PolarSSL v1.1.5
x509parse.c
Go to the documentation of this file.
1 /*
2  * X.509 certificate and private key decoding
3  *
4  * Copyright (C) 2006-2011, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The ITU-T X.509 standard defines a certificat format for PKI.
27  *
28  * http://www.ietf.org/rfc/rfc2459.txt
29  * http://www.ietf.org/rfc/rfc3279.txt
30  *
31  * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32  *
33  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35  */
36 
37 #include "polarssl/config.h"
38 
39 #if defined(POLARSSL_X509_PARSE_C)
40 
41 #include "polarssl/x509.h"
42 #include "polarssl/asn1.h"
43 #include "polarssl/pem.h"
44 #include "polarssl/des.h"
45 #include "polarssl/md2.h"
46 #include "polarssl/md4.h"
47 #include "polarssl/md5.h"
48 #include "polarssl/sha1.h"
49 #include "polarssl/sha2.h"
50 #include "polarssl/sha4.h"
51 #include "polarssl/dhm.h"
52 
53 #include <string.h>
54 #include <stdlib.h>
55 #if defined(_WIN32)
56 #include <windows.h>
57 #else
58 #include <time.h>
59 #endif
60 
61 #if defined(POLARSSL_FS_IO)
62 #include <stdio.h>
63 #endif
64 
65 /*
66  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
67  */
68 static int x509_get_version( unsigned char **p,
69  const unsigned char *end,
70  int *ver )
71 {
72  int ret;
73  size_t len;
74 
75  if( ( ret = asn1_get_tag( p, end, &len,
77  {
79  {
80  *ver = 0;
81  return( 0 );
82  }
83 
84  return( ret );
85  }
86 
87  end = *p + len;
88 
89  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
91 
92  if( *p != end )
95 
96  return( 0 );
97 }
98 
99 /*
100  * Version ::= INTEGER { v1(0), v2(1) }
101  */
102 static int x509_crl_get_version( unsigned char **p,
103  const unsigned char *end,
104  int *ver )
105 {
106  int ret;
107 
108  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
109  {
111  {
112  *ver = 0;
113  return( 0 );
114  }
115 
117  }
118 
119  return( 0 );
120 }
121 
122 /*
123  * CertificateSerialNumber ::= INTEGER
124  */
125 static int x509_get_serial( unsigned char **p,
126  const unsigned char *end,
127  x509_buf *serial )
128 {
129  int ret;
130 
131  if( ( end - *p ) < 1 )
134 
135  if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
136  **p != ASN1_INTEGER )
139 
140  serial->tag = *(*p)++;
141 
142  if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
144 
145  serial->p = *p;
146  *p += serial->len;
147 
148  return( 0 );
149 }
150 
151 /*
152  * AlgorithmIdentifier ::= SEQUENCE {
153  * algorithm OBJECT IDENTIFIER,
154  * parameters ANY DEFINED BY algorithm OPTIONAL }
155  */
156 static int x509_get_alg( unsigned char **p,
157  const unsigned char *end,
158  x509_buf *alg )
159 {
160  int ret;
161  size_t len;
162 
163  if( ( ret = asn1_get_tag( p, end, &len,
164  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
165  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
166 
167  end = *p + len;
168  alg->tag = **p;
169 
170  if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
171  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
172 
173  alg->p = *p;
174  *p += alg->len;
175 
176  if( *p == end )
177  return( 0 );
178 
179  /*
180  * assume the algorithm parameters must be NULL
181  */
182  if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
183  return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
184 
185  if( *p != end )
188 
189  return( 0 );
190 }
191 
192 /*
193  * AttributeTypeAndValue ::= SEQUENCE {
194  * type AttributeType,
195  * value AttributeValue }
196  *
197  * AttributeType ::= OBJECT IDENTIFIER
198  *
199  * AttributeValue ::= ANY DEFINED BY AttributeType
200  */
201 static int x509_get_attr_type_value( unsigned char **p,
202  const unsigned char *end,
203  x509_name *cur )
204 {
205  int ret;
206  size_t len;
207  x509_buf *oid;
208  x509_buf *val;
209 
210  if( ( ret = asn1_get_tag( p, end, &len,
211  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
212  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
213 
214  oid = &cur->oid;
215  oid->tag = **p;
216 
217  if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
218  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
219 
220  oid->p = *p;
221  *p += oid->len;
222 
223  if( ( end - *p ) < 1 )
226 
227  if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
228  **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
229  **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
232 
233  val = &cur->val;
234  val->tag = *(*p)++;
235 
236  if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
237  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
238 
239  val->p = *p;
240  *p += val->len;
241 
242  cur->next = NULL;
243 
244  return( 0 );
245 }
246 
247 /*
248  * RelativeDistinguishedName ::=
249  * SET OF AttributeTypeAndValue
250  *
251  * AttributeTypeAndValue ::= SEQUENCE {
252  * type AttributeType,
253  * value AttributeValue }
254  *
255  * AttributeType ::= OBJECT IDENTIFIER
256  *
257  * AttributeValue ::= ANY DEFINED BY AttributeType
258  */
259 static int x509_get_name( unsigned char **p,
260  const unsigned char *end,
261  x509_name *cur )
262 {
263  int ret;
264  size_t len;
265  const unsigned char *end2;
266  x509_name *use;
267 
268  if( ( ret = asn1_get_tag( p, end, &len,
269  ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
270  return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
271 
272  end2 = end;
273  end = *p + len;
274  use = cur;
275 
276  do
277  {
278  if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
279  return( ret );
280 
281  if( *p != end )
282  {
283  use->next = (x509_name *) malloc(
284  sizeof( x509_name ) );
285 
286  if( use->next == NULL )
288 
289  memset( use->next, 0, sizeof( x509_name ) );
290 
291  use = use->next;
292  }
293  }
294  while( *p != end );
295 
296  /*
297  * recurse until end of SEQUENCE is reached
298  */
299  if( *p == end2 )
300  return( 0 );
301 
302  cur->next = (x509_name *) malloc(
303  sizeof( x509_name ) );
304 
305  if( cur->next == NULL )
307 
308  memset( cur->next, 0, sizeof( x509_name ) );
309 
310  return( x509_get_name( p, end2, cur->next ) );
311 }
312 
313 /*
314  * Time ::= CHOICE {
315  * utcTime UTCTime,
316  * generalTime GeneralizedTime }
317  */
318 static int x509_get_time( unsigned char **p,
319  const unsigned char *end,
320  x509_time *time )
321 {
322  int ret;
323  size_t len;
324  char date[64];
325  unsigned char tag;
326 
327  if( ( end - *p ) < 1 )
330 
331  tag = **p;
332 
333  if ( tag == ASN1_UTC_TIME )
334  {
335  (*p)++;
336  ret = asn1_get_len( p, end, &len );
337 
338  if( ret != 0 )
339  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
340 
341  memset( date, 0, sizeof( date ) );
342  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
343  len : sizeof( date ) - 1 );
344 
345  if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
346  &time->year, &time->mon, &time->day,
347  &time->hour, &time->min, &time->sec ) < 5 )
349 
350  time->year += 100 * ( time->year < 50 );
351  time->year += 1900;
352 
353  *p += len;
354 
355  return( 0 );
356  }
357  else if ( tag == ASN1_GENERALIZED_TIME )
358  {
359  (*p)++;
360  ret = asn1_get_len( p, end, &len );
361 
362  if( ret != 0 )
363  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
364 
365  memset( date, 0, sizeof( date ) );
366  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
367  len : sizeof( date ) - 1 );
368 
369  if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
370  &time->year, &time->mon, &time->day,
371  &time->hour, &time->min, &time->sec ) < 5 )
373 
374  *p += len;
375 
376  return( 0 );
377  }
378  else
380 }
381 
382 
383 /*
384  * Validity ::= SEQUENCE {
385  * notBefore Time,
386  * notAfter Time }
387  */
388 static int x509_get_dates( unsigned char **p,
389  const unsigned char *end,
390  x509_time *from,
391  x509_time *to )
392 {
393  int ret;
394  size_t len;
395 
396  if( ( ret = asn1_get_tag( p, end, &len,
397  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
398  return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
399 
400  end = *p + len;
401 
402  if( ( ret = x509_get_time( p, end, from ) ) != 0 )
403  return( ret );
404 
405  if( ( ret = x509_get_time( p, end, to ) ) != 0 )
406  return( ret );
407 
408  if( *p != end )
411 
412  return( 0 );
413 }
414 
415 /*
416  * SubjectPublicKeyInfo ::= SEQUENCE {
417  * algorithm AlgorithmIdentifier,
418  * subjectPublicKey BIT STRING }
419  */
420 static int x509_get_pubkey( unsigned char **p,
421  const unsigned char *end,
422  x509_buf *pk_alg_oid,
423  mpi *N, mpi *E )
424 {
425  int ret, can_handle;
426  size_t len;
427  unsigned char *end2;
428 
429  if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
430  return( ret );
431 
432  /*
433  * only RSA public keys handled at this time
434  */
435  can_handle = 0;
436 
437  if( pk_alg_oid->len == 9 &&
438  memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) == 0 )
439  can_handle = 1;
440 
441  if( pk_alg_oid->len == 9 &&
442  memcmp( pk_alg_oid->p, OID_PKCS1, 8 ) == 0 )
443  {
444  if( pk_alg_oid->p[8] >= 2 && pk_alg_oid->p[8] <= 5 )
445  can_handle = 1;
446 
447  if ( pk_alg_oid->p[8] >= 11 && pk_alg_oid->p[8] <= 14 )
448  can_handle = 1;
449  }
450 
451  if( pk_alg_oid->len == 5 &&
452  memcmp( pk_alg_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
453  can_handle = 1;
454 
455  if( can_handle == 0 )
457 
458  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
460 
461  if( ( end - *p ) < 1 )
464 
465  end2 = *p + len;
466 
467  if( *(*p)++ != 0 )
469 
470  /*
471  * RSAPublicKey ::= SEQUENCE {
472  * modulus INTEGER, -- n
473  * publicExponent INTEGER -- e
474  * }
475  */
476  if( ( ret = asn1_get_tag( p, end2, &len,
477  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
479 
480  if( *p + len != end2 )
483 
484  if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
485  ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
487 
488  if( *p != end )
491 
492  return( 0 );
493 }
494 
495 static int x509_get_sig( unsigned char **p,
496  const unsigned char *end,
497  x509_buf *sig )
498 {
499  int ret;
500  size_t len;
501 
502  sig->tag = **p;
503 
504  if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
506 
507 
508  if( --len < 1 || *(*p)++ != 0 )
510 
511  sig->len = len;
512  sig->p = *p;
513 
514  *p += len;
515 
516  return( 0 );
517 }
518 
519 /*
520  * X.509 v2/v3 unique identifier (not parsed)
521  */
522 static int x509_get_uid( unsigned char **p,
523  const unsigned char *end,
524  x509_buf *uid, int n )
525 {
526  int ret;
527 
528  if( *p == end )
529  return( 0 );
530 
531  uid->tag = **p;
532 
533  if( ( ret = asn1_get_tag( p, end, &uid->len,
534  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
535  {
537  return( 0 );
538 
539  return( ret );
540  }
541 
542  uid->p = *p;
543  *p += uid->len;
544 
545  return( 0 );
546 }
547 
548 /*
549  * X.509 Extensions (No parsing of extensions, pointer should
550  * be either manually updated or extensions should be parsed!
551  */
552 static int x509_get_ext( unsigned char **p,
553  const unsigned char *end,
554  x509_buf *ext, int tag )
555 {
556  int ret;
557  size_t len;
558 
559  if( *p == end )
560  return( 0 );
561 
562  ext->tag = **p;
563 
564  if( ( ret = asn1_get_tag( p, end, &ext->len,
565  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
566  return( ret );
567 
568  ext->p = *p;
569  end = *p + ext->len;
570 
571  /*
572  * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
573  *
574  * Extension ::= SEQUENCE {
575  * extnID OBJECT IDENTIFIER,
576  * critical BOOLEAN DEFAULT FALSE,
577  * extnValue OCTET STRING }
578  */
579  if( ( ret = asn1_get_tag( p, end, &len,
580  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
582 
583  if( end != *p + len )
586 
587  return( 0 );
588 }
589 
590 /*
591  * X.509 CRL v2 extensions (no extensions parsed yet.)
592  */
593 static int x509_get_crl_ext( unsigned char **p,
594  const unsigned char *end,
595  x509_buf *ext )
596 {
597  int ret;
598  size_t len = 0;
599 
600  /* Get explicit tag */
601  if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
602  {
604  return( 0 );
605 
606  return( ret );
607  }
608 
609  while( *p < end )
610  {
611  if( ( ret = asn1_get_tag( p, end, &len,
612  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
614 
615  *p += len;
616  }
617 
618  if( *p != end )
621 
622  return( 0 );
623 }
624 
625 /*
626  * X.509 CRL v2 entry extensions (no extensions parsed yet.)
627  */
628 static int x509_get_crl_entry_ext( unsigned char **p,
629  const unsigned char *end,
630  x509_buf *ext )
631 {
632  int ret;
633  size_t len = 0;
634 
635  /* OPTIONAL */
636  if (end <= *p)
637  return( 0 );
638 
639  ext->tag = **p;
640  ext->p = *p;
641 
642  /*
643  * Get CRL-entry extension sequence header
644  * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
645  */
646  if( ( ret = asn1_get_tag( p, end, &ext->len,
647  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
648  {
650  {
651  ext->p = NULL;
652  return( 0 );
653  }
655  }
656 
657  end = *p + ext->len;
658 
659  if( end != *p + ext->len )
662 
663  while( *p < end )
664  {
665  if( ( ret = asn1_get_tag( p, end, &len,
666  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
668 
669  *p += len;
670  }
671 
672  if( *p != end )
675 
676  return( 0 );
677 }
678 
679 static int x509_get_basic_constraints( unsigned char **p,
680  const unsigned char *end,
681  int *ca_istrue,
682  int *max_pathlen )
683 {
684  int ret;
685  size_t len;
686 
687  /*
688  * BasicConstraints ::= SEQUENCE {
689  * cA BOOLEAN DEFAULT FALSE,
690  * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
691  */
692  *ca_istrue = 0; /* DEFAULT FALSE */
693  *max_pathlen = 0; /* endless */
694 
695  if( ( ret = asn1_get_tag( p, end, &len,
696  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
698 
699  if( *p == end )
700  return 0;
701 
702  if( ( ret = asn1_get_bool( p, end, ca_istrue ) ) != 0 )
703  {
705  ret = asn1_get_int( p, end, ca_istrue );
706 
707  if( ret != 0 )
709 
710  if( *ca_istrue != 0 )
711  *ca_istrue = 1;
712  }
713 
714  if( *p == end )
715  return 0;
716 
717  if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
719 
720  if( *p != end )
723 
724  (*max_pathlen)++;
725 
726  return 0;
727 }
728 
729 static int x509_get_ns_cert_type( unsigned char **p,
730  const unsigned char *end,
731  unsigned char *ns_cert_type)
732 {
733  int ret;
734  x509_bitstring bs = { 0, 0, NULL };
735 
736  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
738 
739  if( bs.len != 1 )
742 
743  /* Get actual bitstring */
744  *ns_cert_type = *bs.p;
745  return 0;
746 }
747 
748 static int x509_get_key_usage( unsigned char **p,
749  const unsigned char *end,
750  unsigned char *key_usage)
751 {
752  int ret;
753  x509_bitstring bs = { 0, 0, NULL };
754 
755  if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
757 
758  if( bs.len > 1 )
761 
762  /* Get actual bitstring */
763  *key_usage = *bs.p;
764  return 0;
765 }
766 
767 /*
768  * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
769  *
770  * KeyPurposeId ::= OBJECT IDENTIFIER
771  */
772 static int x509_get_ext_key_usage( unsigned char **p,
773  const unsigned char *end,
774  x509_sequence *ext_key_usage)
775 {
776  int ret;
777 
778  if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
780 
781  /* Sequence length must be >= 1 */
782  if( ext_key_usage->buf.p == NULL )
785 
786  return 0;
787 }
788 
789 /*
790  * X.509 v3 extensions
791  *
792  * TODO: Perform all of the basic constraints tests required by the RFC
793  * TODO: Set values for undetected extensions to a sane default?
794  *
795  */
796 static int x509_get_crt_ext( unsigned char **p,
797  const unsigned char *end,
798  x509_cert *crt )
799 {
800  int ret;
801  size_t len;
802  unsigned char *end_ext_data, *end_ext_octet;
803 
804  if( ( ret = x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
805  {
807  return( 0 );
808 
809  return( ret );
810  }
811 
812  while( *p < end )
813  {
814  /*
815  * Extension ::= SEQUENCE {
816  * extnID OBJECT IDENTIFIER,
817  * critical BOOLEAN DEFAULT FALSE,
818  * extnValue OCTET STRING }
819  */
820  x509_buf extn_oid = {0, 0, NULL};
821  int is_critical = 0; /* DEFAULT FALSE */
822 
823  if( ( ret = asn1_get_tag( p, end, &len,
824  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
826 
827  end_ext_data = *p + len;
828 
829  /* Get extension ID */
830  extn_oid.tag = **p;
831 
832  if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
834 
835  extn_oid.p = *p;
836  *p += extn_oid.len;
837 
838  if( ( end - *p ) < 1 )
841 
842  /* Get optional critical */
843  if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
846 
847  /* Data should be octet string type */
848  if( ( ret = asn1_get_tag( p, end_ext_data, &len,
849  ASN1_OCTET_STRING ) ) != 0 )
851 
852  end_ext_octet = *p + len;
853 
854  if( end_ext_octet != end_ext_data )
857 
858  /*
859  * Detect supported extensions
860  */
861  if( ( OID_SIZE( OID_BASIC_CONSTRAINTS ) == extn_oid.len ) &&
862  memcmp( extn_oid.p, OID_BASIC_CONSTRAINTS, extn_oid.len ) == 0 )
863  {
864  /* Parse basic constraints */
865  if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
866  &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
867  return ( ret );
869  }
870  else if( ( OID_SIZE( OID_NS_CERT_TYPE ) == extn_oid.len ) &&
871  memcmp( extn_oid.p, OID_NS_CERT_TYPE, extn_oid.len ) == 0 )
872  {
873  /* Parse netscape certificate type */
874  if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
875  &crt->ns_cert_type ) ) != 0 )
876  return ( ret );
877  crt->ext_types |= EXT_NS_CERT_TYPE;
878  }
879  else if( ( OID_SIZE( OID_KEY_USAGE ) == extn_oid.len ) &&
880  memcmp( extn_oid.p, OID_KEY_USAGE, extn_oid.len ) == 0 )
881  {
882  /* Parse key usage */
883  if( ( ret = x509_get_key_usage( p, end_ext_octet,
884  &crt->key_usage ) ) != 0 )
885  return ( ret );
886  crt->ext_types |= EXT_KEY_USAGE;
887  }
888  else if( ( OID_SIZE( OID_EXTENDED_KEY_USAGE ) == extn_oid.len ) &&
889  memcmp( extn_oid.p, OID_EXTENDED_KEY_USAGE, extn_oid.len ) == 0 )
890  {
891  /* Parse extended key usage */
892  if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
893  &crt->ext_key_usage ) ) != 0 )
894  return ( ret );
896  }
897  else
898  {
899  /* No parser found, skip extension */
900  *p = end_ext_octet;
901 
902 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
903  if( is_critical )
904  {
905  /* Data is marked as critical: fail */
908  }
909 #endif
910  }
911  }
912 
913  if( *p != end )
916 
917  return( 0 );
918 }
919 
920 /*
921  * X.509 CRL Entries
922  */
923 static int x509_get_entries( unsigned char **p,
924  const unsigned char *end,
926 {
927  int ret;
928  size_t entry_len;
929  x509_crl_entry *cur_entry = entry;
930 
931  if( *p == end )
932  return( 0 );
933 
934  if( ( ret = asn1_get_tag( p, end, &entry_len,
935  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
936  {
938  return( 0 );
939 
940  return( ret );
941  }
942 
943  end = *p + entry_len;
944 
945  while( *p < end )
946  {
947  size_t len2;
948  const unsigned char *end2;
949 
950  if( ( ret = asn1_get_tag( p, end, &len2,
951  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
952  {
953  return( ret );
954  }
955 
956  cur_entry->raw.tag = **p;
957  cur_entry->raw.p = *p;
958  cur_entry->raw.len = len2;
959  end2 = *p + len2;
960 
961  if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
962  return( ret );
963 
964  if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
965  return( ret );
966 
967  if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
968  return( ret );
969 
970  if ( *p < end )
971  {
972  cur_entry->next = malloc( sizeof( x509_crl_entry ) );
973 
974  if( cur_entry->next == NULL )
976 
977  cur_entry = cur_entry->next;
978  memset( cur_entry, 0, sizeof( x509_crl_entry ) );
979  }
980  }
981 
982  return( 0 );
983 }
984 
985 static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
986 {
987  if( sig_oid->len == 9 &&
988  memcmp( sig_oid->p, OID_PKCS1, 8 ) == 0 )
989  {
990  if( sig_oid->p[8] >= 2 && sig_oid->p[8] <= 5 )
991  {
992  *sig_alg = sig_oid->p[8];
993  return( 0 );
994  }
995 
996  if ( sig_oid->p[8] >= 11 && sig_oid->p[8] <= 14 )
997  {
998  *sig_alg = sig_oid->p[8];
999  return( 0 );
1000  }
1001 
1003  }
1004  if( sig_oid->len == 5 &&
1005  memcmp( sig_oid->p, OID_RSA_SHA_OBS, 5 ) == 0 )
1006  {
1007  *sig_alg = SIG_RSA_SHA1;
1008  return( 0 );
1009  }
1010 
1012 }
1013 
1014 /*
1015  * Parse and fill a single X.509 certificate in DER format
1016  */
1017 int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
1018 {
1019  int ret;
1020  size_t len;
1021  unsigned char *p, *end, *crt_end;
1022 
1023  /*
1024  * Check for valid input
1025  */
1026  if( crt == NULL || buf == NULL )
1028 
1029  p = (unsigned char *) malloc( len = buflen );
1030 
1031  if( p == NULL )
1033 
1034  memcpy( p, buf, buflen );
1035 
1036  buflen = 0;
1037 
1038  crt->raw.p = p;
1039  crt->raw.len = len;
1040  end = p + len;
1041 
1042  /*
1043  * Certificate ::= SEQUENCE {
1044  * tbsCertificate TBSCertificate,
1045  * signatureAlgorithm AlgorithmIdentifier,
1046  * signatureValue BIT STRING }
1047  */
1048  if( ( ret = asn1_get_tag( &p, end, &len,
1049  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1050  {
1051  x509_free( crt );
1053  }
1054 
1055  if( len > (size_t) ( end - p ) )
1056  {
1057  x509_free( crt );
1060  }
1061  crt_end = p + len;
1062 
1063  /*
1064  * TBSCertificate ::= SEQUENCE {
1065  */
1066  crt->tbs.p = p;
1067 
1068  if( ( ret = asn1_get_tag( &p, end, &len,
1069  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1070  {
1071  x509_free( crt );
1072  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1073  }
1074 
1075  end = p + len;
1076  crt->tbs.len = end - crt->tbs.p;
1077 
1078  /*
1079  * Version ::= INTEGER { v1(0), v2(1), v3(2) }
1080  *
1081  * CertificateSerialNumber ::= INTEGER
1082  *
1083  * signature AlgorithmIdentifier
1084  */
1085  if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
1086  ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
1087  ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
1088  {
1089  x509_free( crt );
1090  return( ret );
1091  }
1092 
1093  crt->version++;
1094 
1095  if( crt->version > 3 )
1096  {
1097  x509_free( crt );
1099  }
1100 
1101  if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_alg ) ) != 0 )
1102  {
1103  x509_free( crt );
1104  return( ret );
1105  }
1106 
1107  /*
1108  * issuer Name
1109  */
1110  crt->issuer_raw.p = p;
1111 
1112  if( ( ret = asn1_get_tag( &p, end, &len,
1113  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1114  {
1115  x509_free( crt );
1116  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1117  }
1118 
1119  if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
1120  {
1121  x509_free( crt );
1122  return( ret );
1123  }
1124 
1125  crt->issuer_raw.len = p - crt->issuer_raw.p;
1126 
1127  /*
1128  * Validity ::= SEQUENCE {
1129  * notBefore Time,
1130  * notAfter Time }
1131  *
1132  */
1133  if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
1134  &crt->valid_to ) ) != 0 )
1135  {
1136  x509_free( crt );
1137  return( ret );
1138  }
1139 
1140  /*
1141  * subject Name
1142  */
1143  crt->subject_raw.p = p;
1144 
1145  if( ( ret = asn1_get_tag( &p, end, &len,
1146  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1147  {
1148  x509_free( crt );
1149  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1150  }
1151 
1152  if( ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
1153  {
1154  x509_free( crt );
1155  return( ret );
1156  }
1157 
1158  crt->subject_raw.len = p - crt->subject_raw.p;
1159 
1160  /*
1161  * SubjectPublicKeyInfo ::= SEQUENCE
1162  * algorithm AlgorithmIdentifier,
1163  * subjectPublicKey BIT STRING }
1164  */
1165  if( ( ret = asn1_get_tag( &p, end, &len,
1166  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1167  {
1168  x509_free( crt );
1169  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1170  }
1171 
1172  if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
1173  &crt->rsa.N, &crt->rsa.E ) ) != 0 )
1174  {
1175  x509_free( crt );
1176  return( ret );
1177  }
1178 
1179  if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
1180  {
1181  x509_free( crt );
1182  return( ret );
1183  }
1184 
1185  crt->rsa.len = mpi_size( &crt->rsa.N );
1186 
1187  /*
1188  * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1189  * -- If present, version shall be v2 or v3
1190  * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1191  * -- If present, version shall be v2 or v3
1192  * extensions [3] EXPLICIT Extensions OPTIONAL
1193  * -- If present, version shall be v3
1194  */
1195  if( crt->version == 2 || crt->version == 3 )
1196  {
1197  ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
1198  if( ret != 0 )
1199  {
1200  x509_free( crt );
1201  return( ret );
1202  }
1203  }
1204 
1205  if( crt->version == 2 || crt->version == 3 )
1206  {
1207  ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
1208  if( ret != 0 )
1209  {
1210  x509_free( crt );
1211  return( ret );
1212  }
1213  }
1214 
1215  if( crt->version == 3 )
1216  {
1217  ret = x509_get_crt_ext( &p, end, crt);
1218  if( ret != 0 )
1219  {
1220  x509_free( crt );
1221  return( ret );
1222  }
1223  }
1224 
1225  if( p != end )
1226  {
1227  x509_free( crt );
1230  }
1231 
1232  end = crt_end;
1233 
1234  /*
1235  * signatureAlgorithm AlgorithmIdentifier,
1236  * signatureValue BIT STRING
1237  */
1238  if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
1239  {
1240  x509_free( crt );
1241  return( ret );
1242  }
1243 
1244  if( crt->sig_oid1.len != crt->sig_oid2.len ||
1245  memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
1246  {
1247  x509_free( crt );
1249  }
1250 
1251  if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
1252  {
1253  x509_free( crt );
1254  return( ret );
1255  }
1256 
1257  if( p != end )
1258  {
1259  x509_free( crt );
1262  }
1263 
1264  return( 0 );
1265 }
1266 
1267 /*
1268  * Parse one or more PEM certificates from a buffer and add them to the chained list
1269  */
1270 int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
1271 {
1272  int ret, success = 0, first_error = 0, total_failed = 0;
1273  x509_cert *crt, *prev = NULL;
1274  int buf_format = X509_FORMAT_DER;
1275 
1276  crt = chain;
1277 
1278  /*
1279  * Check for valid input
1280  */
1281  if( crt == NULL || buf == NULL )
1283 
1284  while( crt->version != 0 && crt->next != NULL )
1285  {
1286  prev = crt;
1287  crt = crt->next;
1288  }
1289 
1290  /*
1291  * Add new certificate on the end of the chain if needed.
1292  */
1293  if ( crt->version != 0 && crt->next == NULL)
1294  {
1295  crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1296 
1297  if( crt->next == NULL )
1299 
1300  prev = crt;
1301  crt = crt->next;
1302  memset( crt, 0, sizeof( x509_cert ) );
1303  }
1304 
1305  /*
1306  * Determine buffer content. Buffer contains either one DER certificate or
1307  * one or more PEM certificates.
1308  */
1309 #if defined(POLARSSL_PEM_C)
1310  if( strstr( (char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
1311  buf_format = X509_FORMAT_PEM;
1312 #endif
1313 
1314  if( buf_format == X509_FORMAT_DER )
1315  return x509parse_crt_der( crt, buf, buflen );
1316 
1317 #if defined(POLARSSL_PEM_C)
1318  if( buf_format == X509_FORMAT_PEM )
1319  {
1320  pem_context pem;
1321 
1322  while( buflen > 0 )
1323  {
1324  size_t use_len;
1325  pem_init( &pem );
1326 
1327  ret = pem_read_buffer( &pem,
1328  "-----BEGIN CERTIFICATE-----",
1329  "-----END CERTIFICATE-----",
1330  buf, NULL, 0, &use_len );
1331 
1332  if( ret == 0 )
1333  {
1334  /*
1335  * Was PEM encoded
1336  */
1337  buflen -= use_len;
1338  buf += use_len;
1339  }
1340  else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1341  {
1342  pem_free( &pem );
1343 
1344  if( first_error == 0 )
1345  first_error = ret;
1346 
1347  continue;
1348  }
1349  else
1350  break;
1351 
1352  ret = x509parse_crt_der( crt, pem.buf, pem.buflen );
1353 
1354  pem_free( &pem );
1355 
1356  if( ret != 0 )
1357  {
1358  /*
1359  * quit parsing on a memory error
1360  */
1361  if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
1362  {
1363  if( prev )
1364  prev->next = NULL;
1365 
1366  if( crt != chain )
1367  free( crt );
1368 
1369  return( ret );
1370  }
1371 
1372  if( first_error == 0 )
1373  first_error = ret;
1374 
1375  total_failed++;
1376 
1377  memset( crt, 0, sizeof( x509_cert ) );
1378  continue;
1379  }
1380 
1381  success = 1;
1382 
1383  /*
1384  * Add new certificate to the list
1385  */
1386  crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
1387 
1388  if( crt->next == NULL )
1390 
1391  prev = crt;
1392  crt = crt->next;
1393  memset( crt, 0, sizeof( x509_cert ) );
1394  }
1395  }
1396 #endif
1397 
1398  if( crt->version == 0 )
1399  {
1400  if( prev )
1401  prev->next = NULL;
1402 
1403  if( crt != chain )
1404  free( crt );
1405  }
1406 
1407  if( success )
1408  return( total_failed );
1409  else if( first_error )
1410  return( first_error );
1411  else
1413 }
1414 
1415 /*
1416  * Parse one or more CRLs and add them to the chained list
1417  */
1418 int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
1419 {
1420  int ret;
1421  size_t len;
1422  unsigned char *p, *end;
1423  x509_crl *crl;
1424 #if defined(POLARSSL_PEM_C)
1425  size_t use_len;
1426  pem_context pem;
1427 #endif
1428 
1429  crl = chain;
1430 
1431  /*
1432  * Check for valid input
1433  */
1434  if( crl == NULL || buf == NULL )
1436 
1437  while( crl->version != 0 && crl->next != NULL )
1438  crl = crl->next;
1439 
1440  /*
1441  * Add new CRL on the end of the chain if needed.
1442  */
1443  if ( crl->version != 0 && crl->next == NULL)
1444  {
1445  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1446 
1447  if( crl->next == NULL )
1448  {
1449  x509_crl_free( crl );
1451  }
1452 
1453  crl = crl->next;
1454  memset( crl, 0, sizeof( x509_crl ) );
1455  }
1456 
1457 #if defined(POLARSSL_PEM_C)
1458  pem_init( &pem );
1459  ret = pem_read_buffer( &pem,
1460  "-----BEGIN X509 CRL-----",
1461  "-----END X509 CRL-----",
1462  buf, NULL, 0, &use_len );
1463 
1464  if( ret == 0 )
1465  {
1466  /*
1467  * Was PEM encoded
1468  */
1469  buflen -= use_len;
1470  buf += use_len;
1471 
1472  /*
1473  * Steal PEM buffer
1474  */
1475  p = pem.buf;
1476  pem.buf = NULL;
1477  len = pem.buflen;
1478  pem_free( &pem );
1479  }
1480  else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1481  {
1482  pem_free( &pem );
1483  return( ret );
1484  }
1485  else
1486  {
1487  /*
1488  * nope, copy the raw DER data
1489  */
1490  p = (unsigned char *) malloc( len = buflen );
1491 
1492  if( p == NULL )
1494 
1495  memcpy( p, buf, buflen );
1496 
1497  buflen = 0;
1498  }
1499 #else
1500  p = (unsigned char *) malloc( len = buflen );
1501 
1502  if( p == NULL )
1504 
1505  memcpy( p, buf, buflen );
1506 
1507  buflen = 0;
1508 #endif
1509 
1510  crl->raw.p = p;
1511  crl->raw.len = len;
1512  end = p + len;
1513 
1514  /*
1515  * CertificateList ::= SEQUENCE {
1516  * tbsCertList TBSCertList,
1517  * signatureAlgorithm AlgorithmIdentifier,
1518  * signatureValue BIT STRING }
1519  */
1520  if( ( ret = asn1_get_tag( &p, end, &len,
1521  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1522  {
1523  x509_crl_free( crl );
1525  }
1526 
1527  if( len != (size_t) ( end - p ) )
1528  {
1529  x509_crl_free( crl );
1532  }
1533 
1534  /*
1535  * TBSCertList ::= SEQUENCE {
1536  */
1537  crl->tbs.p = p;
1538 
1539  if( ( ret = asn1_get_tag( &p, end, &len,
1540  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1541  {
1542  x509_crl_free( crl );
1543  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1544  }
1545 
1546  end = p + len;
1547  crl->tbs.len = end - crl->tbs.p;
1548 
1549  /*
1550  * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
1551  * -- if present, MUST be v2
1552  *
1553  * signature AlgorithmIdentifier
1554  */
1555  if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
1556  ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
1557  {
1558  x509_crl_free( crl );
1559  return( ret );
1560  }
1561 
1562  crl->version++;
1563 
1564  if( crl->version > 2 )
1565  {
1566  x509_crl_free( crl );
1568  }
1569 
1570  if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_alg ) ) != 0 )
1571  {
1572  x509_crl_free( crl );
1574  }
1575 
1576  /*
1577  * issuer Name
1578  */
1579  crl->issuer_raw.p = p;
1580 
1581  if( ( ret = asn1_get_tag( &p, end, &len,
1582  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1583  {
1584  x509_crl_free( crl );
1585  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
1586  }
1587 
1588  if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
1589  {
1590  x509_crl_free( crl );
1591  return( ret );
1592  }
1593 
1594  crl->issuer_raw.len = p - crl->issuer_raw.p;
1595 
1596  /*
1597  * thisUpdate Time
1598  * nextUpdate Time OPTIONAL
1599  */
1600  if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
1601  {
1602  x509_crl_free( crl );
1603  return( ret );
1604  }
1605 
1606  if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
1607  {
1608  if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
1612  {
1613  x509_crl_free( crl );
1614  return( ret );
1615  }
1616  }
1617 
1618  /*
1619  * revokedCertificates SEQUENCE OF SEQUENCE {
1620  * userCertificate CertificateSerialNumber,
1621  * revocationDate Time,
1622  * crlEntryExtensions Extensions OPTIONAL
1623  * -- if present, MUST be v2
1624  * } OPTIONAL
1625  */
1626  if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
1627  {
1628  x509_crl_free( crl );
1629  return( ret );
1630  }
1631 
1632  /*
1633  * crlExtensions EXPLICIT Extensions OPTIONAL
1634  * -- if present, MUST be v2
1635  */
1636  if( crl->version == 2 )
1637  {
1638  ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
1639 
1640  if( ret != 0 )
1641  {
1642  x509_crl_free( crl );
1643  return( ret );
1644  }
1645  }
1646 
1647  if( p != end )
1648  {
1649  x509_crl_free( crl );
1652  }
1653 
1654  end = crl->raw.p + crl->raw.len;
1655 
1656  /*
1657  * signatureAlgorithm AlgorithmIdentifier,
1658  * signatureValue BIT STRING
1659  */
1660  if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
1661  {
1662  x509_crl_free( crl );
1663  return( ret );
1664  }
1665 
1666  if( crl->sig_oid1.len != crl->sig_oid2.len ||
1667  memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
1668  {
1669  x509_crl_free( crl );
1671  }
1672 
1673  if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
1674  {
1675  x509_crl_free( crl );
1676  return( ret );
1677  }
1678 
1679  if( p != end )
1680  {
1681  x509_crl_free( crl );
1684  }
1685 
1686  if( buflen > 0 )
1687  {
1688  crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
1689 
1690  if( crl->next == NULL )
1691  {
1692  x509_crl_free( crl );
1694  }
1695 
1696  crl = crl->next;
1697  memset( crl, 0, sizeof( x509_crl ) );
1698 
1699  return( x509parse_crl( crl, buf, buflen ) );
1700  }
1701 
1702  return( 0 );
1703 }
1704 
1705 #if defined(POLARSSL_FS_IO)
1706 /*
1707  * Load all data from a file into a given buffer.
1708  */
1709 int load_file( const char *path, unsigned char **buf, size_t *n )
1710 {
1711  FILE *f;
1712 
1713  if( ( f = fopen( path, "rb" ) ) == NULL )
1715 
1716  fseek( f, 0, SEEK_END );
1717  *n = (size_t) ftell( f );
1718  fseek( f, 0, SEEK_SET );
1719 
1720  if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
1722 
1723  if( fread( *buf, 1, *n, f ) != *n )
1724  {
1725  fclose( f );
1726  free( *buf );
1728  }
1729 
1730  fclose( f );
1731 
1732  (*buf)[*n] = '\0';
1733 
1734  return( 0 );
1735 }
1736 
1737 /*
1738  * Load one or more certificates and add them to the chained list
1739  */
1740 int x509parse_crtfile( x509_cert *chain, const char *path )
1741 {
1742  int ret;
1743  size_t n;
1744  unsigned char *buf;
1745 
1746  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1747  return( ret );
1748 
1749  ret = x509parse_crt( chain, buf, n );
1750 
1751  memset( buf, 0, n + 1 );
1752  free( buf );
1753 
1754  return( ret );
1755 }
1756 
1757 /*
1758  * Load one or more CRLs and add them to the chained list
1759  */
1760 int x509parse_crlfile( x509_crl *chain, const char *path )
1761 {
1762  int ret;
1763  size_t n;
1764  unsigned char *buf;
1765 
1766  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1767  return( ret );
1768 
1769  ret = x509parse_crl( chain, buf, n );
1770 
1771  memset( buf, 0, n + 1 );
1772  free( buf );
1773 
1774  return( ret );
1775 }
1776 
1777 /*
1778  * Load and parse a private RSA key
1779  */
1780 int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
1781 {
1782  int ret;
1783  size_t n;
1784  unsigned char *buf;
1785 
1786  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1787  return( ret );
1788 
1789  if( pwd == NULL )
1790  ret = x509parse_key( rsa, buf, n, NULL, 0 );
1791  else
1792  ret = x509parse_key( rsa, buf, n,
1793  (unsigned char *) pwd, strlen( pwd ) );
1794 
1795  memset( buf, 0, n + 1 );
1796  free( buf );
1797 
1798  return( ret );
1799 }
1800 
1801 /*
1802  * Load and parse a public RSA key
1803  */
1804 int x509parse_public_keyfile( rsa_context *rsa, const char *path )
1805 {
1806  int ret;
1807  size_t n;
1808  unsigned char *buf;
1809 
1810  if ( (ret = load_file( path, &buf, &n ) ) != 0 )
1811  return( ret );
1812 
1813  ret = x509parse_public_key( rsa, buf, n );
1814 
1815  memset( buf, 0, n + 1 );
1816  free( buf );
1817 
1818  return( ret );
1819 }
1820 #endif /* POLARSSL_FS_IO */
1821 
1822 /*
1823  * Parse a private RSA key
1824  */
1825 int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
1826  const unsigned char *pwd, size_t pwdlen )
1827 {
1828  int ret;
1829  size_t len;
1830  unsigned char *p, *end;
1831  unsigned char *p_alt;
1832  x509_buf pk_alg_oid;
1833 
1834 #if defined(POLARSSL_PEM_C)
1835  pem_context pem;
1836 
1837  pem_init( &pem );
1838  ret = pem_read_buffer( &pem,
1839  "-----BEGIN RSA PRIVATE KEY-----",
1840  "-----END RSA PRIVATE KEY-----",
1841  key, pwd, pwdlen, &len );
1842 
1844  {
1845  ret = pem_read_buffer( &pem,
1846  "-----BEGIN PRIVATE KEY-----",
1847  "-----END PRIVATE KEY-----",
1848  key, pwd, pwdlen, &len );
1849  }
1850 
1851  if( ret == 0 )
1852  {
1853  /*
1854  * Was PEM encoded
1855  */
1856  keylen = pem.buflen;
1857  }
1858  else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
1859  {
1860  pem_free( &pem );
1861  return( ret );
1862  }
1863 
1864  p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
1865 #else
1866  ((void) pwd);
1867  ((void) pwdlen);
1868  p = (unsigned char *) key;
1869 #endif
1870  end = p + keylen;
1871 
1872  /*
1873  * Note: Depending on the type of private key file one can expect either a
1874  * PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
1875  *
1876  * PrivateKeyInfo ::= SEQUENCE {
1877  * version Version,
1878  * algorithm AlgorithmIdentifier,
1879  * PrivateKey BIT STRING
1880  * }
1881  *
1882  * AlgorithmIdentifier ::= SEQUENCE {
1883  * algorithm OBJECT IDENTIFIER,
1884  * parameters ANY DEFINED BY algorithm OPTIONAL
1885  * }
1886  *
1887  * RSAPrivateKey ::= SEQUENCE {
1888  * version Version,
1889  * modulus INTEGER, -- n
1890  * publicExponent INTEGER, -- e
1891  * privateExponent INTEGER, -- d
1892  * prime1 INTEGER, -- p
1893  * prime2 INTEGER, -- q
1894  * exponent1 INTEGER, -- d mod (p-1)
1895  * exponent2 INTEGER, -- d mod (q-1)
1896  * coefficient INTEGER, -- (inverse of q) mod p
1897  * otherPrimeInfos OtherPrimeInfos OPTIONAL
1898  * }
1899  */
1900  if( ( ret = asn1_get_tag( &p, end, &len,
1901  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
1902  {
1903 #if defined(POLARSSL_PEM_C)
1904  pem_free( &pem );
1905 #endif
1906  rsa_free( rsa );
1907  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
1908  }
1909 
1910  end = p + len;
1911 
1912  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
1913  {
1914 #if defined(POLARSSL_PEM_C)
1915  pem_free( &pem );
1916 #endif
1917  rsa_free( rsa );
1918  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
1919  }
1920 
1921  if( rsa->ver != 0 )
1922  {
1923 #if defined(POLARSSL_PEM_C)
1924  pem_free( &pem );
1925 #endif
1926  rsa_free( rsa );
1927  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
1928  }
1929 
1930  p_alt = p;
1931 
1932  if( ( ret = x509_get_alg( &p_alt, end, &pk_alg_oid ) ) != 0 )
1933  {
1934  // Assume that we have the PKCS#1 format if wrong
1935  // tag was encountered
1936  //
1939  {
1940 #if defined(POLARSSL_PEM_C)
1941  pem_free( &pem );
1942 #endif
1943  rsa_free( rsa );
1945  }
1946  }
1947  else
1948  {
1949  int can_handle;
1950 
1951  /*
1952  * only RSA keys handled at this time
1953  */
1954  can_handle = 0;
1955 
1956  if( pk_alg_oid.len == 9 &&
1957  memcmp( pk_alg_oid.p, OID_PKCS1_RSA, 9 ) == 0 )
1958  can_handle = 1;
1959 
1960  if( pk_alg_oid.len == 9 &&
1961  memcmp( pk_alg_oid.p, OID_PKCS1, 8 ) == 0 )
1962  {
1963  if( pk_alg_oid.p[8] >= 2 && pk_alg_oid.p[8] <= 5 )
1964  can_handle = 1;
1965 
1966  if ( pk_alg_oid.p[8] >= 11 && pk_alg_oid.p[8] <= 14 )
1967  can_handle = 1;
1968  }
1969 
1970  if( pk_alg_oid.len == 5 &&
1971  memcmp( pk_alg_oid.p, OID_RSA_SHA_OBS, 5 ) == 0 )
1972  can_handle = 1;
1973 
1974  if( can_handle == 0 )
1976 
1977  /*
1978  * Parse the PKCS#8 format
1979  */
1980 
1981  p = p_alt;
1982  if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
1983  {
1984 #if defined(POLARSSL_PEM_C)
1985  pem_free( &pem );
1986 #endif
1987  rsa_free( rsa );
1988  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
1989  }
1990 
1991  if( ( end - p ) < 1 )
1992  {
1993 #if defined(POLARSSL_PEM_C)
1994  pem_free( &pem );
1995 #endif
1996  rsa_free( rsa );
1999  }
2000 
2001  end = p + len;
2002 
2003  if( ( ret = asn1_get_tag( &p, end, &len,
2004  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2005  {
2006 #if defined(POLARSSL_PEM_C)
2007  pem_free( &pem );
2008 #endif
2009  rsa_free( rsa );
2010  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2011  }
2012 
2013  end = p + len;
2014 
2015  if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
2016  {
2017 #if defined(POLARSSL_PEM_C)
2018  pem_free( &pem );
2019 #endif
2020  rsa_free( rsa );
2021  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2022  }
2023 
2024  if( rsa->ver != 0 )
2025  {
2026 #if defined(POLARSSL_PEM_C)
2027  pem_free( &pem );
2028 #endif
2029  rsa_free( rsa );
2030  return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
2031  }
2032  }
2033 
2034  if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
2035  ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
2036  ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
2037  ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
2038  ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
2039  ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
2040  ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
2041  ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
2042  {
2043 #if defined(POLARSSL_PEM_C)
2044  pem_free( &pem );
2045 #endif
2046  rsa_free( rsa );
2047  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2048  }
2049 
2050  rsa->len = mpi_size( &rsa->N );
2051 
2052  if( p != end )
2053  {
2054 #if defined(POLARSSL_PEM_C)
2055  pem_free( &pem );
2056 #endif
2057  rsa_free( rsa );
2060  }
2061 
2062  if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
2063  {
2064 #if defined(POLARSSL_PEM_C)
2065  pem_free( &pem );
2066 #endif
2067  rsa_free( rsa );
2068  return( ret );
2069  }
2070 
2071 #if defined(POLARSSL_PEM_C)
2072  pem_free( &pem );
2073 #endif
2074 
2075  return( 0 );
2076 }
2077 
2078 /*
2079  * Parse a public RSA key
2080  */
2081 int x509parse_public_key( rsa_context *rsa, const unsigned char *key, size_t keylen )
2082 {
2083  int ret;
2084  size_t len;
2085  unsigned char *p, *end;
2086  x509_buf alg_oid;
2087 #if defined(POLARSSL_PEM_C)
2088  pem_context pem;
2089 
2090  pem_init( &pem );
2091  ret = pem_read_buffer( &pem,
2092  "-----BEGIN PUBLIC KEY-----",
2093  "-----END PUBLIC KEY-----",
2094  key, NULL, 0, &len );
2095 
2096  if( ret == 0 )
2097  {
2098  /*
2099  * Was PEM encoded
2100  */
2101  keylen = pem.buflen;
2102  }
2103  else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
2104  {
2105  pem_free( &pem );
2106  return( ret );
2107  }
2108 
2109  p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
2110 #else
2111  p = (unsigned char *) key;
2112 #endif
2113  end = p + keylen;
2114 
2115  /*
2116  * PublicKeyInfo ::= SEQUENCE {
2117  * algorithm AlgorithmIdentifier,
2118  * PublicKey BIT STRING
2119  * }
2120  *
2121  * AlgorithmIdentifier ::= SEQUENCE {
2122  * algorithm OBJECT IDENTIFIER,
2123  * parameters ANY DEFINED BY algorithm OPTIONAL
2124  * }
2125  *
2126  * RSAPublicKey ::= SEQUENCE {
2127  * modulus INTEGER, -- n
2128  * publicExponent INTEGER -- e
2129  * }
2130  */
2131 
2132  if( ( ret = asn1_get_tag( &p, end, &len,
2133  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2134  {
2135 #if defined(POLARSSL_PEM_C)
2136  pem_free( &pem );
2137 #endif
2138  rsa_free( rsa );
2139  return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
2140  }
2141 
2142  if( ( ret = x509_get_pubkey( &p, end, &alg_oid, &rsa->N, &rsa->E ) ) != 0 )
2143  {
2144 #if defined(POLARSSL_PEM_C)
2145  pem_free( &pem );
2146 #endif
2147  rsa_free( rsa );
2148  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2149  }
2150 
2151  if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
2152  {
2153 #if defined(POLARSSL_PEM_C)
2154  pem_free( &pem );
2155 #endif
2156  rsa_free( rsa );
2157  return( ret );
2158  }
2159 
2160  rsa->len = mpi_size( &rsa->N );
2161 
2162 #if defined(POLARSSL_PEM_C)
2163  pem_free( &pem );
2164 #endif
2165 
2166  return( 0 );
2167 }
2168 
2169 #if defined(POLARSSL_DHM_C)
2170 /*
2171  * Parse DHM parameters
2172  */
2173 int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
2174 {
2175  int ret;
2176  size_t len;
2177  unsigned char *p, *end;
2178 #if defined(POLARSSL_PEM_C)
2179  pem_context pem;
2180 
2181  pem_init( &pem );
2182 
2183  ret = pem_read_buffer( &pem,
2184  "-----BEGIN DH PARAMETERS-----",
2185  "-----END DH PARAMETERS-----",
2186  dhmin, NULL, 0, &dhminlen );
2187 
2188  if( ret == 0 )
2189  {
2190  /*
2191  * Was PEM encoded
2192  */
2193  dhminlen = pem.buflen;
2194  }
2195  else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
2196  {
2197  pem_free( &pem );
2198  return( ret );
2199  }
2200 
2201  p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
2202 #else
2203  p = (unsigned char *) dhmin;
2204 #endif
2205  end = p + dhminlen;
2206 
2207  memset( dhm, 0, sizeof( dhm_context ) );
2208 
2209  /*
2210  * DHParams ::= SEQUENCE {
2211  * prime INTEGER, -- P
2212  * generator INTEGER, -- g
2213  * }
2214  */
2215  if( ( ret = asn1_get_tag( &p, end, &len,
2216  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
2217  {
2218 #if defined(POLARSSL_PEM_C)
2219  pem_free( &pem );
2220 #endif
2221  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2222  }
2223 
2224  end = p + len;
2225 
2226  if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
2227  ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
2228  {
2229 #if defined(POLARSSL_PEM_C)
2230  pem_free( &pem );
2231 #endif
2232  dhm_free( dhm );
2233  return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
2234  }
2235 
2236  if( p != end )
2237  {
2238 #if defined(POLARSSL_PEM_C)
2239  pem_free( &pem );
2240 #endif
2241  dhm_free( dhm );
2244  }
2245 
2246 #if defined(POLARSSL_PEM_C)
2247  pem_free( &pem );
2248 #endif
2249 
2250  return( 0 );
2251 }
2252 
2253 #if defined(POLARSSL_FS_IO)
2254 /*
2255  * Load and parse a private RSA key
2256  */
2257 int x509parse_dhmfile( dhm_context *dhm, const char *path )
2258 {
2259  int ret;
2260  size_t n;
2261  unsigned char *buf;
2262 
2263  if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
2264  return( ret );
2265 
2266  ret = x509parse_dhm( dhm, buf, n );
2267 
2268  memset( buf, 0, n + 1 );
2269  free( buf );
2270 
2271  return( ret );
2272 }
2273 #endif /* POLARSSL_FS_IO */
2274 #endif /* POLARSSL_DHM_C */
2275 
2276 #if defined _MSC_VER && !defined snprintf
2277 #include <stdarg.h>
2278 
2279 #if !defined vsnprintf
2280 #define vsnprintf _vsnprintf
2281 #endif // vsnprintf
2282 
2283 /*
2284  * Windows _snprintf and _vsnprintf are not compatible to linux versions.
2285  * Result value is not size of buffer needed, but -1 if no fit is possible.
2286  *
2287  * This fuction tries to 'fix' this by at least suggesting enlarging the
2288  * size by 20.
2289  */
2290 int compat_snprintf(char *str, size_t size, const char *format, ...)
2291 {
2292  va_list ap;
2293  int res = -1;
2294 
2295  va_start( ap, format );
2296 
2297  res = vsnprintf( str, size, format, ap );
2298 
2299  va_end( ap );
2300 
2301  // No quick fix possible
2302  if ( res < 0 )
2303  return( (int) size + 20 );
2304 
2305  return res;
2306 }
2307 
2308 #define snprintf compat_snprintf
2309 #endif
2310 
2311 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
2312 
2313 #define SAFE_SNPRINTF() \
2314 { \
2315  if( ret == -1 ) \
2316  return( -1 ); \
2317  \
2318  if ( (unsigned int) ret > n ) { \
2319  p[n - 1] = '\0'; \
2320  return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
2321  } \
2322  \
2323  n -= (unsigned int) ret; \
2324  p += (unsigned int) ret; \
2325 }
2326 
2327 /*
2328  * Store the name in printable form into buf; no more
2329  * than size characters will be written
2330  */
2331 int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn )
2332 {
2333  int ret;
2334  size_t i, n;
2335  unsigned char c;
2336  const x509_name *name;
2337  char s[128], *p;
2338 
2339  memset( s, 0, sizeof( s ) );
2340 
2341  name = dn;
2342  p = buf;
2343  n = size;
2344 
2345  while( name != NULL )
2346  {
2347  if( name != dn )
2348  {
2349  ret = snprintf( p, n, ", " );
2350  SAFE_SNPRINTF();
2351  }
2352 
2353  if( name->oid.len == 3 &&
2354  memcmp( name->oid.p, OID_X520, 2 ) == 0 )
2355  {
2356  switch( name->oid.p[2] )
2357  {
2358  case X520_COMMON_NAME:
2359  ret = snprintf( p, n, "CN=" ); break;
2360 
2361  case X520_COUNTRY:
2362  ret = snprintf( p, n, "C=" ); break;
2363 
2364  case X520_LOCALITY:
2365  ret = snprintf( p, n, "L=" ); break;
2366 
2367  case X520_STATE:
2368  ret = snprintf( p, n, "ST=" ); break;
2369 
2370  case X520_ORGANIZATION:
2371  ret = snprintf( p, n, "O=" ); break;
2372 
2373  case X520_ORG_UNIT:
2374  ret = snprintf( p, n, "OU=" ); break;
2375 
2376  default:
2377  ret = snprintf( p, n, "0x%02X=",
2378  name->oid.p[2] );
2379  break;
2380  }
2381  SAFE_SNPRINTF();
2382  }
2383  else if( name->oid.len == 9 &&
2384  memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
2385  {
2386  switch( name->oid.p[8] )
2387  {
2388  case PKCS9_EMAIL:
2389  ret = snprintf( p, n, "emailAddress=" ); break;
2390 
2391  default:
2392  ret = snprintf( p, n, "0x%02X=",
2393  name->oid.p[8] );
2394  break;
2395  }
2396  SAFE_SNPRINTF();
2397  }
2398  else
2399  {
2400  ret = snprintf( p, n, "\?\?=" );
2401  SAFE_SNPRINTF();
2402  }
2403 
2404  for( i = 0; i < name->val.len; i++ )
2405  {
2406  if( i >= sizeof( s ) - 1 )
2407  break;
2408 
2409  c = name->val.p[i];
2410  if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
2411  s[i] = '?';
2412  else s[i] = c;
2413  }
2414  s[i] = '\0';
2415  ret = snprintf( p, n, "%s", s );
2416  SAFE_SNPRINTF();
2417  name = name->next;
2418  }
2419 
2420  return( (int) ( size - n ) );
2421 }
2422 
2423 /*
2424  * Store the serial in printable form into buf; no more
2425  * than size characters will be written
2426  */
2427 int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
2428 {
2429  int ret;
2430  size_t i, n, nr;
2431  char *p;
2432 
2433  p = buf;
2434  n = size;
2435 
2436  nr = ( serial->len <= 32 )
2437  ? serial->len : 28;
2438 
2439  for( i = 0; i < nr; i++ )
2440  {
2441  if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
2442  continue;
2443 
2444  ret = snprintf( p, n, "%02X%s",
2445  serial->p[i], ( i < nr - 1 ) ? ":" : "" );
2446  SAFE_SNPRINTF();
2447  }
2448 
2449  if( nr != serial->len )
2450  {
2451  ret = snprintf( p, n, "...." );
2452  SAFE_SNPRINTF();
2453  }
2454 
2455  return( (int) ( size - n ) );
2456 }
2457 
2458 /*
2459  * Return an informational string about the certificate.
2460  */
2461 int x509parse_cert_info( char *buf, size_t size, const char *prefix,
2462  const x509_cert *crt )
2463 {
2464  int ret;
2465  size_t n;
2466  char *p;
2467 
2468  p = buf;
2469  n = size;
2470 
2471  ret = snprintf( p, n, "%scert. version : %d\n",
2472  prefix, crt->version );
2473  SAFE_SNPRINTF();
2474  ret = snprintf( p, n, "%sserial number : ",
2475  prefix );
2476  SAFE_SNPRINTF();
2477 
2478  ret = x509parse_serial_gets( p, n, &crt->serial);
2479  SAFE_SNPRINTF();
2480 
2481  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2482  SAFE_SNPRINTF();
2483  ret = x509parse_dn_gets( p, n, &crt->issuer );
2484  SAFE_SNPRINTF();
2485 
2486  ret = snprintf( p, n, "\n%ssubject name : ", prefix );
2487  SAFE_SNPRINTF();
2488  ret = x509parse_dn_gets( p, n, &crt->subject );
2489  SAFE_SNPRINTF();
2490 
2491  ret = snprintf( p, n, "\n%sissued on : " \
2492  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2493  crt->valid_from.year, crt->valid_from.mon,
2494  crt->valid_from.day, crt->valid_from.hour,
2495  crt->valid_from.min, crt->valid_from.sec );
2496  SAFE_SNPRINTF();
2497 
2498  ret = snprintf( p, n, "\n%sexpires on : " \
2499  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2500  crt->valid_to.year, crt->valid_to.mon,
2501  crt->valid_to.day, crt->valid_to.hour,
2502  crt->valid_to.min, crt->valid_to.sec );
2503  SAFE_SNPRINTF();
2504 
2505  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2506  SAFE_SNPRINTF();
2507 
2508  switch( crt->sig_alg )
2509  {
2510  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2511  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2512  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2513  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2514  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2515  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2516  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2517  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2518  default: ret = snprintf( p, n, "???" ); break;
2519  }
2520  SAFE_SNPRINTF();
2521 
2522  ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
2523  (int) crt->rsa.N.n * (int) sizeof( unsigned long ) * 8 );
2524  SAFE_SNPRINTF();
2525 
2526  return( (int) ( size - n ) );
2527 }
2528 
2529 /* Compare a given OID string with an OID x509_buf * */
2530 #define OID_CMP(oid_str, oid_buf) \
2531  ( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
2532  memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0)
2533 
2534 /*
2535  * Return an informational string describing the given OID
2536  */
2537 const char *x509_oid_get_description( x509_buf *oid )
2538 {
2539  if ( oid == NULL )
2540  return ( NULL );
2541 
2542  else if( OID_CMP( OID_SERVER_AUTH, oid ) )
2543  return( STRING_SERVER_AUTH );
2544 
2545  else if( OID_CMP( OID_CLIENT_AUTH, oid ) )
2546  return( STRING_CLIENT_AUTH );
2547 
2548  else if( OID_CMP( OID_CODE_SIGNING, oid ) )
2549  return( STRING_CODE_SIGNING );
2550 
2551  else if( OID_CMP( OID_EMAIL_PROTECTION, oid ) )
2552  return( STRING_EMAIL_PROTECTION );
2553 
2554  else if( OID_CMP( OID_TIME_STAMPING, oid ) )
2555  return( STRING_TIME_STAMPING );
2556 
2557  else if( OID_CMP( OID_OCSP_SIGNING, oid ) )
2558  return( STRING_OCSP_SIGNING );
2559 
2560  return( NULL );
2561 }
2562 
2563 /* Return the x.y.z.... style numeric string for the given OID */
2564 int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
2565 {
2566  int ret;
2567  size_t i, n;
2568  unsigned int value;
2569  char *p;
2570 
2571  p = buf;
2572  n = size;
2573 
2574  /* First byte contains first two dots */
2575  if( oid->len > 0 )
2576  {
2577  ret = snprintf( p, n, "%d.%d", oid->p[0]/40, oid->p[0]%40 );
2578  SAFE_SNPRINTF();
2579  }
2580 
2581  /* TODO: value can overflow in value. */
2582  value = 0;
2583  for( i = 1; i < oid->len; i++ )
2584  {
2585  value <<= 7;
2586  value += oid->p[i] & 0x7F;
2587 
2588  if( !( oid->p[i] & 0x80 ) )
2589  {
2590  /* Last byte */
2591  ret = snprintf( p, n, ".%d", value );
2592  SAFE_SNPRINTF();
2593  value = 0;
2594  }
2595  }
2596 
2597  return( (int) ( size - n ) );
2598 }
2599 
2600 /*
2601  * Return an informational string about the CRL.
2602  */
2603 int x509parse_crl_info( char *buf, size_t size, const char *prefix,
2604  const x509_crl *crl )
2605 {
2606  int ret;
2607  size_t n;
2608  char *p;
2609  const x509_crl_entry *entry;
2610 
2611  p = buf;
2612  n = size;
2613 
2614  ret = snprintf( p, n, "%sCRL version : %d",
2615  prefix, crl->version );
2616  SAFE_SNPRINTF();
2617 
2618  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
2619  SAFE_SNPRINTF();
2620  ret = x509parse_dn_gets( p, n, &crl->issuer );
2621  SAFE_SNPRINTF();
2622 
2623  ret = snprintf( p, n, "\n%sthis update : " \
2624  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2625  crl->this_update.year, crl->this_update.mon,
2626  crl->this_update.day, crl->this_update.hour,
2627  crl->this_update.min, crl->this_update.sec );
2628  SAFE_SNPRINTF();
2629 
2630  ret = snprintf( p, n, "\n%snext update : " \
2631  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
2632  crl->next_update.year, crl->next_update.mon,
2633  crl->next_update.day, crl->next_update.hour,
2634  crl->next_update.min, crl->next_update.sec );
2635  SAFE_SNPRINTF();
2636 
2637  entry = &crl->entry;
2638 
2639  ret = snprintf( p, n, "\n%sRevoked certificates:",
2640  prefix );
2641  SAFE_SNPRINTF();
2642 
2643  while( entry != NULL && entry->raw.len != 0 )
2644  {
2645  ret = snprintf( p, n, "\n%sserial number: ",
2646  prefix );
2647  SAFE_SNPRINTF();
2648 
2649  ret = x509parse_serial_gets( p, n, &entry->serial);
2650  SAFE_SNPRINTF();
2651 
2652  ret = snprintf( p, n, " revocation date: " \
2653  "%04d-%02d-%02d %02d:%02d:%02d",
2654  entry->revocation_date.year, entry->revocation_date.mon,
2655  entry->revocation_date.day, entry->revocation_date.hour,
2656  entry->revocation_date.min, entry->revocation_date.sec );
2657  SAFE_SNPRINTF();
2658 
2659  entry = entry->next;
2660  }
2661 
2662  ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
2663  SAFE_SNPRINTF();
2664 
2665  switch( crl->sig_alg )
2666  {
2667  case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
2668  case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
2669  case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
2670  case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
2671  case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
2672  case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
2673  case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
2674  case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
2675  default: ret = snprintf( p, n, "???" ); break;
2676  }
2677  SAFE_SNPRINTF();
2678 
2679  ret = snprintf( p, n, "\n" );
2680  SAFE_SNPRINTF();
2681 
2682  return( (int) ( size - n ) );
2683 }
2684 
2685 /*
2686  * Return 0 if the x509_time is still valid, or 1 otherwise.
2687  */
2688 int x509parse_time_expired( const x509_time *to )
2689 {
2690  int year, mon, day;
2691  int hour, min, sec;
2692 
2693 #if defined(_WIN32)
2694  SYSTEMTIME st;
2695 
2696  GetLocalTime(&st);
2697 
2698  year = st.wYear;
2699  mon = st.wMonth;
2700  day = st.wDay;
2701  hour = st.wHour;
2702  min = st.wMinute;
2703  sec = st.wSecond;
2704 #else
2705  struct tm *lt;
2706  time_t tt;
2707 
2708  tt = time( NULL );
2709  lt = localtime( &tt );
2710 
2711  year = lt->tm_year + 1900;
2712  mon = lt->tm_mon + 1;
2713  day = lt->tm_mday;
2714  hour = lt->tm_hour;
2715  min = lt->tm_min;
2716  sec = lt->tm_sec;
2717 #endif
2718 
2719  if( year > to->year )
2720  return( 1 );
2721 
2722  if( year == to->year &&
2723  mon > to->mon )
2724  return( 1 );
2725 
2726  if( year == to->year &&
2727  mon == to->mon &&
2728  day > to->day )
2729  return( 1 );
2730 
2731  if( year == to->year &&
2732  mon == to->mon &&
2733  day == to->day &&
2734  hour > to->hour )
2735  return( 1 );
2736 
2737  if( year == to->year &&
2738  mon == to->mon &&
2739  day == to->day &&
2740  hour == to->hour &&
2741  min > to->min )
2742  return( 1 );
2743 
2744  if( year == to->year &&
2745  mon == to->mon &&
2746  day == to->day &&
2747  hour == to->hour &&
2748  min == to->min &&
2749  sec > to->sec )
2750  return( 1 );
2751 
2752  return( 0 );
2753 }
2754 
2755 /*
2756  * Return 1 if the certificate is revoked, or 0 otherwise.
2757  */
2758 int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
2759 {
2760  const x509_crl_entry *cur = &crl->entry;
2761 
2762  while( cur != NULL && cur->serial.len != 0 )
2763  {
2764  if( crt->serial.len == cur->serial.len &&
2765  memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
2766  {
2768  return( 1 );
2769  }
2770 
2771  cur = cur->next;
2772  }
2773 
2774  return( 0 );
2775 }
2776 
2777 /*
2778  * Wrapper for x509 hashes.
2779  */
2780 static void x509_hash( const unsigned char *in, size_t len, int alg,
2781  unsigned char *out )
2782 {
2783  switch( alg )
2784  {
2785 #if defined(POLARSSL_MD2_C)
2786  case SIG_RSA_MD2 : md2( in, len, out ); break;
2787 #endif
2788 #if defined(POLARSSL_MD4_C)
2789  case SIG_RSA_MD4 : md4( in, len, out ); break;
2790 #endif
2791 #if defined(POLARSSL_MD5_C)
2792  case SIG_RSA_MD5 : md5( in, len, out ); break;
2793 #endif
2794 #if defined(POLARSSL_SHA1_C)
2795  case SIG_RSA_SHA1 : sha1( in, len, out ); break;
2796 #endif
2797 #if defined(POLARSSL_SHA2_C)
2798  case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
2799  case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
2800 #endif
2801 #if defined(POLARSSL_SHA4_C)
2802  case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
2803  case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
2804 #endif
2805  default:
2806  memset( out, '\xFF', 64 );
2807  break;
2808  }
2809 }
2810 
2811 /*
2812  * Check that the given certificate is valid accoring to the CRL.
2813  */
2814 static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
2815  x509_crl *crl_list)
2816 {
2817  int flags = 0;
2818  int hash_id;
2819  unsigned char hash[64];
2820 
2821  /*
2822  * TODO: What happens if no CRL is present?
2823  * Suggestion: Revocation state should be unknown if no CRL is present.
2824  * For backwards compatibility this is not yet implemented.
2825  */
2826 
2827  while( ca != NULL && crl_list != NULL && crl_list->version != 0 )
2828  {
2829  if( crl_list->issuer_raw.len != ca->subject_raw.len ||
2830  memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
2831  crl_list->issuer_raw.len ) != 0 )
2832  {
2833  crl_list = crl_list->next;
2834  continue;
2835  }
2836 
2837  /*
2838  * Check if CRL is correctly signed by the trusted CA
2839  */
2840  hash_id = crl_list->sig_alg;
2841 
2842  x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
2843 
2844  if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, hash_id,
2845  0, hash, crl_list->sig.p ) == 0 )
2846  {
2847  /*
2848  * CRL is not trusted
2849  */
2850  flags |= BADCRL_NOT_TRUSTED;
2851  break;
2852  }
2853 
2854  /*
2855  * Check for validity of CRL (Do not drop out)
2856  */
2857  if( x509parse_time_expired( &crl_list->next_update ) )
2858  flags |= BADCRL_EXPIRED;
2859 
2860  /*
2861  * Check if certificate is revoked
2862  */
2863  if( x509parse_revoked(crt, crl_list) )
2864  {
2865  flags |= BADCERT_REVOKED;
2866  break;
2867  }
2868 
2869  crl_list = crl_list->next;
2870  }
2871  return flags;
2872 }
2873 
2874 /*
2875  * Verify the certificate validity
2876  */
2877 int x509parse_verify( x509_cert *crt,
2878  x509_cert *trust_ca,
2879  x509_crl *ca_crl,
2880  const char *cn, int *flags,
2881  int (*f_vrfy)(void *, x509_cert *, int, int),
2882  void *p_vrfy )
2883 {
2884  size_t cn_len;
2885  int hash_id;
2886  int pathlen;
2887  x509_cert *parent;
2888  x509_name *name;
2889  unsigned char hash[64];
2890 
2891  *flags = 0;
2892 
2893  if( x509parse_time_expired( &crt->valid_to ) )
2894  *flags = BADCERT_EXPIRED;
2895 
2896  if( cn != NULL )
2897  {
2898  name = &crt->subject;
2899  cn_len = strlen( cn );
2900 
2901  while( name != NULL )
2902  {
2903  if( name->oid.len == 3 &&
2904  memcmp( name->oid.p, OID_CN, 3 ) == 0 &&
2905  name->val.len == cn_len &&
2906  memcmp( name->val.p, cn, cn_len ) == 0 )
2907  break;
2908 
2909  name = name->next;
2910  }
2911 
2912  if( name == NULL )
2913  *flags |= BADCERT_CN_MISMATCH;
2914  }
2915 
2916  /*
2917  * Iterate upwards in the given cert chain,
2918  * ignoring any upper cert with CA != TRUE.
2919  */
2920  parent = crt->next;
2921 
2922  pathlen = 1;
2923 
2924  while( parent != NULL && parent->version != 0 )
2925  {
2926  if( parent->ca_istrue == 0 ||
2927  crt->issuer_raw.len != parent->subject_raw.len ||
2928  memcmp( crt->issuer_raw.p, parent->subject_raw.p,
2929  crt->issuer_raw.len ) != 0 )
2930  {
2931  parent = parent->next;
2932  continue;
2933  }
2934 
2935  hash_id = crt->sig_alg;
2936 
2937  x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
2938 
2939  if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, hash_id, 0, hash,
2940  crt->sig.p ) != 0 )
2941  *flags |= BADCERT_NOT_TRUSTED;
2942 
2943  /* Check trusted CA's CRL for the given crt */
2944  *flags |= x509parse_verifycrl(crt, parent, ca_crl);
2945 
2946  /* crt is verified to be a child of the parent cur, call verify callback */
2947  if( NULL != f_vrfy )
2948  {
2949  if( f_vrfy( p_vrfy, crt, pathlen - 1, ( *flags == 0 ) ) != 0 )
2951  else
2952  *flags = 0;
2953  }
2954  else if( *flags != 0 )
2956 
2957  pathlen++;
2958 
2959  crt = parent;
2960  parent = crt->next;
2961  }
2962 
2963  /*
2964  * Attempt to validate topmost cert with our CA chain.
2965  */
2966  *flags |= BADCERT_NOT_TRUSTED;
2967 
2968  while( trust_ca != NULL && trust_ca->version != 0 )
2969  {
2970  if( crt->issuer_raw.len != trust_ca->subject_raw.len ||
2971  memcmp( crt->issuer_raw.p, trust_ca->subject_raw.p,
2972  crt->issuer_raw.len ) != 0 )
2973  {
2974  trust_ca = trust_ca->next;
2975  continue;
2976  }
2977 
2978  if( trust_ca->max_pathlen > 0 &&
2979  trust_ca->max_pathlen < pathlen )
2980  break;
2981 
2982  hash_id = crt->sig_alg;
2983 
2984  x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
2985 
2986  if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
2987  0, hash, crt->sig.p ) == 0 )
2988  {
2989  /*
2990  * cert. is signed by a trusted CA
2991  */
2992  *flags &= ~BADCERT_NOT_TRUSTED;
2993  break;
2994  }
2995 
2996  trust_ca = trust_ca->next;
2997  }
2998 
2999  /* Check trusted CA's CRL for the given crt */
3000  *flags |= x509parse_verifycrl( crt, trust_ca, ca_crl );
3001 
3002  /* Verification succeeded, call callback on top cert */
3003  if( NULL != f_vrfy )
3004  {
3005  if( f_vrfy(p_vrfy, crt, pathlen-1, ( *flags == 0 ) ) != 0 )
3007  else
3008  *flags = 0;
3009  }
3010  else if( *flags != 0 )
3012 
3013  return( 0 );
3014 }
3015 
3016 /*
3017  * Unallocate all certificate data
3018  */
3019 void x509_free( x509_cert *crt )
3020 {
3021  x509_cert *cert_cur = crt;
3022  x509_cert *cert_prv;
3023  x509_name *name_cur;
3024  x509_name *name_prv;
3025  x509_sequence *seq_cur;
3026  x509_sequence *seq_prv;
3027 
3028  if( crt == NULL )
3029  return;
3030 
3031  do
3032  {
3033  rsa_free( &cert_cur->rsa );
3034 
3035  name_cur = cert_cur->issuer.next;
3036  while( name_cur != NULL )
3037  {
3038  name_prv = name_cur;
3039  name_cur = name_cur->next;
3040  memset( name_prv, 0, sizeof( x509_name ) );
3041  free( name_prv );
3042  }
3043 
3044  name_cur = cert_cur->subject.next;
3045  while( name_cur != NULL )
3046  {
3047  name_prv = name_cur;
3048  name_cur = name_cur->next;
3049  memset( name_prv, 0, sizeof( x509_name ) );
3050  free( name_prv );
3051  }
3052 
3053  seq_cur = cert_cur->ext_key_usage.next;
3054  while( seq_cur != NULL )
3055  {
3056  seq_prv = seq_cur;
3057  seq_cur = seq_cur->next;
3058  memset( seq_prv, 0, sizeof( x509_sequence ) );
3059  free( seq_prv );
3060  }
3061 
3062  if( cert_cur->raw.p != NULL )
3063  {
3064  memset( cert_cur->raw.p, 0, cert_cur->raw.len );
3065  free( cert_cur->raw.p );
3066  }
3067 
3068  cert_cur = cert_cur->next;
3069  }
3070  while( cert_cur != NULL );
3071 
3072  cert_cur = crt;
3073  do
3074  {
3075  cert_prv = cert_cur;
3076  cert_cur = cert_cur->next;
3077 
3078  memset( cert_prv, 0, sizeof( x509_cert ) );
3079  if( cert_prv != crt )
3080  free( cert_prv );
3081  }
3082  while( cert_cur != NULL );
3083 }
3084 
3085 /*
3086  * Unallocate all CRL data
3087  */
3088 void x509_crl_free( x509_crl *crl )
3089 {
3090  x509_crl *crl_cur = crl;
3091  x509_crl *crl_prv;
3092  x509_name *name_cur;
3093  x509_name *name_prv;
3094  x509_crl_entry *entry_cur;
3095  x509_crl_entry *entry_prv;
3096 
3097  if( crl == NULL )
3098  return;
3099 
3100  do
3101  {
3102  name_cur = crl_cur->issuer.next;
3103  while( name_cur != NULL )
3104  {
3105  name_prv = name_cur;
3106  name_cur = name_cur->next;
3107  memset( name_prv, 0, sizeof( x509_name ) );
3108  free( name_prv );
3109  }
3110 
3111  entry_cur = crl_cur->entry.next;
3112  while( entry_cur != NULL )
3113  {
3114  entry_prv = entry_cur;
3115  entry_cur = entry_cur->next;
3116  memset( entry_prv, 0, sizeof( x509_crl_entry ) );
3117  free( entry_prv );
3118  }
3119 
3120  if( crl_cur->raw.p != NULL )
3121  {
3122  memset( crl_cur->raw.p, 0, crl_cur->raw.len );
3123  free( crl_cur->raw.p );
3124  }
3125 
3126  crl_cur = crl_cur->next;
3127  }
3128  while( crl_cur != NULL );
3129 
3130  crl_cur = crl;
3131  do
3132  {
3133  crl_prv = crl_cur;
3134  crl_cur = crl_cur->next;
3135 
3136  memset( crl_prv, 0, sizeof( x509_crl ) );
3137  if( crl_prv != crl )
3138  free( crl_prv );
3139  }
3140  while( crl_cur != NULL );
3141 }
3142 
3143 #if defined(POLARSSL_SELF_TEST)
3144 
3145 #include "polarssl/certs.h"
3146 
3147 /*
3148  * Checkup routine
3149  */
3150 int x509_self_test( int verbose )
3151 {
3152 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
3153  int ret;
3154  int flags;
3155  size_t i, j;
3156  x509_cert cacert;
3157  x509_cert clicert;
3158  rsa_context rsa;
3159 #if defined(POLARSSL_DHM_C)
3160  dhm_context dhm;
3161 #endif
3162 
3163  if( verbose != 0 )
3164  printf( " X.509 certificate load: " );
3165 
3166  memset( &clicert, 0, sizeof( x509_cert ) );
3167 
3168  ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
3169  strlen( test_cli_crt ) );
3170  if( ret != 0 )
3171  {
3172  if( verbose != 0 )
3173  printf( "failed\n" );
3174 
3175  return( ret );
3176  }
3177 
3178  memset( &cacert, 0, sizeof( x509_cert ) );
3179 
3180  ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
3181  strlen( test_ca_crt ) );
3182  if( ret != 0 )
3183  {
3184  if( verbose != 0 )
3185  printf( "failed\n" );
3186 
3187  return( ret );
3188  }
3189 
3190  if( verbose != 0 )
3191  printf( "passed\n X.509 private key load: " );
3192 
3193  i = strlen( test_ca_key );
3194  j = strlen( test_ca_pwd );
3195 
3196  rsa_init( &rsa, RSA_PKCS_V15, 0 );
3197 
3198  if( ( ret = x509parse_key( &rsa,
3199  (unsigned char *) test_ca_key, i,
3200  (unsigned char *) test_ca_pwd, j ) ) != 0 )
3201  {
3202  if( verbose != 0 )
3203  printf( "failed\n" );
3204 
3205  return( ret );
3206  }
3207 
3208  if( verbose != 0 )
3209  printf( "passed\n X.509 signature verify: ");
3210 
3211  ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
3212  if( ret != 0 )
3213  {
3214  printf("%02x", flags);
3215  if( verbose != 0 )
3216  printf( "failed\n" );
3217 
3218  return( ret );
3219  }
3220 
3221 #if defined(POLARSSL_DHM_C)
3222  if( verbose != 0 )
3223  printf( "passed\n X.509 DHM parameter load: " );
3224 
3225  i = strlen( test_dhm_params );
3226  j = strlen( test_ca_pwd );
3227 
3228  if( ( ret = x509parse_dhm( &dhm, (unsigned char *) test_dhm_params, i ) ) != 0 )
3229  {
3230  if( verbose != 0 )
3231  printf( "failed\n" );
3232 
3233  return( ret );
3234  }
3235 
3236  if( verbose != 0 )
3237  printf( "passed\n\n" );
3238 #endif
3239 
3240  x509_free( &cacert );
3241  x509_free( &clicert );
3242  rsa_free( &rsa );
3243 #if defined(POLARSSL_DHM_C)
3244  dhm_free( &dhm );
3245 #endif
3246 
3247  return( 0 );
3248 #else
3249  ((void) verbose);
3251 #endif
3252 }
3253 
3254 #endif
3255 
3256 #endif