Blame - library/x509.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 5aea3754568a3203f50efdd87caefa1b26205cd6 [file] [log] [blame]

Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1	/*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	2	* X.509 common functions for parsing and verification
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	3	*
Manuel Pégourié-Gonnard	a658a40	2015-01-23 09:45:19 +0000	[diff] [blame]	4	* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	fe44643	2015-03-06 13:17:10 +0000	[diff] [blame]	6	* This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	7	*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22	/*
				23	* The ITU-T X.509 standard defines a certificate format for PKI.
				24	*
Manuel Pégourié-Gonnard	1c082f3	2014-06-12 22:34:55 +0200	[diff] [blame]	25	* http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
				26	* http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
				27	* http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	28	*
				29	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
				30	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
				31	*/
				32
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	33	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	34	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	35	#else
				36	#include POLARSSL_CONFIG_FILE
				37	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	38
				39	#if defined(POLARSSL_X509_USE_C)
				40
				41	#include "polarssl/x509.h"
				42	#include "polarssl/asn1.h"
				43	#include "polarssl/oid.h"
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	44
Rich Evans	36796df	2015-02-12 18:27:14 +0000	[diff] [blame]	45	#include <stdio.h>
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	46	#include <string.h>
				47
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	48	#if defined(POLARSSL_PEM_PARSE_C)
				49	#include "polarssl/pem.h"
				50	#endif
				51
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	52	#if defined(POLARSSL_PLATFORM_C)
				53	#include "polarssl/platform.h"
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	54	#else
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	55	#include <stdio.h>
				56	#include <stdlib.h>
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	57	#define polarssl_free free
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	58	#define polarssl_malloc malloc
				59	#define polarssl_printf printf
				60	#define polarssl_snprintf snprintf
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	61	#endif
				62
Paul Bakker	fa6a620	2013-10-28 18:48:30 +0100	[diff] [blame]	63	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	64	#include <windows.h>
				65	#else
				66	#include <time.h>
				67	#endif
				68
				69	#if defined(POLARSSL_FS_IO)
Rich Evans	36796df	2015-02-12 18:27:14 +0000	[diff] [blame]	70	#include <stdio.h>
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	71	#if !defined(_WIN32)
				72	#include <sys/types.h>
				73	#include <sys/stat.h>
				74	#include <dirent.h>
				75	#endif
				76	#endif
				77
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	78	#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame^]	79	#define CHECK_RANGE(min, max, val) if( val < min \|\| val > max ){ return( ret ); }
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	80
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	81	/*
				82	* CertificateSerialNumber ::= INTEGER
				83	*/
				84	int x509_get_serial( unsigned char *p, const unsigned char end,
				85	x509_buf *serial )
				86	{
				87	int ret;
				88
				89	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	90	return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	91	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				92
				93	if( **p != ( ASN1_CONTEXT_SPECIFIC \| ASN1_PRIMITIVE \| 2 ) &&
				94	**p != ASN1_INTEGER )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	95	return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	96	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				97
				98	serial->tag = (p)++;
				99
				100	if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	101	return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	102
				103	serial->p = *p;
				104	*p += serial->len;
				105
				106	return( 0 );
				107	}
				108
				109	/* Get an algorithm identifier without parameters (eg for signatures)
				110	*
				111	* AlgorithmIdentifier ::= SEQUENCE {
				112	* algorithm OBJECT IDENTIFIER,
				113	* parameters ANY DEFINED BY algorithm OPTIONAL }
				114	*/
				115	int x509_get_alg_null( unsigned char *p, const unsigned char end,
				116	x509_buf *alg )
				117	{
				118	int ret;
				119
				120	if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	121	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	122
				123	return( 0 );
				124	}
				125
				126	/*
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	127	* Parse an algorithm identifier with (optional) paramaters
				128	*/
				129	int x509_get_alg( unsigned char *p, const unsigned char end,
				130	x509_buf alg, x509_buf params )
				131	{
				132	int ret;
				133
				134	if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
				135	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				136
				137	return( 0 );
				138	}
				139
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	140	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	59a75d5	2014-01-22 10:12:57 +0100	[diff] [blame]	141	/*
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	142	* HashAlgorithm ::= AlgorithmIdentifier
				143	*
				144	* AlgorithmIdentifier ::= SEQUENCE {
				145	* algorithm OBJECT IDENTIFIER,
				146	* parameters ANY DEFINED BY algorithm OPTIONAL }
				147	*
				148	* For HashAlgorithm, parameters MUST be NULL or absent.
				149	*/
				150	static int x509_get_hash_alg( const x509_buf alg, md_type_t md_alg )
				151	{
				152	int ret;
				153	unsigned char *p;
				154	const unsigned char *end;
				155	x509_buf md_oid;
				156	size_t len;
				157
				158	/* Make sure we got a SEQUENCE and setup bounds */
				159	if( alg->tag != ( ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) )
				160	return( POLARSSL_ERR_X509_INVALID_ALG +
				161	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				162
				163	p = (unsigned char *) alg->p;
				164	end = p + alg->len;
				165
				166	if( p >= end )
				167	return( POLARSSL_ERR_X509_INVALID_ALG +
				168	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				169
				170	/* Parse md_oid */
				171	md_oid.tag = *p;
				172
				173	if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
				174	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				175
				176	md_oid.p = p;
				177	p += md_oid.len;
				178
				179	/* Get md_alg from md_oid */
				180	if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
				181	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				182
				183	/* Make sure params is absent of NULL */
				184	if( p == end )
				185	return( 0 );
				186
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	187	if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 \|\| len != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	188	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				189
				190	if( p != end )
				191	return( POLARSSL_ERR_X509_INVALID_ALG +
				192	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				193
				194	return( 0 );
				195	}
				196
				197	/*
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	198	* RSASSA-PSS-params ::= SEQUENCE {
				199	* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
				200	* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
				201	* saltLength [2] INTEGER DEFAULT 20,
				202	* trailerField [3] INTEGER DEFAULT 1 }
				203	* -- Note that the tags in this Sequence are explicit.
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	204	*
				205	* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
				206	* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
				207	* option. Enfore this at parsing time.
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	208	*/
				209	int x509_get_rsassa_pss_params( const x509_buf *params,
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	210	md_type_t md_alg, md_type_t mgf_md,
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	211	int *salt_len )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	212	{
				213	int ret;
				214	unsigned char *p;
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	215	const unsigned char end, end2;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	216	size_t len;
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	217	x509_buf alg_id, alg_params;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	218
				219	/* First set everything to defaults */
				220	*md_alg = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	221	*mgf_md = POLARSSL_MD_SHA1;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	222	*salt_len = 20;
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	223
				224	/* Make sure params is a SEQUENCE and setup bounds */
				225	if( params->tag != ( ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) )
				226	return( POLARSSL_ERR_X509_INVALID_ALG +
				227	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				228
				229	p = (unsigned char *) params->p;
				230	end = p + params->len;
				231
				232	if( p == end )
				233	return( 0 );
				234
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	235	/*
				236	* HashAlgorithm
				237	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	238	if( ( ret = asn1_get_tag( &p, end, &len,
				239	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 0 ) ) == 0 )
				240	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	241	end2 = p + len;
				242
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	243	/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	244	if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	245	return( ret );
				246
				247	if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
				248	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	249
				250	if( p != end2 )
				251	return( POLARSSL_ERR_X509_INVALID_ALG +
				252	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	253	}
				254	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				255	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				256
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	257	if( p == end )
				258	return( 0 );
				259
				260	/*
				261	* MaskGenAlgorithm
				262	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	263	if( ( ret = asn1_get_tag( &p, end, &len,
				264	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 1 ) ) == 0 )
				265	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	266	end2 = p + len;
				267
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	268	/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	269	if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
Manuel Pégourié-Gonnard	e76b750	2014-01-23 19:15:29 +0100	[diff] [blame]	270	return( ret );
				271
				272	/* Only MFG1 is recognised for now */
				273	if( ! OID_CMP( OID_MGF1, &alg_id ) )
				274	return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
				275	POLARSSL_ERR_OID_NOT_FOUND );
				276
				277	/* Parse HashAlgorithm */
				278	if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
				279	return( ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	280
				281	if( p != end2 )
				282	return( POLARSSL_ERR_X509_INVALID_ALG +
				283	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	284	}
				285	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				286	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				287
				288	if( p == end )
				289	return( 0 );
				290
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	291	/*
				292	* salt_len
				293	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	294	if( ( ret = asn1_get_tag( &p, end, &len,
				295	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 2 ) ) == 0 )
				296	{
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	297	end2 = p + len;
				298
				299	if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	300	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	301
				302	if( p != end2 )
				303	return( POLARSSL_ERR_X509_INVALID_ALG +
				304	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	305	}
				306	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				307	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				308
				309	if( p == end )
				310	return( 0 );
				311
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	312	/*
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	313	* trailer_field (if present, must be 1)
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	314	*/
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	315	if( ( ret = asn1_get_tag( &p, end, &len,
				316	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| 3 ) ) == 0 )
				317	{
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	318	int trailer_field;
				319
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	320	end2 = p + len;
				321
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	322	if( ( ret = asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	323	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Manuel Pégourié-Gonnard	9c9cf5b	2014-01-24 14:15:20 +0100	[diff] [blame]	324
				325	if( p != end2 )
				326	return( POLARSSL_ERR_X509_INVALID_ALG +
				327	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
Manuel Pégourié-Gonnard	78117d5	2014-05-31 17:08:16 +0200	[diff] [blame]	328
				329	if( trailer_field != 1 )
				330	return( POLARSSL_ERR_X509_INVALID_ALG );
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	331	}
				332	else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
				333	return( POLARSSL_ERR_X509_INVALID_ALG + ret );
				334
				335	if( p != end )
				336	return( POLARSSL_ERR_X509_INVALID_ALG +
				337	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				338
				339	return( 0 );
				340	}
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	341	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	f346bab	2014-01-23 16:24:44 +0100	[diff] [blame]	342
				343	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	344	* AttributeTypeAndValue ::= SEQUENCE {
				345	* type AttributeType,
				346	* value AttributeValue }
				347	*
				348	* AttributeType ::= OBJECT IDENTIFIER
				349	*
				350	* AttributeValue ::= ANY DEFINED BY AttributeType
				351	*/
				352	static int x509_get_attr_type_value( unsigned char **p,
				353	const unsigned char *end,
				354	x509_name *cur )
				355	{
				356	int ret;
				357	size_t len;
				358	x509_buf *oid;
				359	x509_buf *val;
				360
				361	if( ( ret = asn1_get_tag( p, end, &len,
				362	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	363	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	364
				365	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	366	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	367	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				368
				369	oid = &cur->oid;
				370	oid->tag = **p;
				371
				372	if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	373	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	374
				375	oid->p = *p;
				376	*p += oid->len;
				377
				378	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	379	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	380	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				381
				382	if( p != ASN1_BMP_STRING && p != ASN1_UTF8_STRING &&
				383	p != ASN1_T61_STRING && p != ASN1_PRINTABLE_STRING &&
Manuel Pégourié-Gonnard	dd5dbca	2015-03-27 13:03:09 +0100	[diff] [blame]	384	p != ASN1_IA5_STRING && p != ASN1_UNIVERSAL_STRING &&
				385	**p != ASN1_BIT_STRING )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	386	return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	387	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
				388
				389	val = &cur->val;
				390	val->tag = (p)++;
				391
				392	if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	393	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	394
				395	val->p = *p;
				396	*p += val->len;
				397
				398	cur->next = NULL;
				399
				400	return( 0 );
				401	}
				402
				403	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	404	* Name ::= CHOICE { -- only one possibility for now --
				405	* rdnSequence RDNSequence }
				406	*
				407	* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
				408	*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	409	* RelativeDistinguishedName ::=
				410	* SET OF AttributeTypeAndValue
				411	*
				412	* AttributeTypeAndValue ::= SEQUENCE {
				413	* type AttributeType,
				414	* value AttributeValue }
				415	*
				416	* AttributeType ::= OBJECT IDENTIFIER
				417	*
				418	* AttributeValue ::= ANY DEFINED BY AttributeType
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	419	*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	420	* The data structure is optimized for the common case where each RDN has only
				421	* one element, which is represented as a list of AttributeTypeAndValue.
				422	* For the general case we still use a flat list, but we mark elements of the
				423	* same set so that they are "merged" together in the functions that consume
				424	* this list, eg x509_dn_gets().
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	425	*/
				426	int x509_get_name( unsigned char *p, const unsigned char end,
				427	x509_name *cur )
				428	{
				429	int ret;
Manuel Pégourié-Gonnard	5d86185	2014-10-17 12:41:41 +0200	[diff] [blame]	430	size_t set_len;
				431	const unsigned char *end_set;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	432
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	433	/* don't use recursion, we'd risk stack overflow if not optimized */
				434	while( 1 )
				435	{
				436	/*
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	437	* parse SET
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	438	*/
				439	if( ( ret = asn1_get_tag( p, end, &set_len,
				440	ASN1_CONSTRUCTED \| ASN1_SET ) ) != 0 )
				441	return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	442
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	443	end_set = *p + set_len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	444
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	445	while( 1 )
				446	{
				447	if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
				448	return( ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	449
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	450	if( *p == end_set )
				451	break;
				452
Nicholas Wilson	d0fa5cc	2015-05-11 10:39:49 +0100	[diff] [blame]	453	/* Mark this item as being not the only one in a set */
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	454	cur->next_merged = 1;
				455
Mansour Moufid	c531b4a	2015-02-15 17:35:38 -0500	[diff] [blame]	456	cur->next = polarssl_malloc( sizeof( x509_name ) );
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	457
				458	if( cur->next == NULL )
				459	return( POLARSSL_ERR_X509_MALLOC_FAILED );
				460
				461	memset( cur->next, 0, sizeof( x509_name ) );
				462
				463	cur = cur->next;
				464	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	465
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	466	/*
				467	* continue until end of SEQUENCE is reached
				468	*/
				469	if( *p == end )
				470	return( 0 );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	471
Mansour Moufid	c531b4a	2015-02-15 17:35:38 -0500	[diff] [blame]	472	cur->next = polarssl_malloc( sizeof( x509_name ) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	473
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	474	if( cur->next == NULL )
				475	return( POLARSSL_ERR_X509_MALLOC_FAILED );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	476
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	477	memset( cur->next, 0, sizeof( x509_name ) );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	478
Manuel Pégourié-Gonnard	d681443	2014-11-12 01:25:31 +0100	[diff] [blame]	479	cur = cur->next;
				480	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	481	}
				482
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	483	static int x509_parse_int(unsigned char *p, unsigned n, int res){
				484	*res = 0;
				485	for( ; n > 0; --n ){
				486	if( ( p < '0') \|\| ( p > '9' ) ) return POLARSSL_ERR_X509_INVALID_DATE;
				487	res = 10;
				488	res += ((*p)++ - '0');
				489	}
				490	return 0;
				491	}
				492
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame^]	493	static int x509_date_is_valid(const x509_time *time)
				494	{
				495	int ret = POLARSSL_ERR_X509_INVALID_DATE;
				496
				497	CHECK_RANGE( 0, 9999, time->year );
				498	CHECK_RANGE( 0, 23, time->hour );
				499	CHECK_RANGE( 0, 59, time->min );
				500	CHECK_RANGE( 0, 59, time->sec );
				501
				502	switch( time->mon )
				503	{
				504	case 1: case 3: case 5: case 7: case 8: case 10: case 12:
				505	CHECK_RANGE( 1, 31, time->day );
				506	break;
				507	case 4: case 6: case 9: case 11:
				508	CHECK_RANGE( 1, 30, time->day );
				509	break;
				510	case 2:
				511	CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day );
				512	break;
				513	default:
				514	return( ret );
				515	}
				516
				517	return( 0 );
				518	}
				519
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	520	/*
				521	* Time ::= CHOICE {
				522	* utcTime UTCTime,
				523	* generalTime GeneralizedTime }
				524	*/
				525	int x509_get_time( unsigned char *p, const unsigned char end,
				526	x509_time *time )
				527	{
				528	int ret;
				529	size_t len;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	530	unsigned char tag;
				531
				532	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	533	return( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	534	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				535
				536	tag = **p;
				537
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	538	if( tag == ASN1_UTC_TIME )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	539	{
				540	(*p)++;
				541	ret = asn1_get_len( p, end, &len );
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	542
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	543	if( ret != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	544	return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	545
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	546	CHECK( x509_parse_int( p, 2, &time->year ) );
				547	CHECK( x509_parse_int( p, 2, &time->mon ) );
				548	CHECK( x509_parse_int( p, 2, &time->day ) );
				549	CHECK( x509_parse_int( p, 2, &time->hour ) );
				550	CHECK( x509_parse_int( p, 2, &time->min ) );
				551	if( len > 10 )
				552	CHECK( x509_parse_int( p, 2, &time->sec ) );
				553	if( len > 12 && (p)++ != 'Z' )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	554	return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	555
				556	time->year += 100 * ( time->year < 50 );
				557	time->year += 1900;
				558
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame^]	559	CHECK( x509_date_is_valid( time ) );
				560
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	561	return( 0 );
				562	}
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	563	else if( tag == ASN1_GENERALIZED_TIME )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	564	{
				565	(*p)++;
				566	ret = asn1_get_len( p, end, &len );
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	567
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	568	if( ret != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	569	return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	570
Rich Evans	7d5a55a	2015-02-13 11:48:02 +0000	[diff] [blame]	571	CHECK( x509_parse_int( p, 4, &time->year ) );
				572	CHECK( x509_parse_int( p, 2, &time->mon ) );
				573	CHECK( x509_parse_int( p, 2, &time->day ) );
				574	CHECK( x509_parse_int( p, 2, &time->hour ) );
				575	CHECK( x509_parse_int( p, 2, &time->min ) );
				576	if( len > 12 )
				577	CHECK( x509_parse_int( p, 2, &time->sec ) );
				578	if( len > 14 && (p)++ != 'Z' )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	579	return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	580
Andres AG	0da3e44	2016-09-23 13:16:02 +0100	[diff] [blame^]	581	CHECK( x509_date_is_valid( time ) );
				582
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	583	return( 0 );
				584	}
				585	else
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	586	return( POLARSSL_ERR_X509_INVALID_DATE +
				587	POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	588	}
				589
				590	int x509_get_sig( unsigned char *p, const unsigned char end, x509_buf *sig )
				591	{
				592	int ret;
				593	size_t len;
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	594	int tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	595
				596	if( ( end - *p ) < 1 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	597	return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	598	POLARSSL_ERR_ASN1_OUT_OF_DATA );
				599
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	600	tag_type = **p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	601
				602	if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	603	return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	604
Andres AG	67ae0b9	2016-09-19 16:58:45 +0100	[diff] [blame]	605	sig->tag = tag_type;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	606	sig->len = len;
				607	sig->p = *p;
				608
				609	*p += len;
				610
				611	return( 0 );
				612	}
				613
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	614	/*
				615	* Get signature algorithm from alg OID and optional parameters
				616	*/
				617	int x509_get_sig_alg( const x509_buf sig_oid, const x509_buf sig_params,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	618	md_type_t md_alg, pk_type_t pk_alg,
				619	void **sig_opts )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	620	{
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	621	int ret;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	622
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	623	if( *sig_opts != NULL )
				624	return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
				625
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	626	if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	627	return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	628
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	629	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	630	if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
				631	{
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	632	pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	633
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	634	pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
				635	if( pss_opts == NULL )
				636	return( POLARSSL_ERR_X509_MALLOC_FAILED );
				637
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	638	ret = x509_get_rsassa_pss_params( sig_params,
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	639	md_alg,
				640	&pss_opts->mgf1_hash_id,
				641	&pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	642	if( ret != 0 )
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	643	{
				644	polarssl_free( pss_opts );
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	645	return( ret );
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	646	}
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	647
Manuel Pégourié-Gonnard	f75f2f7	2014-06-05 15:14:28 +0200	[diff] [blame]	648	sig_opts = (void ) pss_opts;
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	649	}
				650	else
Paul Bakker	db20c10	2014-06-17 14:34:44 +0200	[diff] [blame]	651	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cf975a3	2014-01-24 19:28:43 +0100	[diff] [blame]	652	{
				653	/* Make sure parameters are absent or NULL */
				654	if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) \|\|
				655	sig_params->len != 0 )
				656	return( POLARSSL_ERR_X509_INVALID_ALG );
				657	}
				658
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	659	return( 0 );
				660	}
				661
				662	/*
				663	* X.509 Extensions (No parsing of extensions, pointer should
				664	* be either manually updated or extensions should be parsed!
				665	*/
				666	int x509_get_ext( unsigned char *p, const unsigned char end,
				667	x509_buf *ext, int tag )
				668	{
				669	int ret;
				670	size_t len;
				671
				672	if( *p == end )
				673	return( 0 );
				674
				675	ext->tag = **p;
				676
				677	if( ( ret = asn1_get_tag( p, end, &ext->len,
				678	ASN1_CONTEXT_SPECIFIC \| ASN1_CONSTRUCTED \| tag ) ) != 0 )
				679	return( ret );
				680
				681	ext->p = *p;
				682	end = *p + ext->len;
				683
				684	/*
				685	* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
				686	*
				687	* Extension ::= SEQUENCE {
				688	* extnID OBJECT IDENTIFIER,
				689	* critical BOOLEAN DEFAULT FALSE,
				690	* extnValue OCTET STRING }
				691	*/
				692	if( ( ret = asn1_get_tag( p, end, &len,
				693	ASN1_CONSTRUCTED \| ASN1_SEQUENCE ) ) != 0 )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	694	return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	695
				696	if( end != *p + len )
Paul Bakker	5187656	2013-09-17 14:36:05 +0200	[diff] [blame]	697	return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	698	POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
				699
				700	return( 0 );
				701	}
				702
Paul Bakker	6edcd41	2013-10-29 15:22:54 +0100	[diff] [blame]	703	#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
				704	!defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	705	#include <stdarg.h>
				706
				707	#if !defined vsnprintf
				708	#define vsnprintf _vsnprintf
				709	#endif // vsnprintf
				710
				711	/*
				712	* Windows _snprintf and _vsnprintf are not compatible to linux versions.
				713	* Result value is not size of buffer needed, but -1 if no fit is possible.
				714	*
				715	* This fuction tries to 'fix' this by at least suggesting enlarging the
				716	* size by 20.
				717	*/
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	718	static int compat_snprintf( char str, size_t size, const char format, ... )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	719	{
				720	va_list ap;
				721	int res = -1;
				722
				723	va_start( ap, format );
				724
				725	res = vsnprintf( str, size, format, ap );
				726
				727	va_end( ap );
				728
				729	// No quick fix possible
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	730	if( res < 0 )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	731	return( (int) size + 20 );
				732
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	733	return( res );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	734	}
				735
				736	#define snprintf compat_snprintf
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	737	#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	738
				739	#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
				740
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	741	#define SAFE_SNPRINTF() \
				742	{ \
				743	if( ret == -1 ) \
				744	return( -1 ); \
				745	\
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	746	if( (unsigned int) ret > n ) { \
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	747	p[n - 1] = '\0'; \
				748	return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
				749	} \
				750	\
				751	n -= (unsigned int) ret; \
				752	p += (unsigned int) ret; \
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	753	}
				754
				755	/*
				756	* Store the name in printable form into buf; no more
				757	* than size characters will be written
				758	*/
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	759	int x509_dn_gets( char buf, size_t size, const x509_name dn )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	760	{
				761	int ret;
				762	size_t i, n;
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	763	unsigned char c, merge = 0;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	764	const x509_name *name;
				765	const char *short_name = NULL;
Paul Bakker	8dcb2d7	2014-08-08 12:22:30 +0200	[diff] [blame]	766	char s[X509_MAX_DN_NAME_SIZE], *p;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	767
				768	memset( s, 0, sizeof( s ) );
				769
				770	name = dn;
				771	p = buf;
				772	n = size;
				773
				774	while( name != NULL )
				775	{
				776	if( !name->oid.p )
				777	{
				778	name = name->next;
				779	continue;
				780	}
				781
				782	if( name != dn )
				783	{
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	784	ret = polarssl_snprintf( p, n, merge ? " + " : ", " );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	785	SAFE_SNPRINTF();
				786	}
				787
				788	ret = oid_get_attr_short_name( &name->oid, &short_name );
				789
				790	if( ret == 0 )
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	791	ret = polarssl_snprintf( p, n, "%s=", short_name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	792	else
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	793	ret = polarssl_snprintf( p, n, "\?\?=" );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	794	SAFE_SNPRINTF();
				795
				796	for( i = 0; i < name->val.len; i++ )
				797	{
				798	if( i >= sizeof( s ) - 1 )
				799	break;
				800
				801	c = name->val.p[i];
				802	if( c < 32 \|\| c == 127 \|\| ( c > 128 && c < 160 ) )
				803	s[i] = '?';
				804	else s[i] = c;
				805	}
				806	s[i] = '\0';
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	807	ret = polarssl_snprintf( p, n, "%s", s );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	808	SAFE_SNPRINTF();
Manuel Pégourié-Gonnard	555fbf8	2015-02-04 17:11:55 +0000	[diff] [blame]	809
				810	merge = name->next_merged;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	811	name = name->next;
				812	}
				813
				814	return( (int) ( size - n ) );
				815	}
				816
				817	/*
				818	* Store the serial in printable form into buf; no more
				819	* than size characters will be written
				820	*/
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	821	int x509_serial_gets( char buf, size_t size, const x509_buf serial )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	822	{
				823	int ret;
				824	size_t i, n, nr;
				825	char *p;
				826
				827	p = buf;
				828	n = size;
				829
				830	nr = ( serial->len <= 32 )
				831	? serial->len : 28;
				832
				833	for( i = 0; i < nr; i++ )
				834	{
				835	if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
				836	continue;
				837
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	838	ret = polarssl_snprintf( p, n, "%02X%s",
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	839	serial->p[i], ( i < nr - 1 ) ? ":" : "" );
				840	SAFE_SNPRINTF();
				841	}
				842
				843	if( nr != serial->len )
				844	{
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	845	ret = polarssl_snprintf( p, n, "...." );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	846	SAFE_SNPRINTF();
				847	}
				848
				849	return( (int) ( size - n ) );
				850	}
				851
				852	/*
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	853	* Helper for writing signature algorithms
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	854	*/
				855	int x509_sig_alg_gets( char buf, size_t size, const x509_buf sig_oid,
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	856	pk_type_t pk_alg, md_type_t md_alg,
				857	const void *sig_opts )
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	858	{
				859	int ret;
				860	char *p = buf;
				861	size_t n = size;
				862	const char *desc = NULL;
				863
				864	ret = oid_get_sig_alg_desc( sig_oid, &desc );
				865	if( ret != 0 )
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	866	ret = polarssl_snprintf( p, n, "???" );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	867	else
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	868	ret = polarssl_snprintf( p, n, "%s", desc );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	869	SAFE_SNPRINTF();
				870
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	871	#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	872	if( pk_alg == POLARSSL_PK_RSASSA_PSS )
				873	{
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	874	const pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	875	const md_info_t md_info, mgf_md_info;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	876
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	877	pss_opts = (const pk_rsassa_pss_options *) sig_opts;
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	878
				879	md_info = md_info_from_type( md_alg );
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	880	mgf_md_info = md_info_from_type( pss_opts->mgf1_hash_id );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	881
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	882	ret = polarssl_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	883	md_info ? md_info->name : "???",
				884	mgf_md_info ? mgf_md_info->name : "???",
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	885	pss_opts->expected_salt_len );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	886	SAFE_SNPRINTF();
				887	}
				888	#else
				889	((void) pk_alg);
Manuel Pégourié-Gonnard	9113603	2014-06-05 15:41:39 +0200	[diff] [blame]	890	((void) md_alg);
				891	((void) sig_opts);
Manuel Pégourié-Gonnard	d1539b1	2014-06-06 16:42:37 +0200	[diff] [blame]	892	#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	893
Sander Niemeijer	ef5087d	2014-08-16 12:45:52 +0200	[diff] [blame]	894	return( (int)( size - n ) );
Manuel Pégourié-Gonnard	cac31ee	2014-01-25 11:50:59 +0100	[diff] [blame]	895	}
				896
				897	/*
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	898	* Helper for writing "RSA key size", "EC key size", etc
				899	*/
				900	int x509_key_size_helper( char buf, size_t size, const char name )
				901	{
				902	char *p = buf;
				903	size_t n = size;
				904	int ret;
				905
				906	if( strlen( name ) + sizeof( " key size" ) > size )
Paul Bakker	d8bb826	2014-06-17 14:06:49 +0200	[diff] [blame]	907	return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	908
Rich Evans	fac657f	2015-01-30 11:00:01 +0000	[diff] [blame]	909	ret = polarssl_snprintf( p, n, "%s key size", name );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	910	SAFE_SNPRINTF();
				911
				912	return( 0 );
				913	}
				914
				915	/*
				916	* Return an informational string describing the given OID
				917	*/
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	918	#if ! defined(POLARSSL_DEPRECATED_REMOVED)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	919	const char x509_oid_get_description( x509_buf oid )
				920	{
				921	const char *desc = NULL;
				922	int ret;
				923
				924	ret = oid_get_extended_key_usage( oid, &desc );
				925
				926	if( ret != 0 )
				927	return( NULL );
				928
				929	return( desc );
				930	}
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	931	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	932
				933	/* Return the x.y.z.... style numeric string for the given OID */
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	934	#if ! defined(POLARSSL_DEPRECATED_REMOVED)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	935	int x509_oid_get_numeric_string( char buf, size_t size, x509_buf oid )
				936	{
				937	return oid_get_numeric_string( buf, size, oid );
				938	}
Manuel Pégourié-Gonnard	c70581c	2015-03-23 13:58:27 +0100	[diff] [blame]	939	#endif
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	940
				941	/*
				942	* Return 0 if the x509_time is still valid, or 1 otherwise.
				943	*/
				944	#if defined(POLARSSL_HAVE_TIME)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	945
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	946	static void x509_get_current_time( x509_time *now )
				947	{
Paul Bakker	fa6a620	2013-10-28 18:48:30 +0100	[diff] [blame]	948	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	949	SYSTEMTIME st;
				950
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	951	GetSystemTime( &st );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	952
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	953	now->year = st.wYear;
				954	now->mon = st.wMonth;
				955	now->day = st.wDay;
				956	now->hour = st.wHour;
				957	now->min = st.wMinute;
				958	now->sec = st.wSecond;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	959	#else
Paul Bakker	5fff23b	2014-03-26 15:34:54 +0100	[diff] [blame]	960	struct tm lt;
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	961	time_t tt;
				962
				963	tt = time( NULL );
Manuel Pégourié-Gonnard	0776a43	2014-04-11 12:25:45 +0200	[diff] [blame]	964	gmtime_r( &tt, &lt );
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	965
Paul Bakker	5fff23b	2014-03-26 15:34:54 +0100	[diff] [blame]	966	now->year = lt.tm_year + 1900;
				967	now->mon = lt.tm_mon + 1;
				968	now->day = lt.tm_mday;
				969	now->hour = lt.tm_hour;
				970	now->min = lt.tm_min;
				971	now->sec = lt.tm_sec;
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	972	#endif /* _WIN32 && !EFIX64 && !EFI32 */
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	973	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	974
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	975	/*
				976	* Return 0 if before <= after, 1 otherwise
				977	*/
				978	static int x509_check_time( const x509_time before, const x509_time after )
				979	{
				980	if( before->year > after->year )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	981	return( 1 );
				982
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	983	if( before->year == after->year &&
				984	before->mon > after->mon )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	985	return( 1 );
				986
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	987	if( before->year == after->year &&
				988	before->mon == after->mon &&
				989	before->day > after->day )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	990	return( 1 );
				991
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	992	if( before->year == after->year &&
				993	before->mon == after->mon &&
				994	before->day == after->day &&
				995	before->hour > after->hour )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	996	return( 1 );
				997
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	998	if( before->year == after->year &&
				999	before->mon == after->mon &&
				1000	before->day == after->day &&
				1001	before->hour == after->hour &&
				1002	before->min > after->min )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1003	return( 1 );
				1004
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1005	if( before->year == after->year &&
				1006	before->mon == after->mon &&
				1007	before->day == after->day &&
				1008	before->hour == after->hour &&
				1009	before->min == after->min &&
				1010	before->sec > after->sec )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1011	return( 1 );
				1012
				1013	return( 0 );
				1014	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1015
				1016	int x509_time_expired( const x509_time *to )
				1017	{
				1018	x509_time now;
				1019
				1020	x509_get_current_time( &now );
				1021
				1022	return( x509_check_time( &now, to ) );
				1023	}
				1024
				1025	int x509_time_future( const x509_time *from )
				1026	{
				1027	x509_time now;
				1028
				1029	x509_get_current_time( &now );
				1030
				1031	return( x509_check_time( from, &now ) );
				1032	}
				1033
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1034	#else /* POLARSSL_HAVE_TIME */
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1035
Paul Bakker	86d0c19	2013-09-18 11:11:02 +0200	[diff] [blame]	1036	int x509_time_expired( const x509_time *to )
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1037	{
				1038	((void) to);
				1039	return( 0 );
				1040	}
Manuel Pégourié-Gonnard	6304f78	2014-03-10 12:26:11 +0100	[diff] [blame]	1041
				1042	int x509_time_future( const x509_time *from )
				1043	{
				1044	((void) from);
				1045	return( 0 );
				1046	}
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1047	#endif /* POLARSSL_HAVE_TIME */
				1048
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1049	#if defined(POLARSSL_SELF_TEST)
				1050
				1051	#include "polarssl/x509_crt.h"
				1052	#include "polarssl/certs.h"
				1053
				1054	/*
				1055	* Checkup routine
				1056	*/
				1057	int x509_self_test( int verbose )
				1058	{
Manuel Pégourié-Gonnard	3d41370	2014-04-29 15:29:41 +0200	[diff] [blame]	1059	#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1060	int ret;
				1061	int flags;
Paul Bakker	c559c7a	2013-09-18 14:13:26 +0200	[diff] [blame]	1062	x509_crt cacert;
				1063	x509_crt clicert;
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1064
				1065	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1066	polarssl_printf( " X.509 certificate load: " );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1067
Paul Bakker	b6b0956	2013-09-18 14:17:41 +0200	[diff] [blame]	1068	x509_crt_init( &clicert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1069
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1070	ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
				1071	strlen( test_cli_crt ) );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1072	if( ret != 0 )
				1073	{
				1074	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1075	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1076
				1077	return( ret );
				1078	}
				1079
Paul Bakker	b6b0956	2013-09-18 14:17:41 +0200	[diff] [blame]	1080	x509_crt_init( &cacert );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1081
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1082	ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
				1083	strlen( test_ca_crt ) );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1084	if( ret != 0 )
				1085	{
				1086	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1087	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1088
				1089	return( ret );
				1090	}
				1091
				1092	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1093	polarssl_printf( "passed\n X.509 signature verify: ");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1094
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	1095	ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1096	if( ret != 0 )
				1097	{
				1098	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1099	polarssl_printf( "failed\n" );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1100
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	1101	polarssl_printf( "ret = %d, &flags = %04x\n", ret, flags );
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1102
				1103	return( ret );
				1104	}
				1105
				1106	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	1107	polarssl_printf( "passed\n\n");
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1108
				1109	x509_crt_free( &cacert );
				1110	x509_crt_free( &clicert );
				1111
				1112	return( 0 );
				1113	#else
				1114	((void) verbose);
				1115	return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1116	#endif /* POLARSSL_CERTS_C && POLARSSL_SHA1_C */
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1117	}
				1118
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	1119	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	e9e6ae3	2013-09-16 22:53:25 +0200	[diff] [blame]	1120
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1121	#endif /* POLARSSL_X509_USE_C */