Lines Matching refs:crt
78 mbedtls_x509_crt *crt; member
381 ver_chain->items[i].crt = NULL; in x509_crt_verify_chain_reset()
864 mbedtls_x509_crt *crt, in x509_get_crt_ext() argument
876 if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { in x509_get_crt_ext()
880 end = crt->v3_ext.p + crt->v3_ext.len; in x509_get_crt_ext()
937 ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); in x509_get_crt_ext()
957 if ((crt->ext_types & ext_type) != 0) { in x509_get_crt_ext()
961 crt->ext_types |= ext_type; in x509_get_crt_ext()
967 &crt->ca_istrue, &crt->max_pathlen)) != 0) { in x509_get_crt_ext()
975 &crt->key_usage)) != 0) { in x509_get_crt_ext()
983 &crt->ext_key_usage)) != 0) { in x509_get_crt_ext()
991 &crt->subject_key_id)) != 0) { in x509_get_crt_ext()
999 &crt->authority_key_id)) != 0) { in x509_get_crt_ext()
1008 &crt->subject_alt_names)) != 0) { in x509_get_crt_ext()
1016 &crt->ns_cert_type)) != 0) { in x509_get_crt_ext()
1024 &crt->certificate_policies)) != 0) { in x509_get_crt_ext()
1028 cb(p_ctx, crt, &extn_oid, is_critical, in x509_get_crt_ext()
1073 static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, in x509_crt_parse_der_core() argument
1092 if (crt == NULL || buf == NULL) { in x509_crt_parse_der_core()
1109 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1114 crt->raw.len = (size_t) (crt_end - buf); in x509_crt_parse_der_core()
1117 crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); in x509_crt_parse_der_core()
1118 if (crt->raw.p == NULL) { in x509_crt_parse_der_core()
1122 memcpy(crt->raw.p, buf, crt->raw.len); in x509_crt_parse_der_core()
1123 crt->own_buffer = 1; in x509_crt_parse_der_core()
1125 p += crt->raw.len - len; in x509_crt_parse_der_core()
1128 crt->raw.p = (unsigned char *) buf; in x509_crt_parse_der_core()
1129 crt->own_buffer = 0; in x509_crt_parse_der_core()
1135 crt->tbs.p = p; in x509_crt_parse_der_core()
1139 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1144 crt->tbs.len = (size_t) (end - crt->tbs.p); in x509_crt_parse_der_core()
1153 if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || in x509_crt_parse_der_core()
1154 (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || in x509_crt_parse_der_core()
1155 (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, in x509_crt_parse_der_core()
1157 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1161 if (crt->version < 0 || crt->version > 2) { in x509_crt_parse_der_core()
1162 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1166 crt->version++; in x509_crt_parse_der_core()
1168 if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, in x509_crt_parse_der_core()
1169 &crt->sig_md, &crt->sig_pk, in x509_crt_parse_der_core()
1170 &crt->sig_opts)) != 0) { in x509_crt_parse_der_core()
1171 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1178 crt->issuer_raw.p = p; in x509_crt_parse_der_core()
1182 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1186 if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { in x509_crt_parse_der_core()
1187 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1191 crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); in x509_crt_parse_der_core()
1199 if ((ret = x509_get_dates(&p, end, &crt->valid_from, in x509_crt_parse_der_core()
1200 &crt->valid_to)) != 0) { in x509_crt_parse_der_core()
1201 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1208 crt->subject_raw.p = p; in x509_crt_parse_der_core()
1212 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1216 if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { in x509_crt_parse_der_core()
1217 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1221 crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); in x509_crt_parse_der_core()
1226 crt->pk_raw.p = p; in x509_crt_parse_der_core()
1227 if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { in x509_crt_parse_der_core()
1228 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1231 crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); in x509_crt_parse_der_core()
1241 if (crt->version == 2 || crt->version == 3) { in x509_crt_parse_der_core()
1242 ret = x509_get_uid(&p, end, &crt->issuer_id, 1); in x509_crt_parse_der_core()
1244 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1249 if (crt->version == 2 || crt->version == 3) { in x509_crt_parse_der_core()
1250 ret = x509_get_uid(&p, end, &crt->subject_id, 2); in x509_crt_parse_der_core()
1252 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1257 if (crt->version == 3) { in x509_crt_parse_der_core()
1258 ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); in x509_crt_parse_der_core()
1260 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1266 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1281 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1285 if (crt->sig_oid.len != sig_oid2.len || in x509_crt_parse_der_core()
1286 memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || in x509_crt_parse_der_core()
1291 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1295 if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { in x509_crt_parse_der_core()
1296 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1301 mbedtls_x509_crt_free(crt); in x509_crt_parse_der_core()
1321 mbedtls_x509_crt *crt = chain, *prev = NULL; in mbedtls_x509_crt_parse_der_internal() local
1326 if (crt == NULL || buf == NULL) { in mbedtls_x509_crt_parse_der_internal()
1330 while (crt->version != 0 && crt->next != NULL) { in mbedtls_x509_crt_parse_der_internal()
1331 prev = crt; in mbedtls_x509_crt_parse_der_internal()
1332 crt = crt->next; in mbedtls_x509_crt_parse_der_internal()
1338 if (crt->version != 0 && crt->next == NULL) { in mbedtls_x509_crt_parse_der_internal()
1339 crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); in mbedtls_x509_crt_parse_der_internal()
1341 if (crt->next == NULL) { in mbedtls_x509_crt_parse_der_internal()
1345 prev = crt; in mbedtls_x509_crt_parse_der_internal()
1346 mbedtls_x509_crt_init(crt->next); in mbedtls_x509_crt_parse_der_internal()
1347 crt = crt->next; in mbedtls_x509_crt_parse_der_internal()
1350 ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); in mbedtls_x509_crt_parse_der_internal()
1356 if (crt != chain) { in mbedtls_x509_crt_parse_der_internal()
1357 mbedtls_free(crt); in mbedtls_x509_crt_parse_der_internal()
1752 const mbedtls_x509_crt *crt) in mbedtls_x509_crt_info() argument
1762 if (NULL == crt) { in mbedtls_x509_crt_info()
1770 prefix, crt->version); in mbedtls_x509_crt_info()
1776 ret = mbedtls_x509_serial_gets(p, n, &crt->serial); in mbedtls_x509_crt_info()
1781 ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); in mbedtls_x509_crt_info()
1786 ret = mbedtls_x509_dn_gets(p, n, &crt->subject); in mbedtls_x509_crt_info()
1791 crt->valid_from.year, crt->valid_from.mon, in mbedtls_x509_crt_info()
1792 crt->valid_from.day, crt->valid_from.hour, in mbedtls_x509_crt_info()
1793 crt->valid_from.min, crt->valid_from.sec); in mbedtls_x509_crt_info()
1798 crt->valid_to.year, crt->valid_to.mon, in mbedtls_x509_crt_info()
1799 crt->valid_to.day, crt->valid_to.hour, in mbedtls_x509_crt_info()
1800 crt->valid_to.min, crt->valid_to.sec); in mbedtls_x509_crt_info()
1806 ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, in mbedtls_x509_crt_info()
1807 crt->sig_md, crt->sig_opts); in mbedtls_x509_crt_info()
1812 mbedtls_pk_get_name(&crt->pk))) != 0) { in mbedtls_x509_crt_info()
1817 (int) mbedtls_pk_get_bitlen(&crt->pk)); in mbedtls_x509_crt_info()
1824 if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { in mbedtls_x509_crt_info()
1826 crt->ca_istrue ? "true" : "false"); in mbedtls_x509_crt_info()
1829 if (crt->max_pathlen > 0) { in mbedtls_x509_crt_info()
1830 ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); in mbedtls_x509_crt_info()
1835 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { in mbedtls_x509_crt_info()
1840 &crt->subject_alt_names, in mbedtls_x509_crt_info()
1846 if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { in mbedtls_x509_crt_info()
1850 if ((ret = mbedtls_x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) { in mbedtls_x509_crt_info()
1855 if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { in mbedtls_x509_crt_info()
1859 if ((ret = mbedtls_x509_info_key_usage(&p, &n, crt->key_usage)) != 0) { in mbedtls_x509_crt_info()
1864 if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { in mbedtls_x509_crt_info()
1869 &crt->ext_key_usage)) != 0) { in mbedtls_x509_crt_info()
1874 if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { in mbedtls_x509_crt_info()
1879 &crt->certificate_policies)) != 0) { in mbedtls_x509_crt_info()
1930 int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, in mbedtls_x509_crt_check_key_usage() argument
1937 if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { in mbedtls_x509_crt_check_key_usage()
1943 if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { in mbedtls_x509_crt_check_key_usage()
1949 if (((crt->key_usage & may_mask) | usage_may) != usage_may) { in mbedtls_x509_crt_check_key_usage()
1956 int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, in mbedtls_x509_crt_check_extended_key_usage() argument
1963 if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) { in mbedtls_x509_crt_check_extended_key_usage()
1970 for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { in mbedtls_x509_crt_check_extended_key_usage()
1990 int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) in mbedtls_x509_crt_is_revoked() argument
1995 if (crt->serial.len == cur->serial.len && in mbedtls_x509_crt_is_revoked()
1996 memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { in mbedtls_x509_crt_is_revoked()
2010 static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, in x509_crt_verifycrl() argument
2109 if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { in x509_crt_verifycrl()
2444 mbedtls_x509_crt *crt, in x509_crt_check_ee_locally_trusted() argument
2450 if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { in x509_crt_check_ee_locally_trusted()
2456 if (crt->raw.len == cur->raw.len && in x509_crt_check_ee_locally_trusted()
2457 memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { in x509_crt_check_ee_locally_trusted()
2507 mbedtls_x509_crt *crt, in x509_crt_verify_chain() argument
2545 child = cur->crt; in x509_crt_verify_chain()
2552 child = crt; in x509_crt_verify_chain()
2560 cur->crt = child; in x509_crt_verify_chain()
2984 static void x509_crt_verify_name(const mbedtls_x509_crt *crt, in x509_crt_verify_name() argument
2991 if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { in x509_crt_verify_name()
2992 if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { in x509_crt_verify_name()
2996 for (name = &crt->subject; name != NULL; name = name->next) { in x509_crt_verify_name()
3027 if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { in x509_crt_merge_flags_with_cb()
3055 static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, in x509_crt_verify_restartable_ca_cb() argument
3085 x509_crt_verify_name(crt, cn, &ee_flags); in x509_crt_verify_restartable_ca_cb()
3089 pk_type = mbedtls_pk_get_type(&crt->pk); in x509_crt_verify_restartable_ca_cb()
3095 if (x509_profile_check_key(profile, &crt->pk) != 0) { in x509_crt_verify_restartable_ca_cb()
3100 ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, in x509_crt_verify_restartable_ca_cb()
3151 int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify() argument
3158 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, in mbedtls_x509_crt_verify()
3168 int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify_with_profile() argument
3176 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, in mbedtls_x509_crt_verify_with_profile()
3187 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify_with_ca_cb() argument
3195 return x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, in mbedtls_x509_crt_verify_with_ca_cb()
3202 int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, in mbedtls_x509_crt_verify_restartable() argument
3211 return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, in mbedtls_x509_crt_verify_restartable()
3221 void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) in mbedtls_x509_crt_init() argument
3223 memset(crt, 0, sizeof(mbedtls_x509_crt)); in mbedtls_x509_crt_init()
3229 void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) in mbedtls_x509_crt_free() argument
3231 mbedtls_x509_crt *cert_cur = crt; in mbedtls_x509_crt_free()
3256 if (cert_prv != crt) { in mbedtls_x509_crt_free()
3295 int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) in mbedtls_x509_crt_get_ca_istrue() argument
3297 if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { in mbedtls_x509_crt_get_ca_istrue()
3298 return crt->MBEDTLS_PRIVATE(ca_istrue); in mbedtls_x509_crt_get_ca_istrue()