TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9df5c96214e6a5b7208b9870f00600deb7be2c4c / . / library / x509_crl.c
blob: a63a6797530f3141ff6908b383c5f464eb8af755 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
2 * X.509 certificate and private key decoding
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc3279.txt
29 * http://www.ietf.org/rfc/rfc3280.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]37#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]38#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]39#else
40#include POLARSSL_CONFIG_FILE
41#endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]42
43#if defined(POLARSSL_X509_CRL_PARSE_C)
44
45#include "polarssl/x509_crl.h"
46#include "polarssl/oid.h"
47#if defined(POLARSSL_PEM_PARSE_C)
48#include "polarssl/pem.h"
49#endif
50
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]51#if defined(POLARSSL_PLATFORM_C)
52#include "polarssl/platform.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]53#else
54#define polarssl_malloc malloc
55#define polarssl_free free
56#endif
57
58#include <string.h>
59#include <stdlib.h>
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]60#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
61
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]62#include <windows.h>
63#else
64#include <time.h>
65#endif
66
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]67#if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]68#include <stdio.h>
69#endif
70
71/*
72 * Version ::= INTEGER { v1(0), v2(1) }
73 */
74static int x509_crl_get_version( unsigned char **p,
75 const unsigned char *end,
76 int *ver )
77{
78 int ret;
79
80 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
81 {
82 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
83 {
84 *ver = 0;
85 return( 0 );
86 }
87
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]88 return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]89 }
90
91 return( 0 );
92}
93
94/*
95 * X.509 CRL v2 extensions (no extensions parsed yet.)
96 */
97static int x509_get_crl_ext( unsigned char **p,
98 const unsigned char *end,
99 x509_buf *ext )
100{
101 int ret;
102 size_t len = 0;
103
104 /* Get explicit tag */
105 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
106 {
107 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
108 return( 0 );
109
110 return( ret );
111 }
112
113 while( *p < end )
114 {
115 if( ( ret = asn1_get_tag( p, end, &len,
116 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]117 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]118
119 *p += len;
120 }
121
122 if( *p != end )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]123 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]124 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
125
126 return( 0 );
127}
128
129/*
130 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
131 */
132static int x509_get_crl_entry_ext( unsigned char **p,
133 const unsigned char *end,
134 x509_buf *ext )
135{
136 int ret;
137 size_t len = 0;
138
139 /* OPTIONAL */
140 if (end <= *p)
141 return( 0 );
142
143 ext->tag = **p;
144 ext->p = *p;
145
146 /*
147 * Get CRL-entry extension sequence header
148 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
149 */
150 if( ( ret = asn1_get_tag( p, end, &ext->len,
151 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
152 {
153 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
154 {
155 ext->p = NULL;
156 return( 0 );
157 }
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]158 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]159 }
160
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]161 end = *p + ext->len;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]162
163 if( end != *p + ext->len )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]164 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]165 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
166
167 while( *p < end )
168 {
169 if( ( ret = asn1_get_tag( p, end, &len,
170 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]171 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]172
173 *p += len;
174 }
175
176 if( *p != end )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]177 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]178 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
179
180 return( 0 );
181}
182
183/*
184 * X.509 CRL Entries
185 */
186static int x509_get_entries( unsigned char **p,
187 const unsigned char *end,
188 x509_crl_entry *entry )
189{
190 int ret;
191 size_t entry_len;
192 x509_crl_entry *cur_entry = entry;
193
194 if( *p == end )
195 return( 0 );
196
197 if( ( ret = asn1_get_tag( p, end, &entry_len,
198 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
199 {
200 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
201 return( 0 );
202
203 return( ret );
204 }
205
206 end = *p + entry_len;
207
208 while( *p < end )
209 {
210 size_t len2;
211 const unsigned char *end2;
212
213 if( ( ret = asn1_get_tag( p, end, &len2,
214 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
215 {
216 return( ret );
217 }
218
219 cur_entry->raw.tag = **p;
220 cur_entry->raw.p = *p;
221 cur_entry->raw.len = len2;
222 end2 = *p + len2;
223
224 if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
225 return( ret );
226
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]227 if( ( ret = x509_get_time( p, end2,
228 &cur_entry->revocation_date ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]229 return( ret );
230
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]231 if( ( ret = x509_get_crl_entry_ext( p, end2,
232 &cur_entry->entry_ext ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]233 return( ret );
234
235 if ( *p < end )
236 {
237 cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) );
238
239 if( cur_entry->next == NULL )
240 return( POLARSSL_ERR_X509_MALLOC_FAILED );
241
242 cur_entry = cur_entry->next;
243 memset( cur_entry, 0, sizeof( x509_crl_entry ) );
244 }
245 }
246
247 return( 0 );
248}
249
250/*
251 * Parse one or more CRLs and add them to the chained list
252 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]253int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]254{
255 int ret;
256 size_t len;
257 unsigned char *p, *end;
258 x509_crl *crl;
259#if defined(POLARSSL_PEM_PARSE_C)
260 size_t use_len;
261 pem_context pem;
262#endif
263
264 crl = chain;
265
266 /*
267 * Check for valid input
268 */
269 if( crl == NULL || buf == NULL )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]270 return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]271
272 while( crl->version != 0 && crl->next != NULL )
273 crl = crl->next;
274
275 /*
276 * Add new CRL on the end of the chain if needed.
277 */
278 if ( crl->version != 0 && crl->next == NULL)
279 {
280 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
281
282 if( crl->next == NULL )
283 {
284 x509_crl_free( crl );
285 return( POLARSSL_ERR_X509_MALLOC_FAILED );
286 }
287
288 crl = crl->next;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]289 x509_crl_init( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]290 }
291
292#if defined(POLARSSL_PEM_PARSE_C)
293 pem_init( &pem );
294 ret = pem_read_buffer( &pem,
295 "-----BEGIN X509 CRL-----",
296 "-----END X509 CRL-----",
297 buf, NULL, 0, &use_len );
298
299 if( ret == 0 )
300 {
301 /*
302 * Was PEM encoded
303 */
304 buflen -= use_len;
305 buf += use_len;
306
307 /*
308 * Steal PEM buffer
309 */
310 p = pem.buf;
311 pem.buf = NULL;
312 len = pem.buflen;
313 pem_free( &pem );
314 }
315 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
316 {
317 pem_free( &pem );
318 return( ret );
319 }
320 else
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]321#endif /* POLARSSL_PEM_PARSE_C */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]322 {
323 /*
324 * nope, copy the raw DER data
325 */
326 p = (unsigned char *) polarssl_malloc( len = buflen );
327
328 if( p == NULL )
329 return( POLARSSL_ERR_X509_MALLOC_FAILED );
330
331 memcpy( p, buf, buflen );
332
333 buflen = 0;
334 }
335
336 crl->raw.p = p;
337 crl->raw.len = len;
338 end = p + len;
339
340 /*
341 * CertificateList ::= SEQUENCE {
342 * tbsCertList TBSCertList,
343 * signatureAlgorithm AlgorithmIdentifier,
344 * signatureValue BIT STRING }
345 */
346 if( ( ret = asn1_get_tag( &p, end, &len,
347 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
348 {
349 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]350 return( POLARSSL_ERR_X509_INVALID_FORMAT );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]351 }
352
353 if( len != (size_t) ( end - p ) )
354 {
355 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]356 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]357 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
358 }
359
360 /*
361 * TBSCertList ::= SEQUENCE {
362 */
363 crl->tbs.p = p;
364
365 if( ( ret = asn1_get_tag( &p, end, &len,
366 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
367 {
368 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]369 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]370 }
371
372 end = p + len;
373 crl->tbs.len = end - crl->tbs.p;
374
375 /*
376 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
377 * -- if present, MUST be v2
378 *
379 * signature AlgorithmIdentifier
380 */
381 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]382 ( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]383 {
384 x509_crl_free( crl );
385 return( ret );
386 }
387
388 crl->version++;
389
390 if( crl->version > 2 )
391 {
392 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]393 return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]394 }
395
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]396 if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
397 &crl->sig_pk ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]398 {
399 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]400 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]401 }
402
403 /*
404 * issuer Name
405 */
406 crl->issuer_raw.p = p;
407
408 if( ( ret = asn1_get_tag( &p, end, &len,
409 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
410 {
411 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]412 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]413 }
414
415 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
416 {
417 x509_crl_free( crl );
418 return( ret );
419 }
420
421 crl->issuer_raw.len = p - crl->issuer_raw.p;
422
423 /*
424 * thisUpdate Time
425 * nextUpdate Time OPTIONAL
426 */
427 if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
428 {
429 x509_crl_free( crl );
430 return( ret );
431 }
432
433 if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
434 {
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]435 if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]436 POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]437 ret != ( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]438 POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
439 {
440 x509_crl_free( crl );
441 return( ret );
442 }
443 }
444
445 /*
446 * revokedCertificates SEQUENCE OF SEQUENCE {
447 * userCertificate CertificateSerialNumber,
448 * revocationDate Time,
449 * crlEntryExtensions Extensions OPTIONAL
450 * -- if present, MUST be v2
451 * } OPTIONAL
452 */
453 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
454 {
455 x509_crl_free( crl );
456 return( ret );
457 }
458
459 /*
460 * crlExtensions EXPLICIT Extensions OPTIONAL
461 * -- if present, MUST be v2
462 */
463 if( crl->version == 2 )
464 {
465 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
466
467 if( ret != 0 )
468 {
469 x509_crl_free( crl );
470 return( ret );
471 }
472 }
473
474 if( p != end )
475 {
476 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]477 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]478 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
479 }
480
481 end = crl->raw.p + crl->raw.len;
482
483 /*
484 * signatureAlgorithm AlgorithmIdentifier,
485 * signatureValue BIT STRING
486 */
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]487 if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]488 {
489 x509_crl_free( crl );
490 return( ret );
491 }
492
493 if( crl->sig_oid1.len != crl->sig_oid2.len ||
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]494 memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]495 {
496 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]497 return( POLARSSL_ERR_X509_SIG_MISMATCH );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]498 }
499
500 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
501 {
502 x509_crl_free( crl );
503 return( ret );
504 }
505
506 if( p != end )
507 {
508 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]509 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]510 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
511 }
512
513 if( buflen > 0 )
514 {
515 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
516
517 if( crl->next == NULL )
518 {
519 x509_crl_free( crl );
520 return( POLARSSL_ERR_X509_MALLOC_FAILED );
521 }
522
523 crl = crl->next;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]524 x509_crl_init( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]525
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]526 return( x509_crl_parse( crl, buf, buflen ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]527 }
528
529 return( 0 );
530}
531
532#if defined(POLARSSL_FS_IO)
533/*
534 * Load one or more CRLs and add them to the chained list
535 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]536int x509_crl_parse_file( x509_crl *chain, const char *path )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]537{
538 int ret;
539 size_t n;
540 unsigned char *buf;
541
542 if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
543 return( ret );
544
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]545 ret = x509_crl_parse( chain, buf, n );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]546
547 memset( buf, 0, n + 1 );
548 polarssl_free( buf );
549
550 return( ret );
551}
552#endif /* POLARSSL_FS_IO */
553
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]554#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
555 !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]556#include <stdarg.h>
557
558#if !defined vsnprintf
559#define vsnprintf _vsnprintf
560#endif // vsnprintf
561
562/*
563 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
564 * Result value is not size of buffer needed, but -1 if no fit is possible.
565 *
566 * This fuction tries to 'fix' this by at least suggesting enlarging the
567 * size by 20.
568 */
569static int compat_snprintf(char *str, size_t size, const char *format, ...)
570{
571 va_list ap;
572 int res = -1;
573
574 va_start( ap, format );
575
576 res = vsnprintf( str, size, format, ap );
577
578 va_end( ap );
579
580 // No quick fix possible
581 if ( res < 0 )
582 return( (int) size + 20 );
583
584 return res;
585}
586
587#define snprintf compat_snprintf
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]588#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]589
590#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
591
592#define SAFE_SNPRINTF() \
593{ \
594 if( ret == -1 ) \
595 return( -1 ); \
596 \
597 if ( (unsigned int) ret > n ) { \
598 p[n - 1] = '\0'; \
599 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
600 } \
601 \
602 n -= (unsigned int) ret; \
603 p += (unsigned int) ret; \
604}
605
606/*
607 * Return an informational string about the certificate.
608 */
609#define BEFORE_COLON 14
610#define BC "14"
611/*
612 * Return an informational string about the CRL.
613 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]614int x509_crl_info( char *buf, size_t size, const char *prefix,
615 const x509_crl *crl )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]616{
617 int ret;
618 size_t n;
619 char *p;
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]620 const char *desc;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]621 const x509_crl_entry *entry;
622
623 p = buf;
624 n = size;
625
626 ret = snprintf( p, n, "%sCRL version : %d",
627 prefix, crl->version );
628 SAFE_SNPRINTF();
629
630 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
631 SAFE_SNPRINTF();
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]632 ret = x509_dn_gets( p, n, &crl->issuer );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]633 SAFE_SNPRINTF();
634
635 ret = snprintf( p, n, "\n%sthis update : " \
636 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
637 crl->this_update.year, crl->this_update.mon,
638 crl->this_update.day, crl->this_update.hour,
639 crl->this_update.min, crl->this_update.sec );
640 SAFE_SNPRINTF();
641
642 ret = snprintf( p, n, "\n%snext update : " \
643 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
644 crl->next_update.year, crl->next_update.mon,
645 crl->next_update.day, crl->next_update.hour,
646 crl->next_update.min, crl->next_update.sec );
647 SAFE_SNPRINTF();
648
649 entry = &crl->entry;
650
651 ret = snprintf( p, n, "\n%sRevoked certificates:",
652 prefix );
653 SAFE_SNPRINTF();
654
655 while( entry != NULL && entry->raw.len != 0 )
656 {
657 ret = snprintf( p, n, "\n%sserial number: ",
658 prefix );
659 SAFE_SNPRINTF();
660
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]661 ret = x509_serial_gets( p, n, &entry->serial);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]662 SAFE_SNPRINTF();
663
664 ret = snprintf( p, n, " revocation date: " \
665 "%04d-%02d-%02d %02d:%02d:%02d",
666 entry->revocation_date.year, entry->revocation_date.mon,
667 entry->revocation_date.day, entry->revocation_date.hour,
668 entry->revocation_date.min, entry->revocation_date.sec );
669 SAFE_SNPRINTF();
670
671 entry = entry->next;
672 }
673
674 ret = snprintf( p, n, "\n%ssigned using : ", prefix );
675 SAFE_SNPRINTF();
676
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]677 ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc );
678 if( ret != 0 )
679 ret = snprintf( p, n, "???" );
680 else
681 ret = snprintf( p, n, "%s", desc );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]682 SAFE_SNPRINTF();
683
684 ret = snprintf( p, n, "\n" );
685 SAFE_SNPRINTF();
686
687 return( (int) ( size - n ) );
688}
689
690/*
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]691 * Initialize a CRL chain
692 */
693void x509_crl_init( x509_crl *crl )
694{
695 memset( crl, 0, sizeof(x509_crl) );
696}
697
698/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]699 * Unallocate all CRL data
700 */
701void x509_crl_free( x509_crl *crl )
702{
703 x509_crl *crl_cur = crl;
704 x509_crl *crl_prv;
705 x509_name *name_cur;
706 x509_name *name_prv;
707 x509_crl_entry *entry_cur;
708 x509_crl_entry *entry_prv;
709
710 if( crl == NULL )
711 return;
712
713 do
714 {
715 name_cur = crl_cur->issuer.next;
716 while( name_cur != NULL )
717 {
718 name_prv = name_cur;
719 name_cur = name_cur->next;
720 memset( name_prv, 0, sizeof( x509_name ) );
721 polarssl_free( name_prv );
722 }
723
724 entry_cur = crl_cur->entry.next;
725 while( entry_cur != NULL )
726 {
727 entry_prv = entry_cur;
728 entry_cur = entry_cur->next;
729 memset( entry_prv, 0, sizeof( x509_crl_entry ) );
730 polarssl_free( entry_prv );
731 }
732
733 if( crl_cur->raw.p != NULL )
734 {
735 memset( crl_cur->raw.p, 0, crl_cur->raw.len );
736 polarssl_free( crl_cur->raw.p );
737 }
738
739 crl_cur = crl_cur->next;
740 }
741 while( crl_cur != NULL );
742
743 crl_cur = crl;
744 do
745 {
746 crl_prv = crl_cur;
747 crl_cur = crl_cur->next;
748
749 memset( crl_prv, 0, sizeof( x509_crl ) );
750 if( crl_prv != crl )
751 polarssl_free( crl_prv );
752 }
753 while( crl_cur != NULL );
754}
755
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]756#endif /* POLARSSL_X509_CRL_PARSE_C */