Lines Matching +full:restore +full:- +full:keys
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 * The ITU-T X.509 standard defines a certificate format for PKI.
14 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
15 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
17 * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
83 * Max size of verification chain: end-entity + intermediates + trusted root
91 /* Hashes from SHA-256 and above. Note that this selection
98 /* Curves at or above 128-bit security level. Note that this selection
113 /* Next-generation profile. Currently identical to the default, but may
117 /* Hashes from SHA-256 and above. */
123 /* Curves at or above 128-bit security level. */
142 /* Only SHA-256 and 384 */
149 /* Only NIST P-256 and P-384 */
159 * Empty / all-forbidden profile
166 (uint32_t) -1,
171 * Return 0 if md_alg is acceptable for this profile, -1 otherwise
177 return -1; in x509_profile_check_md_alg()
180 if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { in x509_profile_check_md_alg()
184 return -1; in x509_profile_check_md_alg()
189 * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
195 return -1; in x509_profile_check_pk_alg()
198 if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { in x509_profile_check_pk_alg()
202 return -1; in x509_profile_check_pk_alg()
207 * Return 0 if pk is acceptable for this profile, -1 otherwise
216 if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { in x509_profile_check_key()
220 return -1; in x509_profile_check_key()
231 return -1; in x509_profile_check_key()
234 if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { in x509_profile_check_key()
238 return -1; in x509_profile_check_key()
242 return -1; in x509_profile_check_key()
246 * Like memcmp, but case-insensitive and always returns -1 if different
267 return -1; in x509_memcasecmp()
274 * Return 0 if name matches wildcard, -1 otherwise
282 if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') { in x509_check_wildcard()
283 return -1; in x509_check_wildcard()
294 return -1; in x509_check_wildcard()
297 if (cn_len - cn_idx == name->len - 1 && in x509_check_wildcard()
298 x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { in x509_check_wildcard()
302 return -1; in x509_check_wildcard()
306 * Compare two X.509 strings, case-insensitive, and allowing for some encoding
309 * Return 0 if equal, -1 otherwise.
313 if (a->tag == b->tag && in x509_string_cmp()
314 a->len == b->len && in x509_string_cmp()
315 memcmp(a->p, b->p, b->len) == 0) { in x509_string_cmp()
319 if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && in x509_string_cmp()
320 (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && in x509_string_cmp()
321 a->len == b->len && in x509_string_cmp()
322 x509_memcasecmp(a->p, b->p, b->len) == 0) { in x509_string_cmp()
326 return -1; in x509_string_cmp()
337 * Return 0 if equal, -1 otherwise.
344 return -1; in x509_name_cmp()
348 if (a->oid.tag != b->oid.tag || in x509_name_cmp()
349 a->oid.len != b->oid.len || in x509_name_cmp()
350 memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { in x509_name_cmp()
351 return -1; in x509_name_cmp()
355 if (x509_string_cmp(&a->val, &b->val) != 0) { in x509_name_cmp()
356 return -1; in x509_name_cmp()
360 if (a->next_merged != b->next_merged) { in x509_name_cmp()
361 return -1; in x509_name_cmp()
364 a = a->next; in x509_name_cmp()
365 b = b->next; in x509_name_cmp()
381 ver_chain->items[i].crt = NULL; in x509_crt_verify_chain_reset()
382 ver_chain->items[i].flags = (uint32_t) -1; in x509_crt_verify_chain_reset()
385 ver_chain->len = 0; in x509_crt_verify_chain_reset()
388 ver_chain->trust_ca_cb_result = NULL; in x509_crt_verify_chain_reset()
476 uid->tag = **p; in x509_get_uid()
478 if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, in x509_get_uid()
488 uid->p = *p; in x509_get_uid()
489 *p += uid->len; in x509_get_uid()
574 if (ext_key_usage->buf.p == NULL) { in x509_get_ext_key_usage()
599 subject_key_id->len = len; in x509_get_subject_key_id()
600 subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; in x509_get_subject_key_id()
601 subject_key_id->p = *p; in x509_get_subject_key_id()
642 authority_key_id->keyIdentifier.len = len; in x509_get_authority_key_id()
643 authority_key_id->keyIdentifier.p = *p; in x509_get_authority_key_id()
647 authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; in x509_get_authority_key_id()
666 &authority_key_id->authorityCertIssuer); in x509_get_authority_key_id()
676 authority_key_id->authorityCertSerialNumber.len = len; in x509_get_authority_key_id()
677 authority_key_id->authorityCertSerialNumber.p = *p; in x509_get_authority_key_id()
678 authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; in x509_get_authority_key_id()
691 * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
693 * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
708 * -- policyQualifierIds for Internet policy qualifiers
710 * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
711 * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
712 * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
714 * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
803 if (cur->buf.p != NULL) { in x509_get_certificate_policies()
804 if (cur->next != NULL) { in x509_get_certificate_policies()
808 cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); in x509_get_certificate_policies()
810 if (cur->next == NULL) { in x509_get_certificate_policies()
815 cur = cur->next; in x509_get_certificate_policies()
818 buf = &(cur->buf); in x509_get_certificate_policies()
819 buf->tag = policy_oid.tag; in x509_get_certificate_policies()
820 buf->p = policy_oid.p; in x509_get_certificate_policies()
821 buf->len = policy_oid.len; in x509_get_certificate_policies()
848 cur->next = NULL; in x509_get_certificate_policies()
876 if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { in x509_get_crt_ext()
880 end = crt->v3_ext.p + crt->v3_ext.len; in x509_get_crt_ext()
957 if ((crt->ext_types & ext_type) != 0) { in x509_get_crt_ext()
961 crt->ext_types |= ext_type; in x509_get_crt_ext()
967 &crt->ca_istrue, &crt->max_pathlen)) != 0) { in x509_get_crt_ext()
975 &crt->key_usage)) != 0) { in x509_get_crt_ext()
983 &crt->ext_key_usage)) != 0) { in x509_get_crt_ext()
991 &crt->subject_key_id)) != 0) { in x509_get_crt_ext()
999 &crt->authority_key_id)) != 0) { in x509_get_crt_ext()
1008 &crt->subject_alt_names)) != 0) { in x509_get_crt_ext()
1016 &crt->ns_cert_type)) != 0) { in x509_get_crt_ext()
1024 &crt->certificate_policies)) != 0) { in x509_get_crt_ext()
1050 * If this is a non-critical extension, which the oid layer in x509_get_crt_ext()
1114 crt->raw.len = (size_t) (crt_end - buf); in x509_crt_parse_der_core()
1117 crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); in x509_crt_parse_der_core()
1118 if (crt->raw.p == NULL) { in x509_crt_parse_der_core()
1122 memcpy(crt->raw.p, buf, crt->raw.len); in x509_crt_parse_der_core()
1123 crt->own_buffer = 1; in x509_crt_parse_der_core()
1125 p += crt->raw.len - len; in x509_crt_parse_der_core()
1128 crt->raw.p = (unsigned char *) buf; in x509_crt_parse_der_core()
1129 crt->own_buffer = 0; in x509_crt_parse_der_core()
1135 crt->tbs.p = p; in x509_crt_parse_der_core()
1144 crt->tbs.len = (size_t) (end - crt->tbs.p); in x509_crt_parse_der_core()
1153 if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || in x509_crt_parse_der_core()
1154 (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || in x509_crt_parse_der_core()
1155 (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, in x509_crt_parse_der_core()
1161 if (crt->version < 0 || crt->version > 2) { in x509_crt_parse_der_core()
1166 crt->version++; in x509_crt_parse_der_core()
1168 if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, in x509_crt_parse_der_core()
1169 &crt->sig_md, &crt->sig_pk, in x509_crt_parse_der_core()
1170 &crt->sig_opts)) != 0) { in x509_crt_parse_der_core()
1178 crt->issuer_raw.p = p; in x509_crt_parse_der_core()
1186 if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { in x509_crt_parse_der_core()
1191 crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); in x509_crt_parse_der_core()
1199 if ((ret = x509_get_dates(&p, end, &crt->valid_from, in x509_crt_parse_der_core()
1200 &crt->valid_to)) != 0) { in x509_crt_parse_der_core()
1208 crt->subject_raw.p = p; in x509_crt_parse_der_core()
1216 if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { in x509_crt_parse_der_core()
1221 crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); in x509_crt_parse_der_core()
1226 crt->pk_raw.p = p; in x509_crt_parse_der_core()
1227 if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { in x509_crt_parse_der_core()
1231 crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); in x509_crt_parse_der_core()
1235 * -- If present, version shall be v2 or v3 in x509_crt_parse_der_core()
1237 * -- If present, version shall be v2 or v3 in x509_crt_parse_der_core()
1239 * -- If present, version shall be v3 in x509_crt_parse_der_core()
1241 if (crt->version == 2 || crt->version == 3) { in x509_crt_parse_der_core()
1242 ret = x509_get_uid(&p, end, &crt->issuer_id, 1); in x509_crt_parse_der_core()
1249 if (crt->version == 2 || crt->version == 3) { in x509_crt_parse_der_core()
1250 ret = x509_get_uid(&p, end, &crt->subject_id, 2); in x509_crt_parse_der_core()
1257 if (crt->version == 3) { in x509_crt_parse_der_core()
1275 * -- end of TBSCertificate in x509_crt_parse_der_core()
1285 if (crt->sig_oid.len != sig_oid2.len || in x509_crt_parse_der_core()
1286 memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || in x509_crt_parse_der_core()
1295 if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { in x509_crt_parse_der_core()
1330 while (crt->version != 0 && crt->next != NULL) { in mbedtls_x509_crt_parse_der_internal()
1332 crt = crt->next; in mbedtls_x509_crt_parse_der_internal()
1338 if (crt->version != 0 && crt->next == NULL) { in mbedtls_x509_crt_parse_der_internal()
1339 crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); in mbedtls_x509_crt_parse_der_internal()
1341 if (crt->next == NULL) { in mbedtls_x509_crt_parse_der_internal()
1346 mbedtls_x509_crt_init(crt->next); in mbedtls_x509_crt_parse_der_internal()
1347 crt = crt->next; in mbedtls_x509_crt_parse_der_internal()
1353 prev->next = NULL; in mbedtls_x509_crt_parse_der_internal()
1415 if (buflen != 0 && buf[buflen - 1] == '\0' && in mbedtls_x509_crt_parse()
1416 strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { in mbedtls_x509_crt_parse()
1437 /* If we get there, we know the string is null-terminated */ in mbedtls_x509_crt_parse()
1439 "-----BEGIN CERTIFICATE-----", in mbedtls_x509_crt_parse()
1440 "-----END CERTIFICATE-----", in mbedtls_x509_crt_parse()
1447 buflen -= use_len; in mbedtls_x509_crt_parse()
1457 buflen -= use_len; in mbedtls_x509_crt_parse()
1538 if (len > MAX_PATH - 3) { in mbedtls_x509_crt_parse_path()
1555 MAX_PATH - 3); in mbedtls_x509_crt_parse_path()
1565 len = MAX_PATH - len; in mbedtls_x509_crt_parse_path()
1573 -1, p, (int) len, NULL, NULL); in mbedtls_x509_crt_parse_path()
1616 "%s/%s", path, entry->d_name); in mbedtls_x509_crt_parse_path()
1621 } else if (stat(entry_name, &sb) == -1) { in mbedtls_x509_crt_parse_path()
1623 /* Broken symbolic link - ignore this entry. in mbedtls_x509_crt_parse_path()
1699 if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { in x509_info_ext_key_usage()
1708 cur = cur->next; in x509_info_ext_key_usage()
1728 if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { in x509_info_cert_policies()
1737 cur = cur->next; in x509_info_cert_policies()
1766 return (int) (size - n); in mbedtls_x509_crt_info()
1770 prefix, crt->version); in mbedtls_x509_crt_info()
1776 ret = mbedtls_x509_serial_gets(p, n, &crt->serial); in mbedtls_x509_crt_info()
1781 ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); in mbedtls_x509_crt_info()
1786 ret = mbedtls_x509_dn_gets(p, n, &crt->subject); in mbedtls_x509_crt_info()
1790 "%04d-%02d-%02d %02d:%02d:%02d", prefix, in mbedtls_x509_crt_info()
1791 crt->valid_from.year, crt->valid_from.mon, in mbedtls_x509_crt_info()
1792 crt->valid_from.day, crt->valid_from.hour, in mbedtls_x509_crt_info()
1793 crt->valid_from.min, crt->valid_from.sec); in mbedtls_x509_crt_info()
1797 "%04d-%02d-%02d %02d:%02d:%02d", prefix, in mbedtls_x509_crt_info()
1798 crt->valid_to.year, crt->valid_to.mon, in mbedtls_x509_crt_info()
1799 crt->valid_to.day, crt->valid_to.hour, in mbedtls_x509_crt_info()
1800 crt->valid_to.min, crt->valid_to.sec); in mbedtls_x509_crt_info()
1806 ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, in mbedtls_x509_crt_info()
1807 crt->sig_md, crt->sig_opts); in mbedtls_x509_crt_info()
1812 mbedtls_pk_get_name(&crt->pk))) != 0) { in mbedtls_x509_crt_info()
1816 ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, in mbedtls_x509_crt_info()
1817 (int) mbedtls_pk_get_bitlen(&crt->pk)); in mbedtls_x509_crt_info()
1824 if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { in mbedtls_x509_crt_info()
1826 crt->ca_istrue ? "true" : "false"); in mbedtls_x509_crt_info()
1829 if (crt->max_pathlen > 0) { in mbedtls_x509_crt_info()
1830 ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); in mbedtls_x509_crt_info()
1835 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { in mbedtls_x509_crt_info()
1840 &crt->subject_alt_names, in mbedtls_x509_crt_info()
1846 if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { in mbedtls_x509_crt_info()
1850 if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { in mbedtls_x509_crt_info()
1855 if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { in mbedtls_x509_crt_info()
1859 if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { in mbedtls_x509_crt_info()
1864 if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { in mbedtls_x509_crt_info()
1869 &crt->ext_key_usage)) != 0) { in mbedtls_x509_crt_info()
1874 if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { in mbedtls_x509_crt_info()
1879 &crt->certificate_policies)) != 0) { in mbedtls_x509_crt_info()
1887 return (int) (size - n); in mbedtls_x509_crt_info()
1910 for (cur = x509_crt_verify_strings; cur->string != NULL; cur++) { in mbedtls_x509_crt_verify_info()
1911 if ((flags & cur->code) == 0) { in mbedtls_x509_crt_verify_info()
1915 ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); in mbedtls_x509_crt_verify_info()
1917 flags ^= cur->code; in mbedtls_x509_crt_verify_info()
1926 return (int) (size - n); in mbedtls_x509_crt_verify_info()
1937 if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { in mbedtls_x509_crt_check_key_usage()
1943 if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { in mbedtls_x509_crt_check_key_usage()
1949 if (((crt->key_usage & may_mask) | usage_may) != usage_may) { in mbedtls_x509_crt_check_key_usage()
1963 if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { in mbedtls_x509_crt_check_extended_key_usage()
1970 for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { in mbedtls_x509_crt_check_extended_key_usage()
1971 const mbedtls_x509_buf *cur_oid = &cur->buf; in mbedtls_x509_crt_check_extended_key_usage()
1973 if (cur_oid->len == usage_len && in mbedtls_x509_crt_check_extended_key_usage()
1974 memcmp(cur_oid->p, usage_oid, usage_len) == 0) { in mbedtls_x509_crt_check_extended_key_usage()
1992 const mbedtls_x509_crl_entry *cur = &crl->entry; in mbedtls_x509_crt_is_revoked()
1994 while (cur != NULL && cur->serial.len != 0) { in mbedtls_x509_crt_is_revoked()
1995 if (crt->serial.len == cur->serial.len && in mbedtls_x509_crt_is_revoked()
1996 memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { in mbedtls_x509_crt_is_revoked()
2000 cur = cur->next; in mbedtls_x509_crt_is_revoked()
2029 if (crl_list->version == 0 || in x509_crt_verifycrl()
2030 x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { in x509_crt_verifycrl()
2031 crl_list = crl_list->next; in x509_crt_verifycrl()
2047 if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { in x509_crt_verifycrl()
2051 if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { in x509_crt_verifycrl()
2056 psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); in x509_crt_verifycrl()
2058 crl_list->tbs.p, in x509_crt_verifycrl()
2059 crl_list->tbs.len, in x509_crt_verifycrl()
2068 md_info = mbedtls_md_info_from_type(crl_list->sig_md); in x509_crt_verifycrl()
2071 crl_list->tbs.p, in x509_crt_verifycrl()
2072 crl_list->tbs.len, in x509_crt_verifycrl()
2080 if (x509_profile_check_key(profile, &ca->pk) != 0) { in x509_crt_verifycrl()
2084 if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, in x509_crt_verifycrl()
2085 crl_list->sig_md, hash, hash_length, in x509_crt_verifycrl()
2086 crl_list->sig.p, crl_list->sig.len) != 0) { in x509_crt_verifycrl()
2095 if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) { in x509_crt_verifycrl()
2099 if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) { in x509_crt_verifycrl()
2114 crl_list = crl_list->next; in x509_crt_verifycrl()
2132 md_info = mbedtls_md_info_from_type(child->sig_md); in x509_crt_check_signature()
2136 if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { in x509_crt_check_signature()
2137 return -1; in x509_crt_check_signature()
2140 psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); in x509_crt_check_signature()
2144 child->tbs.p, in x509_crt_check_signature()
2145 child->tbs.len, in x509_crt_check_signature()
2155 if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { in x509_crt_check_signature()
2156 return -1; in x509_crt_check_signature()
2160 if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { in x509_crt_check_signature()
2161 return mbedtls_pk_verify_restartable(&parent->pk, in x509_crt_check_signature()
2162 child->sig_md, hash, hash_len, in x509_crt_check_signature()
2163 child->sig.p, child->sig.len, &rs_ctx->pk); in x509_crt_check_signature()
2169 return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, in x509_crt_check_signature()
2170 child->sig_md, hash, hash_len, in x509_crt_check_signature()
2171 child->sig.p, child->sig.len); in x509_crt_check_signature()
2176 * Return 0 if yes, -1 if not.
2178 * top means parent is a locally-trusted certificate
2187 if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { in x509_crt_check_parent()
2188 return -1; in x509_crt_check_parent()
2195 if (top && parent->version < 3) { in x509_crt_check_parent()
2199 if (need_ca_bit && !parent->ca_istrue) { in x509_crt_check_parent()
2200 return -1; in x509_crt_check_parent()
2205 return -1; in x509_crt_check_parent()
2221 * If there's a suitable candidate which is also time-valid, return the first
2228 * The reason we don't just require time-validity is that generally there is
2233 * have two versions of the same CA with different keys in their list, and the
2236 * handle key rollover, another relies on self-issued certs, see [SIRO].)
2239 * - [in] child: certificate for which we're looking for a parent
2240 * - [in] candidates: chained list of potential parents
2241 * - [out] r_parent: parent found (or NULL)
2242 * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
2243 * - [in] top: 1 if candidates consists of trusted roots, ie we're at the top
2245 * - [in] path_cnt: number of intermediates seen so far
2246 * - [in] self_cnt: number of self-signed intermediates seen so far
2248 * - [in-out] rs_ctx: context for restarting operations
2251 * - 0 on success
2252 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2271 if (rs_ctx != NULL && rs_ctx->parent != NULL) { in x509_crt_find_parent_in()
2272 /* restore saved state */ in x509_crt_find_parent_in()
2273 parent = rs_ctx->parent; in x509_crt_find_parent_in()
2274 fallback_parent = rs_ctx->fallback_parent; in x509_crt_find_parent_in()
2275 fallback_signature_is_good = rs_ctx->fallback_signature_is_good; in x509_crt_find_parent_in()
2278 rs_ctx->parent = NULL; in x509_crt_find_parent_in()
2279 rs_ctx->fallback_parent = NULL; in x509_crt_find_parent_in()
2280 rs_ctx->fallback_signature_is_good = 0; in x509_crt_find_parent_in()
2290 for (parent = candidates; parent != NULL; parent = parent->next) { in x509_crt_find_parent_in()
2297 if (parent->max_pathlen > 0 && in x509_crt_find_parent_in()
2298 (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { in x509_crt_find_parent_in()
2311 rs_ctx->parent = parent; in x509_crt_find_parent_in()
2312 rs_ctx->fallback_parent = fallback_parent; in x509_crt_find_parent_in()
2313 rs_ctx->fallback_signature_is_good = fallback_signature_is_good; in x509_crt_find_parent_in()
2328 if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */ in x509_crt_find_parent_in()
2329 mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */ in x509_crt_find_parent_in()
2362 * - [in] child: certificate for which we're looking for a parent, followed
2364 * - [in] trust_ca: list of locally trusted certificates
2365 * - [out] parent: parent found (or NULL)
2366 * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
2367 * - [out] signature_is_good: 1 if child signature by parent is valid, or 0
2368 * - [in] path_cnt: number of links in the chain so far (EE -> ... -> child)
2369 * - [in] self_cnt: number of self-signed certs in the chain so far
2371 * - [in-out] rs_ctx: context for restarting operations
2374 * - 0 on success
2375 * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
2394 /* restore then clear saved state if we have some stored */ in x509_crt_find_parent()
2395 if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { in x509_crt_find_parent()
2396 *parent_is_trusted = rs_ctx->parent_is_trusted; in x509_crt_find_parent()
2397 rs_ctx->parent_is_trusted = -1; in x509_crt_find_parent()
2402 search_list = *parent_is_trusted ? trust_ca : child->next; in x509_crt_find_parent()
2412 rs_ctx->parent_is_trusted = *parent_is_trusted; in x509_crt_find_parent()
2438 * Check if an end-entity certificate is locally trusted
2440 * Currently we require such certificates to be self-signed (actually only
2441 * check for self-issued as self-signatures are not checked)
2449 /* must be self-issued */ in x509_crt_check_ee_locally_trusted()
2450 if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { in x509_crt_check_ee_locally_trusted()
2451 return -1; in x509_crt_check_ee_locally_trusted()
2455 for (cur = trust_ca; cur != NULL; cur = cur->next) { in x509_crt_check_ee_locally_trusted()
2456 if (crt->raw.len == cur->raw.len && in x509_crt_check_ee_locally_trusted()
2457 memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { in x509_crt_check_ee_locally_trusted()
2463 return -1; in x509_crt_check_ee_locally_trusted()
2469 * Given a peer-provided list of certificates EE, C1, ..., Cn and
2478 * - EE == Rj -> return a one-element list containing it
2479 * - EE, Ci1, ..., Ciq cannot be continued with a trusted root
2480 * -> return that chain with NOT_TRUSTED set on Ciq
2483 * - trusted EE
2484 * - EE -> trusted root
2485 * - EE -> intermediate CA -> trusted root
2486 * - if relevant: EE untrusted
2487 * - if relevant: EE -> intermediate, untrusted
2493 * - [in] crt: the cert list EE, C1, ..., Cn
2494 * - [in] trust_ca: the trusted list R1, ..., Rp
2495 * - [in] ca_crl, profile: as in verify_with_profile()
2496 * - [out] ver_chain: the built and verified chain
2499 * - [in-out] rs_ctx: context for restarting operations
2502 * - non-zero if the chain could not be fully built and examined
2503 * - 0 is the chain was successfully built and examined,
2538 if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { in x509_crt_verify_chain()
2539 /* restore saved state */ in x509_crt_verify_chain()
2540 *ver_chain = rs_ctx->ver_chain; /* struct copy */ in x509_crt_verify_chain()
2541 self_cnt = rs_ctx->self_cnt; in x509_crt_verify_chain()
2543 /* restore derived state */ in x509_crt_verify_chain()
2544 cur = &ver_chain->items[ver_chain->len - 1]; in x509_crt_verify_chain()
2545 child = cur->crt; in x509_crt_verify_chain()
2546 flags = &cur->flags; in x509_crt_verify_chain()
2559 cur = &ver_chain->items[ver_chain->len]; in x509_crt_verify_chain()
2560 cur->crt = child; in x509_crt_verify_chain()
2561 cur->flags = 0; in x509_crt_verify_chain()
2562 ver_chain->len++; in x509_crt_verify_chain()
2563 flags = &cur->flags; in x509_crt_verify_chain()
2566 /* Check time-validity (all certificates) */ in x509_crt_verify_chain()
2567 if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) { in x509_crt_verify_chain()
2571 if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) { in x509_crt_verify_chain()
2582 if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { in x509_crt_verify_chain()
2586 if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { in x509_crt_verify_chain()
2591 if (ver_chain->len == 1 && in x509_crt_verify_chain()
2604 mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); in x509_crt_verify_chain()
2605 mbedtls_free(ver_chain->trust_ca_cb_result); in x509_crt_verify_chain()
2606 ver_chain->trust_ca_cb_result = NULL; in x509_crt_verify_chain()
2608 ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); in x509_crt_verify_chain()
2613 cur_trust_ca = ver_chain->trust_ca_cb_result; in x509_crt_verify_chain()
2625 ver_chain->len - 1, self_cnt, rs_ctx, in x509_crt_verify_chain()
2631 rs_ctx->in_progress = x509_crt_rs_find_parent; in x509_crt_verify_chain()
2632 rs_ctx->self_cnt = self_cnt; in x509_crt_verify_chain()
2633 rs_ctx->ver_chain = *ver_chain; /* struct copy */ in x509_crt_verify_chain()
2647 /* Count intermediate self-issued (not necessarily self-signed) certs. in x509_crt_verify_chain()
2650 if (ver_chain->len != 1 && in x509_crt_verify_chain()
2651 x509_name_cmp(&child->issuer, &child->subject) == 0) { in x509_crt_verify_chain()
2658 ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { in x509_crt_verify_chain()
2669 if (x509_profile_check_key(profile, &parent->pk) != 0) { in x509_crt_verify_chain()
2701 /* Solaris requires -lsocket -lnsl for inet_pton() */
2721 * MBEDTLS_TEST_SW_INET_PTON is a bypass define to force testing of this code //no-check-names
2723 #if !defined(AF_INET6) || defined(MBEDTLS_TEST_SW_INET_PTON) //no-check-names
2728 (((n) = (c) - '0') <= 9 || (((n) = ((c)&0xdf) - 'A') <= 5 ? ((n) += 10) : 0))
2733 int nonzero_groups = 0, num_digits, zero_group_start = -1; in x509_inet_pton_ipv6()
2752 if ((nonzero_groups == 0 && zero_group_start == -1) || in x509_inet_pton_ipv6()
2757 /* Walk back to prior ':', then parse as IPv4-mapped */ in x509_inet_pton_ipv6()
2760 p--; in x509_inet_pton_ipv6()
2761 steps--; in x509_inet_pton_ipv6()
2768 nonzero_groups--; in x509_inet_pton_ipv6()
2778 return -1; in x509_inet_pton_ipv6()
2782 if (zero_group_start != -1 || *p != ':') { in x509_inet_pton_ipv6()
2783 return -1; in x509_inet_pton_ipv6()
2789 return -1; in x509_inet_pton_ipv6()
2801 return -1; in x509_inet_pton_ipv6()
2804 if (zero_group_start != -1) { in x509_inet_pton_ipv6()
2806 return -1; in x509_inet_pton_ipv6()
2808 int zero_groups = 8 - nonzero_groups; in x509_inet_pton_ipv6()
2809 int groups_after_zero = nonzero_groups - zero_group_start; in x509_inet_pton_ipv6()
2811 /* Move the non-zero part to after the zeroes */ in x509_inet_pton_ipv6()
2820 return -1; in x509_inet_pton_ipv6()
2838 digit = *p - '0'; in x509_inet_pton_ipv4()
2846 return -1; in x509_inet_pton_ipv4()
2855 return -1; in x509_inet_pton_ipv4()
2860 return num_octets == 4 && *p == '\0' ? 0 : -1; in x509_inet_pton_ipv4()
2867 return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; in x509_inet_pton_ipv6()
2872 return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; in x509_inet_pton_ipv4()
2875 #endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
2891 if (name->len == cn_len && in x509_crt_check_cn()
2892 x509_memcasecmp(cn, name->p, cn_len) == 0) { in x509_crt_check_cn()
2901 return -1; in x509_crt_check_cn()
2910 return -1; in x509_crt_check_san_ip()
2913 for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { in x509_crt_check_san_ip()
2914 const unsigned char san_type = (unsigned char) cur->buf.tag & in x509_crt_check_san_ip()
2917 cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { in x509_crt_check_san_ip()
2922 return -1; in x509_crt_check_san_ip()
2928 for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { in x509_crt_check_san_uri()
2929 const unsigned char san_type = (unsigned char) cur->buf.tag & in x509_crt_check_san_uri()
2932 cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { in x509_crt_check_san_uri()
2937 return -1; in x509_crt_check_san_uri()
2949 for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { in x509_crt_check_san()
2950 switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { in x509_crt_check_san()
2952 if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { in x509_crt_check_san()
2978 return -1; in x509_crt_check_san()
2982 * Verify the requested CN - only call this if cn is not NULL!
2991 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { in x509_crt_verify_name()
2992 if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { in x509_crt_verify_name()
2996 for (name = &crt->subject; name != NULL; name = name->next) { in x509_crt_verify_name()
2997 if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && in x509_crt_verify_name()
2998 x509_crt_check_cn(&name->val, cn, cn_len) == 0) { in x509_crt_verify_name()
3022 for (i = ver_chain->len; i != 0; --i) { in x509_crt_merge_flags_with_cb()
3023 cur = &ver_chain->items[i-1]; in x509_crt_merge_flags_with_cb()
3024 cur_flags = cur->flags; in x509_crt_merge_flags_with_cb()
3027 if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { in x509_crt_merge_flags_with_cb()
3042 * - checks the requested CN (if any)
3043 * - checks the type and size of the EE cert's key,
3045 * - builds and verifies the chain
3046 * - then calls the callback and merges the flags
3089 pk_type = mbedtls_pk_get_type(&crt->pk); in x509_crt_verify_restartable_ca_cb()
3095 if (x509_profile_check_key(profile, &crt->pk) != 0) { in x509_crt_verify_restartable_ca_cb()
3108 /* Merge end-entity flags */ in x509_crt_verify_restartable_ca_cb()
3128 /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by in x509_crt_verify_restartable_ca_cb()
3129 * the SSL module for authmode optional, but non-zero return from the in x509_crt_verify_restartable_ca_cb()
3136 *flags = (uint32_t) -1; in x509_crt_verify_restartable_ca_cb()
3166 * Verify the certificate validity (user-chosen profile, not restartable)
3184 * Verify the certificate validity (user-chosen profile, CA callback,
3235 mbedtls_pk_free(&cert_cur->pk); in mbedtls_x509_crt_free()
3238 mbedtls_free(cert_cur->sig_opts); in mbedtls_x509_crt_free()
3241 mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); in mbedtls_x509_crt_free()
3242 mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); in mbedtls_x509_crt_free()
3243 mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); in mbedtls_x509_crt_free()
3244 mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); in mbedtls_x509_crt_free()
3245 mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); in mbedtls_x509_crt_free()
3246 mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); in mbedtls_x509_crt_free()
3248 if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { in mbedtls_x509_crt_free()
3249 mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); in mbedtls_x509_crt_free()
3253 cert_cur = cert_cur->next; in mbedtls_x509_crt_free()
3268 mbedtls_pk_restart_init(&ctx->pk); in mbedtls_x509_crt_restart_init()
3270 ctx->parent = NULL; in mbedtls_x509_crt_restart_init()
3271 ctx->fallback_parent = NULL; in mbedtls_x509_crt_restart_init()
3272 ctx->fallback_signature_is_good = 0; in mbedtls_x509_crt_restart_init()
3274 ctx->parent_is_trusted = -1; in mbedtls_x509_crt_restart_init()
3276 ctx->in_progress = x509_crt_rs_none; in mbedtls_x509_crt_restart_init()
3277 ctx->self_cnt = 0; in mbedtls_x509_crt_restart_init()
3278 x509_crt_verify_chain_reset(&ctx->ver_chain); in mbedtls_x509_crt_restart_init()
3290 mbedtls_pk_restart_free(&ctx->pk); in mbedtls_x509_crt_restart_free()
3297 if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { in mbedtls_x509_crt_get_ca_istrue()
3298 return crt->MBEDTLS_PRIVATE(ca_istrue); in mbedtls_x509_crt_get_ca_istrue()