Coverage Report

Created: 2024-09-08 06:06

/src/mbedtls/library/x509_crt.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *  X.509 certificate parsing and verification
3
 *
4
 *  Copyright The Mbed TLS Contributors
5
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
 */
7
/*
8
 *  The ITU-T X.509 standard defines a certificate format for PKI.
9
 *
10
 *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
11
 *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
12
 *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
13
 *
14
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
15
 *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
16
 *
17
 *  [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
18
 */
19
20
#include "common.h"
21
22
#if defined(MBEDTLS_X509_CRT_PARSE_C)
23
24
#include "mbedtls/x509_crt.h"
25
#include "x509_internal.h"
26
#include "mbedtls/error.h"
27
#include "mbedtls/oid.h"
28
#include "mbedtls/platform_util.h"
29
30
#include <string.h>
31
32
#if defined(MBEDTLS_PEM_PARSE_C)
33
#include "mbedtls/pem.h"
34
#endif
35
36
#if defined(MBEDTLS_USE_PSA_CRYPTO)
37
#include "psa/crypto.h"
38
#include "psa_util_internal.h"
39
#include "mbedtls/psa_util.h"
40
#endif /* MBEDTLS_USE_PSA_CRYPTO */
41
#include "pk_internal.h"
42
43
#include "mbedtls/platform.h"
44
45
#if defined(MBEDTLS_THREADING_C)
46
#include "mbedtls/threading.h"
47
#endif
48
49
#if defined(MBEDTLS_HAVE_TIME)
50
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
51
#ifndef WIN32_LEAN_AND_MEAN
52
#define WIN32_LEAN_AND_MEAN
53
#endif
54
#include <windows.h>
55
#else
56
#include <time.h>
57
#endif
58
#endif
59
60
#if defined(MBEDTLS_FS_IO)
61
#include <stdio.h>
62
#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
63
#include <sys/types.h>
64
#include <sys/stat.h>
65
#if defined(__MBED__)
66
#include <platform/mbed_retarget.h>
67
#else
68
#include <dirent.h>
69
#endif /* __MBED__ */
70
#include <errno.h>
71
#endif /* !_WIN32 || EFIX64 || EFI32 */
72
#endif
73
74
/*
75
 * Item in a verification chain: cert and flags for it
76
 */
77
typedef struct {
78
    mbedtls_x509_crt *crt;
79
    uint32_t flags;
80
} x509_crt_verify_chain_item;
81
82
/*
83
 * Max size of verification chain: end-entity + intermediates + trusted root
84
 */
85
#define X509_MAX_VERIFY_CHAIN_SIZE    (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
86
87
/* Default profile. Do not remove items unless there are serious security
88
 * concerns. */
89
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
90
{
91
    /* Hashes from SHA-256 and above. Note that this selection
92
     * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */
93
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
94
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
95
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
96
    0xFFFFFFF, /* Any PK alg    */
97
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
98
    /* Curves at or above 128-bit security level. Note that this selection
99
     * should be aligned with ssl_preset_default_curves in ssl_tls.c. */
100
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
101
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) |
102
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) |
103
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) |
104
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
105
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
106
    0,
107
#else /* MBEDTLS_PK_HAVE_ECC_KEYS */
108
    0,
109
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
110
    2048,
111
};
112
113
/* Next-generation profile. Currently identical to the default, but may
114
 * be tightened at any time. */
115
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
116
{
117
    /* Hashes from SHA-256 and above. */
118
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
119
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
120
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
121
    0xFFFFFFF, /* Any PK alg    */
122
#if defined(MBEDTLS_ECP_C)
123
    /* Curves at or above 128-bit security level. */
124
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
125
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) |
126
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) |
127
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) |
128
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
129
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
130
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1),
131
#else
132
    0,
133
#endif
134
    2048,
135
};
136
137
/*
138
 * NSA Suite B Profile
139
 */
140
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
141
{
142
    /* Only SHA-256 and 384 */
143
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
144
    MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384),
145
    /* Only ECDSA */
146
    MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) |
147
    MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY),
148
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
149
    /* Only NIST P-256 and P-384 */
150
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
151
    MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1),
152
#else /* MBEDTLS_PK_HAVE_ECC_KEYS */
153
    0,
154
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
155
    0,
156
};
157
158
/*
159
 * Empty / all-forbidden profile
160
 */
161
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none =
162
{
163
    0,
164
    0,
165
    0,
166
    (uint32_t) -1,
167
};
168
169
/*
170
 * Check md_alg against profile
171
 * Return 0 if md_alg is acceptable for this profile, -1 otherwise
172
 */
173
static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile,
174
                                     mbedtls_md_type_t md_alg)
175
0
{
176
0
    if (md_alg == MBEDTLS_MD_NONE) {
177
0
        return -1;
178
0
    }
179
180
0
    if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) {
181
0
        return 0;
182
0
    }
183
184
0
    return -1;
185
0
}
186
187
/*
188
 * Check pk_alg against profile
189
 * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
190
 */
191
static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile,
192
                                     mbedtls_pk_type_t pk_alg)
193
0
{
194
0
    if (pk_alg == MBEDTLS_PK_NONE) {
195
0
        return -1;
196
0
    }
197
198
0
    if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) {
199
0
        return 0;
200
0
    }
201
202
0
    return -1;
203
0
}
204
205
/*
206
 * Check key against profile
207
 * Return 0 if pk is acceptable for this profile, -1 otherwise
208
 */
209
static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
210
                                  const mbedtls_pk_context *pk)
211
0
{
212
0
    const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
213
214
0
#if defined(MBEDTLS_RSA_C)
215
0
    if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
216
0
        if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
217
0
            return 0;
218
0
        }
219
220
0
        return -1;
221
0
    }
222
0
#endif /* MBEDTLS_RSA_C */
223
224
0
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
225
0
    if (pk_alg == MBEDTLS_PK_ECDSA ||
226
0
        pk_alg == MBEDTLS_PK_ECKEY ||
227
0
        pk_alg == MBEDTLS_PK_ECKEY_DH) {
228
0
        const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk);
229
230
0
        if (gid == MBEDTLS_ECP_DP_NONE) {
231
0
            return -1;
232
0
        }
233
234
0
        if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) {
235
0
            return 0;
236
0
        }
237
238
0
        return -1;
239
0
    }
240
0
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
241
242
0
    return -1;
243
0
}
244
245
/*
246
 * Like memcmp, but case-insensitive and always returns -1 if different
247
 */
248
static int x509_memcasecmp(const void *s1, const void *s2, size_t len)
249
0
{
250
0
    size_t i;
251
0
    unsigned char diff;
252
0
    const unsigned char *n1 = s1, *n2 = s2;
253
254
0
    for (i = 0; i < len; i++) {
255
0
        diff = n1[i] ^ n2[i];
256
257
0
        if (diff == 0) {
258
0
            continue;
259
0
        }
260
261
0
        if (diff == 32 &&
262
0
            ((n1[i] >= 'a' && n1[i] <= 'z') ||
263
0
             (n1[i] >= 'A' && n1[i] <= 'Z'))) {
264
0
            continue;
265
0
        }
266
267
0
        return -1;
268
0
    }
269
270
0
    return 0;
271
0
}
272
273
/*
274
 * Return 0 if name matches wildcard, -1 otherwise
275
 */
276
static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name)
277
0
{
278
0
    size_t i;
279
0
    size_t cn_idx = 0, cn_len = strlen(cn);
280
281
    /* We can't have a match if there is no wildcard to match */
282
0
    if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') {
283
0
        return -1;
284
0
    }
285
286
0
    for (i = 0; i < cn_len; ++i) {
287
0
        if (cn[i] == '.') {
288
0
            cn_idx = i;
289
0
            break;
290
0
        }
291
0
    }
292
293
0
    if (cn_idx == 0) {
294
0
        return -1;
295
0
    }
296
297
0
    if (cn_len - cn_idx == name->len - 1 &&
298
0
        x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) {
299
0
        return 0;
300
0
    }
301
302
0
    return -1;
303
0
}
304
305
/*
306
 * Compare two X.509 strings, case-insensitive, and allowing for some encoding
307
 * variations (but not all).
308
 *
309
 * Return 0 if equal, -1 otherwise.
310
 */
311
static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b)
312
0
{
313
0
    if (a->tag == b->tag &&
314
0
        a->len == b->len &&
315
0
        memcmp(a->p, b->p, b->len) == 0) {
316
0
        return 0;
317
0
    }
318
319
0
    if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
320
0
        (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) &&
321
0
        a->len == b->len &&
322
0
        x509_memcasecmp(a->p, b->p, b->len) == 0) {
323
0
        return 0;
324
0
    }
325
326
0
    return -1;
327
0
}
328
329
/*
330
 * Compare two X.509 Names (aka rdnSequence).
331
 *
332
 * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
333
 * we sometimes return unequal when the full algorithm would return equal,
334
 * but never the other way. (In particular, we don't do Unicode normalisation
335
 * or space folding.)
336
 *
337
 * Return 0 if equal, -1 otherwise.
338
 */
339
static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b)
340
0
{
341
    /* Avoid recursion, it might not be optimised by the compiler */
342
0
    while (a != NULL || b != NULL) {
343
0
        if (a == NULL || b == NULL) {
344
0
            return -1;
345
0
        }
346
347
        /* type */
348
0
        if (a->oid.tag != b->oid.tag ||
349
0
            a->oid.len != b->oid.len ||
350
0
            memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) {
351
0
            return -1;
352
0
        }
353
354
        /* value */
355
0
        if (x509_string_cmp(&a->val, &b->val) != 0) {
356
0
            return -1;
357
0
        }
358
359
        /* structure of the list of sets */
360
0
        if (a->next_merged != b->next_merged) {
361
0
            return -1;
362
0
        }
363
364
0
        a = a->next;
365
0
        b = b->next;
366
0
    }
367
368
    /* a == NULL == b */
369
0
    return 0;
370
0
}
371
372
/*
373
 * Reset (init or clear) a verify_chain
374
 */
375
static void x509_crt_verify_chain_reset(
376
    mbedtls_x509_crt_verify_chain *ver_chain)
377
15.3k
{
378
15.3k
    size_t i;
379
380
168k
    for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) {
381
153k
        ver_chain->items[i].crt = NULL;
382
153k
        ver_chain->items[i].flags = (uint32_t) -1;
383
153k
    }
384
385
15.3k
    ver_chain->len = 0;
386
387
15.3k
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
388
15.3k
    ver_chain->trust_ca_cb_result = NULL;
389
15.3k
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
390
15.3k
}
391
392
/*
393
 *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
394
 */
395
static int x509_get_version(unsigned char **p,
396
                            const unsigned char *end,
397
                            int *ver)
398
56.9k
{
399
56.9k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
400
56.9k
    size_t len;
401
402
56.9k
    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
403
56.9k
                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
404
56.9k
                                    0)) != 0) {
405
10.3k
        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
406
10.1k
            *ver = 0;
407
10.1k
            return 0;
408
10.1k
        }
409
410
203
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
411
10.3k
    }
412
413
46.5k
    end = *p + len;
414
415
46.5k
    if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
416
2.45k
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
417
2.45k
    }
418
419
44.1k
    if (*p != end) {
420
460
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION,
421
460
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
422
460
    }
423
424
43.6k
    return 0;
425
44.1k
}
426
427
/*
428
 *  Validity ::= SEQUENCE {
429
 *       notBefore      Time,
430
 *       notAfter       Time }
431
 */
432
static int x509_get_dates(unsigned char **p,
433
                          const unsigned char *end,
434
                          mbedtls_x509_time *from,
435
                          mbedtls_x509_time *to)
436
37.5k
{
437
37.5k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
438
37.5k
    size_t len;
439
440
37.5k
    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
441
37.5k
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
442
270
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret);
443
270
    }
444
445
37.2k
    end = *p + len;
446
447
37.2k
    if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) {
448
2.66k
        return ret;
449
2.66k
    }
450
451
34.6k
    if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) {
452
2.05k
        return ret;
453
2.05k
    }
454
455
32.5k
    if (*p != end) {
456
231
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
457
231
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
458
231
    }
459
460
32.3k
    return 0;
461
32.5k
}
462
463
/*
464
 * X.509 v2/v3 unique identifier (not parsed)
465
 */
466
static int x509_get_uid(unsigned char **p,
467
                        const unsigned char *end,
468
                        mbedtls_x509_buf *uid, int n)
469
28.6k
{
470
28.6k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
471
472
28.6k
    if (*p == end) {
473
990
        return 0;
474
990
    }
475
476
27.6k
    uid->tag = **p;
477
478
27.6k
    if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len,
479
27.6k
                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
480
27.6k
                                    n)) != 0) {
481
26.7k
        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
482
26.3k
            return 0;
483
26.3k
        }
484
485
403
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
486
26.7k
    }
487
488
900
    uid->p = *p;
489
900
    *p += uid->len;
490
491
900
    return 0;
492
27.6k
}
493
494
static int x509_get_basic_constraints(unsigned char **p,
495
                                      const unsigned char *end,
496
                                      int *ca_istrue,
497
                                      int *max_pathlen)
498
2.28k
{
499
2.28k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
500
2.28k
    size_t len;
501
502
    /*
503
     * BasicConstraints ::= SEQUENCE {
504
     *      cA                      BOOLEAN DEFAULT FALSE,
505
     *      pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
506
     */
507
2.28k
    *ca_istrue = 0; /* DEFAULT FALSE */
508
2.28k
    *max_pathlen = 0; /* endless */
509
510
2.28k
    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
511
2.28k
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
512
203
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
513
203
    }
514
515
2.08k
    if (*p == end) {
516
1.40k
        return 0;
517
1.40k
    }
518
519
680
    if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) {
520
412
        if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
521
343
            ret = mbedtls_asn1_get_int(p, end, ca_istrue);
522
343
        }
523
524
412
        if (ret != 0) {
525
71
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
526
71
        }
527
528
341
        if (*ca_istrue != 0) {
529
265
            *ca_istrue = 1;
530
265
        }
531
341
    }
532
533
609
    if (*p == end) {
534
204
        return 0;
535
204
    }
536
537
405
    if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) {
538
93
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
539
93
    }
540
541
312
    if (*p != end) {
542
154
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
543
154
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
544
154
    }
545
546
    /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
547
     * overflow, which is an undefined behavior. */
548
158
    if (*max_pathlen == INT_MAX) {
549
2
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
550
2
                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
551
2
    }
552
553
156
    (*max_pathlen)++;
554
555
156
    return 0;
556
158
}
557
558
/*
559
 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
560
 *
561
 * KeyPurposeId ::= OBJECT IDENTIFIER
562
 */
563
static int x509_get_ext_key_usage(unsigned char **p,
564
                                  const unsigned char *end,
565
                                  mbedtls_x509_sequence *ext_key_usage)
566
2.22k
{
567
2.22k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
568
569
2.22k
    if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) {
570
1.82k
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
571
1.82k
    }
572
573
    /* Sequence length must be >= 1 */
574
398
    if (ext_key_usage->buf.p == NULL) {
575
196
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
576
196
                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
577
196
    }
578
579
202
    return 0;
580
398
}
581
582
/*
583
 * SubjectKeyIdentifier ::= KeyIdentifier
584
 *
585
 * KeyIdentifier ::= OCTET STRING
586
 */
587
static int x509_get_subject_key_id(unsigned char **p,
588
                                   const unsigned char *end,
589
                                   mbedtls_x509_buf *subject_key_id)
590
2.05k
{
591
2.05k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
592
2.05k
    size_t len = 0u;
593
594
2.05k
    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
595
2.05k
                                    MBEDTLS_ASN1_OCTET_STRING)) != 0) {
596
71
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
597
71
    }
598
599
1.98k
    subject_key_id->len = len;
600
1.98k
    subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING;
601
1.98k
    subject_key_id->p = *p;
602
1.98k
    *p += len;
603
604
1.98k
    if (*p != end) {
605
67
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
606
67
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
607
67
    }
608
609
1.91k
    return 0;
610
1.98k
}
611
612
/*
613
 * AuthorityKeyIdentifier ::= SEQUENCE {
614
 *        keyIdentifier [0] KeyIdentifier OPTIONAL,
615
 *        authorityCertIssuer [1] GeneralNames OPTIONAL,
616
 *        authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
617
 *
618
 *    KeyIdentifier ::= OCTET STRING
619
 */
620
static int x509_get_authority_key_id(unsigned char **p,
621
                                     unsigned char *end,
622
                                     mbedtls_x509_authority *authority_key_id)
623
1.70k
{
624
1.70k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
625
1.70k
    size_t len = 0u;
626
627
1.70k
    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
628
1.70k
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
629
197
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
630
197
    }
631
632
1.51k
    if (*p + len != end) {
633
68
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
634
68
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
635
68
    }
636
637
1.44k
    ret = mbedtls_asn1_get_tag(p, end, &len,
638
1.44k
                               MBEDTLS_ASN1_CONTEXT_SPECIFIC);
639
640
    /* KeyIdentifier is an OPTIONAL field */
641
1.44k
    if (ret == 0) {
642
1.03k
        authority_key_id->keyIdentifier.len = len;
643
1.03k
        authority_key_id->keyIdentifier.p = *p;
644
        /* Setting tag of the keyIdentfier intentionally to 0x04.
645
         * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL),
646
         * its tag with the content is the payload of on OCTET STRING primitive */
647
1.03k
        authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING;
648
649
1.03k
        *p += len;
650
1.03k
    } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
651
196
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
652
196
    }
653
654
1.24k
    if (*p < end) {
655
        /* Getting authorityCertIssuer using the required specific class tag [1] */
656
313
        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
657
313
                                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
658
313
                                        1)) != 0) {
659
            /* authorityCertIssuer and authorityCertSerialNumber MUST both
660
               be present or both be absent. At this point we expect to have both. */
661
85
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
662
85
        }
663
        /* "end" also includes the CertSerialNumber field so "len" shall be used */
664
228
        ret = mbedtls_x509_get_subject_alt_name_ext(p,
665
228
                                                    (*p+len),
666
228
                                                    &authority_key_id->authorityCertIssuer);
667
228
        if (ret != 0) {
668
81
            return ret;
669
81
        }
670
671
        /* Getting authorityCertSerialNumber using the required specific class tag [2] */
672
147
        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
673
147
                                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) {
674
69
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
675
69
        }
676
78
        authority_key_id->authorityCertSerialNumber.len = len;
677
78
        authority_key_id->authorityCertSerialNumber.p = *p;
678
78
        authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER;
679
78
        *p += len;
680
78
    }
681
682
1.01k
    if (*p != end) {
683
67
        return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
684
67
               MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
685
67
    }
686
687
944
    return 0;
688
1.01k
}
689
690
/*
691
 * id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
692
 *
693
 * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
694
 *
695
 * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
696
 *
697
 * PolicyInformation ::= SEQUENCE {
698
 *     policyIdentifier   CertPolicyId,
699
 *     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
700
 *                             PolicyQualifierInfo OPTIONAL }
701
 *
702
 * CertPolicyId ::= OBJECT IDENTIFIER
703
 *
704
 * PolicyQualifierInfo ::= SEQUENCE {
705
 *      policyQualifierId  PolicyQualifierId,
706
 *      qualifier          ANY DEFINED BY policyQualifierId }
707
 *
708
 * -- policyQualifierIds for Internet policy qualifiers
709
 *
710
 * id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
711
 * id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
712
 * id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
713
 *
714
 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
715
 *
716
 * Qualifier ::= CHOICE {
717
 *      cPSuri           CPSuri,
718
 *      userNotice       UserNotice }
719
 *
720
 * CPSuri ::= IA5String
721
 *
722
 * UserNotice ::= SEQUENCE {
723
 *      noticeRef        NoticeReference OPTIONAL,
724
 *      explicitText     DisplayText OPTIONAL }
725
 *
726
 * NoticeReference ::= SEQUENCE {
727
 *      organization     DisplayText,
728
 *      noticeNumbers    SEQUENCE OF INTEGER }
729
 *
730
 * DisplayText ::= CHOICE {
731
 *      ia5String        IA5String      (SIZE (1..200)),
732
 *      visibleString    VisibleString  (SIZE (1..200)),
733
 *      bmpString        BMPString      (SIZE (1..200)),
734
 *      utf8String       UTF8String     (SIZE (1..200)) }
735
 *
736
 * NOTE: we only parse and use anyPolicy without qualifiers at this point
737
 * as defined in RFC 5280.
738
 */
739
static int x509_get_certificate_policies(unsigned char **p,
740
                                         const unsigned char *end,
741
                                         mbedtls_x509_sequence *certificate_policies)
742
879
{
743
879
    int ret, parse_ret = 0;
744
879
    size_t len;
745
879
    mbedtls_asn1_buf *buf;
746
879
    mbedtls_asn1_sequence *cur = certificate_policies;
747
748
    /* Get main sequence tag */
749
879
    ret = mbedtls_asn1_get_tag(p, end, &len,
750
879
                               MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
751
879
    if (ret != 0) {
752
200
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
753
200
    }
754
755
679
    if (*p + len != end) {
756
67
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
757
67
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
758
67
    }
759
760
    /*
761
     * Cannot be an empty sequence.
762
     */
763
612
    if (len == 0) {
764
195
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
765
195
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
766
195
    }
767
768
1.05k
    while (*p < end) {
769
1.01k
        mbedtls_x509_buf policy_oid;
770
1.01k
        const unsigned char *policy_end;
771
772
        /*
773
         * Get the policy sequence
774
         */
775
1.01k
        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
776
1.01k
                                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
777
83
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
778
83
        }
779
780
932
        policy_end = *p + len;
781
782
932
        if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
783
932
                                        MBEDTLS_ASN1_OID)) != 0) {
784
70
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
785
70
        }
786
787
862
        policy_oid.tag = MBEDTLS_ASN1_OID;
788
862
        policy_oid.len = len;
789
862
        policy_oid.p = *p;
790
791
        /*
792
         * Only AnyPolicy is currently supported when enforcing policy.
793
         */
794
862
        if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) {
795
            /*
796
             * Set the parsing return code but continue parsing, in case this
797
             * extension is critical.
798
             */
799
830
            parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
800
830
        }
801
802
        /* Allocate and assign next pointer */
803
862
        if (cur->buf.p != NULL) {
804
529
            if (cur->next != NULL) {
805
0
                return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
806
0
            }
807
808
529
            cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
809
810
529
            if (cur->next == NULL) {
811
0
                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
812
0
                                         MBEDTLS_ERR_ASN1_ALLOC_FAILED);
813
0
            }
814
815
529
            cur = cur->next;
816
529
        }
817
818
862
        buf = &(cur->buf);
819
862
        buf->tag = policy_oid.tag;
820
862
        buf->p = policy_oid.p;
821
862
        buf->len = policy_oid.len;
822
823
862
        *p += len;
824
825
        /*
826
         * If there is an optional qualifier, then *p < policy_end
827
         * Check the Qualifier len to verify it doesn't exceed policy_end.
828
         */
829
862
        if (*p < policy_end) {
830
649
            if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len,
831
649
                                            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
832
649
                0) {
833
73
                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
834
73
            }
835
            /*
836
             * Skip the optional policy qualifiers.
837
             */
838
576
            *p += len;
839
576
        }
840
841
789
        if (*p != policy_end) {
842
153
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
843
153
                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
844
153
        }
845
789
    }
846
847
    /* Set final sequence entry's next pointer to NULL */
848
38
    cur->next = NULL;
849
850
38
    if (*p != end) {
851
0
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
852
0
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
853
0
    }
854
855
38
    return parse_ret;
856
38
}
857
858
/*
859
 * X.509 v3 extensions
860
 *
861
 */
862
static int x509_get_crt_ext(unsigned char **p,
863
                            const unsigned char *end,
864
                            mbedtls_x509_crt *crt,
865
                            mbedtls_x509_crt_ext_cb_t cb,
866
                            void *p_ctx)
867
13.7k
{
868
13.7k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
869
13.7k
    size_t len;
870
13.7k
    unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet;
871
872
13.7k
    if (*p == end) {
873
1.06k
        return 0;
874
1.06k
    }
875
876
12.6k
    if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) {
877
901
        return ret;
878
901
    }
879
880
11.7k
    end = crt->v3_ext.p + crt->v3_ext.len;
881
24.4k
    while (*p < end) {
882
        /*
883
         * Extension  ::=  SEQUENCE  {
884
         *      extnID      OBJECT IDENTIFIER,
885
         *      critical    BOOLEAN DEFAULT FALSE,
886
         *      extnValue   OCTET STRING  }
887
         */
888
21.3k
        mbedtls_x509_buf extn_oid = { 0, 0, NULL };
889
21.3k
        int is_critical = 0; /* DEFAULT FALSE */
890
21.3k
        int ext_type = 0;
891
892
21.3k
        if ((ret = mbedtls_asn1_get_tag(p, end, &len,
893
21.3k
                                        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
894
515
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
895
515
        }
896
897
20.8k
        end_ext_data = *p + len;
898
899
        /* Get extension ID */
900
20.8k
        if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
901
20.8k
                                        MBEDTLS_ASN1_OID)) != 0) {
902
219
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
903
219
        }
904
905
20.5k
        extn_oid.tag = MBEDTLS_ASN1_OID;
906
20.5k
        extn_oid.p = *p;
907
20.5k
        *p += extn_oid.len;
908
909
        /* Get optional critical */
910
20.5k
        if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
911
20.5k
            (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
912
1.13k
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
913
1.13k
        }
914
915
        /* Data should be octet string type */
916
19.4k
        if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
917
19.4k
                                        MBEDTLS_ASN1_OCTET_STRING)) != 0) {
918
449
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
919
449
        }
920
921
18.9k
        start_ext_octet = *p;
922
18.9k
        end_ext_octet = *p + len;
923
924
18.9k
        if (end_ext_octet != end_ext_data) {
925
196
            return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
926
196
                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
927
196
        }
928
929
        /*
930
         * Detect supported extensions
931
         */
932
18.8k
        ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
933
934
18.8k
        if (ret != 0) {
935
            /* Give the callback (if any) a chance to handle the extension */
936
6.16k
            if (cb != NULL) {
937
0
                ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet);
938
0
                if (ret != 0 && is_critical) {
939
0
                    return ret;
940
0
                }
941
0
                *p = end_ext_octet;
942
0
                continue;
943
0
            }
944
945
            /* No parser found, skip extension */
946
6.16k
            *p = end_ext_octet;
947
948
6.16k
            if (is_critical) {
949
                /* Data is marked as critical: fail */
950
69
                return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
951
69
                                         MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
952
69
            }
953
6.09k
            continue;
954
6.16k
        }
955
956
        /* Forbid repeated extensions */
957
12.6k
        if ((crt->ext_types & ext_type) != 0) {
958
68
            return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
959
68
        }
960
961
12.5k
        crt->ext_types |= ext_type;
962
963
12.5k
        switch (ext_type) {
964
2.28k
            case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
965
                /* Parse basic constraints */
966
2.28k
                if ((ret = x509_get_basic_constraints(p, end_ext_octet,
967
2.28k
                                                      &crt->ca_istrue, &crt->max_pathlen)) != 0) {
968
523
                    return ret;
969
523
                }
970
1.76k
                break;
971
972
1.76k
            case MBEDTLS_X509_EXT_KEY_USAGE:
973
                /* Parse key usage */
974
1.29k
                if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet,
975
1.29k
                                                      &crt->key_usage)) != 0) {
976
695
                    return ret;
977
695
                }
978
600
                break;
979
980
2.22k
            case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
981
                /* Parse extended key usage */
982
2.22k
                if ((ret = x509_get_ext_key_usage(p, end_ext_octet,
983
2.22k
                                                  &crt->ext_key_usage)) != 0) {
984
2.02k
                    return ret;
985
2.02k
                }
986
202
                break;
987
988
2.05k
            case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER:
989
                /* Parse subject key identifier */
990
2.05k
                if ((ret = x509_get_subject_key_id(p, end_ext_data,
991
2.05k
                                                   &crt->subject_key_id)) != 0) {
992
138
                    return ret;
993
138
                }
994
1.91k
                break;
995
996
1.91k
            case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER:
997
                /* Parse authority key identifier */
998
1.70k
                if ((ret = x509_get_authority_key_id(p, end_ext_octet,
999
1.70k
                                                     &crt->authority_key_id)) != 0) {
1000
763
                    return ret;
1001
763
                }
1002
944
                break;
1003
1.89k
            case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
1004
                /* Parse subject alt name
1005
                 * SubjectAltName ::= GeneralNames
1006
                 */
1007
1.89k
                if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet,
1008
1.89k
                                                             &crt->subject_alt_names)) != 0) {
1009
954
                    return ret;
1010
954
                }
1011
938
                break;
1012
1013
938
            case MBEDTLS_X509_EXT_NS_CERT_TYPE:
1014
                /* Parse netscape certificate type */
1015
241
                if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet,
1016
241
                                                         &crt->ns_cert_type)) != 0) {
1017
71
                    return ret;
1018
71
                }
1019
170
                break;
1020
1021
879
            case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES:
1022
                /* Parse certificate policies type */
1023
879
                if ((ret = x509_get_certificate_policies(p, end_ext_octet,
1024
879
                                                         &crt->certificate_policies)) != 0) {
1025
                    /* Give the callback (if any) a chance to handle the extension
1026
                     * if it contains unsupported policies */
1027
877
                    if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL &&
1028
877
                        cb(p_ctx, crt, &extn_oid, is_critical,
1029
0
                           start_ext_octet, end_ext_octet) == 0) {
1030
0
                        break;
1031
0
                    }
1032
1033
877
                    if (is_critical) {
1034
2
                        return ret;
1035
2
                    } else
1036
                    /*
1037
                     * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
1038
                     * cannot interpret or enforce the policy. However, it is up to
1039
                     * the user to choose how to enforce the policies,
1040
                     * unless the extension is critical.
1041
                     */
1042
875
                    if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
1043
839
                        return ret;
1044
839
                    }
1045
877
                }
1046
38
                break;
1047
1048
38
            default:
1049
                /*
1050
                 * If this is a non-critical extension, which the oid layer
1051
                 * supports, but there isn't an x509 parser for it,
1052
                 * skip the extension.
1053
                 */
1054
0
                if (is_critical) {
1055
0
                    return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
1056
0
                } else {
1057
0
                    *p = end_ext_octet;
1058
0
                }
1059
12.5k
        }
1060
12.5k
    }
1061
1062
3.11k
    if (*p != end) {
1063
0
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
1064
0
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1065
0
    }
1066
1067
3.11k
    return 0;
1068
3.11k
}
1069
1070
/*
1071
 * Parse and fill a single X.509 certificate in DER format
1072
 */
1073
static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
1074
                                   const unsigned char *buf,
1075
                                   size_t buflen,
1076
                                   int make_copy,
1077
                                   mbedtls_x509_crt_ext_cb_t cb,
1078
                                   void *p_ctx)
1079
60.7k
{
1080
60.7k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1081
60.7k
    size_t len;
1082
60.7k
    unsigned char *p, *end, *crt_end;
1083
60.7k
    mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
1084
1085
60.7k
    memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
1086
60.7k
    memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
1087
60.7k
    memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
1088
1089
    /*
1090
     * Check for valid input
1091
     */
1092
60.7k
    if (crt == NULL || buf == NULL) {
1093
0
        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1094
0
    }
1095
1096
    /* Use the original buffer until we figure out actual length. */
1097
60.7k
    p = (unsigned char *) buf;
1098
60.7k
    len = buflen;
1099
60.7k
    end = p + len;
1100
1101
    /*
1102
     * Certificate  ::=  SEQUENCE  {
1103
     *      tbsCertificate       TBSCertificate,
1104
     *      signatureAlgorithm   AlgorithmIdentifier,
1105
     *      signatureValue       BIT STRING  }
1106
     */
1107
60.7k
    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1108
60.7k
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1109
3.55k
        mbedtls_x509_crt_free(crt);
1110
3.55k
        return MBEDTLS_ERR_X509_INVALID_FORMAT;
1111
3.55k
    }
1112
1113
57.2k
    end = crt_end = p + len;
1114
57.2k
    crt->raw.len = (size_t) (crt_end - buf);
1115
57.2k
    if (make_copy != 0) {
1116
        /* Create and populate a new buffer for the raw field. */
1117
57.2k
        crt->raw.p = p = mbedtls_calloc(1, crt->raw.len);
1118
57.2k
        if (crt->raw.p == NULL) {
1119
0
            return MBEDTLS_ERR_X509_ALLOC_FAILED;
1120
0
        }
1121
1122
57.2k
        memcpy(crt->raw.p, buf, crt->raw.len);
1123
57.2k
        crt->own_buffer = 1;
1124
1125
57.2k
        p += crt->raw.len - len;
1126
57.2k
        end = crt_end = p + len;
1127
57.2k
    } else {
1128
0
        crt->raw.p = (unsigned char *) buf;
1129
0
        crt->own_buffer = 0;
1130
0
    }
1131
1132
    /*
1133
     * TBSCertificate  ::=  SEQUENCE  {
1134
     */
1135
57.2k
    crt->tbs.p = p;
1136
1137
57.2k
    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1138
57.2k
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1139
323
        mbedtls_x509_crt_free(crt);
1140
323
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
1141
323
    }
1142
1143
56.9k
    end = p + len;
1144
56.9k
    crt->tbs.len = (size_t) (end - crt->tbs.p);
1145
1146
    /*
1147
     * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
1148
     *
1149
     * CertificateSerialNumber  ::=  INTEGER
1150
     *
1151
     * signature            AlgorithmIdentifier
1152
     */
1153
56.9k
    if ((ret = x509_get_version(&p, end, &crt->version)) != 0 ||
1154
56.9k
        (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 ||
1155
56.9k
        (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid,
1156
51.7k
                                    &sig_params1)) != 0) {
1157
10.0k
        mbedtls_x509_crt_free(crt);
1158
10.0k
        return ret;
1159
10.0k
    }
1160
1161
46.9k
    if (crt->version < 0 || crt->version > 2) {
1162
288
        mbedtls_x509_crt_free(crt);
1163
288
        return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
1164
288
    }
1165
1166
46.6k
    crt->version++;
1167
1168
46.6k
    if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1,
1169
46.6k
                                        &crt->sig_md, &crt->sig_pk,
1170
46.6k
                                        &crt->sig_opts)) != 0) {
1171
6.75k
        mbedtls_x509_crt_free(crt);
1172
6.75k
        return ret;
1173
6.75k
    }
1174
1175
    /*
1176
     * issuer               Name
1177
     */
1178
39.8k
    crt->issuer_raw.p = p;
1179
1180
39.8k
    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1181
39.8k
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1182
995
        mbedtls_x509_crt_free(crt);
1183
995
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
1184
995
    }
1185
1186
38.8k
    if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) {
1187
1.31k
        mbedtls_x509_crt_free(crt);
1188
1.31k
        return ret;
1189
1.31k
    }
1190
1191
37.5k
    crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p);
1192
1193
    /*
1194
     * Validity ::= SEQUENCE {
1195
     *      notBefore      Time,
1196
     *      notAfter       Time }
1197
     *
1198
     */
1199
37.5k
    if ((ret = x509_get_dates(&p, end, &crt->valid_from,
1200
37.5k
                              &crt->valid_to)) != 0) {
1201
5.22k
        mbedtls_x509_crt_free(crt);
1202
5.22k
        return ret;
1203
5.22k
    }
1204
1205
    /*
1206
     * subject              Name
1207
     */
1208
32.3k
    crt->subject_raw.p = p;
1209
1210
32.3k
    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
1211
32.3k
                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
1212
744
        mbedtls_x509_crt_free(crt);
1213
744
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
1214
744
    }
1215
1216
31.5k
    if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) {
1217
1.04k
        mbedtls_x509_crt_free(crt);
1218
1.04k
        return ret;
1219
1.04k
    }
1220
1221
30.5k
    crt->subject_raw.len = (size_t) (p - crt->subject_raw.p);
1222
1223
    /*
1224
     * SubjectPublicKeyInfo
1225
     */
1226
30.5k
    crt->pk_raw.p = p;
1227
30.5k
    if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) {
1228
15.6k
        mbedtls_x509_crt_free(crt);
1229
15.6k
        return ret;
1230
15.6k
    }
1231
14.8k
    crt->pk_raw.len = (size_t) (p - crt->pk_raw.p);
1232
1233
    /*
1234
     *  issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
1235
     *                       -- If present, version shall be v2 or v3
1236
     *  subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
1237
     *                       -- If present, version shall be v2 or v3
1238
     *  extensions      [3]  EXPLICIT Extensions OPTIONAL
1239
     *                       -- If present, version shall be v3
1240
     */
1241
14.8k
    if (crt->version == 2 || crt->version == 3) {
1242
14.4k
        ret = x509_get_uid(&p, end, &crt->issuer_id,  1);
1243
14.4k
        if (ret != 0) {
1244
206
            mbedtls_x509_crt_free(crt);
1245
206
            return ret;
1246
206
        }
1247
14.4k
    }
1248
1249
14.6k
    if (crt->version == 2 || crt->version == 3) {
1250
14.2k
        ret = x509_get_uid(&p, end, &crt->subject_id,  2);
1251
14.2k
        if (ret != 0) {
1252
197
            mbedtls_x509_crt_free(crt);
1253
197
            return ret;
1254
197
        }
1255
14.2k
    }
1256
1257
14.4k
    if (crt->version == 3) {
1258
13.7k
        ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx);
1259
13.7k
        if (ret != 0) {
1260
9.56k
            mbedtls_x509_crt_free(crt);
1261
9.56k
            return ret;
1262
9.56k
        }
1263
13.7k
    }
1264
1265
4.87k
    if (p != end) {
1266
783
        mbedtls_x509_crt_free(crt);
1267
783
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
1268
783
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1269
783
    }
1270
1271
4.09k
    end = crt_end;
1272
1273
    /*
1274
     *  }
1275
     *  -- end of TBSCertificate
1276
     *
1277
     *  signatureAlgorithm   AlgorithmIdentifier,
1278
     *  signatureValue       BIT STRING
1279
     */
1280
4.09k
    if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
1281
1.36k
        mbedtls_x509_crt_free(crt);
1282
1.36k
        return ret;
1283
1.36k
    }
1284
1285
2.72k
    if (crt->sig_oid.len != sig_oid2.len ||
1286
2.72k
        memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 ||
1287
2.72k
        sig_params1.tag != sig_params2.tag ||
1288
2.72k
        sig_params1.len != sig_params2.len ||
1289
2.72k
        (sig_params1.len != 0 &&
1290
2.02k
         memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
1291
785
        mbedtls_x509_crt_free(crt);
1292
785
        return MBEDTLS_ERR_X509_SIG_MISMATCH;
1293
785
    }
1294
1295
1.93k
    if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) {
1296
229
        mbedtls_x509_crt_free(crt);
1297
229
        return ret;
1298
229
    }
1299
1300
1.70k
    if (p != end) {
1301
67
        mbedtls_x509_crt_free(crt);
1302
67
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
1303
67
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
1304
67
    }
1305
1306
1.64k
    return 0;
1307
1.70k
}
1308
1309
/*
1310
 * Parse one X.509 certificate in DER format from a buffer and add them to a
1311
 * chained list
1312
 */
1313
static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain,
1314
                                               const unsigned char *buf,
1315
                                               size_t buflen,
1316
                                               int make_copy,
1317
                                               mbedtls_x509_crt_ext_cb_t cb,
1318
                                               void *p_ctx)
1319
60.7k
{
1320
60.7k
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1321
60.7k
    mbedtls_x509_crt *crt = chain, *prev = NULL;
1322
1323
    /*
1324
     * Check for valid input
1325
     */
1326
60.7k
    if (crt == NULL || buf == NULL) {
1327
0
        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1328
0
    }
1329
1330
64.4k
    while (crt->version != 0 && crt->next != NULL) {
1331
3.67k
        prev = crt;
1332
3.67k
        crt = crt->next;
1333
3.67k
    }
1334
1335
    /*
1336
     * Add new certificate on the end of the chain if needed.
1337
     */
1338
60.7k
    if (crt->version != 0 && crt->next == NULL) {
1339
737
        crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
1340
1341
737
        if (crt->next == NULL) {
1342
0
            return MBEDTLS_ERR_X509_ALLOC_FAILED;
1343
0
        }
1344
1345
737
        prev = crt;
1346
737
        mbedtls_x509_crt_init(crt->next);
1347
737
        crt = crt->next;
1348
737
    }
1349
1350
60.7k
    ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx);
1351
60.7k
    if (ret != 0) {
1352
59.1k
        if (prev) {
1353
433
            prev->next = NULL;
1354
433
        }
1355
1356
59.1k
        if (crt != chain) {
1357
433
            mbedtls_free(crt);
1358
433
        }
1359
1360
59.1k
        return ret;
1361
59.1k
    }
1362
1363
1.64k
    return 0;
1364
60.7k
}
1365
1366
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
1367
                                      const unsigned char *buf,
1368
                                      size_t buflen)
1369
0
{
1370
0
    return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL);
1371
0
}
1372
1373
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
1374
                                           const unsigned char *buf,
1375
                                           size_t buflen,
1376
                                           int make_copy,
1377
                                           mbedtls_x509_crt_ext_cb_t cb,
1378
                                           void *p_ctx)
1379
0
{
1380
0
    return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx);
1381
0
}
1382
1383
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
1384
                               const unsigned char *buf,
1385
                               size_t buflen)
1386
60.7k
{
1387
60.7k
    return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL);
1388
60.7k
}
1389
1390
/*
1391
 * Parse one or more PEM certificates from a buffer and add them to the chained
1392
 * list
1393
 */
1394
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain,
1395
                           const unsigned char *buf,
1396
                           size_t buflen)
1397
6.24k
{
1398
6.24k
#if defined(MBEDTLS_PEM_PARSE_C)
1399
6.24k
    int success = 0, first_error = 0, total_failed = 0;
1400
6.24k
    int buf_format = MBEDTLS_X509_FORMAT_DER;
1401
6.24k
#endif
1402
1403
    /*
1404
     * Check for valid input
1405
     */
1406
6.24k
    if (chain == NULL || buf == NULL) {
1407
0
        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1408
0
    }
1409
1410
    /*
1411
     * Determine buffer content. Buffer contains either one DER certificate or
1412
     * one or more PEM certificates.
1413
     */
1414
6.24k
#if defined(MBEDTLS_PEM_PARSE_C)
1415
6.24k
    if (buflen != 0 && buf[buflen - 1] == '\0' &&
1416
6.24k
        strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) {
1417
3.10k
        buf_format = MBEDTLS_X509_FORMAT_PEM;
1418
3.10k
    }
1419
1420
6.24k
    if (buf_format == MBEDTLS_X509_FORMAT_DER) {
1421
3.13k
        return mbedtls_x509_crt_parse_der(chain, buf, buflen);
1422
3.13k
    }
1423
#else
1424
    return mbedtls_x509_crt_parse_der(chain, buf, buflen);
1425
#endif
1426
1427
3.10k
#if defined(MBEDTLS_PEM_PARSE_C)
1428
3.10k
    if (buf_format == MBEDTLS_X509_FORMAT_PEM) {
1429
3.10k
        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1430
3.10k
        mbedtls_pem_context pem;
1431
1432
        /* 1 rather than 0 since the terminating NULL byte is counted in */
1433
64.3k
        while (buflen > 1) {
1434
62.1k
            size_t use_len;
1435
62.1k
            mbedtls_pem_init(&pem);
1436
1437
            /* If we get there, we know the string is null-terminated */
1438
62.1k
            ret = mbedtls_pem_read_buffer(&pem,
1439
62.1k
                                          "-----BEGIN CERTIFICATE-----",
1440
62.1k
                                          "-----END CERTIFICATE-----",
1441
62.1k
                                          buf, NULL, 0, &use_len);
1442
1443
62.1k
            if (ret == 0) {
1444
                /*
1445
                 * Was PEM encoded
1446
                 */
1447
53.5k
                buflen -= use_len;
1448
53.5k
                buf += use_len;
1449
53.5k
            } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) {
1450
10
                return ret;
1451
8.64k
            } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
1452
7.66k
                mbedtls_pem_free(&pem);
1453
1454
                /*
1455
                 * PEM header and footer were found
1456
                 */
1457
7.66k
                buflen -= use_len;
1458
7.66k
                buf += use_len;
1459
1460
7.66k
                if (first_error == 0) {
1461
580
                    first_error = ret;
1462
580
                }
1463
1464
7.66k
                total_failed++;
1465
7.66k
                continue;
1466
7.66k
            } else {
1467
976
                break;
1468
976
            }
1469
1470
53.5k
            ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen);
1471
1472
53.5k
            mbedtls_pem_free(&pem);
1473
1474
53.5k
            if (ret != 0) {
1475
                /*
1476
                 * Quit parsing on a memory error
1477
                 */
1478
53.2k
                if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) {
1479
0
                    return ret;
1480
0
                }
1481
1482
53.2k
                if (first_error == 0) {
1483
2.48k
                    first_error = ret;
1484
2.48k
                }
1485
1486
53.2k
                total_failed++;
1487
53.2k
                continue;
1488
53.2k
            }
1489
1490
247
            success = 1;
1491
247
        }
1492
3.10k
    }
1493
1494
3.09k
    if (success) {
1495
39
        return total_failed;
1496
3.06k
    } else if (first_error) {
1497
3.04k
        return first_error;
1498
3.04k
    } else {
1499
17
        return MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT;
1500
17
    }
1501
3.09k
#endif /* MBEDTLS_PEM_PARSE_C */
1502
3.09k
}
1503
1504
#if defined(MBEDTLS_FS_IO)
1505
/*
1506
 * Load one or more certificates and add them to the chained list
1507
 */
1508
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
1509
0
{
1510
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1511
0
    size_t n;
1512
0
    unsigned char *buf;
1513
1514
0
    if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
1515
0
        return ret;
1516
0
    }
1517
1518
0
    ret = mbedtls_x509_crt_parse(chain, buf, n);
1519
1520
0
    mbedtls_zeroize_and_free(buf, n);
1521
1522
0
    return ret;
1523
0
}
1524
1525
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
1526
0
{
1527
0
    int ret = 0;
1528
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1529
    int w_ret;
1530
    WCHAR szDir[MAX_PATH];
1531
    char filename[MAX_PATH];
1532
    char *p;
1533
    size_t len = strlen(path);
1534
1535
    WIN32_FIND_DATAW file_data;
1536
    HANDLE hFind;
1537
1538
    if (len > MAX_PATH - 3) {
1539
        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1540
    }
1541
1542
    memset(szDir, 0, sizeof(szDir));
1543
    memset(filename, 0, MAX_PATH);
1544
    memcpy(filename, path, len);
1545
    filename[len++] = '\\';
1546
    p = filename + len;
1547
    filename[len++] = '*';
1548
1549
    /*
1550
     * Note this function uses the code page CP_ACP which is the system default
1551
     * ANSI codepage. The input string is always described in BYTES and the
1552
     * output length is described in WCHARs.
1553
     */
1554
    w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int) len, szDir,
1555
                                MAX_PATH - 3);
1556
    if (w_ret == 0) {
1557
        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1558
    }
1559
1560
    hFind = FindFirstFileW(szDir, &file_data);
1561
    if (hFind == INVALID_HANDLE_VALUE) {
1562
        return MBEDTLS_ERR_X509_FILE_IO_ERROR;
1563
    }
1564
1565
    len = MAX_PATH - len;
1566
    do {
1567
        memset(p, 0, len);
1568
1569
        if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
1570
            continue;
1571
        }
1572
        w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName,
1573
                                    -1, p, (int) len, NULL, NULL);
1574
        if (w_ret == 0) {
1575
            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1576
            goto cleanup;
1577
        }
1578
1579
        w_ret = mbedtls_x509_crt_parse_file(chain, filename);
1580
        if (w_ret < 0) {
1581
            ret++;
1582
        } else {
1583
            ret += w_ret;
1584
        }
1585
    } while (FindNextFileW(hFind, &file_data) != 0);
1586
1587
    if (GetLastError() != ERROR_NO_MORE_FILES) {
1588
        ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1589
    }
1590
1591
cleanup:
1592
    FindClose(hFind);
1593
#else /* _WIN32 */
1594
0
    int t_ret;
1595
0
    int snp_ret;
1596
0
    struct stat sb;
1597
0
    struct dirent *entry;
1598
0
    char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
1599
0
    DIR *dir = opendir(path);
1600
1601
0
    if (dir == NULL) {
1602
0
        return MBEDTLS_ERR_X509_FILE_IO_ERROR;
1603
0
    }
1604
1605
0
#if defined(MBEDTLS_THREADING_C)
1606
0
    if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) {
1607
0
        closedir(dir);
1608
0
        return ret;
1609
0
    }
1610
0
#endif /* MBEDTLS_THREADING_C */
1611
1612
0
    memset(&sb, 0, sizeof(sb));
1613
1614
0
    while ((entry = readdir(dir)) != NULL) {
1615
0
        snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name),
1616
0
                                   "%s/%s", path, entry->d_name);
1617
1618
0
        if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) {
1619
0
            ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
1620
0
            goto cleanup;
1621
0
        } else if (stat(entry_name, &sb) == -1) {
1622
0
            if (errno == ENOENT) {
1623
                /* Broken symbolic link - ignore this entry.
1624
                    stat(2) will return this error for either (a) a dangling
1625
                    symlink or (b) a missing file.
1626
                    Given that we have just obtained the filename from readdir,
1627
                    assume that it does exist and therefore treat this as a
1628
                    dangling symlink. */
1629
0
                continue;
1630
0
            } else {
1631
                /* Some other file error; report the error. */
1632
0
                ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
1633
0
                goto cleanup;
1634
0
            }
1635
0
        }
1636
1637
0
        if (!S_ISREG(sb.st_mode)) {
1638
0
            continue;
1639
0
        }
1640
1641
        // Ignore parse errors
1642
        //
1643
0
        t_ret = mbedtls_x509_crt_parse_file(chain, entry_name);
1644
0
        if (t_ret < 0) {
1645
0
            ret++;
1646
0
        } else {
1647
0
            ret += t_ret;
1648
0
        }
1649
0
    }
1650
1651
0
cleanup:
1652
0
    closedir(dir);
1653
1654
0
#if defined(MBEDTLS_THREADING_C)
1655
0
    if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) {
1656
0
        ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
1657
0
    }
1658
0
#endif /* MBEDTLS_THREADING_C */
1659
1660
0
#endif /* _WIN32 */
1661
1662
0
    return ret;
1663
0
}
1664
#endif /* MBEDTLS_FS_IO */
1665
1666
#if !defined(MBEDTLS_X509_REMOVE_INFO)
1667
#define PRINT_ITEM(i)                               \
1668
    do {                                            \
1669
        ret = mbedtls_snprintf(p, n, "%s" i, sep);  \
1670
        MBEDTLS_X509_SAFE_SNPRINTF;                 \
1671
        sep = ", ";                                 \
1672
    } while (0)
1673
1674
#define CERT_TYPE(type, name)          \
1675
    do {                               \
1676
        if (ns_cert_type & (type)) {   \
1677
            PRINT_ITEM(name);          \
1678
        }                              \
1679
    } while (0)
1680
1681
#define KEY_USAGE(code, name)      \
1682
    do {                           \
1683
        if (key_usage & (code)) {  \
1684
            PRINT_ITEM(name);      \
1685
        }                          \
1686
    } while (0)
1687
1688
static int x509_info_ext_key_usage(char **buf, size_t *size,
1689
                                   const mbedtls_x509_sequence *extended_key_usage)
1690
51
{
1691
51
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1692
51
    const char *desc;
1693
51
    size_t n = *size;
1694
51
    char *p = *buf;
1695
51
    const mbedtls_x509_sequence *cur = extended_key_usage;
1696
51
    const char *sep = "";
1697
1698
331
    while (cur != NULL) {
1699
281
        if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) {
1700
237
            desc = "???";
1701
237
        }
1702
1703
281
        ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
1704
281
        MBEDTLS_X509_SAFE_SNPRINTF;
1705
1706
280
        sep = ", ";
1707
1708
280
        cur = cur->next;
1709
280
    }
1710
1711
50
    *size = n;
1712
50
    *buf = p;
1713
1714
50
    return 0;
1715
51
}
1716
1717
static int x509_info_cert_policies(char **buf, size_t *size,
1718
                                   const mbedtls_x509_sequence *certificate_policies)
1719
14
{
1720
14
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1721
14
    const char *desc;
1722
14
    size_t n = *size;
1723
14
    char *p = *buf;
1724
14
    const mbedtls_x509_sequence *cur = certificate_policies;
1725
14
    const char *sep = "";
1726
1727
69
    while (cur != NULL) {
1728
55
        if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) {
1729
54
            desc = "???";
1730
54
        }
1731
1732
55
        ret = mbedtls_snprintf(p, n, "%s%s", sep, desc);
1733
55
        MBEDTLS_X509_SAFE_SNPRINTF;
1734
1735
55
        sep = ", ";
1736
1737
55
        cur = cur->next;
1738
55
    }
1739
1740
14
    *size = n;
1741
14
    *buf = p;
1742
1743
14
    return 0;
1744
14
}
1745
1746
/*
1747
 * Return an informational string about the certificate.
1748
 */
1749
325
#define BEFORE_COLON    18
1750
#define BC              "18"
1751
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix,
1752
                          const mbedtls_x509_crt *crt)
1753
339
{
1754
339
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1755
339
    size_t n;
1756
339
    char *p;
1757
339
    char key_size_str[BEFORE_COLON];
1758
1759
339
    p = buf;
1760
339
    n = size;
1761
1762
339
    if (NULL == crt) {
1763
0
        ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n");
1764
0
        MBEDTLS_X509_SAFE_SNPRINTF;
1765
1766
0
        return (int) (size - n);
1767
0
    }
1768
1769
339
    ret = mbedtls_snprintf(p, n, "%scert. version     : %d\n",
1770
339
                           prefix, crt->version);
1771
339
    MBEDTLS_X509_SAFE_SNPRINTF;
1772
339
    ret = mbedtls_snprintf(p, n, "%sserial number     : ",
1773
339
                           prefix);
1774
339
    MBEDTLS_X509_SAFE_SNPRINTF;
1775
1776
339
    ret = mbedtls_x509_serial_gets(p, n, &crt->serial);
1777
339
    MBEDTLS_X509_SAFE_SNPRINTF;
1778
1779
339
    ret = mbedtls_snprintf(p, n, "\n%sissuer name       : ", prefix);
1780
339
    MBEDTLS_X509_SAFE_SNPRINTF;
1781
339
    ret = mbedtls_x509_dn_gets(p, n, &crt->issuer);
1782
339
    MBEDTLS_X509_SAFE_SNPRINTF;
1783
1784
336
    ret = mbedtls_snprintf(p, n, "\n%ssubject name      : ", prefix);
1785
336
    MBEDTLS_X509_SAFE_SNPRINTF;
1786
336
    ret = mbedtls_x509_dn_gets(p, n, &crt->subject);
1787
336
    MBEDTLS_X509_SAFE_SNPRINTF;
1788
1789
325
    ret = mbedtls_snprintf(p, n, "\n%sissued  on        : " \
1790
325
                                 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1791
325
                           crt->valid_from.year, crt->valid_from.mon,
1792
325
                           crt->valid_from.day,  crt->valid_from.hour,
1793
325
                           crt->valid_from.min,  crt->valid_from.sec);
1794
325
    MBEDTLS_X509_SAFE_SNPRINTF;
1795
1796
325
    ret = mbedtls_snprintf(p, n, "\n%sexpires on        : " \
1797
325
                                 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1798
325
                           crt->valid_to.year, crt->valid_to.mon,
1799
325
                           crt->valid_to.day,  crt->valid_to.hour,
1800
325
                           crt->valid_to.min,  crt->valid_to.sec);
1801
325
    MBEDTLS_X509_SAFE_SNPRINTF;
1802
1803
325
    ret = mbedtls_snprintf(p, n, "\n%ssigned using      : ", prefix);
1804
325
    MBEDTLS_X509_SAFE_SNPRINTF;
1805
1806
325
    ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk,
1807
325
                                    crt->sig_md, crt->sig_opts);
1808
325
    MBEDTLS_X509_SAFE_SNPRINTF;
1809
1810
    /* Key size */
1811
325
    if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON,
1812
325
                                            mbedtls_pk_get_name(&crt->pk))) != 0) {
1813
0
        return ret;
1814
0
    }
1815
1816
325
    ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
1817
325
                           (int) mbedtls_pk_get_bitlen(&crt->pk));
1818
325
    MBEDTLS_X509_SAFE_SNPRINTF;
1819
1820
    /*
1821
     * Optional extensions
1822
     */
1823
1824
325
    if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) {
1825
103
        ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix,
1826
103
                               crt->ca_istrue ? "true" : "false");
1827
103
        MBEDTLS_X509_SAFE_SNPRINTF;
1828
1829
103
        if (crt->max_pathlen > 0) {
1830
34
            ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1);
1831
34
            MBEDTLS_X509_SAFE_SNPRINTF;
1832
34
        }
1833
103
    }
1834
1835
325
    if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
1836
118
        ret = mbedtls_snprintf(p, n, "\n%ssubject alt name  :", prefix);
1837
118
        MBEDTLS_X509_SAFE_SNPRINTF;
1838
1839
118
        if ((ret = mbedtls_x509_info_subject_alt_name(&p, &n,
1840
118
                                                      &crt->subject_alt_names,
1841
118
                                                      prefix)) != 0) {
1842
32
            return ret;
1843
32
        }
1844
118
    }
1845
1846
293
    if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) {
1847
29
        ret = mbedtls_snprintf(p, n, "\n%scert. type        : ", prefix);
1848
29
        MBEDTLS_X509_SAFE_SNPRINTF;
1849
1850
29
        if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) {
1851
0
            return ret;
1852
0
        }
1853
29
    }
1854
1855
293
    if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) {
1856
119
        ret = mbedtls_snprintf(p, n, "\n%skey usage         : ", prefix);
1857
119
        MBEDTLS_X509_SAFE_SNPRINTF;
1858
1859
118
        if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) {
1860
11
            return ret;
1861
11
        }
1862
118
    }
1863
1864
281
    if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) {
1865
52
        ret = mbedtls_snprintf(p, n, "\n%sext key usage     : ", prefix);
1866
52
        MBEDTLS_X509_SAFE_SNPRINTF;
1867
1868
51
        if ((ret = x509_info_ext_key_usage(&p, &n,
1869
51
                                           &crt->ext_key_usage)) != 0) {
1870
1
            return ret;
1871
1
        }
1872
51
    }
1873
1874
279
    if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) {
1875
14
        ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix);
1876
14
        MBEDTLS_X509_SAFE_SNPRINTF;
1877
1878
14
        if ((ret = x509_info_cert_policies(&p, &n,
1879
14
                                           &crt->certificate_policies)) != 0) {
1880
0
            return ret;
1881
0
        }
1882
14
    }
1883
1884
279
    ret = mbedtls_snprintf(p, n, "\n");
1885
279
    MBEDTLS_X509_SAFE_SNPRINTF;
1886
1887
278
    return (int) (size - n);
1888
279
}
1889
1890
struct x509_crt_verify_string {
1891
    int code;
1892
    const char *string;
1893
};
1894
1895
#define X509_CRT_ERROR_INFO(err, err_str, info) { err, info },
1896
static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
1897
    MBEDTLS_X509_CRT_ERROR_INFO_LIST
1898
    { 0, NULL }
1899
};
1900
#undef X509_CRT_ERROR_INFO
1901
1902
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
1903
                                 uint32_t flags)
1904
0
{
1905
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
1906
0
    const struct x509_crt_verify_string *cur;
1907
0
    char *p = buf;
1908
0
    size_t n = size;
1909
1910
0
    for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) {
1911
0
        if ((flags & cur->code) == 0) {
1912
0
            continue;
1913
0
        }
1914
1915
0
        ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string);
1916
0
        MBEDTLS_X509_SAFE_SNPRINTF;
1917
0
        flags ^= cur->code;
1918
0
    }
1919
1920
0
    if (flags != 0) {
1921
0
        ret = mbedtls_snprintf(p, n, "%sUnknown reason "
1922
0
                                     "(this should not happen)\n", prefix);
1923
0
        MBEDTLS_X509_SAFE_SNPRINTF;
1924
0
    }
1925
1926
0
    return (int) (size - n);
1927
0
}
1928
#endif /* MBEDTLS_X509_REMOVE_INFO */
1929
1930
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
1931
                                     unsigned int usage)
1932
0
{
1933
0
    unsigned int usage_must, usage_may;
1934
0
    unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
1935
0
                            | MBEDTLS_X509_KU_DECIPHER_ONLY;
1936
1937
0
    if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) {
1938
0
        return 0;
1939
0
    }
1940
1941
0
    usage_must = usage & ~may_mask;
1942
1943
0
    if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) {
1944
0
        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1945
0
    }
1946
1947
0
    usage_may = usage & may_mask;
1948
1949
0
    if (((crt->key_usage & may_mask) | usage_may) != usage_may) {
1950
0
        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1951
0
    }
1952
1953
0
    return 0;
1954
0
}
1955
1956
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
1957
                                              const char *usage_oid,
1958
                                              size_t usage_len)
1959
0
{
1960
0
    const mbedtls_x509_sequence *cur;
1961
1962
    /* Extension is not mandatory, absent means no restriction */
1963
0
    if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) {
1964
0
        return 0;
1965
0
    }
1966
1967
    /*
1968
     * Look for the requested usage (or wildcard ANY) in our list
1969
     */
1970
0
    for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) {
1971
0
        const mbedtls_x509_buf *cur_oid = &cur->buf;
1972
1973
0
        if (cur_oid->len == usage_len &&
1974
0
            memcmp(cur_oid->p, usage_oid, usage_len) == 0) {
1975
0
            return 0;
1976
0
        }
1977
1978
0
        if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) {
1979
0
            return 0;
1980
0
        }
1981
0
    }
1982
1983
0
    return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
1984
0
}
1985
1986
#if defined(MBEDTLS_X509_CRL_PARSE_C)
1987
/*
1988
 * Return 1 if the certificate is revoked, or 0 otherwise.
1989
 */
1990
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
1991
0
{
1992
0
    const mbedtls_x509_crl_entry *cur = &crl->entry;
1993
1994
0
    while (cur != NULL && cur->serial.len != 0) {
1995
0
        if (crt->serial.len == cur->serial.len &&
1996
0
            memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) {
1997
0
            return 1;
1998
0
        }
1999
2000
0
        cur = cur->next;
2001
0
    }
2002
2003
0
    return 0;
2004
0
}
2005
2006
/*
2007
 * Check that the given certificate is not revoked according to the CRL.
2008
 * Skip validation if no CRL for the given CA is present.
2009
 */
2010
static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
2011
                              mbedtls_x509_crl *crl_list,
2012
                              const mbedtls_x509_crt_profile *profile,
2013
                              const mbedtls_x509_time *now)
2014
0
{
2015
0
    int flags = 0;
2016
0
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2017
#if defined(MBEDTLS_USE_PSA_CRYPTO)
2018
    psa_algorithm_t psa_algorithm;
2019
#else
2020
    const mbedtls_md_info_t *md_info;
2021
#endif /* MBEDTLS_USE_PSA_CRYPTO */
2022
0
    size_t hash_length;
2023
2024
0
    if (ca == NULL) {
2025
0
        return flags;
2026
0
    }
2027
2028
0
    while (crl_list != NULL) {
2029
0
        if (crl_list->version == 0 ||
2030
0
            x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) {
2031
0
            crl_list = crl_list->next;
2032
0
            continue;
2033
0
        }
2034
2035
        /*
2036
         * Check if the CA is configured to sign CRLs
2037
         */
2038
0
        if (mbedtls_x509_crt_check_key_usage(ca,
2039
0
                                             MBEDTLS_X509_KU_CRL_SIGN) != 0) {
2040
0
            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
2041
0
            break;
2042
0
        }
2043
2044
        /*
2045
         * Check if CRL is correctly signed by the trusted CA
2046
         */
2047
0
        if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) {
2048
0
            flags |= MBEDTLS_X509_BADCRL_BAD_MD;
2049
0
        }
2050
2051
0
        if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) {
2052
0
            flags |= MBEDTLS_X509_BADCRL_BAD_PK;
2053
0
        }
2054
2055
#if defined(MBEDTLS_USE_PSA_CRYPTO)
2056
        psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md);
2057
0
        if (psa_hash_compute(psa_algorithm,
2058
0
                             crl_list->tbs.p,
2059
0
                             crl_list->tbs.len,
2060
0
                             hash,
2061
0
                             sizeof(hash),
2062
0
                             &hash_length) != PSA_SUCCESS) {
2063
            /* Note: this can't happen except after an internal error */
2064
0
            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
2065
0
            break;
2066
0
        }
2067
#else
2068
        md_info = mbedtls_md_info_from_type(crl_list->sig_md);
2069
        hash_length = mbedtls_md_get_size(md_info);
2070
0
        if (mbedtls_md(md_info,
2071
0
                       crl_list->tbs.p,
2072
0
                       crl_list->tbs.len,
2073
0
                       hash) != 0) {
2074
            /* Note: this can't happen except after an internal error */
2075
0
            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
2076
0
            break;
2077
0
        }
2078
0
#endif /* MBEDTLS_USE_PSA_CRYPTO */
2079
2080
0
        if (x509_profile_check_key(profile, &ca->pk) != 0) {
2081
0
            flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2082
0
        }
2083
2084
0
        if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
2085
0
                                  crl_list->sig_md, hash, hash_length,
2086
0
                                  crl_list->sig.p, crl_list->sig.len) != 0) {
2087
0
            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
2088
0
            break;
2089
0
        }
2090
2091
0
#if defined(MBEDTLS_HAVE_TIME_DATE)
2092
        /*
2093
         * Check for validity of CRL (Do not drop out)
2094
         */
2095
0
        if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) {
2096
0
            flags |= MBEDTLS_X509_BADCRL_EXPIRED;
2097
0
        }
2098
2099
0
        if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) {
2100
0
            flags |= MBEDTLS_X509_BADCRL_FUTURE;
2101
0
        }
2102
#else
2103
        ((void) now);
2104
#endif
2105
2106
        /*
2107
         * Check if certificate is revoked
2108
         */
2109
0
        if (mbedtls_x509_crt_is_revoked(crt, crl_list)) {
2110
0
            flags |= MBEDTLS_X509_BADCERT_REVOKED;
2111
0
            break;
2112
0
        }
2113
2114
0
        crl_list = crl_list->next;
2115
0
    }
2116
2117
0
    return flags;
2118
0
}
Unexecuted instantiation: x509_crt.c:x509_crt_verifycrl
Unexecuted instantiation: x509_crt.c:x509_crt_verifycrl
2119
#endif /* MBEDTLS_X509_CRL_PARSE_C */
2120
2121
/*
2122
 * Check the signature of a certificate by its parent
2123
 */
2124
static int x509_crt_check_signature(const mbedtls_x509_crt *child,
2125
                                    mbedtls_x509_crt *parent,
2126
                                    mbedtls_x509_crt_restart_ctx *rs_ctx)
2127
0
{
2128
0
    size_t hash_len;
2129
0
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
2130
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
2131
    const mbedtls_md_info_t *md_info;
2132
    md_info = mbedtls_md_info_from_type(child->sig_md);
2133
    hash_len = mbedtls_md_get_size(md_info);
2134
2135
    /* Note: hash errors can happen only after an internal error */
2136
0
    if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) {
2137
0
        return -1;
2138
0
    }
2139
#else
2140
    psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md);
2141
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2142
2143
    status = psa_hash_compute(hash_alg,
2144
                              child->tbs.p,
2145
                              child->tbs.len,
2146
                              hash,
2147
                              sizeof(hash),
2148
                              &hash_len);
2149
0
    if (status != PSA_SUCCESS) {
2150
0
        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
2151
0
    }
2152
2153
0
#endif /* MBEDTLS_USE_PSA_CRYPTO */
2154
    /* Skip expensive computation on obvious mismatch */
2155
0
    if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
2156
0
        return -1;
2157
0
    }
2158
2159
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2160
0
    if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) {
2161
0
        return mbedtls_pk_verify_restartable(&parent->pk,
2162
0
                                             child->sig_md, hash, hash_len,
2163
0
                                             child->sig.p, child->sig.len, &rs_ctx->pk);
2164
0
    }
2165
#else
2166
    (void) rs_ctx;
2167
#endif
2168
2169
0
    return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk,
2170
0
                                 child->sig_md, hash, hash_len,
2171
0
                                 child->sig.p, child->sig.len);
2172
0
}
Unexecuted instantiation: x509_crt.c:x509_crt_check_signature
Unexecuted instantiation: x509_crt.c:x509_crt_check_signature
2173
2174
/*
2175
 * Check if 'parent' is a suitable parent (signing CA) for 'child'.
2176
 * Return 0 if yes, -1 if not.
2177
 *
2178
 * top means parent is a locally-trusted certificate
2179
 */
2180
static int x509_crt_check_parent(const mbedtls_x509_crt *child,
2181
                                 const mbedtls_x509_crt *parent,
2182
                                 int top)
2183
0
{
2184
0
    int need_ca_bit;
2185
2186
    /* Parent must be the issuer */
2187
0
    if (x509_name_cmp(&child->issuer, &parent->subject) != 0) {
2188
0
        return -1;
2189
0
    }
2190
2191
    /* Parent must have the basicConstraints CA bit set as a general rule */
2192
0
    need_ca_bit = 1;
2193
2194
    /* Exception: v1/v2 certificates that are locally trusted. */
2195
0
    if (top && parent->version < 3) {
2196
0
        need_ca_bit = 0;
2197
0
    }
2198
2199
0
    if (need_ca_bit && !parent->ca_istrue) {
2200
0
        return -1;
2201
0
    }
2202
2203
0
    if (need_ca_bit &&
2204
0
        mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) {
2205
0
        return -1;
2206
0
    }
2207
2208
0
    return 0;
2209
0
}
2210
2211
/*
2212
 * Find a suitable parent for child in candidates, or return NULL.
2213
 *
2214
 * Here suitable is defined as:
2215
 *  1. subject name matches child's issuer
2216
 *  2. if necessary, the CA bit is set and key usage allows signing certs
2217
 *  3. for trusted roots, the signature is correct
2218
 *     (for intermediates, the signature is checked and the result reported)
2219
 *  4. pathlen constraints are satisfied
2220
 *
2221
 * If there's a suitable candidate which is also time-valid, return the first
2222
 * such. Otherwise, return the first suitable candidate (or NULL if there is
2223
 * none).
2224
 *
2225
 * The rationale for this rule is that someone could have a list of trusted
2226
 * roots with two versions on the same root with different validity periods.
2227
 * (At least one user reported having such a list and wanted it to just work.)
2228
 * The reason we don't just require time-validity is that generally there is
2229
 * only one version, and if it's expired we want the flags to state that
2230
 * rather than NOT_TRUSTED, as would be the case if we required it here.
2231
 *
2232
 * The rationale for rule 3 (signature for trusted roots) is that users might
2233
 * have two versions of the same CA with different keys in their list, and the
2234
 * way we select the correct one is by checking the signature (as we don't
2235
 * rely on key identifier extensions). (This is one way users might choose to
2236
 * handle key rollover, another relies on self-issued certs, see [SIRO].)
2237
 *
2238
 * Arguments:
2239
 *  - [in] child: certificate for which we're looking for a parent
2240
 *  - [in] candidates: chained list of potential parents
2241
 *  - [out] r_parent: parent found (or NULL)
2242
 *  - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
2243
 *  - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
2244
 *         of the chain, 0 otherwise
2245
 *  - [in] path_cnt: number of intermediates seen so far
2246
 *  - [in] self_cnt: number of self-signed intermediates seen so far
2247
 *         (will never be greater than path_cnt)
2248
 *  - [in-out] rs_ctx: context for restarting operations
2249
 *
2250
 * Return value:
2251
 *  - 0 on success
2252
 *  - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2253
 */
2254
static int x509_crt_find_parent_in(
2255
    mbedtls_x509_crt *child,
2256
    mbedtls_x509_crt *candidates,
2257
    mbedtls_x509_crt **r_parent,
2258
    int *r_signature_is_good,
2259
    int top,
2260
    unsigned path_cnt,
2261
    unsigned self_cnt,
2262
    mbedtls_x509_crt_restart_ctx *rs_ctx,
2263
    const mbedtls_x509_time *now)
2264
0
{
2265
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2266
0
    mbedtls_x509_crt *parent, *fallback_parent;
2267
0
    int signature_is_good = 0, fallback_signature_is_good;
2268
2269
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2270
    /* did we have something in progress? */
2271
0
    if (rs_ctx != NULL && rs_ctx->parent != NULL) {
2272
        /* restore saved state */
2273
0
        parent = rs_ctx->parent;
2274
0
        fallback_parent = rs_ctx->fallback_parent;
2275
0
        fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
2276
2277
        /* clear saved state */
2278
0
        rs_ctx->parent = NULL;
2279
0
        rs_ctx->fallback_parent = NULL;
2280
0
        rs_ctx->fallback_signature_is_good = 0;
2281
2282
        /* resume where we left */
2283
0
        goto check_signature;
2284
0
    }
2285
0
#endif
2286
2287
0
    fallback_parent = NULL;
2288
0
    fallback_signature_is_good = 0;
2289
2290
0
    for (parent = candidates; parent != NULL; parent = parent->next) {
2291
        /* basic parenting skills (name, CA bit, key usage) */
2292
0
        if (x509_crt_check_parent(child, parent, top) != 0) {
2293
0
            continue;
2294
0
        }
2295
2296
        /* +1 because stored max_pathlen is 1 higher that the actual value */
2297
0
        if (parent->max_pathlen > 0 &&
2298
0
            (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) {
2299
0
            continue;
2300
0
        }
2301
2302
        /* Signature */
2303
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2304
0
check_signature:
2305
0
#endif
2306
0
        ret = x509_crt_check_signature(child, parent, rs_ctx);
2307
2308
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2309
0
        if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2310
            /* save state */
2311
0
            rs_ctx->parent = parent;
2312
0
            rs_ctx->fallback_parent = fallback_parent;
2313
0
            rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
2314
2315
0
            return ret;
2316
0
        }
2317
#else
2318
        (void) ret;
2319
#endif
2320
2321
0
        signature_is_good = ret == 0;
2322
0
        if (top && !signature_is_good) {
2323
0
            continue;
2324
0
        }
2325
2326
0
#if defined(MBEDTLS_HAVE_TIME_DATE)
2327
        /* optional time check */
2328
0
        if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 ||    /* past */
2329
0
            mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) {  /* future */
2330
0
            if (fallback_parent == NULL) {
2331
0
                fallback_parent = parent;
2332
0
                fallback_signature_is_good = signature_is_good;
2333
0
            }
2334
2335
0
            continue;
2336
0
        }
2337
#else
2338
        ((void) now);
2339
#endif
2340
2341
0
        *r_parent = parent;
2342
0
        *r_signature_is_good = signature_is_good;
2343
2344
0
        break;
2345
0
    }
2346
2347
0
    if (parent == NULL) {
2348
0
        *r_parent = fallback_parent;
2349
0
        *r_signature_is_good = fallback_signature_is_good;
2350
0
    }
2351
2352
0
    return 0;
2353
0
}
2354
2355
/*
2356
 * Find a parent in trusted CAs or the provided chain, or return NULL.
2357
 *
2358
 * Searches in trusted CAs first, and return the first suitable parent found
2359
 * (see find_parent_in() for definition of suitable).
2360
 *
2361
 * Arguments:
2362
 *  - [in] child: certificate for which we're looking for a parent, followed
2363
 *         by a chain of possible intermediates
2364
 *  - [in] trust_ca: list of locally trusted certificates
2365
 *  - [out] parent: parent found (or NULL)
2366
 *  - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
2367
 *  - [out] signature_is_good: 1 if child signature by parent is valid, or 0
2368
 *  - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
2369
 *  - [in] self_cnt: number of self-signed certs in the chain so far
2370
 *         (will always be no greater than path_cnt)
2371
 *  - [in-out] rs_ctx: context for restarting operations
2372
 *
2373
 * Return value:
2374
 *  - 0 on success
2375
 *  - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2376
 */
2377
static int x509_crt_find_parent(
2378
    mbedtls_x509_crt *child,
2379
    mbedtls_x509_crt *trust_ca,
2380
    mbedtls_x509_crt **parent,
2381
    int *parent_is_trusted,
2382
    int *signature_is_good,
2383
    unsigned path_cnt,
2384
    unsigned self_cnt,
2385
    mbedtls_x509_crt_restart_ctx *rs_ctx,
2386
    const mbedtls_x509_time *now)
2387
0
{
2388
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2389
0
    mbedtls_x509_crt *search_list;
2390
2391
0
    *parent_is_trusted = 1;
2392
2393
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2394
    /* restore then clear saved state if we have some stored */
2395
0
    if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) {
2396
0
        *parent_is_trusted = rs_ctx->parent_is_trusted;
2397
0
        rs_ctx->parent_is_trusted = -1;
2398
0
    }
2399
0
#endif
2400
2401
0
    while (1) {
2402
0
        search_list = *parent_is_trusted ? trust_ca : child->next;
2403
2404
0
        ret = x509_crt_find_parent_in(child, search_list,
2405
0
                                      parent, signature_is_good,
2406
0
                                      *parent_is_trusted,
2407
0
                                      path_cnt, self_cnt, rs_ctx, now);
2408
2409
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2410
0
        if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2411
            /* save state */
2412
0
            rs_ctx->parent_is_trusted = *parent_is_trusted;
2413
0
            return ret;
2414
0
        }
2415
#else
2416
        (void) ret;
2417
#endif
2418
2419
        /* stop here if found or already in second iteration */
2420
0
        if (*parent != NULL || *parent_is_trusted == 0) {
2421
0
            break;
2422
0
        }
2423
2424
        /* prepare second iteration */
2425
0
        *parent_is_trusted = 0;
2426
0
    }
2427
2428
    /* extra precaution against mistakes in the caller */
2429
0
    if (*parent == NULL) {
2430
0
        *parent_is_trusted = 0;
2431
0
        *signature_is_good = 0;
2432
0
    }
2433
2434
0
    return 0;
2435
0
}
2436
2437
/*
2438
 * Check if an end-entity certificate is locally trusted
2439
 *
2440
 * Currently we require such certificates to be self-signed (actually only
2441
 * check for self-issued as self-signatures are not checked)
2442
 */
2443
static int x509_crt_check_ee_locally_trusted(
2444
    mbedtls_x509_crt *crt,
2445
    mbedtls_x509_crt *trust_ca)
2446
0
{
2447
0
    mbedtls_x509_crt *cur;
2448
2449
    /* must be self-issued */
2450
0
    if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) {
2451
0
        return -1;
2452
0
    }
2453
2454
    /* look for an exact match with trusted cert */
2455
0
    for (cur = trust_ca; cur != NULL; cur = cur->next) {
2456
0
        if (crt->raw.len == cur->raw.len &&
2457
0
            memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) {
2458
0
            return 0;
2459
0
        }
2460
0
    }
2461
2462
    /* too bad */
2463
0
    return -1;
2464
0
}
2465
2466
/*
2467
 * Build and verify a certificate chain
2468
 *
2469
 * Given a peer-provided list of certificates EE, C1, ..., Cn and
2470
 * a list of trusted certs R1, ... Rp, try to build and verify a chain
2471
 *      EE, Ci1, ... Ciq [, Rj]
2472
 * such that every cert in the chain is a child of the next one,
2473
 * jumping to a trusted root as early as possible.
2474
 *
2475
 * Verify that chain and return it with flags for all issues found.
2476
 *
2477
 * Special cases:
2478
 * - EE == Rj -> return a one-element list containing it
2479
 * - EE, Ci1, ..., Ciq cannot be continued with a trusted root
2480
 *   -> return that chain with NOT_TRUSTED set on Ciq
2481
 *
2482
 * Tests for (aspects of) this function should include at least:
2483
 * - trusted EE
2484
 * - EE -> trusted root
2485
 * - EE -> intermediate CA -> trusted root
2486
 * - if relevant: EE untrusted
2487
 * - if relevant: EE -> intermediate, untrusted
2488
 * with the aspect under test checked at each relevant level (EE, int, root).
2489
 * For some aspects longer chains are required, but usually length 2 is
2490
 * enough (but length 1 is not in general).
2491
 *
2492
 * Arguments:
2493
 *  - [in] crt: the cert list EE, C1, ..., Cn
2494
 *  - [in] trust_ca: the trusted list R1, ..., Rp
2495
 *  - [in] ca_crl, profile: as in verify_with_profile()
2496
 *  - [out] ver_chain: the built and verified chain
2497
 *      Only valid when return value is 0, may contain garbage otherwise!
2498
 *      Restart note: need not be the same when calling again to resume.
2499
 *  - [in-out] rs_ctx: context for restarting operations
2500
 *
2501
 * Return value:
2502
 *  - non-zero if the chain could not be fully built and examined
2503
 *  - 0 is the chain was successfully built and examined,
2504
 *      even if it was found to be invalid
2505
 */
2506
static int x509_crt_verify_chain(
2507
    mbedtls_x509_crt *crt,
2508
    mbedtls_x509_crt *trust_ca,
2509
    mbedtls_x509_crl *ca_crl,
2510
    mbedtls_x509_crt_ca_cb_t f_ca_cb,
2511
    void *p_ca_cb,
2512
    const mbedtls_x509_crt_profile *profile,
2513
    mbedtls_x509_crt_verify_chain *ver_chain,
2514
    mbedtls_x509_crt_restart_ctx *rs_ctx)
2515
0
{
2516
    /* Don't initialize any of those variables here, so that the compiler can
2517
     * catch potential issues with jumping ahead when restarting */
2518
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
2519
0
    uint32_t *flags;
2520
0
    mbedtls_x509_crt_verify_chain_item *cur;
2521
0
    mbedtls_x509_crt *child;
2522
0
    mbedtls_x509_crt *parent;
2523
0
    int parent_is_trusted;
2524
0
    int child_is_trusted;
2525
0
    int signature_is_good;
2526
0
    unsigned self_cnt;
2527
0
    mbedtls_x509_crt *cur_trust_ca = NULL;
2528
0
    mbedtls_x509_time now;
2529
2530
0
#if defined(MBEDTLS_HAVE_TIME_DATE)
2531
0
    if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) {
2532
0
        return MBEDTLS_ERR_X509_FATAL_ERROR;
2533
0
    }
2534
0
#endif
2535
2536
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2537
    /* resume if we had an operation in progress */
2538
0
    if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) {
2539
        /* restore saved state */
2540
0
        *ver_chain = rs_ctx->ver_chain; /* struct copy */
2541
0
        self_cnt = rs_ctx->self_cnt;
2542
2543
        /* restore derived state */
2544
0
        cur = &ver_chain->items[ver_chain->len - 1];
2545
0
        child = cur->crt;
2546
0
        flags = &cur->flags;
2547
2548
0
        goto find_parent;
2549
0
    }
2550
0
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
2551
2552
0
    child = crt;
2553
0
    self_cnt = 0;
2554
0
    parent_is_trusted = 0;
2555
0
    child_is_trusted = 0;
2556
2557
0
    while (1) {
2558
        /* Add certificate to the verification chain */
2559
0
        cur = &ver_chain->items[ver_chain->len];
2560
0
        cur->crt = child;
2561
0
        cur->flags = 0;
2562
0
        ver_chain->len++;
2563
0
        flags = &cur->flags;
2564
2565
0
#if defined(MBEDTLS_HAVE_TIME_DATE)
2566
        /* Check time-validity (all certificates) */
2567
0
        if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) {
2568
0
            *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
2569
0
        }
2570
2571
0
        if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) {
2572
0
            *flags |= MBEDTLS_X509_BADCERT_FUTURE;
2573
0
        }
2574
0
#endif
2575
2576
        /* Stop here for trusted roots (but not for trusted EE certs) */
2577
0
        if (child_is_trusted) {
2578
0
            return 0;
2579
0
        }
2580
2581
        /* Check signature algorithm: MD & PK algs */
2582
0
        if (x509_profile_check_md_alg(profile, child->sig_md) != 0) {
2583
0
            *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
2584
0
        }
2585
2586
0
        if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) {
2587
0
            *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
2588
0
        }
2589
2590
        /* Special case: EE certs that are locally trusted */
2591
0
        if (ver_chain->len == 1 &&
2592
0
            x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) {
2593
0
            return 0;
2594
0
        }
2595
2596
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2597
0
find_parent:
2598
0
#endif
2599
2600
        /* Obtain list of potential trusted signers from CA callback,
2601
         * or use statically provided list. */
2602
0
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
2603
0
        if (f_ca_cb != NULL) {
2604
0
            mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result);
2605
0
            mbedtls_free(ver_chain->trust_ca_cb_result);
2606
0
            ver_chain->trust_ca_cb_result = NULL;
2607
2608
0
            ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result);
2609
0
            if (ret != 0) {
2610
0
                return MBEDTLS_ERR_X509_FATAL_ERROR;
2611
0
            }
2612
2613
0
            cur_trust_ca = ver_chain->trust_ca_cb_result;
2614
0
        } else
2615
0
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
2616
0
        {
2617
0
            ((void) f_ca_cb);
2618
0
            ((void) p_ca_cb);
2619
0
            cur_trust_ca = trust_ca;
2620
0
        }
2621
2622
        /* Look for a parent in trusted CAs or up the chain */
2623
0
        ret = x509_crt_find_parent(child, cur_trust_ca, &parent,
2624
0
                                   &parent_is_trusted, &signature_is_good,
2625
0
                                   ver_chain->len - 1, self_cnt, rs_ctx,
2626
0
                                   &now);
2627
2628
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2629
0
        if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
2630
            /* save state */
2631
0
            rs_ctx->in_progress = x509_crt_rs_find_parent;
2632
0
            rs_ctx->self_cnt = self_cnt;
2633
0
            rs_ctx->ver_chain = *ver_chain; /* struct copy */
2634
2635
0
            return ret;
2636
0
        }
2637
#else
2638
        (void) ret;
2639
#endif
2640
2641
        /* No parent? We're done here */
2642
0
        if (parent == NULL) {
2643
0
            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2644
0
            return 0;
2645
0
        }
2646
2647
        /* Count intermediate self-issued (not necessarily self-signed) certs.
2648
         * These can occur with some strategies for key rollover, see [SIRO],
2649
         * and should be excluded from max_pathlen checks. */
2650
0
        if (ver_chain->len != 1 &&
2651
0
            x509_name_cmp(&child->issuer, &child->subject) == 0) {
2652
0
            self_cnt++;
2653
0
        }
2654
2655
        /* path_cnt is 0 for the first intermediate CA,
2656
         * and if parent is trusted it's not an intermediate CA */
2657
0
        if (!parent_is_trusted &&
2658
0
            ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) {
2659
            /* return immediately to avoid overflow the chain array */
2660
0
            return MBEDTLS_ERR_X509_FATAL_ERROR;
2661
0
        }
2662
2663
        /* signature was checked while searching parent */
2664
0
        if (!signature_is_good) {
2665
0
            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
2666
0
        }
2667
2668
        /* check size of signing key */
2669
0
        if (x509_profile_check_key(profile, &parent->pk) != 0) {
2670
0
            *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
2671
0
        }
2672
2673
0
#if defined(MBEDTLS_X509_CRL_PARSE_C)
2674
        /* Check trusted CA's CRL for the given crt */
2675
0
        *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now);
2676
#else
2677
        (void) ca_crl;
2678
#endif
2679
2680
        /* prepare for next iteration */
2681
0
        child = parent;
2682
0
        parent = NULL;
2683
0
        child_is_trusted = parent_is_trusted;
2684
0
        signature_is_good = 0;
2685
0
    }
2686
0
}
2687
2688
#ifdef _WIN32
2689
#ifdef _MSC_VER
2690
#pragma comment(lib, "ws2_32.lib")
2691
#include <winsock2.h>
2692
#include <ws2tcpip.h>
2693
#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600
2694
#include <winsock2.h>
2695
#include <ws2tcpip.h>
2696
#else
2697
/* inet_pton() is not supported, fallback to software version */
2698
#define MBEDTLS_TEST_SW_INET_PTON
2699
#endif
2700
#elif defined(__sun)
2701
/* Solaris requires -lsocket -lnsl for inet_pton() */
2702
#elif defined(__has_include)
2703
#if __has_include(<sys/socket.h>)
2704
#include <sys/socket.h>
2705
#endif
2706
#if __has_include(<arpa/inet.h>)
2707
#include <arpa/inet.h>
2708
#endif
2709
#endif
2710
2711
/* Use whether or not AF_INET6 is defined to indicate whether or not to use
2712
 * the platform inet_pton() or a local implementation (below).  The local
2713
 * implementation may be used even in cases where the platform provides
2714
 * inet_pton(), e.g. when there are different includes required and/or the
2715
 * platform implementation requires dependencies on additional libraries.
2716
 * Specifically, Windows requires custom includes and additional link
2717
 * dependencies, and Solaris requires additional link dependencies.
2718
 * Also, as a coarse heuristic, use the local implementation if the compiler
2719
 * does not support __has_include(), or if the definition of AF_INET6 is not
2720
 * provided by headers included (or not) via __has_include() above.
2721
 * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names
2722
 * despite having a platform that has inet_pton. */
2723
#if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names
2724
/* Definition located further below to possibly reduce compiler inlining */
2725
static int x509_inet_pton_ipv4(const char *src, void *dst);
2726
2727
#define li_cton(c, n) \
2728
    (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0))
2729
2730
static int x509_inet_pton_ipv6(const char *src, void *dst)
2731
{
2732
    const unsigned char *p = (const unsigned char *) src;
2733
    int nonzero_groups = 0, num_digits, zero_group_start = -1;
2734
    uint16_t addr[8];
2735
    do {
2736
        /* note: allows excess leading 0's, e.g. 1:0002:3:... */
2737
        uint16_t group = num_digits = 0;
2738
        for (uint8_t digit; num_digits < 4; num_digits++) {
2739
            if (li_cton(*p, digit) == 0) {
2740
                break;
2741
            }
2742
            group = (group << 4) | digit;
2743
            p++;
2744
        }
2745
        if (num_digits != 0) {
2746
            MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
2747
            nonzero_groups++;
2748
            if (*p == '\0') {
2749
                break;
2750
            } else if (*p == '.') {
2751
                /* Don't accept IPv4 too early or late */
2752
                if ((nonzero_groups == 0 && zero_group_start == -1) ||
2753
                    nonzero_groups >= 7) {
2754
                    break;
2755
                }
2756
2757
                /* Walk back to prior ':', then parse as IPv4-mapped */
2758
                int steps = 4;
2759
                do {
2760
                    p--;
2761
                    steps--;
2762
                } while (*p != ':' && steps > 0);
2763
2764
                if (*p != ':') {
2765
                    break;
2766
                }
2767
                p++;
2768
                nonzero_groups--;
2769
                if (x509_inet_pton_ipv4((const char *) p,
2770
                                        addr + nonzero_groups) != 0) {
2771
                    break;
2772
                }
2773
2774
                nonzero_groups += 2;
2775
                p = (const unsigned char *) "";
2776
                break;
2777
            } else if (*p != ':') {
2778
                return -1;
2779
            }
2780
        } else {
2781
            /* Don't accept a second zero group or an invalid delimiter */
2782
            if (zero_group_start != -1 || *p != ':') {
2783
                return -1;
2784
            }
2785
            zero_group_start = nonzero_groups;
2786
2787
            /* Accept a zero group at start, but it has to be a double colon */
2788
            if (zero_group_start == 0 && *++p != ':') {
2789
                return -1;
2790
            }
2791
2792
            if (p[1] == '\0') {
2793
                ++p;
2794
                break;
2795
            }
2796
        }
2797
        ++p;
2798
    } while (nonzero_groups < 8);
2799
2800
    if (*p != '\0') {
2801
        return -1;
2802
    }
2803
2804
    if (zero_group_start != -1) {
2805
        if (nonzero_groups > 6) {
2806
            return -1;
2807
        }
2808
        int zero_groups = 8 - nonzero_groups;
2809
        int groups_after_zero = nonzero_groups - zero_group_start;
2810
2811
        /* Move the non-zero part to after the zeroes */
2812
        if (groups_after_zero) {
2813
            memmove(addr + zero_group_start + zero_groups,
2814
                    addr + zero_group_start,
2815
                    groups_after_zero * sizeof(*addr));
2816
        }
2817
        memset(addr + zero_group_start, 0, zero_groups * sizeof(*addr));
2818
    } else {
2819
        if (nonzero_groups != 8) {
2820
            return -1;
2821
        }
2822
    }
2823
    memcpy(dst, addr, sizeof(addr));
2824
    return 0;
2825
}
2826
2827
static int x509_inet_pton_ipv4(const char *src, void *dst)
2828
{
2829
    const unsigned char *p = (const unsigned char *) src;
2830
    uint8_t *res = (uint8_t *) dst;
2831
    uint8_t digit, num_digits = 0;
2832
    uint8_t num_octets = 0;
2833
    uint16_t octet;
2834
2835
    do {
2836
        octet = num_digits = 0;
2837
        do {
2838
            digit = *p - '0';
2839
            if (digit > 9) {
2840
                break;
2841
            }
2842
2843
            /* Don't allow leading zeroes. These might mean octal format,
2844
             * which this implementation does not support. */
2845
            if (octet == 0 && num_digits > 0) {
2846
                return -1;
2847
            }
2848
2849
            octet = octet * 10 + digit;
2850
            num_digits++;
2851
            p++;
2852
        } while (num_digits < 3);
2853
2854
        if (octet >= 256 || num_digits > 3 || num_digits == 0) {
2855
            return -1;
2856
        }
2857
        *res++ = (uint8_t) octet;
2858
        num_octets++;
2859
    } while (num_octets < 4 && *p++ == '.');
2860
    return num_octets == 4 && *p == '\0' ? 0 : -1;
2861
}
2862
2863
#else
2864
2865
static int x509_inet_pton_ipv6(const char *src, void *dst)
2866
0
{
2867
0
    return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1;
2868
0
}
2869
2870
static int x509_inet_pton_ipv4(const char *src, void *dst)
2871
0
{
2872
0
    return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1;
2873
0
}
2874
2875
#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
2876
2877
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
2878
0
{
2879
0
    return strchr(cn, ':') == NULL
2880
0
            ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0
2881
0
            : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0;
2882
0
}
2883
2884
/*
2885
 * Check for CN match
2886
 */
2887
static int x509_crt_check_cn(const mbedtls_x509_buf *name,
2888
                             const char *cn, size_t cn_len)
2889
0
{
2890
    /* try exact match */
2891
0
    if (name->len == cn_len &&
2892
0
        x509_memcasecmp(cn, name->p, cn_len) == 0) {
2893
0
        return 0;
2894
0
    }
2895
2896
    /* try wildcard match */
2897
0
    if (x509_check_wildcard(cn, name) == 0) {
2898
0
        return 0;
2899
0
    }
2900
2901
0
    return -1;
2902
0
}
2903
2904
static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san,
2905
                                 const char *cn, size_t cn_len)
2906
0
{
2907
0
    uint32_t ip[4];
2908
0
    cn_len = mbedtls_x509_crt_parse_cn_inet_pton(cn, ip);
2909
0
    if (cn_len == 0) {
2910
0
        return -1;
2911
0
    }
2912
2913
0
    for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
2914
0
        const unsigned char san_type = (unsigned char) cur->buf.tag &
2915
0
                                       MBEDTLS_ASN1_TAG_VALUE_MASK;
2916
0
        if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
2917
0
            cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) {
2918
0
            return 0;
2919
0
        }
2920
0
    }
2921
2922
0
    return -1;
2923
0
}
2924
2925
static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san,
2926
                                  const char *cn, size_t cn_len)
2927
0
{
2928
0
    for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
2929
0
        const unsigned char san_type = (unsigned char) cur->buf.tag &
2930
0
                                       MBEDTLS_ASN1_TAG_VALUE_MASK;
2931
0
        if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER &&
2932
0
            cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) {
2933
0
            return 0;
2934
0
        }
2935
0
    }
2936
2937
0
    return -1;
2938
0
}
2939
2940
/*
2941
 * Check for SAN match, see RFC 5280 Section 4.2.1.6
2942
 */
2943
static int x509_crt_check_san(const mbedtls_x509_sequence *san,
2944
                              const char *cn, size_t cn_len)
2945
0
{
2946
0
    int san_ip = 0;
2947
0
    int san_uri = 0;
2948
    /* Prioritize DNS name over other subtypes due to popularity */
2949
0
    for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
2950
0
        switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
2951
0
            case MBEDTLS_X509_SAN_DNS_NAME:
2952
0
                if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
2953
0
                    return 0;
2954
0
                }
2955
0
                break;
2956
0
            case MBEDTLS_X509_SAN_IP_ADDRESS:
2957
0
                san_ip = 1;
2958
0
                break;
2959
0
            case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
2960
0
                san_uri = 1;
2961
0
                break;
2962
            /* (We may handle other types here later.) */
2963
0
            default: /* Unrecognized type */
2964
0
                break;
2965
0
        }
2966
0
    }
2967
0
    if (san_ip) {
2968
0
        if (x509_crt_check_san_ip(san, cn, cn_len) == 0) {
2969
0
            return 0;
2970
0
        }
2971
0
    }
2972
0
    if (san_uri) {
2973
0
        if (x509_crt_check_san_uri(san, cn, cn_len) == 0) {
2974
0
            return 0;
2975
0
        }
2976
0
    }
2977
2978
0
    return -1;
2979
0
}
2980
2981
/*
2982
 * Verify the requested CN - only call this if cn is not NULL!
2983
 */
2984
static void x509_crt_verify_name(const mbedtls_x509_crt *crt,
2985
                                 const char *cn,
2986
                                 uint32_t *flags)
2987
0
{
2988
0
    const mbedtls_x509_name *name;
2989
0
    size_t cn_len = strlen(cn);
2990
2991
0
    if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
2992
0
        if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
2993
0
            return;
2994
0
        }
2995
0
    } else {
2996
0
        for (name = &crt->subject; name != NULL; name = name->next) {
2997
0
            if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
2998
0
                x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
2999
0
                return;
3000
0
            }
3001
0
        }
3002
3003
0
    }
3004
3005
0
    *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
3006
0
}
3007
3008
/*
3009
 * Merge the flags for all certs in the chain, after calling callback
3010
 */
3011
static int x509_crt_merge_flags_with_cb(
3012
    uint32_t *flags,
3013
    const mbedtls_x509_crt_verify_chain *ver_chain,
3014
    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3015
    void *p_vrfy)
3016
0
{
3017
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
3018
0
    unsigned i;
3019
0
    uint32_t cur_flags;
3020
0
    const mbedtls_x509_crt_verify_chain_item *cur;
3021
3022
0
    for (i = ver_chain->len; i != 0; --i) {
3023
0
        cur = &ver_chain->items[i-1];
3024
0
        cur_flags = cur->flags;
3025
3026
0
        if (NULL != f_vrfy) {
3027
0
            if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) {
3028
0
                return ret;
3029
0
            }
3030
0
        }
3031
3032
0
        *flags |= cur_flags;
3033
0
    }
3034
3035
0
    return 0;
3036
0
}
3037
3038
/*
3039
 * Verify the certificate validity, with profile, restartable version
3040
 *
3041
 * This function:
3042
 *  - checks the requested CN (if any)
3043
 *  - checks the type and size of the EE cert's key,
3044
 *    as that isn't done as part of chain building/verification currently
3045
 *  - builds and verifies the chain
3046
 *  - then calls the callback and merges the flags
3047
 *
3048
 * The parameters pairs `trust_ca`, `ca_crl` and `f_ca_cb`, `p_ca_cb`
3049
 * are mutually exclusive: If `f_ca_cb != NULL`, it will be used by the
3050
 * verification routine to search for trusted signers, and CRLs will
3051
 * be disabled. Otherwise, `trust_ca` will be used as the static list
3052
 * of trusted signers, and `ca_crl` will be use as the static list
3053
 * of CRLs.
3054
 */
3055
static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
3056
                                             mbedtls_x509_crt *trust_ca,
3057
                                             mbedtls_x509_crl *ca_crl,
3058
                                             mbedtls_x509_crt_ca_cb_t f_ca_cb,
3059
                                             void *p_ca_cb,
3060
                                             const mbedtls_x509_crt_profile *profile,
3061
                                             const char *cn, uint32_t *flags,
3062
                                             int (*f_vrfy)(void *,
3063
                                                           mbedtls_x509_crt *,
3064
                                                           int,
3065
                                                           uint32_t *),
3066
                                             void *p_vrfy,
3067
                                             mbedtls_x509_crt_restart_ctx *rs_ctx)
3068
0
{
3069
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
3070
0
    mbedtls_pk_type_t pk_type;
3071
0
    mbedtls_x509_crt_verify_chain ver_chain;
3072
0
    uint32_t ee_flags;
3073
3074
0
    *flags = 0;
3075
0
    ee_flags = 0;
3076
0
    x509_crt_verify_chain_reset(&ver_chain);
3077
3078
0
    if (profile == NULL) {
3079
0
        ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
3080
0
        goto exit;
3081
0
    }
3082
3083
    /* check name if requested */
3084
0
    if (cn != NULL) {
3085
0
        x509_crt_verify_name(crt, cn, &ee_flags);
3086
0
    }
3087
3088
    /* Check the type and size of the key */
3089
0
    pk_type = mbedtls_pk_get_type(&crt->pk);
3090
3091
0
    if (x509_profile_check_pk_alg(profile, pk_type) != 0) {
3092
0
        ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
3093
0
    }
3094
3095
0
    if (x509_profile_check_key(profile, &crt->pk) != 0) {
3096
0
        ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
3097
0
    }
3098
3099
    /* Check the chain */
3100
0
    ret = x509_crt_verify_chain(crt, trust_ca, ca_crl,
3101
0
                                f_ca_cb, p_ca_cb, profile,
3102
0
                                &ver_chain, rs_ctx);
3103
3104
0
    if (ret != 0) {
3105
0
        goto exit;
3106
0
    }
3107
3108
    /* Merge end-entity flags */
3109
0
    ver_chain.items[0].flags |= ee_flags;
3110
3111
    /* Build final flags, calling callback on the way if any */
3112
0
    ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy);
3113
3114
0
exit:
3115
3116
0
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
3117
0
    mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result);
3118
0
    mbedtls_free(ver_chain.trust_ca_cb_result);
3119
0
    ver_chain.trust_ca_cb_result = NULL;
3120
0
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
3121
3122
0
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
3123
0
    if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
3124
0
        mbedtls_x509_crt_restart_free(rs_ctx);
3125
0
    }
3126
0
#endif
3127
3128
    /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
3129
     * the SSL module for authmode optional, but non-zero return from the
3130
     * callback means a fatal error so it shouldn't be ignored */
3131
0
    if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
3132
0
        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
3133
0
    }
3134
3135
0
    if (ret != 0) {
3136
0
        *flags = (uint32_t) -1;
3137
0
        return ret;
3138
0
    }
3139
3140
0
    if (*flags != 0) {
3141
0
        return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
3142
0
    }
3143
3144
0
    return 0;
3145
0
}
3146
3147
3148
/*
3149
 * Verify the certificate validity (default profile, not restartable)
3150
 */
3151
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
3152
                            mbedtls_x509_crt *trust_ca,
3153
                            mbedtls_x509_crl *ca_crl,
3154
                            const char *cn, uint32_t *flags,
3155
                            int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3156
                            void *p_vrfy)
3157
0
{
3158
0
    return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3159
0
                                             NULL, NULL,
3160
0
                                             &mbedtls_x509_crt_profile_default,
3161
0
                                             cn, flags,
3162
0
                                             f_vrfy, p_vrfy, NULL);
3163
0
}
3164
3165
/*
3166
 * Verify the certificate validity (user-chosen profile, not restartable)
3167
 */
3168
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt,
3169
                                         mbedtls_x509_crt *trust_ca,
3170
                                         mbedtls_x509_crl *ca_crl,
3171
                                         const mbedtls_x509_crt_profile *profile,
3172
                                         const char *cn, uint32_t *flags,
3173
                                         int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3174
                                         void *p_vrfy)
3175
0
{
3176
0
    return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3177
0
                                             NULL, NULL,
3178
0
                                             profile, cn, flags,
3179
0
                                             f_vrfy, p_vrfy, NULL);
3180
0
}
3181
3182
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
3183
/*
3184
 * Verify the certificate validity (user-chosen profile, CA callback,
3185
 *                                  not restartable).
3186
 */
3187
int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
3188
                                       mbedtls_x509_crt_ca_cb_t f_ca_cb,
3189
                                       void *p_ca_cb,
3190
                                       const mbedtls_x509_crt_profile *profile,
3191
                                       const char *cn, uint32_t *flags,
3192
                                       int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3193
                                       void *p_vrfy)
3194
0
{
3195
0
    return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL,
3196
0
                                             f_ca_cb, p_ca_cb,
3197
0
                                             profile, cn, flags,
3198
0
                                             f_vrfy, p_vrfy, NULL);
3199
0
}
3200
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
3201
3202
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt,
3203
                                        mbedtls_x509_crt *trust_ca,
3204
                                        mbedtls_x509_crl *ca_crl,
3205
                                        const mbedtls_x509_crt_profile *profile,
3206
                                        const char *cn, uint32_t *flags,
3207
                                        int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
3208
                                        void *p_vrfy,
3209
                                        mbedtls_x509_crt_restart_ctx *rs_ctx)
3210
0
{
3211
0
    return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl,
3212
0
                                             NULL, NULL,
3213
0
                                             profile, cn, flags,
3214
0
                                             f_vrfy, p_vrfy, rs_ctx);
3215
0
}
3216
3217
3218
/*
3219
 * Initialize a certificate chain
3220
 */
3221
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
3222
13.3k
{
3223
13.3k
    memset(crt, 0, sizeof(mbedtls_x509_crt));
3224
13.3k
}
3225
3226
/*
3227
 * Unallocate all certificate data
3228
 */
3229
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
3230
73.3k
{
3231
73.3k
    mbedtls_x509_crt *cert_cur = crt;
3232
73.3k
    mbedtls_x509_crt *cert_prv;
3233
3234
146k
    while (cert_cur != NULL) {
3235
73.6k
        mbedtls_pk_free(&cert_cur->pk);
3236
3237
73.6k
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
3238
73.6k
        mbedtls_free(cert_cur->sig_opts);
3239
73.6k
#endif
3240
3241
73.6k
        mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next);
3242
73.6k
        mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next);
3243
73.6k
        mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next);
3244
73.6k
        mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next);
3245
73.6k
        mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next);
3246
73.6k
        mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next);
3247
3248
73.6k
        if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
3249
57.2k
            mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len);
3250
57.2k
        }
3251
3252
73.6k
        cert_prv = cert_cur;
3253
73.6k
        cert_cur = cert_cur->next;
3254
3255
73.6k
        mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt));
3256
73.6k
        if (cert_prv != crt) {
3257
296
            mbedtls_free(cert_prv);
3258
296
        }
3259
73.6k
    }
3260
73.3k
}
3261
3262
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
3263
/*
3264
 * Initialize a restart context
3265
 */
3266
void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx)
3267
15.3k
{
3268
15.3k
    mbedtls_pk_restart_init(&ctx->pk);
3269
3270
15.3k
    ctx->parent = NULL;
3271
15.3k
    ctx->fallback_parent = NULL;
3272
15.3k
    ctx->fallback_signature_is_good = 0;
3273
3274
15.3k
    ctx->parent_is_trusted = -1;
3275
3276
15.3k
    ctx->in_progress = x509_crt_rs_none;
3277
15.3k
    ctx->self_cnt = 0;
3278
15.3k
    x509_crt_verify_chain_reset(&ctx->ver_chain);
3279
15.3k
}
3280
3281
/*
3282
 * Free the components of a restart context
3283
 */
3284
void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
3285
7.65k
{
3286
7.65k
    if (ctx == NULL) {
3287
0
        return;
3288
0
    }
3289
3290
7.65k
    mbedtls_pk_restart_free(&ctx->pk);
3291
7.65k
    mbedtls_x509_crt_restart_init(ctx);
3292
7.65k
}
3293
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
3294
3295
int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt)
3296
0
{
3297
0
    if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) {
3298
0
        return crt->MBEDTLS_PRIVATE(ca_istrue);
3299
0
    }
3300
0
    return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
3301
0
}
3302
3303
#endif /* MBEDTLS_X509_CRT_PARSE_C */