Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
SSL/library/x509_crl.c@0:796d0f61a05b, 2018-09-27 (annotated)
- Committer:
- HannesTschofenig
- Date:
- Thu Sep 27 06:34:22 2018 +0000
- Revision:
- 0:796d0f61a05b
Example AES-GCM test program
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| HannesTschofenig | 0:796d0f61a05b | 1 | /* |
| HannesTschofenig | 0:796d0f61a05b | 2 | * X.509 certificate and private key decoding |
| HannesTschofenig | 0:796d0f61a05b | 3 | * |
| HannesTschofenig | 0:796d0f61a05b | 4 | * Copyright (C) 2006-2014, Brainspark B.V. |
| HannesTschofenig | 0:796d0f61a05b | 5 | * |
| HannesTschofenig | 0:796d0f61a05b | 6 | * This file is part of PolarSSL (http://www.polarssl.org) |
| HannesTschofenig | 0:796d0f61a05b | 7 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
| HannesTschofenig | 0:796d0f61a05b | 8 | * |
| HannesTschofenig | 0:796d0f61a05b | 9 | * All rights reserved. |
| HannesTschofenig | 0:796d0f61a05b | 10 | * |
| HannesTschofenig | 0:796d0f61a05b | 11 | * This program is free software; you can redistribute it and/or modify |
| HannesTschofenig | 0:796d0f61a05b | 12 | * it under the terms of the GNU General Public License as published by |
| HannesTschofenig | 0:796d0f61a05b | 13 | * the Free Software Foundation; either version 2 of the License, or |
| HannesTschofenig | 0:796d0f61a05b | 14 | * (at your option) any later version. |
| HannesTschofenig | 0:796d0f61a05b | 15 | * |
| HannesTschofenig | 0:796d0f61a05b | 16 | * This program is distributed in the hope that it will be useful, |
| HannesTschofenig | 0:796d0f61a05b | 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| HannesTschofenig | 0:796d0f61a05b | 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| HannesTschofenig | 0:796d0f61a05b | 19 | * GNU General Public License for more details. |
| HannesTschofenig | 0:796d0f61a05b | 20 | * |
| HannesTschofenig | 0:796d0f61a05b | 21 | * You should have received a copy of the GNU General Public License along |
| HannesTschofenig | 0:796d0f61a05b | 22 | * with this program; if not, write to the Free Software Foundation, Inc., |
| HannesTschofenig | 0:796d0f61a05b | 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| HannesTschofenig | 0:796d0f61a05b | 24 | */ |
| HannesTschofenig | 0:796d0f61a05b | 25 | /* |
| HannesTschofenig | 0:796d0f61a05b | 26 | * The ITU-T X.509 standard defines a certificate format for PKI. |
| HannesTschofenig | 0:796d0f61a05b | 27 | * |
| HannesTschofenig | 0:796d0f61a05b | 28 | * http://www.ietf.org/rfc/rfc3279.txt |
| HannesTschofenig | 0:796d0f61a05b | 29 | * http://www.ietf.org/rfc/rfc3280.txt |
| HannesTschofenig | 0:796d0f61a05b | 30 | * |
| HannesTschofenig | 0:796d0f61a05b | 31 | * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc |
| HannesTschofenig | 0:796d0f61a05b | 32 | * |
| HannesTschofenig | 0:796d0f61a05b | 33 | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf |
| HannesTschofenig | 0:796d0f61a05b | 34 | * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf |
| HannesTschofenig | 0:796d0f61a05b | 35 | */ |
| HannesTschofenig | 0:796d0f61a05b | 36 | |
| HannesTschofenig | 0:796d0f61a05b | 37 | #if !defined(POLARSSL_CONFIG_FILE) |
| HannesTschofenig | 0:796d0f61a05b | 38 | #include "polarssl/config.h" |
| HannesTschofenig | 0:796d0f61a05b | 39 | #else |
| HannesTschofenig | 0:796d0f61a05b | 40 | #include POLARSSL_CONFIG_FILE |
| HannesTschofenig | 0:796d0f61a05b | 41 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 42 | |
| HannesTschofenig | 0:796d0f61a05b | 43 | #if defined(POLARSSL_X509_CRL_PARSE_C) |
| HannesTschofenig | 0:796d0f61a05b | 44 | |
| HannesTschofenig | 0:796d0f61a05b | 45 | #include "polarssl/x509_crl.h" |
| HannesTschofenig | 0:796d0f61a05b | 46 | #include "polarssl/oid.h" |
| HannesTschofenig | 0:796d0f61a05b | 47 | #if defined(POLARSSL_PEM_PARSE_C) |
| HannesTschofenig | 0:796d0f61a05b | 48 | #include "polarssl/pem.h" |
| HannesTschofenig | 0:796d0f61a05b | 49 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 50 | |
| HannesTschofenig | 0:796d0f61a05b | 51 | #if defined(POLARSSL_PLATFORM_C) |
| HannesTschofenig | 0:796d0f61a05b | 52 | #include "polarssl/platform.h" |
| HannesTschofenig | 0:796d0f61a05b | 53 | #else |
| HannesTschofenig | 0:796d0f61a05b | 54 | #define polarssl_malloc malloc |
| HannesTschofenig | 0:796d0f61a05b | 55 | #define polarssl_free free |
| HannesTschofenig | 0:796d0f61a05b | 56 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 57 | |
| HannesTschofenig | 0:796d0f61a05b | 58 | #include <string.h> |
| HannesTschofenig | 0:796d0f61a05b | 59 | #include <stdlib.h> |
| HannesTschofenig | 0:796d0f61a05b | 60 | #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) |
| HannesTschofenig | 0:796d0f61a05b | 61 | |
| HannesTschofenig | 0:796d0f61a05b | 62 | #include <windows.h> |
| HannesTschofenig | 0:796d0f61a05b | 63 | #else |
| HannesTschofenig | 0:796d0f61a05b | 64 | #include <time.h> |
| HannesTschofenig | 0:796d0f61a05b | 65 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 66 | |
| HannesTschofenig | 0:796d0f61a05b | 67 | #if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32) |
| HannesTschofenig | 0:796d0f61a05b | 68 | #include <stdio.h> |
| HannesTschofenig | 0:796d0f61a05b | 69 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 70 | |
| HannesTschofenig | 0:796d0f61a05b | 71 | /* |
| HannesTschofenig | 0:796d0f61a05b | 72 | * Version ::= INTEGER { v1(0), v2(1) } |
| HannesTschofenig | 0:796d0f61a05b | 73 | */ |
| HannesTschofenig | 0:796d0f61a05b | 74 | static int x509_crl_get_version( unsigned char **p, |
| HannesTschofenig | 0:796d0f61a05b | 75 | const unsigned char *end, |
| HannesTschofenig | 0:796d0f61a05b | 76 | int *ver ) |
| HannesTschofenig | 0:796d0f61a05b | 77 | { |
| HannesTschofenig | 0:796d0f61a05b | 78 | int ret; |
| HannesTschofenig | 0:796d0f61a05b | 79 | |
| HannesTschofenig | 0:796d0f61a05b | 80 | if( ( ret = asn1_get_int( p, end, ver ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 81 | { |
| HannesTschofenig | 0:796d0f61a05b | 82 | if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) |
| HannesTschofenig | 0:796d0f61a05b | 83 | { |
| HannesTschofenig | 0:796d0f61a05b | 84 | *ver = 0; |
| HannesTschofenig | 0:796d0f61a05b | 85 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 86 | } |
| HannesTschofenig | 0:796d0f61a05b | 87 | |
| HannesTschofenig | 0:796d0f61a05b | 88 | return( POLARSSL_ERR_X509_INVALID_VERSION + ret ); |
| HannesTschofenig | 0:796d0f61a05b | 89 | } |
| HannesTschofenig | 0:796d0f61a05b | 90 | |
| HannesTschofenig | 0:796d0f61a05b | 91 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 92 | } |
| HannesTschofenig | 0:796d0f61a05b | 93 | |
| HannesTschofenig | 0:796d0f61a05b | 94 | /* |
| HannesTschofenig | 0:796d0f61a05b | 95 | * X.509 CRL v2 extensions (no extensions parsed yet.) |
| HannesTschofenig | 0:796d0f61a05b | 96 | */ |
| HannesTschofenig | 0:796d0f61a05b | 97 | static int x509_get_crl_ext( unsigned char **p, |
| HannesTschofenig | 0:796d0f61a05b | 98 | const unsigned char *end, |
| HannesTschofenig | 0:796d0f61a05b | 99 | x509_buf *ext ) |
| HannesTschofenig | 0:796d0f61a05b | 100 | { |
| HannesTschofenig | 0:796d0f61a05b | 101 | int ret; |
| HannesTschofenig | 0:796d0f61a05b | 102 | size_t len = 0; |
| HannesTschofenig | 0:796d0f61a05b | 103 | |
| HannesTschofenig | 0:796d0f61a05b | 104 | /* Get explicit tag */ |
| HannesTschofenig | 0:796d0f61a05b | 105 | if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 106 | { |
| HannesTschofenig | 0:796d0f61a05b | 107 | if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) |
| HannesTschofenig | 0:796d0f61a05b | 108 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 109 | |
| HannesTschofenig | 0:796d0f61a05b | 110 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 111 | } |
| HannesTschofenig | 0:796d0f61a05b | 112 | |
| HannesTschofenig | 0:796d0f61a05b | 113 | while( *p < end ) |
| HannesTschofenig | 0:796d0f61a05b | 114 | { |
| HannesTschofenig | 0:796d0f61a05b | 115 | if( ( ret = asn1_get_tag( p, end, &len, |
| HannesTschofenig | 0:796d0f61a05b | 116 | ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 117 | return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret ); |
| HannesTschofenig | 0:796d0f61a05b | 118 | |
| HannesTschofenig | 0:796d0f61a05b | 119 | *p += len; |
| HannesTschofenig | 0:796d0f61a05b | 120 | } |
| HannesTschofenig | 0:796d0f61a05b | 121 | |
| HannesTschofenig | 0:796d0f61a05b | 122 | if( *p != end ) |
| HannesTschofenig | 0:796d0f61a05b | 123 | return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + |
| HannesTschofenig | 0:796d0f61a05b | 124 | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); |
| HannesTschofenig | 0:796d0f61a05b | 125 | |
| HannesTschofenig | 0:796d0f61a05b | 126 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 127 | } |
| HannesTschofenig | 0:796d0f61a05b | 128 | |
| HannesTschofenig | 0:796d0f61a05b | 129 | /* |
| HannesTschofenig | 0:796d0f61a05b | 130 | * X.509 CRL v2 entry extensions (no extensions parsed yet.) |
| HannesTschofenig | 0:796d0f61a05b | 131 | */ |
| HannesTschofenig | 0:796d0f61a05b | 132 | static int x509_get_crl_entry_ext( unsigned char **p, |
| HannesTschofenig | 0:796d0f61a05b | 133 | const unsigned char *end, |
| HannesTschofenig | 0:796d0f61a05b | 134 | x509_buf *ext ) |
| HannesTschofenig | 0:796d0f61a05b | 135 | { |
| HannesTschofenig | 0:796d0f61a05b | 136 | int ret; |
| HannesTschofenig | 0:796d0f61a05b | 137 | size_t len = 0; |
| HannesTschofenig | 0:796d0f61a05b | 138 | |
| HannesTschofenig | 0:796d0f61a05b | 139 | /* OPTIONAL */ |
| HannesTschofenig | 0:796d0f61a05b | 140 | if (end <= *p) |
| HannesTschofenig | 0:796d0f61a05b | 141 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 142 | |
| HannesTschofenig | 0:796d0f61a05b | 143 | ext->tag = **p; |
| HannesTschofenig | 0:796d0f61a05b | 144 | ext->p = *p; |
| HannesTschofenig | 0:796d0f61a05b | 145 | |
| HannesTschofenig | 0:796d0f61a05b | 146 | /* |
| HannesTschofenig | 0:796d0f61a05b | 147 | * Get CRL-entry extension sequence header |
| HannesTschofenig | 0:796d0f61a05b | 148 | * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 |
| HannesTschofenig | 0:796d0f61a05b | 149 | */ |
| HannesTschofenig | 0:796d0f61a05b | 150 | if( ( ret = asn1_get_tag( p, end, &ext->len, |
| HannesTschofenig | 0:796d0f61a05b | 151 | ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 152 | { |
| HannesTschofenig | 0:796d0f61a05b | 153 | if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) |
| HannesTschofenig | 0:796d0f61a05b | 154 | { |
| HannesTschofenig | 0:796d0f61a05b | 155 | ext->p = NULL; |
| HannesTschofenig | 0:796d0f61a05b | 156 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 157 | } |
| HannesTschofenig | 0:796d0f61a05b | 158 | return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret ); |
| HannesTschofenig | 0:796d0f61a05b | 159 | } |
| HannesTschofenig | 0:796d0f61a05b | 160 | |
| HannesTschofenig | 0:796d0f61a05b | 161 | end = *p + ext->len; |
| HannesTschofenig | 0:796d0f61a05b | 162 | |
| HannesTschofenig | 0:796d0f61a05b | 163 | if( end != *p + ext->len ) |
| HannesTschofenig | 0:796d0f61a05b | 164 | return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + |
| HannesTschofenig | 0:796d0f61a05b | 165 | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); |
| HannesTschofenig | 0:796d0f61a05b | 166 | |
| HannesTschofenig | 0:796d0f61a05b | 167 | while( *p < end ) |
| HannesTschofenig | 0:796d0f61a05b | 168 | { |
| HannesTschofenig | 0:796d0f61a05b | 169 | if( ( ret = asn1_get_tag( p, end, &len, |
| HannesTschofenig | 0:796d0f61a05b | 170 | ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 171 | return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret ); |
| HannesTschofenig | 0:796d0f61a05b | 172 | |
| HannesTschofenig | 0:796d0f61a05b | 173 | *p += len; |
| HannesTschofenig | 0:796d0f61a05b | 174 | } |
| HannesTschofenig | 0:796d0f61a05b | 175 | |
| HannesTschofenig | 0:796d0f61a05b | 176 | if( *p != end ) |
| HannesTschofenig | 0:796d0f61a05b | 177 | return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + |
| HannesTschofenig | 0:796d0f61a05b | 178 | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); |
| HannesTschofenig | 0:796d0f61a05b | 179 | |
| HannesTschofenig | 0:796d0f61a05b | 180 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 181 | } |
| HannesTschofenig | 0:796d0f61a05b | 182 | |
| HannesTschofenig | 0:796d0f61a05b | 183 | /* |
| HannesTschofenig | 0:796d0f61a05b | 184 | * X.509 CRL Entries |
| HannesTschofenig | 0:796d0f61a05b | 185 | */ |
| HannesTschofenig | 0:796d0f61a05b | 186 | static int x509_get_entries( unsigned char **p, |
| HannesTschofenig | 0:796d0f61a05b | 187 | const unsigned char *end, |
| HannesTschofenig | 0:796d0f61a05b | 188 | x509_crl_entry *entry ) |
| HannesTschofenig | 0:796d0f61a05b | 189 | { |
| HannesTschofenig | 0:796d0f61a05b | 190 | int ret; |
| HannesTschofenig | 0:796d0f61a05b | 191 | size_t entry_len; |
| HannesTschofenig | 0:796d0f61a05b | 192 | x509_crl_entry *cur_entry = entry; |
| HannesTschofenig | 0:796d0f61a05b | 193 | |
| HannesTschofenig | 0:796d0f61a05b | 194 | if( *p == end ) |
| HannesTschofenig | 0:796d0f61a05b | 195 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 196 | |
| HannesTschofenig | 0:796d0f61a05b | 197 | if( ( ret = asn1_get_tag( p, end, &entry_len, |
| HannesTschofenig | 0:796d0f61a05b | 198 | ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 199 | { |
| HannesTschofenig | 0:796d0f61a05b | 200 | if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) |
| HannesTschofenig | 0:796d0f61a05b | 201 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 202 | |
| HannesTschofenig | 0:796d0f61a05b | 203 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 204 | } |
| HannesTschofenig | 0:796d0f61a05b | 205 | |
| HannesTschofenig | 0:796d0f61a05b | 206 | end = *p + entry_len; |
| HannesTschofenig | 0:796d0f61a05b | 207 | |
| HannesTschofenig | 0:796d0f61a05b | 208 | while( *p < end ) |
| HannesTschofenig | 0:796d0f61a05b | 209 | { |
| HannesTschofenig | 0:796d0f61a05b | 210 | size_t len2; |
| HannesTschofenig | 0:796d0f61a05b | 211 | const unsigned char *end2; |
| HannesTschofenig | 0:796d0f61a05b | 212 | |
| HannesTschofenig | 0:796d0f61a05b | 213 | if( ( ret = asn1_get_tag( p, end, &len2, |
| HannesTschofenig | 0:796d0f61a05b | 214 | ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 215 | { |
| HannesTschofenig | 0:796d0f61a05b | 216 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 217 | } |
| HannesTschofenig | 0:796d0f61a05b | 218 | |
| HannesTschofenig | 0:796d0f61a05b | 219 | cur_entry->raw.tag = **p; |
| HannesTschofenig | 0:796d0f61a05b | 220 | cur_entry->raw.p = *p; |
| HannesTschofenig | 0:796d0f61a05b | 221 | cur_entry->raw.len = len2; |
| HannesTschofenig | 0:796d0f61a05b | 222 | end2 = *p + len2; |
| HannesTschofenig | 0:796d0f61a05b | 223 | |
| HannesTschofenig | 0:796d0f61a05b | 224 | if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 225 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 226 | |
| HannesTschofenig | 0:796d0f61a05b | 227 | if( ( ret = x509_get_time( p, end2, |
| HannesTschofenig | 0:796d0f61a05b | 228 | &cur_entry->revocation_date ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 229 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 230 | |
| HannesTschofenig | 0:796d0f61a05b | 231 | if( ( ret = x509_get_crl_entry_ext( p, end2, |
| HannesTschofenig | 0:796d0f61a05b | 232 | &cur_entry->entry_ext ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 233 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 234 | |
| HannesTschofenig | 0:796d0f61a05b | 235 | if ( *p < end ) |
| HannesTschofenig | 0:796d0f61a05b | 236 | { |
| HannesTschofenig | 0:796d0f61a05b | 237 | cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) ); |
| HannesTschofenig | 0:796d0f61a05b | 238 | |
| HannesTschofenig | 0:796d0f61a05b | 239 | if( cur_entry->next == NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 240 | return( POLARSSL_ERR_X509_MALLOC_FAILED ); |
| HannesTschofenig | 0:796d0f61a05b | 241 | |
| HannesTschofenig | 0:796d0f61a05b | 242 | cur_entry = cur_entry->next; |
| HannesTschofenig | 0:796d0f61a05b | 243 | memset( cur_entry, 0, sizeof( x509_crl_entry ) ); |
| HannesTschofenig | 0:796d0f61a05b | 244 | } |
| HannesTschofenig | 0:796d0f61a05b | 245 | } |
| HannesTschofenig | 0:796d0f61a05b | 246 | |
| HannesTschofenig | 0:796d0f61a05b | 247 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 248 | } |
| HannesTschofenig | 0:796d0f61a05b | 249 | |
| HannesTschofenig | 0:796d0f61a05b | 250 | /* |
| HannesTschofenig | 0:796d0f61a05b | 251 | * Parse one or more CRLs and add them to the chained list |
| HannesTschofenig | 0:796d0f61a05b | 252 | */ |
| HannesTschofenig | 0:796d0f61a05b | 253 | int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) |
| HannesTschofenig | 0:796d0f61a05b | 254 | { |
| HannesTschofenig | 0:796d0f61a05b | 255 | int ret; |
| HannesTschofenig | 0:796d0f61a05b | 256 | size_t len; |
| HannesTschofenig | 0:796d0f61a05b | 257 | unsigned char *p, *end; |
| HannesTschofenig | 0:796d0f61a05b | 258 | x509_crl *crl; |
| HannesTschofenig | 0:796d0f61a05b | 259 | #if defined(POLARSSL_PEM_PARSE_C) |
| HannesTschofenig | 0:796d0f61a05b | 260 | size_t use_len; |
| HannesTschofenig | 0:796d0f61a05b | 261 | pem_context pem; |
| HannesTschofenig | 0:796d0f61a05b | 262 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 263 | |
| HannesTschofenig | 0:796d0f61a05b | 264 | crl = chain; |
| HannesTschofenig | 0:796d0f61a05b | 265 | |
| HannesTschofenig | 0:796d0f61a05b | 266 | /* |
| HannesTschofenig | 0:796d0f61a05b | 267 | * Check for valid input |
| HannesTschofenig | 0:796d0f61a05b | 268 | */ |
| HannesTschofenig | 0:796d0f61a05b | 269 | if( crl == NULL || buf == NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 270 | return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); |
| HannesTschofenig | 0:796d0f61a05b | 271 | |
| HannesTschofenig | 0:796d0f61a05b | 272 | while( crl->version != 0 && crl->next != NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 273 | crl = crl->next; |
| HannesTschofenig | 0:796d0f61a05b | 274 | |
| HannesTschofenig | 0:796d0f61a05b | 275 | /* |
| HannesTschofenig | 0:796d0f61a05b | 276 | * Add new CRL on the end of the chain if needed. |
| HannesTschofenig | 0:796d0f61a05b | 277 | */ |
| HannesTschofenig | 0:796d0f61a05b | 278 | if ( crl->version != 0 && crl->next == NULL) |
| HannesTschofenig | 0:796d0f61a05b | 279 | { |
| HannesTschofenig | 0:796d0f61a05b | 280 | crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) ); |
| HannesTschofenig | 0:796d0f61a05b | 281 | |
| HannesTschofenig | 0:796d0f61a05b | 282 | if( crl->next == NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 283 | { |
| HannesTschofenig | 0:796d0f61a05b | 284 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 285 | return( POLARSSL_ERR_X509_MALLOC_FAILED ); |
| HannesTschofenig | 0:796d0f61a05b | 286 | } |
| HannesTschofenig | 0:796d0f61a05b | 287 | |
| HannesTschofenig | 0:796d0f61a05b | 288 | crl = crl->next; |
| HannesTschofenig | 0:796d0f61a05b | 289 | x509_crl_init( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 290 | } |
| HannesTschofenig | 0:796d0f61a05b | 291 | |
| HannesTschofenig | 0:796d0f61a05b | 292 | #if defined(POLARSSL_PEM_PARSE_C) |
| HannesTschofenig | 0:796d0f61a05b | 293 | pem_init( &pem ); |
| HannesTschofenig | 0:796d0f61a05b | 294 | ret = pem_read_buffer( &pem, |
| HannesTschofenig | 0:796d0f61a05b | 295 | "-----BEGIN X509 CRL-----", |
| HannesTschofenig | 0:796d0f61a05b | 296 | "-----END X509 CRL-----", |
| HannesTschofenig | 0:796d0f61a05b | 297 | buf, NULL, 0, &use_len ); |
| HannesTschofenig | 0:796d0f61a05b | 298 | |
| HannesTschofenig | 0:796d0f61a05b | 299 | if( ret == 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 300 | { |
| HannesTschofenig | 0:796d0f61a05b | 301 | /* |
| HannesTschofenig | 0:796d0f61a05b | 302 | * Was PEM encoded |
| HannesTschofenig | 0:796d0f61a05b | 303 | */ |
| HannesTschofenig | 0:796d0f61a05b | 304 | buflen -= use_len; |
| HannesTschofenig | 0:796d0f61a05b | 305 | buf += use_len; |
| HannesTschofenig | 0:796d0f61a05b | 306 | |
| HannesTschofenig | 0:796d0f61a05b | 307 | /* |
| HannesTschofenig | 0:796d0f61a05b | 308 | * Steal PEM buffer |
| HannesTschofenig | 0:796d0f61a05b | 309 | */ |
| HannesTschofenig | 0:796d0f61a05b | 310 | p = pem.buf; |
| HannesTschofenig | 0:796d0f61a05b | 311 | pem.buf = NULL; |
| HannesTschofenig | 0:796d0f61a05b | 312 | len = pem.buflen; |
| HannesTschofenig | 0:796d0f61a05b | 313 | pem_free( &pem ); |
| HannesTschofenig | 0:796d0f61a05b | 314 | } |
| HannesTschofenig | 0:796d0f61a05b | 315 | else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) |
| HannesTschofenig | 0:796d0f61a05b | 316 | { |
| HannesTschofenig | 0:796d0f61a05b | 317 | pem_free( &pem ); |
| HannesTschofenig | 0:796d0f61a05b | 318 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 319 | } |
| HannesTschofenig | 0:796d0f61a05b | 320 | else |
| HannesTschofenig | 0:796d0f61a05b | 321 | #endif /* POLARSSL_PEM_PARSE_C */ |
| HannesTschofenig | 0:796d0f61a05b | 322 | { |
| HannesTschofenig | 0:796d0f61a05b | 323 | /* |
| HannesTschofenig | 0:796d0f61a05b | 324 | * nope, copy the raw DER data |
| HannesTschofenig | 0:796d0f61a05b | 325 | */ |
| HannesTschofenig | 0:796d0f61a05b | 326 | p = (unsigned char *) polarssl_malloc( len = buflen ); |
| HannesTschofenig | 0:796d0f61a05b | 327 | |
| HannesTschofenig | 0:796d0f61a05b | 328 | if( p == NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 329 | return( POLARSSL_ERR_X509_MALLOC_FAILED ); |
| HannesTschofenig | 0:796d0f61a05b | 330 | |
| HannesTschofenig | 0:796d0f61a05b | 331 | memcpy( p, buf, buflen ); |
| HannesTschofenig | 0:796d0f61a05b | 332 | |
| HannesTschofenig | 0:796d0f61a05b | 333 | buflen = 0; |
| HannesTschofenig | 0:796d0f61a05b | 334 | } |
| HannesTschofenig | 0:796d0f61a05b | 335 | |
| HannesTschofenig | 0:796d0f61a05b | 336 | crl->raw.p = p; |
| HannesTschofenig | 0:796d0f61a05b | 337 | crl->raw.len = len; |
| HannesTschofenig | 0:796d0f61a05b | 338 | end = p + len; |
| HannesTschofenig | 0:796d0f61a05b | 339 | |
| HannesTschofenig | 0:796d0f61a05b | 340 | /* |
| HannesTschofenig | 0:796d0f61a05b | 341 | * CertificateList ::= SEQUENCE { |
| HannesTschofenig | 0:796d0f61a05b | 342 | * tbsCertList TBSCertList, |
| HannesTschofenig | 0:796d0f61a05b | 343 | * signatureAlgorithm AlgorithmIdentifier, |
| HannesTschofenig | 0:796d0f61a05b | 344 | * signatureValue BIT STRING } |
| HannesTschofenig | 0:796d0f61a05b | 345 | */ |
| HannesTschofenig | 0:796d0f61a05b | 346 | if( ( ret = asn1_get_tag( &p, end, &len, |
| HannesTschofenig | 0:796d0f61a05b | 347 | ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 348 | { |
| HannesTschofenig | 0:796d0f61a05b | 349 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 350 | return( POLARSSL_ERR_X509_INVALID_FORMAT ); |
| HannesTschofenig | 0:796d0f61a05b | 351 | } |
| HannesTschofenig | 0:796d0f61a05b | 352 | |
| HannesTschofenig | 0:796d0f61a05b | 353 | if( len != (size_t) ( end - p ) ) |
| HannesTschofenig | 0:796d0f61a05b | 354 | { |
| HannesTschofenig | 0:796d0f61a05b | 355 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 356 | return( POLARSSL_ERR_X509_INVALID_FORMAT + |
| HannesTschofenig | 0:796d0f61a05b | 357 | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); |
| HannesTschofenig | 0:796d0f61a05b | 358 | } |
| HannesTschofenig | 0:796d0f61a05b | 359 | |
| HannesTschofenig | 0:796d0f61a05b | 360 | /* |
| HannesTschofenig | 0:796d0f61a05b | 361 | * TBSCertList ::= SEQUENCE { |
| HannesTschofenig | 0:796d0f61a05b | 362 | */ |
| HannesTschofenig | 0:796d0f61a05b | 363 | crl->tbs.p = p; |
| HannesTschofenig | 0:796d0f61a05b | 364 | |
| HannesTschofenig | 0:796d0f61a05b | 365 | if( ( ret = asn1_get_tag( &p, end, &len, |
| HannesTschofenig | 0:796d0f61a05b | 366 | ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 367 | { |
| HannesTschofenig | 0:796d0f61a05b | 368 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 369 | return( POLARSSL_ERR_X509_INVALID_FORMAT + ret ); |
| HannesTschofenig | 0:796d0f61a05b | 370 | } |
| HannesTschofenig | 0:796d0f61a05b | 371 | |
| HannesTschofenig | 0:796d0f61a05b | 372 | end = p + len; |
| HannesTschofenig | 0:796d0f61a05b | 373 | crl->tbs.len = end - crl->tbs.p; |
| HannesTschofenig | 0:796d0f61a05b | 374 | |
| HannesTschofenig | 0:796d0f61a05b | 375 | /* |
| HannesTschofenig | 0:796d0f61a05b | 376 | * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } |
| HannesTschofenig | 0:796d0f61a05b | 377 | * -- if present, MUST be v2 |
| HannesTschofenig | 0:796d0f61a05b | 378 | * |
| HannesTschofenig | 0:796d0f61a05b | 379 | * signature AlgorithmIdentifier |
| HannesTschofenig | 0:796d0f61a05b | 380 | */ |
| HannesTschofenig | 0:796d0f61a05b | 381 | if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || |
| HannesTschofenig | 0:796d0f61a05b | 382 | ( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 383 | { |
| HannesTschofenig | 0:796d0f61a05b | 384 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 385 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 386 | } |
| HannesTschofenig | 0:796d0f61a05b | 387 | |
| HannesTschofenig | 0:796d0f61a05b | 388 | crl->version++; |
| HannesTschofenig | 0:796d0f61a05b | 389 | |
| HannesTschofenig | 0:796d0f61a05b | 390 | if( crl->version > 2 ) |
| HannesTschofenig | 0:796d0f61a05b | 391 | { |
| HannesTschofenig | 0:796d0f61a05b | 392 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 393 | return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); |
| HannesTschofenig | 0:796d0f61a05b | 394 | } |
| HannesTschofenig | 0:796d0f61a05b | 395 | |
| HannesTschofenig | 0:796d0f61a05b | 396 | if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md, |
| HannesTschofenig | 0:796d0f61a05b | 397 | &crl->sig_pk ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 398 | { |
| HannesTschofenig | 0:796d0f61a05b | 399 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 400 | return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); |
| HannesTschofenig | 0:796d0f61a05b | 401 | } |
| HannesTschofenig | 0:796d0f61a05b | 402 | |
| HannesTschofenig | 0:796d0f61a05b | 403 | /* |
| HannesTschofenig | 0:796d0f61a05b | 404 | * issuer Name |
| HannesTschofenig | 0:796d0f61a05b | 405 | */ |
| HannesTschofenig | 0:796d0f61a05b | 406 | crl->issuer_raw.p = p; |
| HannesTschofenig | 0:796d0f61a05b | 407 | |
| HannesTschofenig | 0:796d0f61a05b | 408 | if( ( ret = asn1_get_tag( &p, end, &len, |
| HannesTschofenig | 0:796d0f61a05b | 409 | ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 410 | { |
| HannesTschofenig | 0:796d0f61a05b | 411 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 412 | return( POLARSSL_ERR_X509_INVALID_FORMAT + ret ); |
| HannesTschofenig | 0:796d0f61a05b | 413 | } |
| HannesTschofenig | 0:796d0f61a05b | 414 | |
| HannesTschofenig | 0:796d0f61a05b | 415 | if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 416 | { |
| HannesTschofenig | 0:796d0f61a05b | 417 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 418 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 419 | } |
| HannesTschofenig | 0:796d0f61a05b | 420 | |
| HannesTschofenig | 0:796d0f61a05b | 421 | crl->issuer_raw.len = p - crl->issuer_raw.p; |
| HannesTschofenig | 0:796d0f61a05b | 422 | |
| HannesTschofenig | 0:796d0f61a05b | 423 | /* |
| HannesTschofenig | 0:796d0f61a05b | 424 | * thisUpdate Time |
| HannesTschofenig | 0:796d0f61a05b | 425 | * nextUpdate Time OPTIONAL |
| HannesTschofenig | 0:796d0f61a05b | 426 | */ |
| HannesTschofenig | 0:796d0f61a05b | 427 | if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 428 | { |
| HannesTschofenig | 0:796d0f61a05b | 429 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 430 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 431 | } |
| HannesTschofenig | 0:796d0f61a05b | 432 | |
| HannesTschofenig | 0:796d0f61a05b | 433 | if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 434 | { |
| HannesTschofenig | 0:796d0f61a05b | 435 | if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE + |
| HannesTschofenig | 0:796d0f61a05b | 436 | POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) && |
| HannesTschofenig | 0:796d0f61a05b | 437 | ret != ( POLARSSL_ERR_X509_INVALID_DATE + |
| HannesTschofenig | 0:796d0f61a05b | 438 | POLARSSL_ERR_ASN1_OUT_OF_DATA ) ) |
| HannesTschofenig | 0:796d0f61a05b | 439 | { |
| HannesTschofenig | 0:796d0f61a05b | 440 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 441 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 442 | } |
| HannesTschofenig | 0:796d0f61a05b | 443 | } |
| HannesTschofenig | 0:796d0f61a05b | 444 | |
| HannesTschofenig | 0:796d0f61a05b | 445 | /* |
| HannesTschofenig | 0:796d0f61a05b | 446 | * revokedCertificates SEQUENCE OF SEQUENCE { |
| HannesTschofenig | 0:796d0f61a05b | 447 | * userCertificate CertificateSerialNumber, |
| HannesTschofenig | 0:796d0f61a05b | 448 | * revocationDate Time, |
| HannesTschofenig | 0:796d0f61a05b | 449 | * crlEntryExtensions Extensions OPTIONAL |
| HannesTschofenig | 0:796d0f61a05b | 450 | * -- if present, MUST be v2 |
| HannesTschofenig | 0:796d0f61a05b | 451 | * } OPTIONAL |
| HannesTschofenig | 0:796d0f61a05b | 452 | */ |
| HannesTschofenig | 0:796d0f61a05b | 453 | if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 454 | { |
| HannesTschofenig | 0:796d0f61a05b | 455 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 456 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 457 | } |
| HannesTschofenig | 0:796d0f61a05b | 458 | |
| HannesTschofenig | 0:796d0f61a05b | 459 | /* |
| HannesTschofenig | 0:796d0f61a05b | 460 | * crlExtensions EXPLICIT Extensions OPTIONAL |
| HannesTschofenig | 0:796d0f61a05b | 461 | * -- if present, MUST be v2 |
| HannesTschofenig | 0:796d0f61a05b | 462 | */ |
| HannesTschofenig | 0:796d0f61a05b | 463 | if( crl->version == 2 ) |
| HannesTschofenig | 0:796d0f61a05b | 464 | { |
| HannesTschofenig | 0:796d0f61a05b | 465 | ret = x509_get_crl_ext( &p, end, &crl->crl_ext ); |
| HannesTschofenig | 0:796d0f61a05b | 466 | |
| HannesTschofenig | 0:796d0f61a05b | 467 | if( ret != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 468 | { |
| HannesTschofenig | 0:796d0f61a05b | 469 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 470 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 471 | } |
| HannesTschofenig | 0:796d0f61a05b | 472 | } |
| HannesTschofenig | 0:796d0f61a05b | 473 | |
| HannesTschofenig | 0:796d0f61a05b | 474 | if( p != end ) |
| HannesTschofenig | 0:796d0f61a05b | 475 | { |
| HannesTschofenig | 0:796d0f61a05b | 476 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 477 | return( POLARSSL_ERR_X509_INVALID_FORMAT + |
| HannesTschofenig | 0:796d0f61a05b | 478 | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); |
| HannesTschofenig | 0:796d0f61a05b | 479 | } |
| HannesTschofenig | 0:796d0f61a05b | 480 | |
| HannesTschofenig | 0:796d0f61a05b | 481 | end = crl->raw.p + crl->raw.len; |
| HannesTschofenig | 0:796d0f61a05b | 482 | |
| HannesTschofenig | 0:796d0f61a05b | 483 | /* |
| HannesTschofenig | 0:796d0f61a05b | 484 | * signatureAlgorithm AlgorithmIdentifier, |
| HannesTschofenig | 0:796d0f61a05b | 485 | * signatureValue BIT STRING |
| HannesTschofenig | 0:796d0f61a05b | 486 | */ |
| HannesTschofenig | 0:796d0f61a05b | 487 | if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 488 | { |
| HannesTschofenig | 0:796d0f61a05b | 489 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 490 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 491 | } |
| HannesTschofenig | 0:796d0f61a05b | 492 | |
| HannesTschofenig | 0:796d0f61a05b | 493 | if( crl->sig_oid1.len != crl->sig_oid2.len || |
| HannesTschofenig | 0:796d0f61a05b | 494 | memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 495 | { |
| HannesTschofenig | 0:796d0f61a05b | 496 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 497 | return( POLARSSL_ERR_X509_SIG_MISMATCH ); |
| HannesTschofenig | 0:796d0f61a05b | 498 | } |
| HannesTschofenig | 0:796d0f61a05b | 499 | |
| HannesTschofenig | 0:796d0f61a05b | 500 | if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 501 | { |
| HannesTschofenig | 0:796d0f61a05b | 502 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 503 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 504 | } |
| HannesTschofenig | 0:796d0f61a05b | 505 | |
| HannesTschofenig | 0:796d0f61a05b | 506 | if( p != end ) |
| HannesTschofenig | 0:796d0f61a05b | 507 | { |
| HannesTschofenig | 0:796d0f61a05b | 508 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 509 | return( POLARSSL_ERR_X509_INVALID_FORMAT + |
| HannesTschofenig | 0:796d0f61a05b | 510 | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); |
| HannesTschofenig | 0:796d0f61a05b | 511 | } |
| HannesTschofenig | 0:796d0f61a05b | 512 | |
| HannesTschofenig | 0:796d0f61a05b | 513 | if( buflen > 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 514 | { |
| HannesTschofenig | 0:796d0f61a05b | 515 | crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) ); |
| HannesTschofenig | 0:796d0f61a05b | 516 | |
| HannesTschofenig | 0:796d0f61a05b | 517 | if( crl->next == NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 518 | { |
| HannesTschofenig | 0:796d0f61a05b | 519 | x509_crl_free( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 520 | return( POLARSSL_ERR_X509_MALLOC_FAILED ); |
| HannesTschofenig | 0:796d0f61a05b | 521 | } |
| HannesTschofenig | 0:796d0f61a05b | 522 | |
| HannesTschofenig | 0:796d0f61a05b | 523 | crl = crl->next; |
| HannesTschofenig | 0:796d0f61a05b | 524 | x509_crl_init( crl ); |
| HannesTschofenig | 0:796d0f61a05b | 525 | |
| HannesTschofenig | 0:796d0f61a05b | 526 | return( x509_crl_parse( crl, buf, buflen ) ); |
| HannesTschofenig | 0:796d0f61a05b | 527 | } |
| HannesTschofenig | 0:796d0f61a05b | 528 | |
| HannesTschofenig | 0:796d0f61a05b | 529 | return( 0 ); |
| HannesTschofenig | 0:796d0f61a05b | 530 | } |
| HannesTschofenig | 0:796d0f61a05b | 531 | |
| HannesTschofenig | 0:796d0f61a05b | 532 | #if defined(POLARSSL_FS_IO) |
| HannesTschofenig | 0:796d0f61a05b | 533 | /* |
| HannesTschofenig | 0:796d0f61a05b | 534 | * Load one or more CRLs and add them to the chained list |
| HannesTschofenig | 0:796d0f61a05b | 535 | */ |
| HannesTschofenig | 0:796d0f61a05b | 536 | int x509_crl_parse_file( x509_crl *chain, const char *path ) |
| HannesTschofenig | 0:796d0f61a05b | 537 | { |
| HannesTschofenig | 0:796d0f61a05b | 538 | int ret; |
| HannesTschofenig | 0:796d0f61a05b | 539 | size_t n; |
| HannesTschofenig | 0:796d0f61a05b | 540 | unsigned char *buf; |
| HannesTschofenig | 0:796d0f61a05b | 541 | |
| HannesTschofenig | 0:796d0f61a05b | 542 | if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 543 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 544 | |
| HannesTschofenig | 0:796d0f61a05b | 545 | ret = x509_crl_parse( chain, buf, n ); |
| HannesTschofenig | 0:796d0f61a05b | 546 | |
| HannesTschofenig | 0:796d0f61a05b | 547 | memset( buf, 0, n + 1 ); |
| HannesTschofenig | 0:796d0f61a05b | 548 | polarssl_free( buf ); |
| HannesTschofenig | 0:796d0f61a05b | 549 | |
| HannesTschofenig | 0:796d0f61a05b | 550 | return( ret ); |
| HannesTschofenig | 0:796d0f61a05b | 551 | } |
| HannesTschofenig | 0:796d0f61a05b | 552 | #endif /* POLARSSL_FS_IO */ |
| HannesTschofenig | 0:796d0f61a05b | 553 | |
| HannesTschofenig | 0:796d0f61a05b | 554 | #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ |
| HannesTschofenig | 0:796d0f61a05b | 555 | !defined(EFI32) |
| HannesTschofenig | 0:796d0f61a05b | 556 | #include <stdarg.h> |
| HannesTschofenig | 0:796d0f61a05b | 557 | |
| HannesTschofenig | 0:796d0f61a05b | 558 | #if !defined vsnprintf |
| HannesTschofenig | 0:796d0f61a05b | 559 | #define vsnprintf _vsnprintf |
| HannesTschofenig | 0:796d0f61a05b | 560 | #endif // vsnprintf |
| HannesTschofenig | 0:796d0f61a05b | 561 | |
| HannesTschofenig | 0:796d0f61a05b | 562 | /* |
| HannesTschofenig | 0:796d0f61a05b | 563 | * Windows _snprintf and _vsnprintf are not compatible to linux versions. |
| HannesTschofenig | 0:796d0f61a05b | 564 | * Result value is not size of buffer needed, but -1 if no fit is possible. |
| HannesTschofenig | 0:796d0f61a05b | 565 | * |
| HannesTschofenig | 0:796d0f61a05b | 566 | * This fuction tries to 'fix' this by at least suggesting enlarging the |
| HannesTschofenig | 0:796d0f61a05b | 567 | * size by 20. |
| HannesTschofenig | 0:796d0f61a05b | 568 | */ |
| HannesTschofenig | 0:796d0f61a05b | 569 | static int compat_snprintf(char *str, size_t size, const char *format, ...) |
| HannesTschofenig | 0:796d0f61a05b | 570 | { |
| HannesTschofenig | 0:796d0f61a05b | 571 | va_list ap; |
| HannesTschofenig | 0:796d0f61a05b | 572 | int res = -1; |
| HannesTschofenig | 0:796d0f61a05b | 573 | |
| HannesTschofenig | 0:796d0f61a05b | 574 | va_start( ap, format ); |
| HannesTschofenig | 0:796d0f61a05b | 575 | |
| HannesTschofenig | 0:796d0f61a05b | 576 | res = vsnprintf( str, size, format, ap ); |
| HannesTschofenig | 0:796d0f61a05b | 577 | |
| HannesTschofenig | 0:796d0f61a05b | 578 | va_end( ap ); |
| HannesTschofenig | 0:796d0f61a05b | 579 | |
| HannesTschofenig | 0:796d0f61a05b | 580 | // No quick fix possible |
| HannesTschofenig | 0:796d0f61a05b | 581 | if ( res < 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 582 | return( (int) size + 20 ); |
| HannesTschofenig | 0:796d0f61a05b | 583 | |
| HannesTschofenig | 0:796d0f61a05b | 584 | return res; |
| HannesTschofenig | 0:796d0f61a05b | 585 | } |
| HannesTschofenig | 0:796d0f61a05b | 586 | |
| HannesTschofenig | 0:796d0f61a05b | 587 | #define snprintf compat_snprintf |
| HannesTschofenig | 0:796d0f61a05b | 588 | #endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */ |
| HannesTschofenig | 0:796d0f61a05b | 589 | |
| HannesTschofenig | 0:796d0f61a05b | 590 | #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2 |
| HannesTschofenig | 0:796d0f61a05b | 591 | |
| HannesTschofenig | 0:796d0f61a05b | 592 | #define SAFE_SNPRINTF() \ |
| HannesTschofenig | 0:796d0f61a05b | 593 | { \ |
| HannesTschofenig | 0:796d0f61a05b | 594 | if( ret == -1 ) \ |
| HannesTschofenig | 0:796d0f61a05b | 595 | return( -1 ); \ |
| HannesTschofenig | 0:796d0f61a05b | 596 | \ |
| HannesTschofenig | 0:796d0f61a05b | 597 | if ( (unsigned int) ret > n ) { \ |
| HannesTschofenig | 0:796d0f61a05b | 598 | p[n - 1] = '\0'; \ |
| HannesTschofenig | 0:796d0f61a05b | 599 | return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\ |
| HannesTschofenig | 0:796d0f61a05b | 600 | } \ |
| HannesTschofenig | 0:796d0f61a05b | 601 | \ |
| HannesTschofenig | 0:796d0f61a05b | 602 | n -= (unsigned int) ret; \ |
| HannesTschofenig | 0:796d0f61a05b | 603 | p += (unsigned int) ret; \ |
| HannesTschofenig | 0:796d0f61a05b | 604 | } |
| HannesTschofenig | 0:796d0f61a05b | 605 | |
| HannesTschofenig | 0:796d0f61a05b | 606 | /* |
| HannesTschofenig | 0:796d0f61a05b | 607 | * Return an informational string about the certificate. |
| HannesTschofenig | 0:796d0f61a05b | 608 | */ |
| HannesTschofenig | 0:796d0f61a05b | 609 | #define BEFORE_COLON 14 |
| HannesTschofenig | 0:796d0f61a05b | 610 | #define BC "14" |
| HannesTschofenig | 0:796d0f61a05b | 611 | /* |
| HannesTschofenig | 0:796d0f61a05b | 612 | * Return an informational string about the CRL. |
| HannesTschofenig | 0:796d0f61a05b | 613 | */ |
| HannesTschofenig | 0:796d0f61a05b | 614 | int x509_crl_info( char *buf, size_t size, const char *prefix, |
| HannesTschofenig | 0:796d0f61a05b | 615 | const x509_crl *crl ) |
| HannesTschofenig | 0:796d0f61a05b | 616 | { |
| HannesTschofenig | 0:796d0f61a05b | 617 | int ret; |
| HannesTschofenig | 0:796d0f61a05b | 618 | size_t n; |
| HannesTschofenig | 0:796d0f61a05b | 619 | char *p; |
| HannesTschofenig | 0:796d0f61a05b | 620 | const char *desc; |
| HannesTschofenig | 0:796d0f61a05b | 621 | const x509_crl_entry *entry; |
| HannesTschofenig | 0:796d0f61a05b | 622 | |
| HannesTschofenig | 0:796d0f61a05b | 623 | p = buf; |
| HannesTschofenig | 0:796d0f61a05b | 624 | n = size; |
| HannesTschofenig | 0:796d0f61a05b | 625 | |
| HannesTschofenig | 0:796d0f61a05b | 626 | ret = snprintf( p, n, "%sCRL version : %d", |
| HannesTschofenig | 0:796d0f61a05b | 627 | prefix, crl->version ); |
| HannesTschofenig | 0:796d0f61a05b | 628 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 629 | |
| HannesTschofenig | 0:796d0f61a05b | 630 | ret = snprintf( p, n, "\n%sissuer name : ", prefix ); |
| HannesTschofenig | 0:796d0f61a05b | 631 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 632 | ret = x509_dn_gets( p, n, &crl->issuer ); |
| HannesTschofenig | 0:796d0f61a05b | 633 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 634 | |
| HannesTschofenig | 0:796d0f61a05b | 635 | ret = snprintf( p, n, "\n%sthis update : " \ |
| HannesTschofenig | 0:796d0f61a05b | 636 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, |
| HannesTschofenig | 0:796d0f61a05b | 637 | crl->this_update.year, crl->this_update.mon, |
| HannesTschofenig | 0:796d0f61a05b | 638 | crl->this_update.day, crl->this_update.hour, |
| HannesTschofenig | 0:796d0f61a05b | 639 | crl->this_update.min, crl->this_update.sec ); |
| HannesTschofenig | 0:796d0f61a05b | 640 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 641 | |
| HannesTschofenig | 0:796d0f61a05b | 642 | ret = snprintf( p, n, "\n%snext update : " \ |
| HannesTschofenig | 0:796d0f61a05b | 643 | "%04d-%02d-%02d %02d:%02d:%02d", prefix, |
| HannesTschofenig | 0:796d0f61a05b | 644 | crl->next_update.year, crl->next_update.mon, |
| HannesTschofenig | 0:796d0f61a05b | 645 | crl->next_update.day, crl->next_update.hour, |
| HannesTschofenig | 0:796d0f61a05b | 646 | crl->next_update.min, crl->next_update.sec ); |
| HannesTschofenig | 0:796d0f61a05b | 647 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 648 | |
| HannesTschofenig | 0:796d0f61a05b | 649 | entry = &crl->entry; |
| HannesTschofenig | 0:796d0f61a05b | 650 | |
| HannesTschofenig | 0:796d0f61a05b | 651 | ret = snprintf( p, n, "\n%sRevoked certificates:", |
| HannesTschofenig | 0:796d0f61a05b | 652 | prefix ); |
| HannesTschofenig | 0:796d0f61a05b | 653 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 654 | |
| HannesTschofenig | 0:796d0f61a05b | 655 | while( entry != NULL && entry->raw.len != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 656 | { |
| HannesTschofenig | 0:796d0f61a05b | 657 | ret = snprintf( p, n, "\n%sserial number: ", |
| HannesTschofenig | 0:796d0f61a05b | 658 | prefix ); |
| HannesTschofenig | 0:796d0f61a05b | 659 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 660 | |
| HannesTschofenig | 0:796d0f61a05b | 661 | ret = x509_serial_gets( p, n, &entry->serial); |
| HannesTschofenig | 0:796d0f61a05b | 662 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 663 | |
| HannesTschofenig | 0:796d0f61a05b | 664 | ret = snprintf( p, n, " revocation date: " \ |
| HannesTschofenig | 0:796d0f61a05b | 665 | "%04d-%02d-%02d %02d:%02d:%02d", |
| HannesTschofenig | 0:796d0f61a05b | 666 | entry->revocation_date.year, entry->revocation_date.mon, |
| HannesTschofenig | 0:796d0f61a05b | 667 | entry->revocation_date.day, entry->revocation_date.hour, |
| HannesTschofenig | 0:796d0f61a05b | 668 | entry->revocation_date.min, entry->revocation_date.sec ); |
| HannesTschofenig | 0:796d0f61a05b | 669 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 670 | |
| HannesTschofenig | 0:796d0f61a05b | 671 | entry = entry->next; |
| HannesTschofenig | 0:796d0f61a05b | 672 | } |
| HannesTschofenig | 0:796d0f61a05b | 673 | |
| HannesTschofenig | 0:796d0f61a05b | 674 | ret = snprintf( p, n, "\n%ssigned using : ", prefix ); |
| HannesTschofenig | 0:796d0f61a05b | 675 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 676 | |
| HannesTschofenig | 0:796d0f61a05b | 677 | ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc ); |
| HannesTschofenig | 0:796d0f61a05b | 678 | if( ret != 0 ) |
| HannesTschofenig | 0:796d0f61a05b | 679 | ret = snprintf( p, n, "???" ); |
| HannesTschofenig | 0:796d0f61a05b | 680 | else |
| HannesTschofenig | 0:796d0f61a05b | 681 | ret = snprintf( p, n, "%s", desc ); |
| HannesTschofenig | 0:796d0f61a05b | 682 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 683 | |
| HannesTschofenig | 0:796d0f61a05b | 684 | ret = snprintf( p, n, "\n" ); |
| HannesTschofenig | 0:796d0f61a05b | 685 | SAFE_SNPRINTF(); |
| HannesTschofenig | 0:796d0f61a05b | 686 | |
| HannesTschofenig | 0:796d0f61a05b | 687 | return( (int) ( size - n ) ); |
| HannesTschofenig | 0:796d0f61a05b | 688 | } |
| HannesTschofenig | 0:796d0f61a05b | 689 | |
| HannesTschofenig | 0:796d0f61a05b | 690 | /* |
| HannesTschofenig | 0:796d0f61a05b | 691 | * Initialize a CRL chain |
| HannesTschofenig | 0:796d0f61a05b | 692 | */ |
| HannesTschofenig | 0:796d0f61a05b | 693 | void x509_crl_init( x509_crl *crl ) |
| HannesTschofenig | 0:796d0f61a05b | 694 | { |
| HannesTschofenig | 0:796d0f61a05b | 695 | memset( crl, 0, sizeof(x509_crl) ); |
| HannesTschofenig | 0:796d0f61a05b | 696 | } |
| HannesTschofenig | 0:796d0f61a05b | 697 | |
| HannesTschofenig | 0:796d0f61a05b | 698 | /* |
| HannesTschofenig | 0:796d0f61a05b | 699 | * Unallocate all CRL data |
| HannesTschofenig | 0:796d0f61a05b | 700 | */ |
| HannesTschofenig | 0:796d0f61a05b | 701 | void x509_crl_free( x509_crl *crl ) |
| HannesTschofenig | 0:796d0f61a05b | 702 | { |
| HannesTschofenig | 0:796d0f61a05b | 703 | x509_crl *crl_cur = crl; |
| HannesTschofenig | 0:796d0f61a05b | 704 | x509_crl *crl_prv; |
| HannesTschofenig | 0:796d0f61a05b | 705 | x509_name *name_cur; |
| HannesTschofenig | 0:796d0f61a05b | 706 | x509_name *name_prv; |
| HannesTschofenig | 0:796d0f61a05b | 707 | x509_crl_entry *entry_cur; |
| HannesTschofenig | 0:796d0f61a05b | 708 | x509_crl_entry *entry_prv; |
| HannesTschofenig | 0:796d0f61a05b | 709 | |
| HannesTschofenig | 0:796d0f61a05b | 710 | if( crl == NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 711 | return; |
| HannesTschofenig | 0:796d0f61a05b | 712 | |
| HannesTschofenig | 0:796d0f61a05b | 713 | do |
| HannesTschofenig | 0:796d0f61a05b | 714 | { |
| HannesTschofenig | 0:796d0f61a05b | 715 | name_cur = crl_cur->issuer.next; |
| HannesTschofenig | 0:796d0f61a05b | 716 | while( name_cur != NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 717 | { |
| HannesTschofenig | 0:796d0f61a05b | 718 | name_prv = name_cur; |
| HannesTschofenig | 0:796d0f61a05b | 719 | name_cur = name_cur->next; |
| HannesTschofenig | 0:796d0f61a05b | 720 | memset( name_prv, 0, sizeof( x509_name ) ); |
| HannesTschofenig | 0:796d0f61a05b | 721 | polarssl_free( name_prv ); |
| HannesTschofenig | 0:796d0f61a05b | 722 | } |
| HannesTschofenig | 0:796d0f61a05b | 723 | |
| HannesTschofenig | 0:796d0f61a05b | 724 | entry_cur = crl_cur->entry.next; |
| HannesTschofenig | 0:796d0f61a05b | 725 | while( entry_cur != NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 726 | { |
| HannesTschofenig | 0:796d0f61a05b | 727 | entry_prv = entry_cur; |
| HannesTschofenig | 0:796d0f61a05b | 728 | entry_cur = entry_cur->next; |
| HannesTschofenig | 0:796d0f61a05b | 729 | memset( entry_prv, 0, sizeof( x509_crl_entry ) ); |
| HannesTschofenig | 0:796d0f61a05b | 730 | polarssl_free( entry_prv ); |
| HannesTschofenig | 0:796d0f61a05b | 731 | } |
| HannesTschofenig | 0:796d0f61a05b | 732 | |
| HannesTschofenig | 0:796d0f61a05b | 733 | if( crl_cur->raw.p != NULL ) |
| HannesTschofenig | 0:796d0f61a05b | 734 | { |
| HannesTschofenig | 0:796d0f61a05b | 735 | memset( crl_cur->raw.p, 0, crl_cur->raw.len ); |
| HannesTschofenig | 0:796d0f61a05b | 736 | polarssl_free( crl_cur->raw.p ); |
| HannesTschofenig | 0:796d0f61a05b | 737 | } |
| HannesTschofenig | 0:796d0f61a05b | 738 | |
| HannesTschofenig | 0:796d0f61a05b | 739 | crl_cur = crl_cur->next; |
| HannesTschofenig | 0:796d0f61a05b | 740 | } |
| HannesTschofenig | 0:796d0f61a05b | 741 | while( crl_cur != NULL ); |
| HannesTschofenig | 0:796d0f61a05b | 742 | |
| HannesTschofenig | 0:796d0f61a05b | 743 | crl_cur = crl; |
| HannesTschofenig | 0:796d0f61a05b | 744 | do |
| HannesTschofenig | 0:796d0f61a05b | 745 | { |
| HannesTschofenig | 0:796d0f61a05b | 746 | crl_prv = crl_cur; |
| HannesTschofenig | 0:796d0f61a05b | 747 | crl_cur = crl_cur->next; |
| HannesTschofenig | 0:796d0f61a05b | 748 | |
| HannesTschofenig | 0:796d0f61a05b | 749 | memset( crl_prv, 0, sizeof( x509_crl ) ); |
| HannesTschofenig | 0:796d0f61a05b | 750 | if( crl_prv != crl ) |
| HannesTschofenig | 0:796d0f61a05b | 751 | polarssl_free( crl_prv ); |
| HannesTschofenig | 0:796d0f61a05b | 752 | } |
| HannesTschofenig | 0:796d0f61a05b | 753 | while( crl_cur != NULL ); |
| HannesTschofenig | 0:796d0f61a05b | 754 | } |
| HannesTschofenig | 0:796d0f61a05b | 755 | |
| HannesTschofenig | 0:796d0f61a05b | 756 | #endif /* POLARSSL_X509_CRL_PARSE_C */ |
| HannesTschofenig | 0:796d0f61a05b | 757 | |
| HannesTschofenig | 0:796d0f61a05b | 758 |