Bug Summary

File:Externals/polarssl/library/x509parse.c
Location:line 463, column 25
Description:The left operand of '!=' is a garbage value

Annotated Source Code

1/*
2 * X.509 certificate and private key decoding
3 *
4 * Copyright (C) 2006-2011, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc3279.txt
29 * http://www.ietf.org/rfc/rfc3280.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
37#include "polarssl/config.h"
38
39#if defined(POLARSSL_X509_PARSE_C)
40
41#include "polarssl/x509.h"
42#include "polarssl/asn1.h"
43#include "polarssl/pem.h"
44#include "polarssl/des.h"
45#if defined(POLARSSL_MD2_C)
46#include "polarssl/md2.h"
47#endif
48#if defined(POLARSSL_MD4_C)
49#include "polarssl/md4.h"
50#endif
51#if defined(POLARSSL_MD5_C)
52#include "polarssl/md5.h"
53#endif
54#if defined(POLARSSL_SHA1_C)
55#include "polarssl/sha1.h"
56#endif
57#if defined(POLARSSL_SHA2_C)
58#include "polarssl/sha2.h"
59#endif
60#if defined(POLARSSL_SHA4_C)
61#include "polarssl/sha4.h"
62#endif
63#include "polarssl/dhm.h"
64#if defined(POLARSSL_PKCS5_C)
65#include "polarssl/pkcs5.h"
66#endif
67#if defined(POLARSSL_PKCS12_C)
68#include "polarssl/pkcs12.h"
69#endif
70
71#include <string.h>
72#include <stdlib.h>
73#if defined(_WIN32)
74#include <windows.h>
75#else
76#include <time.h>
77#endif
78
79#if defined(POLARSSL_FS_IO)
80#include <stdio.h>
81#if !defined(_WIN32)
82#include <sys/types.h>
83#include <sys/stat.h>
84#include <dirent.h>
85#endif
86#endif
87
88/* Compare a given OID string with an OID x509_buf * */
89#define OID_CMP(oid_str, oid_buf)( ( (sizeof(oid_str) - 1) == (oid_buf)->len ) && memcmp
( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0) \
90 ( ( OID_SIZE(oid_str)(sizeof(oid_str) - 1) == (oid_buf)->len ) && \
91 memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
92
93/*
94 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
95 */
96static int x509_get_version( unsigned char **p,
97 const unsigned char *end,
98 int *ver )
99{
100 int ret;
101 size_t len;
102
103 if( ( ret = asn1_get_tag( p, end, &len,
104 ASN1_CONTEXT_SPECIFIC0x80 | ASN1_CONSTRUCTED0x20 | 0 ) ) != 0 )
105 {
106 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
107 {
108 *ver = 0;
109 return( 0 );
110 }
111
112 return( ret );
113 }
114
115 end = *p + len;
116
117 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
118 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION-0x2200 + ret );
119
120 if( *p != end )
121 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION-0x2200 +
122 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
123
124 return( 0 );
125}
126
127/*
128 * Version ::= INTEGER { v1(0), v2(1) }
129 */
130static int x509_crl_get_version( unsigned char **p,
131 const unsigned char *end,
132 int *ver )
133{
134 int ret;
135
136 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
137 {
138 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
139 {
140 *ver = 0;
141 return( 0 );
142 }
143
144 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION-0x2200 + ret );
145 }
146
147 return( 0 );
148}
149
150/*
151 * CertificateSerialNumber ::= INTEGER
152 */
153static int x509_get_serial( unsigned char **p,
154 const unsigned char *end,
155 x509_buf *serial )
156{
157 int ret;
158
159 if( ( end - *p ) < 1 )
160 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL-0x2280 +
161 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
162
163 if( **p != ( ASN1_CONTEXT_SPECIFIC0x80 | ASN1_PRIMITIVE0x00 | 2 ) &&
164 **p != ASN1_INTEGER0x02 )
165 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL-0x2280 +
166 POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 );
167
168 serial->tag = *(*p)++;
169
170 if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
171 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL-0x2280 + ret );
172
173 serial->p = *p;
174 *p += serial->len;
175
176 return( 0 );
177}
178
179/*
180 * AlgorithmIdentifier ::= SEQUENCE {
181 * algorithm OBJECT IDENTIFIER,
182 * parameters ANY DEFINED BY algorithm OPTIONAL }
183 */
184static int x509_get_alg( unsigned char **p,
185 const unsigned char *end,
186 x509_buf *alg )
187{
188 int ret;
189 size_t len;
190
191 if( ( ret = asn1_get_tag( p, end, &len,
8
Taking true branch
192 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
193 return( POLARSSL_ERR_X509_CERT_INVALID_ALG-0x2300 + ret );
194
195 end = *p + len;
196 alg->tag = **p;
197
198 if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID0x06 ) ) != 0 )
199 return( POLARSSL_ERR_X509_CERT_INVALID_ALG-0x2300 + ret );
200
201 alg->p = *p;
202 *p += alg->len;
203
204 if( *p == end )
205 return( 0 );
206
207 /*
208 * assume the algorithm parameters must be NULL
209 */
210 if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL0x05 ) ) != 0 )
211 return( POLARSSL_ERR_X509_CERT_INVALID_ALG-0x2300 + ret );
212
213 if( *p != end )
214 return( POLARSSL_ERR_X509_CERT_INVALID_ALG-0x2300 +
215 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
216
217 return( 0 );
218}
219
220/*
221 * AttributeTypeAndValue ::= SEQUENCE {
222 * type AttributeType,
223 * value AttributeValue }
224 *
225 * AttributeType ::= OBJECT IDENTIFIER
226 *
227 * AttributeValue ::= ANY DEFINED BY AttributeType
228 */
229static int x509_get_attr_type_value( unsigned char **p,
230 const unsigned char *end,
231 x509_name *cur )
232{
233 int ret;
234 size_t len;
235 x509_buf *oid;
236 x509_buf *val;
237
238 if( ( ret = asn1_get_tag( p, end, &len,
239 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
240 return( POLARSSL_ERR_X509_CERT_INVALID_NAME-0x2380 + ret );
241
242 oid = &cur->oid;
243 oid->tag = **p;
244
245 if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID0x06 ) ) != 0 )
246 return( POLARSSL_ERR_X509_CERT_INVALID_NAME-0x2380 + ret );
247
248 oid->p = *p;
249 *p += oid->len;
250
251 if( ( end - *p ) < 1 )
252 return( POLARSSL_ERR_X509_CERT_INVALID_NAME-0x2380 +
253 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
254
255 if( **p != ASN1_BMP_STRING0x1E && **p != ASN1_UTF8_STRING0x0C &&
256 **p != ASN1_T61_STRING0x14 && **p != ASN1_PRINTABLE_STRING0x13 &&
257 **p != ASN1_IA5_STRING0x16 && **p != ASN1_UNIVERSAL_STRING0x1C )
258 return( POLARSSL_ERR_X509_CERT_INVALID_NAME-0x2380 +
259 POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 );
260
261 val = &cur->val;
262 val->tag = *(*p)++;
263
264 if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
265 return( POLARSSL_ERR_X509_CERT_INVALID_NAME-0x2380 + ret );
266
267 val->p = *p;
268 *p += val->len;
269
270 cur->next = NULL((void*)0);
271
272 return( 0 );
273}
274
275/*
276 * RelativeDistinguishedName ::=
277 * SET OF AttributeTypeAndValue
278 *
279 * AttributeTypeAndValue ::= SEQUENCE {
280 * type AttributeType,
281 * value AttributeValue }
282 *
283 * AttributeType ::= OBJECT IDENTIFIER
284 *
285 * AttributeValue ::= ANY DEFINED BY AttributeType
286 */
287static int x509_get_name( unsigned char **p,
288 const unsigned char *end,
289 x509_name *cur )
290{
291 int ret;
292 size_t len;
293 const unsigned char *end2;
294 x509_name *use;
295
296 if( ( ret = asn1_get_tag( p, end, &len,
297 ASN1_CONSTRUCTED0x20 | ASN1_SET0x11 ) ) != 0 )
298 return( POLARSSL_ERR_X509_CERT_INVALID_NAME-0x2380 + ret );
299
300 end2 = end;
301 end = *p + len;
302 use = cur;
303
304 do
305 {
306 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
307 return( ret );
308
309 if( *p != end )
310 {
311 use->next = (x509_name *) malloc(
312 sizeof( x509_name ) );
313
314 if( use->next == NULL((void*)0) )
315 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
316
317 memset( use->next, 0, sizeof( x509_name ) );
318
319 use = use->next;
320 }
321 }
322 while( *p != end );
323
324 /*
325 * recurse until end of SEQUENCE is reached
326 */
327 if( *p == end2 )
328 return( 0 );
329
330 cur->next = (x509_name *) malloc(
331 sizeof( x509_name ) );
332
333 if( cur->next == NULL((void*)0) )
334 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
335
336 memset( cur->next, 0, sizeof( x509_name ) );
337
338 return( x509_get_name( p, end2, cur->next ) );
339}
340
341/*
342 * Time ::= CHOICE {
343 * utcTime UTCTime,
344 * generalTime GeneralizedTime }
345 */
346static int x509_get_time( unsigned char **p,
347 const unsigned char *end,
348 x509_time *time )
349{
350 int ret;
351 size_t len;
352 char date[64];
353 unsigned char tag;
354
355 if( ( end - *p ) < 1 )
356 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 +
357 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
358
359 tag = **p;
360
361 if ( tag == ASN1_UTC_TIME0x17 )
362 {
363 (*p)++;
364 ret = asn1_get_len( p, end, &len );
365
366 if( ret != 0 )
367 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 + ret );
368
369 memset( date, 0, sizeof( date ) );
370 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
371 len : sizeof( date ) - 1 );
372
373 if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
374 &time->year, &time->mon, &time->day,
375 &time->hour, &time->min, &time->sec ) < 5 )
376 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 );
377
378 time->year += 100 * ( time->year < 50 );
379 time->year += 1900;
380
381 *p += len;
382
383 return( 0 );
384 }
385 else if ( tag == ASN1_GENERALIZED_TIME0x18 )
386 {
387 (*p)++;
388 ret = asn1_get_len( p, end, &len );
389
390 if( ret != 0 )
391 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 + ret );
392
393 memset( date, 0, sizeof( date ) );
394 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
395 len : sizeof( date ) - 1 );
396
397 if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
398 &time->year, &time->mon, &time->day,
399 &time->hour, &time->min, &time->sec ) < 5 )
400 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 );
401
402 *p += len;
403
404 return( 0 );
405 }
406 else
407 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 + POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 );
408}
409
410
411/*
412 * Validity ::= SEQUENCE {
413 * notBefore Time,
414 * notAfter Time }
415 */
416static int x509_get_dates( unsigned char **p,
417 const unsigned char *end,
418 x509_time *from,
419 x509_time *to )
420{
421 int ret;
422 size_t len;
423
424 if( ( ret = asn1_get_tag( p, end, &len,
425 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
426 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 + ret );
427
428 end = *p + len;
429
430 if( ( ret = x509_get_time( p, end, from ) ) != 0 )
431 return( ret );
432
433 if( ( ret = x509_get_time( p, end, to ) ) != 0 )
434 return( ret );
435
436 if( *p != end )
437 return( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 +
438 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
439
440 return( 0 );
441}
442
443/*
444 * SubjectPublicKeyInfo ::= SEQUENCE {
445 * algorithm AlgorithmIdentifier,
446 * subjectPublicKey BIT STRING }
447 */
448static int x509_get_pubkey( unsigned char **p,
449 const unsigned char *end,
450 x509_buf *pk_alg_oid,
451 mpi *N, mpi *E )
452{
453 int ret;
454 size_t len;
455 unsigned char *end2;
456
457 if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
7
Calling 'x509_get_alg'
9
Returning from 'x509_get_alg'
10
Taking false branch
458 return( ret );
459
460 /*
461 * only RSA public keys handled at this time
462 */
463 if( pk_alg_oid->len != 9 ||
11
The left operand of '!=' is a garbage value
464 memcmp( pk_alg_oid->p, OID_PKCS1_RSA"\x2A\x86\x48\x86\xF7\x0D\x01\x01" "\x01", 9 ) != 0 )
465 {
466 return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG-0x2700 );
467 }
468
469 if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING0x03 ) ) != 0 )
470 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY-0x2480 + ret );
471
472 if( ( end - *p ) < 1 )
473 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY-0x2480 +
474 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
475
476 end2 = *p + len;
477
478 if( *(*p)++ != 0 )
479 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY-0x2480 );
480
481 /*
482 * RSAPublicKey ::= SEQUENCE {
483 * modulus INTEGER, -- n
484 * publicExponent INTEGER -- e
485 * }
486 */
487 if( ( ret = asn1_get_tag( p, end2, &len,
488 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
489 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY-0x2480 + ret );
490
491 if( *p + len != end2 )
492 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY-0x2480 +
493 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
494
495 if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
496 ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
497 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY-0x2480 + ret );
498
499 if( *p != end )
500 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY-0x2480 +
501 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
502
503 return( 0 );
504}
505
506static int x509_get_sig( unsigned char **p,
507 const unsigned char *end,
508 x509_buf *sig )
509{
510 int ret;
511 size_t len;
512
513 if( ( end - *p ) < 1 )
514 return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE-0x2500 +
515 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
516
517 sig->tag = **p;
518
519 if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING0x03 ) ) != 0 )
520 return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE-0x2500 + ret );
521
522
523 if( --len < 1 || *(*p)++ != 0 )
524 return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE-0x2500 );
525
526 sig->len = len;
527 sig->p = *p;
528
529 *p += len;
530
531 return( 0 );
532}
533
534/*
535 * X.509 v2/v3 unique identifier (not parsed)
536 */
537static int x509_get_uid( unsigned char **p,
538 const unsigned char *end,
539 x509_buf *uid, int n )
540{
541 int ret;
542
543 if( *p == end )
544 return( 0 );
545
546 uid->tag = **p;
547
548 if( ( ret = asn1_get_tag( p, end, &uid->len,
549 ASN1_CONTEXT_SPECIFIC0x80 | ASN1_CONSTRUCTED0x20 | n ) ) != 0 )
550 {
551 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
552 return( 0 );
553
554 return( ret );
555 }
556
557 uid->p = *p;
558 *p += uid->len;
559
560 return( 0 );
561}
562
563/*
564 * X.509 Extensions (No parsing of extensions, pointer should
565 * be either manually updated or extensions should be parsed!
566 */
567static int x509_get_ext( unsigned char **p,
568 const unsigned char *end,
569 x509_buf *ext, int tag )
570{
571 int ret;
572 size_t len;
573
574 if( *p == end )
575 return( 0 );
576
577 ext->tag = **p;
578
579 if( ( ret = asn1_get_tag( p, end, &ext->len,
580 ASN1_CONTEXT_SPECIFIC0x80 | ASN1_CONSTRUCTED0x20 | tag ) ) != 0 )
581 return( ret );
582
583 ext->p = *p;
584 end = *p + ext->len;
585
586 /*
587 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
588 *
589 * Extension ::= SEQUENCE {
590 * extnID OBJECT IDENTIFIER,
591 * critical BOOLEAN DEFAULT FALSE,
592 * extnValue OCTET STRING }
593 */
594 if( ( ret = asn1_get_tag( p, end, &len,
595 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
596 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
597
598 if( end != *p + len )
599 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
600 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
601
602 return( 0 );
603}
604
605/*
606 * X.509 CRL v2 extensions (no extensions parsed yet.)
607 */
608static int x509_get_crl_ext( unsigned char **p,
609 const unsigned char *end,
610 x509_buf *ext )
611{
612 int ret;
613 size_t len = 0;
614
615 /* Get explicit tag */
616 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
617 {
618 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
619 return( 0 );
620
621 return( ret );
622 }
623
624 while( *p < end )
625 {
626 if( ( ret = asn1_get_tag( p, end, &len,
627 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
628 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
629
630 *p += len;
631 }
632
633 if( *p != end )
634 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
635 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
636
637 return( 0 );
638}
639
640/*
641 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
642 */
643static int x509_get_crl_entry_ext( unsigned char **p,
644 const unsigned char *end,
645 x509_buf *ext )
646{
647 int ret;
648 size_t len = 0;
649
650 /* OPTIONAL */
651 if (end <= *p)
652 return( 0 );
653
654 ext->tag = **p;
655 ext->p = *p;
656
657 /*
658 * Get CRL-entry extension sequence header
659 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
660 */
661 if( ( ret = asn1_get_tag( p, end, &ext->len,
662 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
663 {
664 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
665 {
666 ext->p = NULL((void*)0);
667 return( 0 );
668 }
669 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
670 }
671
672 end = *p + ext->len;
673
674 if( end != *p + ext->len )
675 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
676 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
677
678 while( *p < end )
679 {
680 if( ( ret = asn1_get_tag( p, end, &len,
681 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
682 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
683
684 *p += len;
685 }
686
687 if( *p != end )
688 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
689 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
690
691 return( 0 );
692}
693
694static int x509_get_basic_constraints( unsigned char **p,
695 const unsigned char *end,
696 int *ca_istrue,
697 int *max_pathlen )
698{
699 int ret;
700 size_t len;
701
702 /*
703 * BasicConstraints ::= SEQUENCE {
704 * cA BOOLEAN DEFAULT FALSE,
705 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
706 */
707 *ca_istrue = 0; /* DEFAULT FALSE */
708 *max_pathlen = 0; /* endless */
709
710 if( ( ret = asn1_get_tag( p, end, &len,
711 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
712 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
713
714 if( *p == end )
715 return 0;
716
717 if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
718 {
719 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
720 ret = asn1_get_int( p, end, ca_istrue );
721
722 if( ret != 0 )
723 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
724
725 if( *ca_istrue != 0 )
726 *ca_istrue = 1;
727 }
728
729 if( *p == end )
730 return 0;
731
732 if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
733 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
734
735 if( *p != end )
736 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
737 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
738
739 (*max_pathlen)++;
740
741 return 0;
742}
743
744static int x509_get_ns_cert_type( unsigned char **p,
745 const unsigned char *end,
746 unsigned char *ns_cert_type)
747{
748 int ret;
749 x509_bitstring bs = { 0, 0, NULL((void*)0) };
750
751 if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
752 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
753
754 if( bs.len != 1 )
755 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
756 POLARSSL_ERR_ASN1_INVALID_LENGTH-0x0064 );
757
758 /* Get actual bitstring */
759 *ns_cert_type = *bs.p;
760 return 0;
761}
762
763static int x509_get_key_usage( unsigned char **p,
764 const unsigned char *end,
765 unsigned char *key_usage)
766{
767 int ret;
768 x509_bitstring bs = { 0, 0, NULL((void*)0) };
769
770 if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
771 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
772
773 if( bs.len < 1 )
774 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
775 POLARSSL_ERR_ASN1_INVALID_LENGTH-0x0064 );
776
777 /* Get actual bitstring */
778 *key_usage = *bs.p;
779 return 0;
780}
781
782/*
783 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
784 *
785 * KeyPurposeId ::= OBJECT IDENTIFIER
786 */
787static int x509_get_ext_key_usage( unsigned char **p,
788 const unsigned char *end,
789 x509_sequence *ext_key_usage)
790{
791 int ret;
792
793 if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID0x06 ) ) != 0 )
794 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
795
796 /* Sequence length must be >= 1 */
797 if( ext_key_usage->buf.p == NULL((void*)0) )
798 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
799 POLARSSL_ERR_ASN1_INVALID_LENGTH-0x0064 );
800
801 return 0;
802}
803
804/*
805 * SubjectAltName ::= GeneralNames
806 *
807 * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
808 *
809 * GeneralName ::= CHOICE {
810 * otherName [0] OtherName,
811 * rfc822Name [1] IA5String,
812 * dNSName [2] IA5String,
813 * x400Address [3] ORAddress,
814 * directoryName [4] Name,
815 * ediPartyName [5] EDIPartyName,
816 * uniformResourceIdentifier [6] IA5String,
817 * iPAddress [7] OCTET STRING,
818 * registeredID [8] OBJECT IDENTIFIER }
819 *
820 * OtherName ::= SEQUENCE {
821 * type-id OBJECT IDENTIFIER,
822 * value [0] EXPLICIT ANY DEFINED BY type-id }
823 *
824 * EDIPartyName ::= SEQUENCE {
825 * nameAssigner [0] DirectoryString OPTIONAL,
826 * partyName [1] DirectoryString }
827 *
828 * NOTE: PolarSSL only parses and uses dNSName at this point.
829 */
830static int x509_get_subject_alt_name( unsigned char **p,
831 const unsigned char *end,
832 x509_sequence *subject_alt_name )
833{
834 int ret;
835 size_t len, tag_len;
836 asn1_buf *buf;
837 unsigned char tag;
838 asn1_sequence *cur = subject_alt_name;
839
840 /* Get main sequence tag */
841 if( ( ret = asn1_get_tag( p, end, &len,
842 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
843 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
844
845 if( *p + len != end )
846 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
847 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
848
849 while( *p < end )
850 {
851 if( ( end - *p ) < 1 )
852 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
853 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
854
855 tag = **p;
856 (*p)++;
857 if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
858 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
859
860 if( ( tag & ASN1_CONTEXT_SPECIFIC0x80 ) != ASN1_CONTEXT_SPECIFIC0x80 )
861 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
862 POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 );
863
864 if( tag != ( ASN1_CONTEXT_SPECIFIC0x80 | 2 ) )
865 {
866 *p += tag_len;
867 continue;
868 }
869
870 buf = &(cur->buf);
871 buf->tag = tag;
872 buf->p = *p;
873 buf->len = tag_len;
874 *p += buf->len;
875
876 /* Allocate and assign next pointer */
877 if (*p < end)
878 {
879 cur->next = (asn1_sequence *) malloc(
880 sizeof( asn1_sequence ) );
881
882 if( cur->next == NULL((void*)0) )
883 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
884 POLARSSL_ERR_ASN1_MALLOC_FAILED-0x006A );
885
886 memset( cur->next, 0, sizeof( asn1_sequence ) );
887 cur = cur->next;
888 }
889 }
890
891 /* Set final sequence entry's next pointer to NULL */
892 cur->next = NULL((void*)0);
893
894 if( *p != end )
895 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
896 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
897
898 return( 0 );
899}
900
901/*
902 * X.509 v3 extensions
903 *
904 * TODO: Perform all of the basic constraints tests required by the RFC
905 * TODO: Set values for undetected extensions to a sane default?
906 *
907 */
908static int x509_get_crt_ext( unsigned char **p,
909 const unsigned char *end,
910 x509_cert *crt )
911{
912 int ret;
913 size_t len;
914 unsigned char *end_ext_data, *end_ext_octet;
915
916 if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
917 {
918 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
919 return( 0 );
920
921 return( ret );
922 }
923
924 while( *p < end )
925 {
926 /*
927 * Extension ::= SEQUENCE {
928 * extnID OBJECT IDENTIFIER,
929 * critical BOOLEAN DEFAULT FALSE,
930 * extnValue OCTET STRING }
931 */
932 x509_buf extn_oid = {0, 0, NULL((void*)0)};
933 int is_critical = 0; /* DEFAULT FALSE */
934
935 if( ( ret = asn1_get_tag( p, end, &len,
936 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
937 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
938
939 end_ext_data = *p + len;
940
941 /* Get extension ID */
942 extn_oid.tag = **p;
943
944 if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID0x06 ) ) != 0 )
945 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
946
947 extn_oid.p = *p;
948 *p += extn_oid.len;
949
950 if( ( end - *p ) < 1 )
951 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
952 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
953
954 /* Get optional critical */
955 if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
956 ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 ) )
957 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
958
959 /* Data should be octet string type */
960 if( ( ret = asn1_get_tag( p, end_ext_data, &len,
961 ASN1_OCTET_STRING0x04 ) ) != 0 )
962 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 + ret );
963
964 end_ext_octet = *p + len;
965
966 if( end_ext_octet != end_ext_data )
967 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
968 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
969
970 /*
971 * Detect supported extensions
972 */
973 if( ( OID_SIZE( OID_BASIC_CONSTRAINTS )(sizeof("\x55\x1D" "\x13") - 1) == extn_oid.len ) &&
974 memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS"\x55\x1D" "\x13", extn_oid.len ) == 0 )
975 {
976 /* Parse basic constraints */
977 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
978 &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
979 return ( ret );
980 crt->ext_types |= EXT_BASIC_CONSTRAINTS(1 << 8);
981 }
982 else if( ( OID_SIZE( OID_NS_CERT_TYPE )(sizeof("\x60\x86\x48\x01\x86\xF8\x42" "\x01" "\x01") - 1) == extn_oid.len ) &&
983 memcmp( extn_oid.p, OID_NS_CERT_TYPE"\x60\x86\x48\x01\x86\xF8\x42" "\x01" "\x01", extn_oid.len ) == 0 )
984 {
985 /* Parse netscape certificate type */
986 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
987 &crt->ns_cert_type ) ) != 0 )
988 return ( ret );
989 crt->ext_types |= EXT_NS_CERT_TYPE(1 << 16);
990 }
991 else if( ( OID_SIZE( OID_KEY_USAGE )(sizeof("\x55\x1D" "\x0F") - 1) == extn_oid.len ) &&
992 memcmp( extn_oid.p, OID_KEY_USAGE"\x55\x1D" "\x0F", extn_oid.len ) == 0 )
993 {
994 /* Parse key usage */
995 if( ( ret = x509_get_key_usage( p, end_ext_octet,
996 &crt->key_usage ) ) != 0 )
997 return ( ret );
998 crt->ext_types |= EXT_KEY_USAGE(1 << 2);
999 }
1000 else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE )(sizeof("\x55\x1D" "\x25") - 1) == extn_oid.len ) &&
1001 memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE"\x55\x1D" "\x25", extn_oid.len ) == 0 )
1002 {
1003 /* Parse extended key usage */
1004 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
1005 &crt->ext_key_usage ) ) != 0 )
1006 return ( ret );
1007 crt->ext_types |= EXT_EXTENDED_KEY_USAGE(1 << 11);
1008 }
1009 else if( ( OID_SIZE( OID_SUBJECT_ALT_NAME )(sizeof("\x55\x1D" "\x11") - 1) == extn_oid.len ) &&
1010 memcmp( extn_oid.p, OID_SUBJECT_ALT_NAME"\x55\x1D" "\x11", extn_oid.len ) == 0 )
1011 {
1012 /* Parse extended key usage */
1013 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1014 &crt->subject_alt_names ) ) != 0 )
1015 return ( ret );
1016 crt->ext_types |= EXT_SUBJECT_ALT_NAME(1 << 5);
1017 }
1018 else
1019 {
1020 /* No parser found, skip extension */
1021 *p = end_ext_octet;
1022
1023#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1024 if( is_critical )
1025 {
1026 /* Data is marked as critical: fail */
1027 return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
1028 POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 );
1029 }
1030#endif
1031 }
1032 }
1033
1034 if( *p != end )
1035 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS-0x2580 +
1036 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
1037
1038 return( 0 );
1039}
1040
1041/*
1042 * X.509 CRL Entries
1043 */
1044static int x509_get_entries( unsigned char **p,
1045 const unsigned char *end,
1046 x509_crl_entry *entry )
1047{
1048 int ret;
1049 size_t entry_len;
1050 x509_crl_entry *cur_entry = entry;
1051
1052 if( *p == end )
1053 return( 0 );
1054
1055 if( ( ret = asn1_get_tag( p, end, &entry_len,
1056 ASN1_SEQUENCE0x10 | ASN1_CONSTRUCTED0x20 ) ) != 0 )
1057 {
1058 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 )
1059 return( 0 );
1060
1061 return( ret );
1062 }
1063
1064 end = *p + entry_len;
1065
1066 while( *p < end )
1067 {
1068 size_t len2;
1069 const unsigned char *end2;
1070
1071 if( ( ret = asn1_get_tag( p, end, &len2,
1072 ASN1_SEQUENCE0x10 | ASN1_CONSTRUCTED0x20 ) ) != 0 )
1073 {
1074 return( ret );
1075 }
1076
1077 cur_entry->raw.tag = **p;
1078 cur_entry->raw.p = *p;
1079 cur_entry->raw.len = len2;
1080 end2 = *p + len2;
1081
1082 if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
1083 return( ret );
1084
1085 if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
1086 return( ret );
1087
1088 if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
1089 return( ret );
1090
1091 if ( *p < end )
1092 {
1093 cur_entry->next = malloc( sizeof( x509_crl_entry ) );
1094
1095 if( cur_entry->next == NULL((void*)0) )
1096 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1097
1098 cur_entry = cur_entry->next;
1099 memset( cur_entry, 0, sizeof( x509_crl_entry ) );
1100 }
1101 }
1102
1103 return( 0 );
1104}
1105
1106static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
1107{
1108 if( sig_oid->len == 9 &&
1109 memcmp( sig_oid->p, OID_PKCS1"\x2A\x86\x48\x86\xF7\x0D\x01\x01", 8 ) == 0 )
1110 {
1111 if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
1112 {
1113 *sig_alg = sig_oid->p[8];
1114 return( 0 );
1115 }
1116
1117 if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
1118 {
1119 *sig_alg = sig_oid->p[8];
1120 return( 0 );
1121 }
1122
1123 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG-0x2680 );
1124 }
1125 if( sig_oid->len == 5 &&
1126 memcmp( sig_oid->p, OID_RSA_SHA_OBS"\x2B\x0E\x03\x02\x1D", 5 ) == 0 )
1127 {
1128 *sig_alg = SIG_RSA_SHA15;
1129 return( 0 );
1130 }
1131
1132 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG-0x2680 );
1133}
1134
1135/*
1136 * Parse and fill a single X.509 certificate in DER format
1137 */
1138int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
1139 size_t buflen )
1140{
1141 int ret;
1142 size_t len;
1143 unsigned char *p, *end, *crt_end;
1144
1145 /*
1146 * Check for valid input
1147 */
1148 if( crt == NULL((void*)0) || buf == NULL((void*)0) )
1149 return( POLARSSL_ERR_X509_INVALID_INPUT-0x2A00 );
1150
1151 p = (unsigned char *) malloc( len = buflen );
1152
1153 if( p == NULL((void*)0) )
1154 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1155
1156 memcpy( p, buf, buflen );
1157
1158 buflen = 0;
1159
1160 crt->raw.p = p;
1161 crt->raw.len = len;
1162 end = p + len;
1163
1164 /*
1165 * Certificate ::= SEQUENCE {
1166 * tbsCertificate TBSCertificate,
1167 * signatureAlgorithm AlgorithmIdentifier,
1168 * signatureValue BIT STRING }
1169 */
1170 if( ( ret = asn1_get_tag( &p, end, &len,
1171 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1172 {
1173 x509_free( crt );
1174 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 );
1175 }
1176
1177 if( len > (size_t) ( end - p ) )
1178 {
1179 x509_free( crt );
1180 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 +
1181 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
1182 }
1183 crt_end = p + len;
1184
1185 /*
1186 * TBSCertificate ::= SEQUENCE {
1187 */
1188 crt->tbs.p = p;
1189
1190 if( ( ret = asn1_get_tag( &p, end, &len,
1191 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1192 {
1193 x509_free( crt );
1194 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 + ret );
1195 }
1196
1197 end = p + len;
1198 crt->tbs.len = end - crt->tbs.p;
1199
1200 /*
1201 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1202 *
1203 * CertificateSerialNumber ::= INTEGER
1204 *
1205 * signature AlgorithmIdentifier
1206 */
1207 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
1208 ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
1209 ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
1210 {
1211 x509_free( crt );
1212 return( ret );
1213 }
1214
1215 crt->version++;
1216
1217 if( crt->version > 3 )
1218 {
1219 x509_free( crt );
1220 return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION-0x2600 );
1221 }
1222
1223 if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
1224 {
1225 x509_free( crt );
1226 return( ret );
1227 }
1228
1229 /*
1230 * issuer Name
1231 */
1232 crt->issuer_raw.p = p;
1233
1234 if( ( ret = asn1_get_tag( &p, end, &len,
1235 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1236 {
1237 x509_free( crt );
1238 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 + ret );
1239 }
1240
1241 if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
1242 {
1243 x509_free( crt );
1244 return( ret );
1245 }
1246
1247 crt->issuer_raw.len = p - crt->issuer_raw.p;
1248
1249 /*
1250 * Validity ::= SEQUENCE {
1251 * notBefore Time,
1252 * notAfter Time }
1253 *
1254 */
1255 if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
1256 &crt->valid_to ) ) != 0 )
1257 {
1258 x509_free( crt );
1259 return( ret );
1260 }
1261
1262 /*
1263 * subject Name
1264 */
1265 crt->subject_raw.p = p;
1266
1267 if( ( ret = asn1_get_tag( &p, end, &len,
1268 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1269 {
1270 x509_free( crt );
1271 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 + ret );
1272 }
1273
1274 if( len && ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
1275 {
1276 x509_free( crt );
1277 return( ret );
1278 }
1279
1280 crt->subject_raw.len = p - crt->subject_raw.p;
1281
1282 /*
1283 * SubjectPublicKeyInfo ::= SEQUENCE
1284 * algorithm AlgorithmIdentifier,
1285 * subjectPublicKey BIT STRING }
1286 */
1287 if( ( ret = asn1_get_tag( &p, end, &len,
1288 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1289 {
1290 x509_free( crt );
1291 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 + ret );
1292 }
1293
1294 if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
1295 &crt->rsa.N, &crt->rsa.E ) ) != 0 )
1296 {
1297 x509_free( crt );
1298 return( ret );
1299 }
1300
1301 if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
1302 {
1303 x509_free( crt );
1304 return( ret );
1305 }
1306
1307 crt->rsa.len = mpi_size( &crt->rsa.N );
1308
1309 /*
1310 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1311 * -- If present, version shall be v2 or v3
1312 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1313 * -- If present, version shall be v2 or v3
1314 * extensions [3] EXPLICIT Extensions OPTIONAL
1315 * -- If present, version shall be v3
1316 */
1317 if( crt->version == 2 || crt->version == 3 )
1318 {
1319 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1320 if( ret != 0 )
1321 {
1322 x509_free( crt );
1323 return( ret );
1324 }
1325 }
1326
1327 if( crt->version == 2 || crt->version == 3 )
1328 {
1329 ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1330 if( ret != 0 )
1331 {
1332 x509_free( crt );
1333 return( ret );
1334 }
1335 }
1336
1337 if( crt->version == 3 )
1338 {
1339 ret = x509_get_crt_ext( &p, end, crt);
1340 if( ret != 0 )
1341 {
1342 x509_free( crt );
1343 return( ret );
1344 }
1345 }
1346
1347 if( p != end )
1348 {
1349 x509_free( crt );
1350 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 +
1351 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
1352 }
1353
1354 end = crt_end;
1355
1356 /*
1357 * signatureAlgorithm AlgorithmIdentifier,
1358 * signatureValue BIT STRING
1359 */
1360 if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
1361 {
1362 x509_free( crt );
1363 return( ret );
1364 }
1365
1366 if( crt->sig_oid1.len != crt->sig_oid2.len ||
1367 memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
1368 {
1369 x509_free( crt );
1370 return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH-0x2780 );
1371 }
1372
1373 if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1374 {
1375 x509_free( crt );
1376 return( ret );
1377 }
1378
1379 if( p != end )
1380 {
1381 x509_free( crt );
1382 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 +
1383 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
1384 }
1385
1386 return( 0 );
1387}
1388
1389/*
1390 * Parse one X.509 certificate in DER format from a buffer and add them to a
1391 * chained list
1392 */
1393int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen )
1394{
1395 int ret;
1396 x509_cert *crt = chain, *prev = NULL((void*)0);
1397
1398 /*
1399 * Check for valid input
1400 */
1401 if( crt == NULL((void*)0) || buf == NULL((void*)0) )
1402 return( POLARSSL_ERR_X509_INVALID_INPUT-0x2A00 );
1403
1404 while( crt->version != 0 && crt->next != NULL((void*)0) )
1405 {
1406 prev = crt;
1407 crt = crt->next;
1408 }
1409
1410 /*
1411 * Add new certificate on the end of the chain if needed.
1412 */
1413 if ( crt->version != 0 && crt->next == NULL((void*)0))
1414 {
1415 crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1416
1417 if( crt->next == NULL((void*)0) )
1418 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1419
1420 prev = crt;
1421 crt = crt->next;
1422 memset( crt, 0, sizeof( x509_cert ) );
1423 }
1424
1425 if( ( ret = x509parse_crt_der_core( crt, buf, buflen ) ) != 0 )
1426 {
1427 if( prev )
1428 prev->next = NULL((void*)0);
1429
1430 if( crt != chain )
1431 free( crt );
1432
1433 return( ret );
1434 }
1435
1436 return( 0 );
1437}
1438
1439/*
1440 * Parse one or more PEM certificates from a buffer and add them to the chained list
1441 */
1442int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
1443{
1444 int ret, success = 0, first_error = 0, total_failed = 0;
1445 int buf_format = X509_FORMAT_DER1;
1446
1447 /*
1448 * Check for valid input
1449 */
1450 if( chain == NULL((void*)0) || buf == NULL((void*)0) )
1451 return( POLARSSL_ERR_X509_INVALID_INPUT-0x2A00 );
1452
1453 /*
1454 * Determine buffer content. Buffer contains either one DER certificate or
1455 * one or more PEM certificates.
1456 */
1457#if defined(POLARSSL_PEM_C)
1458 if( strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL((void*)0) )
1459 buf_format = X509_FORMAT_PEM2;
1460#endif
1461
1462 if( buf_format == X509_FORMAT_DER1 )
1463 return x509parse_crt_der( chain, buf, buflen );
1464
1465#if defined(POLARSSL_PEM_C)
1466 if( buf_format == X509_FORMAT_PEM2 )
1467 {
1468 pem_context pem;
1469
1470 while( buflen > 0 )
1471 {
1472 size_t use_len;
1473 pem_init( &pem );
1474
1475 ret = pem_read_buffer( &pem,
1476 "-----BEGIN CERTIFICATE-----",
1477 "-----END CERTIFICATE-----",
1478 buf, NULL((void*)0), 0, &use_len );
1479
1480 if( ret == 0 )
1481 {
1482 /*
1483 * Was PEM encoded
1484 */
1485 buflen -= use_len;
1486 buf += use_len;
1487 }
1488 else if( ret == POLARSSL_ERR_PEM_BAD_INPUT_DATA-0x1480 )
1489 {
1490 return( ret );
1491 }
1492 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT-0x1080 )
1493 {
1494 pem_free( &pem );
1495
1496 /*
1497 * PEM header and footer were found
1498 */
1499 buflen -= use_len;
1500 buf += use_len;
1501
1502 if( first_error == 0 )
1503 first_error = ret;
1504
1505 continue;
1506 }
1507 else
1508 break;
1509
1510 ret = x509parse_crt_der( chain, pem.buf, pem.buflen );
1511
1512 pem_free( &pem );
1513
1514 if( ret != 0 )
1515 {
1516 /*
1517 * Quit parsing on a memory error
1518 */
1519 if( ret == POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 )
1520 return( ret );
1521
1522 if( first_error == 0 )
1523 first_error = ret;
1524
1525 total_failed++;
1526 continue;
1527 }
1528
1529 success = 1;
1530 }
1531 }
1532#endif
1533
1534 if( success )
1535 return( total_failed );
1536 else if( first_error )
1537 return( first_error );
1538 else
1539 return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT-0x2980 );
1540}
1541
1542/*
1543 * Parse one or more CRLs and add them to the chained list
1544 */
1545int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
1546{
1547 int ret;
1548 size_t len;
1549 unsigned char *p, *end;
1550 x509_crl *crl;
1551#if defined(POLARSSL_PEM_C)
1552 size_t use_len;
1553 pem_context pem;
1554#endif
1555
1556 crl = chain;
1557
1558 /*
1559 * Check for valid input
1560 */
1561 if( crl == NULL((void*)0) || buf == NULL((void*)0) )
1562 return( POLARSSL_ERR_X509_INVALID_INPUT-0x2A00 );
1563
1564 while( crl->version != 0 && crl->next != NULL((void*)0) )
1565 crl = crl->next;
1566
1567 /*
1568 * Add new CRL on the end of the chain if needed.
1569 */
1570 if ( crl->version != 0 && crl->next == NULL((void*)0))
1571 {
1572 crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1573
1574 if( crl->next == NULL((void*)0) )
1575 {
1576 x509_crl_free( crl );
1577 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1578 }
1579
1580 crl = crl->next;
1581 memset( crl, 0, sizeof( x509_crl ) );
1582 }
1583
1584#if defined(POLARSSL_PEM_C)
1585 pem_init( &pem );
1586 ret = pem_read_buffer( &pem,
1587 "-----BEGIN X509 CRL-----",
1588 "-----END X509 CRL-----",
1589 buf, NULL((void*)0), 0, &use_len );
1590
1591 if( ret == 0 )
1592 {
1593 /*
1594 * Was PEM encoded
1595 */
1596 buflen -= use_len;
1597 buf += use_len;
1598
1599 /*
1600 * Steal PEM buffer
1601 */
1602 p = pem.buf;
1603 pem.buf = NULL((void*)0);
1604 len = pem.buflen;
1605 pem_free( &pem );
1606 }
1607 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT-0x1080 )
1608 {
1609 pem_free( &pem );
1610 return( ret );
1611 }
1612 else
1613 {
1614 /*
1615 * nope, copy the raw DER data
1616 */
1617 p = (unsigned char *) malloc( len = buflen );
1618
1619 if( p == NULL((void*)0) )
1620 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1621
1622 memcpy( p, buf, buflen );
1623
1624 buflen = 0;
1625 }
1626#else
1627 p = (unsigned char *) malloc( len = buflen );
1628
1629 if( p == NULL((void*)0) )
1630 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1631
1632 memcpy( p, buf, buflen );
1633
1634 buflen = 0;
1635#endif
1636
1637 crl->raw.p = p;
1638 crl->raw.len = len;
1639 end = p + len;
1640
1641 /*
1642 * CertificateList ::= SEQUENCE {
1643 * tbsCertList TBSCertList,
1644 * signatureAlgorithm AlgorithmIdentifier,
1645 * signatureValue BIT STRING }
1646 */
1647 if( ( ret = asn1_get_tag( &p, end, &len,
1648 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1649 {
1650 x509_crl_free( crl );
1651 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 );
1652 }
1653
1654 if( len != (size_t) ( end - p ) )
1655 {
1656 x509_crl_free( crl );
1657 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 +
1658 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
1659 }
1660
1661 /*
1662 * TBSCertList ::= SEQUENCE {
1663 */
1664 crl->tbs.p = p;
1665
1666 if( ( ret = asn1_get_tag( &p, end, &len,
1667 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1668 {
1669 x509_crl_free( crl );
1670 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 + ret );
1671 }
1672
1673 end = p + len;
1674 crl->tbs.len = end - crl->tbs.p;
1675
1676 /*
1677 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
1678 * -- if present, MUST be v2
1679 *
1680 * signature AlgorithmIdentifier
1681 */
1682 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
1683 ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
1684 {
1685 x509_crl_free( crl );
1686 return( ret );
1687 }
1688
1689 crl->version++;
1690
1691 if( crl->version > 2 )
1692 {
1693 x509_crl_free( crl );
1694 return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION-0x2600 );
1695 }
1696
1697 if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
1698 {
1699 x509_crl_free( crl );
1700 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG-0x2680 );
1701 }
1702
1703 /*
1704 * issuer Name
1705 */
1706 crl->issuer_raw.p = p;
1707
1708 if( ( ret = asn1_get_tag( &p, end, &len,
1709 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
1710 {
1711 x509_crl_free( crl );
1712 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 + ret );
1713 }
1714
1715 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
1716 {
1717 x509_crl_free( crl );
1718 return( ret );
1719 }
1720
1721 crl->issuer_raw.len = p - crl->issuer_raw.p;
1722
1723 /*
1724 * thisUpdate Time
1725 * nextUpdate Time OPTIONAL
1726 */
1727 if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
1728 {
1729 x509_crl_free( crl );
1730 return( ret );
1731 }
1732
1733 if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
1734 {
1735 if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 +
1736 POLARSSL_ERR_ASN1_UNEXPECTED_TAG-0x0062 ) &&
1737 ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE-0x2400 +
1738 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 ) )
1739 {
1740 x509_crl_free( crl );
1741 return( ret );
1742 }
1743 }
1744
1745 /*
1746 * revokedCertificates SEQUENCE OF SEQUENCE {
1747 * userCertificate CertificateSerialNumber,
1748 * revocationDate Time,
1749 * crlEntryExtensions Extensions OPTIONAL
1750 * -- if present, MUST be v2
1751 * } OPTIONAL
1752 */
1753 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
1754 {
1755 x509_crl_free( crl );
1756 return( ret );
1757 }
1758
1759 /*
1760 * crlExtensions EXPLICIT Extensions OPTIONAL
1761 * -- if present, MUST be v2
1762 */
1763 if( crl->version == 2 )
1764 {
1765 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
1766
1767 if( ret != 0 )
1768 {
1769 x509_crl_free( crl );
1770 return( ret );
1771 }
1772 }
1773
1774 if( p != end )
1775 {
1776 x509_crl_free( crl );
1777 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 +
1778 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
1779 }
1780
1781 end = crl->raw.p + crl->raw.len;
1782
1783 /*
1784 * signatureAlgorithm AlgorithmIdentifier,
1785 * signatureValue BIT STRING
1786 */
1787 if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
1788 {
1789 x509_crl_free( crl );
1790 return( ret );
1791 }
1792
1793 if( crl->sig_oid1.len != crl->sig_oid2.len ||
1794 memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
1795 {
1796 x509_crl_free( crl );
1797 return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH-0x2780 );
1798 }
1799
1800 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
1801 {
1802 x509_crl_free( crl );
1803 return( ret );
1804 }
1805
1806 if( p != end )
1807 {
1808 x509_crl_free( crl );
1809 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 +
1810 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
1811 }
1812
1813 if( buflen > 0 )
1814 {
1815 crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1816
1817 if( crl->next == NULL((void*)0) )
1818 {
1819 x509_crl_free( crl );
1820 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1821 }
1822
1823 crl = crl->next;
1824 memset( crl, 0, sizeof( x509_crl ) );
1825
1826 return( x509parse_crl( crl, buf, buflen ) );
1827 }
1828
1829 return( 0 );
1830}
1831
1832#if defined(POLARSSL_FS_IO)
1833/*
1834 * Load all data from a file into a given buffer.
1835 */
1836int load_file( const char *path, unsigned char **buf, size_t *n )
1837{
1838 FILE *f;
1839
1840 if( ( f = fopen( path, "rb" ) ) == NULL((void*)0) )
1841 return( POLARSSL_ERR_X509_FILE_IO_ERROR-0x2B00 );
1842
1843 fseek( f, 0, SEEK_END2 );
1844 *n = (size_t) ftell( f );
1845 fseek( f, 0, SEEK_SET0 );
1846
1847 if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL((void*)0) )
1848 return( POLARSSL_ERR_X509_MALLOC_FAILED-0x2A80 );
1849
1850 if( fread( *buf, 1, *n, f ) != *n )
1851 {
1852 fclose( f );
1853 free( *buf );
1854 return( POLARSSL_ERR_X509_FILE_IO_ERROR-0x2B00 );
1855 }
1856
1857 fclose( f );
1858
1859 (*buf)[*n] = '\0';
1860
1861 return( 0 );
1862}
1863
1864/*
1865 * Load one or more certificates and add them to the chained list
1866 */
1867int x509parse_crtfile( x509_cert *chain, const char *path )
1868{
1869 int ret;
1870 size_t n;
1871 unsigned char *buf;
1872
1873 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1874 return( ret );
1875
1876 ret = x509parse_crt( chain, buf, n );
1877
1878 memset( buf, 0, n + 1 );
1879 free( buf );
1880
1881 return( ret );
1882}
1883
1884int x509parse_crtpath( x509_cert *chain, const char *path )
1885{
1886 int ret = 0;
1887#if defined(_WIN32)
1888 int w_ret;
1889 WCHAR szDir[MAX_PATH];
1890 char filename[MAX_PATH];
1891 char *p;
1892 int len = strlen( path );
1893
1894 WIN32_FIND_DATAW file_data;
1895 HANDLE hFind;
1896
1897 if( len > MAX_PATH - 3 )
1898 return( POLARSSL_ERR_X509_INVALID_INPUT-0x2A00 );
1899
1900 memset( szDir, 0, sizeof(szDir) );
1901 memset( filename, 0, MAX_PATH );
1902 memcpy( filename, path, len );
1903 filename[len++] = '\\';
1904 p = filename + len;
1905 filename[len++] = '*';
1906
1907 w_ret = MultiByteToWideChar( CP_ACP, 0, path, len, szDir, MAX_PATH - 3 );
1908
1909 hFind = FindFirstFileW( szDir, &file_data );
1910 if (hFind == INVALID_HANDLE_VALUE)
1911 return( POLARSSL_ERR_X509_FILE_IO_ERROR-0x2B00 );
1912
1913 len = MAX_PATH - len;
1914 do
1915 {
1916 memset( p, 0, len );
1917
1918 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1919 continue;
1920
1921 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1922 lstrlenW(file_data.cFileName),
1923 p, len - 1,
1924 NULL((void*)0), NULL((void*)0) );
1925
1926 w_ret = x509parse_crtfile( chain, filename );
1927 if( w_ret < 0 )
1928 ret++;
1929 else
1930 ret += w_ret;
1931 }
1932 while( FindNextFileW( hFind, &file_data ) != 0 );
1933
1934 if (GetLastError() != ERROR_NO_MORE_FILES)
1935 ret = POLARSSL_ERR_X509_FILE_IO_ERROR-0x2B00;
1936
1937cleanup:
1938 FindClose( hFind );
1939#else
1940 int t_ret, i;
1941 struct stat sb;
1942 struct dirent entry, *result = NULL((void*)0);
1943 char entry_name[255];
1944 DIR *dir = opendir( path );
1945
1946 if( dir == NULL((void*)0))
1947 return( POLARSSL_ERR_X509_FILE_IO_ERROR-0x2B00 );
1948
1949 while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
1950 {
1951 if( result == NULL((void*)0) )
1952 break;
1953
1954 snprintf( entry_name, sizeof(entry_name), "%s/%s", path, entry.d_name );
1955
1956 i = stat( entry_name, &sb );
1957
1958 if( i == -1 )
1959 return( POLARSSL_ERR_X509_FILE_IO_ERROR-0x2B00 );
1960
1961 if( !S_ISREG( sb.st_mode )((((sb.st_mode)) & 0170000) == (0100000)) )
1962 continue;
1963
1964 // Ignore parse errors
1965 //
1966 t_ret = x509parse_crtfile( chain, entry_name );
1967 if( t_ret < 0 )
1968 ret++;
1969 else
1970 ret += t_ret;
1971 }
1972 closedir( dir );
1973#endif
1974
1975 return( ret );
1976}
1977
1978/*
1979 * Load one or more CRLs and add them to the chained list
1980 */
1981int x509parse_crlfile( x509_crl *chain, const char *path )
1982{
1983 int ret;
1984 size_t n;
1985 unsigned char *buf;
1986
1987 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1988 return( ret );
1989
1990 ret = x509parse_crl( chain, buf, n );
1991
1992 memset( buf, 0, n + 1 );
1993 free( buf );
1994
1995 return( ret );
1996}
1997
1998/*
1999 * Load and parse a private RSA key
2000 */
2001int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
2002{
2003 int ret;
2004 size_t n;
2005 unsigned char *buf;
2006
2007 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2008 return( ret );
2009
2010 if( pwd == NULL((void*)0) )
2011 ret = x509parse_key( rsa, buf, n, NULL((void*)0), 0 );
2012 else
2013 ret = x509parse_key( rsa, buf, n,
2014 (unsigned char *) pwd, strlen( pwd ) );
2015
2016 memset( buf, 0, n + 1 );
2017 free( buf );
2018
2019 return( ret );
2020}
2021
2022/*
2023 * Load and parse a public RSA key
2024 */
2025int x509parse_public_keyfile( rsa_context *rsa, const char *path )
2026{
2027 int ret;
2028 size_t n;
2029 unsigned char *buf;
2030
2031 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2032 return( ret );
2033
2034 ret = x509parse_public_key( rsa, buf, n );
2035
2036 memset( buf, 0, n + 1 );
2037 free( buf );
2038
2039 return( ret );
2040}
2041#endif /* POLARSSL_FS_IO */
2042
2043/*
2044 * Parse a PKCS#1 encoded private RSA key
2045 */
2046static int x509parse_key_pkcs1_der( rsa_context *rsa,
2047 const unsigned char *key,
2048 size_t keylen )
2049{
2050 int ret;
2051 size_t len;
2052 unsigned char *p, *end;
2053
2054 p = (unsigned char *) key;
2055 end = p + keylen;
2056
2057 /*
2058 * This function parses the RSAPrivateKey (PKCS#1)
2059 *
2060 * RSAPrivateKey ::= SEQUENCE {
2061 * version Version,
2062 * modulus INTEGER, -- n
2063 * publicExponent INTEGER, -- e
2064 * privateExponent INTEGER, -- d
2065 * prime1 INTEGER, -- p
2066 * prime2 INTEGER, -- q
2067 * exponent1 INTEGER, -- d mod (p-1)
2068 * exponent2 INTEGER, -- d mod (q-1)
2069 * coefficient INTEGER, -- (inverse of q) mod p
2070 * otherPrimeInfos OtherPrimeInfos OPTIONAL
2071 * }
2072 */
2073 if( ( ret = asn1_get_tag( &p, end, &len,
2074 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
2075 {
2076 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2077 }
2078
2079 end = p + len;
2080
2081 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2082 {
2083 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2084 }
2085
2086 if( rsa->ver != 0 )
2087 {
2088 return( POLARSSL_ERR_X509_KEY_INVALID_VERSION-0x2880 + ret );
2089 }
2090
2091 if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
2092 ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
2093 ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
2094 ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
2095 ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
2096 ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
2097 ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
2098 ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
2099 {
2100 rsa_free( rsa );
2101 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2102 }
2103
2104 rsa->len = mpi_size( &rsa->N );
2105
2106 if( p != end )
2107 {
2108 rsa_free( rsa );
2109 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 +
2110 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
2111 }
2112
2113 if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
2114 {
2115 rsa_free( rsa );
2116 return( ret );
2117 }
2118
2119 return( 0 );
2120}
2121
2122/*
2123 * Parse an unencrypted PKCS#8 encoded private RSA key
2124 */
2125static int x509parse_key_pkcs8_unencrypted_der(
2126 rsa_context *rsa,
2127 const unsigned char *key,
2128 size_t keylen )
2129{
2130 int ret;
2131 size_t len;
2132 unsigned char *p, *end;
2133 x509_buf pk_alg_oid;
2134
2135 p = (unsigned char *) key;
2136 end = p + keylen;
2137
2138 /*
2139 * This function parses the PrivatKeyInfo object (PKCS#8)
2140 *
2141 * PrivateKeyInfo ::= SEQUENCE {
2142 * version Version,
2143 * algorithm AlgorithmIdentifier,
2144 * PrivateKey BIT STRING
2145 * }
2146 *
2147 * AlgorithmIdentifier ::= SEQUENCE {
2148 * algorithm OBJECT IDENTIFIER,
2149 * parameters ANY DEFINED BY algorithm OPTIONAL
2150 * }
2151 *
2152 * The PrivateKey BIT STRING is a PKCS#1 RSAPrivateKey
2153 */
2154 if( ( ret = asn1_get_tag( &p, end, &len,
2155 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
2156 {
2157 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2158 }
2159
2160 end = p + len;
2161
2162 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2163 {
2164 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2165 }
2166
2167 if( rsa->ver != 0 )
2168 {
2169 return( POLARSSL_ERR_X509_KEY_INVALID_VERSION-0x2880 + ret );
2170 }
2171
2172 if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
2173 {
2174 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2175 }
2176
2177 /*
2178 * only RSA keys handled at this time
2179 */
2180 if( pk_alg_oid.len != 9 ||
2181 memcmp( pk_alg_oid.p, OID_PKCS1_RSA"\x2A\x86\x48\x86\xF7\x0D\x01\x01" "\x01", 9 ) != 0 )
2182 {
2183 return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG-0x2700 );
2184 }
2185
2186 /*
2187 * Get the OCTET STRING and parse the PKCS#1 format inside
2188 */
2189 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING0x04 ) ) != 0 )
2190 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2191
2192 if( ( end - p ) < 1 )
2193 {
2194 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 +
2195 POLARSSL_ERR_ASN1_OUT_OF_DATA-0x0060 );
2196 }
2197
2198 end = p + len;
2199
2200 if( ( ret = x509parse_key_pkcs1_der( rsa, p, end - p ) ) != 0 )
2201 return( ret );
2202
2203 return( 0 );
2204}
2205
2206/*
2207 * Parse an encrypted PKCS#8 encoded private RSA key
2208 */
2209static int x509parse_key_pkcs8_encrypted_der(
2210 rsa_context *rsa,
2211 const unsigned char *key,
2212 size_t keylen,
2213 const unsigned char *pwd,
2214 size_t pwdlen )
2215{
2216 int ret;
2217 size_t len;
2218 unsigned char *p, *end, *end2;
2219 x509_buf pbe_alg_oid, pbe_params;
2220 unsigned char buf[2048];
2221
2222 memset(buf, 0, 2048);
2223
2224 p = (unsigned char *) key;
2225 end = p + keylen;
2226
2227 if( pwdlen == 0 )
2228 return( POLARSSL_ERR_X509_PASSWORD_REQUIRED-0x2B80 );
2229
2230 /*
2231 * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
2232 *
2233 * EncryptedPrivateKeyInfo ::= SEQUENCE {
2234 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
2235 * encryptedData EncryptedData
2236 * }
2237 *
2238 * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
2239 *
2240 * EncryptedData ::= OCTET STRING
2241 *
2242 * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
2243 */
2244 if( ( ret = asn1_get_tag( &p, end, &len,
2245 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
2246 {
2247 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2248 }
2249
2250 end = p + len;
2251
2252 if( ( ret = asn1_get_tag( &p, end, &len,
2253 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
2254 {
2255 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2256 }
2257
2258 end2 = p + len;
2259
2260 if( ( ret = asn1_get_tag( &p, end, &pbe_alg_oid.len, ASN1_OID0x06 ) ) != 0 )
2261 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2262
2263 pbe_alg_oid.p = p;
2264 p += pbe_alg_oid.len;
2265
2266 /*
2267 * Store the algorithm parameters
2268 */
2269 pbe_params.p = p;
2270 pbe_params.len = end2 - p;
2271 p += pbe_params.len;
2272
2273 if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING0x04 ) ) != 0 )
2274 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2275
2276 // buf has been sized to 2048 bytes
2277 if( len > 2048 )
2278 return( POLARSSL_ERR_X509_INVALID_INPUT-0x2A00 );
2279
2280 /*
2281 * Decrypt EncryptedData with appropriate PDE
2282 */
2283#if defined(POLARSSL_PKCS12_C)
2284 if( OID_CMP( OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, &pbe_alg_oid )( ( (sizeof("\x2a\x86\x48\x86\xf7\x0d\x01\x0c" "\x01\x03") - 1
) == (&pbe_alg_oid)->len ) && memcmp( ("\x2a\x86\x48\x86\xf7\x0d\x01\x0c"
"\x01\x03"), (&pbe_alg_oid)->p, (&pbe_alg_oid)->
len) == 0) )
2285 {
2286 if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT0,
2287 POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1,
2288 pwd, pwdlen, p, len, buf ) ) != 0 )
2289 {
2290 if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH-0x1E00 )
2291 return( POLARSSL_ERR_X509_PASSWORD_MISMATCH-0x2C00 );
2292
2293 return( ret );
2294 }
2295 }
2296 else if( OID_CMP( OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, &pbe_alg_oid )( ( (sizeof("\x2a\x86\x48\x86\xf7\x0d\x01\x0c" "\x01\x04") - 1
) == (&pbe_alg_oid)->len ) && memcmp( ("\x2a\x86\x48\x86\xf7\x0d\x01\x0c"
"\x01\x04"), (&pbe_alg_oid)->p, (&pbe_alg_oid)->
len) == 0) )
2297 {
2298 if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT0,
2299 POLARSSL_CIPHER_DES_EDE_CBC, POLARSSL_MD_SHA1,
2300 pwd, pwdlen, p, len, buf ) ) != 0 )
2301 {
2302 if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH-0x1E00 )
2303 return( POLARSSL_ERR_X509_PASSWORD_MISMATCH-0x2C00 );
2304
2305 return( ret );
2306 }
2307 }
2308 else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid )( ( (sizeof("\x2a\x86\x48\x86\xf7\x0d\x01\x0c" "\x01\x01") - 1
) == (&pbe_alg_oid)->len ) && memcmp( ("\x2a\x86\x48\x86\xf7\x0d\x01\x0c"
"\x01\x01"), (&pbe_alg_oid)->p, (&pbe_alg_oid)->
len) == 0) )
2309 {
2310 if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params,
2311 PKCS12_PBE_DECRYPT0,
2312 pwd, pwdlen,
2313 p, len, buf ) ) != 0 )
2314 {
2315 return( ret );
2316 }
2317
2318 // Best guess for password mismatch when using RC4. If first tag is
2319 // not ASN1_CONSTRUCTED | ASN1_SEQUENCE
2320 //
2321 if( *buf != ( ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) )
2322 return( POLARSSL_ERR_X509_PASSWORD_MISMATCH-0x2C00 );
2323 }
2324 else
2325#endif /* POLARSSL_PKCS12_C */
2326#if defined(POLARSSL_PKCS5_C)
2327 if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid )( ( (sizeof("\x2a\x86\x48\x86\xf7\x0d\x01\x05" "\x0d") - 1) ==
(&pbe_alg_oid)->len ) && memcmp( ("\x2a\x86\x48\x86\xf7\x0d\x01\x05"
"\x0d"), (&pbe_alg_oid)->p, (&pbe_alg_oid)->len
) == 0) )
2328 {
2329 if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT0, pwd, pwdlen,
2330 p, len, buf ) ) != 0 )
2331 {
2332 if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH-0x3e00 )
2333 return( POLARSSL_ERR_X509_PASSWORD_MISMATCH-0x2C00 );
2334
2335 return( ret );
2336 }
2337 }
2338 else
2339#endif /* POLARSSL_PKCS5_C */
2340 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE-0x2080 );
2341
2342 return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len );
2343}
2344
2345/*
2346 * Parse a private RSA key
2347 */
2348int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
2349 const unsigned char *pwd, size_t pwdlen )
2350{
2351 int ret;
2352
2353#if defined(POLARSSL_PEM_C)
2354 size_t len;
2355 pem_context pem;
2356
2357 pem_init( &pem );
2358 ret = pem_read_buffer( &pem,
2359 "-----BEGIN RSA PRIVATE KEY-----",
2360 "-----END RSA PRIVATE KEY-----",
2361 key, pwd, pwdlen, &len );
2362 if( ret == 0 )
2363 {
2364 if( ( ret = x509parse_key_pkcs1_der( rsa, pem.buf, pem.buflen ) ) != 0 )
2365 {
2366 rsa_free( rsa );
2367 }
2368
2369 pem_free( &pem );
2370 return( ret );
2371 }
2372 else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH-0x1380 )
2373 return( POLARSSL_ERR_X509_PASSWORD_MISMATCH-0x2C00 );
2374 else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED-0x1300 )
2375 return( POLARSSL_ERR_X509_PASSWORD_REQUIRED-0x2B80 );
2376 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT-0x1080 )
2377 return( ret );
2378
2379 ret = pem_read_buffer( &pem,
2380 "-----BEGIN PRIVATE KEY-----",
2381 "-----END PRIVATE KEY-----",
2382 key, NULL((void*)0), 0, &len );
2383 if( ret == 0 )
2384 {
2385 if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa,
2386 pem.buf, pem.buflen ) ) != 0 )
2387 {
2388 rsa_free( rsa );
2389 }
2390
2391 pem_free( &pem );
2392 return( ret );
2393 }
2394 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT-0x1080 )
2395 return( ret );
2396
2397 ret = pem_read_buffer( &pem,
2398 "-----BEGIN ENCRYPTED PRIVATE KEY-----",
2399 "-----END ENCRYPTED PRIVATE KEY-----",
2400 key, NULL((void*)0), 0, &len );
2401 if( ret == 0 )
2402 {
2403 if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa,
2404 pem.buf, pem.buflen,
2405 pwd, pwdlen ) ) != 0 )
2406 {
2407 rsa_free( rsa );
2408 }
2409
2410 pem_free( &pem );
2411 return( ret );
2412 }
2413 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT-0x1080 )
2414 return( ret );
2415#else
2416 ((void) pwd);
2417 ((void) pwdlen);
2418#endif /* POLARSSL_PEM_C */
2419
2420 // At this point we only know it's not a PEM formatted key. Could be any
2421 // of the known DER encoded private key formats
2422 //
2423 // We try the different DER format parsers to see if one passes without
2424 // error
2425 //
2426 if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen,
2427 pwd, pwdlen ) ) == 0 )
2428 {
2429 return( 0 );
2430 }
2431
2432 rsa_free( rsa );
2433
2434 if( ret == POLARSSL_ERR_X509_PASSWORD_MISMATCH-0x2C00 )
2435 {
2436 return( ret );
2437 }
2438
2439 if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 )
2440 return( 0 );
2441
2442 rsa_free( rsa );
2443
2444 if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 )
2445 return( 0 );
2446
2447 rsa_free( rsa );
2448
2449 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 );
2450}
2451
2452/*
2453 * Parse a public RSA key
2454 */
2455int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
2456{
2457 int ret;
2458 size_t len;
2459 unsigned char *p, *end;
2460 x509_buf alg_oid;
2461#if defined(POLARSSL_PEM_C)
2462 pem_context pem;
2463
2464 pem_init( &pem );
2465 ret = pem_read_buffer( &pem,
2466 "-----BEGIN PUBLIC KEY-----",
2467 "-----END PUBLIC KEY-----",
2468 key, NULL((void*)0), 0, &len );
2469
2470 if( ret == 0 )
1
Assuming 'ret' is not equal to 0
2
Taking false branch
2471 {
2472 /*
2473 * Was PEM encoded
2474 */
2475 keylen = pem.buflen;
2476 }
2477 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT-0x1080 )
3
Taking false branch
2478 {
2479 pem_free( &pem );
2480 return( ret );
2481 }
2482
2483 p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
4
'?' condition is false
2484#else
2485 p = (unsigned char *) key;
2486#endif
2487 end = p + keylen;
2488
2489 /*
2490 * PublicKeyInfo ::= SEQUENCE {
2491 * algorithm AlgorithmIdentifier,
2492 * PublicKey BIT STRING
2493 * }
2494 *
2495 * AlgorithmIdentifier ::= SEQUENCE {
2496 * algorithm OBJECT IDENTIFIER,
2497 * parameters ANY DEFINED BY algorithm OPTIONAL
2498 * }
2499 *
2500 * RSAPublicKey ::= SEQUENCE {
2501 * modulus INTEGER, -- n
2502 * publicExponent INTEGER -- e
2503 * }
2504 */
2505
2506 if( ( ret = asn1_get_tag( &p, end, &len,
5
Taking false branch
2507 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
2508 {
2509#if defined(POLARSSL_PEM_C)
2510 pem_free( &pem );
2511#endif
2512 rsa_free( rsa );
2513 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT-0x2180 + ret );
2514 }
2515
2516 if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
6
Calling 'x509_get_pubkey'
2517 {
2518#if defined(POLARSSL_PEM_C)
2519 pem_free( &pem );
2520#endif
2521 rsa_free( rsa );
2522 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2523 }
2524
2525 if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
2526 {
2527#if defined(POLARSSL_PEM_C)
2528 pem_free( &pem );
2529#endif
2530 rsa_free( rsa );
2531 return( ret );
2532 }
2533
2534 rsa->len = mpi_size( &rsa->N );
2535
2536#if defined(POLARSSL_PEM_C)
2537 pem_free( &pem );
2538#endif
2539
2540 return( 0 );
2541}
2542
2543#if defined(POLARSSL_DHM_C)
2544/*
2545 * Parse DHM parameters
2546 */
2547int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
2548{
2549 int ret;
2550 size_t len;
2551 unsigned char *p, *end;
2552#if defined(POLARSSL_PEM_C)
2553 pem_context pem;
2554
2555 pem_init( &pem );
2556
2557 ret = pem_read_buffer( &pem,
2558 "-----BEGIN DH PARAMETERS-----",
2559 "-----END DH PARAMETERS-----",
2560 dhmin, NULL((void*)0), 0, &dhminlen );
2561
2562 if( ret == 0 )
2563 {
2564 /*
2565 * Was PEM encoded
2566 */
2567 dhminlen = pem.buflen;
2568 }
2569 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT-0x1080 )
2570 {
2571 pem_free( &pem );
2572 return( ret );
2573 }
2574
2575 p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
2576#else
2577 p = (unsigned char *) dhmin;
2578#endif
2579 end = p + dhminlen;
2580
2581 memset( dhm, 0, sizeof( dhm_context ) );
2582
2583 /*
2584 * DHParams ::= SEQUENCE {
2585 * prime INTEGER, -- P
2586 * generator INTEGER, -- g
2587 * }
2588 */
2589 if( ( ret = asn1_get_tag( &p, end, &len,
2590 ASN1_CONSTRUCTED0x20 | ASN1_SEQUENCE0x10 ) ) != 0 )
2591 {
2592#if defined(POLARSSL_PEM_C)
2593 pem_free( &pem );
2594#endif
2595 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2596 }
2597
2598 end = p + len;
2599
2600 if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
2601 ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
2602 {
2603#if defined(POLARSSL_PEM_C)
2604 pem_free( &pem );
2605#endif
2606 dhm_free( dhm );
2607 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 + ret );
2608 }
2609
2610 if( p != end )
2611 {
2612#if defined(POLARSSL_PEM_C)
2613 pem_free( &pem );
2614#endif
2615 dhm_free( dhm );
2616 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT-0x2900 +
2617 POLARSSL_ERR_ASN1_LENGTH_MISMATCH-0x0066 );
2618 }
2619
2620#if defined(POLARSSL_PEM_C)
2621 pem_free( &pem );
2622#endif
2623
2624 return( 0 );
2625}
2626
2627#if defined(POLARSSL_FS_IO)
2628/*
2629 * Load and parse a private RSA key
2630 */
2631int x509parse_dhmfile( dhm_context *dhm, const char *path )
2632{
2633 int ret;
2634 size_t n;
2635 unsigned char *buf;
2636
2637 if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2638 return( ret );
2639
2640 ret = x509parse_dhm( dhm, buf, n );
2641
2642 memset( buf, 0, n + 1 );
2643 free( buf );
2644
2645 return( ret );
2646}
2647#endif /* POLARSSL_FS_IO */
2648#endif /* POLARSSL_DHM_C */
2649
2650#if defined _MSC_VER && !defined snprintf
2651#include <stdarg.h>
2652
2653#if !defined vsnprintf
2654#define vsnprintf _vsnprintf
2655#endif // vsnprintf
2656
2657/*
2658 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
2659 * Result value is not size of buffer needed, but -1 if no fit is possible.
2660 *
2661 * This fuction tries to 'fix' this by at least suggesting enlarging the
2662 * size by 20.
2663 */
2664int compat_snprintf(char *str, size_t size, const char *format, ...)
2665{
2666 va_list ap;
2667 int res = -1;
2668
2669 va_start( ap, format )__builtin_va_start(ap, format);
2670
2671 res = vsnprintf( str, size, format, ap );
2672
2673 va_end( ap )__builtin_va_end(ap);
2674
2675 // No quick fix possible
2676 if ( res < 0 )
2677 return( (int) size + 20 );
2678
2679 return res;
2680}
2681
2682#define snprintf compat_snprintf
2683#endif
2684
2685#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL-2 -2
2686
2687#define SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; } \
2688{ \
2689 if( ret == -1 ) \
2690 return( -1 ); \
2691 \
2692 if ( (unsigned int) ret > n ) { \
2693 p[n - 1] = '\0'; \
2694 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL-2;\
2695 } \
2696 \
2697 n -= (unsigned int) ret; \
2698 p += (unsigned int) ret; \
2699}
2700
2701/*
2702 * Store the name in printable form into buf; no more
2703 * than size characters will be written
2704 */
2705int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
2706{
2707 int ret;
2708 size_t i, n;
2709 unsigned char c;
2710 const x509_name *name;
2711 char s[128], *p;
2712
2713 memset( s, 0, sizeof( s ) );
2714
2715 name = dn;
2716 p = buf;
2717 n = size;
2718
2719 while( name != NULL((void*)0) )
2720 {
2721 if( !name->oid.p )
2722 {
2723 name = name->next;
2724 continue;
2725 }
2726
2727 if( name != dn )
2728 {
2729 ret = snprintf( p, n, ", " );
2730 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2731 }
2732
2733 if( name->oid.len == 3 &&
2734 memcmp( name->oid.p, OID_X520"\x55\x04", 2 ) == 0 )
2735 {
2736 switch( name->oid.p[2] )
2737 {
2738 case X520_COMMON_NAME3:
2739 ret = snprintf( p, n, "CN=" ); break;
2740
2741 case X520_COUNTRY6:
2742 ret = snprintf( p, n, "C=" ); break;
2743
2744 case X520_LOCALITY7:
2745 ret = snprintf( p, n, "L=" ); break;
2746
2747 case X520_STATE8:
2748 ret = snprintf( p, n, "ST=" ); break;
2749
2750 case X520_ORGANIZATION10:
2751 ret = snprintf( p, n, "O=" ); break;
2752
2753 case X520_ORG_UNIT11:
2754 ret = snprintf( p, n, "OU=" ); break;
2755
2756 default:
2757 ret = snprintf( p, n, "0x%02X=",
2758 name->oid.p[2] );
2759 break;
2760 }
2761 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2762 }
2763 else if( name->oid.len == 9 &&
2764 memcmp( name->oid.p, OID_PKCS9"\x2A\x86\x48\x86\xF7\x0D\x01\x09", 8 ) == 0 )
2765 {
2766 switch( name->oid.p[8] )
2767 {
2768 case PKCS9_EMAIL1:
2769 ret = snprintf( p, n, "emailAddress=" ); break;
2770
2771 default:
2772 ret = snprintf( p, n, "0x%02X=",
2773 name->oid.p[8] );
2774 break;
2775 }
2776 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2777 }
2778 else
2779 {
2780 ret = snprintf( p, n, "\?\?=" );
2781 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2782 }
2783
2784 for( i = 0; i < name->val.len; i++ )
2785 {
2786 if( i >= sizeof( s ) - 1 )
2787 break;
2788
2789 c = name->val.p[i];
2790 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2791 s[i] = '?';
2792 else s[i] = c;
2793 }
2794 s[i] = '\0';
2795 ret = snprintf( p, n, "%s", s );
2796 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2797 name = name->next;
2798 }
2799
2800 return( (int) ( size - n ) );
2801}
2802
2803/*
2804 * Store the serial in printable form into buf; no more
2805 * than size characters will be written
2806 */
2807int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
2808{
2809 int ret;
2810 size_t i, n, nr;
2811 char *p;
2812
2813 p = buf;
2814 n = size;
2815
2816 nr = ( serial->len <= 32 )
2817 ? serial->len : 28;
2818
2819 for( i = 0; i < nr; i++ )
2820 {
2821 if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
2822 continue;
2823
2824 ret = snprintf( p, n, "%02X%s",
2825 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
2826 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2827 }
2828
2829 if( nr != serial->len )
2830 {
2831 ret = snprintf( p, n, "...." );
2832 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2833 }
2834
2835 return( (int) ( size - n ) );
2836}
2837
2838/*
2839 * Return an informational string about the certificate.
2840 */
2841int x509parse_cert_info( char *buf, size_t size, const char *prefix,
2842 const x509_cert *crt )
2843{
2844 int ret;
2845 size_t n;
2846 char *p;
2847
2848 p = buf;
2849 n = size;
2850
2851 ret = snprintf( p, n, "%scert. version : %d\n",
2852 prefix, crt->version );
2853 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2854 ret = snprintf( p, n, "%sserial number : ",
2855 prefix );
2856 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2857
2858 ret = x509parse_serial_gets( p, n, &crt->serial);
2859 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2860
2861 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2862 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2863 ret = x509parse_dn_gets( p, n, &crt->issuer );
2864 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2865
2866 ret = snprintf( p, n, "\n%ssubject name : ", prefix );
2867 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2868 ret = x509parse_dn_gets( p, n, &crt->subject );
2869 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2870
2871 ret = snprintf( p, n, "\n%sissued on : " \
2872 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2873 crt->valid_from.year, crt->valid_from.mon,
2874 crt->valid_from.day, crt->valid_from.hour,
2875 crt->valid_from.min, crt->valid_from.sec );
2876 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2877
2878 ret = snprintf( p, n, "\n%sexpires on : " \
2879 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2880 crt->valid_to.year, crt->valid_to.mon,
2881 crt->valid_to.day, crt->valid_to.hour,
2882 crt->valid_to.min, crt->valid_to.sec );
2883 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2884
2885 ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2886 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2887
2888 switch( crt->sig_alg )
2889 {
2890 case SIG_RSA_MD22 : ret = snprintf( p, n, "MD2" ); break;
2891 case SIG_RSA_MD43 : ret = snprintf( p, n, "MD4" ); break;
2892 case SIG_RSA_MD54 : ret = snprintf( p, n, "MD5" ); break;
2893 case SIG_RSA_SHA15 : ret = snprintf( p, n, "SHA1" ); break;
2894 case SIG_RSA_SHA22414 : ret = snprintf( p, n, "SHA224" ); break;
2895 case SIG_RSA_SHA25611 : ret = snprintf( p, n, "SHA256" ); break;
2896 case SIG_RSA_SHA38412 : ret = snprintf( p, n, "SHA384" ); break;
2897 case SIG_RSA_SHA51213 : ret = snprintf( p, n, "SHA512" ); break;
2898 default: ret = snprintf( p, n, "???" ); break;
2899 }
2900 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2901
2902 ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
2903 (int) crt->rsa.N.n * (int) sizeof( t_uint ) * 8 );
2904 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2905
2906 return( (int) ( size - n ) );
2907}
2908
2909/*
2910 * Return an informational string describing the given OID
2911 */
2912const char *x509_oid_get_description( x509_buf *oid )
2913{
2914 if ( oid == NULL((void*)0) )
2915 return ( NULL((void*)0) );
2916
2917 else if( OID_CMP( OID_SERVER_AUTH, oid )( ( (sizeof("\x2B\x06\x01\x05\x05\x07" "\x03" "\x01") - 1) ==
(oid)->len ) && memcmp( ("\x2B\x06\x01\x05\x05\x07"
"\x03" "\x01"), (oid)->p, (oid)->len) == 0) )
2918 return( STRING_SERVER_AUTH"TLS Web Server Authentication" );
2919
2920 else if( OID_CMP( OID_CLIENT_AUTH, oid )( ( (sizeof("\x2B\x06\x01\x05\x05\x07" "\x03" "\x02") - 1) ==
(oid)->len ) && memcmp( ("\x2B\x06\x01\x05\x05\x07"
"\x03" "\x02"), (oid)->p, (oid)->len) == 0) )
2921 return( STRING_CLIENT_AUTH"TLS Web Client Authentication" );
2922
2923 else if( OID_CMP( OID_CODE_SIGNING, oid )( ( (sizeof("\x2B\x06\x01\x05\x05\x07" "\x03" "\x03") - 1) ==
(oid)->len ) && memcmp( ("\x2B\x06\x01\x05\x05\x07"
"\x03" "\x03"), (oid)->p, (oid)->len) == 0) )
2924 return( STRING_CODE_SIGNING"Code Signing" );
2925
2926 else if( OID_CMP( OID_EMAIL_PROTECTION, oid )( ( (sizeof("\x2B\x06\x01\x05\x05\x07" "\x03" "\x04") - 1) ==
(oid)->len ) && memcmp( ("\x2B\x06\x01\x05\x05\x07"
"\x03" "\x04"), (oid)->p, (oid)->len) == 0) )
2927 return( STRING_EMAIL_PROTECTION"E-mail Protection" );
2928
2929 else if( OID_CMP( OID_TIME_STAMPING, oid )( ( (sizeof("\x2B\x06\x01\x05\x05\x07" "\x03" "\x08") - 1) ==
(oid)->len ) && memcmp( ("\x2B\x06\x01\x05\x05\x07"
"\x03" "\x08"), (oid)->p, (oid)->len) == 0) )
2930 return( STRING_TIME_STAMPING"Time Stamping" );
2931
2932 else if( OID_CMP( OID_OCSP_SIGNING, oid )( ( (sizeof("\x2B\x06\x01\x05\x05\x07" "\x03" "\x09") - 1) ==
(oid)->len ) && memcmp( ("\x2B\x06\x01\x05\x05\x07"
"\x03" "\x09"), (oid)->p, (oid)->len) == 0) )
2933 return( STRING_OCSP_SIGNING"OCSP Signing" );
2934
2935 return( NULL((void*)0) );
2936}
2937
2938/* Return the x.y.z.... style numeric string for the given OID */
2939int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
2940{
2941 int ret;
2942 size_t i, n;
2943 unsigned int value;
2944 char *p;
2945
2946 p = buf;
2947 n = size;
2948
2949 /* First byte contains first two dots */
2950 if( oid->len > 0 )
2951 {
2952 ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
2953 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2954 }
2955
2956 /* TODO: value can overflow in value. */
2957 value = 0;
2958 for( i = 1; i < oid->len; i++ )
2959 {
2960 value <<= 7;
2961 value += oid->p[i] & 0x7F;
2962
2963 if( !( oid->p[i] & 0x80 ) )
2964 {
2965 /* Last byte */
2966 ret = snprintf( p, n, ".%d", value );
2967 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2968 value = 0;
2969 }
2970 }
2971
2972 return( (int) ( size - n ) );
2973}
2974
2975/*
2976 * Return an informational string about the CRL.
2977 */
2978int x509parse_crl_info( char *buf, size_t size, const char *prefix,
2979 const x509_crl *crl )
2980{
2981 int ret;
2982 size_t n;
2983 char *p;
2984 const x509_crl_entry *entry;
2985
2986 p = buf;
2987 n = size;
2988
2989 ret = snprintf( p, n, "%sCRL version : %d",
2990 prefix, crl->version );
2991 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2992
2993 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2994 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2995 ret = x509parse_dn_gets( p, n, &crl->issuer );
2996 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
2997
2998 ret = snprintf( p, n, "\n%sthis update : " \
2999 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3000 crl->this_update.year, crl->this_update.mon,
3001 crl->this_update.day, crl->this_update.hour,
3002 crl->this_update.min, crl->this_update.sec );
3003 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3004
3005 ret = snprintf( p, n, "\n%snext update : " \
3006 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3007 crl->next_update.year, crl->next_update.mon,
3008 crl->next_update.day, crl->next_update.hour,
3009 crl->next_update.min, crl->next_update.sec );
3010 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3011
3012 entry = &crl->entry;
3013
3014 ret = snprintf( p, n, "\n%sRevoked certificates:",
3015 prefix );
3016 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3017
3018 while( entry != NULL((void*)0) && entry->raw.len != 0 )
3019 {
3020 ret = snprintf( p, n, "\n%sserial number: ",
3021 prefix );
3022 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3023
3024 ret = x509parse_serial_gets( p, n, &entry->serial);
3025 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3026
3027 ret = snprintf( p, n, " revocation date: " \
3028 "%04d-%02d-%02d %02d:%02d:%02d",
3029 entry->revocation_date.year, entry->revocation_date.mon,
3030 entry->revocation_date.day, entry->revocation_date.hour,
3031 entry->revocation_date.min, entry->revocation_date.sec );
3032 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3033
3034 entry = entry->next;
3035 }
3036
3037 ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
3038 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3039
3040 switch( crl->sig_alg )
3041 {
3042 case SIG_RSA_MD22 : ret = snprintf( p, n, "MD2" ); break;
3043 case SIG_RSA_MD43 : ret = snprintf( p, n, "MD4" ); break;
3044 case SIG_RSA_MD54 : ret = snprintf( p, n, "MD5" ); break;
3045 case SIG_RSA_SHA15 : ret = snprintf( p, n, "SHA1" ); break;
3046 case SIG_RSA_SHA22414 : ret = snprintf( p, n, "SHA224" ); break;
3047 case SIG_RSA_SHA25611 : ret = snprintf( p, n, "SHA256" ); break;
3048 case SIG_RSA_SHA38412 : ret = snprintf( p, n, "SHA384" ); break;
3049 case SIG_RSA_SHA51213 : ret = snprintf( p, n, "SHA512" ); break;
3050 default: ret = snprintf( p, n, "???" ); break;
3051 }
3052 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3053
3054 ret = snprintf( p, n, "\n" );
3055 SAFE_SNPRINTF(){ if( ret == -1 ) return( -1 ); if ( (unsigned int) ret > n
) { p[n - 1] = '\0'; return -2; } n -= (unsigned int) ret; p
+= (unsigned int) ret; };
3056
3057 return( (int) ( size - n ) );
3058}
3059
3060/*
3061 * Return 0 if the x509_time is still valid, or 1 otherwise.
3062 */
3063int x509parse_time_expired( const x509_time *to )
3064{
3065 int year, mon, day;
3066 int hour, min, sec;
3067
3068#if defined(_WIN32)
3069 SYSTEMTIME st;
3070
3071 GetLocalTime(&st);
3072
3073 year = st.wYear;
3074 mon = st.wMonth;
3075 day = st.wDay;
3076 hour = st.wHour;
3077 min = st.wMinute;
3078 sec = st.wSecond;
3079#else
3080 struct tm *lt;
3081 time_t tt;
3082
3083 tt = time( NULL((void*)0) );
3084 lt = localtime( &tt );
3085
3086 year = lt->tm_year + 1900;
3087 mon = lt->tm_mon + 1;
3088 day = lt->tm_mday;
3089 hour = lt->tm_hour;
3090 min = lt->tm_min;
3091 sec = lt->tm_sec;
3092#endif
3093
3094 if( year > to->year )
3095 return( 1 );
3096
3097 if( year == to->year &&
3098 mon > to->mon )
3099 return( 1 );
3100
3101 if( year == to->year &&
3102 mon == to->mon &&
3103 day > to->day )
3104 return( 1 );
3105
3106 if( year == to->year &&
3107 mon == to->mon &&
3108 day == to->day &&
3109 hour > to->hour )
3110 return( 1 );
3111
3112 if( year == to->year &&
3113 mon == to->mon &&
3114 day == to->day &&
3115 hour == to->hour &&
3116 min > to->min )
3117 return( 1 );
3118
3119 if( year == to->year &&
3120 mon == to->mon &&
3121 day == to->day &&
3122 hour == to->hour &&
3123 min == to->min &&
3124 sec > to->sec )
3125 return( 1 );
3126
3127 return( 0 );
3128}
3129
3130/*
3131 * Return 1 if the certificate is revoked, or 0 otherwise.
3132 */
3133int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
3134{
3135 const x509_crl_entry *cur = &crl->entry;
3136
3137 while( cur != NULL((void*)0) && cur->serial.len != 0 )
3138 {
3139 if( crt->serial.len == cur->serial.len &&
3140 memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
3141 {
3142 if( x509parse_time_expired( &cur->revocation_date ) )
3143 return( 1 );
3144 }
3145
3146 cur = cur->next;
3147 }
3148
3149 return( 0 );
3150}
3151
3152/*
3153 * Wrapper for x509 hashes.
3154 */
3155static void x509_hash( const unsigned char *in, size_t len, int alg,
3156 unsigned char *out )
3157{
3158 switch( alg )
3159 {
3160#if defined(POLARSSL_MD2_C)
3161 case SIG_RSA_MD22 : md2( in, len, out ); break;
3162#endif
3163#if defined(POLARSSL_MD4_C)
3164 case SIG_RSA_MD43 : md4( in, len, out ); break;
3165#endif
3166#if defined(POLARSSL_MD5_C)
3167 case SIG_RSA_MD54 : md5( in, len, out ); break;
3168#endif
3169#if defined(POLARSSL_SHA1_C)
3170 case SIG_RSA_SHA15 : sha1( in, len, out ); break;
3171#endif
3172#if defined(POLARSSL_SHA2_C)
3173 case SIG_RSA_SHA22414 : sha2( in, len, out, 1 ); break;
3174 case SIG_RSA_SHA25611 : sha2( in, len, out, 0 ); break;
3175#endif
3176#if defined(POLARSSL_SHA4_C)
3177 case SIG_RSA_SHA38412 : sha4( in, len, out, 1 ); break;
3178 case SIG_RSA_SHA51213 : sha4( in, len, out, 0 ); break;
3179#endif
3180 default:
3181 memset( out, '\xFF', 64 );
3182 break;
3183 }
3184}
3185
3186/*
3187 * Check that the given certificate is valid accoring to the CRL.
3188 */
3189static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
3190 x509_crl *crl_list)
3191{
3192 int flags = 0;
3193 int hash_id;
3194 unsigned char hash[64];
3195
3196 if( ca == NULL((void*)0) )
3197 return( flags );
3198
3199 /*
3200 * TODO: What happens if no CRL is present?
3201 * Suggestion: Revocation state should be unknown if no CRL is present.
3202 * For backwards compatibility this is not yet implemented.
3203 */
3204
3205 while( crl_list != NULL((void*)0) )
3206 {
3207 if( crl_list->version == 0 ||
3208 crl_list->issuer_raw.len != ca->subject_raw.len ||
3209 memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
3210 crl_list->issuer_raw.len ) != 0 )
3211 {
3212 crl_list = crl_list->next;
3213 continue;
3214 }
3215
3216 /*
3217 * Check if CRL is correctly signed by the trusted CA
3218 */
3219 hash_id = crl_list->sig_alg;
3220
3221 x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
3222
3223 if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC0, hash_id,
3224 0, hash, crl_list->sig.p ) == 0 )
3225 {
3226 /*
3227 * CRL is not trusted
3228 */
3229 flags |= BADCRL_NOT_TRUSTED0x10;
3230 break;
3231 }
3232
3233 /*
3234 * Check for validity of CRL (Do not drop out)
3235 */
3236 if( x509parse_time_expired( &crl_list->next_update ) )
3237 flags |= BADCRL_EXPIRED0x20;
3238
3239 /*
3240 * Check if certificate is revoked
3241 */
3242 if( x509parse_revoked(crt, crl_list) )
3243 {
3244 flags |= BADCERT_REVOKED0x02;
3245 break;
3246 }
3247
3248 crl_list = crl_list->next;
3249 }
3250 return flags;
3251}
3252
3253int x509_wildcard_verify( const char *cn, x509_buf *name )
3254{
3255 size_t i;
3256 size_t cn_idx = 0;
3257
3258 if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
3259 return( 0 );
3260
3261 for( i = 0; i < strlen( cn ); ++i )
3262 {
3263 if( cn[i] == '.' )
3264 {
3265 cn_idx = i;
3266 break;
3267 }
3268 }
3269
3270 if( cn_idx == 0 )
3271 return( 0 );
3272
3273 if( strlen( cn ) - cn_idx == name->len - 1 &&
3274 memcmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
3275 {
3276 return( 1 );
3277 }
3278
3279 return( 0 );
3280}
3281
3282static int x509parse_verify_top(
3283 x509_cert *child, x509_cert *trust_ca,
3284 x509_crl *ca_crl, int path_cnt, int *flags,
3285 int (*f_vrfy)(void *, x509_cert *, int, int *),
3286 void *p_vrfy )
3287{
3288 int hash_id, ret;
3289 int ca_flags = 0, check_path_cnt = path_cnt + 1;
3290 unsigned char hash[64];
3291
3292 if( x509parse_time_expired( &child->valid_to ) )
3293 *flags |= BADCERT_EXPIRED0x01;
3294
3295 /*
3296 * Child is the top of the chain. Check against the trust_ca list.
3297 */
3298 *flags |= BADCERT_NOT_TRUSTED0x08;
3299
3300 while( trust_ca != NULL((void*)0) )
3301 {
3302 if( trust_ca->version == 0 ||
3303 child->issuer_raw.len != trust_ca->subject_raw.len ||
3304 memcmp( child->issuer_raw.p, trust_ca->subject_raw.p,
3305 child->issuer_raw.len ) != 0 )
3306 {
3307 trust_ca = trust_ca->next;
3308 continue;
3309 }
3310
3311 /*
3312 * Reduce path_len to check against if top of the chain is
3313 * the same as the trusted CA
3314 */
3315 if( child->subject_raw.len == trust_ca->subject_raw.len &&
3316 memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3317 child->issuer_raw.len ) == 0 )
3318 {
3319 check_path_cnt--;
3320 }
3321
3322 if( trust_ca->max_pathlen > 0 &&
3323 trust_ca->max_pathlen < check_path_cnt )
3324 {
3325 trust_ca = trust_ca->next;
3326 continue;
3327 }
3328
3329 hash_id = child->sig_alg;
3330
3331 x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3332
3333 if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC0, hash_id,
3334 0, hash, child->sig.p ) != 0 )
3335 {
3336 trust_ca = trust_ca->next;
3337 continue;
3338 }
3339
3340 /*
3341 * Top of chain is signed by a trusted CA
3342 */
3343 *flags &= ~BADCERT_NOT_TRUSTED0x08;
3344 break;
3345 }
3346
3347 /*
3348 * If top of chain is not the same as the trusted CA send a verify request
3349 * to the callback for any issues with validity and CRL presence for the
3350 * trusted CA certificate.
3351 */
3352 if( trust_ca != NULL((void*)0) &&
3353 ( child->subject_raw.len != trust_ca->subject_raw.len ||
3354 memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
3355 child->issuer_raw.len ) != 0 ) )
3356 {
3357 /* Check trusted CA's CRL for then chain's top crt */
3358 *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
3359
3360 if( x509parse_time_expired( &trust_ca->valid_to ) )
3361 ca_flags |= BADCERT_EXPIRED0x01;
3362
3363 if( NULL((void*)0) != f_vrfy )
3364 {
3365 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
3366 return( ret );
3367 }
3368 }
3369
3370 /* Call callback on top cert */
3371 if( NULL((void*)0) != f_vrfy )
3372 {
3373 if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
3374 return( ret );
3375 }
3376
3377 *flags |= ca_flags;
3378
3379 return( 0 );
3380}
3381
3382static int x509parse_verify_child(
3383 x509_cert *child, x509_cert *parent, x509_cert *trust_ca,
3384 x509_crl *ca_crl, int path_cnt, int *flags,
3385 int (*f_vrfy)(void *, x509_cert *, int, int *),
3386 void *p_vrfy )
3387{
3388 int hash_id, ret;
3389 int parent_flags = 0;
3390 unsigned char hash[64];
3391 x509_cert *grandparent;
3392
3393 if( x509parse_time_expired( &child->valid_to ) )
3394 *flags |= BADCERT_EXPIRED0x01;
3395
3396 hash_id = child->sig_alg;
3397
3398 x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
3399
3400 if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC0, hash_id, 0, hash,
3401 child->sig.p ) != 0 )
3402 *flags |= BADCERT_NOT_TRUSTED0x08;
3403
3404 /* Check trusted CA's CRL for the given crt */
3405 *flags |= x509parse_verifycrl(child, parent, ca_crl);
3406
3407 grandparent = parent->next;
3408
3409 while( grandparent != NULL((void*)0) )
3410 {
3411 if( grandparent->version == 0 ||
3412 grandparent->ca_istrue == 0 ||
3413 parent->issuer_raw.len != grandparent->subject_raw.len ||
3414 memcmp( parent->issuer_raw.p, grandparent->subject_raw.p,
3415 parent->issuer_raw.len ) != 0 )
3416 {
3417 grandparent = grandparent->next;
3418 continue;
3419 }
3420 break;
3421 }
3422
3423 if( grandparent != NULL((void*)0) )
3424 {
3425 /*
3426 * Part of the chain
3427 */
3428 ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3429 if( ret != 0 )
3430 return( ret );
3431 }
3432 else
3433 {
3434 ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3435 if( ret != 0 )
3436 return( ret );
3437 }
3438
3439 /* child is verified to be a child of the parent, call verify callback */
3440 if( NULL((void*)0) != f_vrfy )
3441 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
3442 return( ret );
3443
3444 *flags |= parent_flags;
3445
3446 return( 0 );
3447}
3448
3449/*
3450 * Verify the certificate validity
3451 */
3452int x509parse_verify( x509_cert *crt,
3453 x509_cert *trust_ca,
3454 x509_crl *ca_crl,
3455 const char *cn, int *flags,
3456 int (*f_vrfy)(void *, x509_cert *, int, int *),
3457 void *p_vrfy )
3458{
3459 size_t cn_len;
3460 int ret;
3461 int pathlen = 0;
3462 x509_cert *parent;
3463 x509_name *name;
3464 x509_sequence *cur = NULL((void*)0);
3465
3466 *flags = 0;
3467
3468 if( cn != NULL((void*)0) )
3469 {
3470 name = &crt->subject;
3471 cn_len = strlen( cn );
3472
3473 if( crt->ext_types & EXT_SUBJECT_ALT_NAME(1 << 5) )
3474 {
3475 cur = &crt->subject_alt_names;
3476
3477 while( cur != NULL((void*)0) )
3478 {
3479 if( cur->buf.len == cn_len &&
3480 memcmp( cn, cur->buf.p, cn_len ) == 0 )
3481 break;
3482
3483 if( cur->buf.len > 2 &&
3484 memcmp( cur->buf.p, "*.", 2 ) == 0 &&
3485 x509_wildcard_verify( cn, &cur->buf ) )
3486 break;
3487
3488 cur = cur->next;
3489 }
3490
3491 if( cur == NULL((void*)0) )
3492 *flags |= BADCERT_CN_MISMATCH0x04;
3493 }
3494 else
3495 {
3496 while( name != NULL((void*)0) )
3497 {
3498 if( name->oid.len == 3 &&
3499 memcmp( name->oid.p, OID_CN"\x55\x04" "\x03", 3 ) == 0 )
3500 {
3501 if( name->val.len == cn_len &&
3502 memcmp( name->val.p, cn, cn_len ) == 0 )
3503 break;
3504
3505 if( name->val.len > 2 &&
3506 memcmp( name->val.p, "*.", 2 ) == 0 &&
3507 x509_wildcard_verify( cn, &name->val ) )
3508 break;
3509 }
3510
3511 name = name->next;
3512 }
3513
3514 if( name == NULL((void*)0) )
3515 *flags |= BADCERT_CN_MISMATCH0x04;
3516 }
3517 }
3518
3519 /*
3520 * Iterate upwards in the given cert chain, to find our crt parent.
3521 * Ignore any upper cert with CA != TRUE.
3522 */
3523 parent = crt->next;
3524
3525 while( parent != NULL((void*)0) && parent->version != 0 )
3526 {
3527 if( parent->ca_istrue == 0 ||
3528 crt->issuer_raw.len != parent->subject_raw.len ||
3529 memcmp( crt->issuer_raw.p, parent->subject_raw.p,
3530 crt->issuer_raw.len ) != 0 )
3531 {
3532 parent = parent->next;
3533 continue;
3534 }
3535 break;
3536 }
3537
3538 if( parent != NULL((void*)0) )
3539 {
3540 /*
3541 * Part of the chain
3542 */
3543 ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3544 if( ret != 0 )
3545 return( ret );
3546 }
3547 else
3548 {
3549 ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3550 if( ret != 0 )
3551 return( ret );
3552 }
3553
3554 if( *flags != 0 )
3555 return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED-0x2800 );
3556
3557 return( 0 );
3558}
3559
3560/*
3561 * Unallocate all certificate data
3562 */
3563void x509_free( x509_cert *crt )
3564{
3565 x509_cert *cert_cur = crt;
3566 x509_cert *cert_prv;
3567 x509_name *name_cur;
3568 x509_name *name_prv;
3569 x509_sequence *seq_cur;
3570 x509_sequence *seq_prv;
3571
3572 if( crt == NULL((void*)0) )
3573 return;
3574
3575 do
3576 {
3577 rsa_free( &cert_cur->rsa );
3578
3579 name_cur = cert_cur->issuer.next;
3580 while( name_cur != NULL((void*)0) )
3581 {
3582 name_prv = name_cur;
3583 name_cur = name_cur->next;
3584 memset( name_prv, 0, sizeof( x509_name ) );
3585 free( name_prv );
3586 }
3587
3588 name_cur = cert_cur->subject.next;
3589 while( name_cur != NULL((void*)0) )
3590 {
3591 name_prv = name_cur;
3592 name_cur = name_cur->next;
3593 memset( name_prv, 0, sizeof( x509_name ) );
3594 free( name_prv );
3595 }
3596
3597 seq_cur = cert_cur->ext_key_usage.next;
3598 while( seq_cur != NULL((void*)0) )
3599 {
3600 seq_prv = seq_cur;
3601 seq_cur = seq_cur->next;
3602 memset( seq_prv, 0, sizeof( x509_sequence ) );
3603 free( seq_prv );
3604 }
3605
3606 seq_cur = cert_cur->subject_alt_names.next;
3607 while( seq_cur != NULL((void*)0) )
3608 {
3609 seq_prv = seq_cur;
3610 seq_cur = seq_cur->next;
3611 memset( seq_prv, 0, sizeof( x509_sequence ) );
3612 free( seq_prv );
3613 }
3614
3615 if( cert_cur->raw.p != NULL((void*)0) )
3616 {
3617 memset( cert_cur->raw.p, 0, cert_cur->raw.len );
3618 free( cert_cur->raw.p );
3619 }
3620
3621 cert_cur = cert_cur->next;
3622 }
3623 while( cert_cur != NULL((void*)0) );
3624
3625 cert_cur = crt;
3626 do
3627 {
3628 cert_prv = cert_cur;
3629 cert_cur = cert_cur->next;
3630
3631 memset( cert_prv, 0, sizeof( x509_cert ) );
3632 if( cert_prv != crt )
3633 free( cert_prv );
3634 }
3635 while( cert_cur != NULL((void*)0) );
3636}
3637
3638/*
3639 * Unallocate all CRL data
3640 */
3641void x509_crl_free( x509_crl *crl )
3642{
3643 x509_crl *crl_cur = crl;
3644 x509_crl *crl_prv;
3645 x509_name *name_cur;
3646 x509_name *name_prv;
3647 x509_crl_entry *entry_cur;
3648 x509_crl_entry *entry_prv;
3649
3650 if( crl == NULL((void*)0) )
3651 return;
3652
3653 do
3654 {
3655 name_cur = crl_cur->issuer.next;
3656 while( name_cur != NULL((void*)0) )
3657 {
3658 name_prv = name_cur;
3659 name_cur = name_cur->next;
3660 memset( name_prv, 0, sizeof( x509_name ) );
3661 free( name_prv );
3662 }
3663
3664 entry_cur = crl_cur->entry.next;
3665 while( entry_cur != NULL((void*)0) )
3666 {
3667 entry_prv = entry_cur;
3668 entry_cur = entry_cur->next;
3669 memset( entry_prv, 0, sizeof( x509_crl_entry ) );
3670 free( entry_prv );
3671 }
3672
3673 if( crl_cur->raw.p != NULL((void*)0) )
3674 {
3675 memset( crl_cur->raw.p, 0, crl_cur->raw.len );
3676 free( crl_cur->raw.p );
3677 }
3678
3679 crl_cur = crl_cur->next;
3680 }
3681 while( crl_cur != NULL((void*)0) );
3682
3683 crl_cur = crl;
3684 do
3685 {
3686 crl_prv = crl_cur;
3687 crl_cur = crl_cur->next;
3688
3689 memset( crl_prv, 0, sizeof( x509_crl ) );
3690 if( crl_prv != crl )
3691 free( crl_prv );
3692 }
3693 while( crl_cur != NULL((void*)0) );
3694}
3695
3696#if defined(POLARSSL_SELF_TEST)
3697
3698#include "polarssl/certs.h"
3699
3700/*
3701 * Checkup routine
3702 */
3703int x509_self_test( int verbose )
3704{
3705#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3706 int ret;
3707 int flags;
3708 size_t i, j;
3709 x509_cert cacert;
3710 x509_cert clicert;
3711 rsa_context rsa;
3712#if defined(POLARSSL_DHM_C)
3713 dhm_context dhm;
3714#endif
3715
3716 if( verbose != 0 )
3717 printf( " X.509 certificate load: " );
3718
3719 memset( &clicert, 0, sizeof( x509_cert ) );
3720
3721 ret = x509parse_crt( &clicert, (const unsigned char *) test_cli_crt,
3722 strlen( test_cli_crt ) );
3723 if( ret != 0 )
3724 {
3725 if( verbose != 0 )
3726 printf( "failed\n" );
3727
3728 return( ret );
3729 }
3730
3731 memset( &cacert, 0, sizeof( x509_cert ) );
3732
3733 ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
3734 strlen( test_ca_crt ) );
3735 if( ret != 0 )
3736 {
3737 if( verbose != 0 )
3738 printf( "failed\n" );
3739
3740 return( ret );
3741 }
3742
3743 if( verbose != 0 )
3744 printf( "passed\n X.509 private key load: " );
3745
3746 i = strlen( test_ca_key );
3747 j = strlen( test_ca_pwd );
3748
3749 rsa_init( &rsa, RSA_PKCS_V150, 0 );
3750
3751 if( ( ret = x509parse_key( &rsa,
3752 (const unsigned char *) test_ca_key, i,
3753 (const unsigned char *) test_ca_pwd, j ) ) != 0 )
3754 {
3755 if( verbose != 0 )
3756 printf( "failed\n" );
3757
3758 return( ret );
3759 }
3760
3761 if( verbose != 0 )
3762 printf( "passed\n X.509 signature verify: ");
3763
3764 ret = x509parse_verify( &clicert, &cacert, NULL((void*)0), "PolarSSL Client 2", &flags, NULL((void*)0), NULL((void*)0) );
3765 if( ret != 0 )
3766 {
3767 printf("%02x", flags);
3768 if( verbose != 0 )
3769 printf( "failed\n" );
3770
3771 return( ret );
3772 }
3773
3774#if defined(POLARSSL_DHM_C)
3775 if( verbose != 0 )
3776 printf( "passed\n X.509 DHM parameter load: " );
3777
3778 i = strlen( test_dhm_params );
3779 j = strlen( test_ca_pwd );
3780
3781 if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, i ) ) != 0 )
3782 {
3783 if( verbose != 0 )
3784 printf( "failed\n" );
3785
3786 return( ret );
3787 }
3788
3789 if( verbose != 0 )
3790 printf( "passed\n\n" );
3791#endif
3792
3793 x509_free( &cacert );
3794 x509_free( &clicert );
3795 rsa_free( &rsa );
3796#if defined(POLARSSL_DHM_C)
3797 dhm_free( &dhm );
3798#endif
3799
3800 return( 0 );
3801#else
3802 ((void) verbose);
3803 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE-0x2080 );
3804#endif
3805}
3806
3807#endif
3808
3809#endif