Context Navigation

x509parse.c @ 1274

Visit:

Revision 1274, 86.1 KB checked in by paul, 8 days ago (diff)
Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.

Line
1	/*
2	* X.509 certificate and private key decoding
3	*
4	* Copyright (C) 2006-2011, Brainspark B.V.
5	*
6	* This file is part of PolarSSL (http://www.polarssl.org)
7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8	*
9	* All rights reserved.
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* This program is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License along
22	* with this program; if not, write to the Free Software Foundation, Inc.,
23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24	*/
25	/*
26	* The ITU-T X.509 standard defines a certificate format for PKI.
27	*
28	* http://www.ietf.org/rfc/rfc3279.txt
29	* http://www.ietf.org/rfc/rfc3280.txt
30	*
31	* ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32	*
33	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35	*/
36
37	#include "polarssl/config.h"
38
39	#if defined(POLARSSL_X509_PARSE_C)
40
41	#include "polarssl/x509.h"
42	#include "polarssl/asn1.h"
43	#include "polarssl/pem.h"
44	#include "polarssl/des.h"
45	#include "polarssl/md2.h"
46	#include "polarssl/md4.h"
47	#include "polarssl/md5.h"
48	#include "polarssl/sha1.h"
49	#include "polarssl/sha2.h"
50	#include "polarssl/sha4.h"
51	#include "polarssl/dhm.h"
52
53	#include <string.h>
54	#include <stdlib.h>
55	#if defined(_WIN32)
56	#include <windows.h>
57	#else
58	#include <time.h>
59	#endif
60
61	#if defined(POLARSSL_FS_IO)
62	#include <stdio.h>
63	#endif
64
65	/*
66	* Version ::= INTEGER { v1(0), v2(1), v3(2) }
67	*/
68	static int x509_get_version( unsigned char **p,
69	const unsigned char *end,
70	int *ver )
71	{
72	int ret;
73	size_t len;
74
75	if( ( ret = asn1_get_tag( p, end, &len,
76	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 0 ) ) != 0 )
77	{
78	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
79	{
80	*ver = 0;
81	return( 0 );
82	}
83
84	return( ret );
85	}
86
87	end = *p + len;
88
89	if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
90	return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
91
92	if( *p != end )
93	return( POLARSSL_ERR_X509_CERT_INVALID_VERSION +
94	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
95
96	return( 0 );
97	}
98
99	/*
100	* Version ::= INTEGER { v1(0), v2(1) }
101	*/
102	static int x509_crl_get_version( unsigned char **p,
103	const unsigned char *end,
104	int *ver )
105	{
106	int ret;
107
108	if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
109	{
110	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
111	{
112	*ver = 0;
113	return( 0 );
114	}
115
116	return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
117	}
118
119	return( 0 );
120	}
121
122	/*
123	* CertificateSerialNumber ::= INTEGER
124	*/
125	static int x509_get_serial( unsigned char **p,
126	const unsigned char *end,
127	x509_buf *serial )
128	{
129	int ret;
130
131	if( ( end - *p ) < 1 )
132	return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
133	POLARSSL_ERR_ASN1_OUT_OF_DATA );
134
135	if( **p != ( ASN1_CONTEXT_SPECIFIC \| ASN1_PRIMITIVE \| 2 ) &&
136	**p != ASN1_INTEGER )
137	return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
138	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
139
140	serial->tag = (p)++;
141
142	if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
143	return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL + ret );
144
145	serial->p = *p;
146	*p += serial->len;
147
148	return( 0 );
149	}
150
151	/*
152	* AlgorithmIdentifier ::= SEQUENCE {
153	* algorithm OBJECT IDENTIFIER,
154	* parameters ANY DEFINED BY algorithm OPTIONAL }
155	*/
156	static int x509_get_alg( unsigned char **p,
157	const unsigned char *end,
158	x509_buf *alg )
159	{
160	int ret;
161	size_t len;
162
163	if( ( ret = asn1_get_tag( p, end, &len,
164	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
165	return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
166
167	end = *p + len;
168	alg->tag = **p;
169
170	if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
171	return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
172
173	alg->p = *p;
174	*p += alg->len;
175
176	if( *p == end )
177	return( 0 );
178
179	/*
180	* assume the algorithm parameters must be NULL
181	*/
182	if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
183	return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
184
185	if( *p != end )
186	return( POLARSSL_ERR_X509_CERT_INVALID_ALG +
187	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
188
189	return( 0 );
190	}
191
192	/*
193	* AttributeTypeAndValue ::= SEQUENCE {
194	* type AttributeType,
195	* value AttributeValue }
196	*
197	* AttributeType ::= OBJECT IDENTIFIER
198	*
199	* AttributeValue ::= ANY DEFINED BY AttributeType
200	*/
201	static int x509_get_attr_type_value( unsigned char **p,
202	const unsigned char *end,
203	x509_name *cur )
204	{
205	int ret;
206	size_t len;
207	x509_buf *oid;
208	x509_buf *val;
209
210	if( ( ret = asn1_get_tag( p, end, &len,
211	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
212	return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
213
214	oid = &cur->oid;
215	oid->tag = **p;
216
217	if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
218	return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
219
220	oid->p = *p;
221	*p += oid->len;
222
223	if( ( end - *p ) < 1 )
224	return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
225	POLARSSL_ERR_ASN1_OUT_OF_DATA );
226
227	if( p != ASN1_BMP_STRING && p != ASN1_UTF8_STRING &&
228	p != ASN1_T61_STRING && p != ASN1_PRINTABLE_STRING &&
229	p != ASN1_IA5_STRING && p != ASN1_UNIVERSAL_STRING )
230	return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
231	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
232
233	val = &cur->val;
234	val->tag = (p)++;
235
236	if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
237	return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
238
239	val->p = *p;
240	*p += val->len;
241
242	cur->next = NULL;
243
244	return( 0 );
245	}
246
247	/*
248	* RelativeDistinguishedName ::=
249	* SET OF AttributeTypeAndValue
250	*
251	* AttributeTypeAndValue ::= SEQUENCE {
252	* type AttributeType,
253	* value AttributeValue }
254	*
255	* AttributeType ::= OBJECT IDENTIFIER
256	*
257	* AttributeValue ::= ANY DEFINED BY AttributeType
258	*/
259	static int x509_get_name( unsigned char **p,
260	const unsigned char *end,
261	x509_name *cur )
262	{
263	int ret;
264	size_t len;
265	const unsigned char *end2;
266	x509_name *use;
267
268	if( ( ret = asn1_get_tag( p, end, &len,
269	ASN1_CONSTRUCTED \| ASN1_SET ) ) != 0 )
270	return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
271
272	end2 = end;
273	end = *p + len;
274	use = cur;
275
276	do
277	{
278	if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
279	return( ret );
280
281	if( *p != end )
282	{
283	use->next = (x509_name *) malloc(
284	sizeof( x509_name ) );
285
286	if( use->next == NULL )
287	return( POLARSSL_ERR_X509_MALLOC_FAILED );
288
289	memset( use->next, 0, sizeof( x509_name ) );
290
291	use = use->next;
292	}
293	}
294	while( *p != end );
295
296	/*
297	* recurse until end of SEQUENCE is reached
298	*/
299	if( *p == end2 )
300	return( 0 );
301
302	cur->next = (x509_name *) malloc(
303	sizeof( x509_name ) );
304
305	if( cur->next == NULL )
306	return( POLARSSL_ERR_X509_MALLOC_FAILED );
307
308	memset( cur->next, 0, sizeof( x509_name ) );
309
310	return( x509_get_name( p, end2, cur->next ) );
311	}
312
313	/*
314	* Time ::= CHOICE {
315	* utcTime UTCTime,
316	* generalTime GeneralizedTime }
317	*/
318	static int x509_get_time( unsigned char **p,
319	const unsigned char *end,
320	x509_time *time )
321	{
322	int ret;
323	size_t len;
324	char date[64];
325	unsigned char tag;
326
327	if( ( end - *p ) < 1 )
328	return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
329	POLARSSL_ERR_ASN1_OUT_OF_DATA );
330
331	tag = **p;
332
333	if ( tag == ASN1_UTC_TIME )
334	{
335	(*p)++;
336	ret = asn1_get_len( p, end, &len );
337
338	if( ret != 0 )
339	return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
340
341	memset( date, 0, sizeof( date ) );
342	memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
343	len : sizeof( date ) - 1 );
344
345	if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
346	&time->year, &time->mon, &time->day,
347	&time->hour, &time->min, &time->sec ) < 5 )
348	return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
349
350	time->year += 100 * ( time->year < 50 );
351	time->year += 1900;
352
353	*p += len;
354
355	return( 0 );
356	}
357	else if ( tag == ASN1_GENERALIZED_TIME )
358	{
359	(*p)++;
360	ret = asn1_get_len( p, end, &len );
361
362	if( ret != 0 )
363	return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
364
365	memset( date, 0, sizeof( date ) );
366	memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
367	len : sizeof( date ) - 1 );
368
369	if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
370	&time->year, &time->mon, &time->day,
371	&time->hour, &time->min, &time->sec ) < 5 )
372	return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
373
374	*p += len;
375
376	return( 0 );
377	}
378	else
379	return( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
380	}
381
382
383	/*
384	* Validity ::= SEQUENCE {
385	* notBefore Time,
386	* notAfter Time }
387	*/
388	static int x509_get_dates( unsigned char **p,
389	const unsigned char *end,
390	x509_time *from,
391	x509_time *to )
392	{
393	int ret;
394	size_t len;
395
396	if( ( ret = asn1_get_tag( p, end, &len,
397	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
398	return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
399
400	end = *p + len;
401
402	if( ( ret = x509_get_time( p, end, from ) ) != 0 )
403	return( ret );
404
405	if( ( ret = x509_get_time( p, end, to ) ) != 0 )
406	return( ret );
407
408	if( *p != end )
409	return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
410	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
411
412	return( 0 );
413	}
414
415	/*
416	* SubjectPublicKeyInfo ::= SEQUENCE {
417	* algorithm AlgorithmIdentifier,
418	* subjectPublicKey BIT STRING }
419	*/
420	static int x509_get_pubkey( unsigned char **p,
421	const unsigned char *end,
422	x509_buf *pk_alg_oid,
423	mpi N, mpi E )
424	{
425	int ret, can_handle;
426	size_t len;
427	unsigned char *end2;
428
429	if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
430	return( ret );
431
432	/*
433	* only RSA public keys handled at this time
434	*/
435	can_handle = 0;
436
437	if( pk_alg_oid->len == 9 &&
438	memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) == 0 )
439	can_handle = 1;
440
441	if( pk_alg_oid->len == 9 &&
442	memcmp( pk_alg_oid->p, OID_PKCS1, 8 ) == 0 )
443	{
444	if( pk_alg_oid->p[8] >= 2 && pk_alg_oid->p[8] <= 5 )
445	can_handle = 1;
446
447	if ( pk_alg_oid->p[8] >= 11 && pk_alg_oid->p[8] <= 14 )
448	can_handle = 1;
449	}
450
451	if( pk_alg_oid->len == 5 &&
452	memcmp( pk_alg_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
453	can_handle = 1;
454
455	if( can_handle == 0 )
456	return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
457
458	if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
459	return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
460
461	if( ( end - *p ) < 1 )
462	return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
463	POLARSSL_ERR_ASN1_OUT_OF_DATA );
464
465	end2 = *p + len;
466
467	if( (p)++ != 0 )
468	return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY );
469
470	/*
471	* RSAPublicKey ::= SEQUENCE {
472	* modulus INTEGER, -- n
473	* publicExponent INTEGER -- e
474	* }
475	*/
476	if( ( ret = asn1_get_tag( p, end2, &len,
477	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
478	return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
479
480	if( *p + len != end2 )
481	return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
482	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
483
484	if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 \|\|
485	( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
486	return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
487
488	if( *p != end )
489	return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
490	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
491
492	return( 0 );
493	}
494
495	static int x509_get_sig( unsigned char **p,
496	const unsigned char *end,
497	x509_buf *sig )
498	{
499	int ret;
500	size_t len;
501
502	if( ( end - *p ) < 1 )
503	return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE +
504	POLARSSL_ERR_ASN1_OUT_OF_DATA );
505
506	sig->tag = **p;
507
508	if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
509	return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + ret );
510
511
512	if( --len < 1 \|\| (p)++ != 0 )
513	return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE );
514
515	sig->len = len;
516	sig->p = *p;
517
518	*p += len;
519
520	return( 0 );
521	}
522
523	/*
524	* X.509 v2/v3 unique identifier (not parsed)
525	*/
526	static int x509_get_uid( unsigned char **p,
527	const unsigned char *end,
528	x509_buf *uid, int n )
529	{
530	int ret;
531
532	if( *p == end )
533	return( 0 );
534
535	uid->tag = **p;
536
537	if( ( ret = asn1_get_tag( p, end, &uid->len,
538	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| n ) ) != 0 )
539	{
540	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
541	return( 0 );
542
543	return( ret );
544	}
545
546	uid->p = *p;
547	*p += uid->len;
548
549	return( 0 );
550	}
551
552	/*
553	* X.509 Extensions (No parsing of extensions, pointer should
554	* be either manually updated or extensions should be parsed!
555	*/
556	static int x509_get_ext( unsigned char **p,
557	const unsigned char *end,
558	x509_buf *ext, int tag )
559	{
560	int ret;
561	size_t len;
562
563	if( *p == end )
564	return( 0 );
565
566	ext->tag = **p;
567
568	if( ( ret = asn1_get_tag( p, end, &ext->len,
569	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| tag ) ) != 0 )
570	return( ret );
571
572	ext->p = *p;
573	end = *p + ext->len;
574
575	/*
576	* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
577	*
578	* Extension ::= SEQUENCE {
579	* extnID OBJECT IDENTIFIER,
580	* critical BOOLEAN DEFAULT FALSE,
581	* extnValue OCTET STRING }
582	*/
583	if( ( ret = asn1_get_tag( p, end, &len,
584	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
585	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
586
587	if( end != *p + len )
588	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
589	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
590
591	return( 0 );
592	}
593
594	/*
595	* X.509 CRL v2 extensions (no extensions parsed yet.)
596	*/
597	static int x509_get_crl_ext( unsigned char **p,
598	const unsigned char *end,
599	x509_buf *ext )
600	{
601	int ret;
602	size_t len = 0;
603
604	/* Get explicit tag */
605	if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
606	{
607	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
608	return( 0 );
609
610	return( ret );
611	}
612
613	while( *p < end )
614	{
615	if( ( ret = asn1_get_tag( p, end, &len,
616	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
617	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
618
619	*p += len;
620	}
621
622	if( *p != end )
623	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
624	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
625
626	return( 0 );
627	}
628
629	/*
630	* X.509 CRL v2 entry extensions (no extensions parsed yet.)
631	*/
632	static int x509_get_crl_entry_ext( unsigned char **p,
633	const unsigned char *end,
634	x509_buf *ext )
635	{
636	int ret;
637	size_t len = 0;
638
639	/* OPTIONAL */
640	if (end <= *p)
641	return( 0 );
642
643	ext->tag = **p;
644	ext->p = *p;
645
646	/*
647	* Get CRL-entry extension sequence header
648	* crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
649	*/
650	if( ( ret = asn1_get_tag( p, end, &ext->len,
651	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
652	{
653	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
654	{
655	ext->p = NULL;
656	return( 0 );
657	}
658	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
659	}
660
661	end = *p + ext->len;
662
663	if( end != *p + ext->len )
664	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
665	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
666
667	while( *p < end )
668	{
669	if( ( ret = asn1_get_tag( p, end, &len,
670	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
671	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
672
673	*p += len;
674	}
675
676	if( *p != end )
677	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
678	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
679
680	return( 0 );
681	}
682
683	static int x509_get_basic_constraints( unsigned char **p,
684	const unsigned char *end,
685	int *ca_istrue,
686	int *max_pathlen )
687	{
688	int ret;
689	size_t len;
690
691	/*
692	* BasicConstraints ::= SEQUENCE {
693	* cA BOOLEAN DEFAULT FALSE,
694	* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
695	*/
696	ca_istrue = 0; / DEFAULT FALSE */
697	max_pathlen = 0; / endless */
698
699	if( ( ret = asn1_get_tag( p, end, &len,
700	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
701	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
702
703	if( *p == end )
704	return 0;
705
706	if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
707	{
708	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
709	ret = asn1_get_int( p, end, ca_istrue );
710
711	if( ret != 0 )
712	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
713
714	if( *ca_istrue != 0 )
715	*ca_istrue = 1;
716	}
717
718	if( *p == end )
719	return 0;
720
721	if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
722	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
723
724	if( *p != end )
725	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
726	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
727
728	(*max_pathlen)++;
729
730	return 0;
731	}
732
733	static int x509_get_ns_cert_type( unsigned char **p,
734	const unsigned char *end,
735	unsigned char *ns_cert_type)
736	{
737	int ret;
738	x509_bitstring bs = { 0, 0, NULL };
739
740	if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
741	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
742
743	if( bs.len != 1 )
744	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
745	POLARSSL_ERR_ASN1_INVALID_LENGTH );
746
747	/* Get actual bitstring */
748	ns_cert_type = bs.p;
749	return 0;
750	}
751
752	static int x509_get_key_usage( unsigned char **p,
753	const unsigned char *end,
754	unsigned char *key_usage)
755	{
756	int ret;
757	x509_bitstring bs = { 0, 0, NULL };
758
759	if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
760	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
761
762	if( bs.len > 1 )
763	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
764	POLARSSL_ERR_ASN1_INVALID_LENGTH );
765
766	/* Get actual bitstring */
767	key_usage = bs.p;
768	return 0;
769	}
770
771	/*
772	* ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
773	*
774	* KeyPurposeId ::= OBJECT IDENTIFIER
775	*/
776	static int x509_get_ext_key_usage( unsigned char **p,
777	const unsigned char *end,
778	x509_sequence *ext_key_usage)
779	{
780	int ret;
781
782	if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
783	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
784
785	/* Sequence length must be >= 1 */
786	if( ext_key_usage->buf.p == NULL )
787	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
788	POLARSSL_ERR_ASN1_INVALID_LENGTH );
789
790	return 0;
791	}
792
793	/*
794	* SubjectAltName ::= GeneralNames
795	*
796	* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
797	*
798	* GeneralName ::= CHOICE {
799	* otherName [0] OtherName,
800	* rfc822Name [1] IA5String,
801	* dNSName [2] IA5String,
802	* x400Address [3] ORAddress,
803	* directoryName [4] Name,
804	* ediPartyName [5] EDIPartyName,
805	* uniformResourceIdentifier [6] IA5String,
806	* iPAddress [7] OCTET STRING,
807	* registeredID [8] OBJECT IDENTIFIER }
808	*
809	* OtherName ::= SEQUENCE {
810	* type-id OBJECT IDENTIFIER,
811	* value [0] EXPLICIT ANY DEFINED BY type-id }
812	*
813	* EDIPartyName ::= SEQUENCE {
814	* nameAssigner [0] DirectoryString OPTIONAL,
815	* partyName [1] DirectoryString }
816	*
817	* NOTE: PolarSSL only parses and uses dNSName at this point.
818	*/
819	static int x509_get_subject_alt_name( unsigned char **p,
820	const unsigned char *end,
821	x509_sequence *subject_alt_name )
822	{
823	int ret;
824	size_t len, tag_len;
825	asn1_buf *buf;
826	unsigned char tag;
827	asn1_sequence *cur = subject_alt_name;
828
829	/* Get main sequence tag */
830	if( ( ret = asn1_get_tag( p, end, &len,
831	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
832	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
833
834	if( *p + len != end )
835	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
836	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
837
838	while( *p < end )
839	{
840	if( ( end - *p ) < 1 )
841	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
842	POLARSSL_ERR_ASN1_OUT_OF_DATA );
843
844	tag = **p;
845	(*p)++;
846	if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
847	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
848
849	if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
850	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
851	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
852
853	if( tag != ( ASN1_CONTEXT_SPECIFIC \| 2 ) )
854	{
855	*p += tag_len;
856	continue;
857	}
858
859	buf = &(cur->buf);
860	buf->tag = tag;
861	buf->p = *p;
862	buf->len = tag_len;
863	*p += buf->len;
864
865	/* Allocate and assign next pointer */
866	if (*p < end)
867	{
868	cur->next = (asn1_sequence *) malloc(
869	sizeof( asn1_sequence ) );
870
871	if( cur->next == NULL )
872	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
873	POLARSSL_ERR_ASN1_MALLOC_FAILED );
874
875	cur = cur->next;
876	}
877	}
878
879	/* Set final sequence entry's next pointer to NULL */
880	cur->next = NULL;
881
882	if( *p != end )
883	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
884	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
885
886	return( 0 );
887	}
888
889	/*
890	* X.509 v3 extensions
891	*
892	* TODO: Perform all of the basic constraints tests required by the RFC
893	* TODO: Set values for undetected extensions to a sane default?
894	*
895	*/
896	static int x509_get_crt_ext( unsigned char **p,
897	const unsigned char *end,
898	x509_cert *crt )
899	{
900	int ret;
901	size_t len;
902	unsigned char end_ext_data, end_ext_octet;
903
904	if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
905	{
906	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
907	return( 0 );
908
909	return( ret );
910	}
911
912	while( *p < end )
913	{
914	/*
915	* Extension ::= SEQUENCE {
916	* extnID OBJECT IDENTIFIER,
917	* critical BOOLEAN DEFAULT FALSE,
918	* extnValue OCTET STRING }
919	*/
920	x509_buf extn_oid = {0, 0, NULL};
921	int is_critical = 0; /* DEFAULT FALSE */
922
923	if( ( ret = asn1_get_tag( p, end, &len,
924	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
925	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
926
927	end_ext_data = *p + len;
928
929	/* Get extension ID */
930	extn_oid.tag = **p;
931
932	if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
933	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
934
935	extn_oid.p = *p;
936	*p += extn_oid.len;
937
938	if( ( end - *p ) < 1 )
939	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
940	POLARSSL_ERR_ASN1_OUT_OF_DATA );
941
942	/* Get optional critical */
943	if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
944	( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
945	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
946
947	/* Data should be octet string type */
948	if( ( ret = asn1_get_tag( p, end_ext_data, &len,
949	ASN1_OCTET_STRING ) ) != 0 )
950	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
951
952	end_ext_octet = *p + len;
953
954	if( end_ext_octet != end_ext_data )
955	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
956	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
957
958	/*
959	* Detect supported extensions
960	*/
961	if( ( OID_SIZE( OID_BASIC_CONSTRAINTS ) == extn_oid.len ) &&
962	memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS, extn_oid.len ) == 0 )
963	{
964	/* Parse basic constraints */
965	if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
966	&crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
967	return ( ret );
968	crt->ext_types \|= EXT_BASIC_CONSTRAINTS;
969	}
970	else if( ( OID_SIZE( OID_NS_CERT_TYPE ) == extn_oid.len ) &&
971	memcmp( extn_oid.p, OID_NS_CERT_TYPE, extn_oid.len ) == 0 )
972	{
973	/* Parse netscape certificate type */
974	if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
975	&crt->ns_cert_type ) ) != 0 )
976	return ( ret );
977	crt->ext_types \|= EXT_NS_CERT_TYPE;
978	}
979	else if( ( OID_SIZE( OID_KEY_USAGE ) == extn_oid.len ) &&
980	memcmp( extn_oid.p, OID_KEY_USAGE, extn_oid.len ) == 0 )
981	{
982	/* Parse key usage */
983	if( ( ret = x509_get_key_usage( p, end_ext_octet,
984	&crt->key_usage ) ) != 0 )
985	return ( ret );
986	crt->ext_types \|= EXT_KEY_USAGE;
987	}
988	else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE ) == extn_oid.len ) &&
989	memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE, extn_oid.len ) == 0 )
990	{
991	/* Parse extended key usage */
992	if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
993	&crt->ext_key_usage ) ) != 0 )
994	return ( ret );
995	crt->ext_types \|= EXT_EXTENDED_KEY_USAGE;
996	}
997	else if( ( OID_SIZE( OID_SUBJECT_ALT_NAME ) == extn_oid.len ) &&
998	memcmp( extn_oid.p, OID_SUBJECT_ALT_NAME, extn_oid.len ) == 0 )
999	{
1000	/* Parse extended key usage */
1001	if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
1002	&crt->subject_alt_names ) ) != 0 )
1003	return ( ret );
1004	crt->ext_types \|= EXT_SUBJECT_ALT_NAME;
1005	}
1006	else
1007	{
1008	/* No parser found, skip extension */
1009	*p = end_ext_octet;
1010
1011	#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
1012	if( is_critical )
1013	{
1014	/* Data is marked as critical: fail */
1015	return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
1016	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
1017	}
1018	#endif
1019	}
1020	}
1021
1022	if( *p != end )
1023	return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
1024	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1025
1026	return( 0 );
1027	}
1028
1029	/*
1030	* X.509 CRL Entries
1031	*/
1032	static int x509_get_entries( unsigned char **p,
1033	const unsigned char *end,
1034	x509_crl_entry *entry )
1035	{
1036	int ret;
1037	size_t entry_len;
1038	x509_crl_entry *cur_entry = entry;
1039
1040	if( *p == end )
1041	return( 0 );
1042
1043	if( ( ret = asn1_get_tag( p, end, &entry_len,
1044	ASN1_SEQUENCE \| ASN1_CONSTRUCTED ) ) != 0 )
1045	{
1046	if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
1047	return( 0 );
1048
1049	return( ret );
1050	}
1051
1052	end = *p + entry_len;
1053
1054	while( *p < end )
1055	{
1056	size_t len2;
1057	const unsigned char *end2;
1058
1059	if( ( ret = asn1_get_tag( p, end, &len2,
1060	ASN1_SEQUENCE \| ASN1_CONSTRUCTED ) ) != 0 )
1061	{
1062	return( ret );
1063	}
1064
1065	cur_entry->raw.tag = **p;
1066	cur_entry->raw.p = *p;
1067	cur_entry->raw.len = len2;
1068	end2 = *p + len2;
1069
1070	if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
1071	return( ret );
1072
1073	if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
1074	return( ret );
1075
1076	if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
1077	return( ret );
1078
1079	if ( *p < end )
1080	{
1081	cur_entry->next = malloc( sizeof( x509_crl_entry ) );
1082
1083	if( cur_entry->next == NULL )
1084	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1085
1086	cur_entry = cur_entry->next;
1087	memset( cur_entry, 0, sizeof( x509_crl_entry ) );
1088	}
1089	}
1090
1091	return( 0 );
1092	}
1093
1094	static int x509_get_sig_alg( const x509_buf sig_oid, int sig_alg )
1095	{
1096	if( sig_oid->len == 9 &&
1097	memcmp( sig_oid->p, OID_PKCS1, 8 ) == 0 )
1098	{
1099	if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
1100	{
1101	*sig_alg = sig_oid->p[8];
1102	return( 0 );
1103	}
1104
1105	if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
1106	{
1107	*sig_alg = sig_oid->p[8];
1108	return( 0 );
1109	}
1110
1111	return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
1112	}
1113	if( sig_oid->len == 5 &&
1114	memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
1115	{
1116	*sig_alg = SIG_RSA_SHA1;
1117	return( 0 );
1118	}
1119
1120	return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
1121	}
1122
1123	/*
1124	* Parse and fill a single X.509 certificate in DER format
1125	*/
1126	int x509parse_crt_der( x509_cert crt, const unsigned char buf, size_t buflen )
1127	{
1128	int ret;
1129	size_t len;
1130	unsigned char p, end;
1131
1132	/*
1133	* Check for valid input
1134	*/
1135	if( crt == NULL \|\| buf == NULL )
1136	return( POLARSSL_ERR_X509_INVALID_INPUT );
1137
1138	p = (unsigned char *) malloc( len = buflen );
1139
1140	if( p == NULL )
1141	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1142
1143	memcpy( p, buf, buflen );
1144
1145	buflen = 0;
1146
1147	crt->raw.p = p;
1148	crt->raw.len = len;
1149	end = p + len;
1150
1151	/*
1152	* Certificate ::= SEQUENCE {
1153	* tbsCertificate TBSCertificate,
1154	* signatureAlgorithm AlgorithmIdentifier,
1155	* signatureValue BIT STRING }
1156	*/
1157	if( ( ret = asn1_get_tag( &p, end, &len,
1158	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1159	{
1160	x509_free( crt );
1161	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
1162	}
1163
1164	if( len != (size_t) ( end - p ) )
1165	{
1166	x509_free( crt );
1167	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
1168	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1169	}
1170
1171	/*
1172	* TBSCertificate ::= SEQUENCE {
1173	*/
1174	crt->tbs.p = p;
1175
1176	if( ( ret = asn1_get_tag( &p, end, &len,
1177	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1178	{
1179	x509_free( crt );
1180	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1181	}
1182
1183	end = p + len;
1184	crt->tbs.len = end - crt->tbs.p;
1185
1186	/*
1187	* Version ::= INTEGER { v1(0), v2(1), v3(2) }
1188	*
1189	* CertificateSerialNumber ::= INTEGER
1190	*
1191	* signature AlgorithmIdentifier
1192	*/
1193	if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 \|\|
1194	( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 \|\|
1195	( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
1196	{
1197	x509_free( crt );
1198	return( ret );
1199	}
1200
1201	crt->version++;
1202
1203	if( crt->version > 3 )
1204	{
1205	x509_free( crt );
1206	return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
1207	}
1208
1209	if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
1210	{
1211	x509_free( crt );
1212	return( ret );
1213	}
1214
1215	/*
1216	* issuer Name
1217	*/
1218	crt->issuer_raw.p = p;
1219
1220	if( ( ret = asn1_get_tag( &p, end, &len,
1221	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1222	{
1223	x509_free( crt );
1224	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1225	}
1226
1227	if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
1228	{
1229	x509_free( crt );
1230	return( ret );
1231	}
1232
1233	crt->issuer_raw.len = p - crt->issuer_raw.p;
1234
1235	/*
1236	* Validity ::= SEQUENCE {
1237	* notBefore Time,
1238	* notAfter Time }
1239	*
1240	*/
1241	if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
1242	&crt->valid_to ) ) != 0 )
1243	{
1244	x509_free( crt );
1245	return( ret );
1246	}
1247
1248	/*
1249	* subject Name
1250	*/
1251	crt->subject_raw.p = p;
1252
1253	if( ( ret = asn1_get_tag( &p, end, &len,
1254	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1255	{
1256	x509_free( crt );
1257	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1258	}
1259
1260	if( ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
1261	{
1262	x509_free( crt );
1263	return( ret );
1264	}
1265
1266	crt->subject_raw.len = p - crt->subject_raw.p;
1267
1268	/*
1269	* SubjectPublicKeyInfo ::= SEQUENCE
1270	* algorithm AlgorithmIdentifier,
1271	* subjectPublicKey BIT STRING }
1272	*/
1273	if( ( ret = asn1_get_tag( &p, end, &len,
1274	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1275	{
1276	x509_free( crt );
1277	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1278	}
1279
1280	if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
1281	&crt->rsa.N, &crt->rsa.E ) ) != 0 )
1282	{
1283	x509_free( crt );
1284	return( ret );
1285	}
1286
1287	if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
1288	{
1289	x509_free( crt );
1290	return( ret );
1291	}
1292
1293	crt->rsa.len = mpi_size( &crt->rsa.N );
1294
1295	/*
1296	* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1297	* -- If present, version shall be v2 or v3
1298	* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1299	* -- If present, version shall be v2 or v3
1300	* extensions [3] EXPLICIT Extensions OPTIONAL
1301	* -- If present, version shall be v3
1302	*/
1303	if( crt->version == 2 \|\| crt->version == 3 )
1304	{
1305	ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1306	if( ret != 0 )
1307	{
1308	x509_free( crt );
1309	return( ret );
1310	}
1311	}
1312
1313	if( crt->version == 2 \|\| crt->version == 3 )
1314	{
1315	ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1316	if( ret != 0 )
1317	{
1318	x509_free( crt );
1319	return( ret );
1320	}
1321	}
1322
1323	if( crt->version == 3 )
1324	{
1325	ret = x509_get_crt_ext( &p, end, crt);
1326	if( ret != 0 )
1327	{
1328	x509_free( crt );
1329	return( ret );
1330	}
1331	}
1332
1333	if( p != end )
1334	{
1335	x509_free( crt );
1336	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
1337	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1338	}
1339
1340	end = crt->raw.p + crt->raw.len;
1341
1342	/*
1343	* signatureAlgorithm AlgorithmIdentifier,
1344	* signatureValue BIT STRING
1345	*/
1346	if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
1347	{
1348	x509_free( crt );
1349	return( ret );
1350	}
1351
1352	if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
1353	{
1354	x509_free( crt );
1355	return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
1356	}
1357
1358	if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1359	{
1360	x509_free( crt );
1361	return( ret );
1362	}
1363
1364	if( p != end )
1365	{
1366	x509_free( crt );
1367	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
1368	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1369	}
1370
1371	return( 0 );
1372	}
1373
1374	/*
1375	* Parse one or more PEM certificates from a buffer and add them to the chained list
1376	*/
1377	int x509parse_crt( x509_cert chain, const unsigned char buf, size_t buflen )
1378	{
1379	int ret, success = 0, first_error = 0, total_failed = 0;
1380	x509_cert crt, prev = NULL;
1381	int buf_format = X509_FORMAT_DER;
1382
1383	crt = chain;
1384
1385	/*
1386	* Check for valid input
1387	*/
1388	if( crt == NULL \|\| buf == NULL )
1389	return( POLARSSL_ERR_X509_INVALID_INPUT );
1390
1391	while( crt->version != 0 && crt->next != NULL )
1392	{
1393	prev = crt;
1394	crt = crt->next;
1395	}
1396
1397	/*
1398	* Add new certificate on the end of the chain if needed.
1399	*/
1400	if ( crt->version != 0 && crt->next == NULL)
1401	{
1402	crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1403
1404	if( crt->next == NULL )
1405	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1406
1407	prev = crt;
1408	crt = crt->next;
1409	memset( crt, 0, sizeof( x509_cert ) );
1410	}
1411
1412	/*
1413	* Determine buffer content. Buffer contains either one DER certificate or
1414	* one or more PEM certificates.
1415	*/
1416	#if defined(POLARSSL_PEM_C)
1417	if( strstr( (char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1418	buf_format = X509_FORMAT_PEM;
1419	#endif
1420
1421	if( buf_format == X509_FORMAT_DER )
1422	return x509parse_crt_der( crt, buf, buflen );
1423
1424	#if defined(POLARSSL_PEM_C)
1425	if( buf_format == X509_FORMAT_PEM )
1426	{
1427	pem_context pem;
1428
1429	while( buflen > 0 )
1430	{
1431	size_t use_len;
1432	pem_init( &pem );
1433
1434	ret = pem_read_buffer( &pem,
1435	"-----BEGIN CERTIFICATE-----",
1436	"-----END CERTIFICATE-----",
1437	buf, NULL, 0, &use_len );
1438
1439	if( ret == 0 )
1440	{
1441	/*
1442	* Was PEM encoded
1443	*/
1444	buflen -= use_len;
1445	buf += use_len;
1446	}
1447	else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1448	{
1449	pem_free( &pem );
1450
1451	if( first_error == 0 )
1452	first_error = ret;
1453
1454	continue;
1455	}
1456	else
1457	break;
1458
1459	ret = x509parse_crt_der( crt, pem.buf, pem.buflen );
1460
1461	pem_free( &pem );
1462
1463	if( ret != 0 )
1464	{
1465	/*
1466	* quit parsing on a memory error
1467	*/
1468	if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
1469	{
1470	if( prev )
1471	prev->next = NULL;
1472
1473	if( crt != chain )
1474	free( crt );
1475
1476	return( ret );
1477	}
1478
1479	if( first_error == 0 )
1480	first_error = ret;
1481
1482	total_failed++;
1483
1484	memset( crt, 0, sizeof( x509_cert ) );
1485	continue;
1486	}
1487
1488	success = 1;
1489
1490	/*
1491	* Add new certificate to the list
1492	*/
1493	crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1494
1495	if( crt->next == NULL )
1496	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1497
1498	prev = crt;
1499	crt = crt->next;
1500	memset( crt, 0, sizeof( x509_cert ) );
1501	}
1502	}
1503	#endif
1504
1505	if( crt->version == 0 )
1506	{
1507	if( prev )
1508	prev->next = NULL;
1509
1510	if( crt != chain )
1511	free( crt );
1512	}
1513
1514	if( success )
1515	return( total_failed );
1516	else if( first_error )
1517	return( first_error );
1518	else
1519	return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
1520	}
1521
1522	/*
1523	* Parse one or more CRLs and add them to the chained list
1524	*/
1525	int x509parse_crl( x509_crl chain, const unsigned char buf, size_t buflen )
1526	{
1527	int ret;
1528	size_t len;
1529	unsigned char p, end;
1530	x509_crl *crl;
1531	#if defined(POLARSSL_PEM_C)
1532	size_t use_len;
1533	pem_context pem;
1534	#endif
1535
1536	crl = chain;
1537
1538	/*
1539	* Check for valid input
1540	*/
1541	if( crl == NULL \|\| buf == NULL )
1542	return( POLARSSL_ERR_X509_INVALID_INPUT );
1543
1544	while( crl->version != 0 && crl->next != NULL )
1545	crl = crl->next;
1546
1547	/*
1548	* Add new CRL on the end of the chain if needed.
1549	*/
1550	if ( crl->version != 0 && crl->next == NULL)
1551	{
1552	crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1553
1554	if( crl->next == NULL )
1555	{
1556	x509_crl_free( crl );
1557	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1558	}
1559
1560	crl = crl->next;
1561	memset( crl, 0, sizeof( x509_crl ) );
1562	}
1563
1564	#if defined(POLARSSL_PEM_C)
1565	pem_init( &pem );
1566	ret = pem_read_buffer( &pem,
1567	"-----BEGIN X509 CRL-----",
1568	"-----END X509 CRL-----",
1569	buf, NULL, 0, &use_len );
1570
1571	if( ret == 0 )
1572	{
1573	/*
1574	* Was PEM encoded
1575	*/
1576	buflen -= use_len;
1577	buf += use_len;
1578
1579	/*
1580	* Steal PEM buffer
1581	*/
1582	p = pem.buf;
1583	pem.buf = NULL;
1584	len = pem.buflen;
1585	pem_free( &pem );
1586	}
1587	else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1588	{
1589	pem_free( &pem );
1590	return( ret );
1591	}
1592	else
1593	{
1594	/*
1595	* nope, copy the raw DER data
1596	*/
1597	p = (unsigned char *) malloc( len = buflen );
1598
1599	if( p == NULL )
1600	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1601
1602	memcpy( p, buf, buflen );
1603
1604	buflen = 0;
1605	}
1606	#else
1607	p = (unsigned char *) malloc( len = buflen );
1608
1609	if( p == NULL )
1610	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1611
1612	memcpy( p, buf, buflen );
1613
1614	buflen = 0;
1615	#endif
1616
1617	crl->raw.p = p;
1618	crl->raw.len = len;
1619	end = p + len;
1620
1621	/*
1622	* CertificateList ::= SEQUENCE {
1623	* tbsCertList TBSCertList,
1624	* signatureAlgorithm AlgorithmIdentifier,
1625	* signatureValue BIT STRING }
1626	*/
1627	if( ( ret = asn1_get_tag( &p, end, &len,
1628	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1629	{
1630	x509_crl_free( crl );
1631	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
1632	}
1633
1634	if( len != (size_t) ( end - p ) )
1635	{
1636	x509_crl_free( crl );
1637	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
1638	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1639	}
1640
1641	/*
1642	* TBSCertList ::= SEQUENCE {
1643	*/
1644	crl->tbs.p = p;
1645
1646	if( ( ret = asn1_get_tag( &p, end, &len,
1647	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1648	{
1649	x509_crl_free( crl );
1650	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1651	}
1652
1653	end = p + len;
1654	crl->tbs.len = end - crl->tbs.p;
1655
1656	/*
1657	* Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
1658	* -- if present, MUST be v2
1659	*
1660	* signature AlgorithmIdentifier
1661	*/
1662	if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 \|\|
1663	( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
1664	{
1665	x509_crl_free( crl );
1666	return( ret );
1667	}
1668
1669	crl->version++;
1670
1671	if( crl->version > 2 )
1672	{
1673	x509_crl_free( crl );
1674	return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
1675	}
1676
1677	if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
1678	{
1679	x509_crl_free( crl );
1680	return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
1681	}
1682
1683	/*
1684	* issuer Name
1685	*/
1686	crl->issuer_raw.p = p;
1687
1688	if( ( ret = asn1_get_tag( &p, end, &len,
1689	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
1690	{
1691	x509_crl_free( crl );
1692	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1693	}
1694
1695	if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
1696	{
1697	x509_crl_free( crl );
1698	return( ret );
1699	}
1700
1701	crl->issuer_raw.len = p - crl->issuer_raw.p;
1702
1703	/*
1704	* thisUpdate Time
1705	* nextUpdate Time OPTIONAL
1706	*/
1707	if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
1708	{
1709	x509_crl_free( crl );
1710	return( ret );
1711	}
1712
1713	if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
1714	{
1715	if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
1716	POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
1717	ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
1718	POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
1719	{
1720	x509_crl_free( crl );
1721	return( ret );
1722	}
1723	}
1724
1725	/*
1726	* revokedCertificates SEQUENCE OF SEQUENCE {
1727	* userCertificate CertificateSerialNumber,
1728	* revocationDate Time,
1729	* crlEntryExtensions Extensions OPTIONAL
1730	* -- if present, MUST be v2
1731	* } OPTIONAL
1732	*/
1733	if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
1734	{
1735	x509_crl_free( crl );
1736	return( ret );
1737	}
1738
1739	/*
1740	* crlExtensions EXPLICIT Extensions OPTIONAL
1741	* -- if present, MUST be v2
1742	*/
1743	if( crl->version == 2 )
1744	{
1745	ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
1746
1747	if( ret != 0 )
1748	{
1749	x509_crl_free( crl );
1750	return( ret );
1751	}
1752	}
1753
1754	if( p != end )
1755	{
1756	x509_crl_free( crl );
1757	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
1758	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1759	}
1760
1761	end = crl->raw.p + crl->raw.len;
1762
1763	/*
1764	* signatureAlgorithm AlgorithmIdentifier,
1765	* signatureValue BIT STRING
1766	*/
1767	if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
1768	{
1769	x509_crl_free( crl );
1770	return( ret );
1771	}
1772
1773	if( memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
1774	{
1775	x509_crl_free( crl );
1776	return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
1777	}
1778
1779	if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
1780	{
1781	x509_crl_free( crl );
1782	return( ret );
1783	}
1784
1785	if( p != end )
1786	{
1787	x509_crl_free( crl );
1788	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
1789	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
1790	}
1791
1792	if( buflen > 0 )
1793	{
1794	crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1795
1796	if( crl->next == NULL )
1797	{
1798	x509_crl_free( crl );
1799	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1800	}
1801
1802	crl = crl->next;
1803	memset( crl, 0, sizeof( x509_crl ) );
1804
1805	return( x509parse_crl( crl, buf, buflen ) );
1806	}
1807
1808	return( 0 );
1809	}
1810
1811	#if defined(POLARSSL_FS_IO)
1812	/*
1813	* Load all data from a file into a given buffer.
1814	*/
1815	int load_file( const char path, unsigned char buf, size_t n )
1816	{
1817	FILE *f;
1818
1819	if( ( f = fopen( path, "rb" ) ) == NULL )
1820	return( POLARSSL_ERR_X509_FILE_IO_ERROR );
1821
1822	fseek( f, 0, SEEK_END );
1823	*n = (size_t) ftell( f );
1824	fseek( f, 0, SEEK_SET );
1825
1826	if( ( buf = (unsigned char ) malloc( *n + 1 ) ) == NULL )
1827	return( POLARSSL_ERR_X509_MALLOC_FAILED );
1828
1829	if( fread( buf, 1, n, f ) != *n )
1830	{
1831	fclose( f );
1832	free( *buf );
1833	return( POLARSSL_ERR_X509_FILE_IO_ERROR );
1834	}
1835
1836	fclose( f );
1837
1838	(buf)[n] = '\0';
1839
1840	return( 0 );
1841	}
1842
1843	/*
1844	* Load one or more certificates and add them to the chained list
1845	*/
1846	int x509parse_crtfile( x509_cert chain, const char path )
1847	{
1848	int ret;
1849	size_t n;
1850	unsigned char *buf;
1851
1852	if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1853	return( ret );
1854
1855	ret = x509parse_crt( chain, buf, n );
1856
1857	memset( buf, 0, n + 1 );
1858	free( buf );
1859
1860	return( ret );
1861	}
1862
1863	/*
1864	* Load one or more CRLs and add them to the chained list
1865	*/
1866	int x509parse_crlfile( x509_crl chain, const char path )
1867	{
1868	int ret;
1869	size_t n;
1870	unsigned char *buf;
1871
1872	if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1873	return( ret );
1874
1875	ret = x509parse_crl( chain, buf, n );
1876
1877	memset( buf, 0, n + 1 );
1878	free( buf );
1879
1880	return( ret );
1881	}
1882
1883	/*
1884	* Load and parse a private RSA key
1885	*/
1886	int x509parse_keyfile( rsa_context rsa, const char path, const char *pwd )
1887	{
1888	int ret;
1889	size_t n;
1890	unsigned char *buf;
1891
1892	if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1893	return( ret );
1894
1895	if( pwd == NULL )
1896	ret = x509parse_key( rsa, buf, n, NULL, 0 );
1897	else
1898	ret = x509parse_key( rsa, buf, n,
1899	(unsigned char *) pwd, strlen( pwd ) );
1900
1901	memset( buf, 0, n + 1 );
1902	free( buf );
1903
1904	return( ret );
1905	}
1906
1907	/*
1908	* Load and parse a public RSA key
1909	*/
1910	int x509parse_public_keyfile( rsa_context rsa, const char path )
1911	{
1912	int ret;
1913	size_t n;
1914	unsigned char *buf;
1915
1916	if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1917	return( ret );
1918
1919	ret = x509parse_public_key( rsa, buf, n );
1920
1921	memset( buf, 0, n + 1 );
1922	free( buf );
1923
1924	return( ret );
1925	}
1926	#endif /* POLARSSL_FS_IO */
1927
1928	/*
1929	* Parse a private RSA key
1930	*/
1931	int x509parse_key( rsa_context rsa, const unsigned char key, size_t keylen,
1932	const unsigned char *pwd, size_t pwdlen )
1933	{
1934	int ret;
1935	size_t len;
1936	unsigned char p, end;
1937	unsigned char *p_alt;
1938	x509_buf pk_alg_oid;
1939
1940	#if defined(POLARSSL_PEM_C)
1941	pem_context pem;
1942
1943	pem_init( &pem );
1944	ret = pem_read_buffer( &pem,
1945	"-----BEGIN RSA PRIVATE KEY-----",
1946	"-----END RSA PRIVATE KEY-----",
1947	key, pwd, pwdlen, &len );
1948
1949	if( ret == POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1950	{
1951	ret = pem_read_buffer( &pem,
1952	"-----BEGIN PRIVATE KEY-----",
1953	"-----END PRIVATE KEY-----",
1954	key, pwd, pwdlen, &len );
1955	}
1956
1957	if( ret == 0 )
1958	{
1959	/*
1960	* Was PEM encoded
1961	*/
1962	keylen = pem.buflen;
1963	}
1964	else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1965	{
1966	pem_free( &pem );
1967	return( ret );
1968	}
1969
1970	p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
1971	#else
1972	((void) pwd);
1973	((void) pwdlen);
1974	p = (unsigned char *) key;
1975	#endif
1976	end = p + keylen;
1977
1978	/*
1979	* Note: Depending on the type of private key file one can expect either a
1980	* PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
1981	*
1982	* PrivateKeyInfo ::= SEQUENCE {
1983	* version Version,
1984	* algorithm AlgorithmIdentifier,
1985	* PrivateKey BIT STRING
1986	* }
1987	*
1988	* AlgorithmIdentifier ::= SEQUENCE {
1989	* algorithm OBJECT IDENTIFIER,
1990	* parameters ANY DEFINED BY algorithm OPTIONAL
1991	* }
1992	*
1993	* RSAPrivateKey ::= SEQUENCE {
1994	* version Version,
1995	* modulus INTEGER, -- n
1996	* publicExponent INTEGER, -- e
1997	* privateExponent INTEGER, -- d
1998	* prime1 INTEGER, -- p
1999	* prime2 INTEGER, -- q
2000	* exponent1 INTEGER, -- d mod (p-1)
2001	* exponent2 INTEGER, -- d mod (q-1)
2002	* coefficient INTEGER, -- (inverse of q) mod p
2003	* otherPrimeInfos OtherPrimeInfos OPTIONAL
2004	* }
2005	*/
2006	if( ( ret = asn1_get_tag( &p, end, &len,
2007	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
2008	{
2009	#if defined(POLARSSL_PEM_C)
2010	pem_free( &pem );
2011	#endif
2012	rsa_free( rsa );
2013	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2014	}
2015
2016	end = p + len;
2017
2018	if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2019	{
2020	#if defined(POLARSSL_PEM_C)
2021	pem_free( &pem );
2022	#endif
2023	rsa_free( rsa );
2024	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2025	}
2026
2027	if( rsa->ver != 0 )
2028	{
2029	#if defined(POLARSSL_PEM_C)
2030	pem_free( &pem );
2031	#endif
2032	rsa_free( rsa );
2033	return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2034	}
2035
2036	p_alt = p;
2037
2038	if( ( ret = x509_get_alg( &p_alt, end, &pk_alg_oid ) ) != 0 )
2039	{
2040	// Assume that we have the PKCS#1 format if wrong
2041	// tag was encountered
2042	//
2043	if( ret != POLARSSL_ERR_X509_CERT_INVALID_ALG +
2044	POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
2045	{
2046	#if defined(POLARSSL_PEM_C)
2047	pem_free( &pem );
2048	#endif
2049	rsa_free( rsa );
2050	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
2051	}
2052	}
2053	else
2054	{
2055	int can_handle;
2056
2057	/*
2058	* only RSA keys handled at this time
2059	*/
2060	can_handle = 0;
2061
2062	if( pk_alg_oid.len == 9 &&
2063	memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) == 0 )
2064	can_handle = 1;
2065
2066	if( pk_alg_oid.len == 9 &&
2067	memcmp( pk_alg_oid.p, OID_PKCS1, 8 ) == 0 )
2068	{
2069	if( pk_alg_oid.p[8] >= 2 && pk_alg_oid.p[8] <= 5 )
2070	can_handle = 1;
2071
2072	if ( pk_alg_oid.p[8] >= 11 && pk_alg_oid.p[8] <= 14 )
2073	can_handle = 1;
2074	}
2075
2076	if( pk_alg_oid.len == 5 &&
2077	memcmp( pk_alg_oid.p, OID_RSA_SHA_OBS, 5 ) == 0 )
2078	can_handle = 1;
2079
2080	if( can_handle == 0 )
2081	return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
2082
2083	/*
2084	* Parse the PKCS#8 format
2085	*/
2086
2087	p = p_alt;
2088	if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
2089	{
2090	#if defined(POLARSSL_PEM_C)
2091	pem_free( &pem );
2092	#endif
2093	rsa_free( rsa );
2094	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2095	}
2096
2097	if( ( end - p ) < 1 )
2098	{
2099	#if defined(POLARSSL_PEM_C)
2100	pem_free( &pem );
2101	#endif
2102	rsa_free( rsa );
2103	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
2104	POLARSSL_ERR_ASN1_OUT_OF_DATA );
2105	}
2106
2107	end = p + len;
2108
2109	if( ( ret = asn1_get_tag( &p, end, &len,
2110	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
2111	{
2112	#if defined(POLARSSL_PEM_C)
2113	pem_free( &pem );
2114	#endif
2115	rsa_free( rsa );
2116	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2117	}
2118
2119	end = p + len;
2120
2121	if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2122	{
2123	#if defined(POLARSSL_PEM_C)
2124	pem_free( &pem );
2125	#endif
2126	rsa_free( rsa );
2127	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2128	}
2129
2130	if( rsa->ver != 0 )
2131	{
2132	#if defined(POLARSSL_PEM_C)
2133	pem_free( &pem );
2134	#endif
2135	rsa_free( rsa );
2136	return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2137	}
2138	}
2139
2140	if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 \|\|
2141	( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 \|\|
2142	( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 \|\|
2143	( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 \|\|
2144	( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 \|\|
2145	( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 \|\|
2146	( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 \|\|
2147	( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
2148	{
2149	#if defined(POLARSSL_PEM_C)
2150	pem_free( &pem );
2151	#endif
2152	rsa_free( rsa );
2153	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2154	}
2155
2156	rsa->len = mpi_size( &rsa->N );
2157
2158	if( p != end )
2159	{
2160	#if defined(POLARSSL_PEM_C)
2161	pem_free( &pem );
2162	#endif
2163	rsa_free( rsa );
2164	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
2165	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
2166	}
2167
2168	if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
2169	{
2170	#if defined(POLARSSL_PEM_C)
2171	pem_free( &pem );
2172	#endif
2173	rsa_free( rsa );
2174	return( ret );
2175	}
2176
2177	#if defined(POLARSSL_PEM_C)
2178	pem_free( &pem );
2179	#endif
2180
2181	return( 0 );
2182	}
2183
2184	/*
2185	* Parse a public RSA key
2186	*/
2187	int x509parse_public_key( rsa_context rsa, const unsigned char key, size_t keylen )
2188	{
2189	int ret;
2190	size_t len;
2191	unsigned char p, end;
2192	x509_buf alg_oid;
2193	#if defined(POLARSSL_PEM_C)
2194	pem_context pem;
2195
2196	pem_init( &pem );
2197	ret = pem_read_buffer( &pem,
2198	"-----BEGIN PUBLIC KEY-----",
2199	"-----END PUBLIC KEY-----",
2200	key, NULL, 0, &len );
2201
2202	if( ret == 0 )
2203	{
2204	/*
2205	* Was PEM encoded
2206	*/
2207	keylen = pem.buflen;
2208	}
2209	else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
2210	{
2211	pem_free( &pem );
2212	return( ret );
2213	}
2214
2215	p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
2216	#else
2217	p = (unsigned char *) key;
2218	#endif
2219	end = p + keylen;
2220
2221	/*
2222	* PublicKeyInfo ::= SEQUENCE {
2223	* algorithm AlgorithmIdentifier,
2224	* PublicKey BIT STRING
2225	* }
2226	*
2227	* AlgorithmIdentifier ::= SEQUENCE {
2228	* algorithm OBJECT IDENTIFIER,
2229	* parameters ANY DEFINED BY algorithm OPTIONAL
2230	* }
2231	*
2232	* RSAPublicKey ::= SEQUENCE {
2233	* modulus INTEGER, -- n
2234	* publicExponent INTEGER -- e
2235	* }
2236	*/
2237
2238	if( ( ret = asn1_get_tag( &p, end, &len,
2239	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
2240	{
2241	#if defined(POLARSSL_PEM_C)
2242	pem_free( &pem );
2243	#endif
2244	rsa_free( rsa );
2245	return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
2246	}
2247
2248	if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
2249	{
2250	#if defined(POLARSSL_PEM_C)
2251	pem_free( &pem );
2252	#endif
2253	rsa_free( rsa );
2254	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2255	}
2256
2257	if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
2258	{
2259	#if defined(POLARSSL_PEM_C)
2260	pem_free( &pem );
2261	#endif
2262	rsa_free( rsa );
2263	return( ret );
2264	}
2265
2266	rsa->len = mpi_size( &rsa->N );
2267
2268	#if defined(POLARSSL_PEM_C)
2269	pem_free( &pem );
2270	#endif
2271
2272	return( 0 );
2273	}
2274
2275	#if defined(POLARSSL_DHM_C)
2276	/*
2277	* Parse DHM parameters
2278	*/
2279	int x509parse_dhm( dhm_context dhm, const unsigned char dhmin, size_t dhminlen )
2280	{
2281	int ret;
2282	size_t len;
2283	unsigned char p, end;
2284	#if defined(POLARSSL_PEM_C)
2285	pem_context pem;
2286
2287	pem_init( &pem );
2288
2289	ret = pem_read_buffer( &pem,
2290	"-----BEGIN DH PARAMETERS-----",
2291	"-----END DH PARAMETERS-----",
2292	dhmin, NULL, 0, &dhminlen );
2293
2294	if( ret == 0 )
2295	{
2296	/*
2297	* Was PEM encoded
2298	*/
2299	dhminlen = pem.buflen;
2300	}
2301	else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
2302	{
2303	pem_free( &pem );
2304	return( ret );
2305	}
2306
2307	p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
2308	#else
2309	p = (unsigned char *) dhmin;
2310	#endif
2311	end = p + dhminlen;
2312
2313	memset( dhm, 0, sizeof( dhm_context ) );
2314
2315	/*
2316	* DHParams ::= SEQUENCE {
2317	* prime INTEGER, -- P
2318	* generator INTEGER, -- g
2319	* }
2320	*/
2321	if( ( ret = asn1_get_tag( &p, end, &len,
2322	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
2323	{
2324	#if defined(POLARSSL_PEM_C)
2325	pem_free( &pem );
2326	#endif
2327	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2328	}
2329
2330	end = p + len;
2331
2332	if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 \|\|
2333	( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
2334	{
2335	#if defined(POLARSSL_PEM_C)
2336	pem_free( &pem );
2337	#endif
2338	dhm_free( dhm );
2339	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2340	}
2341
2342	if( p != end )
2343	{
2344	#if defined(POLARSSL_PEM_C)
2345	pem_free( &pem );
2346	#endif
2347	dhm_free( dhm );
2348	return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
2349	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
2350	}
2351
2352	#if defined(POLARSSL_PEM_C)
2353	pem_free( &pem );
2354	#endif
2355
2356	return( 0 );
2357	}
2358
2359	#if defined(POLARSSL_FS_IO)
2360	/*
2361	* Load and parse a private RSA key
2362	*/
2363	int x509parse_dhmfile( dhm_context dhm, const char path )
2364	{
2365	int ret;
2366	size_t n;
2367	unsigned char *buf;
2368
2369	if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2370	return( ret );
2371
2372	ret = x509parse_dhm( dhm, buf, n );
2373
2374	memset( buf, 0, n + 1 );
2375	free( buf );
2376
2377	return( ret );
2378	}
2379	#endif /* POLARSSL_FS_IO */
2380	#endif /* POLARSSL_DHM_C */
2381
2382	#if defined _MSC_VER && !defined snprintf
2383	#include <stdarg.h>
2384
2385	#if !defined vsnprintf
2386	#define vsnprintf _vsnprintf
2387	#endif // vsnprintf
2388
2389	/*
2390	* Windows _snprintf and _vsnprintf are not compatible to linux versions.
2391	* Result value is not size of buffer needed, but -1 if no fit is possible.
2392	*
2393	* This fuction tries to 'fix' this by at least suggesting enlarging the
2394	* size by 20.
2395	*/
2396	int compat_snprintf(char str, size_t size, const char format, ...)
2397	{
2398	va_list ap;
2399	int res = -1;
2400
2401	va_start( ap, format );
2402
2403	res = vsnprintf( str, size, format, ap );
2404
2405	va_end( ap );
2406
2407	// No quick fix possible
2408	if ( res < 0 )
2409	return( (int) size + 20 );
2410
2411	return res;
2412	}
2413
2414	#define snprintf compat_snprintf
2415	#endif
2416
2417	#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2418
2419	#define SAFE_SNPRINTF() \
2420	{ \
2421	if( ret == -1 ) \
2422	return( -1 ); \
2423	\
2424	if ( (unsigned int) ret > n ) { \
2425	p[n - 1] = '\0'; \
2426	return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2427	} \
2428	\
2429	n -= (unsigned int) ret; \
2430	p += (unsigned int) ret; \
2431	}
2432
2433	/*
2434	* Store the name in printable form into buf; no more
2435	* than size characters will be written
2436	*/
2437	int x509parse_dn_gets( char buf, size_t size, const x509_name dn )
2438	{
2439	int ret;
2440	size_t i, n;
2441	unsigned char c;
2442	const x509_name *name;
2443	char s[128], *p;
2444
2445	memset( s, 0, sizeof( s ) );
2446
2447	name = dn;
2448	p = buf;
2449	n = size;
2450
2451	while( name != NULL )
2452	{
2453	if( name != dn )
2454	{
2455	ret = snprintf( p, n, ", " );
2456	SAFE_SNPRINTF();
2457	}
2458
2459	if( memcmp( name->oid.p, OID_X520, 2 ) == 0 )
2460	{
2461	switch( name->oid.p[2] )
2462	{
2463	case X520_COMMON_NAME:
2464	ret = snprintf( p, n, "CN=" ); break;
2465
2466	case X520_COUNTRY:
2467	ret = snprintf( p, n, "C=" ); break;
2468
2469	case X520_LOCALITY:
2470	ret = snprintf( p, n, "L=" ); break;
2471
2472	case X520_STATE:
2473	ret = snprintf( p, n, "ST=" ); break;
2474
2475	case X520_ORGANIZATION:
2476	ret = snprintf( p, n, "O=" ); break;
2477
2478	case X520_ORG_UNIT:
2479	ret = snprintf( p, n, "OU=" ); break;
2480
2481	default:
2482	ret = snprintf( p, n, "0x%02X=",
2483	name->oid.p[2] );
2484	break;
2485	}
2486	SAFE_SNPRINTF();
2487	}
2488	else if( memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
2489	{
2490	switch( name->oid.p[8] )
2491	{
2492	case PKCS9_EMAIL:
2493	ret = snprintf( p, n, "emailAddress=" ); break;
2494
2495	default:
2496	ret = snprintf( p, n, "0x%02X=",
2497	name->oid.p[8] );
2498	break;
2499	}
2500	SAFE_SNPRINTF();
2501	}
2502	else
2503	{
2504	ret = snprintf( p, n, "\?\?=" );
2505	SAFE_SNPRINTF();
2506	}
2507
2508	for( i = 0; i < name->val.len; i++ )
2509	{
2510	if( i >= sizeof( s ) - 1 )
2511	break;
2512
2513	c = name->val.p[i];
2514	if( c < 32 \|\| c == 127 \|\| ( c > 128 && c < 160 ) )
2515	s[i] = '?';
2516	else s[i] = c;
2517	}
2518	s[i] = '\0';
2519	ret = snprintf( p, n, "%s", s );
2520	SAFE_SNPRINTF();
2521	name = name->next;
2522	}
2523
2524	return( (int) ( size - n ) );
2525	}
2526
2527	/*
2528	* Store the serial in printable form into buf; no more
2529	* than size characters will be written
2530	*/
2531	int x509parse_serial_gets( char buf, size_t size, const x509_buf serial )
2532	{
2533	int ret;
2534	size_t i, n, nr;
2535	char *p;
2536
2537	p = buf;
2538	n = size;
2539
2540	nr = ( serial->len <= 32 )
2541	? serial->len : 28;
2542
2543	for( i = 0; i < nr; i++ )
2544	{
2545	if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
2546	continue;
2547
2548	ret = snprintf( p, n, "%02X%s",
2549	serial->p[i], ( i < nr - 1 ) ? ":" : "" );
2550	SAFE_SNPRINTF();
2551	}
2552
2553	if( nr != serial->len )
2554	{
2555	ret = snprintf( p, n, "...." );
2556	SAFE_SNPRINTF();
2557	}
2558
2559	return( (int) ( size - n ) );
2560	}
2561
2562	/*
2563	* Return an informational string about the certificate.
2564	*/
2565	int x509parse_cert_info( char buf, size_t size, const char prefix,
2566	const x509_cert *crt )
2567	{
2568	int ret;
2569	size_t n;
2570	char *p;
2571
2572	p = buf;
2573	n = size;
2574
2575	ret = snprintf( p, n, "%scert. version : %d\n",
2576	prefix, crt->version );
2577	SAFE_SNPRINTF();
2578	ret = snprintf( p, n, "%sserial number : ",
2579	prefix );
2580	SAFE_SNPRINTF();
2581
2582	ret = x509parse_serial_gets( p, n, &crt->serial);
2583	SAFE_SNPRINTF();
2584
2585	ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2586	SAFE_SNPRINTF();
2587	ret = x509parse_dn_gets( p, n, &crt->issuer );
2588	SAFE_SNPRINTF();
2589
2590	ret = snprintf( p, n, "\n%ssubject name : ", prefix );
2591	SAFE_SNPRINTF();
2592	ret = x509parse_dn_gets( p, n, &crt->subject );
2593	SAFE_SNPRINTF();
2594
2595	ret = snprintf( p, n, "\n%sissued on : " \
2596	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
2597	crt->valid_from.year, crt->valid_from.mon,
2598	crt->valid_from.day, crt->valid_from.hour,
2599	crt->valid_from.min, crt->valid_from.sec );
2600	SAFE_SNPRINTF();
2601
2602	ret = snprintf( p, n, "\n%sexpires on : " \
2603	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
2604	crt->valid_to.year, crt->valid_to.mon,
2605	crt->valid_to.day, crt->valid_to.hour,
2606	crt->valid_to.min, crt->valid_to.sec );
2607	SAFE_SNPRINTF();
2608
2609	ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2610	SAFE_SNPRINTF();
2611
2612	switch( crt->sig_alg )
2613	{
2614	case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2615	case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2616	case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2617	case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2618	case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2619	case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2620	case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2621	case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2622	default: ret = snprintf( p, n, "???" ); break;
2623	}
2624	SAFE_SNPRINTF();
2625
2626	ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
2627	(int) crt->rsa.N.n * (int) sizeof( unsigned long ) * 8 );
2628	SAFE_SNPRINTF();
2629
2630	return( (int) ( size - n ) );
2631	}
2632
2633	/* Compare a given OID string with an OID x509_buf * */
2634	#define OID_CMP(oid_str, oid_buf) \
2635	( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
2636	memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
2637
2638	/*
2639	* Return an informational string describing the given OID
2640	*/
2641	const char x509_oid_get_description( x509_buf oid )
2642	{
2643	if ( oid == NULL )
2644	return ( NULL );
2645
2646	else if( OID_CMP( OID_SERVER_AUTH, oid ) )
2647	return( STRING_SERVER_AUTH );
2648
2649	else if( OID_CMP( OID_CLIENT_AUTH, oid ) )
2650	return( STRING_CLIENT_AUTH );
2651
2652	else if( OID_CMP( OID_CODE_SIGNING, oid ) )
2653	return( STRING_CODE_SIGNING );
2654
2655	else if( OID_CMP( OID_EMAIL_PROTECTION, oid ) )
2656	return( STRING_EMAIL_PROTECTION );
2657
2658	else if( OID_CMP( OID_TIME_STAMPING, oid ) )
2659	return( STRING_TIME_STAMPING );
2660
2661	else if( OID_CMP( OID_OCSP_SIGNING, oid ) )
2662	return( STRING_OCSP_SIGNING );
2663
2664	return( NULL );
2665	}
2666
2667	/* Return the x.y.z.... style numeric string for the given OID */
2668	int x509_oid_get_numeric_string( char buf, size_t size, x509_buf oid )
2669	{
2670	int ret;
2671	size_t i, n;
2672	unsigned int value;
2673	char *p;
2674
2675	p = buf;
2676	n = size;
2677
2678	/* First byte contains first two dots */
2679	if( oid->len > 0 )
2680	{
2681	ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
2682	SAFE_SNPRINTF();
2683	}
2684
2685	/* TODO: value can overflow in value. */
2686	value = 0;
2687	for( i = 1; i < oid->len; i++ )
2688	{
2689	value <<= 7;
2690	value += oid->p[i] & 0x7F;
2691
2692	if( !( oid->p[i] & 0x80 ) )
2693	{
2694	/* Last byte */
2695	ret = snprintf( p, n, ".%d", value );
2696	SAFE_SNPRINTF();
2697	value = 0;
2698	}
2699	}
2700
2701	return( (int) ( size - n ) );
2702	}
2703
2704	/*
2705	* Return an informational string about the CRL.
2706	*/
2707	int x509parse_crl_info( char buf, size_t size, const char prefix,
2708	const x509_crl *crl )
2709	{
2710	int ret;
2711	size_t n;
2712	char *p;
2713	const x509_crl_entry *entry;
2714
2715	p = buf;
2716	n = size;
2717
2718	ret = snprintf( p, n, "%sCRL version : %d",
2719	prefix, crl->version );
2720	SAFE_SNPRINTF();
2721
2722	ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2723	SAFE_SNPRINTF();
2724	ret = x509parse_dn_gets( p, n, &crl->issuer );
2725	SAFE_SNPRINTF();
2726
2727	ret = snprintf( p, n, "\n%sthis update : " \
2728	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
2729	crl->this_update.year, crl->this_update.mon,
2730	crl->this_update.day, crl->this_update.hour,
2731	crl->this_update.min, crl->this_update.sec );
2732	SAFE_SNPRINTF();
2733
2734	ret = snprintf( p, n, "\n%snext update : " \
2735	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
2736	crl->next_update.year, crl->next_update.mon,
2737	crl->next_update.day, crl->next_update.hour,
2738	crl->next_update.min, crl->next_update.sec );
2739	SAFE_SNPRINTF();
2740
2741	entry = &crl->entry;
2742
2743	ret = snprintf( p, n, "\n%sRevoked certificates:",
2744	prefix );
2745	SAFE_SNPRINTF();
2746
2747	while( entry != NULL && entry->raw.len != 0 )
2748	{
2749	ret = snprintf( p, n, "\n%sserial number: ",
2750	prefix );
2751	SAFE_SNPRINTF();
2752
2753	ret = x509parse_serial_gets( p, n, &entry->serial);
2754	SAFE_SNPRINTF();
2755
2756	ret = snprintf( p, n, " revocation date: " \
2757	"%04d-%02d-%02d %02d:%02d:%02d",
2758	entry->revocation_date.year, entry->revocation_date.mon,
2759	entry->revocation_date.day, entry->revocation_date.hour,
2760	entry->revocation_date.min, entry->revocation_date.sec );
2761	SAFE_SNPRINTF();
2762
2763	entry = entry->next;
2764	}
2765
2766	ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2767	SAFE_SNPRINTF();
2768
2769	switch( crl->sig_alg )
2770	{
2771	case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2772	case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2773	case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2774	case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2775	case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2776	case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2777	case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2778	case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2779	default: ret = snprintf( p, n, "???" ); break;
2780	}
2781	SAFE_SNPRINTF();
2782
2783	ret = snprintf( p, n, "\n" );
2784	SAFE_SNPRINTF();
2785
2786	return( (int) ( size - n ) );
2787	}
2788
2789	/*
2790	* Return 0 if the x509_time is still valid, or 1 otherwise.
2791	*/
2792	int x509parse_time_expired( const x509_time *to )
2793	{
2794	int year, mon, day;
2795	int hour, min, sec;
2796
2797	#if defined(_WIN32)
2798	SYSTEMTIME st;
2799
2800	GetLocalTime(&st);
2801
2802	year = st.wYear;
2803	mon = st.wMonth;
2804	day = st.wDay;
2805	hour = st.wHour;
2806	min = st.wMinute;
2807	sec = st.wSecond;
2808	#else
2809	struct tm *lt;
2810	time_t tt;
2811
2812	tt = time( NULL );
2813	lt = localtime( &tt );
2814
2815	year = lt->tm_year + 1900;
2816	mon = lt->tm_mon + 1;
2817	day = lt->tm_mday;
2818	hour = lt->tm_hour;
2819	min = lt->tm_min;
2820	sec = lt->tm_sec;
2821	#endif
2822
2823	if( year > to->year )
2824	return( 1 );
2825
2826	if( year == to->year &&
2827	mon > to->mon )
2828	return( 1 );
2829
2830	if( year == to->year &&
2831	mon == to->mon &&
2832	day > to->day )
2833	return( 1 );
2834
2835	if( year == to->year &&
2836	mon == to->mon &&
2837	day == to->day &&
2838	hour > to->hour )
2839	return( 1 );
2840
2841	if( year == to->year &&
2842	mon == to->mon &&
2843	day == to->day &&
2844	hour == to->hour &&
2845	min > to->min )
2846	return( 1 );
2847
2848	if( year == to->year &&
2849	mon == to->mon &&
2850	day == to->day &&
2851	hour == to->hour &&
2852	min == to->min &&
2853	sec > to->sec )
2854	return( 1 );
2855
2856	return( 0 );
2857	}
2858
2859	/*
2860	* Return 1 if the certificate is revoked, or 0 otherwise.
2861	*/
2862	int x509parse_revoked( const x509_cert crt, const x509_crl crl )
2863	{
2864	const x509_crl_entry *cur = &crl->entry;
2865
2866	while( cur != NULL && cur->serial.len != 0 )
2867	{
2868	if( crt->serial.len == cur->serial.len &&
2869	memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
2870	{
2871	if( x509parse_time_expired( &cur->revocation_date ) )
2872	return( 1 );
2873	}
2874
2875	cur = cur->next;
2876	}
2877
2878	return( 0 );
2879	}
2880
2881	/*
2882	* Wrapper for x509 hashes.
2883	*
2884	* \param out Buffer to receive the hash (Should be at least 64 bytes)
2885	*/
2886	static void x509_hash( const unsigned char *in, size_t len, int alg,
2887	unsigned char *out )
2888	{
2889	switch( alg )
2890	{
2891	#if defined(POLARSSL_MD2_C)
2892	case SIG_RSA_MD2 : md2( in, len, out ); break;
2893	#endif
2894	#if defined(POLARSSL_MD4_C)
2895	case SIG_RSA_MD4 : md4( in, len, out ); break;
2896	#endif
2897	#if defined(POLARSSL_MD5_C)
2898	case SIG_RSA_MD5 : md5( in, len, out ); break;
2899	#endif
2900	#if defined(POLARSSL_SHA1_C)
2901	case SIG_RSA_SHA1 : sha1( in, len, out ); break;
2902	#endif
2903	#if defined(POLARSSL_SHA2_C)
2904	case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
2905	case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
2906	#endif
2907	#if defined(POLARSSL_SHA4_C)
2908	case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
2909	case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
2910	#endif
2911	default:
2912	memset( out, '\xFF', 64 );
2913	break;
2914	}
2915	}
2916
2917	/*
2918	* Check that the given certificate is valid accoring to the CRL.
2919	*/
2920	static int x509parse_verifycrl(x509_cert crt, x509_cert ca,
2921	x509_crl *crl_list)
2922	{
2923	int flags = 0;
2924	int hash_id;
2925	unsigned char hash[64];
2926
2927	/*
2928	* TODO: What happens if no CRL is present?
2929	* Suggestion: Revocation state should be unknown if no CRL is present.
2930	* For backwards compatibility this is not yet implemented.
2931	*/
2932
2933	while( ca != NULL && crl_list != NULL && crl_list->version != 0 )
2934	{
2935	if( crl_list->issuer_raw.len != ca->subject_raw.len \|\|
2936	memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
2937	crl_list->issuer_raw.len ) != 0 )
2938	{
2939	crl_list = crl_list->next;
2940	continue;
2941	}
2942
2943	/*
2944	* Check if CRL is correctly signed by the trusted CA
2945	*/
2946	hash_id = crl_list->sig_alg;
2947
2948	x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
2949
2950	if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, hash_id,
2951	0, hash, crl_list->sig.p ) == 0 )
2952	{
2953	/*
2954	* CRL is not trusted
2955	*/
2956	flags \|= BADCRL_NOT_TRUSTED;
2957	break;
2958	}
2959
2960	/*
2961	* Check for validity of CRL (Do not drop out)
2962	*/
2963	if( x509parse_time_expired( &crl_list->next_update ) )
2964	flags \|= BADCRL_EXPIRED;
2965
2966	/*
2967	* Check if certificate is revoked
2968	*/
2969	if( x509parse_revoked(crt, crl_list) )
2970	{
2971	flags \|= BADCERT_REVOKED;
2972	break;
2973	}
2974
2975	crl_list = crl_list->next;
2976	}
2977	return flags;
2978	}
2979
2980	int x509_wildcard_verify( const char cn, x509_buf name )
2981	{
2982	size_t i;
2983	size_t cn_idx = 0;
2984
2985	if( name->len < 3 \|\| name->p[0] != '*' \|\| name->p[1] != '.' )
2986	return( 0 );
2987
2988	for( i = 0; i < strlen( cn ); ++i )
2989	{
2990	if( cn[i] == '.' )
2991	{
2992	cn_idx = i;
2993	break;
2994	}
2995	}
2996
2997	if( cn_idx == 0 )
2998	return( 0 );
2999
3000	if( memcmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 &&
3001	strlen( cn ) - cn_idx == name->len - 1 )
3002	{
3003	return( 1 );
3004	}
3005
3006	return( 0 );
3007	}
3008
3009	/*
3010	* Verify the certificate validity
3011	*/
3012	int x509parse_verify( x509_cert *crt,
3013	x509_cert *trust_ca,
3014	x509_crl *ca_crl,
3015	const char cn, int flags,
3016	int (f_vrfy)(void , x509_cert *, int, int),
3017	void *p_vrfy )
3018	{
3019	size_t cn_len;
3020	int hash_id;
3021	int pathlen;
3022	x509_cert *parent;
3023	x509_name *name;
3024	unsigned char hash[64];
3025	x509_sequence *cur = NULL;
3026
3027	*flags = 0;
3028
3029	if( x509parse_time_expired( &crt->valid_to ) )
3030	*flags = BADCERT_EXPIRED;
3031
3032	if( cn != NULL )
3033	{
3034	name = &crt->subject;
3035	cn_len = strlen( cn );
3036
3037	if( crt->ext_types & EXT_SUBJECT_ALT_NAME )
3038	{
3039	cur = &crt->subject_alt_names;
3040
3041	while( cur != NULL )
3042	{
3043	if( memcmp( cn, cur->buf.p, cn_len ) == 0 &&
3044	cur->buf.len == cn_len )
3045	break;
3046
3047	if( memcmp( cur->buf.p, "*.", 2 ) == 0 &&
3048	x509_wildcard_verify( cn, &cur->buf ) )
3049	break;
3050
3051	cur = cur->next;
3052	}
3053
3054	if( cur == NULL )
3055	*flags \|= BADCERT_CN_MISMATCH;
3056	}
3057	else
3058	{
3059	while( name != NULL )
3060	{
3061	if( memcmp( name->oid.p, OID_CN, 3 ) == 0 )
3062	{
3063	if( memcmp( name->val.p, cn, cn_len ) == 0 &&
3064	name->val.len == cn_len )
3065	break;
3066
3067	if( memcmp( name->val.p, "*.", 2 ) == 0 &&
3068	x509_wildcard_verify( cn, &name->val ) )
3069	break;
3070	}
3071
3072	name = name->next;
3073	}
3074
3075	if( name == NULL )
3076	*flags \|= BADCERT_CN_MISMATCH;
3077	}
3078	}
3079
3080	/*
3081	* Iterate upwards in the given cert chain,
3082	* ignoring any upper cert with CA != TRUE.
3083	*/
3084	parent = crt->next;
3085
3086	pathlen = 1;
3087
3088	while( parent != NULL && parent->version != 0 )
3089	{
3090	if( parent->ca_istrue == 0 \|\|
3091	crt->issuer_raw.len != parent->subject_raw.len \|\|
3092	memcmp( crt->issuer_raw.p, parent->subject_raw.p,
3093	crt->issuer_raw.len ) != 0 )
3094	{
3095	parent = parent->next;
3096	continue;
3097	}
3098
3099	hash_id = crt->sig_alg;
3100
3101	x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
3102
3103	if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, hash_id, 0, hash,
3104	crt->sig.p ) != 0 )
3105	*flags \|= BADCERT_NOT_TRUSTED;
3106
3107	/* Check trusted CA's CRL for the given crt */
3108	*flags \|= x509parse_verifycrl(crt, parent, ca_crl);
3109
3110	/* crt is verified to be a child of the parent cur, call verify callback */
3111	if( NULL != f_vrfy )
3112	{
3113	if( f_vrfy( p_vrfy, crt, pathlen - 1, ( *flags == 0 ) ) != 0 )
3114	return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
3115	else
3116	*flags = 0;
3117	}
3118	else if( *flags != 0 )
3119	return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
3120
3121	pathlen++;
3122
3123	crt = parent;
3124	parent = crt->next;
3125	}
3126
3127	/*
3128	* Attempt to validate topmost cert with our CA chain.
3129	*/
3130	*flags \|= BADCERT_NOT_TRUSTED;
3131
3132	while( trust_ca != NULL && trust_ca->version != 0 )
3133	{
3134	if( crt->issuer_raw.len != trust_ca->subject_raw.len \|\|
3135	memcmp( crt->issuer_raw.p, trust_ca->subject_raw.p,
3136	crt->issuer_raw.len ) != 0 )
3137	{
3138	trust_ca = trust_ca->next;
3139	continue;
3140	}
3141
3142	if( trust_ca->max_pathlen > 0 &&
3143	trust_ca->max_pathlen < pathlen )
3144	break;
3145
3146	hash_id = crt->sig_alg;
3147
3148	x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
3149
3150	if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
3151	0, hash, crt->sig.p ) == 0 )
3152	{
3153	/*
3154	* cert. is signed by a trusted CA
3155	*/
3156	*flags &= ~BADCERT_NOT_TRUSTED;
3157	break;
3158	}
3159
3160	trust_ca = trust_ca->next;
3161	}
3162
3163	/* Check trusted CA's CRL for the given crt */
3164	*flags \|= x509parse_verifycrl( crt, trust_ca, ca_crl );
3165
3166	/* Verification succeeded, call callback on top cert */
3167	if( NULL != f_vrfy )
3168	{
3169	if( f_vrfy(p_vrfy, crt, pathlen-1, ( *flags == 0 ) ) != 0 )
3170	return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
3171	else
3172	*flags = 0;
3173	}
3174	else if( *flags != 0 )
3175	return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
3176
3177	return( 0 );
3178	}
3179
3180	/*
3181	* Unallocate all certificate data
3182	*/
3183	void x509_free( x509_cert *crt )
3184	{
3185	x509_cert *cert_cur = crt;
3186	x509_cert *cert_prv;
3187	x509_name *name_cur;
3188	x509_name *name_prv;
3189	x509_sequence *seq_cur;
3190	x509_sequence *seq_prv;
3191
3192	if( crt == NULL )
3193	return;
3194
3195	do
3196	{
3197	rsa_free( &cert_cur->rsa );
3198
3199	name_cur = cert_cur->issuer.next;
3200	while( name_cur != NULL )
3201	{
3202	name_prv = name_cur;
3203	name_cur = name_cur->next;
3204	memset( name_prv, 0, sizeof( x509_name ) );
3205	free( name_prv );
3206	}
3207
3208	name_cur = cert_cur->subject.next;
3209	while( name_cur != NULL )
3210	{
3211	name_prv = name_cur;
3212	name_cur = name_cur->next;
3213	memset( name_prv, 0, sizeof( x509_name ) );
3214	free( name_prv );
3215	}
3216
3217	seq_cur = cert_cur->ext_key_usage.next;
3218	while( seq_cur != NULL )
3219	{
3220	seq_prv = seq_cur;
3221	seq_cur = seq_cur->next;
3222	memset( seq_prv, 0, sizeof( x509_sequence ) );
3223	free( seq_prv );
3224	}
3225
3226	seq_cur = cert_cur->subject_alt_names.next;
3227	while( seq_cur != NULL )
3228	{
3229	seq_prv = seq_cur;
3230	seq_cur = seq_cur->next;
3231	memset( seq_prv, 0, sizeof( x509_sequence ) );
3232	free( seq_prv );
3233	}
3234
3235	if( cert_cur->raw.p != NULL )
3236	{
3237	memset( cert_cur->raw.p, 0, cert_cur->raw.len );
3238	free( cert_cur->raw.p );
3239	}
3240
3241	cert_cur = cert_cur->next;
3242	}
3243	while( cert_cur != NULL );
3244
3245	cert_cur = crt;
3246	do
3247	{
3248	cert_prv = cert_cur;
3249	cert_cur = cert_cur->next;
3250
3251	memset( cert_prv, 0, sizeof( x509_cert ) );
3252	if( cert_prv != crt )
3253	free( cert_prv );
3254	}
3255	while( cert_cur != NULL );
3256	}
3257
3258	/*
3259	* Unallocate all CRL data
3260	*/
3261	void x509_crl_free( x509_crl *crl )
3262	{
3263	x509_crl *crl_cur = crl;
3264	x509_crl *crl_prv;
3265	x509_name *name_cur;
3266	x509_name *name_prv;
3267	x509_crl_entry *entry_cur;
3268	x509_crl_entry *entry_prv;
3269
3270	if( crl == NULL )
3271	return;
3272
3273	do
3274	{
3275	name_cur = crl_cur->issuer.next;
3276	while( name_cur != NULL )
3277	{
3278	name_prv = name_cur;
3279	name_cur = name_cur->next;
3280	memset( name_prv, 0, sizeof( x509_name ) );
3281	free( name_prv );
3282	}
3283
3284	entry_cur = crl_cur->entry.next;
3285	while( entry_cur != NULL )
3286	{
3287	entry_prv = entry_cur;
3288	entry_cur = entry_cur->next;
3289	memset( entry_prv, 0, sizeof( x509_crl_entry ) );
3290	free( entry_prv );
3291	}
3292
3293	if( crl_cur->raw.p != NULL )
3294	{
3295	memset( crl_cur->raw.p, 0, crl_cur->raw.len );
3296	free( crl_cur->raw.p );
3297	}
3298
3299	crl_cur = crl_cur->next;
3300	}
3301	while( crl_cur != NULL );
3302
3303	crl_cur = crl;
3304	do
3305	{
3306	crl_prv = crl_cur;
3307	crl_cur = crl_cur->next;
3308
3309	memset( crl_prv, 0, sizeof( x509_crl ) );
3310	if( crl_prv != crl )
3311	free( crl_prv );
3312	}
3313	while( crl_cur != NULL );
3314	}
3315
3316	#if defined(POLARSSL_SELF_TEST)
3317
3318	#include "polarssl/certs.h"
3319
3320	/*
3321	* Checkup routine
3322	*/
3323	int x509_self_test( int verbose )
3324	{
3325	#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3326	int ret;
3327	int flags;
3328	size_t i, j;
3329	x509_cert cacert;
3330	x509_cert clicert;
3331	rsa_context rsa;
3332	#if defined(POLARSSL_DHM_C)
3333	dhm_context dhm;
3334	#endif
3335
3336	if( verbose != 0 )
3337	printf( " X.509 certificate load: " );
3338
3339	memset( &clicert, 0, sizeof( x509_cert ) );
3340
3341	ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
3342	strlen( test_cli_crt ) );
3343	if( ret != 0 )
3344	{
3345	if( verbose != 0 )
3346	printf( "failed\n" );
3347
3348	return( ret );
3349	}
3350
3351	memset( &cacert, 0, sizeof( x509_cert ) );
3352
3353	ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
3354	strlen( test_ca_crt ) );
3355	if( ret != 0 )
3356	{
3357	if( verbose != 0 )
3358	printf( "failed\n" );
3359
3360	return( ret );
3361	}
3362
3363	if( verbose != 0 )
3364	printf( "passed\n X.509 private key load: " );
3365
3366	i = strlen( test_ca_key );
3367	j = strlen( test_ca_pwd );
3368
3369	rsa_init( &rsa, RSA_PKCS_V15, 0 );
3370
3371	if( ( ret = x509parse_key( &rsa,
3372	(unsigned char *) test_ca_key, i,
3373	(unsigned char *) test_ca_pwd, j ) ) != 0 )
3374	{
3375	if( verbose != 0 )
3376	printf( "failed\n" );
3377
3378	return( ret );
3379	}
3380
3381	if( verbose != 0 )
3382	printf( "passed\n X.509 signature verify: ");
3383
3384	ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
3385	if( ret != 0 )
3386	{
3387	printf("%02x", flags);
3388	if( verbose != 0 )
3389	printf( "failed\n" );
3390
3391	return( ret );
3392	}
3393
3394	#if defined(POLARSSL_DHM_C)
3395	if( verbose != 0 )
3396	printf( "passed\n X.509 DHM parameter load: " );
3397
3398	i = strlen( test_dhm_params );
3399	j = strlen( test_ca_pwd );
3400
3401	if( ( ret = x509parse_dhm( &dhm, (unsigned char *) test_dhm_params, i ) ) != 0 )
3402	{
3403	if( verbose != 0 )
3404	printf( "failed\n" );
3405
3406	return( ret );
3407	}
3408
3409	if( verbose != 0 )
3410	printf( "passed\n\n" );
3411	#endif
3412
3413	x509_free( &cacert );
3414	x509_free( &clicert );
3415	rsa_free( &rsa );
3416	#if defined(POLARSSL_DHM_C)
3417	dhm_free( &dhm );
3418	#endif
3419
3420	return( 0 );
3421	#else
3422	((void) verbose);
3423	return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
3424	#endif
3425	}
3426
3427	#endif
3428
3429	#endif

Note: See TracBrowser for help on using the repository browser.

PolarSSL

Cryptography and SSL made easy

Context Navigation

source: trunk/library/x509parse.c @ 1274

Download in other formats:

What are you looking for?

Main links

Community links

Documentation

Block cipher sources

Hash sources