Lines Matching refs:cert
43 * @cert: Certificate to be freed
45 void x509_certificate_free(struct x509_certificate *cert)
47 if (cert == NULL)
49 if (cert->next) {
52 cert, cert->next);
54 x509_free_name(&cert->issuer);
55 x509_free_name(&cert->subject);
56 os_free(cert->public_key);
57 os_free(cert->sign_value);
58 os_free(cert->subject_dn);
59 os_free(cert);
65 * @cert: Pointer to the first certificate in the chain
67 void x509_certificate_chain_free(struct x509_certificate *cert)
71 while (cert) {
72 next = cert->next;
73 cert->next = NULL;
74 x509_certificate_free(cert);
75 cert = next;
220 struct x509_certificate *cert,
252 &cert->public_key_alg, &pos))
276 os_free(cert->public_key);
277 cert->public_key = os_malloc(hdr.length - 1);
278 if (cert->public_key == NULL) {
283 os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
284 cert->public_key_len = hdr.length - 1;
286 cert->public_key, cert->public_key_len);
650 struct x509_certificate *cert, const u8 **next)
687 &cert->not_before) < 0) {
699 &cert->not_after) < 0) {
706 (unsigned long) cert->not_before,
707 (unsigned long) cert->not_after);
732 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
760 cert->extensions_present |= X509_EXT_KEY_USAGE;
761 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
763 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
769 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
791 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
810 cert->ca = hdr.payload[0];
814 cert->ca);
843 cert->path_len_constraint = value;
844 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
848 cert->ca, cert->path_len_constraint);
1031 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1048 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1053 return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1058 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1075 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1080 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1134 static int x509_parse_ext_ext_key_usage(struct x509_certificate *cert,
1169 cert->ext_key_usage |= X509_EXT_KEY_USAGE_ANY;
1172 cert->ext_key_usage |= X509_EXT_KEY_USAGE_SERVER_AUTH;
1175 cert->ext_key_usage |= X509_EXT_KEY_USAGE_CLIENT_AUTH;
1178 cert->ext_key_usage |= X509_EXT_KEY_USAGE_OCSP;
1185 cert->extensions_present |= X509_EXT_EXT_KEY_USAGE;
1191 static int x509_parse_extension_data(struct x509_certificate *cert,
1206 return x509_parse_ext_key_usage(cert, pos, len);
1208 return x509_parse_ext_subject_alt_name(cert, pos, len);
1210 return x509_parse_ext_issuer_alt_name(cert, pos, len);
1212 return x509_parse_ext_basic_constraints(cert, pos, len);
1214 return x509_parse_ext_ext_key_usage(cert, pos, len);
1221 static int x509_parse_extension(struct x509_certificate *cert,
1290 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1303 static int x509_parse_extensions(struct x509_certificate *cert,
1324 if (x509_parse_extension(cert, pos, end - pos, &pos)
1334 struct x509_certificate *cert,
1389 cert->version = value;
1390 if (cert->version != X509_CERT_V1 &&
1391 cert->version != X509_CERT_V2 &&
1392 cert->version != X509_CERT_V3) {
1394 cert->version + 1);
1401 cert->version = X509_CERT_V1;
1402 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1419 os_memcpy(cert->serial_number, hdr.payload, hdr.length);
1420 cert->serial_number_len = hdr.length;
1421 wpa_hexdump(MSG_MSGDUMP, "X509: serialNumber", cert->serial_number,
1422 cert->serial_number_len);
1425 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1430 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1432 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1436 if (x509_parse_validity(pos, end - pos, cert, &pos))
1441 if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1443 cert->subject_dn = os_malloc(pos - subject_dn);
1444 if (!cert->subject_dn)
1446 cert->subject_dn_len = pos - subject_dn;
1447 os_memcpy(cert->subject_dn, subject_dn, cert->subject_dn_len);
1448 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1452 if (x509_parse_public_key(pos, end - pos, cert, &pos))
1458 if (cert->version == X509_CERT_V1)
1517 if (cert->version != X509_CERT_V3) {
1520 "version 3", cert->version + 1);
1524 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1624 struct x509_certificate *cert;
1626 cert = os_zalloc(sizeof(*cert) + len);
1627 if (cert == NULL)
1629 os_memcpy(cert + 1, buf, len);
1630 cert->cert_start = (u8 *) (cert + 1);
1631 cert->cert_len = len;
1645 x509_certificate_free(cert);
1651 x509_certificate_free(cert);
1663 cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1664 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1665 x509_certificate_free(cert);
1668 cert->tbs_cert_len = pos - hash_start;
1672 &cert->signature_alg, &pos)) {
1673 x509_certificate_free(cert);
1684 x509_certificate_free(cert);
1688 x509_certificate_free(cert);
1699 x509_certificate_free(cert);
1702 os_free(cert->sign_value);
1703 cert->sign_value = os_malloc(hdr.length - 1);
1704 if (cert->sign_value == NULL) {
1707 x509_certificate_free(cert);
1710 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1711 cert->sign_value_len = hdr.length - 1;
1713 cert->sign_value, cert->sign_value_len);
1715 return cert;
1722 * @cert: Certificate to be verified
1723 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1727 struct x509_certificate *cert)
1729 return x509_check_signature(issuer, &cert->signature,
1730 cert->sign_value, cert->sign_value_len,
1731 cert->tbs_cert_start, cert->tbs_cert_len);
1990 static int x509_valid_issuer(const struct x509_certificate *cert)
1992 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1993 !cert->ca) {
1999 if (cert->version == X509_CERT_V3 &&
2000 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
2006 if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
2007 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
2031 struct x509_certificate *cert, *trust;
2040 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
2041 cert->issuer_trusted = 0;
2042 x509_name_string(&cert->subject, buf, sizeof(buf));
2050 (unsigned long) cert->not_before ||
2052 (unsigned long) cert->not_after)) {
2055 now.sec, cert->not_before, cert->not_after);
2060 if (cert->next) {
2061 if (x509_name_compare(&cert->issuer,
2062 &cert->next->subject) != 0) {
2065 x509_name_string(&cert->issuer, buf,
2067 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
2069 x509_name_string(&cert->next->subject, buf,
2071 wpa_printf(MSG_DEBUG, "X509: next cert "
2077 if (x509_valid_issuer(cert->next) < 0) {
2082 if ((cert->next->extensions_present &
2084 idx > cert->next->path_len_constraint) {
2088 cert->next->path_len_constraint);
2093 if (x509_certificate_check_signature(cert->next, cert)
2104 if (x509_name_compare(&cert->issuer, &trust->subject)
2117 if (x509_certificate_check_signature(trust, cert) < 0)
2127 cert->issuer_trusted = 1;
2160 struct x509_certificate *cert;
2162 for (cert = chain; cert; cert = cert->next) {
2163 if (x509_name_compare(&cert->subject, name) == 0)
2164 return cert;
2172 * @cert: Certificate
2175 int x509_certificate_self_signed(struct x509_certificate *cert)
2177 return x509_name_compare(&cert->issuer, &cert->subject) == 0;
