mbed-dev-OS5_10_4

Users » kevman » Code » mbed-dev-OS5_10_4

features/mbedtls/src/x509_csr.c@2:7aab896b1a3b, 2019-03-13 (annotated)

Committer:: kevman
Date:: Wed Mar 13 11:03:24 2019 +0000
Revision:: 2:7aab896b1a3b
Parent:: 0:38ceb79fef03

2019-03-13

Who changed what in which revision?

User	Revision	Line number	New contents of line
kevman	0:38ceb79fef03	1	/*
kevman	0:38ceb79fef03	2	* X.509 Certificate Signing Request (CSR) parsing
kevman	0:38ceb79fef03	3	*
kevman	0:38ceb79fef03	4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
kevman	0:38ceb79fef03	5	* SPDX-License-Identifier: Apache-2.0
kevman	0:38ceb79fef03	6	*
kevman	0:38ceb79fef03	7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
kevman	0:38ceb79fef03	8	* not use this file except in compliance with the License.
kevman	0:38ceb79fef03	9	* You may obtain a copy of the License at
kevman	0:38ceb79fef03	10	*
kevman	0:38ceb79fef03	11	* http://www.apache.org/licenses/LICENSE-2.0
kevman	0:38ceb79fef03	12	*
kevman	0:38ceb79fef03	13	* Unless required by applicable law or agreed to in writing, software
kevman	0:38ceb79fef03	14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
kevman	0:38ceb79fef03	15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
kevman	0:38ceb79fef03	16	* See the License for the specific language governing permissions and
kevman	0:38ceb79fef03	17	* limitations under the License.
kevman	0:38ceb79fef03	18	*
kevman	0:38ceb79fef03	19	* This file is part of mbed TLS (https://tls.mbed.org)
kevman	0:38ceb79fef03	20	*/
kevman	0:38ceb79fef03	21	/*
kevman	0:38ceb79fef03	22	* The ITU-T X.509 standard defines a certificate format for PKI.
kevman	0:38ceb79fef03	23	*
kevman	0:38ceb79fef03	24	* http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
kevman	0:38ceb79fef03	25	* http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
kevman	0:38ceb79fef03	26	* http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
kevman	0:38ceb79fef03	27	*
kevman	0:38ceb79fef03	28	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
kevman	0:38ceb79fef03	29	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
kevman	0:38ceb79fef03	30	*/
kevman	0:38ceb79fef03	31
kevman	0:38ceb79fef03	32	#if !defined(MBEDTLS_CONFIG_FILE)
kevman	0:38ceb79fef03	33	#include "mbedtls/config.h"
kevman	0:38ceb79fef03	34	#else
kevman	0:38ceb79fef03	35	#include MBEDTLS_CONFIG_FILE
kevman	0:38ceb79fef03	36	#endif
kevman	0:38ceb79fef03	37
kevman	0:38ceb79fef03	38	#if defined(MBEDTLS_X509_CSR_PARSE_C)
kevman	0:38ceb79fef03	39
kevman	0:38ceb79fef03	40	#include "mbedtls/x509_csr.h"
kevman	0:38ceb79fef03	41	#include "mbedtls/oid.h"
kevman	0:38ceb79fef03	42	#include "mbedtls/platform_util.h"
kevman	0:38ceb79fef03	43
kevman	0:38ceb79fef03	44	#include <string.h>
kevman	0:38ceb79fef03	45
kevman	0:38ceb79fef03	46	#if defined(MBEDTLS_PEM_PARSE_C)
kevman	0:38ceb79fef03	47	#include "mbedtls/pem.h"
kevman	0:38ceb79fef03	48	#endif
kevman	0:38ceb79fef03	49
kevman	0:38ceb79fef03	50	#if defined(MBEDTLS_PLATFORM_C)
kevman	0:38ceb79fef03	51	#include "mbedtls/platform.h"
kevman	0:38ceb79fef03	52	#else
kevman	0:38ceb79fef03	53	#include <stdlib.h>
kevman	0:38ceb79fef03	54	#include <stdio.h>
kevman	0:38ceb79fef03	55	#define mbedtls_free free
kevman	0:38ceb79fef03	56	#define mbedtls_calloc calloc
kevman	0:38ceb79fef03	57	#define mbedtls_snprintf snprintf
kevman	0:38ceb79fef03	58	#endif
kevman	0:38ceb79fef03	59
kevman	0:38ceb79fef03	60	#if defined(MBEDTLS_FS_IO) \|\| defined(EFIX64) \|\| defined(EFI32)
kevman	0:38ceb79fef03	61	#include <stdio.h>
kevman	0:38ceb79fef03	62	#endif
kevman	0:38ceb79fef03	63
kevman	0:38ceb79fef03	64	/*
kevman	0:38ceb79fef03	65	* Version ::= INTEGER { v1(0) }
kevman	0:38ceb79fef03	66	*/
kevman	0:38ceb79fef03	67	static int x509_csr_get_version( unsigned char **p,
kevman	0:38ceb79fef03	68	const unsigned char *end,
kevman	0:38ceb79fef03	69	int *ver )
kevman	0:38ceb79fef03	70	{
kevman	0:38ceb79fef03	71	int ret;
kevman	0:38ceb79fef03	72
kevman	0:38ceb79fef03	73	if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
kevman	0:38ceb79fef03	74	{
kevman	0:38ceb79fef03	75	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
kevman	0:38ceb79fef03	76	{
kevman	0:38ceb79fef03	77	*ver = 0;
kevman	0:38ceb79fef03	78	return( 0 );
kevman	0:38ceb79fef03	79	}
kevman	0:38ceb79fef03	80
kevman	0:38ceb79fef03	81	return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
kevman	0:38ceb79fef03	82	}
kevman	0:38ceb79fef03	83
kevman	0:38ceb79fef03	84	return( 0 );
kevman	0:38ceb79fef03	85	}
kevman	0:38ceb79fef03	86
kevman	0:38ceb79fef03	87	/*
kevman	0:38ceb79fef03	88	* Parse a CSR in DER format
kevman	0:38ceb79fef03	89	*/
kevman	0:38ceb79fef03	90	int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
kevman	0:38ceb79fef03	91	const unsigned char *buf, size_t buflen )
kevman	0:38ceb79fef03	92	{
kevman	0:38ceb79fef03	93	int ret;
kevman	0:38ceb79fef03	94	size_t len;
kevman	0:38ceb79fef03	95	unsigned char p, end;
kevman	0:38ceb79fef03	96	mbedtls_x509_buf sig_params;
kevman	0:38ceb79fef03	97
kevman	0:38ceb79fef03	98	memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) );
kevman	0:38ceb79fef03	99
kevman	0:38ceb79fef03	100	/*
kevman	0:38ceb79fef03	101	* Check for valid input
kevman	0:38ceb79fef03	102	*/
kevman	0:38ceb79fef03	103	if( csr == NULL \|\| buf == NULL \|\| buflen == 0 )
kevman	0:38ceb79fef03	104	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
kevman	0:38ceb79fef03	105
kevman	0:38ceb79fef03	106	mbedtls_x509_csr_init( csr );
kevman	0:38ceb79fef03	107
kevman	0:38ceb79fef03	108	/*
kevman	0:38ceb79fef03	109	* first copy the raw DER data
kevman	0:38ceb79fef03	110	*/
kevman	0:38ceb79fef03	111	p = mbedtls_calloc( 1, len = buflen );
kevman	0:38ceb79fef03	112
kevman	0:38ceb79fef03	113	if( p == NULL )
kevman	0:38ceb79fef03	114	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
kevman	0:38ceb79fef03	115
kevman	0:38ceb79fef03	116	memcpy( p, buf, buflen );
kevman	0:38ceb79fef03	117
kevman	0:38ceb79fef03	118	csr->raw.p = p;
kevman	0:38ceb79fef03	119	csr->raw.len = len;
kevman	0:38ceb79fef03	120	end = p + len;
kevman	0:38ceb79fef03	121
kevman	0:38ceb79fef03	122	/*
kevman	0:38ceb79fef03	123	* CertificationRequest ::= SEQUENCE {
kevman	0:38ceb79fef03	124	* certificationRequestInfo CertificationRequestInfo,
kevman	0:38ceb79fef03	125	* signatureAlgorithm AlgorithmIdentifier,
kevman	0:38ceb79fef03	126	* signature BIT STRING
kevman	0:38ceb79fef03	127	* }
kevman	0:38ceb79fef03	128	*/
kevman	0:38ceb79fef03	129	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
kevman	0:38ceb79fef03	130	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
kevman	0:38ceb79fef03	131	{
kevman	0:38ceb79fef03	132	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	133	return( MBEDTLS_ERR_X509_INVALID_FORMAT );
kevman	0:38ceb79fef03	134	}
kevman	0:38ceb79fef03	135
kevman	0:38ceb79fef03	136	if( len != (size_t) ( end - p ) )
kevman	0:38ceb79fef03	137	{
kevman	0:38ceb79fef03	138	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	139	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
kevman	0:38ceb79fef03	140	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
kevman	0:38ceb79fef03	141	}
kevman	0:38ceb79fef03	142
kevman	0:38ceb79fef03	143	/*
kevman	0:38ceb79fef03	144	* CertificationRequestInfo ::= SEQUENCE {
kevman	0:38ceb79fef03	145	*/
kevman	0:38ceb79fef03	146	csr->cri.p = p;
kevman	0:38ceb79fef03	147
kevman	0:38ceb79fef03	148	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
kevman	0:38ceb79fef03	149	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
kevman	0:38ceb79fef03	150	{
kevman	0:38ceb79fef03	151	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	152	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
kevman	0:38ceb79fef03	153	}
kevman	0:38ceb79fef03	154
kevman	0:38ceb79fef03	155	end = p + len;
kevman	0:38ceb79fef03	156	csr->cri.len = end - csr->cri.p;
kevman	0:38ceb79fef03	157
kevman	0:38ceb79fef03	158	/*
kevman	0:38ceb79fef03	159	* Version ::= INTEGER { v1(0) }
kevman	0:38ceb79fef03	160	*/
kevman	0:38ceb79fef03	161	if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
kevman	0:38ceb79fef03	162	{
kevman	0:38ceb79fef03	163	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	164	return( ret );
kevman	0:38ceb79fef03	165	}
kevman	0:38ceb79fef03	166
kevman	0:38ceb79fef03	167	if( csr->version != 0 )
kevman	0:38ceb79fef03	168	{
kevman	0:38ceb79fef03	169	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	170	return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
kevman	0:38ceb79fef03	171	}
kevman	0:38ceb79fef03	172
kevman	0:38ceb79fef03	173	csr->version++;
kevman	0:38ceb79fef03	174
kevman	0:38ceb79fef03	175	/*
kevman	0:38ceb79fef03	176	* subject Name
kevman	0:38ceb79fef03	177	*/
kevman	0:38ceb79fef03	178	csr->subject_raw.p = p;
kevman	0:38ceb79fef03	179
kevman	0:38ceb79fef03	180	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
kevman	0:38ceb79fef03	181	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
kevman	0:38ceb79fef03	182	{
kevman	0:38ceb79fef03	183	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	184	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
kevman	0:38ceb79fef03	185	}
kevman	0:38ceb79fef03	186
kevman	0:38ceb79fef03	187	if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
kevman	0:38ceb79fef03	188	{
kevman	0:38ceb79fef03	189	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	190	return( ret );
kevman	0:38ceb79fef03	191	}
kevman	0:38ceb79fef03	192
kevman	0:38ceb79fef03	193	csr->subject_raw.len = p - csr->subject_raw.p;
kevman	0:38ceb79fef03	194
kevman	0:38ceb79fef03	195	/*
kevman	0:38ceb79fef03	196	* subjectPKInfo SubjectPublicKeyInfo
kevman	0:38ceb79fef03	197	*/
kevman	0:38ceb79fef03	198	if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
kevman	0:38ceb79fef03	199	{
kevman	0:38ceb79fef03	200	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	201	return( ret );
kevman	0:38ceb79fef03	202	}
kevman	0:38ceb79fef03	203
kevman	0:38ceb79fef03	204	/*
kevman	0:38ceb79fef03	205	* attributes [0] Attributes
kevman	0:38ceb79fef03	206	*
kevman	0:38ceb79fef03	207	* The list of possible attributes is open-ended, though RFC 2985
kevman	0:38ceb79fef03	208	* (PKCS#9) defines a few in section 5.4. We currently don't support any,
kevman	0:38ceb79fef03	209	* so we just ignore them. This is a safe thing to do as the worst thing
kevman	0:38ceb79fef03	210	* that could happen is that we issue a certificate that does not match
kevman	0:38ceb79fef03	211	* the requester's expectations - this cannot cause a violation of our
kevman	0:38ceb79fef03	212	* signature policies.
kevman	0:38ceb79fef03	213	*/
kevman	0:38ceb79fef03	214	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
kevman	0:38ceb79fef03	215	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
kevman	0:38ceb79fef03	216	{
kevman	0:38ceb79fef03	217	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	218	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
kevman	0:38ceb79fef03	219	}
kevman	0:38ceb79fef03	220
kevman	0:38ceb79fef03	221	p += len;
kevman	0:38ceb79fef03	222
kevman	0:38ceb79fef03	223	end = csr->raw.p + csr->raw.len;
kevman	0:38ceb79fef03	224
kevman	0:38ceb79fef03	225	/*
kevman	0:38ceb79fef03	226	* signatureAlgorithm AlgorithmIdentifier,
kevman	0:38ceb79fef03	227	* signature BIT STRING
kevman	0:38ceb79fef03	228	*/
kevman	0:38ceb79fef03	229	if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
kevman	0:38ceb79fef03	230	{
kevman	0:38ceb79fef03	231	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	232	return( ret );
kevman	0:38ceb79fef03	233	}
kevman	0:38ceb79fef03	234
kevman	0:38ceb79fef03	235	if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params,
kevman	0:38ceb79fef03	236	&csr->sig_md, &csr->sig_pk,
kevman	0:38ceb79fef03	237	&csr->sig_opts ) ) != 0 )
kevman	0:38ceb79fef03	238	{
kevman	0:38ceb79fef03	239	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	240	return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
kevman	0:38ceb79fef03	241	}
kevman	0:38ceb79fef03	242
kevman	0:38ceb79fef03	243	if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 )
kevman	0:38ceb79fef03	244	{
kevman	0:38ceb79fef03	245	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	246	return( ret );
kevman	0:38ceb79fef03	247	}
kevman	0:38ceb79fef03	248
kevman	0:38ceb79fef03	249	if( p != end )
kevman	0:38ceb79fef03	250	{
kevman	0:38ceb79fef03	251	mbedtls_x509_csr_free( csr );
kevman	0:38ceb79fef03	252	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
kevman	0:38ceb79fef03	253	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
kevman	0:38ceb79fef03	254	}
kevman	0:38ceb79fef03	255
kevman	0:38ceb79fef03	256	return( 0 );
kevman	0:38ceb79fef03	257	}
kevman	0:38ceb79fef03	258
kevman	0:38ceb79fef03	259	/*
kevman	0:38ceb79fef03	260	* Parse a CSR, allowing for PEM or raw DER encoding
kevman	0:38ceb79fef03	261	*/
kevman	0:38ceb79fef03	262	int mbedtls_x509_csr_parse( mbedtls_x509_csr csr, const unsigned char buf, size_t buflen )
kevman	0:38ceb79fef03	263	{
kevman	0:38ceb79fef03	264	#if defined(MBEDTLS_PEM_PARSE_C)
kevman	0:38ceb79fef03	265	int ret;
kevman	0:38ceb79fef03	266	size_t use_len;
kevman	0:38ceb79fef03	267	mbedtls_pem_context pem;
kevman	0:38ceb79fef03	268	#endif
kevman	0:38ceb79fef03	269
kevman	0:38ceb79fef03	270	/*
kevman	0:38ceb79fef03	271	* Check for valid input
kevman	0:38ceb79fef03	272	*/
kevman	0:38ceb79fef03	273	if( csr == NULL \|\| buf == NULL \|\| buflen == 0 )
kevman	0:38ceb79fef03	274	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
kevman	0:38ceb79fef03	275
kevman	0:38ceb79fef03	276	#if defined(MBEDTLS_PEM_PARSE_C)
kevman	0:38ceb79fef03	277	/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
kevman	0:38ceb79fef03	278	if( buf[buflen - 1] == '\0' )
kevman	0:38ceb79fef03	279	{
kevman	0:38ceb79fef03	280	mbedtls_pem_init( &pem );
kevman	0:38ceb79fef03	281	ret = mbedtls_pem_read_buffer( &pem,
kevman	0:38ceb79fef03	282	"-----BEGIN CERTIFICATE REQUEST-----",
kevman	0:38ceb79fef03	283	"-----END CERTIFICATE REQUEST-----",
kevman	0:38ceb79fef03	284	buf, NULL, 0, &use_len );
kevman	0:38ceb79fef03	285
kevman	0:38ceb79fef03	286	if( ret == 0 )
kevman	0:38ceb79fef03	287	/*
kevman	0:38ceb79fef03	288	* Was PEM encoded, parse the result
kevman	0:38ceb79fef03	289	*/
kevman	0:38ceb79fef03	290	ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
kevman	0:38ceb79fef03	291
kevman	0:38ceb79fef03	292	mbedtls_pem_free( &pem );
kevman	0:38ceb79fef03	293	if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
kevman	0:38ceb79fef03	294	return( ret );
kevman	0:38ceb79fef03	295	}
kevman	0:38ceb79fef03	296	#endif /* MBEDTLS_PEM_PARSE_C */
kevman	0:38ceb79fef03	297	return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
kevman	0:38ceb79fef03	298	}
kevman	0:38ceb79fef03	299
kevman	0:38ceb79fef03	300	#if defined(MBEDTLS_FS_IO)
kevman	0:38ceb79fef03	301	/*
kevman	0:38ceb79fef03	302	* Load a CSR into the structure
kevman	0:38ceb79fef03	303	*/
kevman	0:38ceb79fef03	304	int mbedtls_x509_csr_parse_file( mbedtls_x509_csr csr, const char path )
kevman	0:38ceb79fef03	305	{
kevman	0:38ceb79fef03	306	int ret;
kevman	0:38ceb79fef03	307	size_t n;
kevman	0:38ceb79fef03	308	unsigned char *buf;
kevman	0:38ceb79fef03	309
kevman	0:38ceb79fef03	310	if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
kevman	0:38ceb79fef03	311	return( ret );
kevman	0:38ceb79fef03	312
kevman	0:38ceb79fef03	313	ret = mbedtls_x509_csr_parse( csr, buf, n );
kevman	0:38ceb79fef03	314
kevman	0:38ceb79fef03	315	mbedtls_platform_zeroize( buf, n );
kevman	0:38ceb79fef03	316	mbedtls_free( buf );
kevman	0:38ceb79fef03	317
kevman	0:38ceb79fef03	318	return( ret );
kevman	0:38ceb79fef03	319	}
kevman	0:38ceb79fef03	320	#endif /* MBEDTLS_FS_IO */
kevman	0:38ceb79fef03	321
kevman	0:38ceb79fef03	322	#define BEFORE_COLON 14
kevman	0:38ceb79fef03	323	#define BC "14"
kevman	0:38ceb79fef03	324	/*
kevman	0:38ceb79fef03	325	* Return an informational string about the CSR.
kevman	0:38ceb79fef03	326	*/
kevman	0:38ceb79fef03	327	int mbedtls_x509_csr_info( char buf, size_t size, const char prefix,
kevman	0:38ceb79fef03	328	const mbedtls_x509_csr *csr )
kevman	0:38ceb79fef03	329	{
kevman	0:38ceb79fef03	330	int ret;
kevman	0:38ceb79fef03	331	size_t n;
kevman	0:38ceb79fef03	332	char *p;
kevman	0:38ceb79fef03	333	char key_size_str[BEFORE_COLON];
kevman	0:38ceb79fef03	334
kevman	0:38ceb79fef03	335	p = buf;
kevman	0:38ceb79fef03	336	n = size;
kevman	0:38ceb79fef03	337
kevman	0:38ceb79fef03	338	ret = mbedtls_snprintf( p, n, "%sCSR version : %d",
kevman	0:38ceb79fef03	339	prefix, csr->version );
kevman	0:38ceb79fef03	340	MBEDTLS_X509_SAFE_SNPRINTF;
kevman	0:38ceb79fef03	341
kevman	0:38ceb79fef03	342	ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
kevman	0:38ceb79fef03	343	MBEDTLS_X509_SAFE_SNPRINTF;
kevman	0:38ceb79fef03	344	ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
kevman	0:38ceb79fef03	345	MBEDTLS_X509_SAFE_SNPRINTF;
kevman	0:38ceb79fef03	346
kevman	0:38ceb79fef03	347	ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
kevman	0:38ceb79fef03	348	MBEDTLS_X509_SAFE_SNPRINTF;
kevman	0:38ceb79fef03	349
kevman	0:38ceb79fef03	350	ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
kevman	0:38ceb79fef03	351	csr->sig_opts );
kevman	0:38ceb79fef03	352	MBEDTLS_X509_SAFE_SNPRINTF;
kevman	0:38ceb79fef03	353
kevman	0:38ceb79fef03	354	if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
kevman	0:38ceb79fef03	355	mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
kevman	0:38ceb79fef03	356	{
kevman	0:38ceb79fef03	357	return( ret );
kevman	0:38ceb79fef03	358	}
kevman	0:38ceb79fef03	359
kevman	0:38ceb79fef03	360	ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
kevman	0:38ceb79fef03	361	(int) mbedtls_pk_get_bitlen( &csr->pk ) );
kevman	0:38ceb79fef03	362	MBEDTLS_X509_SAFE_SNPRINTF;
kevman	0:38ceb79fef03	363
kevman	0:38ceb79fef03	364	return( (int) ( size - n ) );
kevman	0:38ceb79fef03	365	}
kevman	0:38ceb79fef03	366
kevman	0:38ceb79fef03	367	/*
kevman	0:38ceb79fef03	368	* Initialize a CSR
kevman	0:38ceb79fef03	369	*/
kevman	0:38ceb79fef03	370	void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
kevman	0:38ceb79fef03	371	{
kevman	0:38ceb79fef03	372	memset( csr, 0, sizeof(mbedtls_x509_csr) );
kevman	0:38ceb79fef03	373	}
kevman	0:38ceb79fef03	374
kevman	0:38ceb79fef03	375	/*
kevman	0:38ceb79fef03	376	* Unallocate all CSR data
kevman	0:38ceb79fef03	377	*/
kevman	0:38ceb79fef03	378	void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
kevman	0:38ceb79fef03	379	{
kevman	0:38ceb79fef03	380	mbedtls_x509_name *name_cur;
kevman	0:38ceb79fef03	381	mbedtls_x509_name *name_prv;
kevman	0:38ceb79fef03	382
kevman	0:38ceb79fef03	383	if( csr == NULL )
kevman	0:38ceb79fef03	384	return;
kevman	0:38ceb79fef03	385
kevman	0:38ceb79fef03	386	mbedtls_pk_free( &csr->pk );
kevman	0:38ceb79fef03	387
kevman	0:38ceb79fef03	388	#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
kevman	0:38ceb79fef03	389	mbedtls_free( csr->sig_opts );
kevman	0:38ceb79fef03	390	#endif
kevman	0:38ceb79fef03	391
kevman	0:38ceb79fef03	392	name_cur = csr->subject.next;
kevman	0:38ceb79fef03	393	while( name_cur != NULL )
kevman	0:38ceb79fef03	394	{
kevman	0:38ceb79fef03	395	name_prv = name_cur;
kevman	0:38ceb79fef03	396	name_cur = name_cur->next;
kevman	0:38ceb79fef03	397	mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
kevman	0:38ceb79fef03	398	mbedtls_free( name_prv );
kevman	0:38ceb79fef03	399	}
kevman	0:38ceb79fef03	400
kevman	0:38ceb79fef03	401	if( csr->raw.p != NULL )
kevman	0:38ceb79fef03	402	{
kevman	0:38ceb79fef03	403	mbedtls_platform_zeroize( csr->raw.p, csr->raw.len );
kevman	0:38ceb79fef03	404	mbedtls_free( csr->raw.p );
kevman	0:38ceb79fef03	405	}
kevman	0:38ceb79fef03	406
kevman	0:38ceb79fef03	407	mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) );
kevman	0:38ceb79fef03	408	}
kevman	0:38ceb79fef03	409
kevman	0:38ceb79fef03	410	#endif /* MBEDTLS_X509_CSR_PARSE_C */

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	30 Oct 2019
Imports:	1
Forks:	0
Commits:	3
Dependents:	0
Dependencies:	0
Followers:	1

This repository is Public (Unlisted).

features/mbedtls/src/x509_csr.c@2:7aab896b1a3b, 2019-03-13 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning