Add structure holding X.509 CRT signature information
This commit introduces an internal structure `mbedtls_x509_crt_sig_info`
containing all information that has to be kept from a child CRT when searching
for a potential parent:
- The issuer name
- The signature type
- The signature
- The hash of the CRT
The structure can be obtained from a CRT frame via `x509_crt_get_sig_info()`
and freed via `x509_crt_free_sig_info()`.
The purpose of this is to reduce the amount of RAM used during CRT
chain verification; once we've extracted the signature info structure
from the current child CRT, we can free all cached data for that CRT
(frame and PK) before searching for a suitable parent. This way, there
will ultimately not be more than one frame needed at a single point
during the verification.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index efacf9b..cfe0821 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -93,6 +93,15 @@
static void x509_free_sequence( mbedtls_x509_sequence *seq );
static void x509_free_name( mbedtls_x509_name *name );
+static int x509_crt_pk_acquire( mbedtls_x509_crt *crt,
+ mbedtls_pk_context **pk );
+static int x509_crt_frame_acquire( mbedtls_x509_crt const *crt,
+ mbedtls_x509_crt_frame **frame );
+static void x509_crt_pk_release( mbedtls_x509_crt *crt,
+ mbedtls_pk_context *pk );
+static void x509_crt_frame_release( mbedtls_x509_crt *crt,
+ mbedtls_pk_context *pk );
+
static int x509_crt_frame_acquire( mbedtls_x509_crt const *crt,
mbedtls_x509_crt_frame **frame_ptr )
{
@@ -2162,66 +2171,33 @@
/*
* Check the signature of a certificate by its parent
*/
-static int x509_crt_check_signature( const mbedtls_x509_crt_frame *child,
+static int x509_crt_check_signature( const mbedtls_x509_crt_sig_info *sig_info,
mbedtls_x509_crt *parent,
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
- int ret;
- size_t hash_len;
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-
- mbedtls_md_type_t sig_md;
- mbedtls_pk_type_t sig_pk;
- void *sig_opts;
-
- const mbedtls_md_info_t *md_info;
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- {
- /* Get signature options -- currently only
- * necessary for RSASSA-PSS. */
- unsigned char *p = child->sig_alg.p;
- unsigned char *end = p + child->sig_alg.len;
- ret = mbedtls_x509_get_sig_alg_raw( &p, end, &sig_md,
- &sig_pk, &sig_opts );
- if( ret != 0 )
- {
- /* Note: this can't happen except after an internal error */
- return( -1 );
- }
- }
-#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
- sig_md = child->sig_md;
- sig_pk = child->sig_pk;
- sig_opts = NULL;
-#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-
- md_info = mbedtls_md_info_from_type( sig_md );
- if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
- return( -1 );
-
- hash_len = mbedtls_md_get_size( md_info );
-
/* Skip expensive computation on obvious mismatch */
- if( ! mbedtls_pk_can_do( &parent->pk, sig_pk ) )
+ if( ! mbedtls_pk_can_do( &parent->pk, sig_info->sig_pk ) )
return( -1 );
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
{
return( mbedtls_pk_verify_restartable( &parent->pk,
- sig_md, hash, mbedtls_md_get_size( md_info ),
- child->sig.p, child->sig.len, &rs_ctx->pk ) );
+ sig_info->sig_md,
+ sig_info->crt_hash, sig_info->crt_hash_len,
+ sig_info->sig.p, sig_info->sig.len,
+ &rs_ctx->pk ) );
}
#else
(void) rs_ctx;
#endif
- ret = mbedtls_pk_verify_ext( sig_pk, sig_opts, &parent->pk,
- sig_md, hash, hash_len,
- child->sig.p, child->sig.len );
- mbedtls_free( sig_opts );
- return( ret );
+ return( mbedtls_pk_verify_ext( sig_info->sig_pk,
+ sig_info->sig_opts,
+ &parent->pk,
+ sig_info->sig_md,
+ sig_info->crt_hash, sig_info->crt_hash_len,
+ sig_info->sig.p, sig_info->sig.len ) );
}
/*
@@ -2230,14 +2206,14 @@
*
* top means parent is a locally-trusted certificate
*/
-static int x509_crt_check_parent( const mbedtls_x509_crt_frame *child,
+static int x509_crt_check_parent( const mbedtls_x509_crt_sig_info *child_sig,
const mbedtls_x509_crt *parent,
int top )
{
int need_ca_bit;
/* Parent must be the issuer */
- if( mbedtls_x509_name_cmp_raw( &child->issuer_raw,
+ if( mbedtls_x509_name_cmp_raw( &child_sig->issuer_raw,
&parent->subject_raw_no_hdr,
NULL, NULL ) != 0 )
{
@@ -2265,6 +2241,71 @@
return( 0 );
}
+typedef struct mbedtls_x509_crt_sig_info
+{
+ mbedtls_md_type_t sig_md;
+ mbedtls_pk_type_t sig_pk;
+ void *sig_opts;
+ uint8_t crt_hash[MBEDTLS_MD_MAX_SIZE];
+ size_t crt_hash_len;
+ mbedtls_x509_buf_raw sig;
+ mbedtls_x509_buf_raw issuer_raw;
+} mbedtls_x509_crt_sig_info;
+
+static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info )
+{
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ mbedtls_free( info->sig_opts );
+#else
+ ((void) info);
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+}
+
+static int x509_crt_get_sig_info( mbedtls_x509_crt_frame const *frame,
+ mbedtls_x509_crt_sig_info *info )
+{
+ const mbedtls_md_info_t *md_info;
+
+ md_info = mbedtls_md_info_from_type( frame->sig_md );
+ if( mbedtls_md( md_info, frame->tbs.p, frame->tbs.len,
+ info->crt_hash ) != 0 )
+ {
+ /* Note: this can't happen except after an internal error */
+ return( -1 );
+ }
+
+ info->crt_hash_len = mbedtls_md_get_size( md_info );
+
+ /* Make sure that this function leaves the target structure
+ * ready to be freed, regardless of success of failure. */
+ info->sig_opts = NULL;
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ {
+ int ret;
+ unsigned char *alg_start = frame->sig_alg.p;
+ unsigned char *alg_end = alg_start + frame->sig_alg.len;
+
+ /* Get signature options -- currently only
+ * necessary for RSASSA-PSS. */
+ ret = mbedtls_x509_get_sig_alg_raw( &alg_start, alg_end, &info->sig_md,
+ &info->sig_pk, &info->sig_opts );
+ if( ret != 0 )
+ {
+ /* Note: this can't happen except after an internal error */
+ return( -1 );
+ }
+ }
+#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+ info->sig_md = frame->sig_md;
+ info->sig_pk = frame->sig_pk;
+#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+ info->issuer_raw = frame->issuer_raw;
+ info->sig = frame->sig;
+ return( 0 );
+}
+
/*
* Find a suitable parent for child in candidates, or return NULL.
*
@@ -2309,7 +2350,7 @@
* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
static int x509_crt_find_parent_in(
- mbedtls_x509_crt_frame const *child,
+ mbedtls_x509_crt_sig_info const *child_sig,
mbedtls_x509_crt *candidates,
mbedtls_x509_crt **r_parent,
int *r_signature_is_good,
@@ -2361,7 +2402,7 @@
}
/* basic parenting skills (name, CA bit, key usage) */
- if( x509_crt_check_parent( child, parent, top ) == 0 )
+ if( x509_crt_check_parent( child_sig, parent, top ) == 0 )
parent_match = 1;
/* +1 because stored max_pathlen is 1 higher that the actual value */
@@ -2375,7 +2416,7 @@
continue;
/* Signature */
- ret = x509_crt_check_signature( child, parent, rs_ctx );
+ ret = x509_crt_check_signature( child_sig, parent, rs_ctx );
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
@@ -2447,7 +2488,7 @@
* - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
*/
static int x509_crt_find_parent(
- mbedtls_x509_crt_frame const *child,
+ mbedtls_x509_crt_sig_info const *child_sig,
mbedtls_x509_crt *rest,
mbedtls_x509_crt *trust_ca,
mbedtls_x509_crt **parent,
@@ -2474,7 +2515,7 @@
while( 1 ) {
search_list = *parent_is_trusted ? trust_ca : rest;
- ret = x509_crt_find_parent_in( child, search_list,
+ ret = x509_crt_find_parent_in( child_sig, search_list,
parent, signature_is_good,
*parent_is_trusted,
path_cnt, self_cnt, rs_ctx );
@@ -2520,14 +2561,6 @@
{
mbedtls_x509_crt const *cur;
- /* must be self-issued */
- if( mbedtls_x509_name_cmp_raw( &crt->issuer_raw,
- &crt->subject_raw,
- NULL, NULL ) != 0 )
- {
- return( -1 );
- }
-
/* look for an exact match with trusted cert */
for( cur = trust_ca; cur != NULL; cur = cur->next )
{
@@ -2625,7 +2658,10 @@
child_is_trusted = 0;
while( 1 ) {
- mbedtls_x509_crt_frame *child;
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ mbedtls_x509_buf_raw child_serial;
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+ int self_issued;
/* Add certificate to the verification chain */
cur = &ver_chain->items[ver_chain->len];
@@ -2637,41 +2673,72 @@
find_parent:
#endif
- ret = x509_crt_frame_acquire( child_crt, &child );
- if( ret != 0 )
- return( MBEDTLS_ERR_X509_FATAL_ERROR );
-
flags = &cur->flags;
- /* Check time-validity (all certificates) */
- if( mbedtls_x509_time_is_past( &child->valid_to ) )
- *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
- if( mbedtls_x509_time_is_future( &child->valid_from ) )
- *flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
- /* Stop here for trusted roots (but not for trusted EE certs) */
- if( child_is_trusted )
- goto release;
-
- /* Check signature algorithm: MD & PK algs */
- if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-
- if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
- /* Special case: EE certs that are locally trusted */
- if( ver_chain->len == 1 &&
- x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
{
- goto release;
- }
+ mbedtls_x509_crt_sig_info child_sig;
+ {
+ mbedtls_x509_crt_frame *child;
- /* Look for a parent in trusted CAs or up the chain */
- ret = x509_crt_find_parent( child, trust_ca, &parent,
- &parent_is_trusted, &signature_is_good,
- ver_chain->len - 1, self_cnt, rs_ctx );
+ ret = x509_crt_frame_acquire( child_crt, &child );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+
+ /* Check time-validity (all certificates) */
+ if( mbedtls_x509_time_is_past( &child->valid_to ) )
+ *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+ if( mbedtls_x509_time_is_future( &child->valid_from ) )
+ *flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
+ /* Stop here for trusted roots (but not for trusted EE certs) */
+ if( child_is_trusted )
+ {
+ x509_crt_frame_release( child_crt, child );
+ return( 0 );
+ }
+
+ self_issued = 0;
+ if( mbedtls_x509_name_cmp_raw( &child->issuer_raw,
+ &child->subject_raw,
+ NULL, NULL ) == 0 )
+ {
+ self_issued = 1;
+ }
+
+ /* Check signature algorithm: MD & PK algs */
+ if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+
+ if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+
+ /* Special case: EE certs that are locally trusted */
+ if( ver_chain->len == 1 && self_issued &&
+ x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
+ {
+ x509_crt_frame_release( child_crt, child );
+ return( 0 );
+ }
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ child_serial = child->serial;
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+ ret = x509_crt_get_sig_info( child, &child_sig );
+
+ x509_crt_frame_release( child_crt, child );
+ if( ret != 0 )
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
+ }
+
+ /* Look for a parent in trusted CAs or up the chain */
+ ret = x509_crt_find_parent( &child_sig, child_crt->next,
+ trust_ca, &parent,
+ &parent_is_trusted, &signature_is_good,
+ ver_chain->len - 1, self_cnt, rs_ctx );
+
+ x509_crt_free_sig_info( &child_sig );
+ }
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
@@ -2680,8 +2747,7 @@
rs_ctx->in_progress = x509_crt_rs_find_parent;
rs_ctx->self_cnt = self_cnt;
rs_ctx->ver_chain = *ver_chain; /* struct copy */
-
- goto release;
+ return( ret );
}
#else
(void) ret;
@@ -2691,19 +2757,14 @@
if( parent == NULL )
{
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
- goto release;
+ return( 0 );
}
/* Count intermediate self-issued (not necessarily self-signed) certs.
* These can occur with some strategies for key rollover, see [SIRO],
* and should be excluded from max_pathlen checks. */
- if( ver_chain->len != 1 &&
- mbedtls_x509_name_cmp_raw( &child->issuer_raw,
- &child->subject_raw,
- NULL, NULL ) == 0 )
- {
+ if( ver_chain->len != 1 && self_issued )
self_cnt++;
- }
/* path_cnt is 0 for the first intermediate CA,
* and if parent is trusted it's not an intermediate CA */
@@ -2711,8 +2772,7 @@
ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
{
/* return immediately to avoid overflow the chain array */
- ret = MBEDTLS_ERR_X509_FATAL_ERROR;
- goto release;
+ return( MBEDTLS_ERR_X509_FATAL_ERROR );
}
/* signature was checked while searching parent */
@@ -2725,24 +2785,19 @@
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the given crt */
- *flags |= x509_crt_verifycrl( child->serial.p,
- child->serial.len,
+ *flags |= x509_crt_verifycrl( child_serial.p,
+ child_serial.len,
parent, ca_crl, profile );
#else
(void) ca_crl;
#endif
/* prepare for next iteration */
- x509_crt_frame_release( child_crt, child );
child_crt = parent;
parent = NULL;
child_is_trusted = parent_is_trusted;
signature_is_good = 0;
}
-
-release:
- x509_crt_frame_release( child_crt, child );
- return( ret );
}
/*