xref: /freebsd/contrib/wpa/src/tls/x509v3.c (revision e30a620063b852f51e8955dd6f993680d5da6223)
1 /*
2  * X.509v3 certificate parsing and processing (RFC 3280 profile)
3  * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "crypto/crypto.h"
13 #include "asn1.h"
14 #include "x509v3.h"
15 
16 
17 static void x509_free_name(struct x509_name *name)
18 {
19 	size_t i;
20 
21 	for (i = 0; i < name->num_attr; i++) {
22 		os_free(name->attr[i].value);
23 		name->attr[i].value = NULL;
24 		name->attr[i].type = X509_NAME_ATTR_NOT_USED;
25 	}
26 	name->num_attr = 0;
27 	os_free(name->email);
28 	name->email = NULL;
29 
30 	os_free(name->alt_email);
31 	os_free(name->dns);
32 	os_free(name->uri);
33 	os_free(name->ip);
34 	name->alt_email = name->dns = name->uri = NULL;
35 	name->ip = NULL;
36 	name->ip_len = 0;
37 	os_memset(&name->rid, 0, sizeof(name->rid));
38 }
39 
40 
41 /**
42  * x509_certificate_free - Free an X.509 certificate
43  * @cert: Certificate to be freed
44  */
45 void x509_certificate_free(struct x509_certificate *cert)
46 {
47 	if (cert == NULL)
48 		return;
49 	if (cert->next) {
50 		wpa_printf(MSG_DEBUG, "X509: x509_certificate_free: cer=%p "
51 			   "was still on a list (next=%p)\n",
52 			   cert, cert->next);
53 	}
54 	x509_free_name(&cert->issuer);
55 	x509_free_name(&cert->subject);
56 	os_free(cert->public_key);
57 	os_free(cert->sign_value);
58 	os_free(cert);
59 }
60 
61 
62 /**
63  * x509_certificate_free - Free an X.509 certificate chain
64  * @cert: Pointer to the first certificate in the chain
65  */
66 void x509_certificate_chain_free(struct x509_certificate *cert)
67 {
68 	struct x509_certificate *next;
69 
70 	while (cert) {
71 		next = cert->next;
72 		cert->next = NULL;
73 		x509_certificate_free(cert);
74 		cert = next;
75 	}
76 }
77 
78 
79 static int x509_whitespace(char c)
80 {
81 	return c == ' ' || c == '\t';
82 }
83 
84 
85 static void x509_str_strip_whitespace(char *a)
86 {
87 	char *ipos, *opos;
88 	int remove_whitespace = 1;
89 
90 	ipos = opos = a;
91 
92 	while (*ipos) {
93 		if (remove_whitespace && x509_whitespace(*ipos))
94 			ipos++;
95 		else {
96 			remove_whitespace = x509_whitespace(*ipos);
97 			*opos++ = *ipos++;
98 		}
99 	}
100 
101 	*opos-- = '\0';
102 	if (opos > a && x509_whitespace(*opos))
103 		*opos = '\0';
104 }
105 
106 
107 static int x509_str_compare(const char *a, const char *b)
108 {
109 	char *aa, *bb;
110 	int ret;
111 
112 	if (!a && b)
113 		return -1;
114 	if (a && !b)
115 		return 1;
116 	if (!a && !b)
117 		return 0;
118 
119 	aa = os_strdup(a);
120 	bb = os_strdup(b);
121 
122 	if (aa == NULL || bb == NULL) {
123 		os_free(aa);
124 		os_free(bb);
125 		return os_strcasecmp(a, b);
126 	}
127 
128 	x509_str_strip_whitespace(aa);
129 	x509_str_strip_whitespace(bb);
130 
131 	ret = os_strcasecmp(aa, bb);
132 
133 	os_free(aa);
134 	os_free(bb);
135 
136 	return ret;
137 }
138 
139 
140 /**
141  * x509_name_compare - Compare X.509 certificate names
142  * @a: Certificate name
143  * @b: Certificate name
144  * Returns: <0, 0, or >0 based on whether a is less than, equal to, or
145  * greater than b
146  */
147 int x509_name_compare(struct x509_name *a, struct x509_name *b)
148 {
149 	int res;
150 	size_t i;
151 
152 	if (!a && b)
153 		return -1;
154 	if (a && !b)
155 		return 1;
156 	if (!a && !b)
157 		return 0;
158 	if (a->num_attr < b->num_attr)
159 		return -1;
160 	if (a->num_attr > b->num_attr)
161 		return 1;
162 
163 	for (i = 0; i < a->num_attr; i++) {
164 		if (a->attr[i].type < b->attr[i].type)
165 			return -1;
166 		if (a->attr[i].type > b->attr[i].type)
167 			return -1;
168 		res = x509_str_compare(a->attr[i].value, b->attr[i].value);
169 		if (res)
170 			return res;
171 	}
172 	res = x509_str_compare(a->email, b->email);
173 	if (res)
174 		return res;
175 
176 	return 0;
177 }
178 
179 
180 static int x509_parse_algorithm_identifier(
181 	const u8 *buf, size_t len,
182 	struct x509_algorithm_identifier *id, const u8 **next)
183 {
184 	struct asn1_hdr hdr;
185 	const u8 *pos, *end;
186 
187 	/*
188 	 * AlgorithmIdentifier ::= SEQUENCE {
189 	 *     algorithm            OBJECT IDENTIFIER,
190 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
191 	 * }
192 	 */
193 
194 	if (asn1_get_next(buf, len, &hdr) < 0 ||
195 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
196 	    hdr.tag != ASN1_TAG_SEQUENCE) {
197 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
198 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
199 			   hdr.class, hdr.tag);
200 		return -1;
201 	}
202 	pos = hdr.payload;
203 	end = pos + hdr.length;
204 
205 	if (end > buf + len)
206 		return -1;
207 
208 	*next = end;
209 
210 	if (asn1_get_oid(pos, end - pos, &id->oid, &pos))
211 		return -1;
212 
213 	/* TODO: optional parameters */
214 
215 	return 0;
216 }
217 
218 
219 static int x509_parse_public_key(const u8 *buf, size_t len,
220 				 struct x509_certificate *cert,
221 				 const u8 **next)
222 {
223 	struct asn1_hdr hdr;
224 	const u8 *pos, *end;
225 
226 	/*
227 	 * SubjectPublicKeyInfo ::= SEQUENCE {
228 	 *     algorithm            AlgorithmIdentifier,
229 	 *     subjectPublicKey     BIT STRING
230 	 * }
231 	 */
232 
233 	pos = buf;
234 	end = buf + len;
235 
236 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
237 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
238 	    hdr.tag != ASN1_TAG_SEQUENCE) {
239 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
240 			   "(SubjectPublicKeyInfo) - found class %d tag 0x%x",
241 			   hdr.class, hdr.tag);
242 		return -1;
243 	}
244 	pos = hdr.payload;
245 
246 	if (pos + hdr.length > end)
247 		return -1;
248 	end = pos + hdr.length;
249 	*next = end;
250 
251 	if (x509_parse_algorithm_identifier(pos, end - pos,
252 					    &cert->public_key_alg, &pos))
253 		return -1;
254 
255 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
256 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
257 	    hdr.tag != ASN1_TAG_BITSTRING) {
258 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
259 			   "(subjectPublicKey) - found class %d tag 0x%x",
260 			   hdr.class, hdr.tag);
261 		return -1;
262 	}
263 	if (hdr.length < 1)
264 		return -1;
265 	pos = hdr.payload;
266 	if (*pos) {
267 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
268 			   *pos);
269 		/*
270 		 * TODO: should this be rejected? X.509 certificates are
271 		 * unlikely to use such a construction. Now we would end up
272 		 * including the extra bits in the buffer which may also be
273 		 * ok.
274 		 */
275 	}
276 	os_free(cert->public_key);
277 	cert->public_key = os_malloc(hdr.length - 1);
278 	if (cert->public_key == NULL) {
279 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
280 			   "public key");
281 		return -1;
282 	}
283 	os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
284 	cert->public_key_len = hdr.length - 1;
285 	wpa_hexdump(MSG_MSGDUMP, "X509: subjectPublicKey",
286 		    cert->public_key, cert->public_key_len);
287 
288 	return 0;
289 }
290 
291 
292 static int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
293 			   const u8 **next)
294 {
295 	struct asn1_hdr hdr;
296 	const u8 *pos, *end, *set_pos, *set_end, *seq_pos, *seq_end;
297 	struct asn1_oid oid;
298 	char *val;
299 
300 	/*
301 	 * Name ::= CHOICE { RDNSequence }
302 	 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
303 	 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
304 	 * AttributeTypeAndValue ::= SEQUENCE {
305 	 *     type     AttributeType,
306 	 *     value    AttributeValue
307 	 * }
308 	 * AttributeType ::= OBJECT IDENTIFIER
309 	 * AttributeValue ::= ANY DEFINED BY AttributeType
310 	 */
311 
312 	if (asn1_get_next(buf, len, &hdr) < 0 ||
313 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
314 	    hdr.tag != ASN1_TAG_SEQUENCE) {
315 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
316 			   "(Name / RDNSequencer) - found class %d tag 0x%x",
317 			   hdr.class, hdr.tag);
318 		return -1;
319 	}
320 	pos = hdr.payload;
321 
322 	if (pos + hdr.length > buf + len)
323 		return -1;
324 
325 	end = *next = pos + hdr.length;
326 
327 	while (pos < end) {
328 		enum x509_name_attr_type type;
329 
330 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
331 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
332 		    hdr.tag != ASN1_TAG_SET) {
333 			wpa_printf(MSG_DEBUG, "X509: Expected SET "
334 				   "(RelativeDistinguishedName) - found class "
335 				   "%d tag 0x%x", hdr.class, hdr.tag);
336 			x509_free_name(name);
337 			return -1;
338 		}
339 
340 		set_pos = hdr.payload;
341 		pos = set_end = hdr.payload + hdr.length;
342 
343 		if (asn1_get_next(set_pos, set_end - set_pos, &hdr) < 0 ||
344 		    hdr.class != ASN1_CLASS_UNIVERSAL ||
345 		    hdr.tag != ASN1_TAG_SEQUENCE) {
346 			wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
347 				   "(AttributeTypeAndValue) - found class %d "
348 				   "tag 0x%x", hdr.class, hdr.tag);
349 			x509_free_name(name);
350 			return -1;
351 		}
352 
353 		seq_pos = hdr.payload;
354 		seq_end = hdr.payload + hdr.length;
355 
356 		if (asn1_get_oid(seq_pos, seq_end - seq_pos, &oid, &seq_pos)) {
357 			x509_free_name(name);
358 			return -1;
359 		}
360 
361 		if (asn1_get_next(seq_pos, seq_end - seq_pos, &hdr) < 0 ||
362 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
363 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
364 				   "AttributeValue");
365 			x509_free_name(name);
366 			return -1;
367 		}
368 
369 		/* RFC 3280:
370 		 * MUST: country, organization, organizational-unit,
371 		 * distinguished name qualifier, state or province name,
372 		 * common name, serial number.
373 		 * SHOULD: locality, title, surname, given name, initials,
374 		 * pseudonym, generation qualifier.
375 		 * MUST: domainComponent (RFC 2247).
376 		 */
377 		type = X509_NAME_ATTR_NOT_USED;
378 		if (oid.len == 4 &&
379 		    oid.oid[0] == 2 && oid.oid[1] == 5 && oid.oid[2] == 4) {
380 			/* id-at ::= 2.5.4 */
381 			switch (oid.oid[3]) {
382 			case 3:
383 				/* commonName */
384 				type = X509_NAME_ATTR_CN;
385 				break;
386 			case 6:
387 				/*  countryName */
388 				type = X509_NAME_ATTR_C;
389 				break;
390 			case 7:
391 				/* localityName */
392 				type = X509_NAME_ATTR_L;
393 				break;
394 			case 8:
395 				/* stateOrProvinceName */
396 				type = X509_NAME_ATTR_ST;
397 				break;
398 			case 10:
399 				/* organizationName */
400 				type = X509_NAME_ATTR_O;
401 				break;
402 			case 11:
403 				/* organizationalUnitName */
404 				type = X509_NAME_ATTR_OU;
405 				break;
406 			}
407 		} else if (oid.len == 7 &&
408 			   oid.oid[0] == 1 && oid.oid[1] == 2 &&
409 			   oid.oid[2] == 840 && oid.oid[3] == 113549 &&
410 			   oid.oid[4] == 1 && oid.oid[5] == 9 &&
411 			   oid.oid[6] == 1) {
412 			/* 1.2.840.113549.1.9.1 - e-mailAddress */
413 			os_free(name->email);
414 			name->email = os_malloc(hdr.length + 1);
415 			if (name->email == NULL) {
416 				x509_free_name(name);
417 				return -1;
418 			}
419 			os_memcpy(name->email, hdr.payload, hdr.length);
420 			name->email[hdr.length] = '\0';
421 			continue;
422 		} else if (oid.len == 7 &&
423 			   oid.oid[0] == 0 && oid.oid[1] == 9 &&
424 			   oid.oid[2] == 2342 && oid.oid[3] == 19200300 &&
425 			   oid.oid[4] == 100 && oid.oid[5] == 1 &&
426 			   oid.oid[6] == 25) {
427 			/* 0.9.2342.19200300.100.1.25 - domainComponent */
428 			type = X509_NAME_ATTR_DC;
429 		}
430 
431 		if (type == X509_NAME_ATTR_NOT_USED) {
432 			wpa_hexdump(MSG_DEBUG, "X509: Unrecognized OID",
433 				    (u8 *) oid.oid,
434 				    oid.len * sizeof(oid.oid[0]));
435 			wpa_hexdump_ascii(MSG_MSGDUMP, "X509: Attribute Data",
436 					  hdr.payload, hdr.length);
437 			continue;
438 		}
439 
440 		if (name->num_attr == X509_MAX_NAME_ATTRIBUTES) {
441 			wpa_printf(MSG_INFO, "X509: Too many Name attributes");
442 			x509_free_name(name);
443 			return -1;
444 		}
445 
446 		val = dup_binstr(hdr.payload, hdr.length);
447 		if (val == NULL) {
448 			x509_free_name(name);
449 			return -1;
450 		}
451 		if (os_strlen(val) != hdr.length) {
452 			wpa_printf(MSG_INFO, "X509: Reject certificate with "
453 				   "embedded NUL byte in a string (%s[NUL])",
454 				   val);
455 			os_free(val);
456 			x509_free_name(name);
457 			return -1;
458 		}
459 
460 		name->attr[name->num_attr].type = type;
461 		name->attr[name->num_attr].value = val;
462 		name->num_attr++;
463 	}
464 
465 	return 0;
466 }
467 
468 
469 static char * x509_name_attr_str(enum x509_name_attr_type type)
470 {
471 	switch (type) {
472 	case X509_NAME_ATTR_NOT_USED:
473 		return "[N/A]";
474 	case X509_NAME_ATTR_DC:
475 		return "DC";
476 	case X509_NAME_ATTR_CN:
477 		return "CN";
478 	case X509_NAME_ATTR_C:
479 		return "C";
480 	case X509_NAME_ATTR_L:
481 		return "L";
482 	case X509_NAME_ATTR_ST:
483 		return "ST";
484 	case X509_NAME_ATTR_O:
485 		return "O";
486 	case X509_NAME_ATTR_OU:
487 		return "OU";
488 	}
489 	return "?";
490 }
491 
492 
493 /**
494  * x509_name_string - Convert an X.509 certificate name into a string
495  * @name: Name to convert
496  * @buf: Buffer for the string
497  * @len: Maximum buffer length
498  */
499 void x509_name_string(struct x509_name *name, char *buf, size_t len)
500 {
501 	char *pos, *end;
502 	int ret;
503 	size_t i;
504 
505 	if (len == 0)
506 		return;
507 
508 	pos = buf;
509 	end = buf + len;
510 
511 	for (i = 0; i < name->num_attr; i++) {
512 		ret = os_snprintf(pos, end - pos, "%s=%s, ",
513 				  x509_name_attr_str(name->attr[i].type),
514 				  name->attr[i].value);
515 		if (os_snprintf_error(end - pos, ret))
516 			goto done;
517 		pos += ret;
518 	}
519 
520 	if (pos > buf + 1 && pos[-1] == ' ' && pos[-2] == ',') {
521 		pos--;
522 		*pos = '\0';
523 		pos--;
524 		*pos = '\0';
525 	}
526 
527 	if (name->email) {
528 		ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
529 				  name->email);
530 		if (os_snprintf_error(end - pos, ret))
531 			goto done;
532 		pos += ret;
533 	}
534 
535 done:
536 	end[-1] = '\0';
537 }
538 
539 
540 static int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag,
541 			   os_time_t *val)
542 {
543 	const char *pos;
544 	int year, month, day, hour, min, sec;
545 
546 	/*
547 	 * Time ::= CHOICE {
548 	 *     utcTime        UTCTime,
549 	 *     generalTime    GeneralizedTime
550 	 * }
551 	 *
552 	 * UTCTime: YYMMDDHHMMSSZ
553 	 * GeneralizedTime: YYYYMMDDHHMMSSZ
554 	 */
555 
556 	pos = (const char *) buf;
557 
558 	switch (asn1_tag) {
559 	case ASN1_TAG_UTCTIME:
560 		if (len != 13 || buf[12] != 'Z') {
561 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
562 					  "UTCTime format", buf, len);
563 			return -1;
564 		}
565 		if (sscanf(pos, "%02d", &year) != 1) {
566 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
567 					  "UTCTime year", buf, len);
568 			return -1;
569 		}
570 		if (year < 50)
571 			year += 2000;
572 		else
573 			year += 1900;
574 		pos += 2;
575 		break;
576 	case ASN1_TAG_GENERALIZEDTIME:
577 		if (len != 15 || buf[14] != 'Z') {
578 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Unrecognized "
579 					  "GeneralizedTime format", buf, len);
580 			return -1;
581 		}
582 		if (sscanf(pos, "%04d", &year) != 1) {
583 			wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse "
584 					  "GeneralizedTime year", buf, len);
585 			return -1;
586 		}
587 		pos += 4;
588 		break;
589 	default:
590 		wpa_printf(MSG_DEBUG, "X509: Expected UTCTime or "
591 			   "GeneralizedTime - found tag 0x%x", asn1_tag);
592 		return -1;
593 	}
594 
595 	if (sscanf(pos, "%02d", &month) != 1) {
596 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
597 				  "(month)", buf, len);
598 		return -1;
599 	}
600 	pos += 2;
601 
602 	if (sscanf(pos, "%02d", &day) != 1) {
603 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
604 				  "(day)", buf, len);
605 		return -1;
606 	}
607 	pos += 2;
608 
609 	if (sscanf(pos, "%02d", &hour) != 1) {
610 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
611 				  "(hour)", buf, len);
612 		return -1;
613 	}
614 	pos += 2;
615 
616 	if (sscanf(pos, "%02d", &min) != 1) {
617 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
618 				  "(min)", buf, len);
619 		return -1;
620 	}
621 	pos += 2;
622 
623 	if (sscanf(pos, "%02d", &sec) != 1) {
624 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse Time "
625 				  "(sec)", buf, len);
626 		return -1;
627 	}
628 
629 	if (os_mktime(year, month, day, hour, min, sec, val) < 0) {
630 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to convert Time",
631 				  buf, len);
632 		if (year < 1970) {
633 			/*
634 			 * At least some test certificates have been configured
635 			 * to use dates prior to 1970. Set the date to
636 			 * beginning of 1970 to handle these case.
637 			 */
638 			wpa_printf(MSG_DEBUG, "X509: Year=%d before epoch - "
639 				   "assume epoch as the time", year);
640 			*val = 0;
641 			return 0;
642 		}
643 		return -1;
644 	}
645 
646 	return 0;
647 }
648 
649 
650 static int x509_parse_validity(const u8 *buf, size_t len,
651 			       struct x509_certificate *cert, const u8 **next)
652 {
653 	struct asn1_hdr hdr;
654 	const u8 *pos;
655 	size_t plen;
656 
657 	/*
658 	 * Validity ::= SEQUENCE {
659 	 *     notBefore      Time,
660 	 *     notAfter       Time
661 	 * }
662 	 *
663 	 * RFC 3280, 4.1.2.5:
664 	 * CAs conforming to this profile MUST always encode certificate
665 	 * validity dates through the year 2049 as UTCTime; certificate
666 	 * validity dates in 2050 or later MUST be encoded as GeneralizedTime.
667 	 */
668 
669 	if (asn1_get_next(buf, len, &hdr) < 0 ||
670 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
671 	    hdr.tag != ASN1_TAG_SEQUENCE) {
672 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
673 			   "(Validity) - found class %d tag 0x%x",
674 			   hdr.class, hdr.tag);
675 		return -1;
676 	}
677 	pos = hdr.payload;
678 	plen = hdr.length;
679 
680 	if (pos + plen > buf + len)
681 		return -1;
682 
683 	*next = pos + plen;
684 
685 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
686 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
687 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
688 			    &cert->not_before) < 0) {
689 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notBefore "
690 				  "Time", hdr.payload, hdr.length);
691 		return -1;
692 	}
693 
694 	pos = hdr.payload + hdr.length;
695 	plen = *next - pos;
696 
697 	if (asn1_get_next(pos, plen, &hdr) < 0 ||
698 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
699 	    x509_parse_time(hdr.payload, hdr.length, hdr.tag,
700 			    &cert->not_after) < 0) {
701 		wpa_hexdump_ascii(MSG_DEBUG, "X509: Failed to parse notAfter "
702 				  "Time", hdr.payload, hdr.length);
703 		return -1;
704 	}
705 
706 	wpa_printf(MSG_MSGDUMP, "X509: Validity: notBefore: %lu notAfter: %lu",
707 		   (unsigned long) cert->not_before,
708 		   (unsigned long) cert->not_after);
709 
710 	return 0;
711 }
712 
713 
714 static int x509_id_ce_oid(struct asn1_oid *oid)
715 {
716 	/* id-ce arc from X.509 for standard X.509v3 extensions */
717 	return oid->len >= 4 &&
718 		oid->oid[0] == 2 /* joint-iso-ccitt */ &&
719 		oid->oid[1] == 5 /* ds */ &&
720 		oid->oid[2] == 29 /* id-ce */;
721 }
722 
723 
724 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
725 				    const u8 *pos, size_t len)
726 {
727 	struct asn1_hdr hdr;
728 
729 	/*
730 	 * KeyUsage ::= BIT STRING {
731 	 *     digitalSignature        (0),
732 	 *     nonRepudiation          (1),
733 	 *     keyEncipherment         (2),
734 	 *     dataEncipherment        (3),
735 	 *     keyAgreement            (4),
736 	 *     keyCertSign             (5),
737 	 *     cRLSign                 (6),
738 	 *     encipherOnly            (7),
739 	 *     decipherOnly            (8) }
740 	 */
741 
742 	if (asn1_get_next(pos, len, &hdr) < 0 ||
743 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
744 	    hdr.tag != ASN1_TAG_BITSTRING ||
745 	    hdr.length < 1) {
746 		wpa_printf(MSG_DEBUG, "X509: Expected BIT STRING in "
747 			   "KeyUsage; found %d tag 0x%x len %d",
748 			   hdr.class, hdr.tag, hdr.length);
749 		return -1;
750 	}
751 
752 	cert->extensions_present |= X509_EXT_KEY_USAGE;
753 	cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
754 
755 	wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
756 
757 	return 0;
758 }
759 
760 
761 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
762 					    const u8 *pos, size_t len)
763 {
764 	struct asn1_hdr hdr;
765 	unsigned long value;
766 	size_t left;
767 
768 	/*
769 	 * BasicConstraints ::= SEQUENCE {
770 	 * cA                      BOOLEAN DEFAULT FALSE,
771 	 * pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
772 	 */
773 
774 	if (asn1_get_next(pos, len, &hdr) < 0 ||
775 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
776 	    hdr.tag != ASN1_TAG_SEQUENCE) {
777 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
778 			   "BasicConstraints; found %d tag 0x%x",
779 			   hdr.class, hdr.tag);
780 		return -1;
781 	}
782 
783 	cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
784 
785 	if (hdr.length == 0)
786 		return 0;
787 
788 	if (asn1_get_next(hdr.payload, hdr.length, &hdr) < 0 ||
789 	    hdr.class != ASN1_CLASS_UNIVERSAL) {
790 		wpa_printf(MSG_DEBUG, "X509: Failed to parse "
791 			   "BasicConstraints");
792 		return -1;
793 	}
794 
795 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
796 		if (hdr.length != 1) {
797 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
798 				   "Boolean length (%u) in BasicConstraints",
799 				   hdr.length);
800 			return -1;
801 		}
802 		cert->ca = hdr.payload[0];
803 
804 		if (hdr.payload + hdr.length == pos + len) {
805 			wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d",
806 				   cert->ca);
807 			return 0;
808 		}
809 
810 		if (asn1_get_next(hdr.payload + hdr.length, len - hdr.length,
811 				  &hdr) < 0 ||
812 		    hdr.class != ASN1_CLASS_UNIVERSAL) {
813 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
814 				   "BasicConstraints");
815 			return -1;
816 		}
817 	}
818 
819 	if (hdr.tag != ASN1_TAG_INTEGER) {
820 		wpa_printf(MSG_DEBUG, "X509: Expected INTEGER in "
821 			   "BasicConstraints; found class %d tag 0x%x",
822 			   hdr.class, hdr.tag);
823 		return -1;
824 	}
825 
826 	pos = hdr.payload;
827 	left = hdr.length;
828 	value = 0;
829 	while (left) {
830 		value <<= 8;
831 		value |= *pos++;
832 		left--;
833 	}
834 
835 	cert->path_len_constraint = value;
836 	cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
837 
838 	wpa_printf(MSG_DEBUG, "X509: BasicConstraints - cA=%d "
839 		   "pathLenConstraint=%lu",
840 		   cert->ca, cert->path_len_constraint);
841 
842 	return 0;
843 }
844 
845 
846 static int x509_parse_alt_name_rfc8222(struct x509_name *name,
847 				       const u8 *pos, size_t len)
848 {
849 	/* rfc822Name IA5String */
850 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - rfc822Name", pos, len);
851 	os_free(name->alt_email);
852 	name->alt_email = os_zalloc(len + 1);
853 	if (name->alt_email == NULL)
854 		return -1;
855 	os_memcpy(name->alt_email, pos, len);
856 	if (os_strlen(name->alt_email) != len) {
857 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
858 			   "embedded NUL byte in rfc822Name (%s[NUL])",
859 			   name->alt_email);
860 		os_free(name->alt_email);
861 		name->alt_email = NULL;
862 		return -1;
863 	}
864 	return 0;
865 }
866 
867 
868 static int x509_parse_alt_name_dns(struct x509_name *name,
869 				   const u8 *pos, size_t len)
870 {
871 	/* dNSName IA5String */
872 	wpa_hexdump_ascii(MSG_MSGDUMP, "X509: altName - dNSName", pos, len);
873 	os_free(name->dns);
874 	name->dns = os_zalloc(len + 1);
875 	if (name->dns == NULL)
876 		return -1;
877 	os_memcpy(name->dns, pos, len);
878 	if (os_strlen(name->dns) != len) {
879 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
880 			   "embedded NUL byte in dNSName (%s[NUL])",
881 			   name->dns);
882 		os_free(name->dns);
883 		name->dns = NULL;
884 		return -1;
885 	}
886 	return 0;
887 }
888 
889 
890 static int x509_parse_alt_name_uri(struct x509_name *name,
891 				   const u8 *pos, size_t len)
892 {
893 	/* uniformResourceIdentifier IA5String */
894 	wpa_hexdump_ascii(MSG_MSGDUMP,
895 			  "X509: altName - uniformResourceIdentifier",
896 			  pos, len);
897 	os_free(name->uri);
898 	name->uri = os_zalloc(len + 1);
899 	if (name->uri == NULL)
900 		return -1;
901 	os_memcpy(name->uri, pos, len);
902 	if (os_strlen(name->uri) != len) {
903 		wpa_printf(MSG_INFO, "X509: Reject certificate with "
904 			   "embedded NUL byte in uniformResourceIdentifier "
905 			   "(%s[NUL])", name->uri);
906 		os_free(name->uri);
907 		name->uri = NULL;
908 		return -1;
909 	}
910 	return 0;
911 }
912 
913 
914 static int x509_parse_alt_name_ip(struct x509_name *name,
915 				       const u8 *pos, size_t len)
916 {
917 	/* iPAddress OCTET STRING */
918 	wpa_hexdump(MSG_MSGDUMP, "X509: altName - iPAddress", pos, len);
919 	os_free(name->ip);
920 	name->ip = os_malloc(len);
921 	if (name->ip == NULL)
922 		return -1;
923 	os_memcpy(name->ip, pos, len);
924 	name->ip_len = len;
925 	return 0;
926 }
927 
928 
929 static int x509_parse_alt_name_rid(struct x509_name *name,
930 				   const u8 *pos, size_t len)
931 {
932 	char buf[80];
933 
934 	/* registeredID OBJECT IDENTIFIER */
935 	if (asn1_parse_oid(pos, len, &name->rid) < 0)
936 		return -1;
937 
938 	asn1_oid_to_str(&name->rid, buf, sizeof(buf));
939 	wpa_printf(MSG_MSGDUMP, "X509: altName - registeredID: %s", buf);
940 
941 	return 0;
942 }
943 
944 
945 static int x509_parse_ext_alt_name(struct x509_name *name,
946 				   const u8 *pos, size_t len)
947 {
948 	struct asn1_hdr hdr;
949 	const u8 *p, *end;
950 
951 	/*
952 	 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
953 	 *
954 	 * GeneralName ::= CHOICE {
955 	 *     otherName                       [0]     OtherName,
956 	 *     rfc822Name                      [1]     IA5String,
957 	 *     dNSName                         [2]     IA5String,
958 	 *     x400Address                     [3]     ORAddress,
959 	 *     directoryName                   [4]     Name,
960 	 *     ediPartyName                    [5]     EDIPartyName,
961 	 *     uniformResourceIdentifier       [6]     IA5String,
962 	 *     iPAddress                       [7]     OCTET STRING,
963 	 *     registeredID                    [8]     OBJECT IDENTIFIER }
964 	 *
965 	 * OtherName ::= SEQUENCE {
966 	 *     type-id    OBJECT IDENTIFIER,
967 	 *     value      [0] EXPLICIT ANY DEFINED BY type-id }
968 	 *
969 	 * EDIPartyName ::= SEQUENCE {
970 	 *     nameAssigner            [0]     DirectoryString OPTIONAL,
971 	 *     partyName               [1]     DirectoryString }
972 	 */
973 
974 	for (p = pos, end = pos + len; p < end; p = hdr.payload + hdr.length) {
975 		int res;
976 
977 		if (asn1_get_next(p, end - p, &hdr) < 0) {
978 			wpa_printf(MSG_DEBUG, "X509: Failed to parse "
979 				   "SubjectAltName item");
980 			return -1;
981 		}
982 
983 		if (hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC)
984 			continue;
985 
986 		switch (hdr.tag) {
987 		case 1:
988 			res = x509_parse_alt_name_rfc8222(name, hdr.payload,
989 							  hdr.length);
990 			break;
991 		case 2:
992 			res = x509_parse_alt_name_dns(name, hdr.payload,
993 						      hdr.length);
994 			break;
995 		case 6:
996 			res = x509_parse_alt_name_uri(name, hdr.payload,
997 						      hdr.length);
998 			break;
999 		case 7:
1000 			res = x509_parse_alt_name_ip(name, hdr.payload,
1001 						     hdr.length);
1002 			break;
1003 		case 8:
1004 			res = x509_parse_alt_name_rid(name, hdr.payload,
1005 						      hdr.length);
1006 			break;
1007 		case 0: /* TODO: otherName */
1008 		case 3: /* TODO: x500Address */
1009 		case 4: /* TODO: directoryName */
1010 		case 5: /* TODO: ediPartyName */
1011 		default:
1012 			res = 0;
1013 			break;
1014 		}
1015 		if (res < 0)
1016 			return res;
1017 	}
1018 
1019 	return 0;
1020 }
1021 
1022 
1023 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1024 					   const u8 *pos, size_t len)
1025 {
1026 	struct asn1_hdr hdr;
1027 
1028 	/* SubjectAltName ::= GeneralNames */
1029 
1030 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1031 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1032 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1033 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1034 			   "SubjectAltName; found %d tag 0x%x",
1035 			   hdr.class, hdr.tag);
1036 		return -1;
1037 	}
1038 
1039 	wpa_printf(MSG_DEBUG, "X509: SubjectAltName");
1040 	cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1041 
1042 	if (hdr.length == 0)
1043 		return 0;
1044 
1045 	return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1046 				       hdr.length);
1047 }
1048 
1049 
1050 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1051 					  const u8 *pos, size_t len)
1052 {
1053 	struct asn1_hdr hdr;
1054 
1055 	/* IssuerAltName ::= GeneralNames */
1056 
1057 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1058 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1059 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1060 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE in "
1061 			   "IssuerAltName; found %d tag 0x%x",
1062 			   hdr.class, hdr.tag);
1063 		return -1;
1064 	}
1065 
1066 	wpa_printf(MSG_DEBUG, "X509: IssuerAltName");
1067 	cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1068 
1069 	if (hdr.length == 0)
1070 		return 0;
1071 
1072 	return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1073 				       hdr.length);
1074 }
1075 
1076 
1077 static int x509_parse_extension_data(struct x509_certificate *cert,
1078 				     struct asn1_oid *oid,
1079 				     const u8 *pos, size_t len)
1080 {
1081 	if (!x509_id_ce_oid(oid))
1082 		return 1;
1083 
1084 	/* TODO: add other extensions required by RFC 3280, Ch 4.2:
1085 	 * certificate policies (section 4.2.1.5)
1086 	 * name constraints (section 4.2.1.11)
1087 	 * policy constraints (section 4.2.1.12)
1088 	 * extended key usage (section 4.2.1.13)
1089 	 * inhibit any-policy (section 4.2.1.15)
1090 	 */
1091 	switch (oid->oid[3]) {
1092 	case 15: /* id-ce-keyUsage */
1093 		return x509_parse_ext_key_usage(cert, pos, len);
1094 	case 17: /* id-ce-subjectAltName */
1095 		return x509_parse_ext_subject_alt_name(cert, pos, len);
1096 	case 18: /* id-ce-issuerAltName */
1097 		return x509_parse_ext_issuer_alt_name(cert, pos, len);
1098 	case 19: /* id-ce-basicConstraints */
1099 		return x509_parse_ext_basic_constraints(cert, pos, len);
1100 	default:
1101 		return 1;
1102 	}
1103 }
1104 
1105 
1106 static int x509_parse_extension(struct x509_certificate *cert,
1107 				const u8 *pos, size_t len, const u8 **next)
1108 {
1109 	const u8 *end;
1110 	struct asn1_hdr hdr;
1111 	struct asn1_oid oid;
1112 	int critical_ext = 0, res;
1113 	char buf[80];
1114 
1115 	/*
1116 	 * Extension  ::=  SEQUENCE  {
1117 	 *     extnID      OBJECT IDENTIFIER,
1118 	 *     critical    BOOLEAN DEFAULT FALSE,
1119 	 *     extnValue   OCTET STRING
1120 	 * }
1121 	 */
1122 
1123 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1124 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1125 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1126 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1127 			   "Extensions: class %d tag 0x%x; expected SEQUENCE",
1128 			   hdr.class, hdr.tag);
1129 		return -1;
1130 	}
1131 	pos = hdr.payload;
1132 	*next = end = pos + hdr.length;
1133 
1134 	if (asn1_get_oid(pos, end - pos, &oid, &pos) < 0) {
1135 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data for "
1136 			   "Extension (expected OID)");
1137 		return -1;
1138 	}
1139 
1140 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1141 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1142 	    (hdr.tag != ASN1_TAG_BOOLEAN &&
1143 	     hdr.tag != ASN1_TAG_OCTETSTRING)) {
1144 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header in "
1145 			   "Extensions: class %d tag 0x%x; expected BOOLEAN "
1146 			   "or OCTET STRING", hdr.class, hdr.tag);
1147 		return -1;
1148 	}
1149 
1150 	if (hdr.tag == ASN1_TAG_BOOLEAN) {
1151 		if (hdr.length != 1) {
1152 			wpa_printf(MSG_DEBUG, "X509: Unexpected "
1153 				   "Boolean length (%u)", hdr.length);
1154 			return -1;
1155 		}
1156 		critical_ext = hdr.payload[0];
1157 		pos = hdr.payload;
1158 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1159 		    (hdr.class != ASN1_CLASS_UNIVERSAL &&
1160 		     hdr.class != ASN1_CLASS_PRIVATE) ||
1161 		    hdr.tag != ASN1_TAG_OCTETSTRING) {
1162 			wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 header "
1163 				   "in Extensions: class %d tag 0x%x; "
1164 				   "expected OCTET STRING",
1165 				   hdr.class, hdr.tag);
1166 			return -1;
1167 		}
1168 	}
1169 
1170 	asn1_oid_to_str(&oid, buf, sizeof(buf));
1171 	wpa_printf(MSG_DEBUG, "X509: Extension: extnID=%s critical=%d",
1172 		   buf, critical_ext);
1173 	wpa_hexdump(MSG_MSGDUMP, "X509: extnValue", hdr.payload, hdr.length);
1174 
1175 	res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1176 	if (res < 0)
1177 		return res;
1178 	if (res == 1 && critical_ext) {
1179 		wpa_printf(MSG_INFO, "X509: Unknown critical extension %s",
1180 			   buf);
1181 		return -1;
1182 	}
1183 
1184 	return 0;
1185 }
1186 
1187 
1188 static int x509_parse_extensions(struct x509_certificate *cert,
1189 				 const u8 *pos, size_t len)
1190 {
1191 	const u8 *end;
1192 	struct asn1_hdr hdr;
1193 
1194 	/* Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension */
1195 
1196 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1197 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1198 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1199 		wpa_printf(MSG_DEBUG, "X509: Unexpected ASN.1 data "
1200 			   "for Extensions: class %d tag 0x%x; "
1201 			   "expected SEQUENCE", hdr.class, hdr.tag);
1202 		return -1;
1203 	}
1204 
1205 	pos = hdr.payload;
1206 	end = pos + hdr.length;
1207 
1208 	while (pos < end) {
1209 		if (x509_parse_extension(cert, pos, end - pos, &pos)
1210 		    < 0)
1211 			return -1;
1212 	}
1213 
1214 	return 0;
1215 }
1216 
1217 
1218 static int x509_parse_tbs_certificate(const u8 *buf, size_t len,
1219 				      struct x509_certificate *cert,
1220 				      const u8 **next)
1221 {
1222 	struct asn1_hdr hdr;
1223 	const u8 *pos, *end;
1224 	size_t left;
1225 	char sbuf[128];
1226 	unsigned long value;
1227 
1228 	/* tbsCertificate TBSCertificate ::= SEQUENCE */
1229 	if (asn1_get_next(buf, len, &hdr) < 0 ||
1230 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1231 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1232 		wpa_printf(MSG_DEBUG, "X509: tbsCertificate did not start "
1233 			   "with a valid SEQUENCE - found class %d tag 0x%x",
1234 			   hdr.class, hdr.tag);
1235 		return -1;
1236 	}
1237 	pos = hdr.payload;
1238 	end = *next = pos + hdr.length;
1239 
1240 	/*
1241 	 * version [0]  EXPLICIT Version DEFAULT v1
1242 	 * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
1243 	 */
1244 	if (asn1_get_next(pos, end - pos, &hdr) < 0)
1245 		return -1;
1246 	pos = hdr.payload;
1247 
1248 	if (hdr.class == ASN1_CLASS_CONTEXT_SPECIFIC) {
1249 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1250 			return -1;
1251 
1252 		if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1253 		    hdr.tag != ASN1_TAG_INTEGER) {
1254 			wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1255 				   "version field - found class %d tag 0x%x",
1256 				   hdr.class, hdr.tag);
1257 			return -1;
1258 		}
1259 		if (hdr.length != 1) {
1260 			wpa_printf(MSG_DEBUG, "X509: Unexpected version field "
1261 				   "length %u (expected 1)", hdr.length);
1262 			return -1;
1263 		}
1264 		pos = hdr.payload;
1265 		left = hdr.length;
1266 		value = 0;
1267 		while (left) {
1268 			value <<= 8;
1269 			value |= *pos++;
1270 			left--;
1271 		}
1272 
1273 		cert->version = value;
1274 		if (cert->version != X509_CERT_V1 &&
1275 		    cert->version != X509_CERT_V2 &&
1276 		    cert->version != X509_CERT_V3) {
1277 			wpa_printf(MSG_DEBUG, "X509: Unsupported version %d",
1278 				   cert->version + 1);
1279 			return -1;
1280 		}
1281 
1282 		if (asn1_get_next(pos, end - pos, &hdr) < 0)
1283 			return -1;
1284 	} else
1285 		cert->version = X509_CERT_V1;
1286 	wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1287 
1288 	/* serialNumber CertificateSerialNumber ::= INTEGER */
1289 	if (hdr.class != ASN1_CLASS_UNIVERSAL ||
1290 	    hdr.tag != ASN1_TAG_INTEGER) {
1291 		wpa_printf(MSG_DEBUG, "X509: No INTEGER tag found for "
1292 			   "serialNumber; class=%d tag=0x%x",
1293 			   hdr.class, hdr.tag);
1294 		return -1;
1295 	}
1296 
1297 	pos = hdr.payload;
1298 	left = hdr.length;
1299 	while (left) {
1300 		cert->serial_number <<= 8;
1301 		cert->serial_number |= *pos++;
1302 		left--;
1303 	}
1304 	wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
1305 
1306 	/* signature AlgorithmIdentifier */
1307 	if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1308 					    &pos))
1309 		return -1;
1310 
1311 	/* issuer Name */
1312 	if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1313 		return -1;
1314 	x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1315 	wpa_printf(MSG_MSGDUMP, "X509: issuer %s", sbuf);
1316 
1317 	/* validity Validity */
1318 	if (x509_parse_validity(pos, end - pos, cert, &pos))
1319 		return -1;
1320 
1321 	/* subject Name */
1322 	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1323 		return -1;
1324 	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1325 	wpa_printf(MSG_MSGDUMP, "X509: subject %s", sbuf);
1326 
1327 	/* subjectPublicKeyInfo SubjectPublicKeyInfo */
1328 	if (x509_parse_public_key(pos, end - pos, cert, &pos))
1329 		return -1;
1330 
1331 	if (pos == end)
1332 		return 0;
1333 
1334 	if (cert->version == X509_CERT_V1)
1335 		return 0;
1336 
1337 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1338 	    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1339 		wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1340 			   " tag to parse optional tbsCertificate "
1341 			   "field(s); parsed class %d tag 0x%x",
1342 			   hdr.class, hdr.tag);
1343 		return -1;
1344 	}
1345 
1346 	if (hdr.tag == 1) {
1347 		/* issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL */
1348 		wpa_printf(MSG_DEBUG, "X509: issuerUniqueID");
1349 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1350 
1351 		pos = hdr.payload + hdr.length;
1352 		if (pos == end)
1353 			return 0;
1354 
1355 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1356 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1357 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1358 				   " tag to parse optional tbsCertificate "
1359 				   "field(s); parsed class %d tag 0x%x",
1360 				   hdr.class, hdr.tag);
1361 			return -1;
1362 		}
1363 	}
1364 
1365 	if (hdr.tag == 2) {
1366 		/* subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL */
1367 		wpa_printf(MSG_DEBUG, "X509: subjectUniqueID");
1368 		/* TODO: parse UniqueIdentifier ::= BIT STRING */
1369 
1370 		pos = hdr.payload + hdr.length;
1371 		if (pos == end)
1372 			return 0;
1373 
1374 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1375 		    hdr.class != ASN1_CLASS_CONTEXT_SPECIFIC) {
1376 			wpa_printf(MSG_DEBUG, "X509: Expected Context-Specific"
1377 				   " tag to parse optional tbsCertificate "
1378 				   "field(s); parsed class %d tag 0x%x",
1379 				   hdr.class, hdr.tag);
1380 			return -1;
1381 		}
1382 	}
1383 
1384 	if (hdr.tag != 3) {
1385 		wpa_printf(MSG_DEBUG, "X509: Ignored unexpected "
1386 			   "Context-Specific tag %d in optional "
1387 			   "tbsCertificate fields", hdr.tag);
1388 		return 0;
1389 	}
1390 
1391 	/* extensions      [3]  EXPLICIT Extensions OPTIONAL */
1392 
1393 	if (cert->version != X509_CERT_V3) {
1394 		wpa_printf(MSG_DEBUG, "X509: X.509%d certificate and "
1395 			   "Extensions data which are only allowed for "
1396 			   "version 3", cert->version + 1);
1397 		return -1;
1398 	}
1399 
1400 	if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1401 		return -1;
1402 
1403 	pos = hdr.payload + hdr.length;
1404 	if (pos < end) {
1405 		wpa_hexdump(MSG_DEBUG,
1406 			    "X509: Ignored extra tbsCertificate data",
1407 			    pos, end - pos);
1408 	}
1409 
1410 	return 0;
1411 }
1412 
1413 
1414 static int x509_rsadsi_oid(struct asn1_oid *oid)
1415 {
1416 	return oid->len >= 4 &&
1417 		oid->oid[0] == 1 /* iso */ &&
1418 		oid->oid[1] == 2 /* member-body */ &&
1419 		oid->oid[2] == 840 /* us */ &&
1420 		oid->oid[3] == 113549 /* rsadsi */;
1421 }
1422 
1423 
1424 static int x509_pkcs_oid(struct asn1_oid *oid)
1425 {
1426 	return oid->len >= 5 &&
1427 		x509_rsadsi_oid(oid) &&
1428 		oid->oid[4] == 1 /* pkcs */;
1429 }
1430 
1431 
1432 static int x509_digest_oid(struct asn1_oid *oid)
1433 {
1434 	return oid->len >= 5 &&
1435 		x509_rsadsi_oid(oid) &&
1436 		oid->oid[4] == 2 /* digestAlgorithm */;
1437 }
1438 
1439 
1440 static int x509_sha1_oid(struct asn1_oid *oid)
1441 {
1442 	return oid->len == 6 &&
1443 		oid->oid[0] == 1 /* iso */ &&
1444 		oid->oid[1] == 3 /* identified-organization */ &&
1445 		oid->oid[2] == 14 /* oiw */ &&
1446 		oid->oid[3] == 3 /* secsig */ &&
1447 		oid->oid[4] == 2 /* algorithms */ &&
1448 		oid->oid[5] == 26 /* id-sha1 */;
1449 }
1450 
1451 
1452 static int x509_sha256_oid(struct asn1_oid *oid)
1453 {
1454 	return oid->len == 9 &&
1455 		oid->oid[0] == 2 /* joint-iso-itu-t */ &&
1456 		oid->oid[1] == 16 /* country */ &&
1457 		oid->oid[2] == 840 /* us */ &&
1458 		oid->oid[3] == 1 /* organization */ &&
1459 		oid->oid[4] == 101 /* gov */ &&
1460 		oid->oid[5] == 3 /* csor */ &&
1461 		oid->oid[6] == 4 /* nistAlgorithm */ &&
1462 		oid->oid[7] == 2 /* hashAlgs */ &&
1463 		oid->oid[8] == 1 /* sha256 */;
1464 }
1465 
1466 
1467 /**
1468  * x509_certificate_parse - Parse a X.509 certificate in DER format
1469  * @buf: Pointer to the X.509 certificate in DER format
1470  * @len: Buffer length
1471  * Returns: Pointer to the parsed certificate or %NULL on failure
1472  *
1473  * Caller is responsible for freeing the returned certificate by calling
1474  * x509_certificate_free().
1475  */
1476 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
1477 {
1478 	struct asn1_hdr hdr;
1479 	const u8 *pos, *end, *hash_start;
1480 	struct x509_certificate *cert;
1481 
1482 	cert = os_zalloc(sizeof(*cert) + len);
1483 	if (cert == NULL)
1484 		return NULL;
1485 	os_memcpy(cert + 1, buf, len);
1486 	cert->cert_start = (u8 *) (cert + 1);
1487 	cert->cert_len = len;
1488 
1489 	pos = buf;
1490 	end = buf + len;
1491 
1492 	/* RFC 3280 - X.509 v3 certificate / ASN.1 DER */
1493 
1494 	/* Certificate ::= SEQUENCE */
1495 	if (asn1_get_next(pos, len, &hdr) < 0 ||
1496 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1497 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1498 		wpa_printf(MSG_DEBUG, "X509: Certificate did not start with "
1499 			   "a valid SEQUENCE - found class %d tag 0x%x",
1500 			   hdr.class, hdr.tag);
1501 		x509_certificate_free(cert);
1502 		return NULL;
1503 	}
1504 	pos = hdr.payload;
1505 
1506 	if (pos + hdr.length > end) {
1507 		x509_certificate_free(cert);
1508 		return NULL;
1509 	}
1510 
1511 	if (pos + hdr.length < end) {
1512 		wpa_hexdump(MSG_MSGDUMP, "X509: Ignoring extra data after DER "
1513 			    "encoded certificate",
1514 			    pos + hdr.length, end - (pos + hdr.length));
1515 		end = pos + hdr.length;
1516 	}
1517 
1518 	hash_start = pos;
1519 	cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1520 	if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1521 		x509_certificate_free(cert);
1522 		return NULL;
1523 	}
1524 	cert->tbs_cert_len = pos - hash_start;
1525 
1526 	/* signatureAlgorithm AlgorithmIdentifier */
1527 	if (x509_parse_algorithm_identifier(pos, end - pos,
1528 					    &cert->signature_alg, &pos)) {
1529 		x509_certificate_free(cert);
1530 		return NULL;
1531 	}
1532 
1533 	/* signatureValue BIT STRING */
1534 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1535 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1536 	    hdr.tag != ASN1_TAG_BITSTRING) {
1537 		wpa_printf(MSG_DEBUG, "X509: Expected BITSTRING "
1538 			   "(signatureValue) - found class %d tag 0x%x",
1539 			   hdr.class, hdr.tag);
1540 		x509_certificate_free(cert);
1541 		return NULL;
1542 	}
1543 	if (hdr.length < 1) {
1544 		x509_certificate_free(cert);
1545 		return NULL;
1546 	}
1547 	pos = hdr.payload;
1548 	if (*pos) {
1549 		wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits",
1550 			   *pos);
1551 		/* PKCS #1 v1.5 10.2.1:
1552 		 * It is an error if the length in bits of the signature S is
1553 		 * not a multiple of eight.
1554 		 */
1555 		x509_certificate_free(cert);
1556 		return NULL;
1557 	}
1558 	os_free(cert->sign_value);
1559 	cert->sign_value = os_malloc(hdr.length - 1);
1560 	if (cert->sign_value == NULL) {
1561 		wpa_printf(MSG_DEBUG, "X509: Failed to allocate memory for "
1562 			   "signatureValue");
1563 		x509_certificate_free(cert);
1564 		return NULL;
1565 	}
1566 	os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1567 	cert->sign_value_len = hdr.length - 1;
1568 	wpa_hexdump(MSG_MSGDUMP, "X509: signature",
1569 		    cert->sign_value, cert->sign_value_len);
1570 
1571 	return cert;
1572 }
1573 
1574 
1575 /**
1576  * x509_certificate_check_signature - Verify certificate signature
1577  * @issuer: Issuer certificate
1578  * @cert: Certificate to be verified
1579  * Returns: 0 if cert has a valid signature that was signed by the issuer,
1580  * -1 if not
1581  */
1582 int x509_certificate_check_signature(struct x509_certificate *issuer,
1583 				     struct x509_certificate *cert)
1584 {
1585 	struct crypto_public_key *pk;
1586 	u8 *data;
1587 	const u8 *pos, *end, *next, *da_end;
1588 	size_t data_len;
1589 	struct asn1_hdr hdr;
1590 	struct asn1_oid oid;
1591 	u8 hash[32];
1592 	size_t hash_len;
1593 
1594 	if (!x509_pkcs_oid(&cert->signature.oid) ||
1595 	    cert->signature.oid.len != 7 ||
1596 	    cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
1597 		wpa_printf(MSG_DEBUG, "X509: Unrecognized signature "
1598 			   "algorithm");
1599 		return -1;
1600 	}
1601 
1602 	pk = crypto_public_key_import(issuer->public_key,
1603 				      issuer->public_key_len);
1604 	if (pk == NULL)
1605 		return -1;
1606 
1607 	data_len = cert->sign_value_len;
1608 	data = os_malloc(data_len);
1609 	if (data == NULL) {
1610 		crypto_public_key_free(pk);
1611 		return -1;
1612 	}
1613 
1614 	if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
1615 					    cert->sign_value_len, data,
1616 					    &data_len) < 0) {
1617 		wpa_printf(MSG_DEBUG, "X509: Failed to decrypt signature");
1618 		crypto_public_key_free(pk);
1619 		os_free(data);
1620 		return -1;
1621 	}
1622 	crypto_public_key_free(pk);
1623 
1624 	wpa_hexdump(MSG_MSGDUMP, "X509: Signature data D", data, data_len);
1625 
1626 	/*
1627 	 * PKCS #1 v1.5, 10.1.2:
1628 	 *
1629 	 * DigestInfo ::= SEQUENCE {
1630 	 *     digestAlgorithm DigestAlgorithmIdentifier,
1631 	 *     digest Digest
1632 	 * }
1633 	 *
1634 	 * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
1635 	 *
1636 	 * Digest ::= OCTET STRING
1637 	 *
1638 	 */
1639 	if (asn1_get_next(data, data_len, &hdr) < 0 ||
1640 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1641 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1642 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1643 			   "(DigestInfo) - found class %d tag 0x%x",
1644 			   hdr.class, hdr.tag);
1645 		os_free(data);
1646 		return -1;
1647 	}
1648 
1649 	pos = hdr.payload;
1650 	end = pos + hdr.length;
1651 
1652 	/*
1653 	 * X.509:
1654 	 * AlgorithmIdentifier ::= SEQUENCE {
1655 	 *     algorithm            OBJECT IDENTIFIER,
1656 	 *     parameters           ANY DEFINED BY algorithm OPTIONAL
1657 	 * }
1658 	 */
1659 
1660 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1661 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1662 	    hdr.tag != ASN1_TAG_SEQUENCE) {
1663 		wpa_printf(MSG_DEBUG, "X509: Expected SEQUENCE "
1664 			   "(AlgorithmIdentifier) - found class %d tag 0x%x",
1665 			   hdr.class, hdr.tag);
1666 		os_free(data);
1667 		return -1;
1668 	}
1669 	da_end = hdr.payload + hdr.length;
1670 
1671 	if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
1672 		wpa_printf(MSG_DEBUG, "X509: Failed to parse digestAlgorithm");
1673 		os_free(data);
1674 		return -1;
1675 	}
1676 
1677 	if (x509_sha1_oid(&oid)) {
1678 		if (cert->signature.oid.oid[6] !=
1679 		    5 /* sha-1WithRSAEncryption */) {
1680 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA1 "
1681 				   "does not match with certificate "
1682 				   "signatureAlgorithm (%lu)",
1683 				   cert->signature.oid.oid[6]);
1684 			os_free(data);
1685 			return -1;
1686 		}
1687 		goto skip_digest_oid;
1688 	}
1689 
1690 	if (x509_sha256_oid(&oid)) {
1691 		if (cert->signature.oid.oid[6] !=
1692 		    11 /* sha2561WithRSAEncryption */) {
1693 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm SHA256 "
1694 				   "does not match with certificate "
1695 				   "signatureAlgorithm (%lu)",
1696 				   cert->signature.oid.oid[6]);
1697 			os_free(data);
1698 			return -1;
1699 		}
1700 		goto skip_digest_oid;
1701 	}
1702 
1703 	if (!x509_digest_oid(&oid)) {
1704 		wpa_printf(MSG_DEBUG, "X509: Unrecognized digestAlgorithm");
1705 		os_free(data);
1706 		return -1;
1707 	}
1708 	switch (oid.oid[5]) {
1709 	case 5: /* md5 */
1710 		if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
1711 		{
1712 			wpa_printf(MSG_DEBUG, "X509: digestAlgorithm MD5 does "
1713 				   "not match with certificate "
1714 				   "signatureAlgorithm (%lu)",
1715 				   cert->signature.oid.oid[6]);
1716 			os_free(data);
1717 			return -1;
1718 		}
1719 		break;
1720 	case 2: /* md2 */
1721 	case 4: /* md4 */
1722 	default:
1723 		wpa_printf(MSG_DEBUG, "X509: Unsupported digestAlgorithm "
1724 			   "(%lu)", oid.oid[5]);
1725 		os_free(data);
1726 		return -1;
1727 	}
1728 
1729 skip_digest_oid:
1730 	/* Digest ::= OCTET STRING */
1731 	pos = da_end;
1732 	end = data + data_len;
1733 
1734 	if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
1735 	    hdr.class != ASN1_CLASS_UNIVERSAL ||
1736 	    hdr.tag != ASN1_TAG_OCTETSTRING) {
1737 		wpa_printf(MSG_DEBUG, "X509: Expected OCTETSTRING "
1738 			   "(Digest) - found class %d tag 0x%x",
1739 			   hdr.class, hdr.tag);
1740 		os_free(data);
1741 		return -1;
1742 	}
1743 	wpa_hexdump(MSG_MSGDUMP, "X509: Decrypted Digest",
1744 		    hdr.payload, hdr.length);
1745 
1746 	switch (cert->signature.oid.oid[6]) {
1747 	case 4: /* md5WithRSAEncryption */
1748 		md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1749 			   hash);
1750 		hash_len = 16;
1751 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (MD5)",
1752 			    hash, hash_len);
1753 		break;
1754 	case 5: /* sha-1WithRSAEncryption */
1755 		sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1756 			    hash);
1757 		hash_len = 20;
1758 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA1)",
1759 			    hash, hash_len);
1760 		break;
1761 	case 11: /* sha256WithRSAEncryption */
1762 		sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1763 			      hash);
1764 		hash_len = 32;
1765 		wpa_hexdump(MSG_MSGDUMP, "X509: Certificate hash (SHA256)",
1766 			    hash, hash_len);
1767 		break;
1768 	case 2: /* md2WithRSAEncryption */
1769 	case 12: /* sha384WithRSAEncryption */
1770 	case 13: /* sha512WithRSAEncryption */
1771 	default:
1772 		wpa_printf(MSG_INFO, "X509: Unsupported certificate signature "
1773 			   "algorithm (%lu)", cert->signature.oid.oid[6]);
1774 		os_free(data);
1775 		return -1;
1776 	}
1777 
1778 	if (hdr.length != hash_len ||
1779 	    os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
1780 		wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
1781 			   "with calculated tbsCertificate hash");
1782 		os_free(data);
1783 		return -1;
1784 	}
1785 
1786 	if (hdr.payload + hdr.length < data + data_len) {
1787 		wpa_hexdump(MSG_INFO,
1788 			    "X509: Extra data after certificate signature hash",
1789 			    hdr.payload + hdr.length,
1790 			    data + data_len - hdr.payload - hdr.length);
1791 		os_free(data);
1792 		return -1;
1793 	}
1794 
1795 	os_free(data);
1796 
1797 	wpa_printf(MSG_DEBUG, "X509: Certificate Digest matches with "
1798 		   "calculated tbsCertificate hash");
1799 
1800 	return 0;
1801 }
1802 
1803 
1804 static int x509_valid_issuer(const struct x509_certificate *cert)
1805 {
1806 	if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1807 	    !cert->ca) {
1808 		wpa_printf(MSG_DEBUG, "X509: Non-CA certificate used as an "
1809 			   "issuer");
1810 		return -1;
1811 	}
1812 
1813 	if (cert->version == X509_CERT_V3 &&
1814 	    !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
1815 		wpa_printf(MSG_DEBUG, "X509: v3 CA certificate did not "
1816 			   "include BasicConstraints extension");
1817 		return -1;
1818 	}
1819 
1820 	if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
1821 	    !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
1822 		wpa_printf(MSG_DEBUG, "X509: Issuer certificate did not have "
1823 			   "keyCertSign bit in Key Usage");
1824 		return -1;
1825 	}
1826 
1827 	return 0;
1828 }
1829 
1830 
1831 /**
1832  * x509_certificate_chain_validate - Validate X.509 certificate chain
1833  * @trusted: List of trusted certificates
1834  * @chain: Certificate chain to be validated (first chain must be issued by
1835  * signed by the second certificate in the chain and so on)
1836  * @reason: Buffer for returning failure reason (X509_VALIDATE_*)
1837  * Returns: 0 if chain is valid, -1 if not
1838  */
1839 int x509_certificate_chain_validate(struct x509_certificate *trusted,
1840 				    struct x509_certificate *chain,
1841 				    int *reason, int disable_time_checks)
1842 {
1843 	long unsigned idx;
1844 	int chain_trusted = 0;
1845 	struct x509_certificate *cert, *trust;
1846 	char buf[128];
1847 	struct os_time now;
1848 
1849 	*reason = X509_VALIDATE_OK;
1850 
1851 	wpa_printf(MSG_DEBUG, "X509: Validate certificate chain");
1852 	os_get_time(&now);
1853 
1854 	for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
1855 		x509_name_string(&cert->subject, buf, sizeof(buf));
1856 		wpa_printf(MSG_DEBUG, "X509: %lu: %s", idx, buf);
1857 
1858 		if (chain_trusted)
1859 			continue;
1860 
1861 		if (!disable_time_checks &&
1862 		    ((unsigned long) now.sec <
1863 		     (unsigned long) cert->not_before ||
1864 		     (unsigned long) now.sec >
1865 		     (unsigned long) cert->not_after)) {
1866 			wpa_printf(MSG_INFO, "X509: Certificate not valid "
1867 				   "(now=%lu not_before=%lu not_after=%lu)",
1868 				   now.sec, cert->not_before, cert->not_after);
1869 			*reason = X509_VALIDATE_CERTIFICATE_EXPIRED;
1870 			return -1;
1871 		}
1872 
1873 		if (cert->next) {
1874 			if (x509_name_compare(&cert->issuer,
1875 					      &cert->next->subject) != 0) {
1876 				wpa_printf(MSG_DEBUG, "X509: Certificate "
1877 					   "chain issuer name mismatch");
1878 				x509_name_string(&cert->issuer, buf,
1879 						 sizeof(buf));
1880 				wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
1881 					   buf);
1882 				x509_name_string(&cert->next->subject, buf,
1883 						 sizeof(buf));
1884 				wpa_printf(MSG_DEBUG, "X509: next cert "
1885 					   "subject: %s", buf);
1886 				*reason = X509_VALIDATE_CERTIFICATE_UNKNOWN;
1887 				return -1;
1888 			}
1889 
1890 			if (x509_valid_issuer(cert->next) < 0) {
1891 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
1892 				return -1;
1893 			}
1894 
1895 			if ((cert->next->extensions_present &
1896 			     X509_EXT_PATH_LEN_CONSTRAINT) &&
1897 			    idx > cert->next->path_len_constraint) {
1898 				wpa_printf(MSG_DEBUG, "X509: pathLenConstraint"
1899 					   " not met (idx=%lu issuer "
1900 					   "pathLenConstraint=%lu)", idx,
1901 					   cert->next->path_len_constraint);
1902 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
1903 				return -1;
1904 			}
1905 
1906 			if (x509_certificate_check_signature(cert->next, cert)
1907 			    < 0) {
1908 				wpa_printf(MSG_DEBUG, "X509: Invalid "
1909 					   "certificate signature within "
1910 					   "chain");
1911 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
1912 				return -1;
1913 			}
1914 		}
1915 
1916 		for (trust = trusted; trust; trust = trust->next) {
1917 			if (x509_name_compare(&cert->issuer, &trust->subject)
1918 			    == 0)
1919 				break;
1920 		}
1921 
1922 		if (trust) {
1923 			wpa_printf(MSG_DEBUG, "X509: Found issuer from the "
1924 				   "list of trusted certificates");
1925 			if (x509_valid_issuer(trust) < 0) {
1926 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
1927 				return -1;
1928 			}
1929 
1930 			if (x509_certificate_check_signature(trust, cert) < 0)
1931 			{
1932 				wpa_printf(MSG_DEBUG, "X509: Invalid "
1933 					   "certificate signature");
1934 				*reason = X509_VALIDATE_BAD_CERTIFICATE;
1935 				return -1;
1936 			}
1937 
1938 			wpa_printf(MSG_DEBUG, "X509: Trusted certificate "
1939 				   "found to complete the chain");
1940 			chain_trusted = 1;
1941 		}
1942 	}
1943 
1944 	if (!chain_trusted) {
1945 		wpa_printf(MSG_DEBUG, "X509: Did not find any of the issuers "
1946 			   "from the list of trusted certificates");
1947 		if (trusted) {
1948 			*reason = X509_VALIDATE_UNKNOWN_CA;
1949 			return -1;
1950 		}
1951 		wpa_printf(MSG_DEBUG, "X509: Certificate chain validation "
1952 			   "disabled - ignore unknown CA issue");
1953 	}
1954 
1955 	wpa_printf(MSG_DEBUG, "X509: Certificate chain valid");
1956 
1957 	return 0;
1958 }
1959 
1960 
1961 /**
1962  * x509_certificate_get_subject - Get a certificate based on Subject name
1963  * @chain: Certificate chain to search through
1964  * @name: Subject name to search for
1965  * Returns: Pointer to the certificate with the given Subject name or
1966  * %NULL on failure
1967  */
1968 struct x509_certificate *
1969 x509_certificate_get_subject(struct x509_certificate *chain,
1970 			     struct x509_name *name)
1971 {
1972 	struct x509_certificate *cert;
1973 
1974 	for (cert = chain; cert; cert = cert->next) {
1975 		if (x509_name_compare(&cert->subject, name) == 0)
1976 			return cert;
1977 	}
1978 	return NULL;
1979 }
1980 
1981 
1982 /**
1983  * x509_certificate_self_signed - Is the certificate self-signed?
1984  * @cert: Certificate
1985  * Returns: 1 if certificate is self-signed, 0 if not
1986  */
1987 int x509_certificate_self_signed(struct x509_certificate *cert)
1988 {
1989 	return x509_name_compare(&cert->issuer, &cert->subject) == 0;
1990 }
1991