Lines Matching refs:cert
45 void x509_certificate_free(struct x509_certificate *cert) in x509_certificate_free() argument
47 if (cert == NULL) in x509_certificate_free()
49 if (cert->next) { in x509_certificate_free()
52 cert, cert->next); in x509_certificate_free()
54 x509_free_name(&cert->issuer); in x509_certificate_free()
55 x509_free_name(&cert->subject); in x509_certificate_free()
56 os_free(cert->public_key); in x509_certificate_free()
57 os_free(cert->sign_value); in x509_certificate_free()
58 os_free(cert); in x509_certificate_free()
66 void x509_certificate_chain_free(struct x509_certificate *cert) in x509_certificate_chain_free() argument
70 while (cert) { in x509_certificate_chain_free()
71 next = cert->next; in x509_certificate_chain_free()
72 cert->next = NULL; in x509_certificate_chain_free()
73 x509_certificate_free(cert); in x509_certificate_chain_free()
74 cert = next; in x509_certificate_chain_free()
220 struct x509_certificate *cert, in x509_parse_public_key() argument
252 &cert->public_key_alg, &pos)) in x509_parse_public_key()
276 os_free(cert->public_key); in x509_parse_public_key()
277 cert->public_key = os_malloc(hdr.length - 1); in x509_parse_public_key()
278 if (cert->public_key == NULL) { in x509_parse_public_key()
283 os_memcpy(cert->public_key, pos + 1, hdr.length - 1); in x509_parse_public_key()
284 cert->public_key_len = hdr.length - 1; in x509_parse_public_key()
286 cert->public_key, cert->public_key_len); in x509_parse_public_key()
651 struct x509_certificate *cert, const u8 **next) in x509_parse_validity() argument
688 &cert->not_before) < 0) { in x509_parse_validity()
700 &cert->not_after) < 0) { in x509_parse_validity()
707 (unsigned long) cert->not_before, in x509_parse_validity()
708 (unsigned long) cert->not_after); in x509_parse_validity()
724 static int x509_parse_ext_key_usage(struct x509_certificate *cert, in x509_parse_ext_key_usage() argument
752 cert->extensions_present |= X509_EXT_KEY_USAGE; in x509_parse_ext_key_usage()
753 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length); in x509_parse_ext_key_usage()
755 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage); in x509_parse_ext_key_usage()
761 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert, in x509_parse_ext_basic_constraints() argument
783 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS; in x509_parse_ext_basic_constraints()
802 cert->ca = hdr.payload[0]; in x509_parse_ext_basic_constraints()
806 cert->ca); in x509_parse_ext_basic_constraints()
835 cert->path_len_constraint = value; in x509_parse_ext_basic_constraints()
836 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT; in x509_parse_ext_basic_constraints()
840 cert->ca, cert->path_len_constraint); in x509_parse_ext_basic_constraints()
1023 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert, in x509_parse_ext_subject_alt_name() argument
1040 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME; in x509_parse_ext_subject_alt_name()
1045 return x509_parse_ext_alt_name(&cert->subject, hdr.payload, in x509_parse_ext_subject_alt_name()
1050 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert, in x509_parse_ext_issuer_alt_name() argument
1067 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME; in x509_parse_ext_issuer_alt_name()
1072 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload, in x509_parse_ext_issuer_alt_name()
1077 static int x509_parse_extension_data(struct x509_certificate *cert, in x509_parse_extension_data() argument
1093 return x509_parse_ext_key_usage(cert, pos, len); in x509_parse_extension_data()
1095 return x509_parse_ext_subject_alt_name(cert, pos, len); in x509_parse_extension_data()
1097 return x509_parse_ext_issuer_alt_name(cert, pos, len); in x509_parse_extension_data()
1099 return x509_parse_ext_basic_constraints(cert, pos, len); in x509_parse_extension_data()
1106 static int x509_parse_extension(struct x509_certificate *cert, in x509_parse_extension() argument
1175 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length); in x509_parse_extension()
1188 static int x509_parse_extensions(struct x509_certificate *cert, in x509_parse_extensions() argument
1209 if (x509_parse_extension(cert, pos, end - pos, &pos) in x509_parse_extensions()
1219 struct x509_certificate *cert, in x509_parse_tbs_certificate() argument
1273 cert->version = value; in x509_parse_tbs_certificate()
1274 if (cert->version != X509_CERT_V1 && in x509_parse_tbs_certificate()
1275 cert->version != X509_CERT_V2 && in x509_parse_tbs_certificate()
1276 cert->version != X509_CERT_V3) { in x509_parse_tbs_certificate()
1278 cert->version + 1); in x509_parse_tbs_certificate()
1285 cert->version = X509_CERT_V1; in x509_parse_tbs_certificate()
1286 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1); in x509_parse_tbs_certificate()
1300 cert->serial_number <<= 8; in x509_parse_tbs_certificate()
1301 cert->serial_number |= *pos++; in x509_parse_tbs_certificate()
1304 wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number); in x509_parse_tbs_certificate()
1307 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature, in x509_parse_tbs_certificate()
1312 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos)) in x509_parse_tbs_certificate()
1314 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf)); in x509_parse_tbs_certificate()
1318 if (x509_parse_validity(pos, end - pos, cert, &pos)) in x509_parse_tbs_certificate()
1322 if (x509_parse_name(pos, end - pos, &cert->subject, &pos)) in x509_parse_tbs_certificate()
1324 x509_name_string(&cert->subject, sbuf, sizeof(sbuf)); in x509_parse_tbs_certificate()
1328 if (x509_parse_public_key(pos, end - pos, cert, &pos)) in x509_parse_tbs_certificate()
1334 if (cert->version == X509_CERT_V1) in x509_parse_tbs_certificate()
1393 if (cert->version != X509_CERT_V3) { in x509_parse_tbs_certificate()
1396 "version 3", cert->version + 1); in x509_parse_tbs_certificate()
1400 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0) in x509_parse_tbs_certificate()
1480 struct x509_certificate *cert; in x509_certificate_parse() local
1482 cert = os_zalloc(sizeof(*cert) + len); in x509_certificate_parse()
1483 if (cert == NULL) in x509_certificate_parse()
1485 os_memcpy(cert + 1, buf, len); in x509_certificate_parse()
1486 cert->cert_start = (u8 *) (cert + 1); in x509_certificate_parse()
1487 cert->cert_len = len; in x509_certificate_parse()
1501 x509_certificate_free(cert); in x509_certificate_parse()
1507 x509_certificate_free(cert); in x509_certificate_parse()
1519 cert->tbs_cert_start = cert->cert_start + (hash_start - buf); in x509_certificate_parse()
1520 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) { in x509_certificate_parse()
1521 x509_certificate_free(cert); in x509_certificate_parse()
1524 cert->tbs_cert_len = pos - hash_start; in x509_certificate_parse()
1528 &cert->signature_alg, &pos)) { in x509_certificate_parse()
1529 x509_certificate_free(cert); in x509_certificate_parse()
1540 x509_certificate_free(cert); in x509_certificate_parse()
1544 x509_certificate_free(cert); in x509_certificate_parse()
1555 x509_certificate_free(cert); in x509_certificate_parse()
1558 os_free(cert->sign_value); in x509_certificate_parse()
1559 cert->sign_value = os_malloc(hdr.length - 1); in x509_certificate_parse()
1560 if (cert->sign_value == NULL) { in x509_certificate_parse()
1563 x509_certificate_free(cert); in x509_certificate_parse()
1566 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1); in x509_certificate_parse()
1567 cert->sign_value_len = hdr.length - 1; in x509_certificate_parse()
1569 cert->sign_value, cert->sign_value_len); in x509_certificate_parse()
1571 return cert; in x509_certificate_parse()
1583 struct x509_certificate *cert) in x509_certificate_check_signature() argument
1594 if (!x509_pkcs_oid(&cert->signature.oid) || in x509_certificate_check_signature()
1595 cert->signature.oid.len != 7 || in x509_certificate_check_signature()
1596 cert->signature.oid.oid[5] != 1 /* pkcs-1 */) { in x509_certificate_check_signature()
1607 data_len = cert->sign_value_len; in x509_certificate_check_signature()
1614 if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value, in x509_certificate_check_signature()
1615 cert->sign_value_len, data, in x509_certificate_check_signature()
1678 if (cert->signature.oid.oid[6] != in x509_certificate_check_signature()
1683 cert->signature.oid.oid[6]); in x509_certificate_check_signature()
1691 if (cert->signature.oid.oid[6] != in x509_certificate_check_signature()
1696 cert->signature.oid.oid[6]); in x509_certificate_check_signature()
1710 if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */) in x509_certificate_check_signature()
1715 cert->signature.oid.oid[6]); in x509_certificate_check_signature()
1746 switch (cert->signature.oid.oid[6]) { in x509_certificate_check_signature()
1748 md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, in x509_certificate_check_signature()
1755 sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, in x509_certificate_check_signature()
1762 sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len, in x509_certificate_check_signature()
1773 "algorithm (%lu)", cert->signature.oid.oid[6]); in x509_certificate_check_signature()
1804 static int x509_valid_issuer(const struct x509_certificate *cert) in x509_valid_issuer() argument
1806 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) && in x509_valid_issuer()
1807 !cert->ca) { in x509_valid_issuer()
1813 if (cert->version == X509_CERT_V3 && in x509_valid_issuer()
1814 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) { in x509_valid_issuer()
1820 if ((cert->extensions_present & X509_EXT_KEY_USAGE) && in x509_valid_issuer()
1821 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) { in x509_valid_issuer()
1845 struct x509_certificate *cert, *trust; in x509_certificate_chain_validate() local
1854 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) { in x509_certificate_chain_validate()
1855 x509_name_string(&cert->subject, buf, sizeof(buf)); in x509_certificate_chain_validate()
1863 (unsigned long) cert->not_before || in x509_certificate_chain_validate()
1865 (unsigned long) cert->not_after)) { in x509_certificate_chain_validate()
1868 now.sec, cert->not_before, cert->not_after); in x509_certificate_chain_validate()
1873 if (cert->next) { in x509_certificate_chain_validate()
1874 if (x509_name_compare(&cert->issuer, in x509_certificate_chain_validate()
1875 &cert->next->subject) != 0) { in x509_certificate_chain_validate()
1878 x509_name_string(&cert->issuer, buf, in x509_certificate_chain_validate()
1882 x509_name_string(&cert->next->subject, buf, in x509_certificate_chain_validate()
1890 if (x509_valid_issuer(cert->next) < 0) { in x509_certificate_chain_validate()
1895 if ((cert->next->extensions_present & in x509_certificate_chain_validate()
1897 idx > cert->next->path_len_constraint) { in x509_certificate_chain_validate()
1901 cert->next->path_len_constraint); in x509_certificate_chain_validate()
1906 if (x509_certificate_check_signature(cert->next, cert) in x509_certificate_chain_validate()
1917 if (x509_name_compare(&cert->issuer, &trust->subject) in x509_certificate_chain_validate()
1930 if (x509_certificate_check_signature(trust, cert) < 0) in x509_certificate_chain_validate()
1972 struct x509_certificate *cert; in x509_certificate_get_subject() local
1974 for (cert = chain; cert; cert = cert->next) { in x509_certificate_get_subject()
1975 if (x509_name_compare(&cert->subject, name) == 0) in x509_certificate_get_subject()
1976 return cert; in x509_certificate_get_subject()
1987 int x509_certificate_self_signed(struct x509_certificate *cert) in x509_certificate_self_signed() argument
1989 return x509_name_compare(&cert->issuer, &cert->subject) == 0; in x509_certificate_self_signed()