TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 41cae8e1f937e27386b3033801b88888cfcd40ba / . / library / x509_crl.c
blob: c8c51fbcbff5029766c532ea02e8650f1def1138 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
2 * X.509 certificate and private key decoding
3 *
4 * Copyright (C) 2006-2013, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc3279.txt
29 * http://www.ietf.org/rfc/rfc3280.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
37#include "polarssl/config.h"
38
39#if defined(POLARSSL_X509_CRL_PARSE_C)
40
41#include "polarssl/x509_crl.h"
42#include "polarssl/oid.h"
43#if defined(POLARSSL_PEM_PARSE_C)
44#include "polarssl/pem.h"
45#endif
46
47#if defined(POLARSSL_MEMORY_C)
48#include "polarssl/memory.h"
49#else
50#define polarssl_malloc malloc
51#define polarssl_free free
52#endif
53
54#include <string.h>
55#include <stdlib.h>
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]56#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
57
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]58#include <windows.h>
59#else
60#include <time.h>
61#endif
62
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]63#if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]64#include <stdio.h>
65#endif
66
67/*
68 * Version ::= INTEGER { v1(0), v2(1) }
69 */
70static int x509_crl_get_version( unsigned char **p,
71 const unsigned char *end,
72 int *ver )
73{
74 int ret;
75
76 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
77 {
78 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
79 {
80 *ver = 0;
81 return( 0 );
82 }
83
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]84 return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]85 }
86
87 return( 0 );
88}
89
90/*
91 * X.509 CRL v2 extensions (no extensions parsed yet.)
92 */
93static int x509_get_crl_ext( unsigned char **p,
94 const unsigned char *end,
95 x509_buf *ext )
96{
97 int ret;
98 size_t len = 0;
99
100 /* Get explicit tag */
101 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
102 {
103 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
104 return( 0 );
105
106 return( ret );
107 }
108
109 while( *p < end )
110 {
111 if( ( ret = asn1_get_tag( p, end, &len,
112 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]113 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]114
115 *p += len;
116 }
117
118 if( *p != end )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]119 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]120 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
121
122 return( 0 );
123}
124
125/*
126 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
127 */
128static int x509_get_crl_entry_ext( unsigned char **p,
129 const unsigned char *end,
130 x509_buf *ext )
131{
132 int ret;
133 size_t len = 0;
134
135 /* OPTIONAL */
136 if (end <= *p)
137 return( 0 );
138
139 ext->tag = **p;
140 ext->p = *p;
141
142 /*
143 * Get CRL-entry extension sequence header
144 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
145 */
146 if( ( ret = asn1_get_tag( p, end, &ext->len,
147 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
148 {
149 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
150 {
151 ext->p = NULL;
152 return( 0 );
153 }
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]154 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]155 }
156
157 end = *p + ext->len;
158
159 if( end != *p + ext->len )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]160 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]161 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
162
163 while( *p < end )
164 {
165 if( ( ret = asn1_get_tag( p, end, &len,
166 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]167 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]168
169 *p += len;
170 }
171
172 if( *p != end )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]173 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]174 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
175
176 return( 0 );
177}
178
179/*
180 * X.509 CRL Entries
181 */
182static int x509_get_entries( unsigned char **p,
183 const unsigned char *end,
184 x509_crl_entry *entry )
185{
186 int ret;
187 size_t entry_len;
188 x509_crl_entry *cur_entry = entry;
189
190 if( *p == end )
191 return( 0 );
192
193 if( ( ret = asn1_get_tag( p, end, &entry_len,
194 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
195 {
196 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
197 return( 0 );
198
199 return( ret );
200 }
201
202 end = *p + entry_len;
203
204 while( *p < end )
205 {
206 size_t len2;
207 const unsigned char *end2;
208
209 if( ( ret = asn1_get_tag( p, end, &len2,
210 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
211 {
212 return( ret );
213 }
214
215 cur_entry->raw.tag = **p;
216 cur_entry->raw.p = *p;
217 cur_entry->raw.len = len2;
218 end2 = *p + len2;
219
220 if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
221 return( ret );
222
223 if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
224 return( ret );
225
226 if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
227 return( ret );
228
229 if ( *p < end )
230 {
231 cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) );
232
233 if( cur_entry->next == NULL )
234 return( POLARSSL_ERR_X509_MALLOC_FAILED );
235
236 cur_entry = cur_entry->next;
237 memset( cur_entry, 0, sizeof( x509_crl_entry ) );
238 }
239 }
240
241 return( 0 );
242}
243
244/*
245 * Parse one or more CRLs and add them to the chained list
246 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]247int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]248{
249 int ret;
250 size_t len;
251 unsigned char *p, *end;
252 x509_crl *crl;
Manuel Pégourié-Gonnard5eeb32b2014-01-24 15:56:20 +0100[diff] [blame]253 x509_buf sig_params;
254
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]255#if defined(POLARSSL_PEM_PARSE_C)
256 size_t use_len;
257 pem_context pem;
258#endif
259
Manuel Pégourié-Gonnard5eeb32b2014-01-24 15:56:20 +0100[diff] [blame]260 memset( &sig_params, 0, sizeof( x509_buf ) );
261
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]262 crl = chain;
263
264 /*
265 * Check for valid input
266 */
267 if( crl == NULL || buf == NULL )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]268 return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]269
270 while( crl->version != 0 && crl->next != NULL )
271 crl = crl->next;
272
273 /*
274 * Add new CRL on the end of the chain if needed.
275 */
276 if ( crl->version != 0 && crl->next == NULL)
277 {
278 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
279
280 if( crl->next == NULL )
281 {
282 x509_crl_free( crl );
283 return( POLARSSL_ERR_X509_MALLOC_FAILED );
284 }
285
286 crl = crl->next;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]287 x509_crl_init( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]288 }
289
290#if defined(POLARSSL_PEM_PARSE_C)
291 pem_init( &pem );
292 ret = pem_read_buffer( &pem,
293 "-----BEGIN X509 CRL-----",
294 "-----END X509 CRL-----",
295 buf, NULL, 0, &use_len );
296
297 if( ret == 0 )
298 {
299 /*
300 * Was PEM encoded
301 */
302 buflen -= use_len;
303 buf += use_len;
304
305 /*
306 * Steal PEM buffer
307 */
308 p = pem.buf;
309 pem.buf = NULL;
310 len = pem.buflen;
311 pem_free( &pem );
312 }
313 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
314 {
315 pem_free( &pem );
316 return( ret );
317 }
318 else
319#endif
320 {
321 /*
322 * nope, copy the raw DER data
323 */
324 p = (unsigned char *) polarssl_malloc( len = buflen );
325
326 if( p == NULL )
327 return( POLARSSL_ERR_X509_MALLOC_FAILED );
328
329 memcpy( p, buf, buflen );
330
331 buflen = 0;
332 }
333
334 crl->raw.p = p;
335 crl->raw.len = len;
336 end = p + len;
337
338 /*
339 * CertificateList ::= SEQUENCE {
340 * tbsCertList TBSCertList,
341 * signatureAlgorithm AlgorithmIdentifier,
342 * signatureValue BIT STRING }
343 */
344 if( ( ret = asn1_get_tag( &p, end, &len,
345 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
346 {
347 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]348 return( POLARSSL_ERR_X509_INVALID_FORMAT );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]349 }
350
351 if( len != (size_t) ( end - p ) )
352 {
353 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]354 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]355 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
356 }
357
358 /*
359 * TBSCertList ::= SEQUENCE {
360 */
361 crl->tbs.p = p;
362
363 if( ( ret = asn1_get_tag( &p, end, &len,
364 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
365 {
366 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]367 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]368 }
369
370 end = p + len;
371 crl->tbs.len = end - crl->tbs.p;
372
373 /*
374 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
375 * -- if present, MUST be v2
376 *
377 * signature AlgorithmIdentifier
378 */
379 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
Manuel Pégourié-Gonnard5eeb32b2014-01-24 15:56:20 +0100[diff] [blame]380 ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]381 {
382 x509_crl_free( crl );
383 return( ret );
384 }
385
386 crl->version++;
387
388 if( crl->version > 2 )
389 {
390 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]391 return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]392 }
393
394 if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
395 &crl->sig_pk ) ) != 0 )
396 {
397 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]398 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]399 }
400
Manuel Pégourié-Gonnard5eeb32b2014-01-24 15:56:20 +0100[diff] [blame]401#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
402 if( crl->sig_pk == POLARSSL_PK_RSASSA_PSS )
403 {
404 int salt_len, trailer_field;
405 md_type_t mgf_md;
406
407 /* Make sure params are valid */
408 ret = x509_get_rsassa_pss_params( &sig_params,
409 &crl->sig_md, &mgf_md, &salt_len, &trailer_field );
410 if( ret != 0 )
411 return( ret );
412
413 memcpy( &crl->sig_params, &sig_params, sizeof( x509_buf ) );
414 }
415 else
416#endif
417 {
418 /* Make sure parameters are absent or NULL */
419 if( ( sig_params.tag != ASN1_NULL && sig_params.tag != 0 ) ||
420 sig_params.len != 0 )
421 return( POLARSSL_ERR_X509_INVALID_ALG );
422 }
423
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]424 /*
425 * issuer Name
426 */
427 crl->issuer_raw.p = p;
428
429 if( ( ret = asn1_get_tag( &p, end, &len,
430 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
431 {
432 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]433 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]434 }
435
436 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
437 {
438 x509_crl_free( crl );
439 return( ret );
440 }
441
442 crl->issuer_raw.len = p - crl->issuer_raw.p;
443
444 /*
445 * thisUpdate Time
446 * nextUpdate Time OPTIONAL
447 */
448 if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
449 {
450 x509_crl_free( crl );
451 return( ret );
452 }
453
454 if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
455 {
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]456 if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]457 POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]458 ret != ( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]459 POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
460 {
461 x509_crl_free( crl );
462 return( ret );
463 }
464 }
465
466 /*
467 * revokedCertificates SEQUENCE OF SEQUENCE {
468 * userCertificate CertificateSerialNumber,
469 * revocationDate Time,
470 * crlEntryExtensions Extensions OPTIONAL
471 * -- if present, MUST be v2
472 * } OPTIONAL
473 */
474 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
475 {
476 x509_crl_free( crl );
477 return( ret );
478 }
479
480 /*
481 * crlExtensions EXPLICIT Extensions OPTIONAL
482 * -- if present, MUST be v2
483 */
484 if( crl->version == 2 )
485 {
486 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
487
488 if( ret != 0 )
489 {
490 x509_crl_free( crl );
491 return( ret );
492 }
493 }
494
495 if( p != end )
496 {
497 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]498 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]499 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
500 }
501
502 end = crl->raw.p + crl->raw.len;
503
504 /*
505 * signatureAlgorithm AlgorithmIdentifier,
506 * signatureValue BIT STRING
507 */
Manuel Pégourié-Gonnard5eeb32b2014-01-24 15:56:20 +0100[diff] [blame]508 if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]509 {
510 x509_crl_free( crl );
511 return( ret );
512 }
513
514 if( crl->sig_oid1.len != crl->sig_oid2.len ||
Manuel Pégourié-Gonnard5eeb32b2014-01-24 15:56:20 +0100[diff] [blame]515 memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0
516#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
517 ||
518 crl->sig_params.len != sig_params.len ||
519 memcmp( crl->sig_params.p, sig_params.p, sig_params.len ) != 0
520#endif
521 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]522 {
523 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]524 return( POLARSSL_ERR_X509_SIG_MISMATCH );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]525 }
526
527 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
528 {
529 x509_crl_free( crl );
530 return( ret );
531 }
532
533 if( p != end )
534 {
535 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]536 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]537 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
538 }
539
540 if( buflen > 0 )
541 {
542 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
543
544 if( crl->next == NULL )
545 {
546 x509_crl_free( crl );
547 return( POLARSSL_ERR_X509_MALLOC_FAILED );
548 }
549
550 crl = crl->next;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]551 x509_crl_init( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]552
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]553 return( x509_crl_parse( crl, buf, buflen ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]554 }
555
556 return( 0 );
557}
558
559#if defined(POLARSSL_FS_IO)
560/*
561 * Load one or more CRLs and add them to the chained list
562 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]563int x509_crl_parse_file( x509_crl *chain, const char *path )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]564{
565 int ret;
566 size_t n;
567 unsigned char *buf;
568
569 if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
570 return( ret );
571
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]572 ret = x509_crl_parse( chain, buf, n );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]573
574 memset( buf, 0, n + 1 );
575 polarssl_free( buf );
576
577 return( ret );
578}
579#endif /* POLARSSL_FS_IO */
580
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]581#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
582 !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]583#include <stdarg.h>
584
585#if !defined vsnprintf
586#define vsnprintf _vsnprintf
587#endif // vsnprintf
588
589/*
590 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
591 * Result value is not size of buffer needed, but -1 if no fit is possible.
592 *
593 * This fuction tries to 'fix' this by at least suggesting enlarging the
594 * size by 20.
595 */
596static int compat_snprintf(char *str, size_t size, const char *format, ...)
597{
598 va_list ap;
599 int res = -1;
600
601 va_start( ap, format );
602
603 res = vsnprintf( str, size, format, ap );
604
605 va_end( ap );
606
607 // No quick fix possible
608 if ( res < 0 )
609 return( (int) size + 20 );
610
611 return res;
612}
613
614#define snprintf compat_snprintf
615#endif
616
617#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
618
619#define SAFE_SNPRINTF() \
620{ \
621 if( ret == -1 ) \
622 return( -1 ); \
623 \
624 if ( (unsigned int) ret > n ) { \
625 p[n - 1] = '\0'; \
626 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
627 } \
628 \
629 n -= (unsigned int) ret; \
630 p += (unsigned int) ret; \
631}
632
633/*
634 * Return an informational string about the certificate.
635 */
636#define BEFORE_COLON 14
637#define BC "14"
638/*
639 * Return an informational string about the CRL.
640 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]641int x509_crl_info( char *buf, size_t size, const char *prefix,
642 const x509_crl *crl )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]643{
644 int ret;
645 size_t n;
646 char *p;
647 const char *desc;
648 const x509_crl_entry *entry;
649
650 p = buf;
651 n = size;
652
653 ret = snprintf( p, n, "%sCRL version : %d",
654 prefix, crl->version );
655 SAFE_SNPRINTF();
656
657 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
658 SAFE_SNPRINTF();
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]659 ret = x509_dn_gets( p, n, &crl->issuer );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]660 SAFE_SNPRINTF();
661
662 ret = snprintf( p, n, "\n%sthis update : " \
663 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
664 crl->this_update.year, crl->this_update.mon,
665 crl->this_update.day, crl->this_update.hour,
666 crl->this_update.min, crl->this_update.sec );
667 SAFE_SNPRINTF();
668
669 ret = snprintf( p, n, "\n%snext update : " \
670 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
671 crl->next_update.year, crl->next_update.mon,
672 crl->next_update.day, crl->next_update.hour,
673 crl->next_update.min, crl->next_update.sec );
674 SAFE_SNPRINTF();
675
676 entry = &crl->entry;
677
678 ret = snprintf( p, n, "\n%sRevoked certificates:",
679 prefix );
680 SAFE_SNPRINTF();
681
682 while( entry != NULL && entry->raw.len != 0 )
683 {
684 ret = snprintf( p, n, "\n%sserial number: ",
685 prefix );
686 SAFE_SNPRINTF();
687
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]688 ret = x509_serial_gets( p, n, &entry->serial);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]689 SAFE_SNPRINTF();
690
691 ret = snprintf( p, n, " revocation date: " \
692 "%04d-%02d-%02d %02d:%02d:%02d",
693 entry->revocation_date.year, entry->revocation_date.mon,
694 entry->revocation_date.day, entry->revocation_date.hour,
695 entry->revocation_date.min, entry->revocation_date.sec );
696 SAFE_SNPRINTF();
697
698 entry = entry->next;
699 }
700
701 ret = snprintf( p, n, "\n%ssigned using : ", prefix );
702 SAFE_SNPRINTF();
703
704 ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc );
705 if( ret != 0 )
706 ret = snprintf( p, n, "???" );
707 else
708 ret = snprintf( p, n, "%s", desc );
709 SAFE_SNPRINTF();
710
Manuel Pégourié-Gonnard5eeb32b2014-01-24 15:56:20 +0100[diff] [blame]711#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
712 if( crl->sig_pk == POLARSSL_PK_RSASSA_PSS )
713 {
714 md_type_t md_alg, mgf_md;
715 const md_info_t *md_info, *mgf_md_info;
716 int salt_len, trailer_field;
717
718 if( ( ret = x509_get_rsassa_pss_params( &crl->sig_params,
719 &md_alg, &mgf_md, &salt_len, &trailer_field ) ) != 0 )
720 return( ret );
721
722 md_info = md_info_from_type( md_alg );
723 mgf_md_info = md_info_from_type( mgf_md );
724
725 ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X, %d)",
726 md_info ? md_info->name : "???",
727 mgf_md_info ? mgf_md_info->name : "???",
728 salt_len, trailer_field );
729 SAFE_SNPRINTF();
730 }
731#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
732
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]733 ret = snprintf( p, n, "\n" );
734 SAFE_SNPRINTF();
735
736 return( (int) ( size - n ) );
737}
738
739/*
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]740 * Initialize a CRL chain
741 */
742void x509_crl_init( x509_crl *crl )
743{
744 memset( crl, 0, sizeof(x509_crl) );
745}
746
747/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]748 * Unallocate all CRL data
749 */
750void x509_crl_free( x509_crl *crl )
751{
752 x509_crl *crl_cur = crl;
753 x509_crl *crl_prv;
754 x509_name *name_cur;
755 x509_name *name_prv;
756 x509_crl_entry *entry_cur;
757 x509_crl_entry *entry_prv;
758
759 if( crl == NULL )
760 return;
761
762 do
763 {
764 name_cur = crl_cur->issuer.next;
765 while( name_cur != NULL )
766 {
767 name_prv = name_cur;
768 name_cur = name_cur->next;
769 memset( name_prv, 0, sizeof( x509_name ) );
770 polarssl_free( name_prv );
771 }
772
773 entry_cur = crl_cur->entry.next;
774 while( entry_cur != NULL )
775 {
776 entry_prv = entry_cur;
777 entry_cur = entry_cur->next;
778 memset( entry_prv, 0, sizeof( x509_crl_entry ) );
779 polarssl_free( entry_prv );
780 }
781
782 if( crl_cur->raw.p != NULL )
783 {
784 memset( crl_cur->raw.p, 0, crl_cur->raw.len );
785 polarssl_free( crl_cur->raw.p );
786 }
787
788 crl_cur = crl_cur->next;
789 }
790 while( crl_cur != NULL );
791
792 crl_cur = crl;
793 do
794 {
795 crl_prv = crl_cur;
796 crl_cur = crl_cur->next;
797
798 memset( crl_prv, 0, sizeof( x509_crl ) );
799 if( crl_prv != crl )
800 polarssl_free( crl_prv );
801 }
802 while( crl_cur != NULL );
803}
804
805#endif