 103 #endif /* !_WIN32 || EFIX64 || EFI32 */ 104 #endif 105 106 /* 107 * Item in a verification chain: cert and flags for it 108 */ 109 typedef struct { 110 mbedtls_x509_crt *crt; 111 uint32_t flags; 112 } x509_crt_verify_chain_item; 113 114 /* 115 * Max size of verification chain: end-entity + intermediates + trusted root 116 */ 117 #define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) 118 119 /* Default profile. Do not remove items unless there are serious security 120 * concerns. */ 121 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = 122 { 123 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) 124 /* Allow SHA-1 (weak, but still safe in controlled environments) */ 125 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | 126 #endif 127 /* Only SHA-2 hashes */ 128 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | 129 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 130 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 131 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 132 0xFFFFFFF, /* Any PK alg */ 133 0xFFFFFFF, /* Any curve */ 134 2048, 135 }; 136 137 /* 138 * Next-default profile 139 */ 140 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = 141 { 142 /* Hashes from SHA-256 and above */ 143 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 144 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | 145 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), 146 0xFFFFFFF, /* Any PK alg */ 147 #if defined(MBEDTLS_ECP_C) 148 /* Curves at or above 128-bit security level */ 149 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 150 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) | 151 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) | 152 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) | 153 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) | 154 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) | 155 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ), 156 #else 157 0, 158 #endif 159 2048, 160 }; 161 162 /* 163 * NSA Suite B Profile 164 */ 165 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = 166 { 167 /* Only SHA-256 and 384 */ 168 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | 169 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), 170 /* Only ECDSA */ 171 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | 172 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), 173 #if defined(MBEDTLS_ECP_C) 174 /* Only NIST P-256 and P-384 */ 175 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | 176 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ), 177 #else 178 0, 179 #endif 180 0, 181 }; 182 183 /* 184 * Check md_alg against profile 185 * Return 0 if md_alg is acceptable for this profile, -1 otherwise 186 */ 187 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, 188 mbedtls_md_type_t md_alg ) 189 { 190 if( md_alg == MBEDTLS_MD_NONE ) 191 return( -1 ); 192 193 if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) 194 return( 0 ); 195 196 return( -1 ); 197 } 198 199 /* 200 * Check pk_alg against profile 201 * Return 0 if pk_alg is acceptable for this profile, -1 otherwise 202 */ 203 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, 204 mbedtls_pk_type_t pk_alg ) 205 { 206 if( pk_alg == MBEDTLS_PK_NONE ) 207 return( -1 ); 208 209 if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) 210 return( 0 ); 211 212 return( -1 ); 213 } 214 215 /* 216 * Check key against profile 217 * Return 0 if pk is acceptable for this profile, -1 otherwise 218 */ 219 static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, 220 const mbedtls_pk_context *pk ) 221 { 222 const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); 223 224 #if defined(MBEDTLS_RSA_C) 225 if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) 226 { 227 if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) 228 return( 0 ); 229 230 return( -1 ); 231 } 232 #endif 233 234 #if defined(MBEDTLS_ECP_C) 235 if( pk_alg == MBEDTLS_PK_ECDSA || 236 pk_alg == MBEDTLS_PK_ECKEY || 237 pk_alg == MBEDTLS_PK_ECKEY_DH ) 238 { 239 const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; 240 241 if( gid == MBEDTLS_ECP_DP_NONE ) 242 return( -1 ); 243 244 if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) 245 return( 0 ); 246 247 return( -1 ); 248 } 249 #endif 250 251 return( -1 ); 252 } 253 254 /* 255 * Like memcmp, but case-insensitive and always returns -1 if different 256 */ 257 static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) 258 { 259 size_t i; 260 unsigned char diff; 261 const unsigned char *n1 = s1, *n2 = s2; 262 263 for( i = 0; i < len; i++ ) 264 { 265 diff = n1[i] ^ n2[i]; 266 267 if( diff == 0 ) 268 continue; 269 270 if( diff == 32 && 271 ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || 272 ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) 273 { 274 continue; 275 } 276 277 return( -1 ); 278 } 279 280 return( 0 ); 281 } 282 283 /* 284 * Return 0 if name matches wildcard, -1 otherwise 285 */ 286 static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) 287 { 288 size_t i; 289 size_t cn_idx = 0, cn_len = strlen( cn ); 290 291 /* We can't have a match if there is no wildcard to match */ 292 if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) 293 return( -1 ); 294 295 for( i = 0; i < cn_len; ++i ) 296 { 297 if( cn[i] == '.' ) 298 { 299 cn_idx = i; 300 break; 301 } 302 } 303 304 if( cn_idx == 0 ) 305 return( -1 ); 306 307 if( cn_len - cn_idx == name->len - 1 && 308 x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) 309 { 310 return( 0 ); 311 } 312 313 return( -1 ); 314 } 315 316 /* 317 * Compare two X.509 strings, case-insensitive, and allowing for some encoding 318 * variations (but not all). 319 * 320 * Return 0 if equal, -1 otherwise. 321 */ 322 static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) 323 { 324 if( a->tag == b->tag && 325 a->len == b->len && 326 memcmp( a->p, b->p, b->len ) == 0 ) 327 { 328 return( 0 ); 329 } 330 331 if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 332 ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && 333 a->len == b->len && 334 x509_memcasecmp( a->p, b->p, b->len ) == 0 ) 335 { 336 return( 0 ); 337 } 338 339 return( -1 ); 340 } 341 342 /* 343 * Compare two X.509 Names (aka rdnSequence). 344 * 345 * See RFC 5280 section 7.1, though we don't implement the whole algorithm: 346 * we sometimes return unequal when the full algorithm would return equal, 347 * but never the other way. (In particular, we don't do Unicode normalisation 348 * or space folding.) 349 * 350 * Return 0 if equal, -1 otherwise. 351 */ 352 static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) 353 { 354 /* Avoid recursion, it might not be optimised by the compiler */ 355 while( a != NULL || b != NULL ) 356 { 357 if( a == NULL || b == NULL ) 358 return( -1 ); 359 360 /* type */ 361 if( a->oid.tag != b->oid.tag || 362 a->oid.len != b->oid.len || 363 memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) 364 { 365 return( -1 ); 366 } 367 368 /* value */ 369 if( x509_string_cmp( &a->val, &b->val ) != 0 ) 370 return( -1 ); 371 372 /* structure of the list of sets */ 373 if( a->next_merged != b->next_merged ) 374 return( -1 ); 375 376 a = a->next; 377 b = b->next; 378 } 379 380 /* a == NULL == b */ 381 return( 0 ); 382 } 383 384 /* 385 * Reset (init or clear) a verify_chain 386 */ 387 static void x509_crt_verify_chain_reset( 388 mbedtls_x509_crt_verify_chain *ver_chain ) 389 { 390 size_t i; 391 392 for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) 393 { 394 ver_chain->items[i].crt = NULL; 395 ver_chain->items[i].flags = (uint32_t) -1; 396 } 397 398 ver_chain->len = 0; 399 } 400 401 /* 402 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 403 */ 404 static int x509_get_version( unsigned char **p, 405 const unsigned char *end, 406 int *ver ) 407 { 408 int ret; 409 size_t len; 410 411 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 412 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 ) 413 { 414 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 415 { 416 *ver = 0; 417 return( 0 ); 418 } 419 420 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 421 } 422 423 end = *p + len; 424 425 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) 426 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); 427 428 if( *p != end ) 429 return( MBEDTLS_ERR_X509_INVALID_VERSION + 430 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 431 432 return( 0 ); 433 } 434 435 /* 436 * Validity ::= SEQUENCE { 437 * notBefore Time, 438 * notAfter Time } 439 */ 440 static int x509_get_dates( unsigned char **p, 441 const unsigned char *end, 442 mbedtls_x509_time *from, 443 mbedtls_x509_time *to ) 444 { 445 int ret; 446 size_t len; 447 448 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 449 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 450 return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); 451 452 end = *p + len; 453 454 if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 ) 455 return( ret ); 456 457 if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 ) 458 return( ret ); 459 460 if( *p != end ) 461 return( MBEDTLS_ERR_X509_INVALID_DATE + 462 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 463 464 return( 0 ); 465 } 466 467 /* 468 * X.509 v2/v3 unique identifier (not parsed) 469 */ 470 static int x509_get_uid( unsigned char **p, 471 const unsigned char *end, 472 mbedtls_x509_buf *uid, int n ) 473 { 474 int ret; 475 476 if( *p == end ) 477 return( 0 ); 478 479 uid->tag = **p; 480 481 if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len, 482 MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 ) 483 { 484 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 485 return( 0 ); 486 487 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 488 } 489 490 uid->p = *p; 491 *p += uid->len; 492 493 return( 0 ); 494 } 495 496 static int x509_get_basic_constraints( unsigned char **p, 497 const unsigned char *end, 498 int *ca_istrue, 499 int *max_pathlen ) 500 { 501 int ret; 502 size_t len; 503 504 /* 505 * BasicConstraints ::= SEQUENCE { 506 * cA BOOLEAN DEFAULT FALSE, 507 * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 508 */ 509 *ca_istrue = 0; /* DEFAULT FALSE */ 510 *max_pathlen = 0; /* endless */ 511 512 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 513 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 514 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 515 516 if( *p == end ) 517 return( 0 ); 518 519 if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 ) 520 { 521 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 522 ret = mbedtls_asn1_get_int( p, end, ca_istrue ); 523 524 if( ret != 0 ) 525 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 526 527 if( *ca_istrue != 0 ) 528 *ca_istrue = 1; 529 } 530 531 if( *p == end ) 532 return( 0 ); 533 534 if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) 535 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 536 537 if( *p != end ) 538 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 539 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 540 541 /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer 542 * overflow, which is an undefined behavior. */ 543 if( *max_pathlen == INT_MAX ) 544 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 545 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 546 547 (*max_pathlen)++; 548 549 return( 0 ); 550 } 551 552 static int x509_get_ns_cert_type( unsigned char **p, 553 const unsigned char *end, 554 unsigned char *ns_cert_type) 555 { 556 int ret; 557 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 558 559 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 560 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 561 562 if( bs.len != 1 ) 563 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 564 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 565 566 /* Get actual bitstring */ 567 *ns_cert_type = *bs.p; 568 return( 0 ); 569 } 570 571 static int x509_get_key_usage( unsigned char **p, 572 const unsigned char *end, 573 unsigned int *key_usage) 574 { 575 int ret; 576 size_t i; 577 mbedtls_x509_bitstring bs = { 0, 0, NULL }; 578 579 if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) 580 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 581 582 if( bs.len < 1 ) 583 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 584 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 585 586 /* Get actual bitstring */ 587 *key_usage = 0; 588 for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) 589 { 590 *key_usage |= (unsigned int) bs.p[i] << (8*i); 591 } 592 593 return( 0 ); 594 } 595 596 /* 597 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId 598 * 599 * KeyPurposeId ::= OBJECT IDENTIFIER 600 */ 601 static int x509_get_ext_key_usage( unsigned char **p, 602 const unsigned char *end, 603 mbedtls_x509_sequence *ext_key_usage) 604 { 605 int ret; 606 607 if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) 608 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 609 610 /* Sequence length must be >= 1 */ 611 if( ext_key_usage->buf.p == NULL ) 612 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 613 MBEDTLS_ERR_ASN1_INVALID_LENGTH ); 614 615 return( 0 ); 616 } 617 618 /* 619 * SubjectAltName ::= GeneralNames 620 * 621 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 622 * 623 * GeneralName ::= CHOICE { 624 * otherName [0] OtherName, 625 * rfc822Name [1] IA5String, 626 * dNSName [2] IA5String, 627 * x400Address [3] ORAddress, 628 * directoryName [4] Name, 629 * ediPartyName [5] EDIPartyName, 630 * uniformResourceIdentifier [6] IA5String, 631 * iPAddress [7] OCTET STRING, 632 * registeredID [8] OBJECT IDENTIFIER } 633 * 634 * OtherName ::= SEQUENCE { 635 * type-id OBJECT IDENTIFIER, 636 * value [0] EXPLICIT ANY DEFINED BY type-id } 637 * 638 * EDIPartyName ::= SEQUENCE { 639 * nameAssigner [0] DirectoryString OPTIONAL, 640 * partyName [1] DirectoryString } 641 * 642 * NOTE: we only parse and use dNSName at this point. 643 */ 644 static int x509_get_subject_alt_name( unsigned char **p, 645 const unsigned char *end, 646 mbedtls_x509_sequence *subject_alt_name ) 647 { 648 int ret; 649 size_t len, tag_len; 650 mbedtls_asn1_buf *buf; 651 unsigned char tag; 652 mbedtls_asn1_sequence *cur = subject_alt_name; 653 654 /* Get main sequence tag */ 655 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 656 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 657 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 658 659 if( *p + len != end ) 660 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 661 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 662 663 while( *p < end ) 664 { 665 if( ( end - *p ) < 1 ) 666 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 667 MBEDTLS_ERR_ASN1_OUT_OF_DATA ); 668 669 tag = **p; 670 (*p)++; 671 if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) 672 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 673 674 if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != 675 MBEDTLS_ASN1_CONTEXT_SPECIFIC ) 676 { 677 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 678 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 679 } 680 681 /* Skip everything but DNS name */ 682 if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) ) 683 { 684 *p += tag_len; 685 continue; 686 } 687 688 /* Allocate and assign next pointer */ 689 if( cur->buf.p != NULL ) 690 { 691 if( cur->next != NULL ) 692 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 693 694 cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); 695 696 if( cur->next == NULL ) 697 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 698 MBEDTLS_ERR_ASN1_ALLOC_FAILED ); 699 700 cur = cur->next; 701 } 702 703 buf = &(cur->buf); 704 buf->tag = tag; 705 buf->p = *p; 706 buf->len = tag_len; 707 *p += buf->len; 708 } 709 710 /* Set final sequence entry's next pointer to NULL */ 711 cur->next = NULL; 712 713 if( *p != end ) 714 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 715 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 716 717 return( 0 ); 718 } 719 720 /* 721 * X.509 v3 extensions 722 * 723 */ 724 static int x509_get_crt_ext( unsigned char **p, 725 const unsigned char *end, 726 mbedtls_x509_crt *crt ) 727 { 728 int ret; 729 size_t len; 730 unsigned char *end_ext_data, *end_ext_octet; 731 732 if( *p == end ) 733 return( 0 ); 734 735 if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 ) 736 return( ret ); 737 738 end = crt->v3_ext.p + crt->v3_ext.len; 739 while( *p < end ) 740 { 741 /* 742 * Extension ::= SEQUENCE { 743 * extnID OBJECT IDENTIFIER, 744 * critical BOOLEAN DEFAULT FALSE, 745 * extnValue OCTET STRING } 746 */ 747 mbedtls_x509_buf extn_oid = {0, 0, NULL}; 748 int is_critical = 0; /* DEFAULT FALSE */ 749 int ext_type = 0; 750 751 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 752 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 753 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 754 755 end_ext_data = *p + len; 756 757 /* Get extension ID */ 758 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, 759 MBEDTLS_ASN1_OID ) ) != 0 ) 760 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 761 762 extn_oid.tag = MBEDTLS_ASN1_OID; 763 extn_oid.p = *p; 764 *p += extn_oid.len; 765 766 /* Get optional critical */ 767 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && 768 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) 769 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 770 771 /* Data should be octet string type */ 772 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, 773 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 774 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 775 776 end_ext_octet = *p + len; 777 778 if( end_ext_octet != end_ext_data ) 779 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 780 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 781 782 /* 783 * Detect supported extensions 784 */ 785 ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); 786 787 if( ret != 0 ) 788 { 789 /* No parser found, skip extension */ 790 *p = end_ext_octet; 791 792 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) 793 if( is_critical ) 794 { 795 /* Data is marked as critical: fail */ 796 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 797 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 798 } 799 #endif 800 continue; 801 } 802 803 /* Forbid repeated extensions */ 804 if( ( crt->ext_types & ext_type ) != 0 ) 805 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); 806 807 crt->ext_types |= ext_type; 808 809 switch( ext_type ) 810 { 811 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: 812 /* Parse basic constraints */ 813 if( ( ret = x509_get_basic_constraints( p, end_ext_octet, 814 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) 815 return( ret ); 816 break; 817 818 case MBEDTLS_X509_EXT_KEY_USAGE: 819 /* Parse key usage */ 820 if( ( ret = x509_get_key_usage( p, end_ext_octet, 821 &crt->key_usage ) ) != 0 ) 822 return( ret ); 823 break; 824 825 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: 826 /* Parse extended key usage */ 827 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, 828 &crt->ext_key_usage ) ) != 0 ) 829 return( ret ); 830 break; 831 832 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: 833 /* Parse subject alt name */ 834 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, 835 &crt->subject_alt_names ) ) != 0 ) 836 return( ret ); 837 break; 838 839 case MBEDTLS_X509_EXT_NS_CERT_TYPE: 840 /* Parse netscape certificate type */ 841 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet, 842 &crt->ns_cert_type ) ) != 0 ) 843 return( ret ); 844 break; 845 846 default: 847 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); 848 } 849 } 850 851 if( *p != end ) 852 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 853 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 854 855 return( 0 ); 856 } 857 858 /* 859 * Parse and fill a single X.509 certificate in DER format 860 */ 861 static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf, 862 size_t buflen ) 863 { 864 int ret; 865 size_t len; 866 unsigned char *p, *end, *crt_end; 867 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 868 869 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); 870 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); 871 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); 872 873 /* 874 * Check for valid input 875 */ 876 if( crt == NULL || buf == NULL ) 877 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 878 879 // Use the original buffer until we figure out actual length 880 p = (unsigned char*) buf; 881 len = buflen; 882 end = p + len; 883 884 /* 885 * Certificate ::= SEQUENCE { 886 * tbsCertificate TBSCertificate, 887 * signatureAlgorithm AlgorithmIdentifier, 888 * signatureValue BIT STRING } 889 */ 890 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 891 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 892 { 893 mbedtls_x509_crt_free( crt ); 894 return( MBEDTLS_ERR_X509_INVALID_FORMAT ); 895 } 896 897 if( len > (size_t) ( end - p ) ) 898 { 899 mbedtls_x509_crt_free( crt ); 900 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 901 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 902 } 903 crt_end = p + len; 904 905 // Create and populate a new buffer for the raw field 906 crt->raw.len = crt_end - buf; 907 crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); 908 if( p == NULL ) 909 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 910 911 memcpy( p, buf, crt->raw.len ); 912 913 // Direct pointers to the new buffer 914 p += crt->raw.len - len; 915 end = crt_end = p + len; 916 917 /* 918 * TBSCertificate ::= SEQUENCE { 919 */ 920 crt->tbs.p = p; 921 922 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 923 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 924 { 925 mbedtls_x509_crt_free( crt ); 926 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 927 } 928 929 end = p + len; 930 crt->tbs.len = end - crt->tbs.p; 931 932 /* 933 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 934 * 935 * CertificateSerialNumber ::= INTEGER 936 * 937 * signature AlgorithmIdentifier 938 */ 939 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || 940 ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 || 941 ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid, 942 &sig_params1 ) ) != 0 ) 943 { 944 mbedtls_x509_crt_free( crt ); 945 return( ret ); 946 } 947 948 if( crt->version < 0 || crt->version > 2 ) 949 { 950 mbedtls_x509_crt_free( crt ); 951 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); 952 } 953 954 crt->version++; 955 956 if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, 957 &crt->sig_md, &crt->sig_pk, 958 &crt->sig_opts ) ) != 0 ) 959 { 960 mbedtls_x509_crt_free( crt ); 961 return( ret ); 962 } 963 964 /* 965 * issuer Name 966 */ 967 crt->issuer_raw.p = p; 968 969 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 970 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 971 { 972 mbedtls_x509_crt_free( crt ); 973 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 974 } 975 976 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) 977 { 978 mbedtls_x509_crt_free( crt ); 979 return( ret ); 980 } 981 982 crt->issuer_raw.len = p - crt->issuer_raw.p; 983 984 /* 985 * Validity ::= SEQUENCE { 986 * notBefore Time, 987 * notAfter Time } 988 * 989 */ 990 if( ( ret = x509_get_dates( &p, end, &crt->valid_from, 991 &crt->valid_to ) ) != 0 ) 992 { 993 mbedtls_x509_crt_free( crt ); 994 return( ret ); 995 } 996 997 /* 998 * subject Name 999 */ 1000 crt->subject_raw.p = p; 1001 1002 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 1003 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 1004 { 1005 mbedtls_x509_crt_free( crt ); 1006 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 1007 } 1008 1009 if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) 1010 { 1011 mbedtls_x509_crt_free( crt ); 1012 return( ret ); 1013 } 1014 1015 crt->subject_raw.len = p - crt->subject_raw.p; 1016 1017 /* 1018 * SubjectPublicKeyInfo 1019 */ 1020 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 ) 1021 { 1022 mbedtls_x509_crt_free( crt ); 1023 return( ret ); 1024 } 1025 1026 /* 1027 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 1028 * -- If present, version shall be v2 or v3 1029 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 1030 * -- If present, version shall be v2 or v3 1031 * extensions [3] EXPLICIT Extensions OPTIONAL 1032 * -- If present, version shall be v3 1033 */ 1034 if( crt->version == 2 || crt->version == 3 ) 1035 { 1036 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); 1037 if( ret != 0 ) 1038 { 1039 mbedtls_x509_crt_free( crt ); 1040 return( ret ); 1041 } 1042 } 1043 1044 if( crt->version == 2 || crt->version == 3 ) 1045 { 1046 ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); 1047 if( ret != 0 ) 1048 { 1049 mbedtls_x509_crt_free( crt ); 1050 return( ret ); 1051 } 1052 } 1053 1054 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) 1055 if( crt->version == 3 ) 1056 #endif 1057 { 1058 ret = x509_get_crt_ext( &p, end, crt ); 1059 if( ret != 0 ) 1060 { 1061 mbedtls_x509_crt_free( crt ); 1062 return( ret ); 1063 } 1064 } 1065 1066 if( p != end ) 1067 { 1068 mbedtls_x509_crt_free( crt ); 1069 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 1070 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 1071 } 1072 1073 end = crt_end; 1074 1075 /* 1076 * } 1077 * -- end of TBSCertificate 1078 * 1079 * signatureAlgorithm AlgorithmIdentifier, 1080 * signatureValue BIT STRING 1081 */ 1082 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) 1083 { 1084 mbedtls_x509_crt_free( crt ); 1085 return( ret ); 1086 } 1087 1088 if( crt->sig_oid.len != sig_oid2.len || 1089 memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || 1090 sig_params1.tag != sig_params2.tag || 1091 sig_params1.len != sig_params2.len || 1092 ( sig_params1.len != 0 && 1093 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) 1094 { 1095 mbedtls_x509_crt_free( crt ); 1096 return( MBEDTLS_ERR_X509_SIG_MISMATCH ); 1097 } 1098 1099 if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 ) 1100 { 1101 mbedtls_x509_crt_free( crt ); 1102 return( ret ); 1103 } 1104 1105 if( p != end ) 1106 { 1107 mbedtls_x509_crt_free( crt ); 1108 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 1109 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 1110 } 1111 1112 return( 0 ); 1113 } 1114 1115 /* 1116 * Parse one X.509 certificate in DER format from a buffer and add them to a 1117 * chained list 1118 */ 1119 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, 1120 size_t buflen ) 1121 { 1122 int ret; 1123 mbedtls_x509_crt *crt = chain, *prev = NULL; 1124 1125 /* 1126 * Check for valid input 1127 */ 1128 if( crt == NULL || buf == NULL ) 1129 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1130 1131 while( crt->version != 0 && crt->next != NULL ) 1132 { 1133 prev = crt; 1134 crt = crt->next; 1135 } 1136 1137 /* 1138 * Add new certificate on the end of the chain if needed. 1139 */ 1140 if( crt->version != 0 && crt->next == NULL ) 1141 { 1142 crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); 1143 1144 if( crt->next == NULL ) 1145 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 1146 1147 prev = crt; 1148 mbedtls_x509_crt_init( crt->next ); 1149 crt = crt->next; 1150 } 1151 1152 if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 ) 1153 { 1154 if( prev ) 1155 prev->next = NULL; 1156 1157 if( crt != chain ) 1158 mbedtls_free( crt ); 1159 1160 return( ret ); 1161 } 1162 1163 return( 0 ); 1164 } 1165 1166 /* 1167 * Parse one or more PEM certificates from a buffer and add them to the chained 1168 * list 1169 */ 1170 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) 1171 { 1172 #if defined(MBEDTLS_PEM_PARSE_C) 1173 int success = 0, first_error = 0, total_failed = 0; 1174 int buf_format = MBEDTLS_X509_FORMAT_DER; 1175 #endif 1176 1177 /* 1178 * Check for valid input 1179 */ 1180 if( chain == NULL || buf == NULL ) 1181 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1182 1183 /* 1184 * Determine buffer content. Buffer contains either one DER certificate or 1185 * one or more PEM certificates. 1186 */ 1187 #if defined(MBEDTLS_PEM_PARSE_C) 1188 if( buflen != 0 && buf[buflen - 1] == '\0' && 1189 strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) 1190 { 1191 buf_format = MBEDTLS_X509_FORMAT_PEM; 1192 } 1193 1194 if( buf_format == MBEDTLS_X509_FORMAT_DER ) 1195 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 1196 #else 1197 return mbedtls_x509_crt_parse_der( chain, buf, buflen ); 1198 #endif 1199 1200 #if defined(MBEDTLS_PEM_PARSE_C) 1201 if( buf_format == MBEDTLS_X509_FORMAT_PEM ) 1202 { 1203 int ret; 1204 mbedtls_pem_context pem; 1205 1206 /* 1 rather than 0 since the terminating NULL byte is counted in */ 1207 while( buflen > 1 ) 1208 { 1209 size_t use_len; 1210 mbedtls_pem_init( &pem ); 1211 1212 /* If we get there, we know the string is null-terminated */ 1213 ret = mbedtls_pem_read_buffer( &pem, 1214 "-----BEGIN CERTIFICATE-----", 1215 "-----END CERTIFICATE-----", 1216 buf, NULL, 0, &use_len ); 1217 1218 if( ret == 0 ) 1219 { 1220 /* 1221 * Was PEM encoded 1222 */ 1223 buflen -= use_len; 1224 buf += use_len; 1225 } 1226 else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA ) 1227 { 1228 return( ret ); 1229 } 1230 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 1231 { 1232 mbedtls_pem_free( &pem ); 1233 1234 /* 1235 * PEM header and footer were found 1236 */ 1237 buflen -= use_len; 1238 buf += use_len; 1239 1240 if( first_error == 0 ) 1241 first_error = ret; 1242 1243 total_failed++; 1244 continue; 1245 } 1246 else 1247 break; 1248 1249 ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen ); 1250 1251 mbedtls_pem_free( &pem ); 1252 1253 if( ret != 0 ) 1254 { 1255 /* 1256 * Quit parsing on a memory error 1257 */ 1258 if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED ) 1259 return( ret ); 1260 1261 if( first_error == 0 ) 1262 first_error = ret; 1263 1264 total_failed++; 1265 continue; 1266 } 1267 1268 success = 1; 1269 } 1270 } 1271 1272 if( success ) 1273 return( total_failed ); 1274 else if( first_error ) 1275 return( first_error ); 1276 else 1277 return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); 1278 #endif /* MBEDTLS_PEM_PARSE_C */ 1279 } 1280 1281 #if defined(MBEDTLS_FS_IO) 1282 /* 1283 * Load one or more certificates and add them to the chained list 1284 */ 1285 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) 1286 { 1287 int ret; 1288 size_t n; 1289 unsigned char *buf; 1290 1291 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 1292 return( ret ); 1293 1294 ret = mbedtls_x509_crt_parse( chain, buf, n ); 1295 1296 mbedtls_platform_zeroize( buf, n ); 1297 mbedtls_free( buf ); 1298 1299 return( ret ); 1300 } 1301 1302 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) 1303 { 1304 int ret = 0; 1305 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 1306 int w_ret; 1307 WCHAR szDir[MAX_PATH]; 1308 char filename[MAX_PATH]; 1309 char *p; 1310 size_t len = strlen( path ); 1311 1312 WIN32_FIND_DATAW file_data; 1313 HANDLE hFind; 1314 1315 if( len > MAX_PATH - 3 ) 1316 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1317 1318 memset( szDir, 0, sizeof(szDir) ); 1319 memset( filename, 0, MAX_PATH ); 1320 memcpy( filename, path, len ); 1321 filename[len++] = '\\'; 1322 p = filename + len; 1323 filename[len++] = '*'; 1324 1325 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, 1326 MAX_PATH - 3 ); 1327 if( w_ret == 0 ) 1328 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1329 1330 hFind = FindFirstFileW( szDir, &file_data ); 1331 if( hFind == INVALID_HANDLE_VALUE ) 1332 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 1333 1334 len = MAX_PATH - len; 1335 do 1336 { 1337 memset( p, 0, len ); 1338 1339 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) 1340 continue; 1341 1342 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, 1343 lstrlenW( file_data.cFileName ), 1344 p, (int) len - 1, 1345 NULL, NULL ); 1346 if( w_ret == 0 ) 1347 { 1348 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1349 goto cleanup; 1350 } 1351 1352 w_ret = mbedtls_x509_crt_parse_file( chain, filename ); 1353 if( w_ret < 0 ) 1354 ret++; 1355 else 1356 ret += w_ret; 1357 } 1358 while( FindNextFileW( hFind, &file_data ) != 0 ); 1359 1360 if( GetLastError() != ERROR_NO_MORE_FILES ) 1361 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1362 1363 cleanup: 1364 FindClose( hFind ); 1365 #else /* _WIN32 */ 1366 int t_ret; 1367 int snp_ret; 1368 struct stat sb; 1369 struct dirent *entry; 1370 char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; 1371 DIR *dir = opendir( path ); 1372 1373 if( dir == NULL ) 1374 return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); 1375 1376 #if defined(MBEDTLS_THREADING_C) 1377 if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) 1378 { 1379 closedir( dir ); 1380 return( ret ); 1381 } 1382 #endif /* MBEDTLS_THREADING_C */ 1383 1384 while( ( entry = readdir( dir ) ) != NULL ) 1385 { 1386 snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, 1387 "%s/%s", path, entry->d_name ); 1388 1389 if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) 1390 { 1391 ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; 1392 goto cleanup; 1393 } 1394 else if( stat( entry_name, &sb ) == -1 ) 1395 { 1396 ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; 1397 goto cleanup; 1398 } 1399 1400 if( !S_ISREG( sb.st_mode ) ) 1401 continue; 1402 1403 // Ignore parse errors 1404 // 1405 t_ret = mbedtls_x509_crt_parse_file( chain, entry_name ); 1406 if( t_ret < 0 ) 1407 ret++; 1408 else 1409 ret += t_ret; 1410 } 1411 1412 cleanup: 1413 closedir( dir ); 1414 1415 #if defined(MBEDTLS_THREADING_C) 1416 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) 1417 ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; 1418 #endif /* MBEDTLS_THREADING_C */ 1419 1420 #endif /* _WIN32 */ 1421 1422 return( ret ); 1423 } 1424 #endif /* MBEDTLS_FS_IO */ 1425 1426 static int x509_info_subject_alt_name( char **buf, size_t *size, 1427 const mbedtls_x509_sequence *subject_alt_name ) 1428 { 1429 size_t i; 1430 size_t n = *size; 1431 char *p = *buf; 1432 const mbedtls_x509_sequence *cur = subject_alt_name; 1433 const char *sep = ""; 1434 size_t sep_len = 0; 1435 1436 while( cur != NULL ) 1437 { 1438 if( cur->buf.len + sep_len >= n ) 1439 { 1440 *p = '\0'; 1441 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); 1442 } 1443 1444 n -= cur->buf.len + sep_len; 1445 for( i = 0; i < sep_len; i++ ) 1446 *p++ = sep[i]; 1447 for( i = 0; i < cur->buf.len; i++ ) 1448 *p++ = cur->buf.p[i]; 1449 1450 sep = ", "; 1451 sep_len = 2; 1452 1453 cur = cur->next; 1454 } 1455 1456 *p = '\0'; 1457 1458 *size = n; 1459 *buf = p; 1460 1461 return( 0 ); 1462 } 1463 1464 #define PRINT_ITEM(i) \ 1465 { \ 1466 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ 1467 MBEDTLS_X509_SAFE_SNPRINTF; \ 1468 sep = ", "; \ 1469 } 1470 1471 #define CERT_TYPE(type,name) \ 1472 if( ns_cert_type & (type) ) \ 1473 PRINT_ITEM( name ); 1474 1475 static int x509_info_cert_type( char **buf, size_t *size, 1476 unsigned char ns_cert_type ) 1477 { 1478 int ret; 1479 size_t n = *size; 1480 char *p = *buf; 1481 const char *sep = ""; 1482 1483 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); 1484 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); 1485 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); 1486 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); 1487 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); 1488 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); 1489 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); 1490 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); 1491 1492 *size = n; 1493 *buf = p; 1494 1495 return( 0 ); 1496 } 1497 1498 #define KEY_USAGE(code,name) \ 1499 if( key_usage & (code) ) \ 1500 PRINT_ITEM( name ); 1501 1502 static int x509_info_key_usage( char **buf, size_t *size, 1503 unsigned int key_usage ) 1504 { 1505 int ret; 1506 size_t n = *size; 1507 char *p = *buf; 1508 const char *sep = ""; 1509 1510 KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); 1511 KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); 1512 KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); 1513 KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); 1514 KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); 1515 KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); 1516 KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); 1517 KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" ); 1518 KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" ); 1519 1520 *size = n; 1521 *buf = p; 1522 1523 return( 0 ); 1524 } 1525 1526 static int x509_info_ext_key_usage( char **buf, size_t *size, 1527 const mbedtls_x509_sequence *extended_key_usage ) 1528 { 1529 int ret; 1530 const char *desc; 1531 size_t n = *size; 1532 char *p = *buf; 1533 const mbedtls_x509_sequence *cur = extended_key_usage; 1534 const char *sep = ""; 1535 1536 while( cur != NULL ) 1537 { 1538 if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) 1539 desc = "???"; 1540 1541 ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); 1542 MBEDTLS_X509_SAFE_SNPRINTF; 1543 1544 sep = ", "; 1545 1546 cur = cur->next; 1547 } 1548 1549 *size = n; 1550 *buf = p; 1551 1552 return( 0 ); 1553 } 1554 1555 /* 1556 * Return an informational string about the certificate. 1557 */ 1558 #define BEFORE_COLON 18 1559 #define BC "18" 1560 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, 1561 const mbedtls_x509_crt *crt ) 1562 { 1563 int ret; 1564 size_t n; 1565 char *p; 1566 char key_size_str[BEFORE_COLON]; 1567 1568 p = buf; 1569 n = size; 1570 1571 if( NULL == crt ) 1572 { 1573 ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); 1574 MBEDTLS_X509_SAFE_SNPRINTF; 1575 1576 return( (int) ( size - n ) ); 1577 } 1578 1579 ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", 1580 prefix, crt->version ); 1581 MBEDTLS_X509_SAFE_SNPRINTF; 1582 ret = mbedtls_snprintf( p, n, "%sserial number : ", 1583 prefix ); 1584 MBEDTLS_X509_SAFE_SNPRINTF; 1585 1586 ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); 1587 MBEDTLS_X509_SAFE_SNPRINTF; 1588 1589 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); 1590 MBEDTLS_X509_SAFE_SNPRINTF; 1591 ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); 1592 MBEDTLS_X509_SAFE_SNPRINTF; 1593 1594 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); 1595 MBEDTLS_X509_SAFE_SNPRINTF; 1596 ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); 1597 MBEDTLS_X509_SAFE_SNPRINTF; 1598 1599 ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ 1600 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 1601 crt->valid_from.year, crt->valid_from.mon, 1602 crt->valid_from.day, crt->valid_from.hour, 1603 crt->valid_from.min, crt->valid_from.sec ); 1604 MBEDTLS_X509_SAFE_SNPRINTF; 1605 1606 ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ 1607 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 1608 crt->valid_to.year, crt->valid_to.mon, 1609 crt->valid_to.day, crt->valid_to.hour, 1610 crt->valid_to.min, crt->valid_to.sec ); 1611 MBEDTLS_X509_SAFE_SNPRINTF; 1612 1613 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); 1614 MBEDTLS_X509_SAFE_SNPRINTF; 1615 1616 ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, 1617 crt->sig_md, crt->sig_opts ); 1618 MBEDTLS_X509_SAFE_SNPRINTF; 1619 1620 /* Key size */ 1621 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, 1622 mbedtls_pk_get_name( &crt->pk ) ) ) != 0 ) 1623 { 1624 return( ret ); 1625 } 1626 1627 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, 1628 (int) mbedtls_pk_get_bitlen( &crt->pk ) ); 1629 MBEDTLS_X509_SAFE_SNPRINTF; 1630 1631 /* 1632 * Optional extensions 1633 */ 1634 1635 if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) 1636 { 1637 ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, 1638 crt->ca_istrue ? "true" : "false" ); 1639 MBEDTLS_X509_SAFE_SNPRINTF; 1640 1641 if( crt->max_pathlen > 0 ) 1642 { 1643 ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); 1644 MBEDTLS_X509_SAFE_SNPRINTF; 1645 } 1646 } 1647 1648 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 1649 { 1650 ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix ); 1651 MBEDTLS_X509_SAFE_SNPRINTF; 1652 1653 if( ( ret = x509_info_subject_alt_name( &p, &n, 1654 &crt->subject_alt_names ) ) != 0 ) 1655 return( ret ); 1656 } 1657 1658 if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) 1659 { 1660 ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); 1661 MBEDTLS_X509_SAFE_SNPRINTF; 1662 1663 if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) 1664 return( ret ); 1665 } 1666 1667 if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) 1668 { 1669 ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); 1670 MBEDTLS_X509_SAFE_SNPRINTF; 1671 1672 if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) 1673 return( ret ); 1674 } 1675 1676 if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) 1677 { 1678 ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); 1679 MBEDTLS_X509_SAFE_SNPRINTF; 1680 1681 if( ( ret = x509_info_ext_key_usage( &p, &n, 1682 &crt->ext_key_usage ) ) != 0 ) 1683 return( ret ); 1684 } 1685 1686 ret = mbedtls_snprintf( p, n, "\n" ); 1687 MBEDTLS_X509_SAFE_SNPRINTF; 1688 1689 return( (int) ( size - n ) ); 1690 } 1691 1692 struct x509_crt_verify_string { 1693 int code; 1694 const char *string; 1695 }; 1696 1697 static const struct x509_crt_verify_string x509_crt_verify_strings[] = { 1698 { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, 1699 { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, 1700 { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, 1701 { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, 1702 { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, 1703 { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, 1704 { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, 1705 { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, 1706 { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, 1707 { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, 1708 { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" }, 1709 { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, 1710 { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, 1711 { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, 1712 { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." }, 1713 { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 1714 { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, 1715 { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." }, 1716 { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, 1717 { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, 1718 { 0, NULL } 1719 }; 1720 1721 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, 1722 uint32_t flags ) 1723 { 1724 int ret; 1725 const struct x509_crt_verify_string *cur; 1726 char *p = buf; 1727 size_t n = size; 1728 1729 for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) 1730 { 1731 if( ( flags & cur->code ) == 0 ) 1732 continue; 1733 1734 ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); 1735 MBEDTLS_X509_SAFE_SNPRINTF; 1736 flags ^= cur->code; 1737 } 1738 1739 if( flags != 0 ) 1740 { 1741 ret = mbedtls_snprintf( p, n, "%sUnknown reason " 1742 "(this should not happen)\n", prefix ); 1743 MBEDTLS_X509_SAFE_SNPRINTF; 1744 } 1745 1746 return( (int) ( size - n ) ); 1747 } 1748 1749 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 1750 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, 1751 unsigned int usage ) 1752 { 1753 unsigned int usage_must, usage_may; 1754 unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY 1755 | MBEDTLS_X509_KU_DECIPHER_ONLY; 1756 1757 if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 ) 1758 return( 0 ); 1759 1760 usage_must = usage & ~may_mask; 1761 1762 if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must ) 1763 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1764 1765 usage_may = usage & may_mask; 1766 1767 if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may ) 1768 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1769 1770 return( 0 ); 1771 } 1772 #endif 1773 1774 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 1775 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, 1776 const char *usage_oid, 1777 size_t usage_len ) 1778 { 1779 const mbedtls_x509_sequence *cur; 1780 1781 /* Extension is not mandatory, absent means no restriction */ 1782 if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 ) 1783 return( 0 ); 1784 1785 /* 1786 * Look for the requested usage (or wildcard ANY) in our list 1787 */ 1788 for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next ) 1789 { 1790 const mbedtls_x509_buf *cur_oid = &cur->buf; 1791 1792 if( cur_oid->len == usage_len && 1793 memcmp( cur_oid->p, usage_oid, usage_len ) == 0 ) 1794 { 1795 return( 0 ); 1796 } 1797 1798 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 ) 1799 return( 0 ); 1800 } 1801 1802 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 1803 } 1804 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 1805 1806 #if defined(MBEDTLS_X509_CRL_PARSE_C) 1807 /* 1808 * Return 1 if the certificate is revoked, or 0 otherwise. 1809 */ 1810 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ) 1811 { 1812 const mbedtls_x509_crl_entry *cur = &crl->entry; 1813 1814 while( cur != NULL && cur->serial.len != 0 ) 1815 { 1816 if( crt->serial.len == cur->serial.len && 1817 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) 1818 { 1819 return( 1 ); 1820 } 1821 1822 cur = cur->next; 1823 } 1824 1825 return( 0 ); 1826 } 1827 1828 /* 1829 * Check that the given certificate is not revoked according to the CRL. 1830 * Skip validation if no CRL for the given CA is present. 1831 */ 1832 static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, 1833 mbedtls_x509_crl *crl_list, 1834 const mbedtls_x509_crt_profile *profile ) 1835 { 1836 int flags = 0; 1837 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 1838 const mbedtls_md_info_t *md_info; 1839 1840 if( ca == NULL ) 1841 return( flags ); 1842 1843 while( crl_list != NULL ) 1844 { 1845 if( crl_list->version == 0 || 1846 x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) 1847 { 1848 crl_list = crl_list->next; 1849 continue; 1850 } 1851 1852 /* 1853 * Check if the CA is configured to sign CRLs 1854 */ 1855 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 1856 if( mbedtls_x509_crt_check_key_usage( ca, 1857 MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) 1858 { 1859 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 1860 break; 1861 } 1862 #endif 1863 1864 /* 1865 * Check if CRL is correctly signed by the trusted CA 1866 */ 1867 if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 ) 1868 flags |= MBEDTLS_X509_BADCRL_BAD_MD; 1869 1870 if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 ) 1871 flags |= MBEDTLS_X509_BADCRL_BAD_PK; 1872 1873 md_info = mbedtls_md_info_from_type( crl_list->sig_md ); 1874 if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) 1875 { 1876 /* Note: this can't happen except after an internal error */ 1877 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 1878 break; 1879 } 1880 1881 if( x509_profile_check_key( profile, &ca->pk ) != 0 ) 1882 flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 1883 1884 if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, 1885 crl_list->sig_md, hash, mbedtls_md_get_size( md_info ), 1886 crl_list->sig.p, crl_list->sig.len ) != 0 ) 1887 { 1888 flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 1889 break; 1890 } 1891 1892 /* 1893 * Check for validity of CRL (Do not drop out) 1894 */ 1895 if( mbedtls_x509_time_is_past( &crl_list->next_update ) ) 1896 flags |= MBEDTLS_X509_BADCRL_EXPIRED; 1897 1898 if( mbedtls_x509_time_is_future( &crl_list->this_update ) ) 1899 flags |= MBEDTLS_X509_BADCRL_FUTURE; 1900 1901 /* 1902 * Check if certificate is revoked 1903 */ 1904 if( mbedtls_x509_crt_is_revoked( crt, crl_list ) ) 1905 { 1906 flags |= MBEDTLS_X509_BADCERT_REVOKED; 1907 break; 1908 } 1909 1910 crl_list = crl_list->next; 1911 } 1912 1913 return( flags ); 1914 } 1915 #endif /* MBEDTLS_X509_CRL_PARSE_C */ 1916 1917 /* 1918 * Check the signature of a certificate by its parent 1919 */ 1920 static int x509_crt_check_signature( const mbedtls_x509_crt *child, 1921 mbedtls_x509_crt *parent, 1922 mbedtls_x509_crt_restart_ctx *rs_ctx ) 1923 { 1924 const mbedtls_md_info_t *md_info; 1925 unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 1926 1927 md_info = mbedtls_md_info_from_type( child->sig_md ); 1928 if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) 1929 { 1930 /* Note: this can't happen except after an internal error */ 1931 return( -1 ); 1932 } 1933 1934 /* Skip expensive computation on obvious mismatch */ 1935 if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) 1936 return( -1 ); 1937 1938 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1939 if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) 1940 { 1941 return( mbedtls_pk_verify_restartable( &parent->pk, 1942 child->sig_md, hash, mbedtls_md_get_size( md_info ), 1943 child->sig.p, child->sig.len, &rs_ctx->pk ) ); 1944 } 1945 #else 1946 (void) rs_ctx; 1947 #endif 1948 1949 return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, 1950 child->sig_md, hash, mbedtls_md_get_size( md_info ), 1951 child->sig.p, child->sig.len ) ); 1952 } 1953 1954 /* 1955 * Check if 'parent' is a suitable parent (signing CA) for 'child'. 1956 * Return 0 if yes, -1 if not. 1957 * 1958 * top means parent is a locally-trusted certificate 1959 */ 1960 static int x509_crt_check_parent( const mbedtls_x509_crt *child, 1961 const mbedtls_x509_crt *parent, 1962 int top ) 1963 { 1964 int need_ca_bit; 1965 1966 /* Parent must be the issuer */ 1967 if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) 1968 return( -1 ); 1969 1970 /* Parent must have the basicConstraints CA bit set as a general rule */ 1971 need_ca_bit = 1; 1972 1973 /* Exception: v1/v2 certificates that are locally trusted. */ 1974 if( top && parent->version < 3 ) 1975 need_ca_bit = 0; 1976 1977 if( need_ca_bit && ! parent->ca_istrue ) 1978 return( -1 ); 1979 1980 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 1981 if( need_ca_bit && 1982 mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) 1983 { 1984 return( -1 ); 1985 } 1986 #endif 1987 1988 return( 0 ); 1989 } 1990 1991 /* 1992 * Find a suitable parent for child in candidates, or return NULL. 1993 * 1994 * Here suitable is defined as: 1995 * 1. subject name matches child's issuer 1996 * 2. if necessary, the CA bit is set and key usage allows signing certs 1997 * 3. for trusted roots, the signature is correct 1998 * (for intermediates, the signature is checked and the result reported) 1999 * 4. pathlen constraints are satisfied 2000 * 2001 * If there's a suitable candidate which is also time-valid, return the first 2002 * such. Otherwise, return the first suitable candidate (or NULL if there is 2003 * none). 2004 * 2005 * The rationale for this rule is that someone could have a list of trusted 2006 * roots with two versions on the same root with different validity periods. 2007 * (At least one user reported having such a list and wanted it to just work.) 2008 * The reason we don't just require time-validity is that generally there is 2009 * only one version, and if it's expired we want the flags to state that 2010 * rather than NOT_TRUSTED, as would be the case if we required it here. 2011 * 2012 * The rationale for rule 3 (signature for trusted roots) is that users might 2013 * have two versions of the same CA with different keys in their list, and the 2014 * way we select the correct one is by checking the signature (as we don't 2015 * rely on key identifier extensions). (This is one way users might choose to 2016 * handle key rollover, another relies on self-issued certs, see [SIRO].) 2017 * 2018 * Arguments: 2019 * - [in] child: certificate for which we're looking for a parent 2020 * - [in] candidates: chained list of potential parents 2021 * - [out] r_parent: parent found (or NULL) 2022 * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 2023 * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top 2024 * of the chain, 0 otherwise 2025 * - [in] path_cnt: number of intermediates seen so far 2026 * - [in] self_cnt: number of self-signed intermediates seen so far 2027 * (will never be greater than path_cnt) 2028 * - [in-out] rs_ctx: context for restarting operations 2029 * 2030 * Return value: 2031 * - 0 on success 2032 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 2033 */ 2034 static int x509_crt_find_parent_in( 2035 mbedtls_x509_crt *child, 2036 mbedtls_x509_crt *candidates, 2037 mbedtls_x509_crt **r_parent, 2038 int *r_signature_is_good, 2039 int top, 2040 unsigned path_cnt, 2041 unsigned self_cnt, 2042 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2043 { 2044 int ret; 2045 mbedtls_x509_crt *parent, *fallback_parent; 2046 int signature_is_good, fallback_signature_is_good; 2047 2048 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2049 /* did we have something in progress? */ 2050 if( rs_ctx != NULL && rs_ctx->parent != NULL ) 2051 { 2052 /* restore saved state */ 2053 parent = rs_ctx->parent; 2054 fallback_parent = rs_ctx->fallback_parent; 2055 fallback_signature_is_good = rs_ctx->fallback_signature_is_good; 2056 2057 /* clear saved state */ 2058 rs_ctx->parent = NULL; 2059 rs_ctx->fallback_parent = NULL; 2060 rs_ctx->fallback_signature_is_good = 0; 2061 2062 /* resume where we left */ 2063 goto check_signature; 2064 } 2065 #endif 2066 2067 fallback_parent = NULL; 2068 fallback_signature_is_good = 0; 2069 2070 for( parent = candidates; parent != NULL; parent = parent->next ) 2071 { 2072 /* basic parenting skills (name, CA bit, key usage) */ 2073 if( x509_crt_check_parent( child, parent, top ) != 0 ) 2074 continue; 2075 2076 /* +1 because stored max_pathlen is 1 higher that the actual value */ 2077 if( parent->max_pathlen > 0 && 2078 (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) 2079 { 2080 continue; 2081 } 2082 2083 /* Signature */ 2084 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2085 check_signature: 2086 #endif 2087 ret = x509_crt_check_signature( child, parent, rs_ctx ); 2088 2089 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2090 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 2091 { 2092 /* save state */ 2093 rs_ctx->parent = parent; 2094 rs_ctx->fallback_parent = fallback_parent; 2095 rs_ctx->fallback_signature_is_good = fallback_signature_is_good; 2096 2097 return( ret ); 2098 } 2099 #else 2100 (void) ret; 2101 #endif 2102 2103 signature_is_good = ret == 0; 2104 if( top && ! signature_is_good ) 2105 continue; 2106 2107 /* optional time check */ 2108 if( mbedtls_x509_time_is_past( &parent->valid_to ) || 2109 mbedtls_x509_time_is_future( &parent->valid_from ) ) 2110 { 2111 if( fallback_parent == NULL ) 2112 { 2113 fallback_parent = parent; 2114 fallback_signature_is_good = signature_is_good; 2115 } 2116 2117 continue; 2118 } 2119 2120 *r_parent = parent; 2121 *r_signature_is_good = signature_is_good; 2122 2123 break; 2124 } 2125 2126 if( parent == NULL ) 2127 { 2128 *r_parent = fallback_parent; 2129 *r_signature_is_good = fallback_signature_is_good; 2130 } 2131 2132 return( 0 ); 2133 } 2134 2135 /* 2136 * Find a parent in trusted CAs or the provided chain, or return NULL. 2137 * 2138 * Searches in trusted CAs first, and return the first suitable parent found 2139 * (see find_parent_in() for definition of suitable). 2140 * 2141 * Arguments: 2142 * - [in] child: certificate for which we're looking for a parent, followed 2143 * by a chain of possible intermediates 2144 * - [in] trust_ca: list of locally trusted certificates 2145 * - [out] parent: parent found (or NULL) 2146 * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 2147 * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 2148 * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) 2149 * - [in] self_cnt: number of self-signed certs in the chain so far 2150 * (will always be no greater than path_cnt) 2151 * - [in-out] rs_ctx: context for restarting operations 2152 * 2153 * Return value: 2154 * - 0 on success 2155 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise 2156 */ 2157 static int x509_crt_find_parent( 2158 mbedtls_x509_crt *child, 2159 mbedtls_x509_crt *trust_ca, 2160 mbedtls_x509_crt **parent, 2161 int *parent_is_trusted, 2162 int *signature_is_good, 2163 unsigned path_cnt, 2164 unsigned self_cnt, 2165 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2166 { 2167 int ret; 2168 mbedtls_x509_crt *search_list; 2169 2170 *parent_is_trusted = 1; 2171 2172 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2173 /* restore then clear saved state if we have some stored */ 2174 if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 ) 2175 { 2176 *parent_is_trusted = rs_ctx->parent_is_trusted; 2177 rs_ctx->parent_is_trusted = -1; 2178 } 2179 #endif 2180 2181 while( 1 ) { 2182 search_list = *parent_is_trusted ? trust_ca : child->next; 2183 2184 ret = x509_crt_find_parent_in( child, search_list, 2185 parent, signature_is_good, 2186 *parent_is_trusted, 2187 path_cnt, self_cnt, rs_ctx ); 2188 2189 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2190 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 2191 { 2192 /* save state */ 2193 rs_ctx->parent_is_trusted = *parent_is_trusted; 2194 return( ret ); 2195 } 2196 #else 2197 (void) ret; 2198 #endif 2199 2200 /* stop here if found or already in second iteration */ 2201 if( *parent != NULL || *parent_is_trusted == 0 ) 2202 break; 2203 2204 /* prepare second iteration */ 2205 *parent_is_trusted = 0; 2206 } 2207 2208 /* extra precaution against mistakes in the caller */ 2209 if( *parent == NULL ) 2210 { 2211 *parent_is_trusted = 0; 2212 *signature_is_good = 0; 2213 } 2214 2215 return( 0 ); 2216 } 2217 2218 /* 2219 * Check if an end-entity certificate is locally trusted 2220 * 2221 * Currently we require such certificates to be self-signed (actually only 2222 * check for self-issued as self-signatures are not checked) 2223 */ 2224 static int x509_crt_check_ee_locally_trusted( 2225 mbedtls_x509_crt *crt, 2226 mbedtls_x509_crt *trust_ca ) 2227 { 2228 mbedtls_x509_crt *cur; 2229 2230 /* must be self-issued */ 2231 if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 ) 2232 return( -1 ); 2233 2234 /* look for an exact match with trusted cert */ 2235 for( cur = trust_ca; cur != NULL; cur = cur->next ) 2236 { 2237 if( crt->raw.len == cur->raw.len && 2238 memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 ) 2239 { 2240 return( 0 ); 2241 } 2242 } 2243 2244 /* too bad */ 2245 return( -1 ); 2246 } 2247 2248 /* 2249 * Build and verify a certificate chain 2250 * 2251 * Given a peer-provided list of certificates EE, C1, ..., Cn and 2252 * a list of trusted certs R1, ... Rp, try to build and verify a chain 2253 * EE, Ci1, ... Ciq [, Rj] 2254 * such that every cert in the chain is a child of the next one, 2255 * jumping to a trusted root as early as possible. 2256 * 2257 * Verify that chain and return it with flags for all issues found. 2258 * 2259 * Special cases: 2260 * - EE == Rj -> return a one-element list containing it 2261 * - EE, Ci1, ..., Ciq cannot be continued with a trusted root 2262 * -> return that chain with NOT_TRUSTED set on Ciq 2263 * 2264 * Tests for (aspects of) this function should include at least: 2265 * - trusted EE 2266 * - EE -> trusted root 2267 * - EE -> intermediate CA -> trusted root 2268 * - if relevant: EE untrusted 2269 * - if relevant: EE -> intermediate, untrusted 2270 * with the aspect under test checked at each relevant level (EE, int, root). 2271 * For some aspects longer chains are required, but usually length 2 is 2272 * enough (but length 1 is not in general). 2273 * 2274 * Arguments: 2275 * - [in] crt: the cert list EE, C1, ..., Cn 2276 * - [in] trust_ca: the trusted list R1, ..., Rp 2277 * - [in] ca_crl, profile: as in verify_with_profile() 2278 * - [out] ver_chain: the built and verified chain 2279 * Only valid when return value is 0, may contain garbage otherwise! 2280 * Restart note: need not be the same when calling again to resume. 2281 * - [in-out] rs_ctx: context for restarting operations 2282 * 2283 * Return value: 2284 * - non-zero if the chain could not be fully built and examined 2285 * - 0 is the chain was successfully built and examined, 2286 * even if it was found to be invalid 2287 */ 2288 static int x509_crt_verify_chain( 2289 mbedtls_x509_crt *crt, 2290 mbedtls_x509_crt *trust_ca, 2291 mbedtls_x509_crl *ca_crl, 2292 const mbedtls_x509_crt_profile *profile, 2293 mbedtls_x509_crt_verify_chain *ver_chain, 2294 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2295 { 2296 /* Don't initialize any of those variables here, so that the compiler can 2297 * catch potential issues with jumping ahead when restarting */ 2298 int ret; 2299 uint32_t *flags; 2300 mbedtls_x509_crt_verify_chain_item *cur; 2301 mbedtls_x509_crt *child; 2302 mbedtls_x509_crt *parent; 2303 int parent_is_trusted; 2304 int child_is_trusted; 2305 int signature_is_good; 2306 unsigned self_cnt; 2307 2308 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2309 /* resume if we had an operation in progress */ 2310 if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent ) 2311 { 2312 /* restore saved state */ 2313 *ver_chain = rs_ctx->ver_chain; /* struct copy */ 2314 self_cnt = rs_ctx->self_cnt; 2315 2316 /* restore derived state */ 2317 cur = &ver_chain->items[ver_chain->len - 1]; 2318 child = cur->crt; 2319 flags = &cur->flags; 2320 2321 goto find_parent; 2322 } 2323 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 2324 2325 child = crt; 2326 self_cnt = 0; 2327 parent_is_trusted = 0; 2328 child_is_trusted = 0; 2329 2330 while( 1 ) { 2331 /* Add certificate to the verification chain */ 2332 cur = &ver_chain->items[ver_chain->len]; 2333 cur->crt = child; 2334 cur->flags = 0; 2335 ver_chain->len++; 2336 flags = &cur->flags; 2337 2338 /* Check time-validity (all certificates) */ 2339 if( mbedtls_x509_time_is_past( &child->valid_to ) ) 2340 *flags |= MBEDTLS_X509_BADCERT_EXPIRED; 2341 2342 if( mbedtls_x509_time_is_future( &child->valid_from ) ) 2343 *flags |= MBEDTLS_X509_BADCERT_FUTURE; 2344 2345 /* Stop here for trusted roots (but not for trusted EE certs) */ 2346 if( child_is_trusted ) 2347 return( 0 ); 2348 2349 /* Check signature algorithm: MD & PK algs */ 2350 if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) 2351 *flags |= MBEDTLS_X509_BADCERT_BAD_MD; 2352 2353 if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) 2354 *flags |= MBEDTLS_X509_BADCERT_BAD_PK; 2355 2356 /* Special case: EE certs that are locally trusted */ 2357 if( ver_chain->len == 1 && 2358 x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) 2359 { 2360 return( 0 ); 2361 } 2362 2363 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2364 find_parent: 2365 #endif 2366 /* Look for a parent in trusted CAs or up the chain */ 2367 ret = x509_crt_find_parent( child, trust_ca, &parent, 2368 &parent_is_trusted, &signature_is_good, 2369 ver_chain->len - 1, self_cnt, rs_ctx ); 2370 2371 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2372 if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) 2373 { 2374 /* save state */ 2375 rs_ctx->in_progress = x509_crt_rs_find_parent; 2376 rs_ctx->self_cnt = self_cnt; 2377 rs_ctx->ver_chain = *ver_chain; /* struct copy */ 2378 2379 return( ret ); 2380 } 2381 #else 2382 (void) ret; 2383 #endif 2384 2385 /* No parent? We're done here */ 2386 if( parent == NULL ) 2387 { 2388 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2389 return( 0 ); 2390 } 2391 2392 /* Count intermediate self-issued (not necessarily self-signed) certs. 2393 * These can occur with some strategies for key rollover, see [SIRO], 2394 * and should be excluded from max_pathlen checks. */ 2395 if( ver_chain->len != 1 && 2396 x509_name_cmp( &child->issuer, &child->subject ) == 0 ) 2397 { 2398 self_cnt++; 2399 } 2400 2401 /* path_cnt is 0 for the first intermediate CA, 2402 * and if parent is trusted it's not an intermediate CA */ 2403 if( ! parent_is_trusted && 2404 ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) 2405 { 2406 /* return immediately to avoid overflow the chain array */ 2407 return( MBEDTLS_ERR_X509_FATAL_ERROR ); 2408 } 2409 2410 /* signature was checked while searching parent */ 2411 if( ! signature_is_good ) 2412 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; 2413 2414 /* check size of signing key */ 2415 if( x509_profile_check_key( profile, &parent->pk ) != 0 ) 2416 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2417 2418 #if defined(MBEDTLS_X509_CRL_PARSE_C) 2419 /* Check trusted CA's CRL for the given crt */ 2420 *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile ); 2421 #else 2422 (void) ca_crl; 2423 #endif 2424 2425 /* prepare for next iteration */ 2426 child = parent; 2427 parent = NULL; 2428 child_is_trusted = parent_is_trusted; 2429 signature_is_good = 0; 2430 } 2431 } 2432 2433 /* 2434 * Check for CN match 2435 */ 2436 static int x509_crt_check_cn( const mbedtls_x509_buf *name, 2437 const char *cn, size_t cn_len ) 2438 { 2439 /* try exact match */ 2440 if( name->len == cn_len && 2441 x509_memcasecmp( cn, name->p, cn_len ) == 0 ) 2442 { 2443 return( 0 ); 2444 } 2445 2446 /* try wildcard match */ 2447 if( x509_check_wildcard( cn, name ) == 0 ) 2448 { 2449 return( 0 ); 2450 } 2451 2452 return( -1 ); 2453 } 2454 2455 /* 2456 * Verify the requested CN - only call this if cn is not NULL! 2457 */ 2458 static void x509_crt_verify_name( const mbedtls_x509_crt *crt, 2459 const char *cn, 2460 uint32_t *flags ) 2461 { 2462 const mbedtls_x509_name *name; 2463 const mbedtls_x509_sequence *cur; 2464 size_t cn_len = strlen( cn ); 2465 2466 if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) 2467 { 2468 for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) 2469 { 2470 if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 ) 2471 break; 2472 } 2473 2474 if( cur == NULL ) 2475 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 2476 } 2477 else 2478 { 2479 for( name = &crt->subject; name != NULL; name = name->next ) 2480 { 2481 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && 2482 x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) 2483 { 2484 break; 2485 } 2486 } 2487 2488 if( name == NULL ) 2489 *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; 2490 } 2491 } 2492 2493 /* 2494 * Merge the flags for all certs in the chain, after calling callback 2495 */ 2496 static int x509_crt_merge_flags_with_cb( 2497 uint32_t *flags, 2498 const mbedtls_x509_crt_verify_chain *ver_chain, 2499 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 2500 void *p_vrfy ) 2501 { 2502 int ret; 2503 unsigned i; 2504 uint32_t cur_flags; 2505 const mbedtls_x509_crt_verify_chain_item *cur; 2506 2507 for( i = ver_chain->len; i != 0; --i ) 2508 { 2509 cur = &ver_chain->items[i-1]; 2510 cur_flags = cur->flags; 2511 2512 if( NULL != f_vrfy ) 2513 if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) 2514 return( ret ); 2515 2516 *flags |= cur_flags; 2517 } 2518 2519 return( 0 ); 2520 } 2521 2522 /* 2523 * Verify the certificate validity (default profile, not restartable) 2524 */ 2525 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, 2526 mbedtls_x509_crt *trust_ca, 2527 mbedtls_x509_crl *ca_crl, 2528 const char *cn, uint32_t *flags, 2529 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 2530 void *p_vrfy ) 2531 { 2532 return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, 2533 &mbedtls_x509_crt_profile_default, cn, flags, 2534 f_vrfy, p_vrfy, NULL ) ); 2535 } 2536 2537 /* 2538 * Verify the certificate validity (user-chosen profile, not restartable) 2539 */ 2540 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, 2541 mbedtls_x509_crt *trust_ca, 2542 mbedtls_x509_crl *ca_crl, 2543 const mbedtls_x509_crt_profile *profile, 2544 const char *cn, uint32_t *flags, 2545 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 2546 void *p_vrfy ) 2547 { 2548 return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, 2549 profile, cn, flags, f_vrfy, p_vrfy, NULL ) ); 2550 } 2551 2552 /* 2553 * Verify the certificate validity, with profile, restartable version 2554 * 2555 * This function: 2556 * - checks the requested CN (if any) 2557 * - checks the type and size of the EE cert's key, 2558 * as that isn't done as part of chain building/verification currently 2559 * - builds and verifies the chain 2560 * - then calls the callback and merges the flags 2561 */ 2562 int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, 2563 mbedtls_x509_crt *trust_ca, 2564 mbedtls_x509_crl *ca_crl, 2565 const mbedtls_x509_crt_profile *profile, 2566 const char *cn, uint32_t *flags, 2567 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 2568 void *p_vrfy, 2569 mbedtls_x509_crt_restart_ctx *rs_ctx ) 2570 { 2571 int ret; 2572 mbedtls_pk_type_t pk_type; 2573 mbedtls_x509_crt_verify_chain ver_chain; 2574 uint32_t ee_flags; 2575 2576 *flags = 0; 2577 ee_flags = 0; 2578 x509_crt_verify_chain_reset( &ver_chain ); 2579 2580 if( profile == NULL ) 2581 { 2582 ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; 2583 goto exit; 2584 } 2585 2586 /* check name if requested */ 2587 if( cn != NULL ) 2588 x509_crt_verify_name( crt, cn, &ee_flags ); 2589 2590 /* Check the type and size of the key */ 2591 pk_type = mbedtls_pk_get_type( &crt->pk ); 2592 2593 if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) 2594 ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; 2595 2596 if( x509_profile_check_key( profile, &crt->pk ) != 0 ) 2597 ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; 2598 2599 /* Check the chain */ 2600 ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, 2601 &ver_chain, rs_ctx ); 2602 2603 if( ret != 0 ) 2604 goto exit; 2605 2606 /* Merge end-entity flags */ 2607 ver_chain.items[0].flags |= ee_flags; 2608 2609 /* Build final flags, calling callback on the way if any */ 2610 ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); 2611 2612 exit: 2613 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2614 if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 2615 mbedtls_x509_crt_restart_free( rs_ctx ); 2616 #endif 2617 2618 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by 2619 * the SSL module for authmode optional, but non-zero return from the 2620 * callback means a fatal error so it shouldn't be ignored */ 2621 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) 2622 ret = MBEDTLS_ERR_X509_FATAL_ERROR; 2623 2624 if( ret != 0 ) 2625 { 2626 *flags = (uint32_t) -1; 2627 return( ret ); 2628 } 2629 2630 if( *flags != 0 ) 2631 return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); 2632 2633 return( 0 ); 2634 } 2635 2636 /* 2637 * Initialize a certificate chain 2638 */ 2639 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) 2640 { 2641 memset( crt, 0, sizeof(mbedtls_x509_crt) ); 2642 } 2643 2644 /* 2645 * Unallocate all certificate data 2646 */ 2647 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) 2648 { 2649 mbedtls_x509_crt *cert_cur = crt; 2650 mbedtls_x509_crt *cert_prv; 2651 mbedtls_x509_name *name_cur; 2652 mbedtls_x509_name *name_prv; 2653 mbedtls_x509_sequence *seq_cur; 2654 mbedtls_x509_sequence *seq_prv; 2655 2656 if( crt == NULL ) 2657 return; 2658 2659 do 2660 { 2661 mbedtls_pk_free( &cert_cur->pk ); 2662 2663 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 2664 mbedtls_free( cert_cur->sig_opts ); 2665 #endif 2666 2667 name_cur = cert_cur->issuer.next; 2668 while( name_cur != NULL ) 2669 { 2670 name_prv = name_cur; 2671 name_cur = name_cur->next; 2672 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 2673 mbedtls_free( name_prv ); 2674 } 2675 2676 name_cur = cert_cur->subject.next; 2677 while( name_cur != NULL ) 2678 { 2679 name_prv = name_cur; 2680 name_cur = name_cur->next; 2681 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 2682 mbedtls_free( name_prv ); 2683 } 2684 2685 seq_cur = cert_cur->ext_key_usage.next; 2686 while( seq_cur != NULL ) 2687 { 2688 seq_prv = seq_cur; 2689 seq_cur = seq_cur->next; 2690 mbedtls_platform_zeroize( seq_prv, 2691 sizeof( mbedtls_x509_sequence ) ); 2692 mbedtls_free( seq_prv ); 2693 } 2694 2695 seq_cur = cert_cur->subject_alt_names.next; 2696 while( seq_cur != NULL ) 2697 { 2698 seq_prv = seq_cur; 2699 seq_cur = seq_cur->next; 2700 mbedtls_platform_zeroize( seq_prv, 2701 sizeof( mbedtls_x509_sequence ) ); 2702 mbedtls_free( seq_prv ); 2703 } 2704 2705 if( cert_cur->raw.p != NULL ) 2706 { 2707 mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); 2708 mbedtls_free( cert_cur->raw.p ); 2709 } 2710 2711 cert_cur = cert_cur->next; 2712 } 2713 while( cert_cur != NULL ); 2714 2715 cert_cur = crt; 2716 do 2717 { 2718 cert_prv = cert_cur; 2719 cert_cur = cert_cur->next; 2720 2721 mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); 2722 if( cert_prv != crt ) 2723 mbedtls_free( cert_prv ); 2724 } 2725 while( cert_cur != NULL ); 2726 } 2727 2728 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2729 /* 2730 * Initialize a restart context 2731 */ 2732 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) 2733 { 2734 mbedtls_pk_restart_init( &ctx->pk ); 2735 2736 ctx->parent = NULL; 2737 ctx->fallback_parent = NULL; 2738 ctx->fallback_signature_is_good = 0; 2739 2740 ctx->parent_is_trusted = -1; 2741 2742 ctx->in_progress = x509_crt_rs_none; 2743 ctx->self_cnt = 0; 2744 x509_crt_verify_chain_reset( &ctx->ver_chain ); 2745 } 2746 2747 /* 2748 * Free the components of a restart context 2749 */ 2750 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) 2751 { 2752 if( ctx == NULL ) 2753 return; 2754 2755 mbedtls_pk_restart_free( &ctx->pk ); 2756 mbedtls_x509_crt_restart_init( ctx ); 2757 } 2758 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 2759 2760 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 2761