• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src-rt-6.x.4708/router/wpa_supplicant/src/tls/

Lines Matching refs:cert

42  * @cert: Certificate to be freed
44 void x509_certificate_free(struct x509_certificate *cert)
46 	if (cert == NULL)
48 	if (cert->next) {
51 			   cert, cert->next);
53 	x509_free_name(&cert->issuer);
54 	x509_free_name(&cert->subject);
55 	os_free(cert->public_key);
56 	os_free(cert->sign_value);
57 	os_free(cert);
63  * @cert: Pointer to the first certificate in the chain
65 void x509_certificate_chain_free(struct x509_certificate *cert)
69 	while (cert) {
70 		next = cert->next;
71 		cert->next = NULL;
72 		x509_certificate_free(cert);
73 		cert = next;
223 				 struct x509_certificate *cert,
255 					    &cert->public_key_alg, &pos))
279 	os_free(cert->public_key);
280 	cert->public_key = os_malloc(hdr.length - 1);
281 	if (cert->public_key == NULL) {
286 	os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
287 	cert->public_key_len = hdr.length - 1;
289 		    cert->public_key, cert->public_key_len);
623 			       struct x509_certificate *cert, const u8 **next)
660 			    &cert->not_before) < 0) {
672 			    &cert->not_after) < 0) {
679 		   (unsigned long) cert->not_before,
680 		   (unsigned long) cert->not_after);
696 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
724 	cert->extensions_present |= X509_EXT_KEY_USAGE;
725 	cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
727 	wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
733 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
755 	cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
774 		cert->ca = hdr.payload[0];
778 				   cert->ca);
807 	cert->path_len_constraint = value;
808 	cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
812 		   cert->ca, cert->path_len_constraint);
818 static int x509_parse_extension_data(struct x509_certificate *cert,
835 		return x509_parse_ext_key_usage(cert, pos, len);
837 		return x509_parse_ext_basic_constraints(cert, pos, len);
844 static int x509_parse_extension(struct x509_certificate *cert,
913 	res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
926 static int x509_parse_extensions(struct x509_certificate *cert,
947 		if (x509_parse_extension(cert, pos, end - pos, &pos)
957 				      struct x509_certificate *cert,
1011 		cert->version = value;
1012 		if (cert->version != X509_CERT_V1 &&
1013 		    cert->version != X509_CERT_V2 &&
1014 		    cert->version != X509_CERT_V3) {
1016 				   cert->version + 1);
1023 		cert->version = X509_CERT_V1;
1024 	wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1038 		cert->serial_number <<= 8;
1039 		cert->serial_number |= *pos++;
1042 	wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
1045 	if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1050 	if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1052 	x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1056 	if (x509_parse_validity(pos, end - pos, cert, &pos))
1060 	if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1062 	x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1066 	if (x509_parse_public_key(pos, end - pos, cert, &pos))
1072 	if (cert->version == X509_CERT_V1)
1129 	if (cert->version != X509_CERT_V3) {
1132 			   "version 3", cert->version + 1);
1136 	if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1216 	struct x509_certificate *cert;
1218 	cert = os_zalloc(sizeof(*cert) + len);
1219 	if (cert == NULL)
1221 	os_memcpy(cert + 1, buf, len);
1222 	cert->cert_start = (u8 *) (cert + 1);
1223 	cert->cert_len = len;
1237 		x509_certificate_free(cert);
1243 		x509_certificate_free(cert);
1255 	cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1256 	if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1257 		x509_certificate_free(cert);
1260 	cert->tbs_cert_len = pos - hash_start;
1264 					    &cert->signature_alg, &pos)) {
1265 		x509_certificate_free(cert);
1276 		x509_certificate_free(cert);
1280 		x509_certificate_free(cert);
1291 		x509_certificate_free(cert);
1294 	os_free(cert->sign_value);
1295 	cert->sign_value = os_malloc(hdr.length - 1);
1296 	if (cert->sign_value == NULL) {
1299 		x509_certificate_free(cert);
1302 	os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1303 	cert->sign_value_len = hdr.length - 1;
1305 		    cert->sign_value, cert->sign_value_len);
1307 	return cert;
1314  * @cert: Certificate to be verified
1315  * Returns: 0 if cert has a valid signature that was signed by the issuer,
1319 				     struct x509_certificate *cert)
1330 	if (!x509_pkcs_oid(&cert->signature.oid) ||
1331 	    cert->signature.oid.len != 7 ||
1332 	    cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
1343 	data_len = cert->sign_value_len;
1350 	if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
1351 					    cert->sign_value_len, data,
1414 		if (cert->signature.oid.oid[6] !=
1419 				   cert->signature.oid.oid[6]);
1427 		if (cert->signature.oid.oid[6] !=
1432 				   cert->signature.oid.oid[6]);
1446 		if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
1451 				   cert->signature.oid.oid[6]);
1482 	switch (cert->signature.oid.oid[6]) {
1484 		md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1491 		sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1499 		sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1515 			   "algorithm (%lu)", cert->signature.oid.oid[6]);
1537 static int x509_valid_issuer(const struct x509_certificate *cert)
1539 	if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1540 	    !cert->ca) {
1546 	if (cert->version == X509_CERT_V3 &&
1547 	    !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
1553 	if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
1554 	    !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
1578 	struct x509_certificate *cert, *trust;
1587 	for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
1588 		x509_name_string(&cert->subject, buf, sizeof(buf)); 
1595 		    (unsigned long) cert->not_before ||
1597 		    (unsigned long) cert->not_after) {
1600 				   now.sec, cert->not_before, cert->not_after);
1605 		if (cert->next) {
1606 			if (x509_name_compare(&cert->issuer,
1607 					      &cert->next->subject) != 0) {
1610 				x509_name_string(&cert->issuer, buf,
1612 				wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
1614 				x509_name_string(&cert->next->subject, buf,
1616 				wpa_printf(MSG_DEBUG, "X509: next cert "
1622 			if (x509_valid_issuer(cert->next) < 0) {
1627 			if ((cert->next->extensions_present &
1629 			    idx > cert->next->path_len_constraint) {
1633 					   cert->next->path_len_constraint);
1638 			if (x509_certificate_check_signature(cert->next, cert)
1649 			if (x509_name_compare(&cert->issuer, &trust->subject)
1662 			if (x509_certificate_check_signature(trust, cert) < 0)
1704 	struct x509_certificate *cert;
1706 	for (cert = chain; cert; cert = cert->next) {
1707 		if (x509_name_compare(&cert->subject, name) == 0)
1708 			return cert;
1716  * @cert: Certificate
1719 int x509_certificate_self_signed(struct x509_certificate *cert)
1721 	return x509_name_compare(&cert->issuer, &cert->subject) == 0;