39 #if defined(POLARSSL_X509_CRT_PARSE_C)
43 #if defined(POLARSSL_PEM_PARSE_C)
47 #if defined(POLARSSL_MEMORY_C)
50 #define polarssl_malloc malloc
51 #define polarssl_free free
62 #if defined(POLARSSL_FS_IO)
65 #include <sys/types.h>
74 static int x509_get_version(
unsigned char **p,
75 const unsigned char *end,
110 static int x509_get_dates(
unsigned char **p,
111 const unsigned char *end,
140 static int x509_get_uid(
unsigned char **p,
141 const unsigned char *end,
166 static int x509_get_basic_constraints(
unsigned char **p,
167 const unsigned char *end,
197 if( *ca_istrue != 0 )
204 if( ( ret =
asn1_get_int( p, end, max_pathlen ) ) != 0 )
216 static int x509_get_ns_cert_type(
unsigned char **p,
217 const unsigned char *end,
218 unsigned char *ns_cert_type)
231 *ns_cert_type = *bs.
p;
235 static int x509_get_key_usage(
unsigned char **p,
236 const unsigned char *end,
237 unsigned char *key_usage)
259 static int x509_get_ext_key_usage(
unsigned char **p,
260 const unsigned char *end,
269 if( ext_key_usage->
buf.
p == NULL )
302 static int x509_get_subject_alt_name(
unsigned char **p,
303 const unsigned char *end,
317 if( *p + len != end )
323 if( ( end - *p ) < 1 )
336 if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
354 if( cur->
next == NULL )
380 static int x509_get_crt_ext(
unsigned char **p,
381 const unsigned char *end,
386 unsigned char *end_ext_data, *end_ext_octet;
412 end_ext_data = *p + len;
423 if( ( end - *p ) < 1 )
428 if( ( ret =
asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
437 end_ext_octet = *p + len;
439 if( end_ext_octet != end_ext_data )
453 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
470 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
477 if( ( ret = x509_get_key_usage( p, end_ext_octet,
484 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
491 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
498 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
518 static int x509_crt_parse_der_core(
x509_crt *crt,
const unsigned char *buf,
523 unsigned char *p, *end, *crt_end;
528 if( crt == NULL || buf == NULL )
536 memcpy( p, buf, buflen );
557 if( len > (
size_t) ( end - p ) )
587 if( ( ret = x509_get_version( &p, end, &crt->
version ) ) != 0 ||
636 if( ( ret = x509_get_dates( &p, end, &crt->
valid_from,
682 ret = x509_get_uid( &p, end, &crt->
issuer_id, 1 );
692 ret = x509_get_uid( &p, end, &crt->
subject_id, 2 );
700 #if !defined(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
704 ret = x509_get_crt_ext( &p, end, crt);
710 #if !defined(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
767 x509_crt *crt = chain, *prev = NULL;
772 if( crt == NULL || buf == NULL )
788 if( crt->
next == NULL )
796 if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
815 int success = 0, first_error = 0, total_failed = 0;
821 if( chain == NULL || buf == NULL )
828 #if defined(POLARSSL_PEM_PARSE_C)
829 if( strstr( (
const char *) buf,
"-----BEGIN CERTIFICATE-----" ) != NULL )
836 #if defined(POLARSSL_PEM_PARSE_C)
847 ret = pem_read_buffer( &pem,
848 "-----BEGIN CERTIFICATE-----",
849 "-----END CERTIFICATE-----",
850 buf, NULL, 0, &use_len );
874 if( first_error == 0 )
894 if( first_error == 0 )
907 return( total_failed );
908 else if( first_error )
909 return( first_error );
914 #if defined(POLARSSL_FS_IO)
929 memset( buf, 0, n + 1 );
940 WCHAR szDir[MAX_PATH];
941 char filename[MAX_PATH];
943 int len = (int) strlen( path );
945 WIN32_FIND_DATAW file_data;
948 if( len > MAX_PATH - 3 )
951 memset( szDir, 0,
sizeof(szDir) );
952 memset( filename, 0, MAX_PATH );
953 memcpy( filename, path, len );
954 filename[len++] =
'\\';
956 filename[len++] =
'*';
958 w_ret = MultiByteToWideChar( CP_ACP, 0, path, len, szDir, MAX_PATH - 3 );
960 hFind = FindFirstFileW( szDir, &file_data );
961 if (hFind == INVALID_HANDLE_VALUE)
964 len = MAX_PATH - len;
969 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
972 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
973 lstrlenW(file_data.cFileName),
983 while( FindNextFileW( hFind, &file_data ) != 0 );
985 if (GetLastError() != ERROR_NO_MORE_FILES)
990 #if defined(POLARSSL_HAVE_READDIR_R)
993 struct dirent entry, *result = NULL;
994 char entry_name[255];
995 DIR *dir = opendir( path );
1000 while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
1002 if( result == NULL )
1005 snprintf( entry_name,
sizeof(entry_name),
"%s/%s", path, entry.d_name );
1007 i = stat( entry_name, &sb );
1015 if( !S_ISREG( sb.st_mode ) )
1038 #if defined _MSC_VER && !defined snprintf
1041 #if !defined vsnprintf
1042 #define vsnprintf _vsnprintf
1052 static int compat_snprintf(
char *str,
size_t size,
const char *format, ...)
1057 va_start( ap, format );
1059 res = vsnprintf( str, size, format, ap );
1065 return( (
int) size + 20 );
1070 #define snprintf compat_snprintf
1073 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
1075 #define SAFE_SNPRINTF() \
1080 if ( (unsigned int) ret > n ) { \
1082 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
1085 n -= (unsigned int) ret; \
1086 p += (unsigned int) ret; \
1092 #define BEFORE_COLON 14
1094 int x509_crt_info(
char *buf,
size_t size,
const char *prefix,
1100 const char *desc = NULL;
1101 char key_size_str[BEFORE_COLON];
1106 ret = snprintf( p, n,
"%scert. version : %d\n",
1109 ret = snprintf( p, n,
"%sserial number : ",
1116 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
1121 ret = snprintf( p, n,
"\n%ssubject name : ", prefix );
1126 ret = snprintf( p, n,
"\n%sissued on : " \
1127 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1133 ret = snprintf( p, n,
"\n%sexpires on : " \
1134 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1140 ret = snprintf( p, n,
"\n%ssigned using : ", prefix );
1145 ret = snprintf( p, n,
"???" );
1147 ret = snprintf( p, n,
"%s", desc );
1156 ret = snprintf( p, n,
"\n%s%-" BC
"s: %d bits\n", prefix, key_size_str,
1160 return( (
int) ( size - n ) );
1163 #if defined(POLARSSL_X509_CRL_PARSE_C)
1171 while( cur != NULL && cur->
serial.
len != 0 )
1205 while( crl_list != NULL )
1212 crl_list = crl_list->
next;
1220 if( md_info == NULL )
1229 md( md_info, crl_list->
tbs.
p, crl_list->
tbs.
len, hash );
1254 crl_list = crl_list->
next;
1261 static int x509_name_cmp(
const void *s1,
const void *s2,
size_t len )
1265 const unsigned char *n1 = s1, *n2 = s2;
1267 for( i = 0; i < len; i++ )
1269 diff = n1[i] ^ n2[i];
1271 if( ( n1[i] >=
'a' || n1[i] <=
'z' ) && ( diff == 0 || diff == 32 ) )
1274 if( ( n1[i] >=
'A' || n1[i] <=
'Z' ) && ( diff == 0 || diff == 32 ) )
1283 static int x509_wildcard_verify(
const char *cn,
x509_buf *name )
1288 if( name->
len < 3 || name->
p[0] !=
'*' || name->
p[1] !=
'.' )
1291 for( i = 0; i < strlen( cn ); ++i )
1303 if( strlen( cn ) - cn_idx == name->
len - 1 &&
1304 x509_name_cmp( name->
p + 1, cn + cn_idx, name->
len - 1 ) == 0 )
1312 static int x509_crt_verify_top(
1314 x509_crl *ca_crl,
int path_cnt,
int *flags,
1315 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
1319 int ca_flags = 0, check_path_cnt = path_cnt + 1;
1332 if( md_info == NULL )
1342 while( trust_ca != NULL )
1349 trust_ca = trust_ca->
next;
1367 trust_ca = trust_ca->
next;
1375 trust_ca = trust_ca->
next;
1391 if( trust_ca != NULL &&
1396 #if defined(POLARSSL_X509_CRL_PARSE_C)
1398 *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl );
1406 if( NULL != f_vrfy )
1408 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
1414 if( NULL != f_vrfy )
1416 if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
1425 static int x509_crt_verify_child(
1427 x509_crl *ca_crl,
int path_cnt,
int *flags,
1428 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
1432 int parent_flags = 0;
1441 if( md_info == NULL )
1460 #if defined(POLARSSL_X509_CRL_PARSE_C)
1462 *flags |= x509_crt_verifycrl(child, parent, ca_crl);
1465 grandparent = parent->
next;
1467 while( grandparent != NULL )
1469 if( grandparent->
version == 0 ||
1475 grandparent = grandparent->
next;
1481 if( grandparent != NULL )
1486 ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
1492 ret = x509_crt_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
1498 if( NULL != f_vrfy )
1499 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
1502 *flags |= parent_flags;
1513 const char *cn,
int *flags,
1514 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
1529 cn_len = strlen( cn );
1535 while( cur != NULL )
1537 if( cur->
buf.
len == cn_len &&
1538 x509_name_cmp( cn, cur->
buf.
p, cn_len ) == 0 )
1542 memcmp( cur->
buf.
p,
"*.", 2 ) == 0 &&
1543 x509_wildcard_verify( cn, &cur->
buf ) )
1554 while( name != NULL )
1558 if( name->
val.
len == cn_len &&
1559 x509_name_cmp( name->
val.
p, cn, cn_len ) == 0 )
1563 memcmp( name->
val.
p,
"*.", 2 ) == 0 &&
1564 x509_wildcard_verify( cn, &name->
val ) )
1582 while( parent != NULL && parent->
version != 0 )
1589 parent = parent->
next;
1595 if( parent != NULL )
1600 ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
1606 ret = x509_crt_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
1622 memset( crt, 0,
sizeof(
x509_crt) );
1645 while( name_cur != NULL )
1647 name_prv = name_cur;
1648 name_cur = name_cur->
next;
1649 memset( name_prv, 0,
sizeof(
x509_name ) );
1654 while( name_cur != NULL )
1656 name_prv = name_cur;
1657 name_cur = name_cur->
next;
1658 memset( name_prv, 0,
sizeof(
x509_name ) );
1663 while( seq_cur != NULL )
1666 seq_cur = seq_cur->
next;
1672 while( seq_cur != NULL )
1675 seq_cur = seq_cur->
next;
1680 if( cert_cur->
raw.
p != NULL )
1682 memset( cert_cur->
raw.
p, 0, cert_cur->
raw.
len );
1686 cert_cur = cert_cur->
next;
1688 while( cert_cur != NULL );
1693 cert_prv = cert_cur;
1694 cert_cur = cert_cur->
next;
1696 memset( cert_prv, 0,
sizeof(
x509_crt ) );
1697 if( cert_prv != crt )
1700 while( cert_cur != NULL );