39 #if defined(POLARSSL_X509_PARSE_C)
61 #if defined(POLARSSL_FS_IO)
64 #include <sys/types.h>
72 static int x509_get_version(
unsigned char **p,
73 const unsigned char *end,
106 static int x509_crl_get_version(
unsigned char **p,
107 const unsigned char *end,
129 static int x509_get_serial(
unsigned char **p,
130 const unsigned char *end,
135 if( ( end - *p ) < 1 )
144 serial->
tag = *(*p)++;
160 static int x509_get_alg(
unsigned char **p,
161 const unsigned char *end,
205 static int x509_get_attr_type_value(
unsigned char **p,
206 const unsigned char *end,
227 if( ( end - *p ) < 1 )
263 static int x509_get_name(
unsigned char **p,
264 const unsigned char *end,
269 const unsigned char *end2;
282 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
290 if( use->
next == NULL )
309 if( cur->
next == NULL )
314 return( x509_get_name( p, end2, cur->
next ) );
322 static int x509_get_time(
unsigned char **p,
323 const unsigned char *end,
331 if( ( end - *p ) < 1 )
345 memset( date, 0,
sizeof( date ) );
346 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
347 len :
sizeof( date ) - 1 );
349 if( sscanf( date,
"%2d%2d%2d%2d%2d%2d",
354 time->
year += 100 * ( time->
year < 50 );
369 memset( date, 0,
sizeof( date ) );
370 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
371 len :
sizeof( date ) - 1 );
373 if( sscanf( date,
"%4d%2d%2d%2d%2d%2d",
392 static int x509_get_dates(
unsigned char **p,
393 const unsigned char *end,
406 if( ( ret = x509_get_time( p, end, from ) ) != 0 )
409 if( ( ret = x509_get_time( p, end, to ) ) != 0 )
424 static int x509_get_pubkey(
unsigned char **p,
425 const unsigned char *end,
433 if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
441 if( pk_alg_oid->
len == 9 &&
445 if( pk_alg_oid->
len == 9 &&
448 if( pk_alg_oid->
p[8] >= 2 && pk_alg_oid->
p[8] <= 5 )
451 if ( pk_alg_oid->
p[8] >= 11 && pk_alg_oid->
p[8] <= 14 )
455 if( pk_alg_oid->
len == 5 &&
459 if( can_handle == 0 )
465 if( ( end - *p ) < 1 )
484 if( *p + len != end2 )
499 static int x509_get_sig(
unsigned char **p,
500 const unsigned char *end,
506 if( ( end - *p ) < 1 )
516 if( --len < 1 || *(*p)++ != 0 )
530 static int x509_get_uid(
unsigned char **p,
531 const unsigned char *end,
560 static int x509_get_ext(
unsigned char **p,
561 const unsigned char *end,
591 if( end != *p + len )
601 static int x509_get_crl_ext(
unsigned char **p,
602 const unsigned char *end,
609 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
636 static int x509_get_crl_entry_ext(
unsigned char **p,
637 const unsigned char *end,
667 if( end != *p + ext->
len )
687 static int x509_get_basic_constraints(
unsigned char **p,
688 const unsigned char *end,
718 if( *ca_istrue != 0 )
725 if( ( ret =
asn1_get_int( p, end, max_pathlen ) ) != 0 )
737 static int x509_get_ns_cert_type(
unsigned char **p,
738 const unsigned char *end,
739 unsigned char *ns_cert_type)
752 *ns_cert_type = *bs.
p;
756 static int x509_get_key_usage(
unsigned char **p,
757 const unsigned char *end,
758 unsigned char *key_usage)
780 static int x509_get_ext_key_usage(
unsigned char **p,
781 const unsigned char *end,
790 if( ext_key_usage->
buf.
p == NULL )
823 static int x509_get_subject_alt_name(
unsigned char **p,
824 const unsigned char *end,
838 if( *p + len != end )
844 if( ( end - *p ) < 1 )
857 if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
875 if( cur->
next == NULL )
901 static int x509_get_crt_ext(
unsigned char **p,
902 const unsigned char *end,
907 unsigned char *end_ext_data, *end_ext_octet;
909 if( ( ret = x509_get_ext( p, end, &crt->
v3_ext, 3 ) ) != 0 )
932 end_ext_data = *p + len;
943 if( ( end - *p ) < 1 )
948 if( ( ret =
asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
957 end_ext_octet = *p + len;
959 if( end_ext_octet != end_ext_data )
970 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
979 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
988 if( ( ret = x509_get_key_usage( p, end_ext_octet,
997 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
1006 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1016 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1037 static int x509_get_entries(
unsigned char **p,
1038 const unsigned char *end,
1057 end = *p + entry_len;
1062 const unsigned char *end2;
1070 cur_entry->
raw.
tag = **p;
1071 cur_entry->
raw.
p = *p;
1072 cur_entry->
raw.
len = len2;
1075 if( ( ret = x509_get_serial( p, end2, &cur_entry->
serial ) ) != 0 )
1078 if( ( ret = x509_get_time( p, end2, &cur_entry->
revocation_date ) ) != 0 )
1081 if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->
entry_ext ) ) != 0 )
1088 if( cur_entry->
next == NULL )
1091 cur_entry = cur_entry->
next;
1101 if( sig_oid->
len == 9 &&
1104 if( sig_oid->
p[8] >= 2 && sig_oid->
p[8] <= 5 )
1106 *sig_alg = sig_oid->
p[8];
1110 if ( sig_oid->
p[8] >= 11 && sig_oid->
p[8] <= 14 )
1112 *sig_alg = sig_oid->
p[8];
1118 if( sig_oid->
len == 5 &&
1131 int x509parse_crt_der(
x509_cert *crt,
const unsigned char *buf,
size_t buflen )
1135 unsigned char *p, *end, *crt_end;
1140 if( crt == NULL || buf == NULL )
1143 p = (
unsigned char *) malloc( len = buflen );
1148 memcpy( p, buf, buflen );
1169 if( len > (
size_t) ( end - p ) )
1199 if( ( ret = x509_get_version( &p, end, &crt->
version ) ) != 0 ||
1200 ( ret = x509_get_serial( &p, end, &crt->
serial ) ) != 0 ||
1201 ( ret = x509_get_alg( &p, end, &crt->
sig_oid1 ) ) != 0 )
1215 if( ( ret = x509_get_sig_alg( &crt->
sig_oid1, &crt->
sig_alg ) ) != 0 )
1233 if( ( ret = x509_get_name( &p, p + len, &crt->
issuer ) ) != 0 )
1247 if( ( ret = x509_get_dates( &p, end, &crt->
valid_from,
1266 if( len && ( ret = x509_get_name( &p, p + len, &crt->
subject ) ) != 0 )
1286 if( ( ret = x509_get_pubkey( &p, p + len, &crt->
pk_oid,
1287 &crt->
rsa.
N, &crt->
rsa.
E ) ) != 0 )
1311 ret = x509_get_uid( &p, end, &crt->
issuer_id, 1 );
1321 ret = x509_get_uid( &p, end, &crt->
subject_id, 2 );
1331 ret = x509_get_crt_ext( &p, end, crt);
1352 if( ( ret = x509_get_alg( &p, end, &crt->
sig_oid2 ) ) != 0 )
1365 if( ( ret = x509_get_sig( &p, end, &crt->
sig ) ) != 0 )
1386 int ret, success = 0, first_error = 0, total_failed = 0;
1395 if( crt == NULL || buf == NULL )
1411 if( crt->
next == NULL )
1423 #if defined(POLARSSL_PEM_C)
1424 if( strstr( (
char *) buf,
"-----BEGIN CERTIFICATE-----" ) != NULL )
1429 return x509parse_crt_der( crt, buf, buflen );
1431 #if defined(POLARSSL_PEM_C)
1442 "-----BEGIN CERTIFICATE-----",
1443 "-----END CERTIFICATE-----",
1444 buf, NULL, 0, &use_len );
1458 if( first_error == 0 )
1466 ret = x509parse_crt_der( crt, pem.
buf, pem.
buflen );
1486 if( first_error == 0 )
1502 if( crt->
next == NULL )
1522 return( total_failed );
1523 else if( first_error )
1524 return( first_error );
1536 unsigned char *p, *end;
1538 #if defined(POLARSSL_PEM_C)
1548 if( crl == NULL || buf == NULL )
1561 if( crl->
next == NULL )
1568 memset( crl, 0,
sizeof(
x509_crl ) );
1571 #if defined(POLARSSL_PEM_C)
1574 "-----BEGIN X509 CRL-----",
1575 "-----END X509 CRL-----",
1576 buf, NULL, 0, &use_len );
1604 p = (
unsigned char *) malloc( len = buflen );
1609 memcpy( p, buf, buflen );
1614 p = (
unsigned char *) malloc( len = buflen );
1619 memcpy( p, buf, buflen );
1641 if( len != (
size_t) ( end - p ) )
1669 if( ( ret = x509_crl_get_version( &p, end, &crl->
version ) ) != 0 ||
1670 ( ret = x509_get_alg( &p, end, &crl->
sig_oid1 ) ) != 0 )
1684 if( ( ret = x509_get_sig_alg( &crl->
sig_oid1, &crl->
sig_alg ) ) != 0 )
1702 if( ( ret = x509_get_name( &p, p + len, &crl->
issuer ) ) != 0 )
1714 if( ( ret = x509_get_time( &p, end, &crl->
this_update ) ) != 0 )
1720 if( ( ret = x509_get_time( &p, end, &crl->
next_update ) ) != 0 )
1740 if( ( ret = x509_get_entries( &p, end, &crl->
entry ) ) != 0 )
1752 ret = x509_get_crl_ext( &p, end, &crl->
crl_ext );
1774 if( ( ret = x509_get_alg( &p, end, &crl->
sig_oid2 ) ) != 0 )
1787 if( ( ret = x509_get_sig( &p, end, &crl->
sig ) ) != 0 )
1804 if( crl->
next == NULL )
1811 memset( crl, 0,
sizeof(
x509_crl ) );
1819 #if defined(POLARSSL_FS_IO)
1823 int load_file(
const char *path,
unsigned char **buf,
size_t *n )
1827 if( ( f = fopen( path,
"rb" ) ) == NULL )
1830 fseek( f, 0, SEEK_END );
1831 *n = (size_t) ftell( f );
1832 fseek( f, 0, SEEK_SET );
1834 if( ( *buf = (
unsigned char *) malloc( *n + 1 ) ) == NULL )
1837 if( fread( *buf, 1, *n, f ) != *n )
1860 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1865 memset( buf, 0, n + 1 );
1876 WCHAR szDir[MAX_PATH];
1877 char filename[MAX_PATH];
1879 int len = strlen( path );
1881 WIN32_FIND_DATAW file_data;
1884 if( len > MAX_PATH - 3 )
1887 memset( szDir, 0,
sizeof(szDir) );
1888 memset( filename, 0, MAX_PATH );
1889 memcpy( filename, path, len );
1890 filename[len++] =
'\\';
1892 filename[len++] =
'*';
1894 w_ret = MultiByteToWideChar( CP_ACP, 0, path, len, szDir, MAX_PATH - 3 );
1896 hFind = FindFirstFileW( szDir, &file_data );
1897 if (hFind == INVALID_HANDLE_VALUE)
1900 len = MAX_PATH - len;
1903 memset( p, 0, len );
1905 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1908 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1909 lstrlenW(file_data.cFileName),
1922 while( FindNextFileW( hFind, &file_data ) != 0 );
1924 if (GetLastError() != ERROR_NO_MORE_FILES)
1931 struct dirent *entry;
1932 char entry_name[255];
1933 DIR *dir = opendir( path );
1938 while( ( entry = readdir( dir ) ) != NULL )
1940 if( entry->d_type != DT_REG )
1943 snprintf( entry_name,
sizeof(entry_name),
"%s/%s", path, entry->d_name );
1968 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1973 memset( buf, 0, n + 1 );
1988 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1995 (
unsigned char *) pwd, strlen( pwd ) );
1997 memset( buf, 0, n + 1 );
2012 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2017 memset( buf, 0, n + 1 );
2028 const unsigned char *pwd,
size_t pwdlen )
2032 unsigned char *p, *end;
2033 unsigned char *p_alt;
2036 #if defined(POLARSSL_PEM_C)
2041 "-----BEGIN RSA PRIVATE KEY-----",
2042 "-----END RSA PRIVATE KEY-----",
2043 key, pwd, pwdlen, &len );
2048 "-----BEGIN PRIVATE KEY-----",
2049 "-----END PRIVATE KEY-----",
2050 key, pwd, pwdlen, &len );
2066 p = ( ret == 0 ) ? pem.
buf : (
unsigned char *) key;
2070 p = (
unsigned char *) key;
2105 #if defined(POLARSSL_PEM_C)
2116 #if defined(POLARSSL_PEM_C)
2125 #if defined(POLARSSL_PEM_C)
2134 if( ( ret = x509_get_alg( &p_alt, end, &pk_alg_oid ) ) != 0 )
2142 #if defined(POLARSSL_PEM_C)
2158 if( pk_alg_oid.
len == 9 &&
2162 if( pk_alg_oid.
len == 9 &&
2165 if( pk_alg_oid.
p[8] >= 2 && pk_alg_oid.
p[8] <= 5 )
2168 if ( pk_alg_oid.
p[8] >= 11 && pk_alg_oid.
p[8] <= 14 )
2172 if( pk_alg_oid.
len == 5 &&
2176 if( can_handle == 0 )
2186 #if defined(POLARSSL_PEM_C)
2193 if( ( end - p ) < 1 )
2195 #if defined(POLARSSL_PEM_C)
2208 #if defined(POLARSSL_PEM_C)
2219 #if defined(POLARSSL_PEM_C)
2228 #if defined(POLARSSL_PEM_C)
2245 #if defined(POLARSSL_PEM_C)
2256 #if defined(POLARSSL_PEM_C)
2266 #if defined(POLARSSL_PEM_C)
2273 #if defined(POLARSSL_PEM_C)
2287 unsigned char *p, *end;
2289 #if defined(POLARSSL_PEM_C)
2294 "-----BEGIN PUBLIC KEY-----",
2295 "-----END PUBLIC KEY-----",
2296 key, NULL, 0, &len );
2311 p = ( ret == 0 ) ? pem.
buf : (
unsigned char *) key;
2313 p = (
unsigned char *) key;
2337 #if defined(POLARSSL_PEM_C)
2344 if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->
N, &rsa->
E ) ) != 0 )
2346 #if defined(POLARSSL_PEM_C)
2355 #if defined(POLARSSL_PEM_C)
2364 #if defined(POLARSSL_PEM_C)
2371 #if defined(POLARSSL_DHM_C)
2379 unsigned char *p, *end;
2380 #if defined(POLARSSL_PEM_C)
2386 "-----BEGIN DH PARAMETERS-----",
2387 "-----END DH PARAMETERS-----",
2388 dhmin, NULL, 0, &dhminlen );
2403 p = ( ret == 0 ) ? pem.
buf : (
unsigned char *) dhmin;
2405 p = (
unsigned char *) dhmin;
2420 #if defined(POLARSSL_PEM_C)
2431 #if defined(POLARSSL_PEM_C)
2440 #if defined(POLARSSL_PEM_C)
2448 #if defined(POLARSSL_PEM_C)
2455 #if defined(POLARSSL_FS_IO)
2465 if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2470 memset( buf, 0, n + 1 );
2478 #if defined _MSC_VER && !defined snprintf
2481 #if !defined vsnprintf
2482 #define vsnprintf _vsnprintf
2492 int compat_snprintf(
char *str,
size_t size,
const char *format, ...)
2497 va_start( ap, format );
2499 res = vsnprintf( str, size, format, ap );
2505 return( (
int) size + 20 );
2510 #define snprintf compat_snprintf
2513 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2515 #define SAFE_SNPRINTF() \
2520 if ( (unsigned int) ret > n ) { \
2522 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2525 n -= (unsigned int) ret; \
2526 p += (unsigned int) ret; \
2541 memset( s, 0,
sizeof( s ) );
2547 while( name != NULL )
2557 ret = snprintf( p, n,
", " );
2561 if( name->
oid.
len == 3 &&
2564 switch( name->
oid.
p[2] )
2567 ret = snprintf( p, n,
"CN=" );
break;
2570 ret = snprintf( p, n,
"C=" );
break;
2573 ret = snprintf( p, n,
"L=" );
break;
2576 ret = snprintf( p, n,
"ST=" );
break;
2579 ret = snprintf( p, n,
"O=" );
break;
2582 ret = snprintf( p, n,
"OU=" );
break;
2585 ret = snprintf( p, n,
"0x%02X=",
2591 else if( name->
oid.
len == 9 &&
2594 switch( name->
oid.
p[8] )
2597 ret = snprintf( p, n,
"emailAddress=" );
break;
2600 ret = snprintf( p, n,
"0x%02X=",
2608 ret = snprintf( p, n,
"\?\?=" );
2612 for( i = 0; i < name->
val.
len; i++ )
2614 if( i >=
sizeof( s ) - 1 )
2618 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2623 ret = snprintf( p, n,
"%s", s );
2628 return( (
int) ( size - n ) );
2644 nr = ( serial->
len <= 32 )
2647 for( i = 0; i < nr; i++ )
2649 if( i == 0 && nr > 1 && serial->
p[i] == 0x0 )
2652 ret = snprintf( p, n,
"%02X%s",
2653 serial->
p[i], ( i < nr - 1 ) ?
":" :
"" );
2657 if( nr != serial->
len )
2659 ret = snprintf( p, n,
"...." );
2663 return( (
int) ( size - n ) );
2679 ret = snprintf( p, n,
"%scert. version : %d\n",
2682 ret = snprintf( p, n,
"%sserial number : ",
2689 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
2694 ret = snprintf( p, n,
"\n%ssubject name : ", prefix );
2699 ret = snprintf( p, n,
"\n%sissued on : " \
2700 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2706 ret = snprintf( p, n,
"\n%sexpires on : " \
2707 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2713 ret = snprintf( p, n,
"\n%ssigned using : RSA+", prefix );
2718 case SIG_RSA_MD2 : ret = snprintf( p, n,
"MD2" );
break;
2719 case SIG_RSA_MD4 : ret = snprintf( p, n,
"MD4" );
break;
2720 case SIG_RSA_MD5 : ret = snprintf( p, n,
"MD5" );
break;
2721 case SIG_RSA_SHA1 : ret = snprintf( p, n,
"SHA1" );
break;
2726 default: ret = snprintf( p, n,
"???" );
break;
2730 ret = snprintf( p, n,
"\n%sRSA key size : %d bits\n", prefix,
2731 (
int) crt->
rsa.
N.
n * (
int)
sizeof(
t_uint ) * 8 );
2734 return( (
int) ( size - n ) );
2738 #define OID_CMP(oid_str, oid_buf) \
2739 ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
2740 memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
2785 ret = snprintf( p, n,
"%d.%d", oid->
p[0]/40, oid->
p[0]%40 );
2791 for( i = 1; i < oid->
len; i++ )
2794 value += oid->
p[i] & 0x7F;
2796 if( !( oid->
p[i] & 0x80 ) )
2799 ret = snprintf( p, n,
".%d", value );
2805 return( (
int) ( size - n ) );
2822 ret = snprintf( p, n,
"%sCRL version : %d",
2826 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
2831 ret = snprintf( p, n,
"\n%sthis update : " \
2832 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2838 ret = snprintf( p, n,
"\n%snext update : " \
2839 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2845 entry = &crl->
entry;
2847 ret = snprintf( p, n,
"\n%sRevoked certificates:",
2851 while( entry != NULL && entry->
raw.
len != 0 )
2853 ret = snprintf( p, n,
"\n%sserial number: ",
2860 ret = snprintf( p, n,
" revocation date: " \
2861 "%04d-%02d-%02d %02d:%02d:%02d",
2867 entry = entry->
next;
2870 ret = snprintf( p, n,
"\n%ssigned using : RSA+", prefix );
2875 case SIG_RSA_MD2 : ret = snprintf( p, n,
"MD2" );
break;
2876 case SIG_RSA_MD4 : ret = snprintf( p, n,
"MD4" );
break;
2877 case SIG_RSA_MD5 : ret = snprintf( p, n,
"MD5" );
break;
2878 case SIG_RSA_SHA1 : ret = snprintf( p, n,
"SHA1" );
break;
2883 default: ret = snprintf( p, n,
"???" );
break;
2887 ret = snprintf( p, n,
"\n" );
2890 return( (
int) ( size - n ) );
2917 lt = localtime( &tt );
2919 year = lt->tm_year + 1900;
2920 mon = lt->tm_mon + 1;
2927 if( year > to->
year )
2930 if( year == to->
year &&
2934 if( year == to->
year &&
2939 if( year == to->
year &&
2945 if( year == to->
year &&
2952 if( year == to->
year &&
2970 while( cur != NULL && cur->
serial.
len != 0 )
2988 static void x509_hash(
const unsigned char *in,
size_t len,
int alg,
2989 unsigned char *out )
2993 #if defined(POLARSSL_MD2_C)
2996 #if defined(POLARSSL_MD4_C)
2999 #if defined(POLARSSL_MD5_C)
3002 #if defined(POLARSSL_SHA1_C)
3005 #if defined(POLARSSL_SHA2_C)
3009 #if defined(POLARSSL_SHA4_C)
3014 memset( out,
'\xFF', 64 );
3027 unsigned char hash[64];
3038 while( crl_list != NULL )
3045 crl_list = crl_list->
next;
3054 x509_hash( crl_list->
tbs.
p, crl_list->
tbs.
len, hash_id, hash );
3057 0, hash, crl_list->
sig.
p ) == 0 )
3081 crl_list = crl_list->
next;
3086 int x509_wildcard_verify(
const char *cn,
x509_buf *name )
3091 if( name->
len < 3 || name->
p[0] !=
'*' || name->
p[1] !=
'.' )
3094 for( i = 0; i < strlen( cn ); ++i )
3106 if( strlen( cn ) - cn_idx == name->
len - 1 &&
3107 memcmp( name->
p + 1, cn + cn_idx, name->
len - 1 ) == 0 )
3115 static int x509parse_verify_top(
3117 x509_crl *ca_crl,
int path_cnt,
int *flags,
3118 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3122 int ca_flags = 0, check_path_cnt = path_cnt + 1;
3123 unsigned char hash[64];
3133 while( trust_ca != NULL )
3140 trust_ca = trust_ca->
next;
3158 trust_ca = trust_ca->
next;
3164 x509_hash( child->
tbs.
p, child->
tbs.
len, hash_id, hash );
3167 0, hash, child->
sig.
p ) != 0 )
3169 trust_ca = trust_ca->
next;
3185 if( trust_ca != NULL &&
3191 *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
3196 if( NULL != f_vrfy )
3198 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
3204 if( NULL != f_vrfy )
3206 if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
3215 static int x509parse_verify_child(
3217 x509_crl *ca_crl,
int path_cnt,
int *flags,
3218 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3222 int parent_flags = 0;
3223 unsigned char hash[64];
3231 x509_hash( child->
tbs.
p, child->
tbs.
len, hash_id, hash );
3234 child->
sig.
p ) != 0 )
3238 *flags |= x509parse_verifycrl(child, parent, ca_crl);
3240 grandparent = parent->
next;
3242 while( grandparent != NULL )
3244 if( grandparent->
version == 0 ||
3250 grandparent = grandparent->
next;
3256 if( grandparent != NULL )
3261 ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3267 ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3273 if( NULL != f_vrfy )
3274 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
3277 *flags |= parent_flags;
3288 const char *cn,
int *flags,
3289 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3304 cn_len = strlen( cn );
3310 while( cur != NULL )
3312 if( cur->
buf.
len == cn_len &&
3313 memcmp( cn, cur->
buf.
p, cn_len ) == 0 )
3317 memcmp( cur->
buf.
p,
"*.", 2 ) == 0 &&
3318 x509_wildcard_verify( cn, &cur->
buf ) )
3329 while( name != NULL )
3331 if( name->
oid.
len == 3 &&
3334 if( name->
val.
len == cn_len &&
3335 memcmp( name->
val.
p, cn, cn_len ) == 0 )
3339 memcmp( name->
val.
p,
"*.", 2 ) == 0 &&
3340 x509_wildcard_verify( cn, &name->
val ) )
3358 while( parent != NULL && parent->
version != 0 )
3365 parent = parent->
next;
3371 if( parent != NULL )
3376 ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3382 ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3413 while( name_cur != NULL )
3415 name_prv = name_cur;
3416 name_cur = name_cur->
next;
3417 memset( name_prv, 0,
sizeof(
x509_name ) );
3422 while( name_cur != NULL )
3424 name_prv = name_cur;
3425 name_cur = name_cur->
next;
3426 memset( name_prv, 0,
sizeof(
x509_name ) );
3431 while( seq_cur != NULL )
3434 seq_cur = seq_cur->
next;
3440 while( seq_cur != NULL )
3443 seq_cur = seq_cur->
next;
3448 if( cert_cur->
raw.
p != NULL )
3450 memset( cert_cur->
raw.
p, 0, cert_cur->
raw.
len );
3451 free( cert_cur->
raw.
p );
3454 cert_cur = cert_cur->
next;
3456 while( cert_cur != NULL );
3461 cert_prv = cert_cur;
3462 cert_cur = cert_cur->
next;
3464 memset( cert_prv, 0,
sizeof(
x509_cert ) );
3465 if( cert_prv != crt )
3468 while( cert_cur != NULL );
3489 while( name_cur != NULL )
3491 name_prv = name_cur;
3492 name_cur = name_cur->
next;
3493 memset( name_prv, 0,
sizeof(
x509_name ) );
3498 while( entry_cur != NULL )
3500 entry_prv = entry_cur;
3501 entry_cur = entry_cur->
next;
3506 if( crl_cur->
raw.
p != NULL )
3508 memset( crl_cur->
raw.
p, 0, crl_cur->
raw.
len );
3509 free( crl_cur->
raw.
p );
3512 crl_cur = crl_cur->
next;
3514 while( crl_cur != NULL );
3520 crl_cur = crl_cur->
next;
3522 memset( crl_prv, 0,
sizeof(
x509_crl ) );
3523 if( crl_prv != crl )
3526 while( crl_cur != NULL );
3529 #if defined(POLARSSL_SELF_TEST)
3538 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3545 #if defined(POLARSSL_DHM_C)
3550 printf(
" X.509 certificate load: " );
3552 memset( &clicert, 0,
sizeof(
x509_cert ) );
3554 ret =
x509parse_crt( &clicert, (
unsigned char *) test_cli_crt,
3555 strlen( test_cli_crt ) );
3559 printf(
"failed\n" );
3564 memset( &cacert, 0,
sizeof(
x509_cert ) );
3566 ret =
x509parse_crt( &cacert, (
unsigned char *) test_ca_crt,
3567 strlen( test_ca_crt ) );
3571 printf(
"failed\n" );
3577 printf(
"passed\n X.509 private key load: " );
3579 i = strlen( test_ca_key );
3580 j = strlen( test_ca_pwd );
3585 (
unsigned char *) test_ca_key, i,
3586 (
unsigned char *) test_ca_pwd, j ) ) != 0 )
3589 printf(
"failed\n" );
3595 printf(
"passed\n X.509 signature verify: ");
3597 ret =
x509parse_verify( &clicert, &cacert, NULL,
"PolarSSL Client 2", &flags, NULL, NULL );
3600 printf(
"%02x", flags);
3602 printf(
"failed\n" );
3607 #if defined(POLARSSL_DHM_C)
3609 printf(
"passed\n X.509 DHM parameter load: " );
3611 i = strlen( test_dhm_params );
3612 j = strlen( test_ca_pwd );
3614 if( ( ret =
x509parse_dhm( &dhm, (
unsigned char *) test_dhm_params, i ) ) != 0 )
3617 printf(
"failed\n" );
3623 printf(
"passed\n\n" );
3629 #if defined(POLARSSL_DHM_C)