Lines Matching refs:crt
77 mbedtls_x509_crt *crt; member
380 ver_chain->items[i].crt = NULL; in x509_crt_verify_chain_reset()
863 mbedtls_x509_crt *crt, in x509_get_crt_ext() argument
875 if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { in x509_get_crt_ext()
879 end = crt->v3_ext.p + crt->v3_ext.len; in x509_get_crt_ext()
936 ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); in x509_get_crt_ext()
956 if ((crt->ext_types & ext_type) != 0) { in x509_get_crt_ext()
960 crt->ext_types |= ext_type; in x509_get_crt_ext()
966 &crt->ca_istrue, &crt->max_pathlen)) != 0) { in x509_get_crt_ext()
974 &crt->key_usage)) != 0) { in x509_get_crt_ext()
982 &crt->ext_key_usage)) != 0) { in x509_get_crt_ext()
990 &crt->subject_key_id)) != 0) { in x509_get_crt_ext()
998 &crt->authority_key_id)) != 0) { in x509_get_crt_ext()
1007 &crt->subject_alt_names)) != 0) { in x509_get_crt_ext()
1015 &crt->ns_cert_type)) != 0) { in x509_get_crt_ext()
1023 &crt->certificate_policies)) != 0) { in x509_get_crt_ext()
1027 cb(p_ctx, crt, &extn_oid, is_critical, in x509_get_crt_ext()
1072 static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, in x509_crt_parse_der_core() argument
1091 if (crt == NULL || buf == NULL) { in x509_crt_parse_der_core()
1108 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1113 crt->raw.len = (size_t) (crt_end - buf); in x509_crt_parse_der_core()
1116 crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); in x509_crt_parse_der_core()
1117 if (crt->raw.p == NULL) { in x509_crt_parse_der_core()
1121 memcpy(crt->raw.p, buf, crt->raw.len); in x509_crt_parse_der_core()
1122 crt->own_buffer = 1; in x509_crt_parse_der_core()
1124 p += crt->raw.len - len; in x509_crt_parse_der_core()
1127 crt->raw.p = (unsigned char *) buf; in x509_crt_parse_der_core()
1128 crt->own_buffer = 0; in x509_crt_parse_der_core()
1134 crt->tbs.p = p; in x509_crt_parse_der_core()
1138 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1143 crt->tbs.len = (size_t) (end - crt->tbs.p); in x509_crt_parse_der_core()
1152 if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || in x509_crt_parse_der_core()
1153 (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || in x509_crt_parse_der_core()
1154 (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, in x509_crt_parse_der_core()
1156 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1160 if (crt->version < 0 || crt->version > 2) { in x509_crt_parse_der_core()
1161 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1165 crt->version++; in x509_crt_parse_der_core()
1167 if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, in x509_crt_parse_der_core()
1168 &crt->sig_md, &crt->sig_pk)) != 0) { in x509_crt_parse_der_core()
1169 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1176 crt->issuer_raw.p = p; in x509_crt_parse_der_core()
1180 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1184 if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { in x509_crt_parse_der_core()
1185 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1189 crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); in x509_crt_parse_der_core()
1197 if ((ret = x509_get_dates(&p, end, &crt->valid_from, in x509_crt_parse_der_core()
1198 &crt->valid_to)) != 0) { in x509_crt_parse_der_core()
1199 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1206 crt->subject_raw.p = p; in x509_crt_parse_der_core()
1210 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1214 if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { in x509_crt_parse_der_core()
1215 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1219 crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); in x509_crt_parse_der_core()
1224 crt->pk_raw.p = p; in x509_crt_parse_der_core()
1225 if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { in x509_crt_parse_der_core()
1226 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1229 crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); in x509_crt_parse_der_core()
1239 if (crt->version == 2 || crt->version == 3) { in x509_crt_parse_der_core()
1240 ret = x509_get_uid(&p, end, &crt->issuer_id, 1); in x509_crt_parse_der_core()
1242 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1247 if (crt->version == 2 || crt->version == 3) { in x509_crt_parse_der_core()
1248 ret = x509_get_uid(&p, end, &crt->subject_id, 2); in x509_crt_parse_der_core()
1250 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1255 if (crt->version == 3) { in x509_crt_parse_der_core()
1256 ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); in x509_crt_parse_der_core()
1258 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1264 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1279 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1283 if (crt->sig_oid.len != sig_oid2.len || in x509_crt_parse_der_core()
1284 memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || in x509_crt_parse_der_core()
1289 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1293 if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { in x509_crt_parse_der_core()
1294 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1299 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1319 mbedtls_x509_crt *crt = chain, *prev = NULL; in mbedtls_x509_crt_parse_der_internal() local
1324 if (crt == NULL || buf == NULL) { in mbedtls_x509_crt_parse_der_internal()
1328 while (crt->version != 0 && crt->next != NULL) { in mbedtls_x509_crt_parse_der_internal()
1329 prev = crt; in mbedtls_x509_crt_parse_der_internal()
1330 crt = crt->next; in mbedtls_x509_crt_parse_der_internal()
1336 if (crt->version != 0 && crt->next == NULL) { in mbedtls_x509_crt_parse_der_internal()
1337 crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); in mbedtls_x509_crt_parse_der_internal()
1339 if (crt->next == NULL) { in mbedtls_x509_crt_parse_der_internal()
1343 prev = crt; in mbedtls_x509_crt_parse_der_internal()
1344 mbedtls_x509_crt_init(crt->next); in mbedtls_x509_crt_parse_der_internal()
1345 crt = crt->next; in mbedtls_x509_crt_parse_der_internal()
1348 ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); in mbedtls_x509_crt_parse_der_internal()
1354 if (crt != chain) { in mbedtls_x509_crt_parse_der_internal()
1355 mbedtls_free(crt); in mbedtls_x509_crt_parse_der_internal()
1750 const mbedtls_x509_crt *crt) in mbedtls_x509_crt_info() argument
1760 if (NULL == crt) { in mbedtls_x509_crt_info()
1768 prefix, crt->version); in mbedtls_x509_crt_info()
1774 ret = mbedtls_x509_serial_gets(p, n, &crt->serial); in mbedtls_x509_crt_info()
1779 ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); in mbedtls_x509_crt_info()
1784 ret = mbedtls_x509_dn_gets(p, n, &crt->subject); in mbedtls_x509_crt_info()
1789 crt->valid_from.year, crt->valid_from.mon, in mbedtls_x509_crt_info()
1790 crt->valid_from.day, crt->valid_from.hour, in mbedtls_x509_crt_info()
1791 crt->valid_from.min, crt->valid_from.sec); in mbedtls_x509_crt_info()
1796 crt->valid_to.year, crt->valid_to.mon, in mbedtls_x509_crt_info()
1797 crt->valid_to.day, crt->valid_to.hour, in mbedtls_x509_crt_info()
1798 crt->valid_to.min, crt->valid_to.sec); in mbedtls_x509_crt_info()
1804 ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, crt->sig_md); in mbedtls_x509_crt_info()
1809 mbedtls_pk_get_name(&crt->pk))) != 0) { in mbedtls_x509_crt_info()
1814 prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&crt->pk)); in mbedtls_x509_crt_info()
1821 if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { in mbedtls_x509_crt_info()
1823 crt->ca_istrue ? "true" : "false"); in mbedtls_x509_crt_info()
1826 if (crt->max_pathlen > 0) { in mbedtls_x509_crt_info()
1827 ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); in mbedtls_x509_crt_info()
1832 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { in mbedtls_x509_crt_info()
1837 &crt->subject_alt_names, in mbedtls_x509_crt_info()
1843 if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { in mbedtls_x509_crt_info()
1847 if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { in mbedtls_x509_crt_info()
1852 if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { in mbedtls_x509_crt_info()
1856 if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { in mbedtls_x509_crt_info()
1861 if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { in mbedtls_x509_crt_info()
1866 &crt->ext_key_usage)) != 0) { in mbedtls_x509_crt_info()
1871 if (crt->ext_types & MBEDTLS_X509_EXT_CERTIFICATE_POLICIES) { in mbedtls_x509_crt_info()
1876 &crt->certificate_policies)) != 0) { in mbedtls_x509_crt_info()
1927 int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, in mbedtls_x509_crt_check_key_usage() argument
1934 if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { in mbedtls_x509_crt_check_key_usage()
1940 if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { in mbedtls_x509_crt_check_key_usage()
1946 if (((crt->key_usage & may_mask) | usage_may) != usage_may) { in mbedtls_x509_crt_check_key_usage()
1953 int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, in mbedtls_x509_crt_check_extended_key_usage() argument
1960 if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { in mbedtls_x509_crt_check_extended_key_usage()
1967 for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { in mbedtls_x509_crt_check_extended_key_usage()
1987 int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) in mbedtls_x509_crt_is_revoked() argument
1992 if (crt->serial.len == cur->serial.len && in mbedtls_x509_crt_is_revoked()
1993 memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { in mbedtls_x509_crt_is_revoked()
2007 static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, in x509_crt_verifycrl() argument
2089 if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { in x509_crt_verifycrl()
2413 mbedtls_x509_crt *crt, in x509_crt_check_ee_locally_trusted() argument
2419 if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { in x509_crt_check_ee_locally_trusted()
2425 if (crt->raw.len == cur->raw.len && in x509_crt_check_ee_locally_trusted()
2426 memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { in x509_crt_check_ee_locally_trusted()
2476 mbedtls_x509_crt *crt, in x509_crt_verify_chain() argument
2514 child = cur->crt; in x509_crt_verify_chain()
2521 child = crt; in x509_crt_verify_chain()
2529 cur->crt = child; in x509_crt_verify_chain()
2953 static void x509_crt_verify_name(const mbedtls_x509_crt *crt, in x509_crt_verify_name() argument
2960 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { in x509_crt_verify_name()
2961 if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { in x509_crt_verify_name()
2965 for (name = &crt->subject; name != NULL; name = name->next) { in x509_crt_verify_name()
2996 if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { in x509_crt_merge_flags_with_cb()
3024 static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, in x509_crt_verify_restartable_ca_cb() argument
3054 x509_crt_verify_name(crt, cn, &ee_flags); in x509_crt_verify_restartable_ca_cb()
3058 pk_type = mbedtls_pk_get_type(&crt->pk); in x509_crt_verify_restartable_ca_cb()
3064 if (x509_profile_check_key(profile, &crt->pk) != 0) { in x509_crt_verify_restartable_ca_cb()
3069 ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, in x509_crt_verify_restartable_ca_cb()
3120 int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify() argument
3127 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, in mbedtls_x509_crt_verify()
3137 int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify_with_profile() argument
3145 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, in mbedtls_x509_crt_verify_with_profile()
3156 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify_with_ca_cb() argument
3164 return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, in mbedtls_x509_crt_verify_with_ca_cb()
3171 int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify_restartable() argument
3180 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, in mbedtls_x509_crt_verify_restartable()
3190 void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) in mbedtls_x509_crt_init() argument
3192 memset(crt, 0, sizeof(mbedtls_x509_crt)); in mbedtls_x509_crt_init()
3198 void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) in mbedtls_x509_crt_free() argument
3200 mbedtls_x509_crt *cert_cur = crt; in mbedtls_x509_crt_free()
3221 if (cert_prv != crt) { in mbedtls_x509_crt_free()
3260 int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) in mbedtls_x509_crt_get_ca_istrue() argument
3262 if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { in mbedtls_x509_crt_get_ca_istrue()
3263 return crt->MBEDTLS_PRIVATE(ca_istrue); in mbedtls_x509_crt_get_ca_istrue()