Make verify_chain() iterative

2025-01-26 12:35:20 +00:00 · 2017-07-05 17:05:03 +02:00 · 2017-07-05 17:05:03 +02:00 · ce6e52ff42
commit ce6e52ff42
parent f86f491f25
1 changed files with 74 additions and 67 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2071,11 +2071,9 @@ static int x509_crt_check_ee_locally_trusted(
 *   -> return that chain with NOT_TRUSTED set on Ciq
 *
 * Arguments:
- *  - child: the current bottom of the chain to verify
+ *  - [in] crt: the cert list EE, C1, ..., Cn
- *  - trust_ca, ca_crl, profile: as in verify_with_profile()
+ *  - [in] trust_ca: the trusted list R1, ..., Rp
- *  - top: 1 if child is known to be locally trusted
+ *  - [in] ca_crl, profile: as in verify_with_profile()
 *  - path_cnt: current depth as passed to f_vrfy() (EE = 0, etc)
 *  - self_cnt: number of self-issued certs seen so far in the chain
 *  - [out] ver_chain: the built and verified chain
 *
 * Return value:
@ -2084,88 +2082,99 @@ static int x509_crt_check_ee_locally_trusted(
 *      even if it was found to be invalid
 */
 static int x509_crt_verify_chain(
-                mbedtls_x509_crt *child,
+                mbedtls_x509_crt *crt,
-                mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl,
+                mbedtls_x509_crt *trust_ca,
                mbedtls_x509_crl *ca_crl,
                const mbedtls_x509_crt_profile *profile,
                int top, int path_cnt, int self_cnt,
                x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE] )
 {
    uint32_t *flags;
    mbedtls_x509_crt *child;
    mbedtls_x509_crt *parent;
    int parent_is_trusted = 0;
    int child_is_trusted = 0;
    int path_cnt = 0;
    int self_cnt = 0;
-    /* Add certificate to the verification chain */
+    child = crt;
    ver_chain[path_cnt].crt = child;
    flags = &ver_chain[path_cnt].flags;
-    /* Check time-validity (all certificates) */
+    while( 1 ) {
-    if( mbedtls_x509_time_is_past( &child->valid_to ) )
+        /* Add certificate to the verification chain */
-        *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+        ver_chain[path_cnt].crt = child;
        flags = &ver_chain[path_cnt].flags;
-    if( mbedtls_x509_time_is_future( &child->valid_from ) )
+        /* Check time-validity (all certificates) */
-        *flags |= MBEDTLS_X509_BADCERT_FUTURE;
+        if( mbedtls_x509_time_is_past( &child->valid_to ) )
            *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-    /* Stop here for trusted roots (but not for trusted EE certs) */
+        if( mbedtls_x509_time_is_future( &child->valid_from ) )
-    if( top )
+            *flags |= MBEDTLS_X509_BADCERT_FUTURE;
        return( 0 );
-    /* Check signature algorithm: MD & PK algs */
+        /* Stop here for trusted roots (but not for trusted EE certs) */
-    if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+        if( child_is_trusted )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+            return( 0 );
-    if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+        /* Check signature algorithm: MD & PK algs */
-        *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+        if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
            *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-    /* Special case: EE certs that are locally trusted */
+        if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
-    if( path_cnt == 0 &&
+            *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
        x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
    {
        return( 0 );
    }
-    /* Look for a parent in trusted CAs or up the chain */
+        /* Special case: EE certs that are locally trusted */
-    parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted,
+        if( path_cnt == 0 &&
-                                   path_cnt, self_cnt );
+            x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
        {
            return( 0 );
        }
-    /* No parent? We're done here */
+        /* Look for a parent in trusted CAs or up the chain */
-    if( parent == NULL )
+        parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted,
-    {
+                                       path_cnt, self_cnt );
        *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
        return( 0 );
    }
-    /* Count intermediate self-issued (not necessarily self-signed) certs.
+        /* No parent? We're done here */
-     * These can occur with some strategies for key rollover, see [SIRO],
+        if( parent == NULL )
-     * and should be excluded from max_pathlen checks. */
+        {
-    if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
+            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-        self_cnt++;
+            return( 0 );
        }
-    /* path_cnt is 0 for the first intermediate CA,
+        /* Count intermediate self-issued (not necessarily self-signed) certs.
-     * and if parent is trusted it's not an intermediate CA */
+         * These can occur with some strategies for key rollover, see [SIRO],
-    if( ! parent_is_trusted &&
+         * and should be excluded from max_pathlen checks. */
-        1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
+        if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
-    {
+            self_cnt++;
        /* return immediately to avoid overflow the chain array */
        return( MBEDTLS_ERR_X509_FATAL_ERROR );
    }
-    /* if parent is trusted, the signature was checked by find_parent() */
+        /* path_cnt is 0 for the first intermediate CA,
-    if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 )
+         * and if parent is trusted it's not an intermediate CA */
-        *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
+        if( ! parent_is_trusted &&
            1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
        {
            /* return immediately to avoid overflow the chain array */
            return( MBEDTLS_ERR_X509_FATAL_ERROR );
        }
-    /* check size of signing key */
+        /* if parent is trusted, the signature was checked by find_parent() */
-    if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
+        if( ! parent_is_trusted && x509_crt_check_signature( child, parent ) != 0 )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
+            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
        /* check size of signing key */
        if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
            *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
-    /* Check trusted CA's CRL for the given crt */
+        /* Check trusted CA's CRL for the given crt */
-    *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
+        *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
 #else
        (void) ca_crl;
 #endif
-    /* verify the rest of the chain starting from parent */
+        /* prepare for next iteration */
-    return( x509_crt_verify_chain( parent, trust_ca, ca_crl, profile,
+        child = parent;
-                                 parent_is_trusted, path_cnt + 1, self_cnt,
+        parent = NULL;
-                                 ver_chain ) );
+        child_is_trusted = parent_is_trusted;
        ++path_cnt;
    }
 }
 /*
@ -2290,9 +2299,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
        *ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
    /* Check the chain */
-    ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
+    ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, ver_chain );
                                 0, 0, 0,
                                 ver_chain );
    if( ret != 0 )
        goto exit;