/src/mbedtls/library/x509_crt.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * X.509 certificate parsing and verification |
3 | | * |
4 | | * Copyright The Mbed TLS Contributors |
5 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
6 | | */ |
7 | | /* |
8 | | * The ITU-T X.509 standard defines a certificate format for PKI. |
9 | | * |
10 | | * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) |
11 | | * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) |
12 | | * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) |
13 | | * |
14 | | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf |
15 | | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf |
16 | | * |
17 | | * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf |
18 | | */ |
19 | | |
20 | | #include "common.h" |
21 | | |
22 | | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
23 | | |
24 | | #include "mbedtls/x509_crt.h" |
25 | | #include "x509_internal.h" |
26 | | #include "mbedtls/error.h" |
27 | | #include "mbedtls/oid.h" |
28 | | #include "mbedtls/platform_util.h" |
29 | | |
30 | | #include <string.h> |
31 | | |
32 | | #if defined(MBEDTLS_PEM_PARSE_C) |
33 | | #include "mbedtls/pem.h" |
34 | | #endif |
35 | | |
36 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
37 | | #include "psa/crypto.h" |
38 | | #include "psa_util_internal.h" |
39 | | #include "mbedtls/psa_util.h" |
40 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
41 | | #include "pk_internal.h" |
42 | | |
43 | | #include "mbedtls/platform.h" |
44 | | |
45 | | #if defined(MBEDTLS_THREADING_C) |
46 | | #include "mbedtls/threading.h" |
47 | | #endif |
48 | | |
49 | | #if defined(MBEDTLS_HAVE_TIME) |
50 | | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) |
51 | | #define WIN32_LEAN_AND_MEAN |
52 | | #include <windows.h> |
53 | | #else |
54 | | #include <time.h> |
55 | | #endif |
56 | | #endif |
57 | | |
58 | | #if defined(MBEDTLS_FS_IO) |
59 | | #include <stdio.h> |
60 | | #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) |
61 | | #include <sys/types.h> |
62 | | #include <sys/stat.h> |
63 | | #if defined(__MBED__) |
64 | | #include <platform/mbed_retarget.h> |
65 | | #else |
66 | | #include <dirent.h> |
67 | | #endif /* __MBED__ */ |
68 | | #include <errno.h> |
69 | | #endif /* !_WIN32 || EFIX64 || EFI32 */ |
70 | | #endif |
71 | | |
72 | | /* |
73 | | * Item in a verification chain: cert and flags for it |
74 | | */ |
75 | | typedef struct { |
76 | | mbedtls_x509_crt *crt; |
77 | | uint32_t flags; |
78 | | } x509_crt_verify_chain_item; |
79 | | |
80 | | /* |
81 | | * Max size of verification chain: end-entity + intermediates + trusted root |
82 | | */ |
83 | | #define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) |
84 | | |
85 | | /* Default profile. Do not remove items unless there are serious security |
86 | | * concerns. */ |
87 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = |
88 | | { |
89 | | /* Hashes from SHA-256 and above. Note that this selection |
90 | | * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */ |
91 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | |
92 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | |
93 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), |
94 | | 0xFFFFFFF, /* Any PK alg */ |
95 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
96 | | /* Curves at or above 128-bit security level. Note that this selection |
97 | | * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ |
98 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | |
99 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | |
100 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | |
101 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | |
102 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | |
103 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | |
104 | | 0, |
105 | | #else /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
106 | | 0, |
107 | | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
108 | | 2048, |
109 | | }; |
110 | | |
111 | | /* Next-generation profile. Currently identical to the default, but may |
112 | | * be tightened at any time. */ |
113 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = |
114 | | { |
115 | | /* Hashes from SHA-256 and above. */ |
116 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | |
117 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | |
118 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), |
119 | | 0xFFFFFFF, /* Any PK alg */ |
120 | | #if defined(MBEDTLS_ECP_C) |
121 | | /* Curves at or above 128-bit security level. */ |
122 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | |
123 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | |
124 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | |
125 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | |
126 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | |
127 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | |
128 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1), |
129 | | #else |
130 | | 0, |
131 | | #endif |
132 | | 2048, |
133 | | }; |
134 | | |
135 | | /* |
136 | | * NSA Suite B Profile |
137 | | */ |
138 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = |
139 | | { |
140 | | /* Only SHA-256 and 384 */ |
141 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | |
142 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384), |
143 | | /* Only ECDSA */ |
144 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | |
145 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), |
146 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
147 | | /* Only NIST P-256 and P-384 */ |
148 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | |
149 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), |
150 | | #else /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
151 | | 0, |
152 | | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
153 | | 0, |
154 | | }; |
155 | | |
156 | | /* |
157 | | * Empty / all-forbidden profile |
158 | | */ |
159 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none = |
160 | | { |
161 | | 0, |
162 | | 0, |
163 | | 0, |
164 | | (uint32_t) -1, |
165 | | }; |
166 | | |
167 | | /* |
168 | | * Check md_alg against profile |
169 | | * Return 0 if md_alg is acceptable for this profile, -1 otherwise |
170 | | */ |
171 | | static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, |
172 | | mbedtls_md_type_t md_alg) |
173 | 0 | { |
174 | 0 | if (md_alg == MBEDTLS_MD_NONE) { |
175 | 0 | return -1; |
176 | 0 | } |
177 | | |
178 | 0 | if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { |
179 | 0 | return 0; |
180 | 0 | } |
181 | | |
182 | 0 | return -1; |
183 | 0 | } |
184 | | |
185 | | /* |
186 | | * Check pk_alg against profile |
187 | | * Return 0 if pk_alg is acceptable for this profile, -1 otherwise |
188 | | */ |
189 | | static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, |
190 | | mbedtls_pk_type_t pk_alg) |
191 | 0 | { |
192 | 0 | if (pk_alg == MBEDTLS_PK_NONE) { |
193 | 0 | return -1; |
194 | 0 | } |
195 | | |
196 | 0 | if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { |
197 | 0 | return 0; |
198 | 0 | } |
199 | | |
200 | 0 | return -1; |
201 | 0 | } |
202 | | |
203 | | /* |
204 | | * Check key against profile |
205 | | * Return 0 if pk is acceptable for this profile, -1 otherwise |
206 | | */ |
207 | | static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, |
208 | | const mbedtls_pk_context *pk) |
209 | 0 | { |
210 | 0 | const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); |
211 | |
|
212 | 0 | #if defined(MBEDTLS_RSA_C) |
213 | 0 | if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { |
214 | 0 | if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { |
215 | 0 | return 0; |
216 | 0 | } |
217 | | |
218 | 0 | return -1; |
219 | 0 | } |
220 | 0 | #endif /* MBEDTLS_RSA_C */ |
221 | | |
222 | 0 | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
223 | 0 | if (pk_alg == MBEDTLS_PK_ECDSA || |
224 | 0 | pk_alg == MBEDTLS_PK_ECKEY || |
225 | 0 | pk_alg == MBEDTLS_PK_ECKEY_DH) { |
226 | 0 | const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk); |
227 | |
|
228 | 0 | if (gid == MBEDTLS_ECP_DP_NONE) { |
229 | 0 | return -1; |
230 | 0 | } |
231 | | |
232 | 0 | if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { |
233 | 0 | return 0; |
234 | 0 | } |
235 | | |
236 | 0 | return -1; |
237 | 0 | } |
238 | 0 | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
239 | | |
240 | 0 | return -1; |
241 | 0 | } |
242 | | |
243 | | /* |
244 | | * Like memcmp, but case-insensitive and always returns -1 if different |
245 | | */ |
246 | | static int x509_memcasecmp(const void *s1, const void *s2, size_t len) |
247 | 0 | { |
248 | 0 | size_t i; |
249 | 0 | unsigned char diff; |
250 | 0 | const unsigned char *n1 = s1, *n2 = s2; |
251 | |
|
252 | 0 | for (i = 0; i < len; i++) { |
253 | 0 | diff = n1[i] ^ n2[i]; |
254 | |
|
255 | 0 | if (diff == 0) { |
256 | 0 | continue; |
257 | 0 | } |
258 | | |
259 | 0 | if (diff == 32 && |
260 | 0 | ((n1[i] >= 'a' && n1[i] <= 'z') || |
261 | 0 | (n1[i] >= 'A' && n1[i] <= 'Z'))) { |
262 | 0 | continue; |
263 | 0 | } |
264 | | |
265 | 0 | return -1; |
266 | 0 | } |
267 | | |
268 | 0 | return 0; |
269 | 0 | } |
270 | | |
271 | | /* |
272 | | * Return 0 if name matches wildcard, -1 otherwise |
273 | | */ |
274 | | static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name) |
275 | 0 | { |
276 | 0 | size_t i; |
277 | 0 | size_t cn_idx = 0, cn_len = strlen(cn); |
278 | | |
279 | | /* We can't have a match if there is no wildcard to match */ |
280 | 0 | if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') { |
281 | 0 | return -1; |
282 | 0 | } |
283 | | |
284 | 0 | for (i = 0; i < cn_len; ++i) { |
285 | 0 | if (cn[i] == '.') { |
286 | 0 | cn_idx = i; |
287 | 0 | break; |
288 | 0 | } |
289 | 0 | } |
290 | |
|
291 | 0 | if (cn_idx == 0) { |
292 | 0 | return -1; |
293 | 0 | } |
294 | | |
295 | 0 | if (cn_len - cn_idx == name->len - 1 && |
296 | 0 | x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { |
297 | 0 | return 0; |
298 | 0 | } |
299 | | |
300 | 0 | return -1; |
301 | 0 | } |
302 | | |
303 | | /* |
304 | | * Compare two X.509 strings, case-insensitive, and allowing for some encoding |
305 | | * variations (but not all). |
306 | | * |
307 | | * Return 0 if equal, -1 otherwise. |
308 | | */ |
309 | | static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b) |
310 | 0 | { |
311 | 0 | if (a->tag == b->tag && |
312 | 0 | a->len == b->len && |
313 | 0 | memcmp(a->p, b->p, b->len) == 0) { |
314 | 0 | return 0; |
315 | 0 | } |
316 | | |
317 | 0 | if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && |
318 | 0 | (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && |
319 | 0 | a->len == b->len && |
320 | 0 | x509_memcasecmp(a->p, b->p, b->len) == 0) { |
321 | 0 | return 0; |
322 | 0 | } |
323 | | |
324 | 0 | return -1; |
325 | 0 | } |
326 | | |
327 | | /* |
328 | | * Compare two X.509 Names (aka rdnSequence). |
329 | | * |
330 | | * See RFC 5280 section 7.1, though we don't implement the whole algorithm: |
331 | | * we sometimes return unequal when the full algorithm would return equal, |
332 | | * but never the other way. (In particular, we don't do Unicode normalisation |
333 | | * or space folding.) |
334 | | * |
335 | | * Return 0 if equal, -1 otherwise. |
336 | | */ |
337 | | static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b) |
338 | 0 | { |
339 | | /* Avoid recursion, it might not be optimised by the compiler */ |
340 | 0 | while (a != NULL || b != NULL) { |
341 | 0 | if (a == NULL || b == NULL) { |
342 | 0 | return -1; |
343 | 0 | } |
344 | | |
345 | | /* type */ |
346 | 0 | if (a->oid.tag != b->oid.tag || |
347 | 0 | a->oid.len != b->oid.len || |
348 | 0 | memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { |
349 | 0 | return -1; |
350 | 0 | } |
351 | | |
352 | | /* value */ |
353 | 0 | if (x509_string_cmp(&a->val, &b->val) != 0) { |
354 | 0 | return -1; |
355 | 0 | } |
356 | | |
357 | | /* structure of the list of sets */ |
358 | 0 | if (a->next_merged != b->next_merged) { |
359 | 0 | return -1; |
360 | 0 | } |
361 | | |
362 | 0 | a = a->next; |
363 | 0 | b = b->next; |
364 | 0 | } |
365 | | |
366 | | /* a == NULL == b */ |
367 | 0 | return 0; |
368 | 0 | } |
369 | | |
370 | | /* |
371 | | * Reset (init or clear) a verify_chain |
372 | | */ |
373 | | static void x509_crt_verify_chain_reset( |
374 | | mbedtls_x509_crt_verify_chain *ver_chain) |
375 | 19.5k | { |
376 | 19.5k | size_t i; |
377 | | |
378 | 214k | for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { |
379 | 195k | ver_chain->items[i].crt = NULL; |
380 | 195k | ver_chain->items[i].flags = (uint32_t) -1; |
381 | 195k | } |
382 | | |
383 | 19.5k | ver_chain->len = 0; |
384 | | |
385 | 19.5k | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
386 | 19.5k | ver_chain->trust_ca_cb_result = NULL; |
387 | 19.5k | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
388 | 19.5k | } |
389 | | |
390 | | /* |
391 | | * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
392 | | */ |
393 | | static int x509_get_version(unsigned char **p, |
394 | | const unsigned char *end, |
395 | | int *ver) |
396 | 56.9k | { |
397 | 56.9k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
398 | 56.9k | size_t len; |
399 | | |
400 | 56.9k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
401 | 56.9k | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | |
402 | 56.9k | 0)) != 0) { |
403 | 10.4k | if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
404 | 10.1k | *ver = 0; |
405 | 10.1k | return 0; |
406 | 10.1k | } |
407 | | |
408 | 208 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
409 | 10.4k | } |
410 | | |
411 | 46.5k | end = *p + len; |
412 | | |
413 | 46.5k | if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { |
414 | 2.39k | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); |
415 | 2.39k | } |
416 | | |
417 | 44.2k | if (*p != end) { |
418 | 462 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, |
419 | 462 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
420 | 462 | } |
421 | | |
422 | 43.7k | return 0; |
423 | 44.2k | } |
424 | | |
425 | | /* |
426 | | * Validity ::= SEQUENCE { |
427 | | * notBefore Time, |
428 | | * notAfter Time } |
429 | | */ |
430 | | static int x509_get_dates(unsigned char **p, |
431 | | const unsigned char *end, |
432 | | mbedtls_x509_time *from, |
433 | | mbedtls_x509_time *to) |
434 | 37.6k | { |
435 | 37.6k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
436 | 37.6k | size_t len; |
437 | | |
438 | 37.6k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
439 | 37.6k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
440 | 271 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); |
441 | 271 | } |
442 | | |
443 | 37.3k | end = *p + len; |
444 | | |
445 | 37.3k | if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { |
446 | 2.51k | return ret; |
447 | 2.51k | } |
448 | | |
449 | 34.8k | if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { |
450 | 2.01k | return ret; |
451 | 2.01k | } |
452 | | |
453 | 32.8k | if (*p != end) { |
454 | 235 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, |
455 | 235 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
456 | 235 | } |
457 | | |
458 | 32.6k | return 0; |
459 | 32.8k | } |
460 | | |
461 | | /* |
462 | | * X.509 v2/v3 unique identifier (not parsed) |
463 | | */ |
464 | | static int x509_get_uid(unsigned char **p, |
465 | | const unsigned char *end, |
466 | | mbedtls_x509_buf *uid, int n) |
467 | 28.6k | { |
468 | 28.6k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
469 | | |
470 | 28.6k | if (*p == end) { |
471 | 498 | return 0; |
472 | 498 | } |
473 | | |
474 | 28.1k | uid->tag = **p; |
475 | | |
476 | 28.1k | if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, |
477 | 28.1k | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | |
478 | 28.1k | n)) != 0) { |
479 | 27.1k | if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
480 | 26.7k | return 0; |
481 | 26.7k | } |
482 | | |
483 | 399 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
484 | 27.1k | } |
485 | | |
486 | 976 | uid->p = *p; |
487 | 976 | *p += uid->len; |
488 | | |
489 | 976 | return 0; |
490 | 28.1k | } |
491 | | |
492 | | static int x509_get_basic_constraints(unsigned char **p, |
493 | | const unsigned char *end, |
494 | | int *ca_istrue, |
495 | | int *max_pathlen) |
496 | 2.29k | { |
497 | 2.29k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
498 | 2.29k | size_t len; |
499 | | |
500 | | /* |
501 | | * BasicConstraints ::= SEQUENCE { |
502 | | * cA BOOLEAN DEFAULT FALSE, |
503 | | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } |
504 | | */ |
505 | 2.29k | *ca_istrue = 0; /* DEFAULT FALSE */ |
506 | 2.29k | *max_pathlen = 0; /* endless */ |
507 | | |
508 | 2.29k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
509 | 2.29k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
510 | 198 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
511 | 198 | } |
512 | | |
513 | 2.10k | if (*p == end) { |
514 | 1.41k | return 0; |
515 | 1.41k | } |
516 | | |
517 | 689 | if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { |
518 | 442 | if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
519 | 331 | ret = mbedtls_asn1_get_int(p, end, ca_istrue); |
520 | 331 | } |
521 | | |
522 | 442 | if (ret != 0) { |
523 | 114 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
524 | 114 | } |
525 | | |
526 | 328 | if (*ca_istrue != 0) { |
527 | 252 | *ca_istrue = 1; |
528 | 252 | } |
529 | 328 | } |
530 | | |
531 | 575 | if (*p == end) { |
532 | 219 | return 0; |
533 | 219 | } |
534 | | |
535 | 356 | if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { |
536 | 94 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
537 | 94 | } |
538 | | |
539 | 262 | if (*p != end) { |
540 | 123 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
541 | 123 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
542 | 123 | } |
543 | | |
544 | | /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer |
545 | | * overflow, which is an undefined behavior. */ |
546 | 139 | if (*max_pathlen == INT_MAX) { |
547 | 2 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
548 | 2 | MBEDTLS_ERR_ASN1_INVALID_LENGTH); |
549 | 2 | } |
550 | | |
551 | 137 | (*max_pathlen)++; |
552 | | |
553 | 137 | return 0; |
554 | 139 | } |
555 | | |
556 | | /* |
557 | | * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId |
558 | | * |
559 | | * KeyPurposeId ::= OBJECT IDENTIFIER |
560 | | */ |
561 | | static int x509_get_ext_key_usage(unsigned char **p, |
562 | | const unsigned char *end, |
563 | | mbedtls_x509_sequence *ext_key_usage) |
564 | 2.20k | { |
565 | 2.20k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
566 | | |
567 | 2.20k | if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) { |
568 | 1.76k | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
569 | 1.76k | } |
570 | | |
571 | | /* Sequence length must be >= 1 */ |
572 | 432 | if (ext_key_usage->buf.p == NULL) { |
573 | 197 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
574 | 197 | MBEDTLS_ERR_ASN1_INVALID_LENGTH); |
575 | 197 | } |
576 | | |
577 | 235 | return 0; |
578 | 432 | } |
579 | | |
580 | | /* |
581 | | * SubjectKeyIdentifier ::= KeyIdentifier |
582 | | * |
583 | | * KeyIdentifier ::= OCTET STRING |
584 | | */ |
585 | | static int x509_get_subject_key_id(unsigned char **p, |
586 | | const unsigned char *end, |
587 | | mbedtls_x509_buf *subject_key_id) |
588 | 2.11k | { |
589 | 2.11k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
590 | 2.11k | size_t len = 0u; |
591 | | |
592 | 2.11k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
593 | 2.11k | MBEDTLS_ASN1_OCTET_STRING)) != 0) { |
594 | 70 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
595 | 70 | } |
596 | | |
597 | 2.04k | subject_key_id->len = len; |
598 | 2.04k | subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; |
599 | 2.04k | subject_key_id->p = *p; |
600 | 2.04k | *p += len; |
601 | | |
602 | 2.04k | if (*p != end) { |
603 | 67 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
604 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
605 | 67 | } |
606 | | |
607 | 1.97k | return 0; |
608 | 2.04k | } |
609 | | |
610 | | /* |
611 | | * AuthorityKeyIdentifier ::= SEQUENCE { |
612 | | * keyIdentifier [0] KeyIdentifier OPTIONAL, |
613 | | * authorityCertIssuer [1] GeneralNames OPTIONAL, |
614 | | * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } |
615 | | * |
616 | | * KeyIdentifier ::= OCTET STRING |
617 | | */ |
618 | | static int x509_get_authority_key_id(unsigned char **p, |
619 | | unsigned char *end, |
620 | | mbedtls_x509_authority *authority_key_id) |
621 | 1.72k | { |
622 | 1.72k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
623 | 1.72k | size_t len = 0u; |
624 | | |
625 | 1.72k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
626 | 1.72k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
627 | 198 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
628 | 198 | } |
629 | | |
630 | 1.52k | if (*p + len != end) { |
631 | 67 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
632 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
633 | 67 | } |
634 | | |
635 | 1.45k | ret = mbedtls_asn1_get_tag(p, end, &len, |
636 | 1.45k | MBEDTLS_ASN1_CONTEXT_SPECIFIC); |
637 | | |
638 | | /* KeyIdentifier is an OPTIONAL field */ |
639 | 1.45k | if (ret == 0) { |
640 | 1.05k | authority_key_id->keyIdentifier.len = len; |
641 | 1.05k | authority_key_id->keyIdentifier.p = *p; |
642 | | /* Setting tag of the keyIdentfier intentionally to 0x04. |
643 | | * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), |
644 | | * its tag with the content is the payload of on OCTET STRING primitive */ |
645 | 1.05k | authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; |
646 | | |
647 | 1.05k | *p += len; |
648 | 1.05k | } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
649 | 198 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
650 | 198 | } |
651 | | |
652 | 1.25k | if (*p < end) { |
653 | | /* Getting authorityCertIssuer using the required specific class tag [1] */ |
654 | 307 | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
655 | 307 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | |
656 | 307 | 1)) != 0) { |
657 | | /* authorityCertIssuer and authorityCertSerialNumber MUST both |
658 | | be present or both be absent. At this point we expect to have both. */ |
659 | 72 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
660 | 72 | } |
661 | | /* "end" also includes the CertSerialNumber field so "len" shall be used */ |
662 | 235 | ret = mbedtls_x509_get_subject_alt_name_ext(p, |
663 | 235 | (*p+len), |
664 | 235 | &authority_key_id->authorityCertIssuer); |
665 | 235 | if (ret != 0) { |
666 | 81 | return ret; |
667 | 81 | } |
668 | | |
669 | | /* Getting authorityCertSerialNumber using the required specific class tag [2] */ |
670 | 154 | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
671 | 154 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { |
672 | 69 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
673 | 69 | } |
674 | 85 | authority_key_id->authorityCertSerialNumber.len = len; |
675 | 85 | authority_key_id->authorityCertSerialNumber.p = *p; |
676 | 85 | authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; |
677 | 85 | *p += len; |
678 | 85 | } |
679 | | |
680 | 1.03k | if (*p != end) { |
681 | 67 | return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + |
682 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; |
683 | 67 | } |
684 | | |
685 | 969 | return 0; |
686 | 1.03k | } |
687 | | |
688 | | /* |
689 | | * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } |
690 | | * |
691 | | * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } |
692 | | * |
693 | | * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
694 | | * |
695 | | * PolicyInformation ::= SEQUENCE { |
696 | | * policyIdentifier CertPolicyId, |
697 | | * policyQualifiers SEQUENCE SIZE (1..MAX) OF |
698 | | * PolicyQualifierInfo OPTIONAL } |
699 | | * |
700 | | * CertPolicyId ::= OBJECT IDENTIFIER |
701 | | * |
702 | | * PolicyQualifierInfo ::= SEQUENCE { |
703 | | * policyQualifierId PolicyQualifierId, |
704 | | * qualifier ANY DEFINED BY policyQualifierId } |
705 | | * |
706 | | * -- policyQualifierIds for Internet policy qualifiers |
707 | | * |
708 | | * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } |
709 | | * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } |
710 | | * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } |
711 | | * |
712 | | * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) |
713 | | * |
714 | | * Qualifier ::= CHOICE { |
715 | | * cPSuri CPSuri, |
716 | | * userNotice UserNotice } |
717 | | * |
718 | | * CPSuri ::= IA5String |
719 | | * |
720 | | * UserNotice ::= SEQUENCE { |
721 | | * noticeRef NoticeReference OPTIONAL, |
722 | | * explicitText DisplayText OPTIONAL } |
723 | | * |
724 | | * NoticeReference ::= SEQUENCE { |
725 | | * organization DisplayText, |
726 | | * noticeNumbers SEQUENCE OF INTEGER } |
727 | | * |
728 | | * DisplayText ::= CHOICE { |
729 | | * ia5String IA5String (SIZE (1..200)), |
730 | | * visibleString VisibleString (SIZE (1..200)), |
731 | | * bmpString BMPString (SIZE (1..200)), |
732 | | * utf8String UTF8String (SIZE (1..200)) } |
733 | | * |
734 | | * NOTE: we only parse and use anyPolicy without qualifiers at this point |
735 | | * as defined in RFC 5280. |
736 | | */ |
737 | | static int x509_get_certificate_policies(unsigned char **p, |
738 | | const unsigned char *end, |
739 | | mbedtls_x509_sequence *certificate_policies) |
740 | 875 | { |
741 | 875 | int ret, parse_ret = 0; |
742 | 875 | size_t len; |
743 | 875 | mbedtls_asn1_buf *buf; |
744 | 875 | mbedtls_asn1_sequence *cur = certificate_policies; |
745 | | |
746 | | /* Get main sequence tag */ |
747 | 875 | ret = mbedtls_asn1_get_tag(p, end, &len, |
748 | 875 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); |
749 | 875 | if (ret != 0) { |
750 | 210 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
751 | 210 | } |
752 | | |
753 | 665 | if (*p + len != end) { |
754 | 67 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
755 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
756 | 67 | } |
757 | | |
758 | | /* |
759 | | * Cannot be an empty sequence. |
760 | | */ |
761 | 598 | if (len == 0) { |
762 | 195 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
763 | 195 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
764 | 195 | } |
765 | | |
766 | 1.02k | while (*p < end) { |
767 | 1.00k | mbedtls_x509_buf policy_oid; |
768 | 1.00k | const unsigned char *policy_end; |
769 | | |
770 | | /* |
771 | | * Get the policy sequence |
772 | | */ |
773 | 1.00k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
774 | 1.00k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
775 | 83 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
776 | 83 | } |
777 | | |
778 | 922 | policy_end = *p + len; |
779 | | |
780 | 922 | if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, |
781 | 922 | MBEDTLS_ASN1_OID)) != 0) { |
782 | 73 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
783 | 73 | } |
784 | | |
785 | 849 | policy_oid.tag = MBEDTLS_ASN1_OID; |
786 | 849 | policy_oid.len = len; |
787 | 849 | policy_oid.p = *p; |
788 | | |
789 | | /* |
790 | | * Only AnyPolicy is currently supported when enforcing policy. |
791 | | */ |
792 | 849 | if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) { |
793 | | /* |
794 | | * Set the parsing return code but continue parsing, in case this |
795 | | * extension is critical. |
796 | | */ |
797 | 819 | parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; |
798 | 819 | } |
799 | | |
800 | | /* Allocate and assign next pointer */ |
801 | 849 | if (cur->buf.p != NULL) { |
802 | 532 | if (cur->next != NULL) { |
803 | 0 | return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; |
804 | 0 | } |
805 | | |
806 | 532 | cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); |
807 | | |
808 | 532 | if (cur->next == NULL) { |
809 | 0 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
810 | 0 | MBEDTLS_ERR_ASN1_ALLOC_FAILED); |
811 | 0 | } |
812 | | |
813 | 532 | cur = cur->next; |
814 | 532 | } |
815 | | |
816 | 849 | buf = &(cur->buf); |
817 | 849 | buf->tag = policy_oid.tag; |
818 | 849 | buf->p = policy_oid.p; |
819 | 849 | buf->len = policy_oid.len; |
820 | | |
821 | 849 | *p += len; |
822 | | |
823 | | /* |
824 | | * If there is an optional qualifier, then *p < policy_end |
825 | | * Check the Qualifier len to verify it doesn't exceed policy_end. |
826 | | */ |
827 | 849 | if (*p < policy_end) { |
828 | 652 | if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, |
829 | 652 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != |
830 | 652 | 0) { |
831 | 72 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
832 | 72 | } |
833 | | /* |
834 | | * Skip the optional policy qualifiers. |
835 | | */ |
836 | 580 | *p += len; |
837 | 580 | } |
838 | | |
839 | 777 | if (*p != policy_end) { |
840 | 154 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
841 | 154 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
842 | 154 | } |
843 | 777 | } |
844 | | |
845 | | /* Set final sequence entry's next pointer to NULL */ |
846 | 21 | cur->next = NULL; |
847 | | |
848 | 21 | if (*p != end) { |
849 | 0 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
850 | 0 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
851 | 0 | } |
852 | | |
853 | 21 | return parse_ret; |
854 | 21 | } |
855 | | |
856 | | /* |
857 | | * X.509 v3 extensions |
858 | | * |
859 | | */ |
860 | | static int x509_get_crt_ext(unsigned char **p, |
861 | | const unsigned char *end, |
862 | | mbedtls_x509_crt *crt, |
863 | | mbedtls_x509_crt_ext_cb_t cb, |
864 | | void *p_ctx) |
865 | 13.6k | { |
866 | 13.6k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
867 | 13.6k | size_t len; |
868 | 13.6k | unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; |
869 | | |
870 | 13.6k | if (*p == end) { |
871 | 890 | return 0; |
872 | 890 | } |
873 | | |
874 | 12.8k | if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { |
875 | 1.22k | return ret; |
876 | 1.22k | } |
877 | | |
878 | 11.5k | end = crt->v3_ext.p + crt->v3_ext.len; |
879 | 24.4k | while (*p < end) { |
880 | | /* |
881 | | * Extension ::= SEQUENCE { |
882 | | * extnID OBJECT IDENTIFIER, |
883 | | * critical BOOLEAN DEFAULT FALSE, |
884 | | * extnValue OCTET STRING } |
885 | | */ |
886 | 21.2k | mbedtls_x509_buf extn_oid = { 0, 0, NULL }; |
887 | 21.2k | int is_critical = 0; /* DEFAULT FALSE */ |
888 | 21.2k | int ext_type = 0; |
889 | | |
890 | 21.2k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
891 | 21.2k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
892 | 538 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
893 | 538 | } |
894 | | |
895 | 20.7k | end_ext_data = *p + len; |
896 | | |
897 | | /* Get extension ID */ |
898 | 20.7k | if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, |
899 | 20.7k | MBEDTLS_ASN1_OID)) != 0) { |
900 | 217 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
901 | 217 | } |
902 | | |
903 | 20.5k | extn_oid.tag = MBEDTLS_ASN1_OID; |
904 | 20.5k | extn_oid.p = *p; |
905 | 20.5k | *p += extn_oid.len; |
906 | | |
907 | | /* Get optional critical */ |
908 | 20.5k | if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && |
909 | 20.5k | (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { |
910 | 885 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
911 | 885 | } |
912 | | |
913 | | /* Data should be octet string type */ |
914 | 19.6k | if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, |
915 | 19.6k | MBEDTLS_ASN1_OCTET_STRING)) != 0) { |
916 | 447 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
917 | 447 | } |
918 | | |
919 | 19.1k | start_ext_octet = *p; |
920 | 19.1k | end_ext_octet = *p + len; |
921 | | |
922 | 19.1k | if (end_ext_octet != end_ext_data) { |
923 | 195 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
924 | 195 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
925 | 195 | } |
926 | | |
927 | | /* |
928 | | * Detect supported extensions |
929 | | */ |
930 | 18.9k | ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); |
931 | | |
932 | 18.9k | if (ret != 0) { |
933 | | /* Give the callback (if any) a chance to handle the extension */ |
934 | 6.22k | if (cb != NULL) { |
935 | 0 | ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); |
936 | 0 | if (ret != 0 && is_critical) { |
937 | 0 | return ret; |
938 | 0 | } |
939 | 0 | *p = end_ext_octet; |
940 | 0 | continue; |
941 | 0 | } |
942 | | |
943 | | /* No parser found, skip extension */ |
944 | 6.22k | *p = end_ext_octet; |
945 | | |
946 | 6.22k | if (is_critical) { |
947 | | /* Data is marked as critical: fail */ |
948 | 70 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
949 | 70 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); |
950 | 70 | } |
951 | 6.15k | continue; |
952 | 6.22k | } |
953 | | |
954 | | /* Forbid repeated extensions */ |
955 | 12.7k | if ((crt->ext_types & ext_type) != 0) { |
956 | 68 | return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; |
957 | 68 | } |
958 | | |
959 | 12.6k | crt->ext_types |= ext_type; |
960 | | |
961 | 12.6k | switch (ext_type) { |
962 | 2.29k | case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: |
963 | | /* Parse basic constraints */ |
964 | 2.29k | if ((ret = x509_get_basic_constraints(p, end_ext_octet, |
965 | 2.29k | &crt->ca_istrue, &crt->max_pathlen)) != 0) { |
966 | 531 | return ret; |
967 | 531 | } |
968 | 1.76k | break; |
969 | | |
970 | 1.76k | case MBEDTLS_X509_EXT_KEY_USAGE: |
971 | | /* Parse key usage */ |
972 | 1.32k | if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet, |
973 | 1.32k | &crt->key_usage)) != 0) { |
974 | 712 | return ret; |
975 | 712 | } |
976 | 616 | break; |
977 | | |
978 | 2.20k | case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: |
979 | | /* Parse extended key usage */ |
980 | 2.20k | if ((ret = x509_get_ext_key_usage(p, end_ext_octet, |
981 | 2.20k | &crt->ext_key_usage)) != 0) { |
982 | 1.96k | return ret; |
983 | 1.96k | } |
984 | 235 | break; |
985 | | |
986 | 2.11k | case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: |
987 | | /* Parse subject key identifier */ |
988 | 2.11k | if ((ret = x509_get_subject_key_id(p, end_ext_data, |
989 | 2.11k | &crt->subject_key_id)) != 0) { |
990 | 137 | return ret; |
991 | 137 | } |
992 | 1.97k | break; |
993 | | |
994 | 1.97k | case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: |
995 | | /* Parse authority key identifier */ |
996 | 1.72k | if ((ret = x509_get_authority_key_id(p, end_ext_octet, |
997 | 1.72k | &crt->authority_key_id)) != 0) { |
998 | 752 | return ret; |
999 | 752 | } |
1000 | 969 | break; |
1001 | 1.92k | case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: |
1002 | | /* Parse subject alt name |
1003 | | * SubjectAltName ::= GeneralNames |
1004 | | */ |
1005 | 1.92k | if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, |
1006 | 1.92k | &crt->subject_alt_names)) != 0) { |
1007 | 966 | return ret; |
1008 | 966 | } |
1009 | 960 | break; |
1010 | | |
1011 | 960 | case MBEDTLS_X509_EXT_NS_CERT_TYPE: |
1012 | | /* Parse netscape certificate type */ |
1013 | 235 | if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet, |
1014 | 235 | &crt->ns_cert_type)) != 0) { |
1015 | 73 | return ret; |
1016 | 73 | } |
1017 | 162 | break; |
1018 | | |
1019 | 875 | case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: |
1020 | | /* Parse certificate policies type */ |
1021 | 875 | if ((ret = x509_get_certificate_policies(p, end_ext_octet, |
1022 | 875 | &crt->certificate_policies)) != 0) { |
1023 | | /* Give the callback (if any) a chance to handle the extension |
1024 | | * if it contains unsupported policies */ |
1025 | 872 | if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && |
1026 | 872 | cb(p_ctx, crt, &extn_oid, is_critical, |
1027 | 0 | start_ext_octet, end_ext_octet) == 0) { |
1028 | 0 | break; |
1029 | 0 | } |
1030 | | |
1031 | 872 | if (is_critical) { |
1032 | 3 | return ret; |
1033 | 3 | } else |
1034 | | /* |
1035 | | * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we |
1036 | | * cannot interpret or enforce the policy. However, it is up to |
1037 | | * the user to choose how to enforce the policies, |
1038 | | * unless the extension is critical. |
1039 | | */ |
1040 | 869 | if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { |
1041 | 851 | return ret; |
1042 | 851 | } |
1043 | 872 | } |
1044 | 21 | break; |
1045 | | |
1046 | 21 | default: |
1047 | | /* |
1048 | | * If this is a non-critical extension, which the oid layer |
1049 | | * supports, but there isn't an x509 parser for it, |
1050 | | * skip the extension. |
1051 | | */ |
1052 | 0 | if (is_critical) { |
1053 | 0 | return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; |
1054 | 0 | } else { |
1055 | 0 | *p = end_ext_octet; |
1056 | 0 | } |
1057 | 12.6k | } |
1058 | 12.6k | } |
1059 | | |
1060 | 3.17k | if (*p != end) { |
1061 | 0 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
1062 | 0 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
1063 | 0 | } |
1064 | | |
1065 | 3.17k | return 0; |
1066 | 3.17k | } |
1067 | | |
1068 | | /* |
1069 | | * Parse and fill a single X.509 certificate in DER format |
1070 | | */ |
1071 | | static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, |
1072 | | const unsigned char *buf, |
1073 | | size_t buflen, |
1074 | | int make_copy, |
1075 | | mbedtls_x509_crt_ext_cb_t cb, |
1076 | | void *p_ctx) |
1077 | 61.1k | { |
1078 | 61.1k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1079 | 61.1k | size_t len; |
1080 | 61.1k | unsigned char *p, *end, *crt_end; |
1081 | 61.1k | mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; |
1082 | | |
1083 | 61.1k | memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); |
1084 | 61.1k | memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); |
1085 | 61.1k | memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); |
1086 | | |
1087 | | /* |
1088 | | * Check for valid input |
1089 | | */ |
1090 | 61.1k | if (crt == NULL || buf == NULL) { |
1091 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1092 | 0 | } |
1093 | | |
1094 | | /* Use the original buffer until we figure out actual length. */ |
1095 | 61.1k | p = (unsigned char *) buf; |
1096 | 61.1k | len = buflen; |
1097 | 61.1k | end = p + len; |
1098 | | |
1099 | | /* |
1100 | | * Certificate ::= SEQUENCE { |
1101 | | * tbsCertificate TBSCertificate, |
1102 | | * signatureAlgorithm AlgorithmIdentifier, |
1103 | | * signatureValue BIT STRING } |
1104 | | */ |
1105 | 61.1k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1106 | 61.1k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1107 | 3.73k | mbedtls_x509_crt_free(crt); |
1108 | 3.73k | return MBEDTLS_ERR_X509_INVALID_FORMAT; |
1109 | 3.73k | } |
1110 | | |
1111 | 57.3k | end = crt_end = p + len; |
1112 | 57.3k | crt->raw.len = (size_t) (crt_end - buf); |
1113 | 57.3k | if (make_copy != 0) { |
1114 | | /* Create and populate a new buffer for the raw field. */ |
1115 | 57.3k | crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); |
1116 | 57.3k | if (crt->raw.p == NULL) { |
1117 | 0 | return MBEDTLS_ERR_X509_ALLOC_FAILED; |
1118 | 0 | } |
1119 | | |
1120 | 57.3k | memcpy(crt->raw.p, buf, crt->raw.len); |
1121 | 57.3k | crt->own_buffer = 1; |
1122 | | |
1123 | 57.3k | p += crt->raw.len - len; |
1124 | 57.3k | end = crt_end = p + len; |
1125 | 57.3k | } else { |
1126 | 0 | crt->raw.p = (unsigned char *) buf; |
1127 | 0 | crt->own_buffer = 0; |
1128 | 0 | } |
1129 | | |
1130 | | /* |
1131 | | * TBSCertificate ::= SEQUENCE { |
1132 | | */ |
1133 | 57.3k | crt->tbs.p = p; |
1134 | | |
1135 | 57.3k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1136 | 57.3k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1137 | 389 | mbedtls_x509_crt_free(crt); |
1138 | 389 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
1139 | 389 | } |
1140 | | |
1141 | 56.9k | end = p + len; |
1142 | 56.9k | crt->tbs.len = (size_t) (end - crt->tbs.p); |
1143 | | |
1144 | | /* |
1145 | | * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
1146 | | * |
1147 | | * CertificateSerialNumber ::= INTEGER |
1148 | | * |
1149 | | * signature AlgorithmIdentifier |
1150 | | */ |
1151 | 56.9k | if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || |
1152 | 56.9k | (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || |
1153 | 56.9k | (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, |
1154 | 52.0k | &sig_params1)) != 0) { |
1155 | 9.78k | mbedtls_x509_crt_free(crt); |
1156 | 9.78k | return ret; |
1157 | 9.78k | } |
1158 | | |
1159 | 47.2k | if (crt->version < 0 || crt->version > 2) { |
1160 | 311 | mbedtls_x509_crt_free(crt); |
1161 | 311 | return MBEDTLS_ERR_X509_UNKNOWN_VERSION; |
1162 | 311 | } |
1163 | | |
1164 | 46.9k | crt->version++; |
1165 | | |
1166 | 46.9k | if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, |
1167 | 46.9k | &crt->sig_md, &crt->sig_pk, |
1168 | 46.9k | &crt->sig_opts)) != 0) { |
1169 | 6.86k | mbedtls_x509_crt_free(crt); |
1170 | 6.86k | return ret; |
1171 | 6.86k | } |
1172 | | |
1173 | | /* |
1174 | | * issuer Name |
1175 | | */ |
1176 | 40.0k | crt->issuer_raw.p = p; |
1177 | | |
1178 | 40.0k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1179 | 40.0k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1180 | 1.01k | mbedtls_x509_crt_free(crt); |
1181 | 1.01k | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
1182 | 1.01k | } |
1183 | | |
1184 | 39.0k | if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { |
1185 | 1.36k | mbedtls_x509_crt_free(crt); |
1186 | 1.36k | return ret; |
1187 | 1.36k | } |
1188 | | |
1189 | 37.6k | crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); |
1190 | | |
1191 | | /* |
1192 | | * Validity ::= SEQUENCE { |
1193 | | * notBefore Time, |
1194 | | * notAfter Time } |
1195 | | * |
1196 | | */ |
1197 | 37.6k | if ((ret = x509_get_dates(&p, end, &crt->valid_from, |
1198 | 37.6k | &crt->valid_to)) != 0) { |
1199 | 5.04k | mbedtls_x509_crt_free(crt); |
1200 | 5.04k | return ret; |
1201 | 5.04k | } |
1202 | | |
1203 | | /* |
1204 | | * subject Name |
1205 | | */ |
1206 | 32.6k | crt->subject_raw.p = p; |
1207 | | |
1208 | 32.6k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1209 | 32.6k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1210 | 738 | mbedtls_x509_crt_free(crt); |
1211 | 738 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
1212 | 738 | } |
1213 | | |
1214 | 31.8k | if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { |
1215 | 1.18k | mbedtls_x509_crt_free(crt); |
1216 | 1.18k | return ret; |
1217 | 1.18k | } |
1218 | | |
1219 | 30.6k | crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); |
1220 | | |
1221 | | /* |
1222 | | * SubjectPublicKeyInfo |
1223 | | */ |
1224 | 30.6k | crt->pk_raw.p = p; |
1225 | 30.6k | if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { |
1226 | 15.7k | mbedtls_x509_crt_free(crt); |
1227 | 15.7k | return ret; |
1228 | 15.7k | } |
1229 | 14.9k | crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); |
1230 | | |
1231 | | /* |
1232 | | * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, |
1233 | | * -- If present, version shall be v2 or v3 |
1234 | | * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, |
1235 | | * -- If present, version shall be v2 or v3 |
1236 | | * extensions [3] EXPLICIT Extensions OPTIONAL |
1237 | | * -- If present, version shall be v3 |
1238 | | */ |
1239 | 14.9k | if (crt->version == 2 || crt->version == 3) { |
1240 | 14.4k | ret = x509_get_uid(&p, end, &crt->issuer_id, 1); |
1241 | 14.4k | if (ret != 0) { |
1242 | 200 | mbedtls_x509_crt_free(crt); |
1243 | 200 | return ret; |
1244 | 200 | } |
1245 | 14.4k | } |
1246 | | |
1247 | 14.7k | if (crt->version == 2 || crt->version == 3) { |
1248 | 14.2k | ret = x509_get_uid(&p, end, &crt->subject_id, 2); |
1249 | 14.2k | if (ret != 0) { |
1250 | 199 | mbedtls_x509_crt_free(crt); |
1251 | 199 | return ret; |
1252 | 199 | } |
1253 | 14.2k | } |
1254 | | |
1255 | 14.5k | if (crt->version == 3) { |
1256 | 13.6k | ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); |
1257 | 13.6k | if (ret != 0) { |
1258 | 9.63k | mbedtls_x509_crt_free(crt); |
1259 | 9.63k | return ret; |
1260 | 9.63k | } |
1261 | 13.6k | } |
1262 | | |
1263 | 4.87k | if (p != end) { |
1264 | 880 | mbedtls_x509_crt_free(crt); |
1265 | 880 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, |
1266 | 880 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
1267 | 880 | } |
1268 | | |
1269 | 3.99k | end = crt_end; |
1270 | | |
1271 | | /* |
1272 | | * } |
1273 | | * -- end of TBSCertificate |
1274 | | * |
1275 | | * signatureAlgorithm AlgorithmIdentifier, |
1276 | | * signatureValue BIT STRING |
1277 | | */ |
1278 | 3.99k | if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { |
1279 | 1.14k | mbedtls_x509_crt_free(crt); |
1280 | 1.14k | return ret; |
1281 | 1.14k | } |
1282 | | |
1283 | 2.84k | if (crt->sig_oid.len != sig_oid2.len || |
1284 | 2.84k | memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || |
1285 | 2.84k | sig_params1.tag != sig_params2.tag || |
1286 | 2.84k | sig_params1.len != sig_params2.len || |
1287 | 2.84k | (sig_params1.len != 0 && |
1288 | 2.13k | memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { |
1289 | 778 | mbedtls_x509_crt_free(crt); |
1290 | 778 | return MBEDTLS_ERR_X509_SIG_MISMATCH; |
1291 | 778 | } |
1292 | | |
1293 | 2.06k | if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { |
1294 | 231 | mbedtls_x509_crt_free(crt); |
1295 | 231 | return ret; |
1296 | 231 | } |
1297 | | |
1298 | 1.83k | if (p != end) { |
1299 | 68 | mbedtls_x509_crt_free(crt); |
1300 | 68 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, |
1301 | 68 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
1302 | 68 | } |
1303 | | |
1304 | 1.76k | return 0; |
1305 | 1.83k | } |
1306 | | |
1307 | | /* |
1308 | | * Parse one X.509 certificate in DER format from a buffer and add them to a |
1309 | | * chained list |
1310 | | */ |
1311 | | static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, |
1312 | | const unsigned char *buf, |
1313 | | size_t buflen, |
1314 | | int make_copy, |
1315 | | mbedtls_x509_crt_ext_cb_t cb, |
1316 | | void *p_ctx) |
1317 | 61.1k | { |
1318 | 61.1k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1319 | 61.1k | mbedtls_x509_crt *crt = chain, *prev = NULL; |
1320 | | |
1321 | | /* |
1322 | | * Check for valid input |
1323 | | */ |
1324 | 61.1k | if (crt == NULL || buf == NULL) { |
1325 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1326 | 0 | } |
1327 | | |
1328 | 64.8k | while (crt->version != 0 && crt->next != NULL) { |
1329 | 3.68k | prev = crt; |
1330 | 3.68k | crt = crt->next; |
1331 | 3.68k | } |
1332 | | |
1333 | | /* |
1334 | | * Add new certificate on the end of the chain if needed. |
1335 | | */ |
1336 | 61.1k | if (crt->version != 0 && crt->next == NULL) { |
1337 | 751 | crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); |
1338 | | |
1339 | 751 | if (crt->next == NULL) { |
1340 | 0 | return MBEDTLS_ERR_X509_ALLOC_FAILED; |
1341 | 0 | } |
1342 | | |
1343 | 751 | prev = crt; |
1344 | 751 | mbedtls_x509_crt_init(crt->next); |
1345 | 751 | crt = crt->next; |
1346 | 751 | } |
1347 | | |
1348 | 61.1k | ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); |
1349 | 61.1k | if (ret != 0) { |
1350 | 59.3k | if (prev) { |
1351 | 444 | prev->next = NULL; |
1352 | 444 | } |
1353 | | |
1354 | 59.3k | if (crt != chain) { |
1355 | 444 | mbedtls_free(crt); |
1356 | 444 | } |
1357 | | |
1358 | 59.3k | return ret; |
1359 | 59.3k | } |
1360 | | |
1361 | 1.76k | return 0; |
1362 | 61.1k | } |
1363 | | |
1364 | | int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, |
1365 | | const unsigned char *buf, |
1366 | | size_t buflen) |
1367 | 0 | { |
1368 | 0 | return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL); |
1369 | 0 | } |
1370 | | |
1371 | | int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, |
1372 | | const unsigned char *buf, |
1373 | | size_t buflen, |
1374 | | int make_copy, |
1375 | | mbedtls_x509_crt_ext_cb_t cb, |
1376 | | void *p_ctx) |
1377 | 0 | { |
1378 | 0 | return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx); |
1379 | 0 | } |
1380 | | |
1381 | | int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, |
1382 | | const unsigned char *buf, |
1383 | | size_t buflen) |
1384 | 61.1k | { |
1385 | 61.1k | return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); |
1386 | 61.1k | } |
1387 | | |
1388 | | /* |
1389 | | * Parse one or more PEM certificates from a buffer and add them to the chained |
1390 | | * list |
1391 | | */ |
1392 | | int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, |
1393 | | const unsigned char *buf, |
1394 | | size_t buflen) |
1395 | 6.73k | { |
1396 | 6.73k | #if defined(MBEDTLS_PEM_PARSE_C) |
1397 | 6.73k | int success = 0, first_error = 0, total_failed = 0; |
1398 | 6.73k | int buf_format = MBEDTLS_X509_FORMAT_DER; |
1399 | 6.73k | #endif |
1400 | | |
1401 | | /* |
1402 | | * Check for valid input |
1403 | | */ |
1404 | 6.73k | if (chain == NULL || buf == NULL) { |
1405 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1406 | 0 | } |
1407 | | |
1408 | | /* |
1409 | | * Determine buffer content. Buffer contains either one DER certificate or |
1410 | | * one or more PEM certificates. |
1411 | | */ |
1412 | 6.73k | #if defined(MBEDTLS_PEM_PARSE_C) |
1413 | 6.73k | if (buflen != 0 && buf[buflen - 1] == '\0' && |
1414 | 6.73k | strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { |
1415 | 3.21k | buf_format = MBEDTLS_X509_FORMAT_PEM; |
1416 | 3.21k | } |
1417 | | |
1418 | 6.73k | if (buf_format == MBEDTLS_X509_FORMAT_DER) { |
1419 | 3.52k | return mbedtls_x509_crt_parse_der(chain, buf, buflen); |
1420 | 3.52k | } |
1421 | | #else |
1422 | | return mbedtls_x509_crt_parse_der(chain, buf, buflen); |
1423 | | #endif |
1424 | | |
1425 | 3.21k | #if defined(MBEDTLS_PEM_PARSE_C) |
1426 | 3.21k | if (buf_format == MBEDTLS_X509_FORMAT_PEM) { |
1427 | 3.21k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1428 | 3.21k | mbedtls_pem_context pem; |
1429 | | |
1430 | | /* 1 rather than 0 since the terminating NULL byte is counted in */ |
1431 | 64.6k | while (buflen > 1) { |
1432 | 62.4k | size_t use_len; |
1433 | 62.4k | mbedtls_pem_init(&pem); |
1434 | | |
1435 | | /* If we get there, we know the string is null-terminated */ |
1436 | 62.4k | ret = mbedtls_pem_read_buffer(&pem, |
1437 | 62.4k | "-----BEGIN CERTIFICATE-----", |
1438 | 62.4k | "-----END CERTIFICATE-----", |
1439 | 62.4k | buf, NULL, 0, &use_len); |
1440 | | |
1441 | 62.4k | if (ret == 0) { |
1442 | | /* |
1443 | | * Was PEM encoded |
1444 | | */ |
1445 | 53.2k | buflen -= use_len; |
1446 | 53.2k | buf += use_len; |
1447 | 53.2k | } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { |
1448 | 0 | return ret; |
1449 | 9.21k | } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { |
1450 | 8.13k | mbedtls_pem_free(&pem); |
1451 | | |
1452 | | /* |
1453 | | * PEM header and footer were found |
1454 | | */ |
1455 | 8.13k | buflen -= use_len; |
1456 | 8.13k | buf += use_len; |
1457 | | |
1458 | 8.13k | if (first_error == 0) { |
1459 | 649 | first_error = ret; |
1460 | 649 | } |
1461 | | |
1462 | 8.13k | total_failed++; |
1463 | 8.13k | continue; |
1464 | 8.13k | } else { |
1465 | 1.07k | break; |
1466 | 1.07k | } |
1467 | | |
1468 | 53.2k | ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); |
1469 | | |
1470 | 53.2k | mbedtls_pem_free(&pem); |
1471 | | |
1472 | 53.2k | if (ret != 0) { |
1473 | | /* |
1474 | | * Quit parsing on a memory error |
1475 | | */ |
1476 | 53.0k | if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) { |
1477 | 0 | return ret; |
1478 | 0 | } |
1479 | | |
1480 | 53.0k | if (first_error == 0) { |
1481 | 2.51k | first_error = ret; |
1482 | 2.51k | } |
1483 | | |
1484 | 53.0k | total_failed++; |
1485 | 53.0k | continue; |
1486 | 53.0k | } |
1487 | | |
1488 | 249 | success = 1; |
1489 | 249 | } |
1490 | 3.21k | } |
1491 | | |
1492 | 3.21k | if (success) { |
1493 | 40 | return total_failed; |
1494 | 3.17k | } else if (first_error) { |
1495 | 3.14k | return first_error; |
1496 | 3.14k | } else { |
1497 | 25 | return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT; |
1498 | 25 | } |
1499 | 3.21k | #endif /* MBEDTLS_PEM_PARSE_C */ |
1500 | 3.21k | } |
1501 | | |
1502 | | #if defined(MBEDTLS_FS_IO) |
1503 | | /* |
1504 | | * Load one or more certificates and add them to the chained list |
1505 | | */ |
1506 | | int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) |
1507 | 0 | { |
1508 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1509 | 0 | size_t n; |
1510 | 0 | unsigned char *buf; |
1511 | |
|
1512 | 0 | if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { |
1513 | 0 | return ret; |
1514 | 0 | } |
1515 | | |
1516 | 0 | ret = mbedtls_x509_crt_parse(chain, buf, n); |
1517 | |
|
1518 | 0 | mbedtls_zeroize_and_free(buf, n); |
1519 | |
|
1520 | 0 | return ret; |
1521 | 0 | } |
1522 | | |
1523 | | int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) |
1524 | 0 | { |
1525 | 0 | int ret = 0; |
1526 | | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) |
1527 | | int w_ret; |
1528 | | WCHAR szDir[MAX_PATH]; |
1529 | | char filename[MAX_PATH]; |
1530 | | char *p; |
1531 | | size_t len = strlen(path); |
1532 | | |
1533 | | WIN32_FIND_DATAW file_data; |
1534 | | HANDLE hFind; |
1535 | | |
1536 | | if (len > MAX_PATH - 3) { |
1537 | | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1538 | | } |
1539 | | |
1540 | | memset(szDir, 0, sizeof(szDir)); |
1541 | | memset(filename, 0, MAX_PATH); |
1542 | | memcpy(filename, path, len); |
1543 | | filename[len++] = '\\'; |
1544 | | p = filename + len; |
1545 | | filename[len++] = '*'; |
1546 | | |
1547 | | /* |
1548 | | * Note this function uses the code page CP_ACP which is the system default |
1549 | | * ANSI codepage. The input string is always described in BYTES and the |
1550 | | * output length is described in WCHARs. |
1551 | | */ |
1552 | | w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir, |
1553 | | MAX_PATH - 3); |
1554 | | if (w_ret == 0) { |
1555 | | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1556 | | } |
1557 | | |
1558 | | hFind = FindFirstFileW(szDir, &file_data); |
1559 | | if (hFind == INVALID_HANDLE_VALUE) { |
1560 | | return MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1561 | | } |
1562 | | |
1563 | | len = MAX_PATH - len; |
1564 | | do { |
1565 | | memset(p, 0, len); |
1566 | | |
1567 | | if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { |
1568 | | continue; |
1569 | | } |
1570 | | w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, |
1571 | | -1, p, (int) len, NULL, NULL); |
1572 | | if (w_ret == 0) { |
1573 | | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1574 | | goto cleanup; |
1575 | | } |
1576 | | |
1577 | | w_ret = mbedtls_x509_crt_parse_file(chain, filename); |
1578 | | if (w_ret < 0) { |
1579 | | ret++; |
1580 | | } else { |
1581 | | ret += w_ret; |
1582 | | } |
1583 | | } while (FindNextFileW(hFind, &file_data) != 0); |
1584 | | |
1585 | | if (GetLastError() != ERROR_NO_MORE_FILES) { |
1586 | | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1587 | | } |
1588 | | |
1589 | | cleanup: |
1590 | | FindClose(hFind); |
1591 | | #else /* _WIN32 */ |
1592 | 0 | int t_ret; |
1593 | 0 | int snp_ret; |
1594 | 0 | struct stat sb; |
1595 | 0 | struct dirent *entry; |
1596 | 0 | char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; |
1597 | 0 | DIR *dir = opendir(path); |
1598 | |
|
1599 | 0 | if (dir == NULL) { |
1600 | 0 | return MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1601 | 0 | } |
1602 | | |
1603 | 0 | #if defined(MBEDTLS_THREADING_C) |
1604 | 0 | if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) { |
1605 | 0 | closedir(dir); |
1606 | 0 | return ret; |
1607 | 0 | } |
1608 | 0 | #endif /* MBEDTLS_THREADING_C */ |
1609 | | |
1610 | 0 | memset(&sb, 0, sizeof(sb)); |
1611 | |
|
1612 | 0 | while ((entry = readdir(dir)) != NULL) { |
1613 | 0 | snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name), |
1614 | 0 | "%s/%s", path, entry->d_name); |
1615 | |
|
1616 | 0 | if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) { |
1617 | 0 | ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; |
1618 | 0 | goto cleanup; |
1619 | 0 | } else if (stat(entry_name, &sb) == -1) { |
1620 | 0 | if (errno == ENOENT) { |
1621 | | /* Broken symbolic link - ignore this entry. |
1622 | | stat(2) will return this error for either (a) a dangling |
1623 | | symlink or (b) a missing file. |
1624 | | Given that we have just obtained the filename from readdir, |
1625 | | assume that it does exist and therefore treat this as a |
1626 | | dangling symlink. */ |
1627 | 0 | continue; |
1628 | 0 | } else { |
1629 | | /* Some other file error; report the error. */ |
1630 | 0 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1631 | 0 | goto cleanup; |
1632 | 0 | } |
1633 | 0 | } |
1634 | | |
1635 | 0 | if (!S_ISREG(sb.st_mode)) { |
1636 | 0 | continue; |
1637 | 0 | } |
1638 | | |
1639 | | // Ignore parse errors |
1640 | | // |
1641 | 0 | t_ret = mbedtls_x509_crt_parse_file(chain, entry_name); |
1642 | 0 | if (t_ret < 0) { |
1643 | 0 | ret++; |
1644 | 0 | } else { |
1645 | 0 | ret += t_ret; |
1646 | 0 | } |
1647 | 0 | } |
1648 | | |
1649 | 0 | cleanup: |
1650 | 0 | closedir(dir); |
1651 | |
|
1652 | 0 | #if defined(MBEDTLS_THREADING_C) |
1653 | 0 | if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) { |
1654 | 0 | ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; |
1655 | 0 | } |
1656 | 0 | #endif /* MBEDTLS_THREADING_C */ |
1657 | |
|
1658 | 0 | #endif /* _WIN32 */ |
1659 | |
|
1660 | 0 | return ret; |
1661 | 0 | } |
1662 | | #endif /* MBEDTLS_FS_IO */ |
1663 | | |
1664 | | #if !defined(MBEDTLS_X509_REMOVE_INFO) |
1665 | | #define PRINT_ITEM(i) \ |
1666 | | do { \ |
1667 | | ret = mbedtls_snprintf(p, n, "%s" i, sep); \ |
1668 | | MBEDTLS_X509_SAFE_SNPRINTF; \ |
1669 | | sep = ", "; \ |
1670 | | } while (0) |
1671 | | |
1672 | | #define CERT_TYPE(type, name) \ |
1673 | | do { \ |
1674 | | if (ns_cert_type & (type)) { \ |
1675 | | PRINT_ITEM(name); \ |
1676 | | } \ |
1677 | | } while (0) |
1678 | | |
1679 | | #define KEY_USAGE(code, name) \ |
1680 | | do { \ |
1681 | | if (key_usage & (code)) { \ |
1682 | | PRINT_ITEM(name); \ |
1683 | | } \ |
1684 | | } while (0) |
1685 | | |
1686 | | static int x509_info_ext_key_usage(char **buf, size_t *size, |
1687 | | const mbedtls_x509_sequence *extended_key_usage) |
1688 | 63 | { |
1689 | 63 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1690 | 63 | const char *desc; |
1691 | 63 | size_t n = *size; |
1692 | 63 | char *p = *buf; |
1693 | 63 | const mbedtls_x509_sequence *cur = extended_key_usage; |
1694 | 63 | const char *sep = ""; |
1695 | | |
1696 | 341 | while (cur != NULL) { |
1697 | 279 | if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { |
1698 | 234 | desc = "???"; |
1699 | 234 | } |
1700 | | |
1701 | 279 | ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); |
1702 | 279 | MBEDTLS_X509_SAFE_SNPRINTF; |
1703 | | |
1704 | 278 | sep = ", "; |
1705 | | |
1706 | 278 | cur = cur->next; |
1707 | 278 | } |
1708 | | |
1709 | 62 | *size = n; |
1710 | 62 | *buf = p; |
1711 | | |
1712 | 62 | return 0; |
1713 | 63 | } |
1714 | | |
1715 | | static int x509_info_cert_policies(char **buf, size_t *size, |
1716 | | const mbedtls_x509_sequence *certificate_policies) |
1717 | 13 | { |
1718 | 13 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1719 | 13 | const char *desc; |
1720 | 13 | size_t n = *size; |
1721 | 13 | char *p = *buf; |
1722 | 13 | const mbedtls_x509_sequence *cur = certificate_policies; |
1723 | 13 | const char *sep = ""; |
1724 | | |
1725 | 70 | while (cur != NULL) { |
1726 | 57 | if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { |
1727 | 55 | desc = "???"; |
1728 | 55 | } |
1729 | | |
1730 | 57 | ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); |
1731 | 57 | MBEDTLS_X509_SAFE_SNPRINTF; |
1732 | | |
1733 | 57 | sep = ", "; |
1734 | | |
1735 | 57 | cur = cur->next; |
1736 | 57 | } |
1737 | | |
1738 | 13 | *size = n; |
1739 | 13 | *buf = p; |
1740 | | |
1741 | 13 | return 0; |
1742 | 13 | } |
1743 | | |
1744 | | /* |
1745 | | * Return an informational string about the certificate. |
1746 | | */ |
1747 | 347 | #define BEFORE_COLON 18 |
1748 | | #define BC "18" |
1749 | | int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, |
1750 | | const mbedtls_x509_crt *crt) |
1751 | 375 | { |
1752 | 375 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1753 | 375 | size_t n; |
1754 | 375 | char *p; |
1755 | 375 | char key_size_str[BEFORE_COLON]; |
1756 | | |
1757 | 375 | p = buf; |
1758 | 375 | n = size; |
1759 | | |
1760 | 375 | if (NULL == crt) { |
1761 | 0 | ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n"); |
1762 | 0 | MBEDTLS_X509_SAFE_SNPRINTF; |
1763 | | |
1764 | 0 | return (int) (size - n); |
1765 | 0 | } |
1766 | | |
1767 | 375 | ret = mbedtls_snprintf(p, n, "%scert. version : %d\n", |
1768 | 375 | prefix, crt->version); |
1769 | 375 | MBEDTLS_X509_SAFE_SNPRINTF; |
1770 | 375 | ret = mbedtls_snprintf(p, n, "%sserial number : ", |
1771 | 375 | prefix); |
1772 | 375 | MBEDTLS_X509_SAFE_SNPRINTF; |
1773 | | |
1774 | 375 | ret = mbedtls_x509_serial_gets(p, n, &crt->serial); |
1775 | 375 | MBEDTLS_X509_SAFE_SNPRINTF; |
1776 | | |
1777 | 375 | ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); |
1778 | 375 | MBEDTLS_X509_SAFE_SNPRINTF; |
1779 | 375 | ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); |
1780 | 375 | MBEDTLS_X509_SAFE_SNPRINTF; |
1781 | | |
1782 | 372 | ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); |
1783 | 372 | MBEDTLS_X509_SAFE_SNPRINTF; |
1784 | 372 | ret = mbedtls_x509_dn_gets(p, n, &crt->subject); |
1785 | 372 | MBEDTLS_X509_SAFE_SNPRINTF; |
1786 | | |
1787 | 347 | ret = mbedtls_snprintf(p, n, "\n%sissued on : " \ |
1788 | 347 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, |
1789 | 347 | crt->valid_from.year, crt->valid_from.mon, |
1790 | 347 | crt->valid_from.day, crt->valid_from.hour, |
1791 | 347 | crt->valid_from.min, crt->valid_from.sec); |
1792 | 347 | MBEDTLS_X509_SAFE_SNPRINTF; |
1793 | | |
1794 | 347 | ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \ |
1795 | 347 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, |
1796 | 347 | crt->valid_to.year, crt->valid_to.mon, |
1797 | 347 | crt->valid_to.day, crt->valid_to.hour, |
1798 | 347 | crt->valid_to.min, crt->valid_to.sec); |
1799 | 347 | MBEDTLS_X509_SAFE_SNPRINTF; |
1800 | | |
1801 | 347 | ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); |
1802 | 347 | MBEDTLS_X509_SAFE_SNPRINTF; |
1803 | | |
1804 | 347 | ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, |
1805 | 347 | crt->sig_md, crt->sig_opts); |
1806 | 347 | MBEDTLS_X509_SAFE_SNPRINTF; |
1807 | | |
1808 | | /* Key size */ |
1809 | 347 | if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, |
1810 | 347 | mbedtls_pk_get_name(&crt->pk))) != 0) { |
1811 | 0 | return ret; |
1812 | 0 | } |
1813 | | |
1814 | 347 | ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, |
1815 | 347 | (int) mbedtls_pk_get_bitlen(&crt->pk)); |
1816 | 347 | MBEDTLS_X509_SAFE_SNPRINTF; |
1817 | | |
1818 | | /* |
1819 | | * Optional extensions |
1820 | | */ |
1821 | | |
1822 | 347 | if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { |
1823 | 110 | ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix, |
1824 | 110 | crt->ca_istrue ? "true" : "false"); |
1825 | 110 | MBEDTLS_X509_SAFE_SNPRINTF; |
1826 | | |
1827 | 110 | if (crt->max_pathlen > 0) { |
1828 | 31 | ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); |
1829 | 31 | MBEDTLS_X509_SAFE_SNPRINTF; |
1830 | 31 | } |
1831 | 110 | } |
1832 | | |
1833 | 347 | if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { |
1834 | 134 | ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); |
1835 | 134 | MBEDTLS_X509_SAFE_SNPRINTF; |
1836 | | |
1837 | 134 | if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n, |
1838 | 134 | &crt->subject_alt_names, |
1839 | 134 | prefix)) != 0) { |
1840 | 41 | return ret; |
1841 | 41 | } |
1842 | 134 | } |
1843 | | |
1844 | 306 | if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { |
1845 | 18 | ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); |
1846 | 18 | MBEDTLS_X509_SAFE_SNPRINTF; |
1847 | | |
1848 | 18 | if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { |
1849 | 0 | return ret; |
1850 | 0 | } |
1851 | 18 | } |
1852 | | |
1853 | 306 | if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { |
1854 | 117 | ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); |
1855 | 117 | MBEDTLS_X509_SAFE_SNPRINTF; |
1856 | | |
1857 | 115 | if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { |
1858 | 13 | return ret; |
1859 | 13 | } |
1860 | 115 | } |
1861 | | |
1862 | 291 | if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { |
1863 | 66 | ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix); |
1864 | 66 | MBEDTLS_X509_SAFE_SNPRINTF; |
1865 | | |
1866 | 63 | if ((ret = x509_info_ext_key_usage(&p, &n, |
1867 | 63 | &crt->ext_key_usage)) != 0) { |
1868 | 1 | return ret; |
1869 | 1 | } |
1870 | 63 | } |
1871 | | |
1872 | 287 | if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { |
1873 | 13 | ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); |
1874 | 13 | MBEDTLS_X509_SAFE_SNPRINTF; |
1875 | | |
1876 | 13 | if ((ret = x509_info_cert_policies(&p, &n, |
1877 | 13 | &crt->certificate_policies)) != 0) { |
1878 | 0 | return ret; |
1879 | 0 | } |
1880 | 13 | } |
1881 | | |
1882 | 287 | ret = mbedtls_snprintf(p, n, "\n"); |
1883 | 287 | MBEDTLS_X509_SAFE_SNPRINTF; |
1884 | | |
1885 | 286 | return (int) (size - n); |
1886 | 287 | } |
1887 | | |
1888 | | struct x509_crt_verify_string { |
1889 | | int code; |
1890 | | const char *string; |
1891 | | }; |
1892 | | |
1893 | | #define X509_CRT_ERROR_INFO(err, err_str, info) { err, info }, |
1894 | | static const struct x509_crt_verify_string x509_crt_verify_strings[] = { |
1895 | | MBEDTLS_X509_CRT_ERROR_INFO_LIST |
1896 | | { 0, NULL } |
1897 | | }; |
1898 | | #undef X509_CRT_ERROR_INFO |
1899 | | |
1900 | | int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, |
1901 | | uint32_t flags) |
1902 | 0 | { |
1903 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1904 | 0 | const struct x509_crt_verify_string *cur; |
1905 | 0 | char *p = buf; |
1906 | 0 | size_t n = size; |
1907 | |
|
1908 | 0 | for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) { |
1909 | 0 | if ((flags & cur->code) == 0) { |
1910 | 0 | continue; |
1911 | 0 | } |
1912 | | |
1913 | 0 | ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); |
1914 | 0 | MBEDTLS_X509_SAFE_SNPRINTF; |
1915 | 0 | flags ^= cur->code; |
1916 | 0 | } |
1917 | | |
1918 | 0 | if (flags != 0) { |
1919 | 0 | ret = mbedtls_snprintf(p, n, "%sUnknown reason " |
1920 | 0 | "(this should not happen)\n", prefix); |
1921 | 0 | MBEDTLS_X509_SAFE_SNPRINTF; |
1922 | 0 | } |
1923 | | |
1924 | 0 | return (int) (size - n); |
1925 | 0 | } |
1926 | | #endif /* MBEDTLS_X509_REMOVE_INFO */ |
1927 | | |
1928 | | int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, |
1929 | | unsigned int usage) |
1930 | 0 | { |
1931 | 0 | unsigned int usage_must, usage_may; |
1932 | 0 | unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY |
1933 | 0 | | MBEDTLS_X509_KU_DECIPHER_ONLY; |
1934 | |
|
1935 | 0 | if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { |
1936 | 0 | return 0; |
1937 | 0 | } |
1938 | | |
1939 | 0 | usage_must = usage & ~may_mask; |
1940 | |
|
1941 | 0 | if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { |
1942 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1943 | 0 | } |
1944 | | |
1945 | 0 | usage_may = usage & may_mask; |
1946 | |
|
1947 | 0 | if (((crt->key_usage & may_mask) | usage_may) != usage_may) { |
1948 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1949 | 0 | } |
1950 | | |
1951 | 0 | return 0; |
1952 | 0 | } |
1953 | | |
1954 | | int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, |
1955 | | const char *usage_oid, |
1956 | | size_t usage_len) |
1957 | 0 | { |
1958 | 0 | const mbedtls_x509_sequence *cur; |
1959 | | |
1960 | | /* Extension is not mandatory, absent means no restriction */ |
1961 | 0 | if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { |
1962 | 0 | return 0; |
1963 | 0 | } |
1964 | | |
1965 | | /* |
1966 | | * Look for the requested usage (or wildcard ANY) in our list |
1967 | | */ |
1968 | 0 | for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { |
1969 | 0 | const mbedtls_x509_buf *cur_oid = &cur->buf; |
1970 | |
|
1971 | 0 | if (cur_oid->len == usage_len && |
1972 | 0 | memcmp(cur_oid->p, usage_oid, usage_len) == 0) { |
1973 | 0 | return 0; |
1974 | 0 | } |
1975 | | |
1976 | 0 | if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) { |
1977 | 0 | return 0; |
1978 | 0 | } |
1979 | 0 | } |
1980 | | |
1981 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1982 | 0 | } |
1983 | | |
1984 | | #if defined(MBEDTLS_X509_CRL_PARSE_C) |
1985 | | /* |
1986 | | * Return 1 if the certificate is revoked, or 0 otherwise. |
1987 | | */ |
1988 | | int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) |
1989 | 0 | { |
1990 | 0 | const mbedtls_x509_crl_entry *cur = &crl->entry; |
1991 | |
|
1992 | 0 | while (cur != NULL && cur->serial.len != 0) { |
1993 | 0 | if (crt->serial.len == cur->serial.len && |
1994 | 0 | memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { |
1995 | 0 | return 1; |
1996 | 0 | } |
1997 | | |
1998 | 0 | cur = cur->next; |
1999 | 0 | } |
2000 | | |
2001 | 0 | return 0; |
2002 | 0 | } |
2003 | | |
2004 | | /* |
2005 | | * Check that the given certificate is not revoked according to the CRL. |
2006 | | * Skip validation if no CRL for the given CA is present. |
2007 | | */ |
2008 | | static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, |
2009 | | mbedtls_x509_crl *crl_list, |
2010 | | const mbedtls_x509_crt_profile *profile, |
2011 | | const mbedtls_x509_time *now) |
2012 | 0 | { |
2013 | 0 | int flags = 0; |
2014 | 0 | unsigned char hash[MBEDTLS_MD_MAX_SIZE]; |
2015 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
2016 | | psa_algorithm_t psa_algorithm; |
2017 | | #else |
2018 | | const mbedtls_md_info_t *md_info; |
2019 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
2020 | 0 | size_t hash_length; |
2021 | |
|
2022 | 0 | if (ca == NULL) { |
2023 | 0 | return flags; |
2024 | 0 | } |
2025 | | |
2026 | 0 | while (crl_list != NULL) { |
2027 | 0 | if (crl_list->version == 0 || |
2028 | 0 | x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { |
2029 | 0 | crl_list = crl_list->next; |
2030 | 0 | continue; |
2031 | 0 | } |
2032 | | |
2033 | | /* |
2034 | | * Check if the CA is configured to sign CRLs |
2035 | | */ |
2036 | 0 | if (mbedtls_x509_crt_check_key_usage(ca, |
2037 | 0 | MBEDTLS_X509_KU_CRL_SIGN) != 0) { |
2038 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2039 | 0 | break; |
2040 | 0 | } |
2041 | | |
2042 | | /* |
2043 | | * Check if CRL is correctly signed by the trusted CA |
2044 | | */ |
2045 | 0 | if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { |
2046 | 0 | flags |= MBEDTLS_X509_BADCRL_BAD_MD; |
2047 | 0 | } |
2048 | |
|
2049 | 0 | if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { |
2050 | 0 | flags |= MBEDTLS_X509_BADCRL_BAD_PK; |
2051 | 0 | } |
2052 | |
|
2053 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
2054 | | psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); |
2055 | 0 | if (psa_hash_compute(psa_algorithm, |
2056 | 0 | crl_list->tbs.p, |
2057 | 0 | crl_list->tbs.len, |
2058 | 0 | hash, |
2059 | 0 | sizeof(hash), |
2060 | 0 | &hash_length) != PSA_SUCCESS) { |
2061 | | /* Note: this can't happen except after an internal error */ |
2062 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2063 | 0 | break; |
2064 | 0 | } |
2065 | | #else |
2066 | | md_info = mbedtls_md_info_from_type(crl_list->sig_md); |
2067 | | hash_length = mbedtls_md_get_size(md_info); |
2068 | 0 | if (mbedtls_md(md_info, |
2069 | 0 | crl_list->tbs.p, |
2070 | 0 | crl_list->tbs.len, |
2071 | 0 | hash) != 0) { |
2072 | | /* Note: this can't happen except after an internal error */ |
2073 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2074 | 0 | break; |
2075 | 0 | } |
2076 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
2077 | | |
2078 | 0 | if (x509_profile_check_key(profile, &ca->pk) != 0) { |
2079 | 0 | flags |= MBEDTLS_X509_BADCERT_BAD_KEY; |
2080 | 0 | } |
2081 | |
|
2082 | 0 | if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, |
2083 | 0 | crl_list->sig_md, hash, hash_length, |
2084 | 0 | crl_list->sig.p, crl_list->sig.len) != 0) { |
2085 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2086 | 0 | break; |
2087 | 0 | } |
2088 | | |
2089 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2090 | | /* |
2091 | | * Check for validity of CRL (Do not drop out) |
2092 | | */ |
2093 | 0 | if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) { |
2094 | 0 | flags |= MBEDTLS_X509_BADCRL_EXPIRED; |
2095 | 0 | } |
2096 | |
|
2097 | 0 | if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) { |
2098 | 0 | flags |= MBEDTLS_X509_BADCRL_FUTURE; |
2099 | 0 | } |
2100 | | #else |
2101 | | ((void) now); |
2102 | | #endif |
2103 | | |
2104 | | /* |
2105 | | * Check if certificate is revoked |
2106 | | */ |
2107 | 0 | if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { |
2108 | 0 | flags |= MBEDTLS_X509_BADCERT_REVOKED; |
2109 | 0 | break; |
2110 | 0 | } |
2111 | | |
2112 | 0 | crl_list = crl_list->next; |
2113 | 0 | } |
2114 | |
|
2115 | 0 | return flags; |
2116 | 0 | } Unexecuted instantiation: x509_crt.c:x509_crt_verifycrl Unexecuted instantiation: x509_crt.c:x509_crt_verifycrl |
2117 | | #endif /* MBEDTLS_X509_CRL_PARSE_C */ |
2118 | | |
2119 | | /* |
2120 | | * Check the signature of a certificate by its parent |
2121 | | */ |
2122 | | static int x509_crt_check_signature(const mbedtls_x509_crt *child, |
2123 | | mbedtls_x509_crt *parent, |
2124 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
2125 | 0 | { |
2126 | 0 | size_t hash_len; |
2127 | 0 | unsigned char hash[MBEDTLS_MD_MAX_SIZE]; |
2128 | | #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
2129 | | const mbedtls_md_info_t *md_info; |
2130 | | md_info = mbedtls_md_info_from_type(child->sig_md); |
2131 | | hash_len = mbedtls_md_get_size(md_info); |
2132 | | |
2133 | | /* Note: hash errors can happen only after an internal error */ |
2134 | 0 | if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { |
2135 | 0 | return -1; |
2136 | 0 | } |
2137 | | #else |
2138 | | psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); |
2139 | 0 | psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
2140 | | |
2141 | | status = psa_hash_compute(hash_alg, |
2142 | | child->tbs.p, |
2143 | | child->tbs.len, |
2144 | | hash, |
2145 | | sizeof(hash), |
2146 | | &hash_len); |
2147 | 0 | if (status != PSA_SUCCESS) { |
2148 | 0 | return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; |
2149 | 0 | } |
2150 | | |
2151 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
2152 | | /* Skip expensive computation on obvious mismatch */ |
2153 | 0 | if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { |
2154 | 0 | return -1; |
2155 | 0 | } |
2156 | | |
2157 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2158 | 0 | if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { |
2159 | 0 | return mbedtls_pk_verify_restartable(&parent->pk, |
2160 | 0 | child->sig_md, hash, hash_len, |
2161 | 0 | child->sig.p, child->sig.len, &rs_ctx->pk); |
2162 | 0 | } |
2163 | | #else |
2164 | | (void) rs_ctx; |
2165 | | #endif |
2166 | | |
2167 | 0 | return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, |
2168 | 0 | child->sig_md, hash, hash_len, |
2169 | 0 | child->sig.p, child->sig.len); |
2170 | 0 | } Unexecuted instantiation: x509_crt.c:x509_crt_check_signature Unexecuted instantiation: x509_crt.c:x509_crt_check_signature |
2171 | | |
2172 | | /* |
2173 | | * Check if 'parent' is a suitable parent (signing CA) for 'child'. |
2174 | | * Return 0 if yes, -1 if not. |
2175 | | * |
2176 | | * top means parent is a locally-trusted certificate |
2177 | | */ |
2178 | | static int x509_crt_check_parent(const mbedtls_x509_crt *child, |
2179 | | const mbedtls_x509_crt *parent, |
2180 | | int top) |
2181 | 0 | { |
2182 | 0 | int need_ca_bit; |
2183 | | |
2184 | | /* Parent must be the issuer */ |
2185 | 0 | if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { |
2186 | 0 | return -1; |
2187 | 0 | } |
2188 | | |
2189 | | /* Parent must have the basicConstraints CA bit set as a general rule */ |
2190 | 0 | need_ca_bit = 1; |
2191 | | |
2192 | | /* Exception: v1/v2 certificates that are locally trusted. */ |
2193 | 0 | if (top && parent->version < 3) { |
2194 | 0 | need_ca_bit = 0; |
2195 | 0 | } |
2196 | |
|
2197 | 0 | if (need_ca_bit && !parent->ca_istrue) { |
2198 | 0 | return -1; |
2199 | 0 | } |
2200 | | |
2201 | 0 | if (need_ca_bit && |
2202 | 0 | mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { |
2203 | 0 | return -1; |
2204 | 0 | } |
2205 | | |
2206 | 0 | return 0; |
2207 | 0 | } |
2208 | | |
2209 | | /* |
2210 | | * Find a suitable parent for child in candidates, or return NULL. |
2211 | | * |
2212 | | * Here suitable is defined as: |
2213 | | * 1. subject name matches child's issuer |
2214 | | * 2. if necessary, the CA bit is set and key usage allows signing certs |
2215 | | * 3. for trusted roots, the signature is correct |
2216 | | * (for intermediates, the signature is checked and the result reported) |
2217 | | * 4. pathlen constraints are satisfied |
2218 | | * |
2219 | | * If there's a suitable candidate which is also time-valid, return the first |
2220 | | * such. Otherwise, return the first suitable candidate (or NULL if there is |
2221 | | * none). |
2222 | | * |
2223 | | * The rationale for this rule is that someone could have a list of trusted |
2224 | | * roots with two versions on the same root with different validity periods. |
2225 | | * (At least one user reported having such a list and wanted it to just work.) |
2226 | | * The reason we don't just require time-validity is that generally there is |
2227 | | * only one version, and if it's expired we want the flags to state that |
2228 | | * rather than NOT_TRUSTED, as would be the case if we required it here. |
2229 | | * |
2230 | | * The rationale for rule 3 (signature for trusted roots) is that users might |
2231 | | * have two versions of the same CA with different keys in their list, and the |
2232 | | * way we select the correct one is by checking the signature (as we don't |
2233 | | * rely on key identifier extensions). (This is one way users might choose to |
2234 | | * handle key rollover, another relies on self-issued certs, see [SIRO].) |
2235 | | * |
2236 | | * Arguments: |
2237 | | * - [in] child: certificate for which we're looking for a parent |
2238 | | * - [in] candidates: chained list of potential parents |
2239 | | * - [out] r_parent: parent found (or NULL) |
2240 | | * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 |
2241 | | * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top |
2242 | | * of the chain, 0 otherwise |
2243 | | * - [in] path_cnt: number of intermediates seen so far |
2244 | | * - [in] self_cnt: number of self-signed intermediates seen so far |
2245 | | * (will never be greater than path_cnt) |
2246 | | * - [in-out] rs_ctx: context for restarting operations |
2247 | | * |
2248 | | * Return value: |
2249 | | * - 0 on success |
2250 | | * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise |
2251 | | */ |
2252 | | static int x509_crt_find_parent_in( |
2253 | | mbedtls_x509_crt *child, |
2254 | | mbedtls_x509_crt *candidates, |
2255 | | mbedtls_x509_crt **r_parent, |
2256 | | int *r_signature_is_good, |
2257 | | int top, |
2258 | | unsigned path_cnt, |
2259 | | unsigned self_cnt, |
2260 | | mbedtls_x509_crt_restart_ctx *rs_ctx, |
2261 | | const mbedtls_x509_time *now) |
2262 | 0 | { |
2263 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
2264 | 0 | mbedtls_x509_crt *parent, *fallback_parent; |
2265 | 0 | int signature_is_good = 0, fallback_signature_is_good; |
2266 | |
|
2267 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2268 | | /* did we have something in progress? */ |
2269 | 0 | if (rs_ctx != NULL && rs_ctx->parent != NULL) { |
2270 | | /* restore saved state */ |
2271 | 0 | parent = rs_ctx->parent; |
2272 | 0 | fallback_parent = rs_ctx->fallback_parent; |
2273 | 0 | fallback_signature_is_good = rs_ctx->fallback_signature_is_good; |
2274 | | |
2275 | | /* clear saved state */ |
2276 | 0 | rs_ctx->parent = NULL; |
2277 | 0 | rs_ctx->fallback_parent = NULL; |
2278 | 0 | rs_ctx->fallback_signature_is_good = 0; |
2279 | | |
2280 | | /* resume where we left */ |
2281 | 0 | goto check_signature; |
2282 | 0 | } |
2283 | 0 | #endif |
2284 | | |
2285 | 0 | fallback_parent = NULL; |
2286 | 0 | fallback_signature_is_good = 0; |
2287 | |
|
2288 | 0 | for (parent = candidates; parent != NULL; parent = parent->next) { |
2289 | | /* basic parenting skills (name, CA bit, key usage) */ |
2290 | 0 | if (x509_crt_check_parent(child, parent, top) != 0) { |
2291 | 0 | continue; |
2292 | 0 | } |
2293 | | |
2294 | | /* +1 because stored max_pathlen is 1 higher that the actual value */ |
2295 | 0 | if (parent->max_pathlen > 0 && |
2296 | 0 | (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { |
2297 | 0 | continue; |
2298 | 0 | } |
2299 | | |
2300 | | /* Signature */ |
2301 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2302 | 0 | check_signature: |
2303 | 0 | #endif |
2304 | 0 | ret = x509_crt_check_signature(child, parent, rs_ctx); |
2305 | |
|
2306 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2307 | 0 | if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { |
2308 | | /* save state */ |
2309 | 0 | rs_ctx->parent = parent; |
2310 | 0 | rs_ctx->fallback_parent = fallback_parent; |
2311 | 0 | rs_ctx->fallback_signature_is_good = fallback_signature_is_good; |
2312 | |
|
2313 | 0 | return ret; |
2314 | 0 | } |
2315 | | #else |
2316 | | (void) ret; |
2317 | | #endif |
2318 | | |
2319 | 0 | signature_is_good = ret == 0; |
2320 | 0 | if (top && !signature_is_good) { |
2321 | 0 | continue; |
2322 | 0 | } |
2323 | | |
2324 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2325 | | /* optional time check */ |
2326 | 0 | if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */ |
2327 | 0 | mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */ |
2328 | 0 | if (fallback_parent == NULL) { |
2329 | 0 | fallback_parent = parent; |
2330 | 0 | fallback_signature_is_good = signature_is_good; |
2331 | 0 | } |
2332 | |
|
2333 | 0 | continue; |
2334 | 0 | } |
2335 | | #else |
2336 | | ((void) now); |
2337 | | #endif |
2338 | | |
2339 | 0 | *r_parent = parent; |
2340 | 0 | *r_signature_is_good = signature_is_good; |
2341 | |
|
2342 | 0 | break; |
2343 | 0 | } |
2344 | | |
2345 | 0 | if (parent == NULL) { |
2346 | 0 | *r_parent = fallback_parent; |
2347 | 0 | *r_signature_is_good = fallback_signature_is_good; |
2348 | 0 | } |
2349 | |
|
2350 | 0 | return 0; |
2351 | 0 | } |
2352 | | |
2353 | | /* |
2354 | | * Find a parent in trusted CAs or the provided chain, or return NULL. |
2355 | | * |
2356 | | * Searches in trusted CAs first, and return the first suitable parent found |
2357 | | * (see find_parent_in() for definition of suitable). |
2358 | | * |
2359 | | * Arguments: |
2360 | | * - [in] child: certificate for which we're looking for a parent, followed |
2361 | | * by a chain of possible intermediates |
2362 | | * - [in] trust_ca: list of locally trusted certificates |
2363 | | * - [out] parent: parent found (or NULL) |
2364 | | * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 |
2365 | | * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 |
2366 | | * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) |
2367 | | * - [in] self_cnt: number of self-signed certs in the chain so far |
2368 | | * (will always be no greater than path_cnt) |
2369 | | * - [in-out] rs_ctx: context for restarting operations |
2370 | | * |
2371 | | * Return value: |
2372 | | * - 0 on success |
2373 | | * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise |
2374 | | */ |
2375 | | static int x509_crt_find_parent( |
2376 | | mbedtls_x509_crt *child, |
2377 | | mbedtls_x509_crt *trust_ca, |
2378 | | mbedtls_x509_crt **parent, |
2379 | | int *parent_is_trusted, |
2380 | | int *signature_is_good, |
2381 | | unsigned path_cnt, |
2382 | | unsigned self_cnt, |
2383 | | mbedtls_x509_crt_restart_ctx *rs_ctx, |
2384 | | const mbedtls_x509_time *now) |
2385 | 0 | { |
2386 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
2387 | 0 | mbedtls_x509_crt *search_list; |
2388 | |
|
2389 | 0 | *parent_is_trusted = 1; |
2390 | |
|
2391 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2392 | | /* restore then clear saved state if we have some stored */ |
2393 | 0 | if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { |
2394 | 0 | *parent_is_trusted = rs_ctx->parent_is_trusted; |
2395 | 0 | rs_ctx->parent_is_trusted = -1; |
2396 | 0 | } |
2397 | 0 | #endif |
2398 | |
|
2399 | 0 | while (1) { |
2400 | 0 | search_list = *parent_is_trusted ? trust_ca : child->next; |
2401 | |
|
2402 | 0 | ret = x509_crt_find_parent_in(child, search_list, |
2403 | 0 | parent, signature_is_good, |
2404 | 0 | *parent_is_trusted, |
2405 | 0 | path_cnt, self_cnt, rs_ctx, now); |
2406 | |
|
2407 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2408 | 0 | if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { |
2409 | | /* save state */ |
2410 | 0 | rs_ctx->parent_is_trusted = *parent_is_trusted; |
2411 | 0 | return ret; |
2412 | 0 | } |
2413 | | #else |
2414 | | (void) ret; |
2415 | | #endif |
2416 | | |
2417 | | /* stop here if found or already in second iteration */ |
2418 | 0 | if (*parent != NULL || *parent_is_trusted == 0) { |
2419 | 0 | break; |
2420 | 0 | } |
2421 | | |
2422 | | /* prepare second iteration */ |
2423 | 0 | *parent_is_trusted = 0; |
2424 | 0 | } |
2425 | | |
2426 | | /* extra precaution against mistakes in the caller */ |
2427 | 0 | if (*parent == NULL) { |
2428 | 0 | *parent_is_trusted = 0; |
2429 | 0 | *signature_is_good = 0; |
2430 | 0 | } |
2431 | |
|
2432 | 0 | return 0; |
2433 | 0 | } |
2434 | | |
2435 | | /* |
2436 | | * Check if an end-entity certificate is locally trusted |
2437 | | * |
2438 | | * Currently we require such certificates to be self-signed (actually only |
2439 | | * check for self-issued as self-signatures are not checked) |
2440 | | */ |
2441 | | static int x509_crt_check_ee_locally_trusted( |
2442 | | mbedtls_x509_crt *crt, |
2443 | | mbedtls_x509_crt *trust_ca) |
2444 | 0 | { |
2445 | 0 | mbedtls_x509_crt *cur; |
2446 | | |
2447 | | /* must be self-issued */ |
2448 | 0 | if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { |
2449 | 0 | return -1; |
2450 | 0 | } |
2451 | | |
2452 | | /* look for an exact match with trusted cert */ |
2453 | 0 | for (cur = trust_ca; cur != NULL; cur = cur->next) { |
2454 | 0 | if (crt->raw.len == cur->raw.len && |
2455 | 0 | memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { |
2456 | 0 | return 0; |
2457 | 0 | } |
2458 | 0 | } |
2459 | | |
2460 | | /* too bad */ |
2461 | 0 | return -1; |
2462 | 0 | } |
2463 | | |
2464 | | /* |
2465 | | * Build and verify a certificate chain |
2466 | | * |
2467 | | * Given a peer-provided list of certificates EE, C1, ..., Cn and |
2468 | | * a list of trusted certs R1, ... Rp, try to build and verify a chain |
2469 | | * EE, Ci1, ... Ciq [, Rj] |
2470 | | * such that every cert in the chain is a child of the next one, |
2471 | | * jumping to a trusted root as early as possible. |
2472 | | * |
2473 | | * Verify that chain and return it with flags for all issues found. |
2474 | | * |
2475 | | * Special cases: |
2476 | | * - EE == Rj -> return a one-element list containing it |
2477 | | * - EE, Ci1, ..., Ciq cannot be continued with a trusted root |
2478 | | * -> return that chain with NOT_TRUSTED set on Ciq |
2479 | | * |
2480 | | * Tests for (aspects of) this function should include at least: |
2481 | | * - trusted EE |
2482 | | * - EE -> trusted root |
2483 | | * - EE -> intermediate CA -> trusted root |
2484 | | * - if relevant: EE untrusted |
2485 | | * - if relevant: EE -> intermediate, untrusted |
2486 | | * with the aspect under test checked at each relevant level (EE, int, root). |
2487 | | * For some aspects longer chains are required, but usually length 2 is |
2488 | | * enough (but length 1 is not in general). |
2489 | | * |
2490 | | * Arguments: |
2491 | | * - [in] crt: the cert list EE, C1, ..., Cn |
2492 | | * - [in] trust_ca: the trusted list R1, ..., Rp |
2493 | | * - [in] ca_crl, profile: as in verify_with_profile() |
2494 | | * - [out] ver_chain: the built and verified chain |
2495 | | * Only valid when return value is 0, may contain garbage otherwise! |
2496 | | * Restart note: need not be the same when calling again to resume. |
2497 | | * - [in-out] rs_ctx: context for restarting operations |
2498 | | * |
2499 | | * Return value: |
2500 | | * - non-zero if the chain could not be fully built and examined |
2501 | | * - 0 is the chain was successfully built and examined, |
2502 | | * even if it was found to be invalid |
2503 | | */ |
2504 | | static int x509_crt_verify_chain( |
2505 | | mbedtls_x509_crt *crt, |
2506 | | mbedtls_x509_crt *trust_ca, |
2507 | | mbedtls_x509_crl *ca_crl, |
2508 | | mbedtls_x509_crt_ca_cb_t f_ca_cb, |
2509 | | void *p_ca_cb, |
2510 | | const mbedtls_x509_crt_profile *profile, |
2511 | | mbedtls_x509_crt_verify_chain *ver_chain, |
2512 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
2513 | 0 | { |
2514 | | /* Don't initialize any of those variables here, so that the compiler can |
2515 | | * catch potential issues with jumping ahead when restarting */ |
2516 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
2517 | 0 | uint32_t *flags; |
2518 | 0 | mbedtls_x509_crt_verify_chain_item *cur; |
2519 | 0 | mbedtls_x509_crt *child; |
2520 | 0 | mbedtls_x509_crt *parent; |
2521 | 0 | int parent_is_trusted; |
2522 | 0 | int child_is_trusted; |
2523 | 0 | int signature_is_good; |
2524 | 0 | unsigned self_cnt; |
2525 | 0 | mbedtls_x509_crt *cur_trust_ca = NULL; |
2526 | 0 | mbedtls_x509_time now; |
2527 | |
|
2528 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2529 | 0 | if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { |
2530 | 0 | return MBEDTLS_ERR_X509_FATAL_ERROR; |
2531 | 0 | } |
2532 | 0 | #endif |
2533 | | |
2534 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2535 | | /* resume if we had an operation in progress */ |
2536 | 0 | if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { |
2537 | | /* restore saved state */ |
2538 | 0 | *ver_chain = rs_ctx->ver_chain; /* struct copy */ |
2539 | 0 | self_cnt = rs_ctx->self_cnt; |
2540 | | |
2541 | | /* restore derived state */ |
2542 | 0 | cur = &ver_chain->items[ver_chain->len - 1]; |
2543 | 0 | child = cur->crt; |
2544 | 0 | flags = &cur->flags; |
2545 | |
|
2546 | 0 | goto find_parent; |
2547 | 0 | } |
2548 | 0 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ |
2549 | | |
2550 | 0 | child = crt; |
2551 | 0 | self_cnt = 0; |
2552 | 0 | parent_is_trusted = 0; |
2553 | 0 | child_is_trusted = 0; |
2554 | |
|
2555 | 0 | while (1) { |
2556 | | /* Add certificate to the verification chain */ |
2557 | 0 | cur = &ver_chain->items[ver_chain->len]; |
2558 | 0 | cur->crt = child; |
2559 | 0 | cur->flags = 0; |
2560 | 0 | ver_chain->len++; |
2561 | 0 | flags = &cur->flags; |
2562 | |
|
2563 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2564 | | /* Check time-validity (all certificates) */ |
2565 | 0 | if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) { |
2566 | 0 | *flags |= MBEDTLS_X509_BADCERT_EXPIRED; |
2567 | 0 | } |
2568 | |
|
2569 | 0 | if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) { |
2570 | 0 | *flags |= MBEDTLS_X509_BADCERT_FUTURE; |
2571 | 0 | } |
2572 | 0 | #endif |
2573 | | |
2574 | | /* Stop here for trusted roots (but not for trusted EE certs) */ |
2575 | 0 | if (child_is_trusted) { |
2576 | 0 | return 0; |
2577 | 0 | } |
2578 | | |
2579 | | /* Check signature algorithm: MD & PK algs */ |
2580 | 0 | if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { |
2581 | 0 | *flags |= MBEDTLS_X509_BADCERT_BAD_MD; |
2582 | 0 | } |
2583 | |
|
2584 | 0 | if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { |
2585 | 0 | *flags |= MBEDTLS_X509_BADCERT_BAD_PK; |
2586 | 0 | } |
2587 | | |
2588 | | /* Special case: EE certs that are locally trusted */ |
2589 | 0 | if (ver_chain->len == 1 && |
2590 | 0 | x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { |
2591 | 0 | return 0; |
2592 | 0 | } |
2593 | | |
2594 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2595 | 0 | find_parent: |
2596 | 0 | #endif |
2597 | | |
2598 | | /* Obtain list of potential trusted signers from CA callback, |
2599 | | * or use statically provided list. */ |
2600 | 0 | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
2601 | 0 | if (f_ca_cb != NULL) { |
2602 | 0 | mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); |
2603 | 0 | mbedtls_free(ver_chain->trust_ca_cb_result); |
2604 | 0 | ver_chain->trust_ca_cb_result = NULL; |
2605 | |
|
2606 | 0 | ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); |
2607 | 0 | if (ret != 0) { |
2608 | 0 | return MBEDTLS_ERR_X509_FATAL_ERROR; |
2609 | 0 | } |
2610 | | |
2611 | 0 | cur_trust_ca = ver_chain->trust_ca_cb_result; |
2612 | 0 | } else |
2613 | 0 | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
2614 | 0 | { |
2615 | 0 | ((void) f_ca_cb); |
2616 | 0 | ((void) p_ca_cb); |
2617 | 0 | cur_trust_ca = trust_ca; |
2618 | 0 | } |
2619 | | |
2620 | | /* Look for a parent in trusted CAs or up the chain */ |
2621 | 0 | ret = x509_crt_find_parent(child, cur_trust_ca, &parent, |
2622 | 0 | &parent_is_trusted, &signature_is_good, |
2623 | 0 | ver_chain->len - 1, self_cnt, rs_ctx, |
2624 | 0 | &now); |
2625 | |
|
2626 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2627 | 0 | if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { |
2628 | | /* save state */ |
2629 | 0 | rs_ctx->in_progress = x509_crt_rs_find_parent; |
2630 | 0 | rs_ctx->self_cnt = self_cnt; |
2631 | 0 | rs_ctx->ver_chain = *ver_chain; /* struct copy */ |
2632 | |
|
2633 | 0 | return ret; |
2634 | 0 | } |
2635 | | #else |
2636 | | (void) ret; |
2637 | | #endif |
2638 | | |
2639 | | /* No parent? We're done here */ |
2640 | 0 | if (parent == NULL) { |
2641 | 0 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; |
2642 | 0 | return 0; |
2643 | 0 | } |
2644 | | |
2645 | | /* Count intermediate self-issued (not necessarily self-signed) certs. |
2646 | | * These can occur with some strategies for key rollover, see [SIRO], |
2647 | | * and should be excluded from max_pathlen checks. */ |
2648 | 0 | if (ver_chain->len != 1 && |
2649 | 0 | x509_name_cmp(&child->issuer, &child->subject) == 0) { |
2650 | 0 | self_cnt++; |
2651 | 0 | } |
2652 | | |
2653 | | /* path_cnt is 0 for the first intermediate CA, |
2654 | | * and if parent is trusted it's not an intermediate CA */ |
2655 | 0 | if (!parent_is_trusted && |
2656 | 0 | ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { |
2657 | | /* return immediately to avoid overflow the chain array */ |
2658 | 0 | return MBEDTLS_ERR_X509_FATAL_ERROR; |
2659 | 0 | } |
2660 | | |
2661 | | /* signature was checked while searching parent */ |
2662 | 0 | if (!signature_is_good) { |
2663 | 0 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; |
2664 | 0 | } |
2665 | | |
2666 | | /* check size of signing key */ |
2667 | 0 | if (x509_profile_check_key(profile, &parent->pk) != 0) { |
2668 | 0 | *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; |
2669 | 0 | } |
2670 | |
|
2671 | 0 | #if defined(MBEDTLS_X509_CRL_PARSE_C) |
2672 | | /* Check trusted CA's CRL for the given crt */ |
2673 | 0 | *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now); |
2674 | | #else |
2675 | | (void) ca_crl; |
2676 | | #endif |
2677 | | |
2678 | | /* prepare for next iteration */ |
2679 | 0 | child = parent; |
2680 | 0 | parent = NULL; |
2681 | 0 | child_is_trusted = parent_is_trusted; |
2682 | 0 | signature_is_good = 0; |
2683 | 0 | } |
2684 | 0 | } |
2685 | | |
2686 | | #ifdef _WIN32 |
2687 | | #ifdef _MSC_VER |
2688 | | #pragma comment(lib, "ws2_32.lib") |
2689 | | #include <winsock2.h> |
2690 | | #include <ws2tcpip.h> |
2691 | | #elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 |
2692 | | #include <winsock2.h> |
2693 | | #include <ws2tcpip.h> |
2694 | | #else |
2695 | | /* inet_pton() is not supported, fallback to software version */ |
2696 | | #define MBEDTLS_TEST_SW_INET_PTON |
2697 | | #endif |
2698 | | #elif defined(__sun) |
2699 | | /* Solaris requires -lsocket -lnsl for inet_pton() */ |
2700 | | #elif defined(__has_include) |
2701 | | #if __has_include(<sys/socket.h>) |
2702 | | #include <sys/socket.h> |
2703 | | #endif |
2704 | | #if __has_include(<arpa/inet.h>) |
2705 | | #include <arpa/inet.h> |
2706 | | #endif |
2707 | | #endif |
2708 | | |
2709 | | /* Use whether or not AF_INET6 is defined to indicate whether or not to use |
2710 | | * the platform inet_pton() or a local implementation (below). The local |
2711 | | * implementation may be used even in cases where the platform provides |
2712 | | * inet_pton(), e.g. when there are different includes required and/or the |
2713 | | * platform implementation requires dependencies on additional libraries. |
2714 | | * Specifically, Windows requires custom includes and additional link |
2715 | | * dependencies, and Solaris requires additional link dependencies. |
2716 | | * Also, as a coarse heuristic, use the local implementation if the compiler |
2717 | | * does not support __has_include(), or if the definition of AF_INET6 is not |
2718 | | * provided by headers included (or not) via __has_include() above. |
2719 | | * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names |
2720 | | * despite having a platform that has inet_pton. */ |
2721 | | #if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names |
2722 | | /* Definition located further below to possibly reduce compiler inlining */ |
2723 | | static int x509_inet_pton_ipv4(const char *src, void *dst); |
2724 | | |
2725 | | #define li_cton(c, n) \ |
2726 | | (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0)) |
2727 | | |
2728 | | static int x509_inet_pton_ipv6(const char *src, void *dst) |
2729 | | { |
2730 | | const unsigned char *p = (const unsigned char *) src; |
2731 | | int nonzero_groups = 0, num_digits, zero_group_start = -1; |
2732 | | uint16_t addr[8]; |
2733 | | do { |
2734 | | /* note: allows excess leading 0's, e.g. 1:0002:3:... */ |
2735 | | uint16_t group = num_digits = 0; |
2736 | | for (uint8_t digit; num_digits < 4; num_digits++) { |
2737 | | if (li_cton(*p, digit) == 0) { |
2738 | | break; |
2739 | | } |
2740 | | group = (group << 4) | digit; |
2741 | | p++; |
2742 | | } |
2743 | | if (num_digits != 0) { |
2744 | | MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups); |
2745 | | nonzero_groups++; |
2746 | | if (*p == '\0') { |
2747 | | break; |
2748 | | } else if (*p == '.') { |
2749 | | /* Don't accept IPv4 too early or late */ |
2750 | | if ((nonzero_groups == 0 && zero_group_start == -1) || |
2751 | | nonzero_groups >= 7) { |
2752 | | break; |
2753 | | } |
2754 | | |
2755 | | /* Walk back to prior ':', then parse as IPv4-mapped */ |
2756 | | int steps = 4; |
2757 | | do { |
2758 | | p--; |
2759 | | steps--; |
2760 | | } while (*p != ':' && steps > 0); |
2761 | | |
2762 | | if (*p != ':') { |
2763 | | break; |
2764 | | } |
2765 | | p++; |
2766 | | nonzero_groups--; |
2767 | | if (x509_inet_pton_ipv4((const char *) p, |
2768 | | addr + nonzero_groups) != 0) { |
2769 | | break; |
2770 | | } |
2771 | | |
2772 | | nonzero_groups += 2; |
2773 | | p = (const unsigned char *) ""; |
2774 | | break; |
2775 | | } else if (*p != ':') { |
2776 | | return -1; |
2777 | | } |
2778 | | } else { |
2779 | | /* Don't accept a second zero group or an invalid delimiter */ |
2780 | | if (zero_group_start != -1 || *p != ':') { |
2781 | | return -1; |
2782 | | } |
2783 | | zero_group_start = nonzero_groups; |
2784 | | |
2785 | | /* Accept a zero group at start, but it has to be a double colon */ |
2786 | | if (zero_group_start == 0 && *++p != ':') { |
2787 | | return -1; |
2788 | | } |
2789 | | |
2790 | | if (p[1] == '\0') { |
2791 | | ++p; |
2792 | | break; |
2793 | | } |
2794 | | } |
2795 | | ++p; |
2796 | | } while (nonzero_groups < 8); |
2797 | | |
2798 | | if (*p != '\0') { |
2799 | | return -1; |
2800 | | } |
2801 | | |
2802 | | if (zero_group_start != -1) { |
2803 | | if (nonzero_groups > 6) { |
2804 | | return -1; |
2805 | | } |
2806 | | int zero_groups = 8 - nonzero_groups; |
2807 | | int groups_after_zero = nonzero_groups - zero_group_start; |
2808 | | |
2809 | | /* Move the non-zero part to after the zeroes */ |
2810 | | if (groups_after_zero) { |
2811 | | memmove(addr + zero_group_start + zero_groups, |
2812 | | addr + zero_group_start, |
2813 | | groups_after_zero * sizeof(*addr)); |
2814 | | } |
2815 | | memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr)); |
2816 | | } else { |
2817 | | if (nonzero_groups != 8) { |
2818 | | return -1; |
2819 | | } |
2820 | | } |
2821 | | memcpy(dst, addr, sizeof(addr)); |
2822 | | return 0; |
2823 | | } |
2824 | | |
2825 | | static int x509_inet_pton_ipv4(const char *src, void *dst) |
2826 | | { |
2827 | | const unsigned char *p = (const unsigned char *) src; |
2828 | | uint8_t *res = (uint8_t *) dst; |
2829 | | uint8_t digit, num_digits = 0; |
2830 | | uint8_t num_octets = 0; |
2831 | | uint16_t octet; |
2832 | | |
2833 | | do { |
2834 | | octet = num_digits = 0; |
2835 | | do { |
2836 | | digit = *p - '0'; |
2837 | | if (digit > 9) { |
2838 | | break; |
2839 | | } |
2840 | | |
2841 | | /* Don't allow leading zeroes. These might mean octal format, |
2842 | | * which this implementation does not support. */ |
2843 | | if (octet == 0 && num_digits > 0) { |
2844 | | return -1; |
2845 | | } |
2846 | | |
2847 | | octet = octet * 10 + digit; |
2848 | | num_digits++; |
2849 | | p++; |
2850 | | } while (num_digits < 3); |
2851 | | |
2852 | | if (octet >= 256 || num_digits > 3 || num_digits == 0) { |
2853 | | return -1; |
2854 | | } |
2855 | | *res++ = (uint8_t) octet; |
2856 | | num_octets++; |
2857 | | } while (num_octets < 4 && *p++ == '.'); |
2858 | | return num_octets == 4 && *p == '\0' ? 0 : -1; |
2859 | | } |
2860 | | |
2861 | | #else |
2862 | | |
2863 | | static int x509_inet_pton_ipv6(const char *src, void *dst) |
2864 | 0 | { |
2865 | 0 | return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; |
2866 | 0 | } |
2867 | | |
2868 | | static int x509_inet_pton_ipv4(const char *src, void *dst) |
2869 | 0 | { |
2870 | 0 | return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; |
2871 | 0 | } |
2872 | | |
2873 | | #endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names |
2874 | | |
2875 | | size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst) |
2876 | 0 | { |
2877 | 0 | return strchr(cn, ':') == NULL |
2878 | 0 | ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 |
2879 | 0 | : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; |
2880 | 0 | } |
2881 | | |
2882 | | /* |
2883 | | * Check for CN match |
2884 | | */ |
2885 | | static int x509_crt_check_cn(const mbedtls_x509_buf *name, |
2886 | | const char *cn, size_t cn_len) |
2887 | 0 | { |
2888 | | /* try exact match */ |
2889 | 0 | if (name->len == cn_len && |
2890 | 0 | x509_memcasecmp(cn, name->p, cn_len) == 0) { |
2891 | 0 | return 0; |
2892 | 0 | } |
2893 | | |
2894 | | /* try wildcard match */ |
2895 | 0 | if (x509_check_wildcard(cn, name) == 0) { |
2896 | 0 | return 0; |
2897 | 0 | } |
2898 | | |
2899 | 0 | return -1; |
2900 | 0 | } |
2901 | | |
2902 | | static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, |
2903 | | const char *cn, size_t cn_len) |
2904 | 0 | { |
2905 | 0 | uint32_t ip[4]; |
2906 | 0 | cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip); |
2907 | 0 | if (cn_len == 0) { |
2908 | 0 | return -1; |
2909 | 0 | } |
2910 | | |
2911 | 0 | for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { |
2912 | 0 | const unsigned char san_type = (unsigned char) cur->buf.tag & |
2913 | 0 | MBEDTLS_ASN1_TAG_VALUE_MASK; |
2914 | 0 | if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && |
2915 | 0 | cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { |
2916 | 0 | return 0; |
2917 | 0 | } |
2918 | 0 | } |
2919 | | |
2920 | 0 | return -1; |
2921 | 0 | } |
2922 | | |
2923 | | static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san, |
2924 | | const char *cn, size_t cn_len) |
2925 | 0 | { |
2926 | 0 | for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { |
2927 | 0 | const unsigned char san_type = (unsigned char) cur->buf.tag & |
2928 | 0 | MBEDTLS_ASN1_TAG_VALUE_MASK; |
2929 | 0 | if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER && |
2930 | 0 | cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { |
2931 | 0 | return 0; |
2932 | 0 | } |
2933 | 0 | } |
2934 | | |
2935 | 0 | return -1; |
2936 | 0 | } |
2937 | | |
2938 | | /* |
2939 | | * Check for SAN match, see RFC 5280 Section 4.2.1.6 |
2940 | | */ |
2941 | | static int x509_crt_check_san(const mbedtls_x509_sequence *san, |
2942 | | const char *cn, size_t cn_len) |
2943 | 0 | { |
2944 | 0 | int san_ip = 0; |
2945 | 0 | int san_uri = 0; |
2946 | | /* Prioritize DNS name over other subtypes due to popularity */ |
2947 | 0 | for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { |
2948 | 0 | switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { |
2949 | 0 | case MBEDTLS_X509_SAN_DNS_NAME: |
2950 | 0 | if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { |
2951 | 0 | return 0; |
2952 | 0 | } |
2953 | 0 | break; |
2954 | 0 | case MBEDTLS_X509_SAN_IP_ADDRESS: |
2955 | 0 | san_ip = 1; |
2956 | 0 | break; |
2957 | 0 | case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: |
2958 | 0 | san_uri = 1; |
2959 | 0 | break; |
2960 | | /* (We may handle other types here later.) */ |
2961 | 0 | default: /* Unrecognized type */ |
2962 | 0 | break; |
2963 | 0 | } |
2964 | 0 | } |
2965 | 0 | if (san_ip) { |
2966 | 0 | if (x509_crt_check_san_ip(san, cn, cn_len) == 0) { |
2967 | 0 | return 0; |
2968 | 0 | } |
2969 | 0 | } |
2970 | 0 | if (san_uri) { |
2971 | 0 | if (x509_crt_check_san_uri(san, cn, cn_len) == 0) { |
2972 | 0 | return 0; |
2973 | 0 | } |
2974 | 0 | } |
2975 | | |
2976 | 0 | return -1; |
2977 | 0 | } |
2978 | | |
2979 | | /* |
2980 | | * Verify the requested CN - only call this if cn is not NULL! |
2981 | | */ |
2982 | | static void x509_crt_verify_name(const mbedtls_x509_crt *crt, |
2983 | | const char *cn, |
2984 | | uint32_t *flags) |
2985 | 0 | { |
2986 | 0 | const mbedtls_x509_name *name; |
2987 | 0 | size_t cn_len = strlen(cn); |
2988 | |
|
2989 | 0 | if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { |
2990 | 0 | if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { |
2991 | 0 | return; |
2992 | 0 | } |
2993 | 0 | } else { |
2994 | 0 | for (name = &crt->subject; name != NULL; name = name->next) { |
2995 | 0 | if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && |
2996 | 0 | x509_crt_check_cn(&name->val, cn, cn_len) == 0) { |
2997 | 0 | return; |
2998 | 0 | } |
2999 | 0 | } |
3000 | |
|
3001 | 0 | } |
3002 | | |
3003 | 0 | *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; |
3004 | 0 | } |
3005 | | |
3006 | | /* |
3007 | | * Merge the flags for all certs in the chain, after calling callback |
3008 | | */ |
3009 | | static int x509_crt_merge_flags_with_cb( |
3010 | | uint32_t *flags, |
3011 | | const mbedtls_x509_crt_verify_chain *ver_chain, |
3012 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3013 | | void *p_vrfy) |
3014 | 0 | { |
3015 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
3016 | 0 | unsigned i; |
3017 | 0 | uint32_t cur_flags; |
3018 | 0 | const mbedtls_x509_crt_verify_chain_item *cur; |
3019 | |
|
3020 | 0 | for (i = ver_chain->len; i != 0; --i) { |
3021 | 0 | cur = &ver_chain->items[i-1]; |
3022 | 0 | cur_flags = cur->flags; |
3023 | |
|
3024 | 0 | if (NULL != f_vrfy) { |
3025 | 0 | if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { |
3026 | 0 | return ret; |
3027 | 0 | } |
3028 | 0 | } |
3029 | | |
3030 | 0 | *flags |= cur_flags; |
3031 | 0 | } |
3032 | | |
3033 | 0 | return 0; |
3034 | 0 | } |
3035 | | |
3036 | | /* |
3037 | | * Verify the certificate validity, with profile, restartable version |
3038 | | * |
3039 | | * This function: |
3040 | | * - checks the requested CN (if any) |
3041 | | * - checks the type and size of the EE cert's key, |
3042 | | * as that isn't done as part of chain building/verification currently |
3043 | | * - builds and verifies the chain |
3044 | | * - then calls the callback and merges the flags |
3045 | | * |
3046 | | * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` |
3047 | | * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the |
3048 | | * verification routine to search for trusted signers, and CRLs will |
3049 | | * be disabled. Otherwise, `trust_ca` will be used as the static list |
3050 | | * of trusted signers, and `ca_crl` will be use as the static list |
3051 | | * of CRLs. |
3052 | | */ |
3053 | | static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, |
3054 | | mbedtls_x509_crt *trust_ca, |
3055 | | mbedtls_x509_crl *ca_crl, |
3056 | | mbedtls_x509_crt_ca_cb_t f_ca_cb, |
3057 | | void *p_ca_cb, |
3058 | | const mbedtls_x509_crt_profile *profile, |
3059 | | const char *cn, uint32_t *flags, |
3060 | | int (*f_vrfy)(void *, |
3061 | | mbedtls_x509_crt *, |
3062 | | int, |
3063 | | uint32_t *), |
3064 | | void *p_vrfy, |
3065 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
3066 | 0 | { |
3067 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
3068 | 0 | mbedtls_pk_type_t pk_type; |
3069 | 0 | mbedtls_x509_crt_verify_chain ver_chain; |
3070 | 0 | uint32_t ee_flags; |
3071 | |
|
3072 | 0 | *flags = 0; |
3073 | 0 | ee_flags = 0; |
3074 | 0 | x509_crt_verify_chain_reset(&ver_chain); |
3075 | |
|
3076 | 0 | if (profile == NULL) { |
3077 | 0 | ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
3078 | 0 | goto exit; |
3079 | 0 | } |
3080 | | |
3081 | | /* check name if requested */ |
3082 | 0 | if (cn != NULL) { |
3083 | 0 | x509_crt_verify_name(crt, cn, &ee_flags); |
3084 | 0 | } |
3085 | | |
3086 | | /* Check the type and size of the key */ |
3087 | 0 | pk_type = mbedtls_pk_get_type(&crt->pk); |
3088 | |
|
3089 | 0 | if (x509_profile_check_pk_alg(profile, pk_type) != 0) { |
3090 | 0 | ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; |
3091 | 0 | } |
3092 | |
|
3093 | 0 | if (x509_profile_check_key(profile, &crt->pk) != 0) { |
3094 | 0 | ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; |
3095 | 0 | } |
3096 | | |
3097 | | /* Check the chain */ |
3098 | 0 | ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, |
3099 | 0 | f_ca_cb, p_ca_cb, profile, |
3100 | 0 | &ver_chain, rs_ctx); |
3101 | |
|
3102 | 0 | if (ret != 0) { |
3103 | 0 | goto exit; |
3104 | 0 | } |
3105 | | |
3106 | | /* Merge end-entity flags */ |
3107 | 0 | ver_chain.items[0].flags |= ee_flags; |
3108 | | |
3109 | | /* Build final flags, calling callback on the way if any */ |
3110 | 0 | ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); |
3111 | |
|
3112 | 0 | exit: |
3113 | |
|
3114 | 0 | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
3115 | 0 | mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); |
3116 | 0 | mbedtls_free(ver_chain.trust_ca_cb_result); |
3117 | 0 | ver_chain.trust_ca_cb_result = NULL; |
3118 | 0 | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
3119 | |
|
3120 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
3121 | 0 | if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { |
3122 | 0 | mbedtls_x509_crt_restart_free(rs_ctx); |
3123 | 0 | } |
3124 | 0 | #endif |
3125 | | |
3126 | | /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by |
3127 | | * the SSL module for authmode optional, but non-zero return from the |
3128 | | * callback means a fatal error so it shouldn't be ignored */ |
3129 | 0 | if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { |
3130 | 0 | ret = MBEDTLS_ERR_X509_FATAL_ERROR; |
3131 | 0 | } |
3132 | |
|
3133 | 0 | if (ret != 0) { |
3134 | 0 | *flags = (uint32_t) -1; |
3135 | 0 | return ret; |
3136 | 0 | } |
3137 | | |
3138 | 0 | if (*flags != 0) { |
3139 | 0 | return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; |
3140 | 0 | } |
3141 | | |
3142 | 0 | return 0; |
3143 | 0 | } |
3144 | | |
3145 | | |
3146 | | /* |
3147 | | * Verify the certificate validity (default profile, not restartable) |
3148 | | */ |
3149 | | int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, |
3150 | | mbedtls_x509_crt *trust_ca, |
3151 | | mbedtls_x509_crl *ca_crl, |
3152 | | const char *cn, uint32_t *flags, |
3153 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3154 | | void *p_vrfy) |
3155 | 0 | { |
3156 | 0 | return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, |
3157 | 0 | NULL, NULL, |
3158 | 0 | &mbedtls_x509_crt_profile_default, |
3159 | 0 | cn, flags, |
3160 | 0 | f_vrfy, p_vrfy, NULL); |
3161 | 0 | } |
3162 | | |
3163 | | /* |
3164 | | * Verify the certificate validity (user-chosen profile, not restartable) |
3165 | | */ |
3166 | | int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, |
3167 | | mbedtls_x509_crt *trust_ca, |
3168 | | mbedtls_x509_crl *ca_crl, |
3169 | | const mbedtls_x509_crt_profile *profile, |
3170 | | const char *cn, uint32_t *flags, |
3171 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3172 | | void *p_vrfy) |
3173 | 0 | { |
3174 | 0 | return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, |
3175 | 0 | NULL, NULL, |
3176 | 0 | profile, cn, flags, |
3177 | 0 | f_vrfy, p_vrfy, NULL); |
3178 | 0 | } |
3179 | | |
3180 | | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
3181 | | /* |
3182 | | * Verify the certificate validity (user-chosen profile, CA callback, |
3183 | | * not restartable). |
3184 | | */ |
3185 | | int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, |
3186 | | mbedtls_x509_crt_ca_cb_t f_ca_cb, |
3187 | | void *p_ca_cb, |
3188 | | const mbedtls_x509_crt_profile *profile, |
3189 | | const char *cn, uint32_t *flags, |
3190 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3191 | | void *p_vrfy) |
3192 | 0 | { |
3193 | 0 | return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, |
3194 | 0 | f_ca_cb, p_ca_cb, |
3195 | 0 | profile, cn, flags, |
3196 | 0 | f_vrfy, p_vrfy, NULL); |
3197 | 0 | } |
3198 | | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
3199 | | |
3200 | | int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, |
3201 | | mbedtls_x509_crt *trust_ca, |
3202 | | mbedtls_x509_crl *ca_crl, |
3203 | | const mbedtls_x509_crt_profile *profile, |
3204 | | const char *cn, uint32_t *flags, |
3205 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3206 | | void *p_vrfy, |
3207 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
3208 | 0 | { |
3209 | 0 | return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, |
3210 | 0 | NULL, NULL, |
3211 | 0 | profile, cn, flags, |
3212 | 0 | f_vrfy, p_vrfy, rs_ctx); |
3213 | 0 | } |
3214 | | |
3215 | | |
3216 | | /* |
3217 | | * Initialize a certificate chain |
3218 | | */ |
3219 | | void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) |
3220 | 14.9k | { |
3221 | 14.9k | memset(crt, 0, sizeof(mbedtls_x509_crt)); |
3222 | 14.9k | } |
3223 | | |
3224 | | /* |
3225 | | * Unallocate all certificate data |
3226 | | */ |
3227 | | void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) |
3228 | 75.0k | { |
3229 | 75.0k | mbedtls_x509_crt *cert_cur = crt; |
3230 | 75.0k | mbedtls_x509_crt *cert_prv; |
3231 | | |
3232 | 150k | while (cert_cur != NULL) { |
3233 | 75.3k | mbedtls_pk_free(&cert_cur->pk); |
3234 | | |
3235 | 75.3k | #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) |
3236 | 75.3k | mbedtls_free(cert_cur->sig_opts); |
3237 | 75.3k | #endif |
3238 | | |
3239 | 75.3k | mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); |
3240 | 75.3k | mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); |
3241 | 75.3k | mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); |
3242 | 75.3k | mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); |
3243 | 75.3k | mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); |
3244 | 75.3k | mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); |
3245 | | |
3246 | 75.3k | if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { |
3247 | 57.3k | mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); |
3248 | 57.3k | } |
3249 | | |
3250 | 75.3k | cert_prv = cert_cur; |
3251 | 75.3k | cert_cur = cert_cur->next; |
3252 | | |
3253 | 75.3k | mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); |
3254 | 75.3k | if (cert_prv != crt) { |
3255 | 299 | mbedtls_free(cert_prv); |
3256 | 299 | } |
3257 | 75.3k | } |
3258 | 75.0k | } |
3259 | | |
3260 | | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
3261 | | /* |
3262 | | * Initialize a restart context |
3263 | | */ |
3264 | | void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx) |
3265 | 19.5k | { |
3266 | 19.5k | mbedtls_pk_restart_init(&ctx->pk); |
3267 | | |
3268 | 19.5k | ctx->parent = NULL; |
3269 | 19.5k | ctx->fallback_parent = NULL; |
3270 | 19.5k | ctx->fallback_signature_is_good = 0; |
3271 | | |
3272 | 19.5k | ctx->parent_is_trusted = -1; |
3273 | | |
3274 | 19.5k | ctx->in_progress = x509_crt_rs_none; |
3275 | 19.5k | ctx->self_cnt = 0; |
3276 | 19.5k | x509_crt_verify_chain_reset(&ctx->ver_chain); |
3277 | 19.5k | } |
3278 | | |
3279 | | /* |
3280 | | * Free the components of a restart context |
3281 | | */ |
3282 | | void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) |
3283 | 9.75k | { |
3284 | 9.75k | if (ctx == NULL) { |
3285 | 0 | return; |
3286 | 0 | } |
3287 | | |
3288 | 9.75k | mbedtls_pk_restart_free(&ctx->pk); |
3289 | 9.75k | mbedtls_x509_crt_restart_init(ctx); |
3290 | 9.75k | } |
3291 | | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ |
3292 | | |
3293 | | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |