2 * X.509 certificate parsing and verification
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * This file is part of mbed TLS (https://tls.mbed.org)
24 * The ITU-T X.509 standard defines a certificate format for PKI.
26 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
27 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
28 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
30 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
31 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
34 #if !defined(MBEDTLS_CONFIG_FILE)
35 #include "mbedtls/config.h"
37 #include MBEDTLS_CONFIG_FILE
40 #if defined(MBEDTLS_X509_CRT_PARSE_C)
42 #include "mbedtls/x509_crt.h"
43 #include "mbedtls/oid.h"
47 #if defined(MBEDTLS_PEM_PARSE_C)
48 #include "mbedtls/pem.h"
51 #if defined(MBEDTLS_PLATFORM_C)
52 #include "mbedtls/platform.h"
56 #define mbedtls_free free
57 #define mbedtls_calloc calloc
58 #define mbedtls_snprintf snprintf
61 #if defined(MBEDTLS_THREADING_C)
62 #include "mbedtls/threading.h"
65 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
71 #if defined(MBEDTLS_FS_IO)
73 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
74 #include <sys/types.h>
77 #endif /* !_WIN32 || EFIX64 || EFI32 */
80 /* Implementation that should never be optimized out by the compiler */
81 static void mbedtls_zeroize( void *v
, size_t n
) {
82 volatile unsigned char *p
= v
; while( n
-- ) *p
++ = 0;
88 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
=
90 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
91 /* Allow SHA-1 (weak, but still safe in controlled environments) */
92 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1
) |
94 /* Only SHA-2 hashes */
95 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224
) |
96 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256
) |
97 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384
) |
98 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512
),
99 0xFFFFFFF, /* Any PK alg */
100 0xFFFFFFF, /* Any curve */
105 * Next-default profile
107 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
=
109 /* Hashes from SHA-256 and above */
110 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256
) |
111 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384
) |
112 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512
),
113 0xFFFFFFF, /* Any PK alg */
114 #if defined(MBEDTLS_ECP_C)
115 /* Curves at or above 128-bit security level */
116 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1
) |
117 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1
) |
118 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1
) |
119 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1
) |
120 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1
) |
121 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1
) |
122 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1
),
130 * NSA Suite B Profile
132 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
=
134 /* Only SHA-256 and 384 */
135 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256
) |
136 MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384
),
138 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA
) |
139 MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY
),
140 #if defined(MBEDTLS_ECP_C)
141 /* Only NIST P-256 and P-384 */
142 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1
) |
143 MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1
),
151 * Check md_alg against profile
152 * Return 0 if md_alg acceptable for this profile, -1 otherwise
154 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile
*profile
,
155 mbedtls_md_type_t md_alg
)
157 if( md_alg
== MBEDTLS_MD_NONE
)
160 if( ( profile
->allowed_mds
& MBEDTLS_X509_ID_FLAG( md_alg
) ) != 0 )
167 * Check pk_alg against profile
168 * Return 0 if pk_alg acceptable for this profile, -1 otherwise
170 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile
*profile
,
171 mbedtls_pk_type_t pk_alg
)
173 if( pk_alg
== MBEDTLS_PK_NONE
)
176 if( ( profile
->allowed_pks
& MBEDTLS_X509_ID_FLAG( pk_alg
) ) != 0 )
183 * Check key against profile
184 * Return 0 if pk_alg acceptable for this profile, -1 otherwise
186 static int x509_profile_check_key( const mbedtls_x509_crt_profile
*profile
,
187 mbedtls_pk_type_t pk_alg
,
188 const mbedtls_pk_context
*pk
)
190 #if defined(MBEDTLS_RSA_C)
191 if( pk_alg
== MBEDTLS_PK_RSA
|| pk_alg
== MBEDTLS_PK_RSASSA_PSS
)
193 if( mbedtls_pk_get_bitlen( pk
) >= profile
->rsa_min_bitlen
)
200 #if defined(MBEDTLS_ECP_C)
201 if( pk_alg
== MBEDTLS_PK_ECDSA
||
202 pk_alg
== MBEDTLS_PK_ECKEY
||
203 pk_alg
== MBEDTLS_PK_ECKEY_DH
)
205 mbedtls_ecp_group_id gid
= mbedtls_pk_ec( *pk
)->grp
.id
;
207 if( gid
== MBEDTLS_ECP_DP_NONE
)
210 if( ( profile
->allowed_curves
& MBEDTLS_X509_ID_FLAG( gid
) ) != 0 )
221 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
223 static int x509_get_version( unsigned char **p
,
224 const unsigned char *end
,
230 if( ( ret
= mbedtls_asn1_get_tag( p
, end
, &len
,
231 MBEDTLS_ASN1_CONTEXT_SPECIFIC
| MBEDTLS_ASN1_CONSTRUCTED
| 0 ) ) != 0 )
233 if( ret
== MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
)
239 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+ ret
);
244 if( ( ret
= mbedtls_asn1_get_int( p
, end
, ver
) ) != 0 )
245 return( MBEDTLS_ERR_X509_INVALID_VERSION
+ ret
);
248 return( MBEDTLS_ERR_X509_INVALID_VERSION
+
249 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
255 * Validity ::= SEQUENCE {
259 static int x509_get_dates( unsigned char **p
,
260 const unsigned char *end
,
261 mbedtls_x509_time
*from
,
262 mbedtls_x509_time
*to
)
267 if( ( ret
= mbedtls_asn1_get_tag( p
, end
, &len
,
268 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
269 return( MBEDTLS_ERR_X509_INVALID_DATE
+ ret
);
273 if( ( ret
= mbedtls_x509_get_time( p
, end
, from
) ) != 0 )
276 if( ( ret
= mbedtls_x509_get_time( p
, end
, to
) ) != 0 )
280 return( MBEDTLS_ERR_X509_INVALID_DATE
+
281 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
287 * X.509 v2/v3 unique identifier (not parsed)
289 static int x509_get_uid( unsigned char **p
,
290 const unsigned char *end
,
291 mbedtls_x509_buf
*uid
, int n
)
300 if( ( ret
= mbedtls_asn1_get_tag( p
, end
, &uid
->len
,
301 MBEDTLS_ASN1_CONTEXT_SPECIFIC
| MBEDTLS_ASN1_CONSTRUCTED
| n
) ) != 0 )
303 if( ret
== MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
)
306 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+ ret
);
315 static int x509_get_basic_constraints( unsigned char **p
,
316 const unsigned char *end
,
324 * BasicConstraints ::= SEQUENCE {
325 * cA BOOLEAN DEFAULT FALSE,
326 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
328 *ca_istrue
= 0; /* DEFAULT FALSE */
329 *max_pathlen
= 0; /* endless */
331 if( ( ret
= mbedtls_asn1_get_tag( p
, end
, &len
,
332 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
333 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
338 if( ( ret
= mbedtls_asn1_get_bool( p
, end
, ca_istrue
) ) != 0 )
340 if( ret
== MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
)
341 ret
= mbedtls_asn1_get_int( p
, end
, ca_istrue
);
344 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
346 if( *ca_istrue
!= 0 )
353 if( ( ret
= mbedtls_asn1_get_int( p
, end
, max_pathlen
) ) != 0 )
354 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
357 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
358 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
365 static int x509_get_ns_cert_type( unsigned char **p
,
366 const unsigned char *end
,
367 unsigned char *ns_cert_type
)
370 mbedtls_x509_bitstring bs
= { 0, 0, NULL
};
372 if( ( ret
= mbedtls_asn1_get_bitstring( p
, end
, &bs
) ) != 0 )
373 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
376 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
377 MBEDTLS_ERR_ASN1_INVALID_LENGTH
);
379 /* Get actual bitstring */
380 *ns_cert_type
= *bs
.p
;
384 static int x509_get_key_usage( unsigned char **p
,
385 const unsigned char *end
,
386 unsigned int *key_usage
)
390 mbedtls_x509_bitstring bs
= { 0, 0, NULL
};
392 if( ( ret
= mbedtls_asn1_get_bitstring( p
, end
, &bs
) ) != 0 )
393 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
396 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
397 MBEDTLS_ERR_ASN1_INVALID_LENGTH
);
399 /* Get actual bitstring */
401 for( i
= 0; i
< bs
.len
&& i
< sizeof( unsigned int ); i
++ )
403 *key_usage
|= (unsigned int) bs
.p
[i
] << (8*i
);
410 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
412 * KeyPurposeId ::= OBJECT IDENTIFIER
414 static int x509_get_ext_key_usage( unsigned char **p
,
415 const unsigned char *end
,
416 mbedtls_x509_sequence
*ext_key_usage
)
420 if( ( ret
= mbedtls_asn1_get_sequence_of( p
, end
, ext_key_usage
, MBEDTLS_ASN1_OID
) ) != 0 )
421 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
423 /* Sequence length must be >= 1 */
424 if( ext_key_usage
->buf
.p
== NULL
)
425 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
426 MBEDTLS_ERR_ASN1_INVALID_LENGTH
);
432 * SubjectAltName ::= GeneralNames
434 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
436 * GeneralName ::= CHOICE {
437 * otherName [0] OtherName,
438 * rfc822Name [1] IA5String,
439 * dNSName [2] IA5String,
440 * x400Address [3] ORAddress,
441 * directoryName [4] Name,
442 * ediPartyName [5] EDIPartyName,
443 * uniformResourceIdentifier [6] IA5String,
444 * iPAddress [7] OCTET STRING,
445 * registeredID [8] OBJECT IDENTIFIER }
447 * OtherName ::= SEQUENCE {
448 * type-id OBJECT IDENTIFIER,
449 * value [0] EXPLICIT ANY DEFINED BY type-id }
451 * EDIPartyName ::= SEQUENCE {
452 * nameAssigner [0] DirectoryString OPTIONAL,
453 * partyName [1] DirectoryString }
455 * NOTE: we only parse and use dNSName at this point.
457 static int x509_get_subject_alt_name( unsigned char **p
,
458 const unsigned char *end
,
459 mbedtls_x509_sequence
*subject_alt_name
)
463 mbedtls_asn1_buf
*buf
;
465 mbedtls_asn1_sequence
*cur
= subject_alt_name
;
467 /* Get main sequence tag */
468 if( ( ret
= mbedtls_asn1_get_tag( p
, end
, &len
,
469 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
470 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
472 if( *p
+ len
!= end
)
473 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
474 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
478 if( ( end
- *p
) < 1 )
479 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
480 MBEDTLS_ERR_ASN1_OUT_OF_DATA
);
484 if( ( ret
= mbedtls_asn1_get_len( p
, end
, &tag_len
) ) != 0 )
485 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
487 if( ( tag
& MBEDTLS_ASN1_TAG_CLASS_MASK
) !=
488 MBEDTLS_ASN1_CONTEXT_SPECIFIC
)
490 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
491 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
);
494 /* Skip everything but DNS name */
495 if( tag
!= ( MBEDTLS_ASN1_CONTEXT_SPECIFIC
| 2 ) )
501 /* Allocate and assign next pointer */
502 if( cur
->buf
.p
!= NULL
)
504 if( cur
->next
!= NULL
)
505 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
);
507 cur
->next
= mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence
) );
509 if( cur
->next
== NULL
)
510 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
511 MBEDTLS_ERR_ASN1_ALLOC_FAILED
);
523 /* Set final sequence entry's next pointer to NULL */
527 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
528 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
534 * X.509 v3 extensions
537 static int x509_get_crt_ext( unsigned char **p
,
538 const unsigned char *end
,
539 mbedtls_x509_crt
*crt
)
543 unsigned char *end_ext_data
, *end_ext_octet
;
548 if( ( ret
= mbedtls_x509_get_ext( p
, end
, &crt
->v3_ext
, 3 ) ) != 0 )
551 end
= crt
->v3_ext
.p
+ crt
->v3_ext
.len
;
555 * Extension ::= SEQUENCE {
556 * extnID OBJECT IDENTIFIER,
557 * critical BOOLEAN DEFAULT FALSE,
558 * extnValue OCTET STRING }
560 mbedtls_x509_buf extn_oid
= {0, 0, NULL
};
561 int is_critical
= 0; /* DEFAULT FALSE */
564 if( ( ret
= mbedtls_asn1_get_tag( p
, end
, &len
,
565 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
566 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
568 end_ext_data
= *p
+ len
;
570 /* Get extension ID */
571 if( ( ret
= mbedtls_asn1_get_tag( p
, end_ext_data
, &extn_oid
.len
,
572 MBEDTLS_ASN1_OID
) ) != 0 )
573 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
575 extn_oid
.tag
= MBEDTLS_ASN1_OID
;
579 /* Get optional critical */
580 if( ( ret
= mbedtls_asn1_get_bool( p
, end_ext_data
, &is_critical
) ) != 0 &&
581 ( ret
!= MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
) )
582 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
584 /* Data should be octet string type */
585 if( ( ret
= mbedtls_asn1_get_tag( p
, end_ext_data
, &len
,
586 MBEDTLS_ASN1_OCTET_STRING
) ) != 0 )
587 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+ ret
);
589 end_ext_octet
= *p
+ len
;
591 if( end_ext_octet
!= end_ext_data
)
592 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
593 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
596 * Detect supported extensions
598 ret
= mbedtls_oid_get_x509_ext_type( &extn_oid
, &ext_type
);
602 /* No parser found, skip extension */
605 #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
608 /* Data is marked as critical: fail */
609 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
610 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
);
616 /* Forbid repeated extensions */
617 if( ( crt
->ext_types
& ext_type
) != 0 )
618 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
);
620 crt
->ext_types
|= ext_type
;
624 case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
:
625 /* Parse basic constraints */
626 if( ( ret
= x509_get_basic_constraints( p
, end_ext_octet
,
627 &crt
->ca_istrue
, &crt
->max_pathlen
) ) != 0 )
631 case MBEDTLS_X509_EXT_KEY_USAGE
:
632 /* Parse key usage */
633 if( ( ret
= x509_get_key_usage( p
, end_ext_octet
,
634 &crt
->key_usage
) ) != 0 )
638 case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
:
639 /* Parse extended key usage */
640 if( ( ret
= x509_get_ext_key_usage( p
, end_ext_octet
,
641 &crt
->ext_key_usage
) ) != 0 )
645 case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
:
646 /* Parse subject alt name */
647 if( ( ret
= x509_get_subject_alt_name( p
, end_ext_octet
,
648 &crt
->subject_alt_names
) ) != 0 )
652 case MBEDTLS_X509_EXT_NS_CERT_TYPE
:
653 /* Parse netscape certificate type */
654 if( ( ret
= x509_get_ns_cert_type( p
, end_ext_octet
,
655 &crt
->ns_cert_type
) ) != 0 )
660 return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
);
665 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS
+
666 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
672 * Parse and fill a single X.509 certificate in DER format
674 static int x509_crt_parse_der_core( mbedtls_x509_crt
*crt
, const unsigned char *buf
,
679 unsigned char *p
, *end
, *crt_end
;
680 mbedtls_x509_buf sig_params1
, sig_params2
, sig_oid2
;
682 memset( &sig_params1
, 0, sizeof( mbedtls_x509_buf
) );
683 memset( &sig_params2
, 0, sizeof( mbedtls_x509_buf
) );
684 memset( &sig_oid2
, 0, sizeof( mbedtls_x509_buf
) );
687 * Check for valid input
689 if( crt
== NULL
|| buf
== NULL
)
690 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
692 // Use the original buffer until we figure out actual length
693 p
= (unsigned char*) buf
;
698 * Certificate ::= SEQUENCE {
699 * tbsCertificate TBSCertificate,
700 * signatureAlgorithm AlgorithmIdentifier,
701 * signatureValue BIT STRING }
703 if( ( ret
= mbedtls_asn1_get_tag( &p
, end
, &len
,
704 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
706 mbedtls_x509_crt_free( crt
);
707 return( MBEDTLS_ERR_X509_INVALID_FORMAT
);
710 if( len
> (size_t) ( end
- p
) )
712 mbedtls_x509_crt_free( crt
);
713 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+
714 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
718 // Create and populate a new buffer for the raw field
719 crt
->raw
.len
= crt_end
- buf
;
720 crt
->raw
.p
= p
= mbedtls_calloc( 1, crt
->raw
.len
);
722 return( MBEDTLS_ERR_X509_ALLOC_FAILED
);
724 memcpy( p
, buf
, crt
->raw
.len
);
726 // Direct pointers to the new buffer
727 p
+= crt
->raw
.len
- len
;
728 end
= crt_end
= p
+ len
;
731 * TBSCertificate ::= SEQUENCE {
735 if( ( ret
= mbedtls_asn1_get_tag( &p
, end
, &len
,
736 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
738 mbedtls_x509_crt_free( crt
);
739 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+ ret
);
743 crt
->tbs
.len
= end
- crt
->tbs
.p
;
746 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
748 * CertificateSerialNumber ::= INTEGER
750 * signature AlgorithmIdentifier
752 if( ( ret
= x509_get_version( &p
, end
, &crt
->version
) ) != 0 ||
753 ( ret
= mbedtls_x509_get_serial( &p
, end
, &crt
->serial
) ) != 0 ||
754 ( ret
= mbedtls_x509_get_alg( &p
, end
, &crt
->sig_oid
,
755 &sig_params1
) ) != 0 )
757 mbedtls_x509_crt_free( crt
);
761 if( crt
->version
< 0 || crt
->version
> 2 )
763 mbedtls_x509_crt_free( crt
);
764 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION
);
769 if( ( ret
= mbedtls_x509_get_sig_alg( &crt
->sig_oid
, &sig_params1
,
770 &crt
->sig_md
, &crt
->sig_pk
,
771 &crt
->sig_opts
) ) != 0 )
773 mbedtls_x509_crt_free( crt
);
780 crt
->issuer_raw
.p
= p
;
782 if( ( ret
= mbedtls_asn1_get_tag( &p
, end
, &len
,
783 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
785 mbedtls_x509_crt_free( crt
);
786 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+ ret
);
789 if( ( ret
= mbedtls_x509_get_name( &p
, p
+ len
, &crt
->issuer
) ) != 0 )
791 mbedtls_x509_crt_free( crt
);
795 crt
->issuer_raw
.len
= p
- crt
->issuer_raw
.p
;
798 * Validity ::= SEQUENCE {
803 if( ( ret
= x509_get_dates( &p
, end
, &crt
->valid_from
,
804 &crt
->valid_to
) ) != 0 )
806 mbedtls_x509_crt_free( crt
);
813 crt
->subject_raw
.p
= p
;
815 if( ( ret
= mbedtls_asn1_get_tag( &p
, end
, &len
,
816 MBEDTLS_ASN1_CONSTRUCTED
| MBEDTLS_ASN1_SEQUENCE
) ) != 0 )
818 mbedtls_x509_crt_free( crt
);
819 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+ ret
);
822 if( len
&& ( ret
= mbedtls_x509_get_name( &p
, p
+ len
, &crt
->subject
) ) != 0 )
824 mbedtls_x509_crt_free( crt
);
828 crt
->subject_raw
.len
= p
- crt
->subject_raw
.p
;
831 * SubjectPublicKeyInfo
833 if( ( ret
= mbedtls_pk_parse_subpubkey( &p
, end
, &crt
->pk
) ) != 0 )
835 mbedtls_x509_crt_free( crt
);
840 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
841 * -- If present, version shall be v2 or v3
842 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
843 * -- If present, version shall be v2 or v3
844 * extensions [3] EXPLICIT Extensions OPTIONAL
845 * -- If present, version shall be v3
847 if( crt
->version
== 2 || crt
->version
== 3 )
849 ret
= x509_get_uid( &p
, end
, &crt
->issuer_id
, 1 );
852 mbedtls_x509_crt_free( crt
);
857 if( crt
->version
== 2 || crt
->version
== 3 )
859 ret
= x509_get_uid( &p
, end
, &crt
->subject_id
, 2 );
862 mbedtls_x509_crt_free( crt
);
867 #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
868 if( crt
->version
== 3 )
871 ret
= x509_get_crt_ext( &p
, end
, crt
);
874 mbedtls_x509_crt_free( crt
);
881 mbedtls_x509_crt_free( crt
);
882 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+
883 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
890 * -- end of TBSCertificate
892 * signatureAlgorithm AlgorithmIdentifier,
893 * signatureValue BIT STRING
895 if( ( ret
= mbedtls_x509_get_alg( &p
, end
, &sig_oid2
, &sig_params2
) ) != 0 )
897 mbedtls_x509_crt_free( crt
);
901 if( crt
->sig_oid
.len
!= sig_oid2
.len
||
902 memcmp( crt
->sig_oid
.p
, sig_oid2
.p
, crt
->sig_oid
.len
) != 0 ||
903 sig_params1
.len
!= sig_params2
.len
||
904 ( sig_params1
.len
!= 0 &&
905 memcmp( sig_params1
.p
, sig_params2
.p
, sig_params1
.len
) != 0 ) )
907 mbedtls_x509_crt_free( crt
);
908 return( MBEDTLS_ERR_X509_SIG_MISMATCH
);
911 if( ( ret
= mbedtls_x509_get_sig( &p
, end
, &crt
->sig
) ) != 0 )
913 mbedtls_x509_crt_free( crt
);
919 mbedtls_x509_crt_free( crt
);
920 return( MBEDTLS_ERR_X509_INVALID_FORMAT
+
921 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
);
928 * Parse one X.509 certificate in DER format from a buffer and add them to a
931 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt
*chain
, const unsigned char *buf
,
935 mbedtls_x509_crt
*crt
= chain
, *prev
= NULL
;
938 * Check for valid input
940 if( crt
== NULL
|| buf
== NULL
)
941 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
943 while( crt
->version
!= 0 && crt
->next
!= NULL
)
950 * Add new certificate on the end of the chain if needed.
952 if( crt
->version
!= 0 && crt
->next
== NULL
)
954 crt
->next
= mbedtls_calloc( 1, sizeof( mbedtls_x509_crt
) );
956 if( crt
->next
== NULL
)
957 return( MBEDTLS_ERR_X509_ALLOC_FAILED
);
960 mbedtls_x509_crt_init( crt
->next
);
964 if( ( ret
= x509_crt_parse_der_core( crt
, buf
, buflen
) ) != 0 )
979 * Parse one or more PEM certificates from a buffer and add them to the chained
982 int mbedtls_x509_crt_parse( mbedtls_x509_crt
*chain
, const unsigned char *buf
, size_t buflen
)
984 #if defined(MBEDTLS_PEM_PARSE_C)
985 int success
= 0, first_error
= 0, total_failed
= 0;
986 int buf_format
= MBEDTLS_X509_FORMAT_DER
;
990 * Check for valid input
992 if( chain
== NULL
|| buf
== NULL
)
993 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
996 * Determine buffer content. Buffer contains either one DER certificate or
997 * one or more PEM certificates.
999 #if defined(MBEDTLS_PEM_PARSE_C)
1000 if( buflen
!= 0 && buf
[buflen
- 1] == '\0' &&
1001 strstr( (const char *) buf
, "-----BEGIN CERTIFICATE-----" ) != NULL
)
1003 buf_format
= MBEDTLS_X509_FORMAT_PEM
;
1006 if( buf_format
== MBEDTLS_X509_FORMAT_DER
)
1007 return mbedtls_x509_crt_parse_der( chain
, buf
, buflen
);
1009 return mbedtls_x509_crt_parse_der( chain
, buf
, buflen
);
1012 #if defined(MBEDTLS_PEM_PARSE_C)
1013 if( buf_format
== MBEDTLS_X509_FORMAT_PEM
)
1016 mbedtls_pem_context pem
;
1018 /* 1 rather than 0 since the terminating NULL byte is counted in */
1022 mbedtls_pem_init( &pem
);
1024 /* If we get there, we know the string is null-terminated */
1025 ret
= mbedtls_pem_read_buffer( &pem
,
1026 "-----BEGIN CERTIFICATE-----",
1027 "-----END CERTIFICATE-----",
1028 buf
, NULL
, 0, &use_len
);
1038 else if( ret
== MBEDTLS_ERR_PEM_BAD_INPUT_DATA
)
1042 else if( ret
!= MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
)
1044 mbedtls_pem_free( &pem
);
1047 * PEM header and footer were found
1052 if( first_error
== 0 )
1061 ret
= mbedtls_x509_crt_parse_der( chain
, pem
.buf
, pem
.buflen
);
1063 mbedtls_pem_free( &pem
);
1068 * Quit parsing on a memory error
1070 if( ret
== MBEDTLS_ERR_X509_ALLOC_FAILED
)
1073 if( first_error
== 0 )
1085 return( total_failed
);
1086 else if( first_error
)
1087 return( first_error
);
1089 return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
);
1090 #endif /* MBEDTLS_PEM_PARSE_C */
1093 #if defined(MBEDTLS_FS_IO)
1095 * Load one or more certificates and add them to the chained list
1097 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt
*chain
, const char *path
)
1103 if( ( ret
= mbedtls_pk_load_file( path
, &buf
, &n
) ) != 0 )
1106 ret
= mbedtls_x509_crt_parse( chain
, buf
, n
);
1108 mbedtls_zeroize( buf
, n
);
1109 mbedtls_free( buf
);
1114 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt
*chain
, const char *path
)
1117 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1119 WCHAR szDir
[MAX_PATH
];
1120 char filename
[MAX_PATH
];
1122 size_t len
= strlen( path
);
1124 WIN32_FIND_DATAW file_data
;
1127 if( len
> MAX_PATH
- 3 )
1128 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
1130 memset( szDir
, 0, sizeof(szDir
) );
1131 memset( filename
, 0, MAX_PATH
);
1132 memcpy( filename
, path
, len
);
1133 filename
[len
++] = '\\';
1135 filename
[len
++] = '*';
1137 w_ret
= MultiByteToWideChar( CP_ACP
, 0, filename
, (int)len
, szDir
,
1140 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
1142 hFind
= FindFirstFileW( szDir
, &file_data
);
1143 if( hFind
== INVALID_HANDLE_VALUE
)
1144 return( MBEDTLS_ERR_X509_FILE_IO_ERROR
);
1146 len
= MAX_PATH
- len
;
1149 memset( p
, 0, len
);
1151 if( file_data
.dwFileAttributes
& FILE_ATTRIBUTE_DIRECTORY
)
1154 w_ret
= WideCharToMultiByte( CP_ACP
, 0, file_data
.cFileName
,
1155 lstrlenW( file_data
.cFileName
),
1160 ret
= MBEDTLS_ERR_X509_FILE_IO_ERROR
;
1164 w_ret
= mbedtls_x509_crt_parse_file( chain
, filename
);
1170 while( FindNextFileW( hFind
, &file_data
) != 0 );
1172 if( GetLastError() != ERROR_NO_MORE_FILES
)
1173 ret
= MBEDTLS_ERR_X509_FILE_IO_ERROR
;
1181 struct dirent
*entry
;
1182 char entry_name
[MBEDTLS_X509_MAX_FILE_PATH_LEN
];
1183 DIR *dir
= opendir( path
);
1186 return( MBEDTLS_ERR_X509_FILE_IO_ERROR
);
1188 #if defined(MBEDTLS_THREADING_C)
1189 if( ( ret
= mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex
) ) != 0 )
1194 #endif /* MBEDTLS_THREADING_C */
1196 while( ( entry
= readdir( dir
) ) != NULL
)
1198 snp_ret
= mbedtls_snprintf( entry_name
, sizeof entry_name
,
1199 "%s/%s", path
, entry
->d_name
);
1201 if( snp_ret
< 0 || (size_t)snp_ret
>= sizeof entry_name
)
1203 ret
= MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
;
1206 else if( stat( entry_name
, &sb
) == -1 )
1208 ret
= MBEDTLS_ERR_X509_FILE_IO_ERROR
;
1212 if( !S_ISREG( sb
.st_mode
) )
1215 // Ignore parse errors
1217 t_ret
= mbedtls_x509_crt_parse_file( chain
, entry_name
);
1227 #if defined(MBEDTLS_THREADING_C)
1228 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex
) != 0 )
1229 ret
= MBEDTLS_ERR_THREADING_MUTEX_ERROR
;
1230 #endif /* MBEDTLS_THREADING_C */
1236 #endif /* MBEDTLS_FS_IO */
1238 static int x509_info_subject_alt_name( char **buf
, size_t *size
,
1239 const mbedtls_x509_sequence
*subject_alt_name
)
1244 const mbedtls_x509_sequence
*cur
= subject_alt_name
;
1245 const char *sep
= "";
1248 while( cur
!= NULL
)
1250 if( cur
->buf
.len
+ sep_len
>= n
)
1253 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
);
1256 n
-= cur
->buf
.len
+ sep_len
;
1257 for( i
= 0; i
< sep_len
; i
++ )
1259 for( i
= 0; i
< cur
->buf
.len
; i
++ )
1260 *p
++ = cur
->buf
.p
[i
];
1276 #define PRINT_ITEM(i) \
1278 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
1279 MBEDTLS_X509_SAFE_SNPRINTF; \
1283 #define CERT_TYPE(type,name) \
1284 if( ns_cert_type & type ) \
1287 static int x509_info_cert_type( char **buf
, size_t *size
,
1288 unsigned char ns_cert_type
)
1293 const char *sep
= "";
1295 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
, "SSL Client" );
1296 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
, "SSL Server" );
1297 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL
, "Email" );
1298 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
, "Object Signing" );
1299 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED
, "Reserved" );
1300 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
, "SSL CA" );
1301 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
, "Email CA" );
1302 CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
, "Object Signing CA" );
1310 #define KEY_USAGE(code,name) \
1311 if( key_usage & code ) \
1314 static int x509_info_key_usage( char **buf
, size_t *size
,
1315 unsigned int key_usage
)
1320 const char *sep
= "";
1322 KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE
, "Digital Signature" );
1323 KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION
, "Non Repudiation" );
1324 KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT
, "Key Encipherment" );
1325 KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT
, "Data Encipherment" );
1326 KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT
, "Key Agreement" );
1327 KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN
, "Key Cert Sign" );
1328 KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN
, "CRL Sign" );
1329 KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY
, "Encipher Only" );
1330 KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY
, "Decipher Only" );
1338 static int x509_info_ext_key_usage( char **buf
, size_t *size
,
1339 const mbedtls_x509_sequence
*extended_key_usage
)
1345 const mbedtls_x509_sequence
*cur
= extended_key_usage
;
1346 const char *sep
= "";
1348 while( cur
!= NULL
)
1350 if( mbedtls_oid_get_extended_key_usage( &cur
->buf
, &desc
) != 0 )
1353 ret
= mbedtls_snprintf( p
, n
, "%s%s", sep
, desc
);
1354 MBEDTLS_X509_SAFE_SNPRINTF
;
1368 * Like memcmp, but case-insensitive and always returns -1 if different
1370 static int x509_memcasecmp( const void *s1
, const void *s2
, size_t len
)
1374 const unsigned char *n1
= s1
, *n2
= s2
;
1376 for( i
= 0; i
< len
; i
++ )
1378 diff
= n1
[i
] ^ n2
[i
];
1384 ( ( n1
[i
] >= 'a' && n1
[i
] <= 'z' ) ||
1385 ( n1
[i
] >= 'A' && n1
[i
] <= 'Z' ) ) )
1397 * Return 0 if name matches wildcard, -1 otherwise
1399 static int x509_check_wildcard( const char *cn
, mbedtls_x509_buf
*name
)
1402 size_t cn_idx
= 0, cn_len
= strlen( cn
);
1404 if( name
->len
< 3 || name
->p
[0] != '*' || name
->p
[1] != '.' )
1407 for( i
= 0; i
< cn_len
; ++i
)
1419 if( cn_len
- cn_idx
== name
->len
- 1 &&
1420 x509_memcasecmp( name
->p
+ 1, cn
+ cn_idx
, name
->len
- 1 ) == 0 )
1429 * Compare two X.509 strings, case-insensitive, and allowing for some encoding
1430 * variations (but not all).
1432 * Return 0 if equal, -1 otherwise.
1434 static int x509_string_cmp( const mbedtls_x509_buf
*a
, const mbedtls_x509_buf
*b
)
1436 if( a
->tag
== b
->tag
&&
1438 memcmp( a
->p
, b
->p
, b
->len
) == 0 )
1443 if( ( a
->tag
== MBEDTLS_ASN1_UTF8_STRING
|| a
->tag
== MBEDTLS_ASN1_PRINTABLE_STRING
) &&
1444 ( b
->tag
== MBEDTLS_ASN1_UTF8_STRING
|| b
->tag
== MBEDTLS_ASN1_PRINTABLE_STRING
) &&
1446 x509_memcasecmp( a
->p
, b
->p
, b
->len
) == 0 )
1455 * Compare two X.509 Names (aka rdnSequence).
1457 * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
1458 * we sometimes return unequal when the full algorithm would return equal,
1459 * but never the other way. (In particular, we don't do Unicode normalisation
1460 * or space folding.)
1462 * Return 0 if equal, -1 otherwise.
1464 static int x509_name_cmp( const mbedtls_x509_name
*a
, const mbedtls_x509_name
*b
)
1466 /* Avoid recursion, it might not be optimised by the compiler */
1467 while( a
!= NULL
|| b
!= NULL
)
1469 if( a
== NULL
|| b
== NULL
)
1473 if( a
->oid
.tag
!= b
->oid
.tag
||
1474 a
->oid
.len
!= b
->oid
.len
||
1475 memcmp( a
->oid
.p
, b
->oid
.p
, b
->oid
.len
) != 0 )
1481 if( x509_string_cmp( &a
->val
, &b
->val
) != 0 )
1484 /* structure of the list of sets */
1485 if( a
->next_merged
!= b
->next_merged
)
1492 /* a == NULL == b */
1497 * Return an informational string about the certificate.
1499 #define BEFORE_COLON 18
1501 int mbedtls_x509_crt_info( char *buf
, size_t size
, const char *prefix
,
1502 const mbedtls_x509_crt
*crt
)
1507 char key_size_str
[BEFORE_COLON
];
1514 ret
= mbedtls_snprintf( p
, n
, "\nCertificate is uninitialised!\n" );
1515 MBEDTLS_X509_SAFE_SNPRINTF
;
1517 return( (int) ( size
- n
) );
1520 ret
= mbedtls_snprintf( p
, n
, "%scert. version : %d\n",
1521 prefix
, crt
->version
);
1522 MBEDTLS_X509_SAFE_SNPRINTF
;
1523 ret
= mbedtls_snprintf( p
, n
, "%sserial number : ",
1525 MBEDTLS_X509_SAFE_SNPRINTF
;
1527 ret
= mbedtls_x509_serial_gets( p
, n
, &crt
->serial
);
1528 MBEDTLS_X509_SAFE_SNPRINTF
;
1530 ret
= mbedtls_snprintf( p
, n
, "\n%sissuer name : ", prefix
);
1531 MBEDTLS_X509_SAFE_SNPRINTF
;
1532 ret
= mbedtls_x509_dn_gets( p
, n
, &crt
->issuer
);
1533 MBEDTLS_X509_SAFE_SNPRINTF
;
1535 ret
= mbedtls_snprintf( p
, n
, "\n%ssubject name : ", prefix
);
1536 MBEDTLS_X509_SAFE_SNPRINTF
;
1537 ret
= mbedtls_x509_dn_gets( p
, n
, &crt
->subject
);
1538 MBEDTLS_X509_SAFE_SNPRINTF
;
1540 ret
= mbedtls_snprintf( p
, n
, "\n%sissued on : " \
1541 "%04d-%02d-%02d %02d:%02d:%02d", prefix
,
1542 crt
->valid_from
.year
, crt
->valid_from
.mon
,
1543 crt
->valid_from
.day
, crt
->valid_from
.hour
,
1544 crt
->valid_from
.min
, crt
->valid_from
.sec
);
1545 MBEDTLS_X509_SAFE_SNPRINTF
;
1547 ret
= mbedtls_snprintf( p
, n
, "\n%sexpires on : " \
1548 "%04d-%02d-%02d %02d:%02d:%02d", prefix
,
1549 crt
->valid_to
.year
, crt
->valid_to
.mon
,
1550 crt
->valid_to
.day
, crt
->valid_to
.hour
,
1551 crt
->valid_to
.min
, crt
->valid_to
.sec
);
1552 MBEDTLS_X509_SAFE_SNPRINTF
;
1554 ret
= mbedtls_snprintf( p
, n
, "\n%ssigned using : ", prefix
);
1555 MBEDTLS_X509_SAFE_SNPRINTF
;
1557 ret
= mbedtls_x509_sig_alg_gets( p
, n
, &crt
->sig_oid
, crt
->sig_pk
,
1558 crt
->sig_md
, crt
->sig_opts
);
1559 MBEDTLS_X509_SAFE_SNPRINTF
;
1562 if( ( ret
= mbedtls_x509_key_size_helper( key_size_str
, BEFORE_COLON
,
1563 mbedtls_pk_get_name( &crt
->pk
) ) ) != 0 )
1568 ret
= mbedtls_snprintf( p
, n
, "\n%s%-" BC
"s: %d bits", prefix
, key_size_str
,
1569 (int) mbedtls_pk_get_bitlen( &crt
->pk
) );
1570 MBEDTLS_X509_SAFE_SNPRINTF
;
1573 * Optional extensions
1576 if( crt
->ext_types
& MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
)
1578 ret
= mbedtls_snprintf( p
, n
, "\n%sbasic constraints : CA=%s", prefix
,
1579 crt
->ca_istrue
? "true" : "false" );
1580 MBEDTLS_X509_SAFE_SNPRINTF
;
1582 if( crt
->max_pathlen
> 0 )
1584 ret
= mbedtls_snprintf( p
, n
, ", max_pathlen=%d", crt
->max_pathlen
- 1 );
1585 MBEDTLS_X509_SAFE_SNPRINTF
;
1589 if( crt
->ext_types
& MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
)
1591 ret
= mbedtls_snprintf( p
, n
, "\n%ssubject alt name : ", prefix
);
1592 MBEDTLS_X509_SAFE_SNPRINTF
;
1594 if( ( ret
= x509_info_subject_alt_name( &p
, &n
,
1595 &crt
->subject_alt_names
) ) != 0 )
1599 if( crt
->ext_types
& MBEDTLS_X509_EXT_NS_CERT_TYPE
)
1601 ret
= mbedtls_snprintf( p
, n
, "\n%scert. type : ", prefix
);
1602 MBEDTLS_X509_SAFE_SNPRINTF
;
1604 if( ( ret
= x509_info_cert_type( &p
, &n
, crt
->ns_cert_type
) ) != 0 )
1608 if( crt
->ext_types
& MBEDTLS_X509_EXT_KEY_USAGE
)
1610 ret
= mbedtls_snprintf( p
, n
, "\n%skey usage : ", prefix
);
1611 MBEDTLS_X509_SAFE_SNPRINTF
;
1613 if( ( ret
= x509_info_key_usage( &p
, &n
, crt
->key_usage
) ) != 0 )
1617 if( crt
->ext_types
& MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
)
1619 ret
= mbedtls_snprintf( p
, n
, "\n%sext key usage : ", prefix
);
1620 MBEDTLS_X509_SAFE_SNPRINTF
;
1622 if( ( ret
= x509_info_ext_key_usage( &p
, &n
,
1623 &crt
->ext_key_usage
) ) != 0 )
1627 ret
= mbedtls_snprintf( p
, n
, "\n" );
1628 MBEDTLS_X509_SAFE_SNPRINTF
;
1630 return( (int) ( size
- n
) );
1633 struct x509_crt_verify_string
{
1638 static const struct x509_crt_verify_string x509_crt_verify_strings
[] = {
1639 { MBEDTLS_X509_BADCERT_EXPIRED
, "The certificate validity has expired" },
1640 { MBEDTLS_X509_BADCERT_REVOKED
, "The certificate has been revoked (is on a CRL)" },
1641 { MBEDTLS_X509_BADCERT_CN_MISMATCH
, "The certificate Common Name (CN) does not match with the expected CN" },
1642 { MBEDTLS_X509_BADCERT_NOT_TRUSTED
, "The certificate is not correctly signed by the trusted CA" },
1643 { MBEDTLS_X509_BADCRL_NOT_TRUSTED
, "The CRL is not correctly signed by the trusted CA" },
1644 { MBEDTLS_X509_BADCRL_EXPIRED
, "The CRL is expired" },
1645 { MBEDTLS_X509_BADCERT_MISSING
, "Certificate was missing" },
1646 { MBEDTLS_X509_BADCERT_SKIP_VERIFY
, "Certificate verification was skipped" },
1647 { MBEDTLS_X509_BADCERT_OTHER
, "Other reason (can be used by verify callback)" },
1648 { MBEDTLS_X509_BADCERT_FUTURE
, "The certificate validity starts in the future" },
1649 { MBEDTLS_X509_BADCRL_FUTURE
, "The CRL is from the future" },
1650 { MBEDTLS_X509_BADCERT_KEY_USAGE
, "Usage does not match the keyUsage extension" },
1651 { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
, "Usage does not match the extendedKeyUsage extension" },
1652 { MBEDTLS_X509_BADCERT_NS_CERT_TYPE
, "Usage does not match the nsCertType extension" },
1653 { MBEDTLS_X509_BADCERT_BAD_MD
, "The certificate is signed with an unacceptable hash." },
1654 { MBEDTLS_X509_BADCERT_BAD_PK
, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1655 { MBEDTLS_X509_BADCERT_BAD_KEY
, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
1656 { MBEDTLS_X509_BADCRL_BAD_MD
, "The CRL is signed with an unacceptable hash." },
1657 { MBEDTLS_X509_BADCRL_BAD_PK
, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
1658 { MBEDTLS_X509_BADCRL_BAD_KEY
, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
1662 int mbedtls_x509_crt_verify_info( char *buf
, size_t size
, const char *prefix
,
1666 const struct x509_crt_verify_string
*cur
;
1670 for( cur
= x509_crt_verify_strings
; cur
->string
!= NULL
; cur
++ )
1672 if( ( flags
& cur
->code
) == 0 )
1675 ret
= mbedtls_snprintf( p
, n
, "%s%s\n", prefix
, cur
->string
);
1676 MBEDTLS_X509_SAFE_SNPRINTF
;
1682 ret
= mbedtls_snprintf( p
, n
, "%sUnknown reason "
1683 "(this should not happen)\n", prefix
);
1684 MBEDTLS_X509_SAFE_SNPRINTF
;
1687 return( (int) ( size
- n
) );
1690 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1691 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt
*crt
,
1692 unsigned int usage
)
1694 unsigned int usage_must
, usage_may
;
1695 unsigned int may_mask
= MBEDTLS_X509_KU_ENCIPHER_ONLY
1696 | MBEDTLS_X509_KU_DECIPHER_ONLY
;
1698 if( ( crt
->ext_types
& MBEDTLS_X509_EXT_KEY_USAGE
) == 0 )
1701 usage_must
= usage
& ~may_mask
;
1703 if( ( ( crt
->key_usage
& ~may_mask
) & usage_must
) != usage_must
)
1704 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
1706 usage_may
= usage
& may_mask
;
1708 if( ( ( crt
->key_usage
& may_mask
) | usage_may
) != usage_may
)
1709 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
1715 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
1716 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt
*crt
,
1717 const char *usage_oid
,
1720 const mbedtls_x509_sequence
*cur
;
1722 /* Extension is not mandatory, absent means no restriction */
1723 if( ( crt
->ext_types
& MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
) == 0 )
1727 * Look for the requested usage (or wildcard ANY) in our list
1729 for( cur
= &crt
->ext_key_usage
; cur
!= NULL
; cur
= cur
->next
)
1731 const mbedtls_x509_buf
*cur_oid
= &cur
->buf
;
1733 if( cur_oid
->len
== usage_len
&&
1734 memcmp( cur_oid
->p
, usage_oid
, usage_len
) == 0 )
1739 if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
, cur_oid
) == 0 )
1743 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA
);
1745 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
1747 #if defined(MBEDTLS_X509_CRL_PARSE_C)
1749 * Return 1 if the certificate is revoked, or 0 otherwise.
1751 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt
*crt
, const mbedtls_x509_crl
*crl
)
1753 const mbedtls_x509_crl_entry
*cur
= &crl
->entry
;
1755 while( cur
!= NULL
&& cur
->serial
.len
!= 0 )
1757 if( crt
->serial
.len
== cur
->serial
.len
&&
1758 memcmp( crt
->serial
.p
, cur
->serial
.p
, crt
->serial
.len
) == 0 )
1760 if( mbedtls_x509_time_is_past( &cur
->revocation_date
) )
1771 * Check that the given certificate is not revoked according to the CRL.
1772 * Skip validation if no CRL for the given CA is present.
1774 static int x509_crt_verifycrl( mbedtls_x509_crt
*crt
, mbedtls_x509_crt
*ca
,
1775 mbedtls_x509_crl
*crl_list
,
1776 const mbedtls_x509_crt_profile
*profile
)
1779 unsigned char hash
[MBEDTLS_MD_MAX_SIZE
];
1780 const mbedtls_md_info_t
*md_info
;
1785 while( crl_list
!= NULL
)
1787 if( crl_list
->version
== 0 ||
1788 x509_name_cmp( &crl_list
->issuer
, &ca
->subject
) != 0 )
1790 crl_list
= crl_list
->next
;
1795 * Check if the CA is configured to sign CRLs
1797 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1798 if( mbedtls_x509_crt_check_key_usage( ca
,
1799 MBEDTLS_X509_KU_CRL_SIGN
) != 0 )
1801 flags
|= MBEDTLS_X509_BADCRL_NOT_TRUSTED
;
1807 * Check if CRL is correctly signed by the trusted CA
1809 if( x509_profile_check_md_alg( profile
, crl_list
->sig_md
) != 0 )
1810 flags
|= MBEDTLS_X509_BADCRL_BAD_MD
;
1812 if( x509_profile_check_pk_alg( profile
, crl_list
->sig_pk
) != 0 )
1813 flags
|= MBEDTLS_X509_BADCRL_BAD_PK
;
1815 md_info
= mbedtls_md_info_from_type( crl_list
->sig_md
);
1816 if( mbedtls_md( md_info
, crl_list
->tbs
.p
, crl_list
->tbs
.len
, hash
) != 0 )
1818 /* Note: this can't happen except after an internal error */
1819 flags
|= MBEDTLS_X509_BADCRL_NOT_TRUSTED
;
1823 if( x509_profile_check_key( profile
, crl_list
->sig_pk
, &ca
->pk
) != 0 )
1824 flags
|= MBEDTLS_X509_BADCERT_BAD_KEY
;
1826 if( mbedtls_pk_verify_ext( crl_list
->sig_pk
, crl_list
->sig_opts
, &ca
->pk
,
1827 crl_list
->sig_md
, hash
, mbedtls_md_get_size( md_info
),
1828 crl_list
->sig
.p
, crl_list
->sig
.len
) != 0 )
1830 flags
|= MBEDTLS_X509_BADCRL_NOT_TRUSTED
;
1835 * Check for validity of CRL (Do not drop out)
1837 if( mbedtls_x509_time_is_past( &crl_list
->next_update
) )
1838 flags
|= MBEDTLS_X509_BADCRL_EXPIRED
;
1840 if( mbedtls_x509_time_is_future( &crl_list
->this_update
) )
1841 flags
|= MBEDTLS_X509_BADCRL_FUTURE
;
1844 * Check if certificate is revoked
1846 if( mbedtls_x509_crt_is_revoked( crt
, crl_list
) )
1848 flags
|= MBEDTLS_X509_BADCERT_REVOKED
;
1852 crl_list
= crl_list
->next
;
1857 #endif /* MBEDTLS_X509_CRL_PARSE_C */
1860 * Check if 'parent' is a suitable parent (signing CA) for 'child'.
1861 * Return 0 if yes, -1 if not.
1863 * top means parent is a locally-trusted certificate
1864 * bottom means child is the end entity cert
1866 static int x509_crt_check_parent( const mbedtls_x509_crt
*child
,
1867 const mbedtls_x509_crt
*parent
,
1868 int top
, int bottom
)
1872 /* Parent must be the issuer */
1873 if( x509_name_cmp( &child
->issuer
, &parent
->subject
) != 0 )
1876 /* Parent must have the basicConstraints CA bit set as a general rule */
1879 /* Exception: v1/v2 certificates that are locally trusted. */
1880 if( top
&& parent
->version
< 3 )
1883 /* Exception: self-signed end-entity certs that are locally trusted. */
1884 if( top
&& bottom
&&
1885 child
->raw
.len
== parent
->raw
.len
&&
1886 memcmp( child
->raw
.p
, parent
->raw
.p
, child
->raw
.len
) == 0 )
1891 if( need_ca_bit
&& ! parent
->ca_istrue
)
1894 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1896 mbedtls_x509_crt_check_key_usage( parent
, MBEDTLS_X509_KU_KEY_CERT_SIGN
) != 0 )
1906 * Verify a certificate with no parent inside the chain
1907 * (either the parent is a trusted root, or there is no parent)
1909 * See comments for mbedtls_x509_crt_verify_with_profile()
1910 * (also for notation used below)
1912 * This function is called in two cases:
1913 * - child was found to have a parent in trusted roots, in which case we're
1914 * called with trust_ca pointing directly to that parent (not the full list)
1915 * - this is cases 1, 2 and 3 of the comment on verify_with_profile()
1916 * - case 1 is special as child and trust_ca point to copies of the same
1918 * - child was found to have no parent either in the chain or in trusted CAs
1919 * - this is cases 4 and 5 of the comment on verify_with_profile()
1921 * For historical reasons, the function currently does not assume that
1922 * trust_ca points directly to the right root in the first case, and it
1923 * doesn't know in which case it starts, so it always starts by searching for
1924 * a parent in trust_ca.
1926 static int x509_crt_verify_top(
1927 mbedtls_x509_crt
*child
, mbedtls_x509_crt
*trust_ca
,
1928 mbedtls_x509_crl
*ca_crl
,
1929 const mbedtls_x509_crt_profile
*profile
,
1930 int path_cnt
, int self_cnt
, uint32_t *flags
,
1931 int (*f_vrfy
)(void *, mbedtls_x509_crt
*, int, uint32_t *),
1935 uint32_t ca_flags
= 0;
1937 unsigned char hash
[MBEDTLS_MD_MAX_SIZE
];
1938 const mbedtls_md_info_t
*md_info
;
1939 mbedtls_x509_crt
*future_past_ca
= NULL
;
1941 if( mbedtls_x509_time_is_past( &child
->valid_to
) )
1942 *flags
|= MBEDTLS_X509_BADCERT_EXPIRED
;
1944 if( mbedtls_x509_time_is_future( &child
->valid_from
) )
1945 *flags
|= MBEDTLS_X509_BADCERT_FUTURE
;
1947 if( x509_profile_check_md_alg( profile
, child
->sig_md
) != 0 )
1948 *flags
|= MBEDTLS_X509_BADCERT_BAD_MD
;
1950 if( x509_profile_check_pk_alg( profile
, child
->sig_pk
) != 0 )
1951 *flags
|= MBEDTLS_X509_BADCERT_BAD_PK
;
1954 * Child is the top of the chain. Check against the trust_ca list.
1956 *flags
|= MBEDTLS_X509_BADCERT_NOT_TRUSTED
;
1958 md_info
= mbedtls_md_info_from_type( child
->sig_md
);
1959 if( mbedtls_md( md_info
, child
->tbs
.p
, child
->tbs
.len
, hash
) != 0 )
1961 /* Note: this can't happen except after an internal error */
1962 /* Cannot check signature, no need to try any CA */
1966 for( /* trust_ca */ ; trust_ca
!= NULL
; trust_ca
= trust_ca
->next
)
1968 if( x509_crt_check_parent( child
, trust_ca
, 1, path_cnt
== 0 ) != 0 )
1971 check_path_cnt
= path_cnt
+ 1;
1974 * Reduce check_path_cnt to check against if top of the chain is
1975 * the same as the trusted CA
1977 if( child
->subject_raw
.len
== trust_ca
->subject_raw
.len
&&
1978 memcmp( child
->subject_raw
.p
, trust_ca
->subject_raw
.p
,
1979 child
->subject_raw
.len
) == 0 )
1984 /* Self signed certificates do not count towards the limit */
1985 if( trust_ca
->max_pathlen
> 0 &&
1986 trust_ca
->max_pathlen
< check_path_cnt
- self_cnt
)
1991 if( mbedtls_pk_verify_ext( child
->sig_pk
, child
->sig_opts
, &trust_ca
->pk
,
1992 child
->sig_md
, hash
, mbedtls_md_get_size( md_info
),
1993 child
->sig
.p
, child
->sig
.len
) != 0 )
1998 if( mbedtls_x509_time_is_past( &trust_ca
->valid_to
) ||
1999 mbedtls_x509_time_is_future( &trust_ca
->valid_from
) )
2001 if ( future_past_ca
== NULL
)
2002 future_past_ca
= trust_ca
;
2010 if( trust_ca
!= NULL
|| ( trust_ca
= future_past_ca
) != NULL
)
2013 * Top of chain is signed by a trusted CA
2015 *flags
&= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED
;
2017 if( x509_profile_check_key( profile
, child
->sig_pk
, &trust_ca
->pk
) != 0 )
2018 *flags
|= MBEDTLS_X509_BADCERT_BAD_KEY
;
2022 * If top of chain is not the same as the trusted CA send a verify request
2023 * to the callback for any issues with validity and CRL presence for the
2024 * trusted CA certificate.
2026 if( trust_ca
!= NULL
&&
2027 ( child
->subject_raw
.len
!= trust_ca
->subject_raw
.len
||
2028 memcmp( child
->subject_raw
.p
, trust_ca
->subject_raw
.p
,
2029 child
->subject_raw
.len
) != 0 ) )
2031 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2032 /* Check trusted CA's CRL for the chain's top crt */
2033 *flags
|= x509_crt_verifycrl( child
, trust_ca
, ca_crl
, profile
);
2038 if( mbedtls_x509_time_is_past( &trust_ca
->valid_to
) )
2039 ca_flags
|= MBEDTLS_X509_BADCERT_EXPIRED
;
2041 if( mbedtls_x509_time_is_future( &trust_ca
->valid_from
) )
2042 ca_flags
|= MBEDTLS_X509_BADCERT_FUTURE
;
2044 if( NULL
!= f_vrfy
)
2046 if( ( ret
= f_vrfy( p_vrfy
, trust_ca
, path_cnt
+ 1,
2047 &ca_flags
) ) != 0 )
2054 /* Call callback on top cert */
2055 if( NULL
!= f_vrfy
)
2057 if( ( ret
= f_vrfy( p_vrfy
, child
, path_cnt
, flags
) ) != 0 )
2067 * Verify a certificate with a parent inside the chain
2069 * See comments for mbedtls_x509_crt_verify_with_profile()
2071 static int x509_crt_verify_child(
2072 mbedtls_x509_crt
*child
, mbedtls_x509_crt
*parent
,
2073 mbedtls_x509_crt
*trust_ca
, mbedtls_x509_crl
*ca_crl
,
2074 const mbedtls_x509_crt_profile
*profile
,
2075 int path_cnt
, int self_cnt
, uint32_t *flags
,
2076 int (*f_vrfy
)(void *, mbedtls_x509_crt
*, int, uint32_t *),
2080 uint32_t parent_flags
= 0;
2081 unsigned char hash
[MBEDTLS_MD_MAX_SIZE
];
2082 mbedtls_x509_crt
*grandparent
;
2083 const mbedtls_md_info_t
*md_info
;
2085 /* Counting intermediate self signed certificates */
2086 if( ( path_cnt
!= 0 ) && x509_name_cmp( &child
->issuer
, &child
->subject
) == 0 )
2089 /* path_cnt is 0 for the first intermediate CA */
2090 if( 1 + path_cnt
> MBEDTLS_X509_MAX_INTERMEDIATE_CA
)
2092 /* return immediately as the goal is to avoid unbounded recursion */
2093 return( MBEDTLS_ERR_X509_FATAL_ERROR
);
2096 if( mbedtls_x509_time_is_past( &child
->valid_to
) )
2097 *flags
|= MBEDTLS_X509_BADCERT_EXPIRED
;
2099 if( mbedtls_x509_time_is_future( &child
->valid_from
) )
2100 *flags
|= MBEDTLS_X509_BADCERT_FUTURE
;
2102 if( x509_profile_check_md_alg( profile
, child
->sig_md
) != 0 )
2103 *flags
|= MBEDTLS_X509_BADCERT_BAD_MD
;
2105 if( x509_profile_check_pk_alg( profile
, child
->sig_pk
) != 0 )
2106 *flags
|= MBEDTLS_X509_BADCERT_BAD_PK
;
2108 md_info
= mbedtls_md_info_from_type( child
->sig_md
);
2109 if( mbedtls_md( md_info
, child
->tbs
.p
, child
->tbs
.len
, hash
) != 0 )
2111 /* Note: this can't happen except after an internal error */
2112 *flags
|= MBEDTLS_X509_BADCERT_NOT_TRUSTED
;
2116 if( x509_profile_check_key( profile
, child
->sig_pk
, &parent
->pk
) != 0 )
2117 *flags
|= MBEDTLS_X509_BADCERT_BAD_KEY
;
2119 if( mbedtls_pk_verify_ext( child
->sig_pk
, child
->sig_opts
, &parent
->pk
,
2120 child
->sig_md
, hash
, mbedtls_md_get_size( md_info
),
2121 child
->sig
.p
, child
->sig
.len
) != 0 )
2123 *flags
|= MBEDTLS_X509_BADCERT_NOT_TRUSTED
;
2127 #if defined(MBEDTLS_X509_CRL_PARSE_C)
2128 /* Check trusted CA's CRL for the given crt */
2129 *flags
|= x509_crt_verifycrl(child
, parent
, ca_crl
, profile
);
2132 /* Look for a grandparent in trusted CAs */
2133 for( grandparent
= trust_ca
;
2134 grandparent
!= NULL
;
2135 grandparent
= grandparent
->next
)
2137 if( x509_crt_check_parent( parent
, grandparent
,
2138 0, path_cnt
== 0 ) == 0 )
2142 if( grandparent
!= NULL
)
2144 ret
= x509_crt_verify_top( parent
, grandparent
, ca_crl
, profile
,
2145 path_cnt
+ 1, self_cnt
, &parent_flags
, f_vrfy
, p_vrfy
);
2151 /* Look for a grandparent upwards the chain */
2152 for( grandparent
= parent
->next
;
2153 grandparent
!= NULL
;
2154 grandparent
= grandparent
->next
)
2156 /* +2 because the current step is not yet accounted for
2157 * and because max_pathlen is one higher than it should be.
2158 * Also self signed certificates do not count to the limit. */
2159 if( grandparent
->max_pathlen
> 0 &&
2160 grandparent
->max_pathlen
< 2 + path_cnt
- self_cnt
)
2165 if( x509_crt_check_parent( parent
, grandparent
,
2166 0, path_cnt
== 0 ) == 0 )
2170 /* Is our parent part of the chain or at the top? */
2171 if( grandparent
!= NULL
)
2173 ret
= x509_crt_verify_child( parent
, grandparent
, trust_ca
, ca_crl
,
2174 profile
, path_cnt
+ 1, self_cnt
, &parent_flags
,
2181 ret
= x509_crt_verify_top( parent
, trust_ca
, ca_crl
, profile
,
2182 path_cnt
+ 1, self_cnt
, &parent_flags
,
2189 /* child is verified to be a child of the parent, call verify callback */
2190 if( NULL
!= f_vrfy
)
2191 if( ( ret
= f_vrfy( p_vrfy
, child
, path_cnt
, flags
) ) != 0 )
2194 *flags
|= parent_flags
;
2200 * Verify the certificate validity
2202 int mbedtls_x509_crt_verify( mbedtls_x509_crt
*crt
,
2203 mbedtls_x509_crt
*trust_ca
,
2204 mbedtls_x509_crl
*ca_crl
,
2205 const char *cn
, uint32_t *flags
,
2206 int (*f_vrfy
)(void *, mbedtls_x509_crt
*, int, uint32_t *),
2209 return( mbedtls_x509_crt_verify_with_profile( crt
, trust_ca
, ca_crl
,
2210 &mbedtls_x509_crt_profile_default
, cn
, flags
, f_vrfy
, p_vrfy
) );
2215 * Verify the certificate validity, with profile
2217 * The chain building/verification is spread accross 4 functions:
2219 * - x509_crt_verify_child()
2220 * - x509_crt_verify_top()
2221 * - x509_crt_check_parent()
2223 * There are five main cases to consider. Let's introduce some notation:
2224 * - E means the end-entity certificate
2225 * - I an intermediate CA
2226 * - R the trusted root CA this chain anchors to
2227 * - T the list of trusted roots (R and possible some others)
2229 * The main cases with the calling sequence of the crt_verify_xxx() are:
2230 * 1. E = R (explicitly trusted EE cert)
2231 * verify(E, T) -> verify_top(E, R)
2232 * 2. E -> R (EE signed by trusted root)
2233 * verify(E, T) -> verify_top(E, R)
2234 * 3. E -> I -> R (EE signed by intermediate signed by trusted root)
2235 * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, R)
2236 * (plus variant with multiple intermediates)
2237 * 4. E -> I (EE signed by intermediate that's not trusted)
2238 * verify(E, T) -> verify_child(E, I, T) -> verify_top(I, T)
2239 * (plus variant with multiple intermediates)
2240 * 5. E (EE not trusted)
2241 * verify(E, T) -> verify_top(E, T)
2243 * Note: this notation and case numbering is also used in x509_crt_verify_top()
2245 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt
*crt
,
2246 mbedtls_x509_crt
*trust_ca
,
2247 mbedtls_x509_crl
*ca_crl
,
2248 const mbedtls_x509_crt_profile
*profile
,
2249 const char *cn
, uint32_t *flags
,
2250 int (*f_vrfy
)(void *, mbedtls_x509_crt
*, int, uint32_t *),
2255 int pathlen
= 0, selfsigned
= 0;
2256 mbedtls_x509_crt
*parent
;
2257 mbedtls_x509_name
*name
;
2258 mbedtls_x509_sequence
*cur
= NULL
;
2259 mbedtls_pk_type_t pk_type
;
2263 if( profile
== NULL
)
2265 ret
= MBEDTLS_ERR_X509_BAD_INPUT_DATA
;
2271 name
= &crt
->subject
;
2272 cn_len
= strlen( cn
);
2274 if( crt
->ext_types
& MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
)
2276 cur
= &crt
->subject_alt_names
;
2278 while( cur
!= NULL
)
2280 if( cur
->buf
.len
== cn_len
&&
2281 x509_memcasecmp( cn
, cur
->buf
.p
, cn_len
) == 0 )
2284 if( cur
->buf
.len
> 2 &&
2285 memcmp( cur
->buf
.p
, "*.", 2 ) == 0 &&
2286 x509_check_wildcard( cn
, &cur
->buf
) == 0 )
2295 *flags
|= MBEDTLS_X509_BADCERT_CN_MISMATCH
;
2299 while( name
!= NULL
)
2301 if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN
, &name
->oid
) == 0 )
2303 if( name
->val
.len
== cn_len
&&
2304 x509_memcasecmp( name
->val
.p
, cn
, cn_len
) == 0 )
2307 if( name
->val
.len
> 2 &&
2308 memcmp( name
->val
.p
, "*.", 2 ) == 0 &&
2309 x509_check_wildcard( cn
, &name
->val
) == 0 )
2317 *flags
|= MBEDTLS_X509_BADCERT_CN_MISMATCH
;
2321 /* Check the type and size of the key */
2322 pk_type
= mbedtls_pk_get_type( &crt
->pk
);
2324 if( x509_profile_check_pk_alg( profile
, pk_type
) != 0 )
2325 *flags
|= MBEDTLS_X509_BADCERT_BAD_PK
;
2327 if( x509_profile_check_key( profile
, pk_type
, &crt
->pk
) != 0 )
2328 *flags
|= MBEDTLS_X509_BADCERT_BAD_KEY
;
2330 /* Look for a parent in trusted CAs */
2331 for( parent
= trust_ca
; parent
!= NULL
; parent
= parent
->next
)
2333 if( x509_crt_check_parent( crt
, parent
, 0, pathlen
== 0 ) == 0 )
2337 if( parent
!= NULL
)
2339 ret
= x509_crt_verify_top( crt
, parent
, ca_crl
, profile
,
2340 pathlen
, selfsigned
, flags
, f_vrfy
, p_vrfy
);
2346 /* Look for a parent upwards the chain */
2347 for( parent
= crt
->next
; parent
!= NULL
; parent
= parent
->next
)
2348 if( x509_crt_check_parent( crt
, parent
, 0, pathlen
== 0 ) == 0 )
2351 /* Are we part of the chain or at the top? */
2352 if( parent
!= NULL
)
2354 ret
= x509_crt_verify_child( crt
, parent
, trust_ca
, ca_crl
, profile
,
2355 pathlen
, selfsigned
, flags
, f_vrfy
, p_vrfy
);
2361 ret
= x509_crt_verify_top( crt
, trust_ca
, ca_crl
, profile
,
2362 pathlen
, selfsigned
, flags
, f_vrfy
, p_vrfy
);
2369 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
2370 * the SSL module for authmode optional, but non-zero return from the
2371 * callback means a fatal error so it shouldn't be ignored */
2372 if( ret
== MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
)
2373 ret
= MBEDTLS_ERR_X509_FATAL_ERROR
;
2377 *flags
= (uint32_t) -1;
2382 return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
);
2388 * Initialize a certificate chain
2390 void mbedtls_x509_crt_init( mbedtls_x509_crt
*crt
)
2392 memset( crt
, 0, sizeof(mbedtls_x509_crt
) );
2396 * Unallocate all certificate data
2398 void mbedtls_x509_crt_free( mbedtls_x509_crt
*crt
)
2400 mbedtls_x509_crt
*cert_cur
= crt
;
2401 mbedtls_x509_crt
*cert_prv
;
2402 mbedtls_x509_name
*name_cur
;
2403 mbedtls_x509_name
*name_prv
;
2404 mbedtls_x509_sequence
*seq_cur
;
2405 mbedtls_x509_sequence
*seq_prv
;
2412 mbedtls_pk_free( &cert_cur
->pk
);
2414 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
2415 mbedtls_free( cert_cur
->sig_opts
);
2418 name_cur
= cert_cur
->issuer
.next
;
2419 while( name_cur
!= NULL
)
2421 name_prv
= name_cur
;
2422 name_cur
= name_cur
->next
;
2423 mbedtls_zeroize( name_prv
, sizeof( mbedtls_x509_name
) );
2424 mbedtls_free( name_prv
);
2427 name_cur
= cert_cur
->subject
.next
;
2428 while( name_cur
!= NULL
)
2430 name_prv
= name_cur
;
2431 name_cur
= name_cur
->next
;
2432 mbedtls_zeroize( name_prv
, sizeof( mbedtls_x509_name
) );
2433 mbedtls_free( name_prv
);
2436 seq_cur
= cert_cur
->ext_key_usage
.next
;
2437 while( seq_cur
!= NULL
)
2440 seq_cur
= seq_cur
->next
;
2441 mbedtls_zeroize( seq_prv
, sizeof( mbedtls_x509_sequence
) );
2442 mbedtls_free( seq_prv
);
2445 seq_cur
= cert_cur
->subject_alt_names
.next
;
2446 while( seq_cur
!= NULL
)
2449 seq_cur
= seq_cur
->next
;
2450 mbedtls_zeroize( seq_prv
, sizeof( mbedtls_x509_sequence
) );
2451 mbedtls_free( seq_prv
);
2454 if( cert_cur
->raw
.p
!= NULL
)
2456 mbedtls_zeroize( cert_cur
->raw
.p
, cert_cur
->raw
.len
);
2457 mbedtls_free( cert_cur
->raw
.p
);
2460 cert_cur
= cert_cur
->next
;
2462 while( cert_cur
!= NULL
);
2467 cert_prv
= cert_cur
;
2468 cert_cur
= cert_cur
->next
;
2470 mbedtls_zeroize( cert_prv
, sizeof( mbedtls_x509_crt
) );
2471 if( cert_prv
!= crt
)
2472 mbedtls_free( cert_prv
);
2474 while( cert_cur
!= NULL
);
2477 #endif /* MBEDTLS_X509_CRT_PARSE_C */