/src/mbedtls/library/x509_crt.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * X.509 certificate parsing and verification |
3 | | * |
4 | | * Copyright The Mbed TLS Contributors |
5 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
6 | | */ |
7 | | /* |
8 | | * The ITU-T X.509 standard defines a certificate format for PKI. |
9 | | * |
10 | | * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) |
11 | | * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) |
12 | | * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) |
13 | | * |
14 | | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf |
15 | | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf |
16 | | * |
17 | | * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf |
18 | | */ |
19 | | |
20 | | #include "common.h" |
21 | | |
22 | | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
23 | | |
24 | | #include "mbedtls/x509_crt.h" |
25 | | #include "x509_internal.h" |
26 | | #include "mbedtls/error.h" |
27 | | #include "mbedtls/oid.h" |
28 | | #include "mbedtls/platform_util.h" |
29 | | |
30 | | #include <string.h> |
31 | | |
32 | | #if defined(MBEDTLS_PEM_PARSE_C) |
33 | | #include "mbedtls/pem.h" |
34 | | #endif |
35 | | |
36 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
37 | | #include "psa/crypto.h" |
38 | | #include "psa_util_internal.h" |
39 | | #include "mbedtls/psa_util.h" |
40 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
41 | | #include "pk_internal.h" |
42 | | |
43 | | #include "mbedtls/platform.h" |
44 | | |
45 | | #if defined(MBEDTLS_THREADING_C) |
46 | | #include "mbedtls/threading.h" |
47 | | #endif |
48 | | |
49 | | #if defined(MBEDTLS_HAVE_TIME) |
50 | | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) |
51 | | #ifndef WIN32_LEAN_AND_MEAN |
52 | | #define WIN32_LEAN_AND_MEAN |
53 | | #endif |
54 | | #include <windows.h> |
55 | | #else |
56 | | #include <time.h> |
57 | | #endif |
58 | | #endif |
59 | | |
60 | | #if defined(MBEDTLS_FS_IO) |
61 | | #include <stdio.h> |
62 | | #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32) |
63 | | #include <sys/types.h> |
64 | | #include <sys/stat.h> |
65 | | #if defined(__MBED__) |
66 | | #include <platform/mbed_retarget.h> |
67 | | #else |
68 | | #include <dirent.h> |
69 | | #endif /* __MBED__ */ |
70 | | #include <errno.h> |
71 | | #endif /* !_WIN32 || EFIX64 || EFI32 */ |
72 | | #endif |
73 | | |
74 | | /* |
75 | | * Item in a verification chain: cert and flags for it |
76 | | */ |
77 | | typedef struct { |
78 | | mbedtls_x509_crt *crt; |
79 | | uint32_t flags; |
80 | | } x509_crt_verify_chain_item; |
81 | | |
82 | | /* |
83 | | * Max size of verification chain: end-entity + intermediates + trusted root |
84 | | */ |
85 | | #define X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) |
86 | | |
87 | | /* Default profile. Do not remove items unless there are serious security |
88 | | * concerns. */ |
89 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = |
90 | | { |
91 | | /* Hashes from SHA-256 and above. Note that this selection |
92 | | * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */ |
93 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | |
94 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | |
95 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), |
96 | | 0xFFFFFFF, /* Any PK alg */ |
97 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
98 | | /* Curves at or above 128-bit security level. Note that this selection |
99 | | * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ |
100 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | |
101 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | |
102 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | |
103 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | |
104 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | |
105 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | |
106 | | 0, |
107 | | #else /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
108 | | 0, |
109 | | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
110 | | 2048, |
111 | | }; |
112 | | |
113 | | /* Next-generation profile. Currently identical to the default, but may |
114 | | * be tightened at any time. */ |
115 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = |
116 | | { |
117 | | /* Hashes from SHA-256 and above. */ |
118 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | |
119 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | |
120 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), |
121 | | 0xFFFFFFF, /* Any PK alg */ |
122 | | #if defined(MBEDTLS_ECP_C) |
123 | | /* Curves at or above 128-bit security level. */ |
124 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | |
125 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | |
126 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | |
127 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | |
128 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | |
129 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | |
130 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1), |
131 | | #else |
132 | | 0, |
133 | | #endif |
134 | | 2048, |
135 | | }; |
136 | | |
137 | | /* |
138 | | * NSA Suite B Profile |
139 | | */ |
140 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = |
141 | | { |
142 | | /* Only SHA-256 and 384 */ |
143 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | |
144 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384), |
145 | | /* Only ECDSA */ |
146 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | |
147 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), |
148 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
149 | | /* Only NIST P-256 and P-384 */ |
150 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | |
151 | | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), |
152 | | #else /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
153 | | 0, |
154 | | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
155 | | 0, |
156 | | }; |
157 | | |
158 | | /* |
159 | | * Empty / all-forbidden profile |
160 | | */ |
161 | | const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none = |
162 | | { |
163 | | 0, |
164 | | 0, |
165 | | 0, |
166 | | (uint32_t) -1, |
167 | | }; |
168 | | |
169 | | /* |
170 | | * Check md_alg against profile |
171 | | * Return 0 if md_alg is acceptable for this profile, -1 otherwise |
172 | | */ |
173 | | static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, |
174 | | mbedtls_md_type_t md_alg) |
175 | 0 | { |
176 | 0 | if (md_alg == MBEDTLS_MD_NONE) { |
177 | 0 | return -1; |
178 | 0 | } |
179 | | |
180 | 0 | if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { |
181 | 0 | return 0; |
182 | 0 | } |
183 | | |
184 | 0 | return -1; |
185 | 0 | } |
186 | | |
187 | | /* |
188 | | * Check pk_alg against profile |
189 | | * Return 0 if pk_alg is acceptable for this profile, -1 otherwise |
190 | | */ |
191 | | static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, |
192 | | mbedtls_pk_type_t pk_alg) |
193 | 0 | { |
194 | 0 | if (pk_alg == MBEDTLS_PK_NONE) { |
195 | 0 | return -1; |
196 | 0 | } |
197 | | |
198 | 0 | if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { |
199 | 0 | return 0; |
200 | 0 | } |
201 | | |
202 | 0 | return -1; |
203 | 0 | } |
204 | | |
205 | | /* |
206 | | * Check key against profile |
207 | | * Return 0 if pk is acceptable for this profile, -1 otherwise |
208 | | */ |
209 | | static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, |
210 | | const mbedtls_pk_context *pk) |
211 | 0 | { |
212 | 0 | const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); |
213 | |
|
214 | 0 | #if defined(MBEDTLS_RSA_C) |
215 | 0 | if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { |
216 | 0 | if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { |
217 | 0 | return 0; |
218 | 0 | } |
219 | | |
220 | 0 | return -1; |
221 | 0 | } |
222 | 0 | #endif /* MBEDTLS_RSA_C */ |
223 | | |
224 | 0 | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
225 | 0 | if (pk_alg == MBEDTLS_PK_ECDSA || |
226 | 0 | pk_alg == MBEDTLS_PK_ECKEY || |
227 | 0 | pk_alg == MBEDTLS_PK_ECKEY_DH) { |
228 | 0 | const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk); |
229 | |
|
230 | 0 | if (gid == MBEDTLS_ECP_DP_NONE) { |
231 | 0 | return -1; |
232 | 0 | } |
233 | | |
234 | 0 | if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { |
235 | 0 | return 0; |
236 | 0 | } |
237 | | |
238 | 0 | return -1; |
239 | 0 | } |
240 | 0 | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
241 | | |
242 | 0 | return -1; |
243 | 0 | } |
244 | | |
245 | | /* |
246 | | * Like memcmp, but case-insensitive and always returns -1 if different |
247 | | */ |
248 | | static int x509_memcasecmp(const void *s1, const void *s2, size_t len) |
249 | 0 | { |
250 | 0 | size_t i; |
251 | 0 | unsigned char diff; |
252 | 0 | const unsigned char *n1 = s1, *n2 = s2; |
253 | |
|
254 | 0 | for (i = 0; i < len; i++) { |
255 | 0 | diff = n1[i] ^ n2[i]; |
256 | |
|
257 | 0 | if (diff == 0) { |
258 | 0 | continue; |
259 | 0 | } |
260 | | |
261 | 0 | if (diff == 32 && |
262 | 0 | ((n1[i] >= 'a' && n1[i] <= 'z') || |
263 | 0 | (n1[i] >= 'A' && n1[i] <= 'Z'))) { |
264 | 0 | continue; |
265 | 0 | } |
266 | | |
267 | 0 | return -1; |
268 | 0 | } |
269 | | |
270 | 0 | return 0; |
271 | 0 | } |
272 | | |
273 | | /* |
274 | | * Return 0 if name matches wildcard, -1 otherwise |
275 | | */ |
276 | | static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name) |
277 | 0 | { |
278 | 0 | size_t i; |
279 | 0 | size_t cn_idx = 0, cn_len = strlen(cn); |
280 | | |
281 | | /* We can't have a match if there is no wildcard to match */ |
282 | 0 | if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') { |
283 | 0 | return -1; |
284 | 0 | } |
285 | | |
286 | 0 | for (i = 0; i < cn_len; ++i) { |
287 | 0 | if (cn[i] == '.') { |
288 | 0 | cn_idx = i; |
289 | 0 | break; |
290 | 0 | } |
291 | 0 | } |
292 | |
|
293 | 0 | if (cn_idx == 0) { |
294 | 0 | return -1; |
295 | 0 | } |
296 | | |
297 | 0 | if (cn_len - cn_idx == name->len - 1 && |
298 | 0 | x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { |
299 | 0 | return 0; |
300 | 0 | } |
301 | | |
302 | 0 | return -1; |
303 | 0 | } |
304 | | |
305 | | /* |
306 | | * Compare two X.509 strings, case-insensitive, and allowing for some encoding |
307 | | * variations (but not all). |
308 | | * |
309 | | * Return 0 if equal, -1 otherwise. |
310 | | */ |
311 | | static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b) |
312 | 0 | { |
313 | 0 | if (a->tag == b->tag && |
314 | 0 | a->len == b->len && |
315 | 0 | memcmp(a->p, b->p, b->len) == 0) { |
316 | 0 | return 0; |
317 | 0 | } |
318 | | |
319 | 0 | if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && |
320 | 0 | (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && |
321 | 0 | a->len == b->len && |
322 | 0 | x509_memcasecmp(a->p, b->p, b->len) == 0) { |
323 | 0 | return 0; |
324 | 0 | } |
325 | | |
326 | 0 | return -1; |
327 | 0 | } |
328 | | |
329 | | /* |
330 | | * Compare two X.509 Names (aka rdnSequence). |
331 | | * |
332 | | * See RFC 5280 section 7.1, though we don't implement the whole algorithm: |
333 | | * we sometimes return unequal when the full algorithm would return equal, |
334 | | * but never the other way. (In particular, we don't do Unicode normalisation |
335 | | * or space folding.) |
336 | | * |
337 | | * Return 0 if equal, -1 otherwise. |
338 | | */ |
339 | | static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b) |
340 | 0 | { |
341 | | /* Avoid recursion, it might not be optimised by the compiler */ |
342 | 0 | while (a != NULL || b != NULL) { |
343 | 0 | if (a == NULL || b == NULL) { |
344 | 0 | return -1; |
345 | 0 | } |
346 | | |
347 | | /* type */ |
348 | 0 | if (a->oid.tag != b->oid.tag || |
349 | 0 | a->oid.len != b->oid.len || |
350 | 0 | memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { |
351 | 0 | return -1; |
352 | 0 | } |
353 | | |
354 | | /* value */ |
355 | 0 | if (x509_string_cmp(&a->val, &b->val) != 0) { |
356 | 0 | return -1; |
357 | 0 | } |
358 | | |
359 | | /* structure of the list of sets */ |
360 | 0 | if (a->next_merged != b->next_merged) { |
361 | 0 | return -1; |
362 | 0 | } |
363 | | |
364 | 0 | a = a->next; |
365 | 0 | b = b->next; |
366 | 0 | } |
367 | | |
368 | | /* a == NULL == b */ |
369 | 0 | return 0; |
370 | 0 | } |
371 | | |
372 | | /* |
373 | | * Reset (init or clear) a verify_chain |
374 | | */ |
375 | | static void x509_crt_verify_chain_reset( |
376 | | mbedtls_x509_crt_verify_chain *ver_chain) |
377 | 15.3k | { |
378 | 15.3k | size_t i; |
379 | | |
380 | 168k | for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { |
381 | 153k | ver_chain->items[i].crt = NULL; |
382 | 153k | ver_chain->items[i].flags = (uint32_t) -1; |
383 | 153k | } |
384 | | |
385 | 15.3k | ver_chain->len = 0; |
386 | | |
387 | 15.3k | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
388 | 15.3k | ver_chain->trust_ca_cb_result = NULL; |
389 | 15.3k | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
390 | 15.3k | } |
391 | | |
392 | | /* |
393 | | * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
394 | | */ |
395 | | static int x509_get_version(unsigned char **p, |
396 | | const unsigned char *end, |
397 | | int *ver) |
398 | 56.9k | { |
399 | 56.9k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
400 | 56.9k | size_t len; |
401 | | |
402 | 56.9k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
403 | 56.9k | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | |
404 | 56.9k | 0)) != 0) { |
405 | 10.3k | if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
406 | 10.1k | *ver = 0; |
407 | 10.1k | return 0; |
408 | 10.1k | } |
409 | | |
410 | 203 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
411 | 10.3k | } |
412 | | |
413 | 46.5k | end = *p + len; |
414 | | |
415 | 46.5k | if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { |
416 | 2.45k | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); |
417 | 2.45k | } |
418 | | |
419 | 44.1k | if (*p != end) { |
420 | 460 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, |
421 | 460 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
422 | 460 | } |
423 | | |
424 | 43.6k | return 0; |
425 | 44.1k | } |
426 | | |
427 | | /* |
428 | | * Validity ::= SEQUENCE { |
429 | | * notBefore Time, |
430 | | * notAfter Time } |
431 | | */ |
432 | | static int x509_get_dates(unsigned char **p, |
433 | | const unsigned char *end, |
434 | | mbedtls_x509_time *from, |
435 | | mbedtls_x509_time *to) |
436 | 37.5k | { |
437 | 37.5k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
438 | 37.5k | size_t len; |
439 | | |
440 | 37.5k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
441 | 37.5k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
442 | 270 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); |
443 | 270 | } |
444 | | |
445 | 37.2k | end = *p + len; |
446 | | |
447 | 37.2k | if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { |
448 | 2.66k | return ret; |
449 | 2.66k | } |
450 | | |
451 | 34.6k | if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { |
452 | 2.05k | return ret; |
453 | 2.05k | } |
454 | | |
455 | 32.5k | if (*p != end) { |
456 | 231 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, |
457 | 231 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
458 | 231 | } |
459 | | |
460 | 32.3k | return 0; |
461 | 32.5k | } |
462 | | |
463 | | /* |
464 | | * X.509 v2/v3 unique identifier (not parsed) |
465 | | */ |
466 | | static int x509_get_uid(unsigned char **p, |
467 | | const unsigned char *end, |
468 | | mbedtls_x509_buf *uid, int n) |
469 | 28.6k | { |
470 | 28.6k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
471 | | |
472 | 28.6k | if (*p == end) { |
473 | 990 | return 0; |
474 | 990 | } |
475 | | |
476 | 27.6k | uid->tag = **p; |
477 | | |
478 | 27.6k | if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, |
479 | 27.6k | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | |
480 | 27.6k | n)) != 0) { |
481 | 26.7k | if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
482 | 26.3k | return 0; |
483 | 26.3k | } |
484 | | |
485 | 403 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
486 | 26.7k | } |
487 | | |
488 | 900 | uid->p = *p; |
489 | 900 | *p += uid->len; |
490 | | |
491 | 900 | return 0; |
492 | 27.6k | } |
493 | | |
494 | | static int x509_get_basic_constraints(unsigned char **p, |
495 | | const unsigned char *end, |
496 | | int *ca_istrue, |
497 | | int *max_pathlen) |
498 | 2.28k | { |
499 | 2.28k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
500 | 2.28k | size_t len; |
501 | | |
502 | | /* |
503 | | * BasicConstraints ::= SEQUENCE { |
504 | | * cA BOOLEAN DEFAULT FALSE, |
505 | | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } |
506 | | */ |
507 | 2.28k | *ca_istrue = 0; /* DEFAULT FALSE */ |
508 | 2.28k | *max_pathlen = 0; /* endless */ |
509 | | |
510 | 2.28k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
511 | 2.28k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
512 | 203 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
513 | 203 | } |
514 | | |
515 | 2.08k | if (*p == end) { |
516 | 1.40k | return 0; |
517 | 1.40k | } |
518 | | |
519 | 680 | if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { |
520 | 412 | if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
521 | 343 | ret = mbedtls_asn1_get_int(p, end, ca_istrue); |
522 | 343 | } |
523 | | |
524 | 412 | if (ret != 0) { |
525 | 71 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
526 | 71 | } |
527 | | |
528 | 341 | if (*ca_istrue != 0) { |
529 | 265 | *ca_istrue = 1; |
530 | 265 | } |
531 | 341 | } |
532 | | |
533 | 609 | if (*p == end) { |
534 | 204 | return 0; |
535 | 204 | } |
536 | | |
537 | 405 | if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { |
538 | 93 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
539 | 93 | } |
540 | | |
541 | 312 | if (*p != end) { |
542 | 154 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
543 | 154 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
544 | 154 | } |
545 | | |
546 | | /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer |
547 | | * overflow, which is an undefined behavior. */ |
548 | 158 | if (*max_pathlen == INT_MAX) { |
549 | 2 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
550 | 2 | MBEDTLS_ERR_ASN1_INVALID_LENGTH); |
551 | 2 | } |
552 | | |
553 | 156 | (*max_pathlen)++; |
554 | | |
555 | 156 | return 0; |
556 | 158 | } |
557 | | |
558 | | /* |
559 | | * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId |
560 | | * |
561 | | * KeyPurposeId ::= OBJECT IDENTIFIER |
562 | | */ |
563 | | static int x509_get_ext_key_usage(unsigned char **p, |
564 | | const unsigned char *end, |
565 | | mbedtls_x509_sequence *ext_key_usage) |
566 | 2.22k | { |
567 | 2.22k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
568 | | |
569 | 2.22k | if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) { |
570 | 1.82k | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
571 | 1.82k | } |
572 | | |
573 | | /* Sequence length must be >= 1 */ |
574 | 398 | if (ext_key_usage->buf.p == NULL) { |
575 | 196 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
576 | 196 | MBEDTLS_ERR_ASN1_INVALID_LENGTH); |
577 | 196 | } |
578 | | |
579 | 202 | return 0; |
580 | 398 | } |
581 | | |
582 | | /* |
583 | | * SubjectKeyIdentifier ::= KeyIdentifier |
584 | | * |
585 | | * KeyIdentifier ::= OCTET STRING |
586 | | */ |
587 | | static int x509_get_subject_key_id(unsigned char **p, |
588 | | const unsigned char *end, |
589 | | mbedtls_x509_buf *subject_key_id) |
590 | 2.05k | { |
591 | 2.05k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
592 | 2.05k | size_t len = 0u; |
593 | | |
594 | 2.05k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
595 | 2.05k | MBEDTLS_ASN1_OCTET_STRING)) != 0) { |
596 | 71 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
597 | 71 | } |
598 | | |
599 | 1.98k | subject_key_id->len = len; |
600 | 1.98k | subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; |
601 | 1.98k | subject_key_id->p = *p; |
602 | 1.98k | *p += len; |
603 | | |
604 | 1.98k | if (*p != end) { |
605 | 67 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
606 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
607 | 67 | } |
608 | | |
609 | 1.91k | return 0; |
610 | 1.98k | } |
611 | | |
612 | | /* |
613 | | * AuthorityKeyIdentifier ::= SEQUENCE { |
614 | | * keyIdentifier [0] KeyIdentifier OPTIONAL, |
615 | | * authorityCertIssuer [1] GeneralNames OPTIONAL, |
616 | | * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } |
617 | | * |
618 | | * KeyIdentifier ::= OCTET STRING |
619 | | */ |
620 | | static int x509_get_authority_key_id(unsigned char **p, |
621 | | unsigned char *end, |
622 | | mbedtls_x509_authority *authority_key_id) |
623 | 1.70k | { |
624 | 1.70k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
625 | 1.70k | size_t len = 0u; |
626 | | |
627 | 1.70k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
628 | 1.70k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
629 | 197 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
630 | 197 | } |
631 | | |
632 | 1.51k | if (*p + len != end) { |
633 | 68 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
634 | 68 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
635 | 68 | } |
636 | | |
637 | 1.44k | ret = mbedtls_asn1_get_tag(p, end, &len, |
638 | 1.44k | MBEDTLS_ASN1_CONTEXT_SPECIFIC); |
639 | | |
640 | | /* KeyIdentifier is an OPTIONAL field */ |
641 | 1.44k | if (ret == 0) { |
642 | 1.03k | authority_key_id->keyIdentifier.len = len; |
643 | 1.03k | authority_key_id->keyIdentifier.p = *p; |
644 | | /* Setting tag of the keyIdentfier intentionally to 0x04. |
645 | | * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), |
646 | | * its tag with the content is the payload of on OCTET STRING primitive */ |
647 | 1.03k | authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; |
648 | | |
649 | 1.03k | *p += len; |
650 | 1.03k | } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { |
651 | 196 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
652 | 196 | } |
653 | | |
654 | 1.24k | if (*p < end) { |
655 | | /* Getting authorityCertIssuer using the required specific class tag [1] */ |
656 | 313 | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
657 | 313 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | |
658 | 313 | 1)) != 0) { |
659 | | /* authorityCertIssuer and authorityCertSerialNumber MUST both |
660 | | be present or both be absent. At this point we expect to have both. */ |
661 | 85 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
662 | 85 | } |
663 | | /* "end" also includes the CertSerialNumber field so "len" shall be used */ |
664 | 228 | ret = mbedtls_x509_get_subject_alt_name_ext(p, |
665 | 228 | (*p+len), |
666 | 228 | &authority_key_id->authorityCertIssuer); |
667 | 228 | if (ret != 0) { |
668 | 81 | return ret; |
669 | 81 | } |
670 | | |
671 | | /* Getting authorityCertSerialNumber using the required specific class tag [2] */ |
672 | 147 | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
673 | 147 | MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { |
674 | 69 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
675 | 69 | } |
676 | 78 | authority_key_id->authorityCertSerialNumber.len = len; |
677 | 78 | authority_key_id->authorityCertSerialNumber.p = *p; |
678 | 78 | authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; |
679 | 78 | *p += len; |
680 | 78 | } |
681 | | |
682 | 1.01k | if (*p != end) { |
683 | 67 | return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + |
684 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; |
685 | 67 | } |
686 | | |
687 | 944 | return 0; |
688 | 1.01k | } |
689 | | |
690 | | /* |
691 | | * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } |
692 | | * |
693 | | * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } |
694 | | * |
695 | | * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
696 | | * |
697 | | * PolicyInformation ::= SEQUENCE { |
698 | | * policyIdentifier CertPolicyId, |
699 | | * policyQualifiers SEQUENCE SIZE (1..MAX) OF |
700 | | * PolicyQualifierInfo OPTIONAL } |
701 | | * |
702 | | * CertPolicyId ::= OBJECT IDENTIFIER |
703 | | * |
704 | | * PolicyQualifierInfo ::= SEQUENCE { |
705 | | * policyQualifierId PolicyQualifierId, |
706 | | * qualifier ANY DEFINED BY policyQualifierId } |
707 | | * |
708 | | * -- policyQualifierIds for Internet policy qualifiers |
709 | | * |
710 | | * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } |
711 | | * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } |
712 | | * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } |
713 | | * |
714 | | * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) |
715 | | * |
716 | | * Qualifier ::= CHOICE { |
717 | | * cPSuri CPSuri, |
718 | | * userNotice UserNotice } |
719 | | * |
720 | | * CPSuri ::= IA5String |
721 | | * |
722 | | * UserNotice ::= SEQUENCE { |
723 | | * noticeRef NoticeReference OPTIONAL, |
724 | | * explicitText DisplayText OPTIONAL } |
725 | | * |
726 | | * NoticeReference ::= SEQUENCE { |
727 | | * organization DisplayText, |
728 | | * noticeNumbers SEQUENCE OF INTEGER } |
729 | | * |
730 | | * DisplayText ::= CHOICE { |
731 | | * ia5String IA5String (SIZE (1..200)), |
732 | | * visibleString VisibleString (SIZE (1..200)), |
733 | | * bmpString BMPString (SIZE (1..200)), |
734 | | * utf8String UTF8String (SIZE (1..200)) } |
735 | | * |
736 | | * NOTE: we only parse and use anyPolicy without qualifiers at this point |
737 | | * as defined in RFC 5280. |
738 | | */ |
739 | | static int x509_get_certificate_policies(unsigned char **p, |
740 | | const unsigned char *end, |
741 | | mbedtls_x509_sequence *certificate_policies) |
742 | 879 | { |
743 | 879 | int ret, parse_ret = 0; |
744 | 879 | size_t len; |
745 | 879 | mbedtls_asn1_buf *buf; |
746 | 879 | mbedtls_asn1_sequence *cur = certificate_policies; |
747 | | |
748 | | /* Get main sequence tag */ |
749 | 879 | ret = mbedtls_asn1_get_tag(p, end, &len, |
750 | 879 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); |
751 | 879 | if (ret != 0) { |
752 | 200 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
753 | 200 | } |
754 | | |
755 | 679 | if (*p + len != end) { |
756 | 67 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
757 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
758 | 67 | } |
759 | | |
760 | | /* |
761 | | * Cannot be an empty sequence. |
762 | | */ |
763 | 612 | if (len == 0) { |
764 | 195 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
765 | 195 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
766 | 195 | } |
767 | | |
768 | 1.05k | while (*p < end) { |
769 | 1.01k | mbedtls_x509_buf policy_oid; |
770 | 1.01k | const unsigned char *policy_end; |
771 | | |
772 | | /* |
773 | | * Get the policy sequence |
774 | | */ |
775 | 1.01k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
776 | 1.01k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
777 | 83 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
778 | 83 | } |
779 | | |
780 | 932 | policy_end = *p + len; |
781 | | |
782 | 932 | if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, |
783 | 932 | MBEDTLS_ASN1_OID)) != 0) { |
784 | 70 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
785 | 70 | } |
786 | | |
787 | 862 | policy_oid.tag = MBEDTLS_ASN1_OID; |
788 | 862 | policy_oid.len = len; |
789 | 862 | policy_oid.p = *p; |
790 | | |
791 | | /* |
792 | | * Only AnyPolicy is currently supported when enforcing policy. |
793 | | */ |
794 | 862 | if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) { |
795 | | /* |
796 | | * Set the parsing return code but continue parsing, in case this |
797 | | * extension is critical. |
798 | | */ |
799 | 830 | parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; |
800 | 830 | } |
801 | | |
802 | | /* Allocate and assign next pointer */ |
803 | 862 | if (cur->buf.p != NULL) { |
804 | 529 | if (cur->next != NULL) { |
805 | 0 | return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; |
806 | 0 | } |
807 | | |
808 | 529 | cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); |
809 | | |
810 | 529 | if (cur->next == NULL) { |
811 | 0 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
812 | 0 | MBEDTLS_ERR_ASN1_ALLOC_FAILED); |
813 | 0 | } |
814 | | |
815 | 529 | cur = cur->next; |
816 | 529 | } |
817 | | |
818 | 862 | buf = &(cur->buf); |
819 | 862 | buf->tag = policy_oid.tag; |
820 | 862 | buf->p = policy_oid.p; |
821 | 862 | buf->len = policy_oid.len; |
822 | | |
823 | 862 | *p += len; |
824 | | |
825 | | /* |
826 | | * If there is an optional qualifier, then *p < policy_end |
827 | | * Check the Qualifier len to verify it doesn't exceed policy_end. |
828 | | */ |
829 | 862 | if (*p < policy_end) { |
830 | 649 | if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, |
831 | 649 | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != |
832 | 649 | 0) { |
833 | 73 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
834 | 73 | } |
835 | | /* |
836 | | * Skip the optional policy qualifiers. |
837 | | */ |
838 | 576 | *p += len; |
839 | 576 | } |
840 | | |
841 | 789 | if (*p != policy_end) { |
842 | 153 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
843 | 153 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
844 | 153 | } |
845 | 789 | } |
846 | | |
847 | | /* Set final sequence entry's next pointer to NULL */ |
848 | 38 | cur->next = NULL; |
849 | | |
850 | 38 | if (*p != end) { |
851 | 0 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
852 | 0 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
853 | 0 | } |
854 | | |
855 | 38 | return parse_ret; |
856 | 38 | } |
857 | | |
858 | | /* |
859 | | * X.509 v3 extensions |
860 | | * |
861 | | */ |
862 | | static int x509_get_crt_ext(unsigned char **p, |
863 | | const unsigned char *end, |
864 | | mbedtls_x509_crt *crt, |
865 | | mbedtls_x509_crt_ext_cb_t cb, |
866 | | void *p_ctx) |
867 | 13.7k | { |
868 | 13.7k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
869 | 13.7k | size_t len; |
870 | 13.7k | unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; |
871 | | |
872 | 13.7k | if (*p == end) { |
873 | 1.06k | return 0; |
874 | 1.06k | } |
875 | | |
876 | 12.6k | if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { |
877 | 901 | return ret; |
878 | 901 | } |
879 | | |
880 | 11.7k | end = crt->v3_ext.p + crt->v3_ext.len; |
881 | 24.4k | while (*p < end) { |
882 | | /* |
883 | | * Extension ::= SEQUENCE { |
884 | | * extnID OBJECT IDENTIFIER, |
885 | | * critical BOOLEAN DEFAULT FALSE, |
886 | | * extnValue OCTET STRING } |
887 | | */ |
888 | 21.3k | mbedtls_x509_buf extn_oid = { 0, 0, NULL }; |
889 | 21.3k | int is_critical = 0; /* DEFAULT FALSE */ |
890 | 21.3k | int ext_type = 0; |
891 | | |
892 | 21.3k | if ((ret = mbedtls_asn1_get_tag(p, end, &len, |
893 | 21.3k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
894 | 515 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
895 | 515 | } |
896 | | |
897 | 20.8k | end_ext_data = *p + len; |
898 | | |
899 | | /* Get extension ID */ |
900 | 20.8k | if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, |
901 | 20.8k | MBEDTLS_ASN1_OID)) != 0) { |
902 | 219 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
903 | 219 | } |
904 | | |
905 | 20.5k | extn_oid.tag = MBEDTLS_ASN1_OID; |
906 | 20.5k | extn_oid.p = *p; |
907 | 20.5k | *p += extn_oid.len; |
908 | | |
909 | | /* Get optional critical */ |
910 | 20.5k | if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && |
911 | 20.5k | (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { |
912 | 1.13k | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
913 | 1.13k | } |
914 | | |
915 | | /* Data should be octet string type */ |
916 | 19.4k | if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, |
917 | 19.4k | MBEDTLS_ASN1_OCTET_STRING)) != 0) { |
918 | 449 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); |
919 | 449 | } |
920 | | |
921 | 18.9k | start_ext_octet = *p; |
922 | 18.9k | end_ext_octet = *p + len; |
923 | | |
924 | 18.9k | if (end_ext_octet != end_ext_data) { |
925 | 196 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
926 | 196 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
927 | 196 | } |
928 | | |
929 | | /* |
930 | | * Detect supported extensions |
931 | | */ |
932 | 18.8k | ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); |
933 | | |
934 | 18.8k | if (ret != 0) { |
935 | | /* Give the callback (if any) a chance to handle the extension */ |
936 | 6.16k | if (cb != NULL) { |
937 | 0 | ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); |
938 | 0 | if (ret != 0 && is_critical) { |
939 | 0 | return ret; |
940 | 0 | } |
941 | 0 | *p = end_ext_octet; |
942 | 0 | continue; |
943 | 0 | } |
944 | | |
945 | | /* No parser found, skip extension */ |
946 | 6.16k | *p = end_ext_octet; |
947 | | |
948 | 6.16k | if (is_critical) { |
949 | | /* Data is marked as critical: fail */ |
950 | 69 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
951 | 69 | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); |
952 | 69 | } |
953 | 6.09k | continue; |
954 | 6.16k | } |
955 | | |
956 | | /* Forbid repeated extensions */ |
957 | 12.6k | if ((crt->ext_types & ext_type) != 0) { |
958 | 68 | return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; |
959 | 68 | } |
960 | | |
961 | 12.5k | crt->ext_types |= ext_type; |
962 | | |
963 | 12.5k | switch (ext_type) { |
964 | 2.28k | case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: |
965 | | /* Parse basic constraints */ |
966 | 2.28k | if ((ret = x509_get_basic_constraints(p, end_ext_octet, |
967 | 2.28k | &crt->ca_istrue, &crt->max_pathlen)) != 0) { |
968 | 523 | return ret; |
969 | 523 | } |
970 | 1.76k | break; |
971 | | |
972 | 1.76k | case MBEDTLS_X509_EXT_KEY_USAGE: |
973 | | /* Parse key usage */ |
974 | 1.29k | if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet, |
975 | 1.29k | &crt->key_usage)) != 0) { |
976 | 695 | return ret; |
977 | 695 | } |
978 | 600 | break; |
979 | | |
980 | 2.22k | case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: |
981 | | /* Parse extended key usage */ |
982 | 2.22k | if ((ret = x509_get_ext_key_usage(p, end_ext_octet, |
983 | 2.22k | &crt->ext_key_usage)) != 0) { |
984 | 2.02k | return ret; |
985 | 2.02k | } |
986 | 202 | break; |
987 | | |
988 | 2.05k | case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: |
989 | | /* Parse subject key identifier */ |
990 | 2.05k | if ((ret = x509_get_subject_key_id(p, end_ext_data, |
991 | 2.05k | &crt->subject_key_id)) != 0) { |
992 | 138 | return ret; |
993 | 138 | } |
994 | 1.91k | break; |
995 | | |
996 | 1.91k | case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: |
997 | | /* Parse authority key identifier */ |
998 | 1.70k | if ((ret = x509_get_authority_key_id(p, end_ext_octet, |
999 | 1.70k | &crt->authority_key_id)) != 0) { |
1000 | 763 | return ret; |
1001 | 763 | } |
1002 | 944 | break; |
1003 | 1.89k | case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: |
1004 | | /* Parse subject alt name |
1005 | | * SubjectAltName ::= GeneralNames |
1006 | | */ |
1007 | 1.89k | if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, |
1008 | 1.89k | &crt->subject_alt_names)) != 0) { |
1009 | 954 | return ret; |
1010 | 954 | } |
1011 | 938 | break; |
1012 | | |
1013 | 938 | case MBEDTLS_X509_EXT_NS_CERT_TYPE: |
1014 | | /* Parse netscape certificate type */ |
1015 | 241 | if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet, |
1016 | 241 | &crt->ns_cert_type)) != 0) { |
1017 | 71 | return ret; |
1018 | 71 | } |
1019 | 170 | break; |
1020 | | |
1021 | 879 | case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: |
1022 | | /* Parse certificate policies type */ |
1023 | 879 | if ((ret = x509_get_certificate_policies(p, end_ext_octet, |
1024 | 879 | &crt->certificate_policies)) != 0) { |
1025 | | /* Give the callback (if any) a chance to handle the extension |
1026 | | * if it contains unsupported policies */ |
1027 | 877 | if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && |
1028 | 877 | cb(p_ctx, crt, &extn_oid, is_critical, |
1029 | 0 | start_ext_octet, end_ext_octet) == 0) { |
1030 | 0 | break; |
1031 | 0 | } |
1032 | | |
1033 | 877 | if (is_critical) { |
1034 | 2 | return ret; |
1035 | 2 | } else |
1036 | | /* |
1037 | | * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we |
1038 | | * cannot interpret or enforce the policy. However, it is up to |
1039 | | * the user to choose how to enforce the policies, |
1040 | | * unless the extension is critical. |
1041 | | */ |
1042 | 875 | if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { |
1043 | 839 | return ret; |
1044 | 839 | } |
1045 | 877 | } |
1046 | 38 | break; |
1047 | | |
1048 | 38 | default: |
1049 | | /* |
1050 | | * If this is a non-critical extension, which the oid layer |
1051 | | * supports, but there isn't an x509 parser for it, |
1052 | | * skip the extension. |
1053 | | */ |
1054 | 0 | if (is_critical) { |
1055 | 0 | return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; |
1056 | 0 | } else { |
1057 | 0 | *p = end_ext_octet; |
1058 | 0 | } |
1059 | 12.5k | } |
1060 | 12.5k | } |
1061 | | |
1062 | 3.11k | if (*p != end) { |
1063 | 0 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, |
1064 | 0 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
1065 | 0 | } |
1066 | | |
1067 | 3.11k | return 0; |
1068 | 3.11k | } |
1069 | | |
1070 | | /* |
1071 | | * Parse and fill a single X.509 certificate in DER format |
1072 | | */ |
1073 | | static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, |
1074 | | const unsigned char *buf, |
1075 | | size_t buflen, |
1076 | | int make_copy, |
1077 | | mbedtls_x509_crt_ext_cb_t cb, |
1078 | | void *p_ctx) |
1079 | 60.7k | { |
1080 | 60.7k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1081 | 60.7k | size_t len; |
1082 | 60.7k | unsigned char *p, *end, *crt_end; |
1083 | 60.7k | mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; |
1084 | | |
1085 | 60.7k | memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); |
1086 | 60.7k | memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); |
1087 | 60.7k | memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); |
1088 | | |
1089 | | /* |
1090 | | * Check for valid input |
1091 | | */ |
1092 | 60.7k | if (crt == NULL || buf == NULL) { |
1093 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1094 | 0 | } |
1095 | | |
1096 | | /* Use the original buffer until we figure out actual length. */ |
1097 | 60.7k | p = (unsigned char *) buf; |
1098 | 60.7k | len = buflen; |
1099 | 60.7k | end = p + len; |
1100 | | |
1101 | | /* |
1102 | | * Certificate ::= SEQUENCE { |
1103 | | * tbsCertificate TBSCertificate, |
1104 | | * signatureAlgorithm AlgorithmIdentifier, |
1105 | | * signatureValue BIT STRING } |
1106 | | */ |
1107 | 60.7k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1108 | 60.7k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1109 | 3.55k | mbedtls_x509_crt_free(crt); |
1110 | 3.55k | return MBEDTLS_ERR_X509_INVALID_FORMAT; |
1111 | 3.55k | } |
1112 | | |
1113 | 57.2k | end = crt_end = p + len; |
1114 | 57.2k | crt->raw.len = (size_t) (crt_end - buf); |
1115 | 57.2k | if (make_copy != 0) { |
1116 | | /* Create and populate a new buffer for the raw field. */ |
1117 | 57.2k | crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); |
1118 | 57.2k | if (crt->raw.p == NULL) { |
1119 | 0 | return MBEDTLS_ERR_X509_ALLOC_FAILED; |
1120 | 0 | } |
1121 | | |
1122 | 57.2k | memcpy(crt->raw.p, buf, crt->raw.len); |
1123 | 57.2k | crt->own_buffer = 1; |
1124 | | |
1125 | 57.2k | p += crt->raw.len - len; |
1126 | 57.2k | end = crt_end = p + len; |
1127 | 57.2k | } else { |
1128 | 0 | crt->raw.p = (unsigned char *) buf; |
1129 | 0 | crt->own_buffer = 0; |
1130 | 0 | } |
1131 | | |
1132 | | /* |
1133 | | * TBSCertificate ::= SEQUENCE { |
1134 | | */ |
1135 | 57.2k | crt->tbs.p = p; |
1136 | | |
1137 | 57.2k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1138 | 57.2k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1139 | 323 | mbedtls_x509_crt_free(crt); |
1140 | 323 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
1141 | 323 | } |
1142 | | |
1143 | 56.9k | end = p + len; |
1144 | 56.9k | crt->tbs.len = (size_t) (end - crt->tbs.p); |
1145 | | |
1146 | | /* |
1147 | | * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
1148 | | * |
1149 | | * CertificateSerialNumber ::= INTEGER |
1150 | | * |
1151 | | * signature AlgorithmIdentifier |
1152 | | */ |
1153 | 56.9k | if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || |
1154 | 56.9k | (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || |
1155 | 56.9k | (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, |
1156 | 51.7k | &sig_params1)) != 0) { |
1157 | 10.0k | mbedtls_x509_crt_free(crt); |
1158 | 10.0k | return ret; |
1159 | 10.0k | } |
1160 | | |
1161 | 46.9k | if (crt->version < 0 || crt->version > 2) { |
1162 | 288 | mbedtls_x509_crt_free(crt); |
1163 | 288 | return MBEDTLS_ERR_X509_UNKNOWN_VERSION; |
1164 | 288 | } |
1165 | | |
1166 | 46.6k | crt->version++; |
1167 | | |
1168 | 46.6k | if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, |
1169 | 46.6k | &crt->sig_md, &crt->sig_pk, |
1170 | 46.6k | &crt->sig_opts)) != 0) { |
1171 | 6.75k | mbedtls_x509_crt_free(crt); |
1172 | 6.75k | return ret; |
1173 | 6.75k | } |
1174 | | |
1175 | | /* |
1176 | | * issuer Name |
1177 | | */ |
1178 | 39.8k | crt->issuer_raw.p = p; |
1179 | | |
1180 | 39.8k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1181 | 39.8k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1182 | 995 | mbedtls_x509_crt_free(crt); |
1183 | 995 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
1184 | 995 | } |
1185 | | |
1186 | 38.8k | if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { |
1187 | 1.31k | mbedtls_x509_crt_free(crt); |
1188 | 1.31k | return ret; |
1189 | 1.31k | } |
1190 | | |
1191 | 37.5k | crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); |
1192 | | |
1193 | | /* |
1194 | | * Validity ::= SEQUENCE { |
1195 | | * notBefore Time, |
1196 | | * notAfter Time } |
1197 | | * |
1198 | | */ |
1199 | 37.5k | if ((ret = x509_get_dates(&p, end, &crt->valid_from, |
1200 | 37.5k | &crt->valid_to)) != 0) { |
1201 | 5.22k | mbedtls_x509_crt_free(crt); |
1202 | 5.22k | return ret; |
1203 | 5.22k | } |
1204 | | |
1205 | | /* |
1206 | | * subject Name |
1207 | | */ |
1208 | 32.3k | crt->subject_raw.p = p; |
1209 | | |
1210 | 32.3k | if ((ret = mbedtls_asn1_get_tag(&p, end, &len, |
1211 | 32.3k | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { |
1212 | 744 | mbedtls_x509_crt_free(crt); |
1213 | 744 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); |
1214 | 744 | } |
1215 | | |
1216 | 31.5k | if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { |
1217 | 1.04k | mbedtls_x509_crt_free(crt); |
1218 | 1.04k | return ret; |
1219 | 1.04k | } |
1220 | | |
1221 | 30.5k | crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); |
1222 | | |
1223 | | /* |
1224 | | * SubjectPublicKeyInfo |
1225 | | */ |
1226 | 30.5k | crt->pk_raw.p = p; |
1227 | 30.5k | if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { |
1228 | 15.6k | mbedtls_x509_crt_free(crt); |
1229 | 15.6k | return ret; |
1230 | 15.6k | } |
1231 | 14.8k | crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); |
1232 | | |
1233 | | /* |
1234 | | * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, |
1235 | | * -- If present, version shall be v2 or v3 |
1236 | | * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, |
1237 | | * -- If present, version shall be v2 or v3 |
1238 | | * extensions [3] EXPLICIT Extensions OPTIONAL |
1239 | | * -- If present, version shall be v3 |
1240 | | */ |
1241 | 14.8k | if (crt->version == 2 || crt->version == 3) { |
1242 | 14.4k | ret = x509_get_uid(&p, end, &crt->issuer_id, 1); |
1243 | 14.4k | if (ret != 0) { |
1244 | 206 | mbedtls_x509_crt_free(crt); |
1245 | 206 | return ret; |
1246 | 206 | } |
1247 | 14.4k | } |
1248 | | |
1249 | 14.6k | if (crt->version == 2 || crt->version == 3) { |
1250 | 14.2k | ret = x509_get_uid(&p, end, &crt->subject_id, 2); |
1251 | 14.2k | if (ret != 0) { |
1252 | 197 | mbedtls_x509_crt_free(crt); |
1253 | 197 | return ret; |
1254 | 197 | } |
1255 | 14.2k | } |
1256 | | |
1257 | 14.4k | if (crt->version == 3) { |
1258 | 13.7k | ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); |
1259 | 13.7k | if (ret != 0) { |
1260 | 9.56k | mbedtls_x509_crt_free(crt); |
1261 | 9.56k | return ret; |
1262 | 9.56k | } |
1263 | 13.7k | } |
1264 | | |
1265 | 4.87k | if (p != end) { |
1266 | 783 | mbedtls_x509_crt_free(crt); |
1267 | 783 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, |
1268 | 783 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
1269 | 783 | } |
1270 | | |
1271 | 4.09k | end = crt_end; |
1272 | | |
1273 | | /* |
1274 | | * } |
1275 | | * -- end of TBSCertificate |
1276 | | * |
1277 | | * signatureAlgorithm AlgorithmIdentifier, |
1278 | | * signatureValue BIT STRING |
1279 | | */ |
1280 | 4.09k | if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { |
1281 | 1.36k | mbedtls_x509_crt_free(crt); |
1282 | 1.36k | return ret; |
1283 | 1.36k | } |
1284 | | |
1285 | 2.72k | if (crt->sig_oid.len != sig_oid2.len || |
1286 | 2.72k | memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || |
1287 | 2.72k | sig_params1.tag != sig_params2.tag || |
1288 | 2.72k | sig_params1.len != sig_params2.len || |
1289 | 2.72k | (sig_params1.len != 0 && |
1290 | 2.02k | memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { |
1291 | 785 | mbedtls_x509_crt_free(crt); |
1292 | 785 | return MBEDTLS_ERR_X509_SIG_MISMATCH; |
1293 | 785 | } |
1294 | | |
1295 | 1.93k | if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { |
1296 | 229 | mbedtls_x509_crt_free(crt); |
1297 | 229 | return ret; |
1298 | 229 | } |
1299 | | |
1300 | 1.70k | if (p != end) { |
1301 | 67 | mbedtls_x509_crt_free(crt); |
1302 | 67 | return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, |
1303 | 67 | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); |
1304 | 67 | } |
1305 | | |
1306 | 1.64k | return 0; |
1307 | 1.70k | } |
1308 | | |
1309 | | /* |
1310 | | * Parse one X.509 certificate in DER format from a buffer and add them to a |
1311 | | * chained list |
1312 | | */ |
1313 | | static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, |
1314 | | const unsigned char *buf, |
1315 | | size_t buflen, |
1316 | | int make_copy, |
1317 | | mbedtls_x509_crt_ext_cb_t cb, |
1318 | | void *p_ctx) |
1319 | 60.7k | { |
1320 | 60.7k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1321 | 60.7k | mbedtls_x509_crt *crt = chain, *prev = NULL; |
1322 | | |
1323 | | /* |
1324 | | * Check for valid input |
1325 | | */ |
1326 | 60.7k | if (crt == NULL || buf == NULL) { |
1327 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1328 | 0 | } |
1329 | | |
1330 | 64.4k | while (crt->version != 0 && crt->next != NULL) { |
1331 | 3.67k | prev = crt; |
1332 | 3.67k | crt = crt->next; |
1333 | 3.67k | } |
1334 | | |
1335 | | /* |
1336 | | * Add new certificate on the end of the chain if needed. |
1337 | | */ |
1338 | 60.7k | if (crt->version != 0 && crt->next == NULL) { |
1339 | 737 | crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); |
1340 | | |
1341 | 737 | if (crt->next == NULL) { |
1342 | 0 | return MBEDTLS_ERR_X509_ALLOC_FAILED; |
1343 | 0 | } |
1344 | | |
1345 | 737 | prev = crt; |
1346 | 737 | mbedtls_x509_crt_init(crt->next); |
1347 | 737 | crt = crt->next; |
1348 | 737 | } |
1349 | | |
1350 | 60.7k | ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); |
1351 | 60.7k | if (ret != 0) { |
1352 | 59.1k | if (prev) { |
1353 | 433 | prev->next = NULL; |
1354 | 433 | } |
1355 | | |
1356 | 59.1k | if (crt != chain) { |
1357 | 433 | mbedtls_free(crt); |
1358 | 433 | } |
1359 | | |
1360 | 59.1k | return ret; |
1361 | 59.1k | } |
1362 | | |
1363 | 1.64k | return 0; |
1364 | 60.7k | } |
1365 | | |
1366 | | int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, |
1367 | | const unsigned char *buf, |
1368 | | size_t buflen) |
1369 | 0 | { |
1370 | 0 | return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL); |
1371 | 0 | } |
1372 | | |
1373 | | int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, |
1374 | | const unsigned char *buf, |
1375 | | size_t buflen, |
1376 | | int make_copy, |
1377 | | mbedtls_x509_crt_ext_cb_t cb, |
1378 | | void *p_ctx) |
1379 | 0 | { |
1380 | 0 | return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx); |
1381 | 0 | } |
1382 | | |
1383 | | int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, |
1384 | | const unsigned char *buf, |
1385 | | size_t buflen) |
1386 | 60.7k | { |
1387 | 60.7k | return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); |
1388 | 60.7k | } |
1389 | | |
1390 | | /* |
1391 | | * Parse one or more PEM certificates from a buffer and add them to the chained |
1392 | | * list |
1393 | | */ |
1394 | | int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, |
1395 | | const unsigned char *buf, |
1396 | | size_t buflen) |
1397 | 6.24k | { |
1398 | 6.24k | #if defined(MBEDTLS_PEM_PARSE_C) |
1399 | 6.24k | int success = 0, first_error = 0, total_failed = 0; |
1400 | 6.24k | int buf_format = MBEDTLS_X509_FORMAT_DER; |
1401 | 6.24k | #endif |
1402 | | |
1403 | | /* |
1404 | | * Check for valid input |
1405 | | */ |
1406 | 6.24k | if (chain == NULL || buf == NULL) { |
1407 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1408 | 0 | } |
1409 | | |
1410 | | /* |
1411 | | * Determine buffer content. Buffer contains either one DER certificate or |
1412 | | * one or more PEM certificates. |
1413 | | */ |
1414 | 6.24k | #if defined(MBEDTLS_PEM_PARSE_C) |
1415 | 6.24k | if (buflen != 0 && buf[buflen - 1] == '\0' && |
1416 | 6.24k | strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { |
1417 | 3.10k | buf_format = MBEDTLS_X509_FORMAT_PEM; |
1418 | 3.10k | } |
1419 | | |
1420 | 6.24k | if (buf_format == MBEDTLS_X509_FORMAT_DER) { |
1421 | 3.13k | return mbedtls_x509_crt_parse_der(chain, buf, buflen); |
1422 | 3.13k | } |
1423 | | #else |
1424 | | return mbedtls_x509_crt_parse_der(chain, buf, buflen); |
1425 | | #endif |
1426 | | |
1427 | 3.10k | #if defined(MBEDTLS_PEM_PARSE_C) |
1428 | 3.10k | if (buf_format == MBEDTLS_X509_FORMAT_PEM) { |
1429 | 3.10k | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1430 | 3.10k | mbedtls_pem_context pem; |
1431 | | |
1432 | | /* 1 rather than 0 since the terminating NULL byte is counted in */ |
1433 | 64.3k | while (buflen > 1) { |
1434 | 62.1k | size_t use_len; |
1435 | 62.1k | mbedtls_pem_init(&pem); |
1436 | | |
1437 | | /* If we get there, we know the string is null-terminated */ |
1438 | 62.1k | ret = mbedtls_pem_read_buffer(&pem, |
1439 | 62.1k | "-----BEGIN CERTIFICATE-----", |
1440 | 62.1k | "-----END CERTIFICATE-----", |
1441 | 62.1k | buf, NULL, 0, &use_len); |
1442 | | |
1443 | 62.1k | if (ret == 0) { |
1444 | | /* |
1445 | | * Was PEM encoded |
1446 | | */ |
1447 | 53.5k | buflen -= use_len; |
1448 | 53.5k | buf += use_len; |
1449 | 53.5k | } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { |
1450 | 10 | return ret; |
1451 | 8.64k | } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { |
1452 | 7.66k | mbedtls_pem_free(&pem); |
1453 | | |
1454 | | /* |
1455 | | * PEM header and footer were found |
1456 | | */ |
1457 | 7.66k | buflen -= use_len; |
1458 | 7.66k | buf += use_len; |
1459 | | |
1460 | 7.66k | if (first_error == 0) { |
1461 | 580 | first_error = ret; |
1462 | 580 | } |
1463 | | |
1464 | 7.66k | total_failed++; |
1465 | 7.66k | continue; |
1466 | 7.66k | } else { |
1467 | 976 | break; |
1468 | 976 | } |
1469 | | |
1470 | 53.5k | ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); |
1471 | | |
1472 | 53.5k | mbedtls_pem_free(&pem); |
1473 | | |
1474 | 53.5k | if (ret != 0) { |
1475 | | /* |
1476 | | * Quit parsing on a memory error |
1477 | | */ |
1478 | 53.2k | if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) { |
1479 | 0 | return ret; |
1480 | 0 | } |
1481 | | |
1482 | 53.2k | if (first_error == 0) { |
1483 | 2.48k | first_error = ret; |
1484 | 2.48k | } |
1485 | | |
1486 | 53.2k | total_failed++; |
1487 | 53.2k | continue; |
1488 | 53.2k | } |
1489 | | |
1490 | 247 | success = 1; |
1491 | 247 | } |
1492 | 3.10k | } |
1493 | | |
1494 | 3.09k | if (success) { |
1495 | 39 | return total_failed; |
1496 | 3.06k | } else if (first_error) { |
1497 | 3.04k | return first_error; |
1498 | 3.04k | } else { |
1499 | 17 | return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT; |
1500 | 17 | } |
1501 | 3.09k | #endif /* MBEDTLS_PEM_PARSE_C */ |
1502 | 3.09k | } |
1503 | | |
1504 | | #if defined(MBEDTLS_FS_IO) |
1505 | | /* |
1506 | | * Load one or more certificates and add them to the chained list |
1507 | | */ |
1508 | | int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) |
1509 | 0 | { |
1510 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1511 | 0 | size_t n; |
1512 | 0 | unsigned char *buf; |
1513 | |
|
1514 | 0 | if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { |
1515 | 0 | return ret; |
1516 | 0 | } |
1517 | | |
1518 | 0 | ret = mbedtls_x509_crt_parse(chain, buf, n); |
1519 | |
|
1520 | 0 | mbedtls_zeroize_and_free(buf, n); |
1521 | |
|
1522 | 0 | return ret; |
1523 | 0 | } |
1524 | | |
1525 | | int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) |
1526 | 0 | { |
1527 | 0 | int ret = 0; |
1528 | | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) |
1529 | | int w_ret; |
1530 | | WCHAR szDir[MAX_PATH]; |
1531 | | char filename[MAX_PATH]; |
1532 | | char *p; |
1533 | | size_t len = strlen(path); |
1534 | | |
1535 | | WIN32_FIND_DATAW file_data; |
1536 | | HANDLE hFind; |
1537 | | |
1538 | | if (len > MAX_PATH - 3) { |
1539 | | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1540 | | } |
1541 | | |
1542 | | memset(szDir, 0, sizeof(szDir)); |
1543 | | memset(filename, 0, MAX_PATH); |
1544 | | memcpy(filename, path, len); |
1545 | | filename[len++] = '\\'; |
1546 | | p = filename + len; |
1547 | | filename[len++] = '*'; |
1548 | | |
1549 | | /* |
1550 | | * Note this function uses the code page CP_ACP which is the system default |
1551 | | * ANSI codepage. The input string is always described in BYTES and the |
1552 | | * output length is described in WCHARs. |
1553 | | */ |
1554 | | w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir, |
1555 | | MAX_PATH - 3); |
1556 | | if (w_ret == 0) { |
1557 | | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1558 | | } |
1559 | | |
1560 | | hFind = FindFirstFileW(szDir, &file_data); |
1561 | | if (hFind == INVALID_HANDLE_VALUE) { |
1562 | | return MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1563 | | } |
1564 | | |
1565 | | len = MAX_PATH - len; |
1566 | | do { |
1567 | | memset(p, 0, len); |
1568 | | |
1569 | | if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { |
1570 | | continue; |
1571 | | } |
1572 | | w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, |
1573 | | -1, p, (int) len, NULL, NULL); |
1574 | | if (w_ret == 0) { |
1575 | | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1576 | | goto cleanup; |
1577 | | } |
1578 | | |
1579 | | w_ret = mbedtls_x509_crt_parse_file(chain, filename); |
1580 | | if (w_ret < 0) { |
1581 | | ret++; |
1582 | | } else { |
1583 | | ret += w_ret; |
1584 | | } |
1585 | | } while (FindNextFileW(hFind, &file_data) != 0); |
1586 | | |
1587 | | if (GetLastError() != ERROR_NO_MORE_FILES) { |
1588 | | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1589 | | } |
1590 | | |
1591 | | cleanup: |
1592 | | FindClose(hFind); |
1593 | | #else /* _WIN32 */ |
1594 | 0 | int t_ret; |
1595 | 0 | int snp_ret; |
1596 | 0 | struct stat sb; |
1597 | 0 | struct dirent *entry; |
1598 | 0 | char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; |
1599 | 0 | DIR *dir = opendir(path); |
1600 | |
|
1601 | 0 | if (dir == NULL) { |
1602 | 0 | return MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1603 | 0 | } |
1604 | | |
1605 | 0 | #if defined(MBEDTLS_THREADING_C) |
1606 | 0 | if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) { |
1607 | 0 | closedir(dir); |
1608 | 0 | return ret; |
1609 | 0 | } |
1610 | 0 | #endif /* MBEDTLS_THREADING_C */ |
1611 | | |
1612 | 0 | memset(&sb, 0, sizeof(sb)); |
1613 | |
|
1614 | 0 | while ((entry = readdir(dir)) != NULL) { |
1615 | 0 | snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name), |
1616 | 0 | "%s/%s", path, entry->d_name); |
1617 | |
|
1618 | 0 | if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) { |
1619 | 0 | ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; |
1620 | 0 | goto cleanup; |
1621 | 0 | } else if (stat(entry_name, &sb) == -1) { |
1622 | 0 | if (errno == ENOENT) { |
1623 | | /* Broken symbolic link - ignore this entry. |
1624 | | stat(2) will return this error for either (a) a dangling |
1625 | | symlink or (b) a missing file. |
1626 | | Given that we have just obtained the filename from readdir, |
1627 | | assume that it does exist and therefore treat this as a |
1628 | | dangling symlink. */ |
1629 | 0 | continue; |
1630 | 0 | } else { |
1631 | | /* Some other file error; report the error. */ |
1632 | 0 | ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; |
1633 | 0 | goto cleanup; |
1634 | 0 | } |
1635 | 0 | } |
1636 | | |
1637 | 0 | if (!S_ISREG(sb.st_mode)) { |
1638 | 0 | continue; |
1639 | 0 | } |
1640 | | |
1641 | | // Ignore parse errors |
1642 | | // |
1643 | 0 | t_ret = mbedtls_x509_crt_parse_file(chain, entry_name); |
1644 | 0 | if (t_ret < 0) { |
1645 | 0 | ret++; |
1646 | 0 | } else { |
1647 | 0 | ret += t_ret; |
1648 | 0 | } |
1649 | 0 | } |
1650 | | |
1651 | 0 | cleanup: |
1652 | 0 | closedir(dir); |
1653 | |
|
1654 | 0 | #if defined(MBEDTLS_THREADING_C) |
1655 | 0 | if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) { |
1656 | 0 | ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; |
1657 | 0 | } |
1658 | 0 | #endif /* MBEDTLS_THREADING_C */ |
1659 | |
|
1660 | 0 | #endif /* _WIN32 */ |
1661 | |
|
1662 | 0 | return ret; |
1663 | 0 | } |
1664 | | #endif /* MBEDTLS_FS_IO */ |
1665 | | |
1666 | | #if !defined(MBEDTLS_X509_REMOVE_INFO) |
1667 | | #define PRINT_ITEM(i) \ |
1668 | | do { \ |
1669 | | ret = mbedtls_snprintf(p, n, "%s" i, sep); \ |
1670 | | MBEDTLS_X509_SAFE_SNPRINTF; \ |
1671 | | sep = ", "; \ |
1672 | | } while (0) |
1673 | | |
1674 | | #define CERT_TYPE(type, name) \ |
1675 | | do { \ |
1676 | | if (ns_cert_type & (type)) { \ |
1677 | | PRINT_ITEM(name); \ |
1678 | | } \ |
1679 | | } while (0) |
1680 | | |
1681 | | #define KEY_USAGE(code, name) \ |
1682 | | do { \ |
1683 | | if (key_usage & (code)) { \ |
1684 | | PRINT_ITEM(name); \ |
1685 | | } \ |
1686 | | } while (0) |
1687 | | |
1688 | | static int x509_info_ext_key_usage(char **buf, size_t *size, |
1689 | | const mbedtls_x509_sequence *extended_key_usage) |
1690 | 51 | { |
1691 | 51 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1692 | 51 | const char *desc; |
1693 | 51 | size_t n = *size; |
1694 | 51 | char *p = *buf; |
1695 | 51 | const mbedtls_x509_sequence *cur = extended_key_usage; |
1696 | 51 | const char *sep = ""; |
1697 | | |
1698 | 331 | while (cur != NULL) { |
1699 | 281 | if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { |
1700 | 237 | desc = "???"; |
1701 | 237 | } |
1702 | | |
1703 | 281 | ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); |
1704 | 281 | MBEDTLS_X509_SAFE_SNPRINTF; |
1705 | | |
1706 | 280 | sep = ", "; |
1707 | | |
1708 | 280 | cur = cur->next; |
1709 | 280 | } |
1710 | | |
1711 | 50 | *size = n; |
1712 | 50 | *buf = p; |
1713 | | |
1714 | 50 | return 0; |
1715 | 51 | } |
1716 | | |
1717 | | static int x509_info_cert_policies(char **buf, size_t *size, |
1718 | | const mbedtls_x509_sequence *certificate_policies) |
1719 | 14 | { |
1720 | 14 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1721 | 14 | const char *desc; |
1722 | 14 | size_t n = *size; |
1723 | 14 | char *p = *buf; |
1724 | 14 | const mbedtls_x509_sequence *cur = certificate_policies; |
1725 | 14 | const char *sep = ""; |
1726 | | |
1727 | 69 | while (cur != NULL) { |
1728 | 55 | if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { |
1729 | 54 | desc = "???"; |
1730 | 54 | } |
1731 | | |
1732 | 55 | ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); |
1733 | 55 | MBEDTLS_X509_SAFE_SNPRINTF; |
1734 | | |
1735 | 55 | sep = ", "; |
1736 | | |
1737 | 55 | cur = cur->next; |
1738 | 55 | } |
1739 | | |
1740 | 14 | *size = n; |
1741 | 14 | *buf = p; |
1742 | | |
1743 | 14 | return 0; |
1744 | 14 | } |
1745 | | |
1746 | | /* |
1747 | | * Return an informational string about the certificate. |
1748 | | */ |
1749 | 325 | #define BEFORE_COLON 18 |
1750 | | #define BC "18" |
1751 | | int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, |
1752 | | const mbedtls_x509_crt *crt) |
1753 | 339 | { |
1754 | 339 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1755 | 339 | size_t n; |
1756 | 339 | char *p; |
1757 | 339 | char key_size_str[BEFORE_COLON]; |
1758 | | |
1759 | 339 | p = buf; |
1760 | 339 | n = size; |
1761 | | |
1762 | 339 | if (NULL == crt) { |
1763 | 0 | ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n"); |
1764 | 0 | MBEDTLS_X509_SAFE_SNPRINTF; |
1765 | | |
1766 | 0 | return (int) (size - n); |
1767 | 0 | } |
1768 | | |
1769 | 339 | ret = mbedtls_snprintf(p, n, "%scert. version : %d\n", |
1770 | 339 | prefix, crt->version); |
1771 | 339 | MBEDTLS_X509_SAFE_SNPRINTF; |
1772 | 339 | ret = mbedtls_snprintf(p, n, "%sserial number : ", |
1773 | 339 | prefix); |
1774 | 339 | MBEDTLS_X509_SAFE_SNPRINTF; |
1775 | | |
1776 | 339 | ret = mbedtls_x509_serial_gets(p, n, &crt->serial); |
1777 | 339 | MBEDTLS_X509_SAFE_SNPRINTF; |
1778 | | |
1779 | 339 | ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); |
1780 | 339 | MBEDTLS_X509_SAFE_SNPRINTF; |
1781 | 339 | ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); |
1782 | 339 | MBEDTLS_X509_SAFE_SNPRINTF; |
1783 | | |
1784 | 336 | ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); |
1785 | 336 | MBEDTLS_X509_SAFE_SNPRINTF; |
1786 | 336 | ret = mbedtls_x509_dn_gets(p, n, &crt->subject); |
1787 | 336 | MBEDTLS_X509_SAFE_SNPRINTF; |
1788 | | |
1789 | 325 | ret = mbedtls_snprintf(p, n, "\n%sissued on : " \ |
1790 | 325 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, |
1791 | 325 | crt->valid_from.year, crt->valid_from.mon, |
1792 | 325 | crt->valid_from.day, crt->valid_from.hour, |
1793 | 325 | crt->valid_from.min, crt->valid_from.sec); |
1794 | 325 | MBEDTLS_X509_SAFE_SNPRINTF; |
1795 | | |
1796 | 325 | ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \ |
1797 | 325 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, |
1798 | 325 | crt->valid_to.year, crt->valid_to.mon, |
1799 | 325 | crt->valid_to.day, crt->valid_to.hour, |
1800 | 325 | crt->valid_to.min, crt->valid_to.sec); |
1801 | 325 | MBEDTLS_X509_SAFE_SNPRINTF; |
1802 | | |
1803 | 325 | ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); |
1804 | 325 | MBEDTLS_X509_SAFE_SNPRINTF; |
1805 | | |
1806 | 325 | ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, |
1807 | 325 | crt->sig_md, crt->sig_opts); |
1808 | 325 | MBEDTLS_X509_SAFE_SNPRINTF; |
1809 | | |
1810 | | /* Key size */ |
1811 | 325 | if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, |
1812 | 325 | mbedtls_pk_get_name(&crt->pk))) != 0) { |
1813 | 0 | return ret; |
1814 | 0 | } |
1815 | | |
1816 | 325 | ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, |
1817 | 325 | (int) mbedtls_pk_get_bitlen(&crt->pk)); |
1818 | 325 | MBEDTLS_X509_SAFE_SNPRINTF; |
1819 | | |
1820 | | /* |
1821 | | * Optional extensions |
1822 | | */ |
1823 | | |
1824 | 325 | if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { |
1825 | 103 | ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix, |
1826 | 103 | crt->ca_istrue ? "true" : "false"); |
1827 | 103 | MBEDTLS_X509_SAFE_SNPRINTF; |
1828 | | |
1829 | 103 | if (crt->max_pathlen > 0) { |
1830 | 34 | ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); |
1831 | 34 | MBEDTLS_X509_SAFE_SNPRINTF; |
1832 | 34 | } |
1833 | 103 | } |
1834 | | |
1835 | 325 | if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { |
1836 | 118 | ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); |
1837 | 118 | MBEDTLS_X509_SAFE_SNPRINTF; |
1838 | | |
1839 | 118 | if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n, |
1840 | 118 | &crt->subject_alt_names, |
1841 | 118 | prefix)) != 0) { |
1842 | 32 | return ret; |
1843 | 32 | } |
1844 | 118 | } |
1845 | | |
1846 | 293 | if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { |
1847 | 29 | ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); |
1848 | 29 | MBEDTLS_X509_SAFE_SNPRINTF; |
1849 | | |
1850 | 29 | if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { |
1851 | 0 | return ret; |
1852 | 0 | } |
1853 | 29 | } |
1854 | | |
1855 | 293 | if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { |
1856 | 119 | ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); |
1857 | 119 | MBEDTLS_X509_SAFE_SNPRINTF; |
1858 | | |
1859 | 118 | if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { |
1860 | 11 | return ret; |
1861 | 11 | } |
1862 | 118 | } |
1863 | | |
1864 | 281 | if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { |
1865 | 52 | ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix); |
1866 | 52 | MBEDTLS_X509_SAFE_SNPRINTF; |
1867 | | |
1868 | 51 | if ((ret = x509_info_ext_key_usage(&p, &n, |
1869 | 51 | &crt->ext_key_usage)) != 0) { |
1870 | 1 | return ret; |
1871 | 1 | } |
1872 | 51 | } |
1873 | | |
1874 | 279 | if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { |
1875 | 14 | ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); |
1876 | 14 | MBEDTLS_X509_SAFE_SNPRINTF; |
1877 | | |
1878 | 14 | if ((ret = x509_info_cert_policies(&p, &n, |
1879 | 14 | &crt->certificate_policies)) != 0) { |
1880 | 0 | return ret; |
1881 | 0 | } |
1882 | 14 | } |
1883 | | |
1884 | 279 | ret = mbedtls_snprintf(p, n, "\n"); |
1885 | 279 | MBEDTLS_X509_SAFE_SNPRINTF; |
1886 | | |
1887 | 278 | return (int) (size - n); |
1888 | 279 | } |
1889 | | |
1890 | | struct x509_crt_verify_string { |
1891 | | int code; |
1892 | | const char *string; |
1893 | | }; |
1894 | | |
1895 | | #define X509_CRT_ERROR_INFO(err, err_str, info) { err, info }, |
1896 | | static const struct x509_crt_verify_string x509_crt_verify_strings[] = { |
1897 | | MBEDTLS_X509_CRT_ERROR_INFO_LIST |
1898 | | { 0, NULL } |
1899 | | }; |
1900 | | #undef X509_CRT_ERROR_INFO |
1901 | | |
1902 | | int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, |
1903 | | uint32_t flags) |
1904 | 0 | { |
1905 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
1906 | 0 | const struct x509_crt_verify_string *cur; |
1907 | 0 | char *p = buf; |
1908 | 0 | size_t n = size; |
1909 | |
|
1910 | 0 | for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) { |
1911 | 0 | if ((flags & cur->code) == 0) { |
1912 | 0 | continue; |
1913 | 0 | } |
1914 | | |
1915 | 0 | ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); |
1916 | 0 | MBEDTLS_X509_SAFE_SNPRINTF; |
1917 | 0 | flags ^= cur->code; |
1918 | 0 | } |
1919 | | |
1920 | 0 | if (flags != 0) { |
1921 | 0 | ret = mbedtls_snprintf(p, n, "%sUnknown reason " |
1922 | 0 | "(this should not happen)\n", prefix); |
1923 | 0 | MBEDTLS_X509_SAFE_SNPRINTF; |
1924 | 0 | } |
1925 | | |
1926 | 0 | return (int) (size - n); |
1927 | 0 | } |
1928 | | #endif /* MBEDTLS_X509_REMOVE_INFO */ |
1929 | | |
1930 | | int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, |
1931 | | unsigned int usage) |
1932 | 0 | { |
1933 | 0 | unsigned int usage_must, usage_may; |
1934 | 0 | unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY |
1935 | 0 | | MBEDTLS_X509_KU_DECIPHER_ONLY; |
1936 | |
|
1937 | 0 | if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { |
1938 | 0 | return 0; |
1939 | 0 | } |
1940 | | |
1941 | 0 | usage_must = usage & ~may_mask; |
1942 | |
|
1943 | 0 | if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { |
1944 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1945 | 0 | } |
1946 | | |
1947 | 0 | usage_may = usage & may_mask; |
1948 | |
|
1949 | 0 | if (((crt->key_usage & may_mask) | usage_may) != usage_may) { |
1950 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1951 | 0 | } |
1952 | | |
1953 | 0 | return 0; |
1954 | 0 | } |
1955 | | |
1956 | | int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, |
1957 | | const char *usage_oid, |
1958 | | size_t usage_len) |
1959 | 0 | { |
1960 | 0 | const mbedtls_x509_sequence *cur; |
1961 | | |
1962 | | /* Extension is not mandatory, absent means no restriction */ |
1963 | 0 | if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { |
1964 | 0 | return 0; |
1965 | 0 | } |
1966 | | |
1967 | | /* |
1968 | | * Look for the requested usage (or wildcard ANY) in our list |
1969 | | */ |
1970 | 0 | for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { |
1971 | 0 | const mbedtls_x509_buf *cur_oid = &cur->buf; |
1972 | |
|
1973 | 0 | if (cur_oid->len == usage_len && |
1974 | 0 | memcmp(cur_oid->p, usage_oid, usage_len) == 0) { |
1975 | 0 | return 0; |
1976 | 0 | } |
1977 | | |
1978 | 0 | if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) { |
1979 | 0 | return 0; |
1980 | 0 | } |
1981 | 0 | } |
1982 | | |
1983 | 0 | return MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
1984 | 0 | } |
1985 | | |
1986 | | #if defined(MBEDTLS_X509_CRL_PARSE_C) |
1987 | | /* |
1988 | | * Return 1 if the certificate is revoked, or 0 otherwise. |
1989 | | */ |
1990 | | int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) |
1991 | 0 | { |
1992 | 0 | const mbedtls_x509_crl_entry *cur = &crl->entry; |
1993 | |
|
1994 | 0 | while (cur != NULL && cur->serial.len != 0) { |
1995 | 0 | if (crt->serial.len == cur->serial.len && |
1996 | 0 | memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { |
1997 | 0 | return 1; |
1998 | 0 | } |
1999 | | |
2000 | 0 | cur = cur->next; |
2001 | 0 | } |
2002 | | |
2003 | 0 | return 0; |
2004 | 0 | } |
2005 | | |
2006 | | /* |
2007 | | * Check that the given certificate is not revoked according to the CRL. |
2008 | | * Skip validation if no CRL for the given CA is present. |
2009 | | */ |
2010 | | static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, |
2011 | | mbedtls_x509_crl *crl_list, |
2012 | | const mbedtls_x509_crt_profile *profile, |
2013 | | const mbedtls_x509_time *now) |
2014 | 0 | { |
2015 | 0 | int flags = 0; |
2016 | 0 | unsigned char hash[MBEDTLS_MD_MAX_SIZE]; |
2017 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
2018 | | psa_algorithm_t psa_algorithm; |
2019 | | #else |
2020 | | const mbedtls_md_info_t *md_info; |
2021 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
2022 | 0 | size_t hash_length; |
2023 | |
|
2024 | 0 | if (ca == NULL) { |
2025 | 0 | return flags; |
2026 | 0 | } |
2027 | | |
2028 | 0 | while (crl_list != NULL) { |
2029 | 0 | if (crl_list->version == 0 || |
2030 | 0 | x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { |
2031 | 0 | crl_list = crl_list->next; |
2032 | 0 | continue; |
2033 | 0 | } |
2034 | | |
2035 | | /* |
2036 | | * Check if the CA is configured to sign CRLs |
2037 | | */ |
2038 | 0 | if (mbedtls_x509_crt_check_key_usage(ca, |
2039 | 0 | MBEDTLS_X509_KU_CRL_SIGN) != 0) { |
2040 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2041 | 0 | break; |
2042 | 0 | } |
2043 | | |
2044 | | /* |
2045 | | * Check if CRL is correctly signed by the trusted CA |
2046 | | */ |
2047 | 0 | if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { |
2048 | 0 | flags |= MBEDTLS_X509_BADCRL_BAD_MD; |
2049 | 0 | } |
2050 | |
|
2051 | 0 | if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { |
2052 | 0 | flags |= MBEDTLS_X509_BADCRL_BAD_PK; |
2053 | 0 | } |
2054 | |
|
2055 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
2056 | | psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); |
2057 | 0 | if (psa_hash_compute(psa_algorithm, |
2058 | 0 | crl_list->tbs.p, |
2059 | 0 | crl_list->tbs.len, |
2060 | 0 | hash, |
2061 | 0 | sizeof(hash), |
2062 | 0 | &hash_length) != PSA_SUCCESS) { |
2063 | | /* Note: this can't happen except after an internal error */ |
2064 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2065 | 0 | break; |
2066 | 0 | } |
2067 | | #else |
2068 | | md_info = mbedtls_md_info_from_type(crl_list->sig_md); |
2069 | | hash_length = mbedtls_md_get_size(md_info); |
2070 | 0 | if (mbedtls_md(md_info, |
2071 | 0 | crl_list->tbs.p, |
2072 | 0 | crl_list->tbs.len, |
2073 | 0 | hash) != 0) { |
2074 | | /* Note: this can't happen except after an internal error */ |
2075 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2076 | 0 | break; |
2077 | 0 | } |
2078 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
2079 | | |
2080 | 0 | if (x509_profile_check_key(profile, &ca->pk) != 0) { |
2081 | 0 | flags |= MBEDTLS_X509_BADCERT_BAD_KEY; |
2082 | 0 | } |
2083 | |
|
2084 | 0 | if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, |
2085 | 0 | crl_list->sig_md, hash, hash_length, |
2086 | 0 | crl_list->sig.p, crl_list->sig.len) != 0) { |
2087 | 0 | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; |
2088 | 0 | break; |
2089 | 0 | } |
2090 | | |
2091 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2092 | | /* |
2093 | | * Check for validity of CRL (Do not drop out) |
2094 | | */ |
2095 | 0 | if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) { |
2096 | 0 | flags |= MBEDTLS_X509_BADCRL_EXPIRED; |
2097 | 0 | } |
2098 | |
|
2099 | 0 | if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) { |
2100 | 0 | flags |= MBEDTLS_X509_BADCRL_FUTURE; |
2101 | 0 | } |
2102 | | #else |
2103 | | ((void) now); |
2104 | | #endif |
2105 | | |
2106 | | /* |
2107 | | * Check if certificate is revoked |
2108 | | */ |
2109 | 0 | if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { |
2110 | 0 | flags |= MBEDTLS_X509_BADCERT_REVOKED; |
2111 | 0 | break; |
2112 | 0 | } |
2113 | | |
2114 | 0 | crl_list = crl_list->next; |
2115 | 0 | } |
2116 | |
|
2117 | 0 | return flags; |
2118 | 0 | } Unexecuted instantiation: x509_crt.c:x509_crt_verifycrl Unexecuted instantiation: x509_crt.c:x509_crt_verifycrl |
2119 | | #endif /* MBEDTLS_X509_CRL_PARSE_C */ |
2120 | | |
2121 | | /* |
2122 | | * Check the signature of a certificate by its parent |
2123 | | */ |
2124 | | static int x509_crt_check_signature(const mbedtls_x509_crt *child, |
2125 | | mbedtls_x509_crt *parent, |
2126 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
2127 | 0 | { |
2128 | 0 | size_t hash_len; |
2129 | 0 | unsigned char hash[MBEDTLS_MD_MAX_SIZE]; |
2130 | | #if !defined(MBEDTLS_USE_PSA_CRYPTO) |
2131 | | const mbedtls_md_info_t *md_info; |
2132 | | md_info = mbedtls_md_info_from_type(child->sig_md); |
2133 | | hash_len = mbedtls_md_get_size(md_info); |
2134 | | |
2135 | | /* Note: hash errors can happen only after an internal error */ |
2136 | 0 | if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { |
2137 | 0 | return -1; |
2138 | 0 | } |
2139 | | #else |
2140 | | psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); |
2141 | 0 | psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
2142 | | |
2143 | | status = psa_hash_compute(hash_alg, |
2144 | | child->tbs.p, |
2145 | | child->tbs.len, |
2146 | | hash, |
2147 | | sizeof(hash), |
2148 | | &hash_len); |
2149 | 0 | if (status != PSA_SUCCESS) { |
2150 | 0 | return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; |
2151 | 0 | } |
2152 | | |
2153 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
2154 | | /* Skip expensive computation on obvious mismatch */ |
2155 | 0 | if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { |
2156 | 0 | return -1; |
2157 | 0 | } |
2158 | | |
2159 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2160 | 0 | if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { |
2161 | 0 | return mbedtls_pk_verify_restartable(&parent->pk, |
2162 | 0 | child->sig_md, hash, hash_len, |
2163 | 0 | child->sig.p, child->sig.len, &rs_ctx->pk); |
2164 | 0 | } |
2165 | | #else |
2166 | | (void) rs_ctx; |
2167 | | #endif |
2168 | | |
2169 | 0 | return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, |
2170 | 0 | child->sig_md, hash, hash_len, |
2171 | 0 | child->sig.p, child->sig.len); |
2172 | 0 | } Unexecuted instantiation: x509_crt.c:x509_crt_check_signature Unexecuted instantiation: x509_crt.c:x509_crt_check_signature |
2173 | | |
2174 | | /* |
2175 | | * Check if 'parent' is a suitable parent (signing CA) for 'child'. |
2176 | | * Return 0 if yes, -1 if not. |
2177 | | * |
2178 | | * top means parent is a locally-trusted certificate |
2179 | | */ |
2180 | | static int x509_crt_check_parent(const mbedtls_x509_crt *child, |
2181 | | const mbedtls_x509_crt *parent, |
2182 | | int top) |
2183 | 0 | { |
2184 | 0 | int need_ca_bit; |
2185 | | |
2186 | | /* Parent must be the issuer */ |
2187 | 0 | if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { |
2188 | 0 | return -1; |
2189 | 0 | } |
2190 | | |
2191 | | /* Parent must have the basicConstraints CA bit set as a general rule */ |
2192 | 0 | need_ca_bit = 1; |
2193 | | |
2194 | | /* Exception: v1/v2 certificates that are locally trusted. */ |
2195 | 0 | if (top && parent->version < 3) { |
2196 | 0 | need_ca_bit = 0; |
2197 | 0 | } |
2198 | |
|
2199 | 0 | if (need_ca_bit && !parent->ca_istrue) { |
2200 | 0 | return -1; |
2201 | 0 | } |
2202 | | |
2203 | 0 | if (need_ca_bit && |
2204 | 0 | mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { |
2205 | 0 | return -1; |
2206 | 0 | } |
2207 | | |
2208 | 0 | return 0; |
2209 | 0 | } |
2210 | | |
2211 | | /* |
2212 | | * Find a suitable parent for child in candidates, or return NULL. |
2213 | | * |
2214 | | * Here suitable is defined as: |
2215 | | * 1. subject name matches child's issuer |
2216 | | * 2. if necessary, the CA bit is set and key usage allows signing certs |
2217 | | * 3. for trusted roots, the signature is correct |
2218 | | * (for intermediates, the signature is checked and the result reported) |
2219 | | * 4. pathlen constraints are satisfied |
2220 | | * |
2221 | | * If there's a suitable candidate which is also time-valid, return the first |
2222 | | * such. Otherwise, return the first suitable candidate (or NULL if there is |
2223 | | * none). |
2224 | | * |
2225 | | * The rationale for this rule is that someone could have a list of trusted |
2226 | | * roots with two versions on the same root with different validity periods. |
2227 | | * (At least one user reported having such a list and wanted it to just work.) |
2228 | | * The reason we don't just require time-validity is that generally there is |
2229 | | * only one version, and if it's expired we want the flags to state that |
2230 | | * rather than NOT_TRUSTED, as would be the case if we required it here. |
2231 | | * |
2232 | | * The rationale for rule 3 (signature for trusted roots) is that users might |
2233 | | * have two versions of the same CA with different keys in their list, and the |
2234 | | * way we select the correct one is by checking the signature (as we don't |
2235 | | * rely on key identifier extensions). (This is one way users might choose to |
2236 | | * handle key rollover, another relies on self-issued certs, see [SIRO].) |
2237 | | * |
2238 | | * Arguments: |
2239 | | * - [in] child: certificate for which we're looking for a parent |
2240 | | * - [in] candidates: chained list of potential parents |
2241 | | * - [out] r_parent: parent found (or NULL) |
2242 | | * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0 |
2243 | | * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top |
2244 | | * of the chain, 0 otherwise |
2245 | | * - [in] path_cnt: number of intermediates seen so far |
2246 | | * - [in] self_cnt: number of self-signed intermediates seen so far |
2247 | | * (will never be greater than path_cnt) |
2248 | | * - [in-out] rs_ctx: context for restarting operations |
2249 | | * |
2250 | | * Return value: |
2251 | | * - 0 on success |
2252 | | * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise |
2253 | | */ |
2254 | | static int x509_crt_find_parent_in( |
2255 | | mbedtls_x509_crt *child, |
2256 | | mbedtls_x509_crt *candidates, |
2257 | | mbedtls_x509_crt **r_parent, |
2258 | | int *r_signature_is_good, |
2259 | | int top, |
2260 | | unsigned path_cnt, |
2261 | | unsigned self_cnt, |
2262 | | mbedtls_x509_crt_restart_ctx *rs_ctx, |
2263 | | const mbedtls_x509_time *now) |
2264 | 0 | { |
2265 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
2266 | 0 | mbedtls_x509_crt *parent, *fallback_parent; |
2267 | 0 | int signature_is_good = 0, fallback_signature_is_good; |
2268 | |
|
2269 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2270 | | /* did we have something in progress? */ |
2271 | 0 | if (rs_ctx != NULL && rs_ctx->parent != NULL) { |
2272 | | /* restore saved state */ |
2273 | 0 | parent = rs_ctx->parent; |
2274 | 0 | fallback_parent = rs_ctx->fallback_parent; |
2275 | 0 | fallback_signature_is_good = rs_ctx->fallback_signature_is_good; |
2276 | | |
2277 | | /* clear saved state */ |
2278 | 0 | rs_ctx->parent = NULL; |
2279 | 0 | rs_ctx->fallback_parent = NULL; |
2280 | 0 | rs_ctx->fallback_signature_is_good = 0; |
2281 | | |
2282 | | /* resume where we left */ |
2283 | 0 | goto check_signature; |
2284 | 0 | } |
2285 | 0 | #endif |
2286 | | |
2287 | 0 | fallback_parent = NULL; |
2288 | 0 | fallback_signature_is_good = 0; |
2289 | |
|
2290 | 0 | for (parent = candidates; parent != NULL; parent = parent->next) { |
2291 | | /* basic parenting skills (name, CA bit, key usage) */ |
2292 | 0 | if (x509_crt_check_parent(child, parent, top) != 0) { |
2293 | 0 | continue; |
2294 | 0 | } |
2295 | | |
2296 | | /* +1 because stored max_pathlen is 1 higher that the actual value */ |
2297 | 0 | if (parent->max_pathlen > 0 && |
2298 | 0 | (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { |
2299 | 0 | continue; |
2300 | 0 | } |
2301 | | |
2302 | | /* Signature */ |
2303 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2304 | 0 | check_signature: |
2305 | 0 | #endif |
2306 | 0 | ret = x509_crt_check_signature(child, parent, rs_ctx); |
2307 | |
|
2308 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2309 | 0 | if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { |
2310 | | /* save state */ |
2311 | 0 | rs_ctx->parent = parent; |
2312 | 0 | rs_ctx->fallback_parent = fallback_parent; |
2313 | 0 | rs_ctx->fallback_signature_is_good = fallback_signature_is_good; |
2314 | |
|
2315 | 0 | return ret; |
2316 | 0 | } |
2317 | | #else |
2318 | | (void) ret; |
2319 | | #endif |
2320 | | |
2321 | 0 | signature_is_good = ret == 0; |
2322 | 0 | if (top && !signature_is_good) { |
2323 | 0 | continue; |
2324 | 0 | } |
2325 | | |
2326 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2327 | | /* optional time check */ |
2328 | 0 | if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */ |
2329 | 0 | mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */ |
2330 | 0 | if (fallback_parent == NULL) { |
2331 | 0 | fallback_parent = parent; |
2332 | 0 | fallback_signature_is_good = signature_is_good; |
2333 | 0 | } |
2334 | |
|
2335 | 0 | continue; |
2336 | 0 | } |
2337 | | #else |
2338 | | ((void) now); |
2339 | | #endif |
2340 | | |
2341 | 0 | *r_parent = parent; |
2342 | 0 | *r_signature_is_good = signature_is_good; |
2343 | |
|
2344 | 0 | break; |
2345 | 0 | } |
2346 | | |
2347 | 0 | if (parent == NULL) { |
2348 | 0 | *r_parent = fallback_parent; |
2349 | 0 | *r_signature_is_good = fallback_signature_is_good; |
2350 | 0 | } |
2351 | |
|
2352 | 0 | return 0; |
2353 | 0 | } |
2354 | | |
2355 | | /* |
2356 | | * Find a parent in trusted CAs or the provided chain, or return NULL. |
2357 | | * |
2358 | | * Searches in trusted CAs first, and return the first suitable parent found |
2359 | | * (see find_parent_in() for definition of suitable). |
2360 | | * |
2361 | | * Arguments: |
2362 | | * - [in] child: certificate for which we're looking for a parent, followed |
2363 | | * by a chain of possible intermediates |
2364 | | * - [in] trust_ca: list of locally trusted certificates |
2365 | | * - [out] parent: parent found (or NULL) |
2366 | | * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0 |
2367 | | * - [out] signature_is_good: 1 if child signature by parent is valid, or 0 |
2368 | | * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child) |
2369 | | * - [in] self_cnt: number of self-signed certs in the chain so far |
2370 | | * (will always be no greater than path_cnt) |
2371 | | * - [in-out] rs_ctx: context for restarting operations |
2372 | | * |
2373 | | * Return value: |
2374 | | * - 0 on success |
2375 | | * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise |
2376 | | */ |
2377 | | static int x509_crt_find_parent( |
2378 | | mbedtls_x509_crt *child, |
2379 | | mbedtls_x509_crt *trust_ca, |
2380 | | mbedtls_x509_crt **parent, |
2381 | | int *parent_is_trusted, |
2382 | | int *signature_is_good, |
2383 | | unsigned path_cnt, |
2384 | | unsigned self_cnt, |
2385 | | mbedtls_x509_crt_restart_ctx *rs_ctx, |
2386 | | const mbedtls_x509_time *now) |
2387 | 0 | { |
2388 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
2389 | 0 | mbedtls_x509_crt *search_list; |
2390 | |
|
2391 | 0 | *parent_is_trusted = 1; |
2392 | |
|
2393 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2394 | | /* restore then clear saved state if we have some stored */ |
2395 | 0 | if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { |
2396 | 0 | *parent_is_trusted = rs_ctx->parent_is_trusted; |
2397 | 0 | rs_ctx->parent_is_trusted = -1; |
2398 | 0 | } |
2399 | 0 | #endif |
2400 | |
|
2401 | 0 | while (1) { |
2402 | 0 | search_list = *parent_is_trusted ? trust_ca : child->next; |
2403 | |
|
2404 | 0 | ret = x509_crt_find_parent_in(child, search_list, |
2405 | 0 | parent, signature_is_good, |
2406 | 0 | *parent_is_trusted, |
2407 | 0 | path_cnt, self_cnt, rs_ctx, now); |
2408 | |
|
2409 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2410 | 0 | if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { |
2411 | | /* save state */ |
2412 | 0 | rs_ctx->parent_is_trusted = *parent_is_trusted; |
2413 | 0 | return ret; |
2414 | 0 | } |
2415 | | #else |
2416 | | (void) ret; |
2417 | | #endif |
2418 | | |
2419 | | /* stop here if found or already in second iteration */ |
2420 | 0 | if (*parent != NULL || *parent_is_trusted == 0) { |
2421 | 0 | break; |
2422 | 0 | } |
2423 | | |
2424 | | /* prepare second iteration */ |
2425 | 0 | *parent_is_trusted = 0; |
2426 | 0 | } |
2427 | | |
2428 | | /* extra precaution against mistakes in the caller */ |
2429 | 0 | if (*parent == NULL) { |
2430 | 0 | *parent_is_trusted = 0; |
2431 | 0 | *signature_is_good = 0; |
2432 | 0 | } |
2433 | |
|
2434 | 0 | return 0; |
2435 | 0 | } |
2436 | | |
2437 | | /* |
2438 | | * Check if an end-entity certificate is locally trusted |
2439 | | * |
2440 | | * Currently we require such certificates to be self-signed (actually only |
2441 | | * check for self-issued as self-signatures are not checked) |
2442 | | */ |
2443 | | static int x509_crt_check_ee_locally_trusted( |
2444 | | mbedtls_x509_crt *crt, |
2445 | | mbedtls_x509_crt *trust_ca) |
2446 | 0 | { |
2447 | 0 | mbedtls_x509_crt *cur; |
2448 | | |
2449 | | /* must be self-issued */ |
2450 | 0 | if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { |
2451 | 0 | return -1; |
2452 | 0 | } |
2453 | | |
2454 | | /* look for an exact match with trusted cert */ |
2455 | 0 | for (cur = trust_ca; cur != NULL; cur = cur->next) { |
2456 | 0 | if (crt->raw.len == cur->raw.len && |
2457 | 0 | memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { |
2458 | 0 | return 0; |
2459 | 0 | } |
2460 | 0 | } |
2461 | | |
2462 | | /* too bad */ |
2463 | 0 | return -1; |
2464 | 0 | } |
2465 | | |
2466 | | /* |
2467 | | * Build and verify a certificate chain |
2468 | | * |
2469 | | * Given a peer-provided list of certificates EE, C1, ..., Cn and |
2470 | | * a list of trusted certs R1, ... Rp, try to build and verify a chain |
2471 | | * EE, Ci1, ... Ciq [, Rj] |
2472 | | * such that every cert in the chain is a child of the next one, |
2473 | | * jumping to a trusted root as early as possible. |
2474 | | * |
2475 | | * Verify that chain and return it with flags for all issues found. |
2476 | | * |
2477 | | * Special cases: |
2478 | | * - EE == Rj -> return a one-element list containing it |
2479 | | * - EE, Ci1, ..., Ciq cannot be continued with a trusted root |
2480 | | * -> return that chain with NOT_TRUSTED set on Ciq |
2481 | | * |
2482 | | * Tests for (aspects of) this function should include at least: |
2483 | | * - trusted EE |
2484 | | * - EE -> trusted root |
2485 | | * - EE -> intermediate CA -> trusted root |
2486 | | * - if relevant: EE untrusted |
2487 | | * - if relevant: EE -> intermediate, untrusted |
2488 | | * with the aspect under test checked at each relevant level (EE, int, root). |
2489 | | * For some aspects longer chains are required, but usually length 2 is |
2490 | | * enough (but length 1 is not in general). |
2491 | | * |
2492 | | * Arguments: |
2493 | | * - [in] crt: the cert list EE, C1, ..., Cn |
2494 | | * - [in] trust_ca: the trusted list R1, ..., Rp |
2495 | | * - [in] ca_crl, profile: as in verify_with_profile() |
2496 | | * - [out] ver_chain: the built and verified chain |
2497 | | * Only valid when return value is 0, may contain garbage otherwise! |
2498 | | * Restart note: need not be the same when calling again to resume. |
2499 | | * - [in-out] rs_ctx: context for restarting operations |
2500 | | * |
2501 | | * Return value: |
2502 | | * - non-zero if the chain could not be fully built and examined |
2503 | | * - 0 is the chain was successfully built and examined, |
2504 | | * even if it was found to be invalid |
2505 | | */ |
2506 | | static int x509_crt_verify_chain( |
2507 | | mbedtls_x509_crt *crt, |
2508 | | mbedtls_x509_crt *trust_ca, |
2509 | | mbedtls_x509_crl *ca_crl, |
2510 | | mbedtls_x509_crt_ca_cb_t f_ca_cb, |
2511 | | void *p_ca_cb, |
2512 | | const mbedtls_x509_crt_profile *profile, |
2513 | | mbedtls_x509_crt_verify_chain *ver_chain, |
2514 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
2515 | 0 | { |
2516 | | /* Don't initialize any of those variables here, so that the compiler can |
2517 | | * catch potential issues with jumping ahead when restarting */ |
2518 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
2519 | 0 | uint32_t *flags; |
2520 | 0 | mbedtls_x509_crt_verify_chain_item *cur; |
2521 | 0 | mbedtls_x509_crt *child; |
2522 | 0 | mbedtls_x509_crt *parent; |
2523 | 0 | int parent_is_trusted; |
2524 | 0 | int child_is_trusted; |
2525 | 0 | int signature_is_good; |
2526 | 0 | unsigned self_cnt; |
2527 | 0 | mbedtls_x509_crt *cur_trust_ca = NULL; |
2528 | 0 | mbedtls_x509_time now; |
2529 | |
|
2530 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2531 | 0 | if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { |
2532 | 0 | return MBEDTLS_ERR_X509_FATAL_ERROR; |
2533 | 0 | } |
2534 | 0 | #endif |
2535 | | |
2536 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2537 | | /* resume if we had an operation in progress */ |
2538 | 0 | if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { |
2539 | | /* restore saved state */ |
2540 | 0 | *ver_chain = rs_ctx->ver_chain; /* struct copy */ |
2541 | 0 | self_cnt = rs_ctx->self_cnt; |
2542 | | |
2543 | | /* restore derived state */ |
2544 | 0 | cur = &ver_chain->items[ver_chain->len - 1]; |
2545 | 0 | child = cur->crt; |
2546 | 0 | flags = &cur->flags; |
2547 | |
|
2548 | 0 | goto find_parent; |
2549 | 0 | } |
2550 | 0 | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ |
2551 | | |
2552 | 0 | child = crt; |
2553 | 0 | self_cnt = 0; |
2554 | 0 | parent_is_trusted = 0; |
2555 | 0 | child_is_trusted = 0; |
2556 | |
|
2557 | 0 | while (1) { |
2558 | | /* Add certificate to the verification chain */ |
2559 | 0 | cur = &ver_chain->items[ver_chain->len]; |
2560 | 0 | cur->crt = child; |
2561 | 0 | cur->flags = 0; |
2562 | 0 | ver_chain->len++; |
2563 | 0 | flags = &cur->flags; |
2564 | |
|
2565 | 0 | #if defined(MBEDTLS_HAVE_TIME_DATE) |
2566 | | /* Check time-validity (all certificates) */ |
2567 | 0 | if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) { |
2568 | 0 | *flags |= MBEDTLS_X509_BADCERT_EXPIRED; |
2569 | 0 | } |
2570 | |
|
2571 | 0 | if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) { |
2572 | 0 | *flags |= MBEDTLS_X509_BADCERT_FUTURE; |
2573 | 0 | } |
2574 | 0 | #endif |
2575 | | |
2576 | | /* Stop here for trusted roots (but not for trusted EE certs) */ |
2577 | 0 | if (child_is_trusted) { |
2578 | 0 | return 0; |
2579 | 0 | } |
2580 | | |
2581 | | /* Check signature algorithm: MD & PK algs */ |
2582 | 0 | if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { |
2583 | 0 | *flags |= MBEDTLS_X509_BADCERT_BAD_MD; |
2584 | 0 | } |
2585 | |
|
2586 | 0 | if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { |
2587 | 0 | *flags |= MBEDTLS_X509_BADCERT_BAD_PK; |
2588 | 0 | } |
2589 | | |
2590 | | /* Special case: EE certs that are locally trusted */ |
2591 | 0 | if (ver_chain->len == 1 && |
2592 | 0 | x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { |
2593 | 0 | return 0; |
2594 | 0 | } |
2595 | | |
2596 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2597 | 0 | find_parent: |
2598 | 0 | #endif |
2599 | | |
2600 | | /* Obtain list of potential trusted signers from CA callback, |
2601 | | * or use statically provided list. */ |
2602 | 0 | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
2603 | 0 | if (f_ca_cb != NULL) { |
2604 | 0 | mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); |
2605 | 0 | mbedtls_free(ver_chain->trust_ca_cb_result); |
2606 | 0 | ver_chain->trust_ca_cb_result = NULL; |
2607 | |
|
2608 | 0 | ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); |
2609 | 0 | if (ret != 0) { |
2610 | 0 | return MBEDTLS_ERR_X509_FATAL_ERROR; |
2611 | 0 | } |
2612 | | |
2613 | 0 | cur_trust_ca = ver_chain->trust_ca_cb_result; |
2614 | 0 | } else |
2615 | 0 | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
2616 | 0 | { |
2617 | 0 | ((void) f_ca_cb); |
2618 | 0 | ((void) p_ca_cb); |
2619 | 0 | cur_trust_ca = trust_ca; |
2620 | 0 | } |
2621 | | |
2622 | | /* Look for a parent in trusted CAs or up the chain */ |
2623 | 0 | ret = x509_crt_find_parent(child, cur_trust_ca, &parent, |
2624 | 0 | &parent_is_trusted, &signature_is_good, |
2625 | 0 | ver_chain->len - 1, self_cnt, rs_ctx, |
2626 | 0 | &now); |
2627 | |
|
2628 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
2629 | 0 | if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { |
2630 | | /* save state */ |
2631 | 0 | rs_ctx->in_progress = x509_crt_rs_find_parent; |
2632 | 0 | rs_ctx->self_cnt = self_cnt; |
2633 | 0 | rs_ctx->ver_chain = *ver_chain; /* struct copy */ |
2634 | |
|
2635 | 0 | return ret; |
2636 | 0 | } |
2637 | | #else |
2638 | | (void) ret; |
2639 | | #endif |
2640 | | |
2641 | | /* No parent? We're done here */ |
2642 | 0 | if (parent == NULL) { |
2643 | 0 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; |
2644 | 0 | return 0; |
2645 | 0 | } |
2646 | | |
2647 | | /* Count intermediate self-issued (not necessarily self-signed) certs. |
2648 | | * These can occur with some strategies for key rollover, see [SIRO], |
2649 | | * and should be excluded from max_pathlen checks. */ |
2650 | 0 | if (ver_chain->len != 1 && |
2651 | 0 | x509_name_cmp(&child->issuer, &child->subject) == 0) { |
2652 | 0 | self_cnt++; |
2653 | 0 | } |
2654 | | |
2655 | | /* path_cnt is 0 for the first intermediate CA, |
2656 | | * and if parent is trusted it's not an intermediate CA */ |
2657 | 0 | if (!parent_is_trusted && |
2658 | 0 | ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { |
2659 | | /* return immediately to avoid overflow the chain array */ |
2660 | 0 | return MBEDTLS_ERR_X509_FATAL_ERROR; |
2661 | 0 | } |
2662 | | |
2663 | | /* signature was checked while searching parent */ |
2664 | 0 | if (!signature_is_good) { |
2665 | 0 | *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; |
2666 | 0 | } |
2667 | | |
2668 | | /* check size of signing key */ |
2669 | 0 | if (x509_profile_check_key(profile, &parent->pk) != 0) { |
2670 | 0 | *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; |
2671 | 0 | } |
2672 | |
|
2673 | 0 | #if defined(MBEDTLS_X509_CRL_PARSE_C) |
2674 | | /* Check trusted CA's CRL for the given crt */ |
2675 | 0 | *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now); |
2676 | | #else |
2677 | | (void) ca_crl; |
2678 | | #endif |
2679 | | |
2680 | | /* prepare for next iteration */ |
2681 | 0 | child = parent; |
2682 | 0 | parent = NULL; |
2683 | 0 | child_is_trusted = parent_is_trusted; |
2684 | 0 | signature_is_good = 0; |
2685 | 0 | } |
2686 | 0 | } |
2687 | | |
2688 | | #ifdef _WIN32 |
2689 | | #ifdef _MSC_VER |
2690 | | #pragma comment(lib, "ws2_32.lib") |
2691 | | #include <winsock2.h> |
2692 | | #include <ws2tcpip.h> |
2693 | | #elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 |
2694 | | #include <winsock2.h> |
2695 | | #include <ws2tcpip.h> |
2696 | | #else |
2697 | | /* inet_pton() is not supported, fallback to software version */ |
2698 | | #define MBEDTLS_TEST_SW_INET_PTON |
2699 | | #endif |
2700 | | #elif defined(__sun) |
2701 | | /* Solaris requires -lsocket -lnsl for inet_pton() */ |
2702 | | #elif defined(__has_include) |
2703 | | #if __has_include(<sys/socket.h>) |
2704 | | #include <sys/socket.h> |
2705 | | #endif |
2706 | | #if __has_include(<arpa/inet.h>) |
2707 | | #include <arpa/inet.h> |
2708 | | #endif |
2709 | | #endif |
2710 | | |
2711 | | /* Use whether or not AF_INET6 is defined to indicate whether or not to use |
2712 | | * the platform inet_pton() or a local implementation (below). The local |
2713 | | * implementation may be used even in cases where the platform provides |
2714 | | * inet_pton(), e.g. when there are different includes required and/or the |
2715 | | * platform implementation requires dependencies on additional libraries. |
2716 | | * Specifically, Windows requires custom includes and additional link |
2717 | | * dependencies, and Solaris requires additional link dependencies. |
2718 | | * Also, as a coarse heuristic, use the local implementation if the compiler |
2719 | | * does not support __has_include(), or if the definition of AF_INET6 is not |
2720 | | * provided by headers included (or not) via __has_include() above. |
2721 | | * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names |
2722 | | * despite having a platform that has inet_pton. */ |
2723 | | #if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names |
2724 | | /* Definition located further below to possibly reduce compiler inlining */ |
2725 | | static int x509_inet_pton_ipv4(const char *src, void *dst); |
2726 | | |
2727 | | #define li_cton(c, n) \ |
2728 | | (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0)) |
2729 | | |
2730 | | static int x509_inet_pton_ipv6(const char *src, void *dst) |
2731 | | { |
2732 | | const unsigned char *p = (const unsigned char *) src; |
2733 | | int nonzero_groups = 0, num_digits, zero_group_start = -1; |
2734 | | uint16_t addr[8]; |
2735 | | do { |
2736 | | /* note: allows excess leading 0's, e.g. 1:0002:3:... */ |
2737 | | uint16_t group = num_digits = 0; |
2738 | | for (uint8_t digit; num_digits < 4; num_digits++) { |
2739 | | if (li_cton(*p, digit) == 0) { |
2740 | | break; |
2741 | | } |
2742 | | group = (group << 4) | digit; |
2743 | | p++; |
2744 | | } |
2745 | | if (num_digits != 0) { |
2746 | | MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups); |
2747 | | nonzero_groups++; |
2748 | | if (*p == '\0') { |
2749 | | break; |
2750 | | } else if (*p == '.') { |
2751 | | /* Don't accept IPv4 too early or late */ |
2752 | | if ((nonzero_groups == 0 && zero_group_start == -1) || |
2753 | | nonzero_groups >= 7) { |
2754 | | break; |
2755 | | } |
2756 | | |
2757 | | /* Walk back to prior ':', then parse as IPv4-mapped */ |
2758 | | int steps = 4; |
2759 | | do { |
2760 | | p--; |
2761 | | steps--; |
2762 | | } while (*p != ':' && steps > 0); |
2763 | | |
2764 | | if (*p != ':') { |
2765 | | break; |
2766 | | } |
2767 | | p++; |
2768 | | nonzero_groups--; |
2769 | | if (x509_inet_pton_ipv4((const char *) p, |
2770 | | addr + nonzero_groups) != 0) { |
2771 | | break; |
2772 | | } |
2773 | | |
2774 | | nonzero_groups += 2; |
2775 | | p = (const unsigned char *) ""; |
2776 | | break; |
2777 | | } else if (*p != ':') { |
2778 | | return -1; |
2779 | | } |
2780 | | } else { |
2781 | | /* Don't accept a second zero group or an invalid delimiter */ |
2782 | | if (zero_group_start != -1 || *p != ':') { |
2783 | | return -1; |
2784 | | } |
2785 | | zero_group_start = nonzero_groups; |
2786 | | |
2787 | | /* Accept a zero group at start, but it has to be a double colon */ |
2788 | | if (zero_group_start == 0 && *++p != ':') { |
2789 | | return -1; |
2790 | | } |
2791 | | |
2792 | | if (p[1] == '\0') { |
2793 | | ++p; |
2794 | | break; |
2795 | | } |
2796 | | } |
2797 | | ++p; |
2798 | | } while (nonzero_groups < 8); |
2799 | | |
2800 | | if (*p != '\0') { |
2801 | | return -1; |
2802 | | } |
2803 | | |
2804 | | if (zero_group_start != -1) { |
2805 | | if (nonzero_groups > 6) { |
2806 | | return -1; |
2807 | | } |
2808 | | int zero_groups = 8 - nonzero_groups; |
2809 | | int groups_after_zero = nonzero_groups - zero_group_start; |
2810 | | |
2811 | | /* Move the non-zero part to after the zeroes */ |
2812 | | if (groups_after_zero) { |
2813 | | memmove(addr + zero_group_start + zero_groups, |
2814 | | addr + zero_group_start, |
2815 | | groups_after_zero * sizeof(*addr)); |
2816 | | } |
2817 | | memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr)); |
2818 | | } else { |
2819 | | if (nonzero_groups != 8) { |
2820 | | return -1; |
2821 | | } |
2822 | | } |
2823 | | memcpy(dst, addr, sizeof(addr)); |
2824 | | return 0; |
2825 | | } |
2826 | | |
2827 | | static int x509_inet_pton_ipv4(const char *src, void *dst) |
2828 | | { |
2829 | | const unsigned char *p = (const unsigned char *) src; |
2830 | | uint8_t *res = (uint8_t *) dst; |
2831 | | uint8_t digit, num_digits = 0; |
2832 | | uint8_t num_octets = 0; |
2833 | | uint16_t octet; |
2834 | | |
2835 | | do { |
2836 | | octet = num_digits = 0; |
2837 | | do { |
2838 | | digit = *p - '0'; |
2839 | | if (digit > 9) { |
2840 | | break; |
2841 | | } |
2842 | | |
2843 | | /* Don't allow leading zeroes. These might mean octal format, |
2844 | | * which this implementation does not support. */ |
2845 | | if (octet == 0 && num_digits > 0) { |
2846 | | return -1; |
2847 | | } |
2848 | | |
2849 | | octet = octet * 10 + digit; |
2850 | | num_digits++; |
2851 | | p++; |
2852 | | } while (num_digits < 3); |
2853 | | |
2854 | | if (octet >= 256 || num_digits > 3 || num_digits == 0) { |
2855 | | return -1; |
2856 | | } |
2857 | | *res++ = (uint8_t) octet; |
2858 | | num_octets++; |
2859 | | } while (num_octets < 4 && *p++ == '.'); |
2860 | | return num_octets == 4 && *p == '\0' ? 0 : -1; |
2861 | | } |
2862 | | |
2863 | | #else |
2864 | | |
2865 | | static int x509_inet_pton_ipv6(const char *src, void *dst) |
2866 | 0 | { |
2867 | 0 | return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; |
2868 | 0 | } |
2869 | | |
2870 | | static int x509_inet_pton_ipv4(const char *src, void *dst) |
2871 | 0 | { |
2872 | 0 | return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; |
2873 | 0 | } |
2874 | | |
2875 | | #endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names |
2876 | | |
2877 | | size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst) |
2878 | 0 | { |
2879 | 0 | return strchr(cn, ':') == NULL |
2880 | 0 | ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 |
2881 | 0 | : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; |
2882 | 0 | } |
2883 | | |
2884 | | /* |
2885 | | * Check for CN match |
2886 | | */ |
2887 | | static int x509_crt_check_cn(const mbedtls_x509_buf *name, |
2888 | | const char *cn, size_t cn_len) |
2889 | 0 | { |
2890 | | /* try exact match */ |
2891 | 0 | if (name->len == cn_len && |
2892 | 0 | x509_memcasecmp(cn, name->p, cn_len) == 0) { |
2893 | 0 | return 0; |
2894 | 0 | } |
2895 | | |
2896 | | /* try wildcard match */ |
2897 | 0 | if (x509_check_wildcard(cn, name) == 0) { |
2898 | 0 | return 0; |
2899 | 0 | } |
2900 | | |
2901 | 0 | return -1; |
2902 | 0 | } |
2903 | | |
2904 | | static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, |
2905 | | const char *cn, size_t cn_len) |
2906 | 0 | { |
2907 | 0 | uint32_t ip[4]; |
2908 | 0 | cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip); |
2909 | 0 | if (cn_len == 0) { |
2910 | 0 | return -1; |
2911 | 0 | } |
2912 | | |
2913 | 0 | for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { |
2914 | 0 | const unsigned char san_type = (unsigned char) cur->buf.tag & |
2915 | 0 | MBEDTLS_ASN1_TAG_VALUE_MASK; |
2916 | 0 | if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && |
2917 | 0 | cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { |
2918 | 0 | return 0; |
2919 | 0 | } |
2920 | 0 | } |
2921 | | |
2922 | 0 | return -1; |
2923 | 0 | } |
2924 | | |
2925 | | static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san, |
2926 | | const char *cn, size_t cn_len) |
2927 | 0 | { |
2928 | 0 | for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { |
2929 | 0 | const unsigned char san_type = (unsigned char) cur->buf.tag & |
2930 | 0 | MBEDTLS_ASN1_TAG_VALUE_MASK; |
2931 | 0 | if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER && |
2932 | 0 | cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { |
2933 | 0 | return 0; |
2934 | 0 | } |
2935 | 0 | } |
2936 | | |
2937 | 0 | return -1; |
2938 | 0 | } |
2939 | | |
2940 | | /* |
2941 | | * Check for SAN match, see RFC 5280 Section 4.2.1.6 |
2942 | | */ |
2943 | | static int x509_crt_check_san(const mbedtls_x509_sequence *san, |
2944 | | const char *cn, size_t cn_len) |
2945 | 0 | { |
2946 | 0 | int san_ip = 0; |
2947 | 0 | int san_uri = 0; |
2948 | | /* Prioritize DNS name over other subtypes due to popularity */ |
2949 | 0 | for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { |
2950 | 0 | switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { |
2951 | 0 | case MBEDTLS_X509_SAN_DNS_NAME: |
2952 | 0 | if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { |
2953 | 0 | return 0; |
2954 | 0 | } |
2955 | 0 | break; |
2956 | 0 | case MBEDTLS_X509_SAN_IP_ADDRESS: |
2957 | 0 | san_ip = 1; |
2958 | 0 | break; |
2959 | 0 | case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: |
2960 | 0 | san_uri = 1; |
2961 | 0 | break; |
2962 | | /* (We may handle other types here later.) */ |
2963 | 0 | default: /* Unrecognized type */ |
2964 | 0 | break; |
2965 | 0 | } |
2966 | 0 | } |
2967 | 0 | if (san_ip) { |
2968 | 0 | if (x509_crt_check_san_ip(san, cn, cn_len) == 0) { |
2969 | 0 | return 0; |
2970 | 0 | } |
2971 | 0 | } |
2972 | 0 | if (san_uri) { |
2973 | 0 | if (x509_crt_check_san_uri(san, cn, cn_len) == 0) { |
2974 | 0 | return 0; |
2975 | 0 | } |
2976 | 0 | } |
2977 | | |
2978 | 0 | return -1; |
2979 | 0 | } |
2980 | | |
2981 | | /* |
2982 | | * Verify the requested CN - only call this if cn is not NULL! |
2983 | | */ |
2984 | | static void x509_crt_verify_name(const mbedtls_x509_crt *crt, |
2985 | | const char *cn, |
2986 | | uint32_t *flags) |
2987 | 0 | { |
2988 | 0 | const mbedtls_x509_name *name; |
2989 | 0 | size_t cn_len = strlen(cn); |
2990 | |
|
2991 | 0 | if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { |
2992 | 0 | if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { |
2993 | 0 | return; |
2994 | 0 | } |
2995 | 0 | } else { |
2996 | 0 | for (name = &crt->subject; name != NULL; name = name->next) { |
2997 | 0 | if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && |
2998 | 0 | x509_crt_check_cn(&name->val, cn, cn_len) == 0) { |
2999 | 0 | return; |
3000 | 0 | } |
3001 | 0 | } |
3002 | |
|
3003 | 0 | } |
3004 | | |
3005 | 0 | *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; |
3006 | 0 | } |
3007 | | |
3008 | | /* |
3009 | | * Merge the flags for all certs in the chain, after calling callback |
3010 | | */ |
3011 | | static int x509_crt_merge_flags_with_cb( |
3012 | | uint32_t *flags, |
3013 | | const mbedtls_x509_crt_verify_chain *ver_chain, |
3014 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3015 | | void *p_vrfy) |
3016 | 0 | { |
3017 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
3018 | 0 | unsigned i; |
3019 | 0 | uint32_t cur_flags; |
3020 | 0 | const mbedtls_x509_crt_verify_chain_item *cur; |
3021 | |
|
3022 | 0 | for (i = ver_chain->len; i != 0; --i) { |
3023 | 0 | cur = &ver_chain->items[i-1]; |
3024 | 0 | cur_flags = cur->flags; |
3025 | |
|
3026 | 0 | if (NULL != f_vrfy) { |
3027 | 0 | if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { |
3028 | 0 | return ret; |
3029 | 0 | } |
3030 | 0 | } |
3031 | | |
3032 | 0 | *flags |= cur_flags; |
3033 | 0 | } |
3034 | | |
3035 | 0 | return 0; |
3036 | 0 | } |
3037 | | |
3038 | | /* |
3039 | | * Verify the certificate validity, with profile, restartable version |
3040 | | * |
3041 | | * This function: |
3042 | | * - checks the requested CN (if any) |
3043 | | * - checks the type and size of the EE cert's key, |
3044 | | * as that isn't done as part of chain building/verification currently |
3045 | | * - builds and verifies the chain |
3046 | | * - then calls the callback and merges the flags |
3047 | | * |
3048 | | * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb` |
3049 | | * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the |
3050 | | * verification routine to search for trusted signers, and CRLs will |
3051 | | * be disabled. Otherwise, `trust_ca` will be used as the static list |
3052 | | * of trusted signers, and `ca_crl` will be use as the static list |
3053 | | * of CRLs. |
3054 | | */ |
3055 | | static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, |
3056 | | mbedtls_x509_crt *trust_ca, |
3057 | | mbedtls_x509_crl *ca_crl, |
3058 | | mbedtls_x509_crt_ca_cb_t f_ca_cb, |
3059 | | void *p_ca_cb, |
3060 | | const mbedtls_x509_crt_profile *profile, |
3061 | | const char *cn, uint32_t *flags, |
3062 | | int (*f_vrfy)(void *, |
3063 | | mbedtls_x509_crt *, |
3064 | | int, |
3065 | | uint32_t *), |
3066 | | void *p_vrfy, |
3067 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
3068 | 0 | { |
3069 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
3070 | 0 | mbedtls_pk_type_t pk_type; |
3071 | 0 | mbedtls_x509_crt_verify_chain ver_chain; |
3072 | 0 | uint32_t ee_flags; |
3073 | |
|
3074 | 0 | *flags = 0; |
3075 | 0 | ee_flags = 0; |
3076 | 0 | x509_crt_verify_chain_reset(&ver_chain); |
3077 | |
|
3078 | 0 | if (profile == NULL) { |
3079 | 0 | ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; |
3080 | 0 | goto exit; |
3081 | 0 | } |
3082 | | |
3083 | | /* check name if requested */ |
3084 | 0 | if (cn != NULL) { |
3085 | 0 | x509_crt_verify_name(crt, cn, &ee_flags); |
3086 | 0 | } |
3087 | | |
3088 | | /* Check the type and size of the key */ |
3089 | 0 | pk_type = mbedtls_pk_get_type(&crt->pk); |
3090 | |
|
3091 | 0 | if (x509_profile_check_pk_alg(profile, pk_type) != 0) { |
3092 | 0 | ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; |
3093 | 0 | } |
3094 | |
|
3095 | 0 | if (x509_profile_check_key(profile, &crt->pk) != 0) { |
3096 | 0 | ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; |
3097 | 0 | } |
3098 | | |
3099 | | /* Check the chain */ |
3100 | 0 | ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, |
3101 | 0 | f_ca_cb, p_ca_cb, profile, |
3102 | 0 | &ver_chain, rs_ctx); |
3103 | |
|
3104 | 0 | if (ret != 0) { |
3105 | 0 | goto exit; |
3106 | 0 | } |
3107 | | |
3108 | | /* Merge end-entity flags */ |
3109 | 0 | ver_chain.items[0].flags |= ee_flags; |
3110 | | |
3111 | | /* Build final flags, calling callback on the way if any */ |
3112 | 0 | ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); |
3113 | |
|
3114 | 0 | exit: |
3115 | |
|
3116 | 0 | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
3117 | 0 | mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); |
3118 | 0 | mbedtls_free(ver_chain.trust_ca_cb_result); |
3119 | 0 | ver_chain.trust_ca_cb_result = NULL; |
3120 | 0 | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
3121 | |
|
3122 | 0 | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
3123 | 0 | if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { |
3124 | 0 | mbedtls_x509_crt_restart_free(rs_ctx); |
3125 | 0 | } |
3126 | 0 | #endif |
3127 | | |
3128 | | /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by |
3129 | | * the SSL module for authmode optional, but non-zero return from the |
3130 | | * callback means a fatal error so it shouldn't be ignored */ |
3131 | 0 | if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { |
3132 | 0 | ret = MBEDTLS_ERR_X509_FATAL_ERROR; |
3133 | 0 | } |
3134 | |
|
3135 | 0 | if (ret != 0) { |
3136 | 0 | *flags = (uint32_t) -1; |
3137 | 0 | return ret; |
3138 | 0 | } |
3139 | | |
3140 | 0 | if (*flags != 0) { |
3141 | 0 | return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; |
3142 | 0 | } |
3143 | | |
3144 | 0 | return 0; |
3145 | 0 | } |
3146 | | |
3147 | | |
3148 | | /* |
3149 | | * Verify the certificate validity (default profile, not restartable) |
3150 | | */ |
3151 | | int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, |
3152 | | mbedtls_x509_crt *trust_ca, |
3153 | | mbedtls_x509_crl *ca_crl, |
3154 | | const char *cn, uint32_t *flags, |
3155 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3156 | | void *p_vrfy) |
3157 | 0 | { |
3158 | 0 | return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, |
3159 | 0 | NULL, NULL, |
3160 | 0 | &mbedtls_x509_crt_profile_default, |
3161 | 0 | cn, flags, |
3162 | 0 | f_vrfy, p_vrfy, NULL); |
3163 | 0 | } |
3164 | | |
3165 | | /* |
3166 | | * Verify the certificate validity (user-chosen profile, not restartable) |
3167 | | */ |
3168 | | int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, |
3169 | | mbedtls_x509_crt *trust_ca, |
3170 | | mbedtls_x509_crl *ca_crl, |
3171 | | const mbedtls_x509_crt_profile *profile, |
3172 | | const char *cn, uint32_t *flags, |
3173 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3174 | | void *p_vrfy) |
3175 | 0 | { |
3176 | 0 | return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, |
3177 | 0 | NULL, NULL, |
3178 | 0 | profile, cn, flags, |
3179 | 0 | f_vrfy, p_vrfy, NULL); |
3180 | 0 | } |
3181 | | |
3182 | | #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) |
3183 | | /* |
3184 | | * Verify the certificate validity (user-chosen profile, CA callback, |
3185 | | * not restartable). |
3186 | | */ |
3187 | | int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, |
3188 | | mbedtls_x509_crt_ca_cb_t f_ca_cb, |
3189 | | void *p_ca_cb, |
3190 | | const mbedtls_x509_crt_profile *profile, |
3191 | | const char *cn, uint32_t *flags, |
3192 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3193 | | void *p_vrfy) |
3194 | 0 | { |
3195 | 0 | return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, |
3196 | 0 | f_ca_cb, p_ca_cb, |
3197 | 0 | profile, cn, flags, |
3198 | 0 | f_vrfy, p_vrfy, NULL); |
3199 | 0 | } |
3200 | | #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ |
3201 | | |
3202 | | int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, |
3203 | | mbedtls_x509_crt *trust_ca, |
3204 | | mbedtls_x509_crl *ca_crl, |
3205 | | const mbedtls_x509_crt_profile *profile, |
3206 | | const char *cn, uint32_t *flags, |
3207 | | int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), |
3208 | | void *p_vrfy, |
3209 | | mbedtls_x509_crt_restart_ctx *rs_ctx) |
3210 | 0 | { |
3211 | 0 | return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, |
3212 | 0 | NULL, NULL, |
3213 | 0 | profile, cn, flags, |
3214 | 0 | f_vrfy, p_vrfy, rs_ctx); |
3215 | 0 | } |
3216 | | |
3217 | | |
3218 | | /* |
3219 | | * Initialize a certificate chain |
3220 | | */ |
3221 | | void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) |
3222 | 13.3k | { |
3223 | 13.3k | memset(crt, 0, sizeof(mbedtls_x509_crt)); |
3224 | 13.3k | } |
3225 | | |
3226 | | /* |
3227 | | * Unallocate all certificate data |
3228 | | */ |
3229 | | void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) |
3230 | 73.3k | { |
3231 | 73.3k | mbedtls_x509_crt *cert_cur = crt; |
3232 | 73.3k | mbedtls_x509_crt *cert_prv; |
3233 | | |
3234 | 146k | while (cert_cur != NULL) { |
3235 | 73.6k | mbedtls_pk_free(&cert_cur->pk); |
3236 | | |
3237 | 73.6k | #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) |
3238 | 73.6k | mbedtls_free(cert_cur->sig_opts); |
3239 | 73.6k | #endif |
3240 | | |
3241 | 73.6k | mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); |
3242 | 73.6k | mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); |
3243 | 73.6k | mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); |
3244 | 73.6k | mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); |
3245 | 73.6k | mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); |
3246 | 73.6k | mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); |
3247 | | |
3248 | 73.6k | if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { |
3249 | 57.2k | mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); |
3250 | 57.2k | } |
3251 | | |
3252 | 73.6k | cert_prv = cert_cur; |
3253 | 73.6k | cert_cur = cert_cur->next; |
3254 | | |
3255 | 73.6k | mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); |
3256 | 73.6k | if (cert_prv != crt) { |
3257 | 296 | mbedtls_free(cert_prv); |
3258 | 296 | } |
3259 | 73.6k | } |
3260 | 73.3k | } |
3261 | | |
3262 | | #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) |
3263 | | /* |
3264 | | * Initialize a restart context |
3265 | | */ |
3266 | | void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx) |
3267 | 15.3k | { |
3268 | 15.3k | mbedtls_pk_restart_init(&ctx->pk); |
3269 | | |
3270 | 15.3k | ctx->parent = NULL; |
3271 | 15.3k | ctx->fallback_parent = NULL; |
3272 | 15.3k | ctx->fallback_signature_is_good = 0; |
3273 | | |
3274 | 15.3k | ctx->parent_is_trusted = -1; |
3275 | | |
3276 | 15.3k | ctx->in_progress = x509_crt_rs_none; |
3277 | 15.3k | ctx->self_cnt = 0; |
3278 | 15.3k | x509_crt_verify_chain_reset(&ctx->ver_chain); |
3279 | 15.3k | } |
3280 | | |
3281 | | /* |
3282 | | * Free the components of a restart context |
3283 | | */ |
3284 | | void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) |
3285 | 7.65k | { |
3286 | 7.65k | if (ctx == NULL) { |
3287 | 0 | return; |
3288 | 0 | } |
3289 | | |
3290 | 7.65k | mbedtls_pk_restart_free(&ctx->pk); |
3291 | 7.65k | mbedtls_x509_crt_restart_init(ctx); |
3292 | 7.65k | } |
3293 | | #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ |
3294 | | |
3295 | | int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) |
3296 | 0 | { |
3297 | 0 | if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { |
3298 | 0 | return crt->MBEDTLS_PRIVATE(ca_istrue); |
3299 | 0 | } |
3300 | 0 | return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; |
3301 | 0 | } |
3302 | | |
3303 | | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |