39 #if defined(POLARSSL_X509_PARSE_C)
45 #if defined(POLARSSL_MD2_C)
48 #if defined(POLARSSL_MD4_C)
51 #if defined(POLARSSL_MD5_C)
54 #if defined(POLARSSL_SHA1_C)
57 #if defined(POLARSSL_SHA2_C)
60 #if defined(POLARSSL_SHA4_C)
64 #if defined(POLARSSL_PKCS5_C)
67 #if defined(POLARSSL_PKCS12_C)
79 #if defined(POLARSSL_FS_IO)
82 #include <sys/types.h>
89 #define OID_CMP(oid_str, oid_buf) \
90 ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
91 memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
96 static int x509_get_version(
unsigned char **p,
97 const unsigned char *end,
130 static int x509_crl_get_version(
unsigned char **p,
131 const unsigned char *end,
153 static int x509_get_serial(
unsigned char **p,
154 const unsigned char *end,
159 if( ( end - *p ) < 1 )
168 serial->
tag = *(*p)++;
184 static int x509_get_alg(
unsigned char **p,
185 const unsigned char *end,
229 static int x509_get_attr_type_value(
unsigned char **p,
230 const unsigned char *end,
251 if( ( end - *p ) < 1 )
287 static int x509_get_name(
unsigned char **p,
288 const unsigned char *end,
293 const unsigned char *end2;
306 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
314 if( use->
next == NULL )
333 if( cur->
next == NULL )
338 return( x509_get_name( p, end2, cur->
next ) );
346 static int x509_get_time(
unsigned char **p,
347 const unsigned char *end,
355 if( ( end - *p ) < 1 )
369 memset( date, 0,
sizeof( date ) );
370 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
371 len :
sizeof( date ) - 1 );
373 if( sscanf( date,
"%2d%2d%2d%2d%2d%2dZ",
378 time->
year += 100 * ( time->
year < 50 );
393 memset( date, 0,
sizeof( date ) );
394 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
395 len :
sizeof( date ) - 1 );
397 if( sscanf( date,
"%4d%2d%2d%2d%2d%2dZ",
416 static int x509_get_dates(
unsigned char **p,
417 const unsigned char *end,
430 if( ( ret = x509_get_time( p, end, from ) ) != 0 )
433 if( ( ret = x509_get_time( p, end, to ) ) != 0 )
448 static int x509_get_pubkey(
unsigned char **p,
449 const unsigned char *end,
457 if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
463 if( pk_alg_oid->
len != 9 ||
472 if( ( end - *p ) < 1 )
491 if( *p + len != end2 )
506 static int x509_get_sig(
unsigned char **p,
507 const unsigned char *end,
513 if( ( end - *p ) < 1 )
523 if( --len < 1 || *(*p)++ != 0 )
537 static int x509_get_uid(
unsigned char **p,
538 const unsigned char *end,
567 static int x509_get_ext(
unsigned char **p,
568 const unsigned char *end,
598 if( end != *p + len )
608 static int x509_get_crl_ext(
unsigned char **p,
609 const unsigned char *end,
616 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
643 static int x509_get_crl_entry_ext(
unsigned char **p,
644 const unsigned char *end,
674 if( end != *p + ext->
len )
694 static int x509_get_basic_constraints(
unsigned char **p,
695 const unsigned char *end,
725 if( *ca_istrue != 0 )
732 if( ( ret =
asn1_get_int( p, end, max_pathlen ) ) != 0 )
744 static int x509_get_ns_cert_type(
unsigned char **p,
745 const unsigned char *end,
746 unsigned char *ns_cert_type)
759 *ns_cert_type = *bs.
p;
763 static int x509_get_key_usage(
unsigned char **p,
764 const unsigned char *end,
765 unsigned char *key_usage)
787 static int x509_get_ext_key_usage(
unsigned char **p,
788 const unsigned char *end,
797 if( ext_key_usage->
buf.
p == NULL )
830 static int x509_get_subject_alt_name(
unsigned char **p,
831 const unsigned char *end,
845 if( *p + len != end )
851 if( ( end - *p ) < 1 )
864 if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
882 if( cur->
next == NULL )
908 static int x509_get_crt_ext(
unsigned char **p,
909 const unsigned char *end,
914 unsigned char *end_ext_data, *end_ext_octet;
916 if( ( ret = x509_get_ext( p, end, &crt->
v3_ext, 3 ) ) != 0 )
939 end_ext_data = *p + len;
950 if( ( end - *p ) < 1 )
955 if( ( ret =
asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
964 end_ext_octet = *p + len;
966 if( end_ext_octet != end_ext_data )
977 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
986 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
995 if( ( ret = x509_get_key_usage( p, end_ext_octet,
1004 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
1013 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1023 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1044 static int x509_get_entries(
unsigned char **p,
1045 const unsigned char *end,
1064 end = *p + entry_len;
1069 const unsigned char *end2;
1077 cur_entry->
raw.
tag = **p;
1078 cur_entry->
raw.
p = *p;
1079 cur_entry->
raw.
len = len2;
1082 if( ( ret = x509_get_serial( p, end2, &cur_entry->
serial ) ) != 0 )
1085 if( ( ret = x509_get_time( p, end2, &cur_entry->
revocation_date ) ) != 0 )
1088 if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->
entry_ext ) ) != 0 )
1095 if( cur_entry->
next == NULL )
1098 cur_entry = cur_entry->
next;
1108 if( sig_oid->
len == 9 &&
1111 if( sig_oid->
p[8] >= 2 && sig_oid->
p[8] <= 5 )
1113 *sig_alg = sig_oid->
p[8];
1117 if ( sig_oid->
p[8] >= 11 && sig_oid->
p[8] <= 14 )
1119 *sig_alg = sig_oid->
p[8];
1125 if( sig_oid->
len == 5 &&
1138 static int x509parse_crt_der_core(
x509_cert *crt,
const unsigned char *buf,
1143 unsigned char *p, *end, *crt_end;
1148 if( crt == NULL || buf == NULL )
1151 p = (
unsigned char *) malloc( len = buflen );
1156 memcpy( p, buf, buflen );
1175 if( len > (
size_t) ( end - p ) )
1205 if( ( ret = x509_get_version( &p, end, &crt->
version ) ) != 0 ||
1206 ( ret = x509_get_serial( &p, end, &crt->
serial ) ) != 0 ||
1207 ( ret = x509_get_alg( &p, end, &crt->
sig_oid1 ) ) != 0 )
1221 if( ( ret = x509_get_sig_alg( &crt->
sig_oid1, &crt->
sig_alg ) ) != 0 )
1239 if( ( ret = x509_get_name( &p, p + len, &crt->
issuer ) ) != 0 )
1253 if( ( ret = x509_get_dates( &p, end, &crt->
valid_from,
1272 if( len && ( ret = x509_get_name( &p, p + len, &crt->
subject ) ) != 0 )
1292 if( ( ret = x509_get_pubkey( &p, p + len, &crt->
pk_oid,
1293 &crt->
rsa.
N, &crt->
rsa.
E ) ) != 0 )
1317 ret = x509_get_uid( &p, end, &crt->
issuer_id, 1 );
1327 ret = x509_get_uid( &p, end, &crt->
subject_id, 2 );
1337 ret = x509_get_crt_ext( &p, end, crt);
1358 if( ( ret = x509_get_alg( &p, end, &crt->
sig_oid2 ) ) != 0 )
1371 if( ( ret = x509_get_sig( &p, end, &crt->
sig ) ) != 0 )
1399 if( crt == NULL || buf == NULL )
1415 if( crt->
next == NULL )
1423 if( ( ret = x509parse_crt_der_core( crt, buf, buflen ) ) != 0 )
1442 int ret, success = 0, first_error = 0, total_failed = 0;
1448 if( chain == NULL || buf == NULL )
1455 #if defined(POLARSSL_PEM_C)
1456 if( strstr( (
const char *) buf,
"-----BEGIN CERTIFICATE-----" ) != NULL )
1463 #if defined(POLARSSL_PEM_C)
1474 (
char *)
"-----BEGIN CERTIFICATE-----",
1475 (
char *)
"-----END CERTIFICATE-----",
1476 buf, NULL, 0, &use_len );
1500 if( first_error == 0 )
1520 if( first_error == 0 )
1533 return( total_failed );
1534 else if( first_error )
1535 return( first_error );
1547 unsigned char *p, *end;
1549 #if defined(POLARSSL_PEM_C)
1559 if( crl == NULL || buf == NULL )
1572 if( crl->
next == NULL )
1579 memset( crl, 0,
sizeof(
x509_crl ) );
1582 #if defined(POLARSSL_PEM_C)
1585 (
char *)
"-----BEGIN X509 CRL-----",
1586 (
char *)
"-----END X509 CRL-----",
1587 buf, NULL, 0, &use_len );
1615 p = (
unsigned char *) malloc( len = buflen );
1620 memcpy( p, buf, buflen );
1625 p = (
unsigned char *) malloc( len = buflen );
1630 memcpy( p, buf, buflen );
1652 if( len != (
size_t) ( end - p ) )
1680 if( ( ret = x509_crl_get_version( &p, end, &crl->
version ) ) != 0 ||
1681 ( ret = x509_get_alg( &p, end, &crl->
sig_oid1 ) ) != 0 )
1695 if( ( ret = x509_get_sig_alg( &crl->
sig_oid1, &crl->
sig_alg ) ) != 0 )
1713 if( ( ret = x509_get_name( &p, p + len, &crl->
issuer ) ) != 0 )
1725 if( ( ret = x509_get_time( &p, end, &crl->
this_update ) ) != 0 )
1731 if( ( ret = x509_get_time( &p, end, &crl->
next_update ) ) != 0 )
1751 if( ( ret = x509_get_entries( &p, end, &crl->
entry ) ) != 0 )
1763 ret = x509_get_crl_ext( &p, end, &crl->
crl_ext );
1785 if( ( ret = x509_get_alg( &p, end, &crl->
sig_oid2 ) ) != 0 )
1798 if( ( ret = x509_get_sig( &p, end, &crl->
sig ) ) != 0 )
1815 if( crl->
next == NULL )
1822 memset( crl, 0,
sizeof(
x509_crl ) );
1830 #if defined(POLARSSL_FS_IO)
1834 static int load_file(
const char *path,
unsigned char **buf,
size_t *n )
1839 if( ( f = fopen( path,
"rb" ) ) == NULL )
1842 fseek( f, 0, SEEK_END );
1843 if( ( size = ftell( f ) ) == -1 )
1848 fseek( f, 0, SEEK_SET );
1853 ( *buf = (
unsigned char *) malloc( *n + 1 ) ) == NULL )
1859 if( fread( *buf, 1, *n, f ) != *n )
1882 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1887 memset( buf, 0, n + 1 );
1898 WCHAR szDir[MAX_PATH];
1899 char filename[MAX_PATH];
1901 int len = strlen( path );
1903 WIN32_FIND_DATAW file_data;
1906 if( len > MAX_PATH - 3 )
1909 memset( szDir, 0,
sizeof(szDir) );
1910 memset( filename, 0, MAX_PATH );
1911 memcpy( filename, path, len );
1912 filename[len++] =
'\\';
1914 filename[len++] =
'*';
1916 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir, MAX_PATH - 3 );
1918 hFind = FindFirstFileW( szDir, &file_data );
1919 if (hFind == INVALID_HANDLE_VALUE)
1922 len = MAX_PATH - len;
1925 memset( p, 0, len );
1927 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1930 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1931 lstrlenW(file_data.cFileName),
1941 while( FindNextFileW( hFind, &file_data ) != 0 );
1943 if (GetLastError() != ERROR_NO_MORE_FILES)
1948 #if defined(POLARSSL_HAVE_READDIR_R)
1951 struct dirent entry, *result = NULL;
1952 char entry_name[255];
1953 DIR *dir = opendir( path );
1958 while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
1960 if( result == NULL )
1963 snprintf( entry_name,
sizeof(entry_name),
"%s/%s", path, entry.d_name );
1965 i = stat( entry_name, &sb );
1973 if( !S_ISREG( sb.st_mode ) )
2004 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2009 memset( buf, 0, n + 1 );
2024 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2031 (
unsigned char *) pwd, strlen( pwd ) );
2033 memset( buf, 0, n + 1 );
2048 if ( (ret = load_file( path, &buf, &n ) ) != 0 )
2053 memset( buf, 0, n + 1 );
2063 static int x509parse_key_pkcs1_der(
rsa_context *rsa,
2064 const unsigned char *key,
2069 unsigned char *p, *end;
2071 p = (
unsigned char *) key;
2142 static int x509parse_key_pkcs8_unencrypted_der(
2144 const unsigned char *key,
2149 unsigned char *p, *end;
2152 p = (
unsigned char *) key;
2189 if( ( ret = x509_get_alg( &p, end, &pk_alg_oid ) ) != 0 )
2197 if( pk_alg_oid.
len != 9 ||
2209 if( ( end - p ) < 1 )
2217 if( ( ret = x509parse_key_pkcs1_der( rsa, p, end - p ) ) != 0 )
2226 static int x509parse_key_pkcs8_encrypted_der(
2228 const unsigned char *key,
2230 const unsigned char *pwd,
2235 unsigned char *p, *end, *end2;
2237 unsigned char buf[2048];
2239 memset(buf, 0, 2048);
2241 p = (
unsigned char *) key;
2281 p += pbe_alg_oid.
len;
2287 pbe_params.
len = end2 - p;
2288 p += pbe_params.
len;
2300 #if defined(POLARSSL_PKCS12_C)
2305 pwd, pwdlen, p, len, buf ) ) != 0 )
2317 pwd, pwdlen, p, len, buf ) ) != 0 )
2330 p, len, buf ) ) != 0 )
2343 #if defined(POLARSSL_PKCS5_C)
2347 p, len, buf ) ) != 0 )
2359 return x509parse_key_pkcs8_unencrypted_der( rsa, buf, len );
2366 const unsigned char *pwd,
size_t pwdlen )
2370 #if defined(POLARSSL_PEM_C)
2376 (
char *)
"-----BEGIN RSA PRIVATE KEY-----",
2377 (
char *)
"-----END RSA PRIVATE KEY-----",
2378 key, pwd, pwdlen, &len );
2381 if( ( ret = x509parse_key_pkcs1_der( rsa, pem.
buf, pem.
buflen ) ) != 0 )
2397 (
char *)
"-----BEGIN PRIVATE KEY-----",
2398 (
char *)
"-----END PRIVATE KEY-----",
2399 key, NULL, 0, &len );
2402 if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa,
2415 (
char *)
"-----BEGIN ENCRYPTED PRIVATE KEY-----",
2416 (
char *)
"-----END ENCRYPTED PRIVATE KEY-----",
2417 key, NULL, 0, &len );
2420 if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa,
2422 pwd, pwdlen ) ) != 0 )
2443 if( ( ret = x509parse_key_pkcs8_encrypted_der( rsa, key, keylen,
2444 pwd, pwdlen ) ) == 0 )
2456 if( ( ret = x509parse_key_pkcs8_unencrypted_der( rsa, key, keylen ) ) == 0 )
2461 if( ( ret = x509parse_key_pkcs1_der( rsa, key, keylen ) ) == 0 )
2476 unsigned char *p, *end;
2478 #if defined(POLARSSL_PEM_C)
2483 (
char *)
"-----BEGIN PUBLIC KEY-----",
2484 (
char *)
"-----END PUBLIC KEY-----",
2485 key, NULL, 0, &len );
2500 p = ( ret == 0 ) ? pem.
buf : (
unsigned char *) key;
2502 p = (
unsigned char *) key;
2526 #if defined(POLARSSL_PEM_C)
2533 if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->
N, &rsa->
E ) ) != 0 )
2535 #if defined(POLARSSL_PEM_C)
2544 #if defined(POLARSSL_PEM_C)
2553 #if defined(POLARSSL_PEM_C)
2560 #if defined(POLARSSL_DHM_C)
2568 unsigned char *p, *end;
2569 #if defined(POLARSSL_PEM_C)
2575 (
char *)
"-----BEGIN DH PARAMETERS-----",
2576 (
char *)
"-----END DH PARAMETERS-----",
2577 dhmin, NULL, 0, &dhminlen );
2592 p = ( ret == 0 ) ? pem.
buf : (
unsigned char *) dhmin;
2594 p = (
unsigned char *) dhmin;
2609 #if defined(POLARSSL_PEM_C)
2620 #if defined(POLARSSL_PEM_C)
2629 #if defined(POLARSSL_PEM_C)
2637 #if defined(POLARSSL_PEM_C)
2644 #if defined(POLARSSL_FS_IO)
2654 if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2659 memset( buf, 0, n + 1 );
2667 #if defined _MSC_VER && !defined snprintf
2670 #if !defined vsnprintf
2671 #define vsnprintf _vsnprintf
2681 int compat_snprintf(
char *str,
size_t size,
const char *format, ...)
2686 va_start( ap, format );
2688 res = vsnprintf( str, size, format, ap );
2694 return( (
int) size + 20 );
2699 #define snprintf compat_snprintf
2702 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2704 #define SAFE_SNPRINTF() \
2709 if ( (unsigned int) ret > n ) { \
2711 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2714 n -= (unsigned int) ret; \
2715 p += (unsigned int) ret; \
2730 memset( s, 0,
sizeof( s ) );
2736 while( name != NULL )
2746 ret = snprintf( p, n,
", " );
2750 if( name->
oid.
len == 3 &&
2753 switch( name->
oid.
p[2] )
2756 ret = snprintf( p, n,
"CN=" );
break;
2759 ret = snprintf( p, n,
"C=" );
break;
2762 ret = snprintf( p, n,
"L=" );
break;
2765 ret = snprintf( p, n,
"ST=" );
break;
2768 ret = snprintf( p, n,
"O=" );
break;
2771 ret = snprintf( p, n,
"OU=" );
break;
2774 ret = snprintf( p, n,
"0x%02X=",
2780 else if( name->
oid.
len == 9 &&
2783 switch( name->
oid.
p[8] )
2786 ret = snprintf( p, n,
"emailAddress=" );
break;
2789 ret = snprintf( p, n,
"0x%02X=",
2797 ret = snprintf( p, n,
"\?\?=" );
2801 for( i = 0; i < name->
val.
len; i++ )
2803 if( i >=
sizeof( s ) - 1 )
2807 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2812 ret = snprintf( p, n,
"%s", s );
2817 return( (
int) ( size - n ) );
2833 nr = ( serial->
len <= 32 )
2836 for( i = 0; i < nr; i++ )
2838 if( i == 0 && nr > 1 && serial->
p[i] == 0x0 )
2841 ret = snprintf( p, n,
"%02X%s",
2842 serial->
p[i], ( i < nr - 1 ) ?
":" :
"" );
2846 if( nr != serial->
len )
2848 ret = snprintf( p, n,
"...." );
2852 return( (
int) ( size - n ) );
2868 ret = snprintf( p, n,
"%scert. version : %d\n",
2871 ret = snprintf( p, n,
"%sserial number : ",
2878 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
2883 ret = snprintf( p, n,
"\n%ssubject name : ", prefix );
2888 ret = snprintf( p, n,
"\n%sissued on : " \
2889 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2895 ret = snprintf( p, n,
"\n%sexpires on : " \
2896 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2902 ret = snprintf( p, n,
"\n%ssigned using : RSA+", prefix );
2907 case SIG_RSA_MD2 : ret = snprintf( p, n,
"MD2" );
break;
2908 case SIG_RSA_MD4 : ret = snprintf( p, n,
"MD4" );
break;
2909 case SIG_RSA_MD5 : ret = snprintf( p, n,
"MD5" );
break;
2910 case SIG_RSA_SHA1 : ret = snprintf( p, n,
"SHA1" );
break;
2915 default: ret = snprintf( p, n,
"???" );
break;
2919 ret = snprintf( p, n,
"\n%sRSA key size : %d bits\n", prefix,
2920 (
int) crt->
rsa.
N.
n * (
int)
sizeof(
t_uint ) * 8 );
2923 return( (
int) ( size - n ) );
2969 ret = snprintf( p, n,
"%d.%d", oid->
p[0]/40, oid->
p[0]%40 );
2975 for( i = 1; i < oid->
len; i++ )
2978 value += oid->
p[i] & 0x7F;
2980 if( !( oid->
p[i] & 0x80 ) )
2983 ret = snprintf( p, n,
".%d", value );
2989 return( (
int) ( size - n ) );
3006 ret = snprintf( p, n,
"%sCRL version : %d",
3010 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
3015 ret = snprintf( p, n,
"\n%sthis update : " \
3016 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3022 ret = snprintf( p, n,
"\n%snext update : " \
3023 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
3029 entry = &crl->
entry;
3031 ret = snprintf( p, n,
"\n%sRevoked certificates:",
3035 while( entry != NULL && entry->
raw.
len != 0 )
3037 ret = snprintf( p, n,
"\n%sserial number: ",
3044 ret = snprintf( p, n,
" revocation date: " \
3045 "%04d-%02d-%02d %02d:%02d:%02d",
3051 entry = entry->
next;
3054 ret = snprintf( p, n,
"\n%ssigned using : RSA+", prefix );
3059 case SIG_RSA_MD2 : ret = snprintf( p, n,
"MD2" );
break;
3060 case SIG_RSA_MD4 : ret = snprintf( p, n,
"MD4" );
break;
3061 case SIG_RSA_MD5 : ret = snprintf( p, n,
"MD5" );
break;
3062 case SIG_RSA_SHA1 : ret = snprintf( p, n,
"SHA1" );
break;
3067 default: ret = snprintf( p, n,
"???" );
break;
3071 ret = snprintf( p, n,
"\n" );
3074 return( (
int) ( size - n ) );
3080 static void x509_get_current_time(
x509_time *now )
3087 now->
year = st.wYear;
3088 now->
mon = st.wMonth;
3090 now->
hour = st.wHour;
3091 now->
min = st.wMinute;
3092 now->
sec = st.wSecond;
3098 gmtime_r( &tt, < );
3100 now->
year = lt.tm_year + 1900;
3101 now->
mon = lt.tm_mon + 1;
3102 now->
day = lt.tm_mday;
3103 now->
hour = lt.tm_hour;
3104 now->
min = lt.tm_min;
3105 now->
sec = lt.tm_sec;
3118 before->
mon > after->
mon )
3122 before->
mon == after->
mon &&
3123 before->
day > after->
day )
3127 before->
mon == after->
mon &&
3128 before->
day == after->
day &&
3133 before->
mon == after->
mon &&
3134 before->
day == after->
day &&
3136 before->
min > after->
min )
3140 before->
mon == after->
mon &&
3141 before->
day == after->
day &&
3143 before->
min == after->
min &&
3144 before->
sec > after->
sec )
3154 x509_get_current_time( &now );
3156 return( x509_check_time( &now, to ) );
3163 x509_get_current_time( &now );
3165 return( x509_check_time( from, &now ) );
3175 while( cur != NULL && cur->
serial.
len != 0 )
3193 static void x509_hash(
const unsigned char *in,
size_t len,
int alg,
3194 unsigned char *out )
3198 #if defined(POLARSSL_MD2_C)
3201 #if defined(POLARSSL_MD4_C)
3204 #if defined(POLARSSL_MD5_C)
3207 #if defined(POLARSSL_SHA1_C)
3210 #if defined(POLARSSL_SHA2_C)
3214 #if defined(POLARSSL_SHA4_C)
3219 memset( out,
'\xFF', 64 );
3232 unsigned char hash[64];
3243 while( crl_list != NULL )
3250 crl_list = crl_list->
next;
3259 x509_hash( crl_list->
tbs.
p, crl_list->
tbs.
len, hash_id, hash );
3262 0, hash, crl_list->
sig.
p ) == 0 )
3289 crl_list = crl_list->
next;
3295 static int x509_name_cmp(
const void *s1,
const void *s2,
size_t len )
3299 const unsigned char *n1 = s1, *n2 = s2;
3301 for( i = 0; i < len; i++ )
3303 diff = n1[i] ^ n2[i];
3309 ( ( n1[i] >=
'a' && n1[i] <=
'z' ) ||
3310 ( n1[i] >=
'A' && n1[i] <=
'Z' ) ) )
3321 static int x509_wildcard_verify(
const char *cn,
x509_buf *name )
3326 if( name->
len < 3 || name->
p[0] !=
'*' || name->
p[1] !=
'.' )
3329 for( i = 0; i < strlen( cn ); ++i )
3341 if( strlen( cn ) - cn_idx == name->
len - 1 &&
3342 x509_name_cmp( name->
p + 1, cn + cn_idx, name->
len - 1 ) == 0 )
3350 static int x509parse_verify_top(
3352 x509_crl *ca_crl,
int path_cnt,
int *flags,
3353 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3357 int ca_flags = 0, check_path_cnt = path_cnt + 1;
3358 unsigned char hash[64];
3371 while( trust_ca != NULL )
3378 trust_ca = trust_ca->
next;
3396 trust_ca = trust_ca->
next;
3402 x509_hash( child->
tbs.
p, child->
tbs.
len, hash_id, hash );
3405 0, hash, child->
sig.
p ) != 0 )
3407 trust_ca = trust_ca->
next;
3423 if( trust_ca != NULL &&
3429 *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
3437 if( NULL != f_vrfy )
3439 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1, &ca_flags ) ) != 0 )
3445 if( NULL != f_vrfy )
3447 if( ( ret = f_vrfy(p_vrfy, child, path_cnt, flags ) ) != 0 )
3456 static int x509parse_verify_child(
3458 x509_crl *ca_crl,
int path_cnt,
int *flags,
3459 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3463 int parent_flags = 0;
3464 unsigned char hash[64];
3475 x509_hash( child->
tbs.
p, child->
tbs.
len, hash_id, hash );
3478 hash, child->
sig.
p ) != 0 )
3482 *flags |= x509parse_verifycrl(child, parent, ca_crl);
3484 grandparent = parent->
next;
3486 while( grandparent != NULL )
3488 if( grandparent->
version == 0 ||
3494 grandparent = grandparent->
next;
3500 if( grandparent != NULL )
3505 ret = x509parse_verify_child( parent, grandparent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3511 ret = x509parse_verify_top( parent, trust_ca, ca_crl, path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
3517 if( NULL != f_vrfy )
3518 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
3521 *flags |= parent_flags;
3532 const char *cn,
int *flags,
3533 int (*f_vrfy)(
void *,
x509_cert *,
int,
int *),
3548 cn_len = strlen( cn );
3554 while( cur != NULL )
3556 if( cur->
buf.
len == cn_len &&
3557 x509_name_cmp( cn, cur->
buf.
p, cn_len ) == 0 )
3561 memcmp( cur->
buf.
p,
"*.", 2 ) == 0 &&
3562 x509_wildcard_verify( cn, &cur->
buf ) )
3573 while( name != NULL )
3575 if( name->
oid.
len == 3 &&
3578 if( name->
val.
len == cn_len &&
3579 x509_name_cmp( name->
val.
p, cn, cn_len ) == 0 )
3583 memcmp( name->
val.
p,
"*.", 2 ) == 0 &&
3584 x509_wildcard_verify( cn, &name->
val ) )
3602 while( parent != NULL && parent->
version != 0 )
3609 parent = parent->
next;
3615 if( parent != NULL )
3620 ret = x509parse_verify_child( crt, parent, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3626 ret = x509parse_verify_top( crt, trust_ca, ca_crl, pathlen, flags, f_vrfy, p_vrfy );
3657 while( name_cur != NULL )
3659 name_prv = name_cur;
3660 name_cur = name_cur->
next;
3661 memset( name_prv, 0,
sizeof(
x509_name ) );
3666 while( name_cur != NULL )
3668 name_prv = name_cur;
3669 name_cur = name_cur->
next;
3670 memset( name_prv, 0,
sizeof(
x509_name ) );
3675 while( seq_cur != NULL )
3678 seq_cur = seq_cur->
next;
3684 while( seq_cur != NULL )
3687 seq_cur = seq_cur->
next;
3692 if( cert_cur->
raw.
p != NULL )
3694 memset( cert_cur->
raw.
p, 0, cert_cur->
raw.
len );
3695 free( cert_cur->
raw.
p );
3698 cert_cur = cert_cur->
next;
3700 while( cert_cur != NULL );
3705 cert_prv = cert_cur;
3706 cert_cur = cert_cur->
next;
3708 memset( cert_prv, 0,
sizeof(
x509_cert ) );
3709 if( cert_prv != crt )
3712 while( cert_cur != NULL );
3733 while( name_cur != NULL )
3735 name_prv = name_cur;
3736 name_cur = name_cur->
next;
3737 memset( name_prv, 0,
sizeof(
x509_name ) );
3742 while( entry_cur != NULL )
3744 entry_prv = entry_cur;
3745 entry_cur = entry_cur->
next;
3750 if( crl_cur->
raw.
p != NULL )
3752 memset( crl_cur->
raw.
p, 0, crl_cur->
raw.
len );
3753 free( crl_cur->
raw.
p );
3756 crl_cur = crl_cur->
next;
3758 while( crl_cur != NULL );
3764 crl_cur = crl_cur->
next;
3766 memset( crl_prv, 0,
sizeof(
x509_crl ) );
3767 if( crl_prv != crl )
3770 while( crl_cur != NULL );
3773 #if defined(POLARSSL_SELF_TEST)
3782 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3789 #if defined(POLARSSL_DHM_C)
3794 printf(
" X.509 certificate load: " );
3796 memset( &clicert, 0,
sizeof(
x509_cert ) );
3798 ret =
x509parse_crt( &clicert, (
const unsigned char *) test_cli_crt,
3799 strlen( test_cli_crt ) );
3803 printf(
"failed\n" );
3808 memset( &cacert, 0,
sizeof(
x509_cert ) );
3810 ret =
x509parse_crt( &cacert, (
const unsigned char *) test_ca_crt,
3811 strlen( test_ca_crt ) );
3815 printf(
"failed\n" );
3821 printf(
"passed\n X.509 private key load: " );
3823 i = strlen( test_ca_key );
3824 j = strlen( test_ca_pwd );
3829 (
const unsigned char *) test_ca_key, i,
3830 (
const unsigned char *) test_ca_pwd, j ) ) != 0 )
3833 printf(
"failed\n" );
3839 printf(
"passed\n X.509 signature verify: ");
3841 ret =
x509parse_verify( &clicert, &cacert, NULL,
"PolarSSL Client 2", &flags, NULL, NULL );
3845 printf(
"failed\n" );
3850 #if defined(POLARSSL_DHM_C)
3852 printf(
"passed\n X.509 DHM parameter load: " );
3854 i = strlen( test_dhm_params );
3855 j = strlen( test_ca_pwd );
3857 if( ( ret =
x509parse_dhm( &dhm, (
const unsigned char *) test_dhm_params, i ) ) != 0 )
3860 printf(
"failed\n" );
3866 printf(
"passed\n\n" );
3872 #if defined(POLARSSL_DHM_C)