Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / e707eb6df36c31f961d887a8be0f2dc1ca6fe7f1 / . / library / x509.c
blob: 2ba1e861839623850fc14ad5f750b98924c3e7c0 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
2 * X.509 certificate and private key decoding
3 *
4 * Copyright (C) 2006-2013, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc3279.txt
29 * http://www.ietf.org/rfc/rfc3280.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
37#include "polarssl/config.h"
38
39#if defined(POLARSSL_X509_USE_C)
40
41#include "polarssl/x509.h"
42#include "polarssl/asn1.h"
43#include "polarssl/oid.h"
44#if defined(POLARSSL_PEM_PARSE_C)
45#include "polarssl/pem.h"
46#endif
47
48#if defined(POLARSSL_MEMORY_C)
49#include "polarssl/memory.h"
50#else
51#define polarssl_malloc malloc
52#define polarssl_free free
53#endif
54
55#include <string.h>
56#include <stdlib.h>
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]57#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]58#include <windows.h>
59#else
60#include <time.h>
61#endif
62
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]63#if defined(EFIX64) || defined(EFI32)
64#include <stdio.h>
65#endif
66
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]67#if defined(POLARSSL_FS_IO)
68#include <stdio.h>
69#if !defined(_WIN32)
70#include <sys/types.h>
71#include <sys/stat.h>
72#include <dirent.h>
73#endif
74#endif
75
76/*
77 * CertificateSerialNumber ::= INTEGER
78 */
79int x509_get_serial( unsigned char **p, const unsigned char *end,
80 x509_buf *serial )
81{
82 int ret;
83
84 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]85 return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]86 POLARSSL_ERR_ASN1_OUT_OF_DATA );
87
88 if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
89 **p != ASN1_INTEGER )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]90 return( POLARSSL_ERR_X509_INVALID_SERIAL +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]91 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
92
93 serial->tag = *(*p)++;
94
95 if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]96 return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]97
98 serial->p = *p;
99 *p += serial->len;
100
101 return( 0 );
102}
103
104/* Get an algorithm identifier without parameters (eg for signatures)
105 *
106 * AlgorithmIdentifier ::= SEQUENCE {
107 * algorithm OBJECT IDENTIFIER,
108 * parameters ANY DEFINED BY algorithm OPTIONAL }
109 */
110int x509_get_alg_null( unsigned char **p, const unsigned char *end,
111 x509_buf *alg )
112{
113 int ret;
114
115 if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]116 return( POLARSSL_ERR_X509_INVALID_ALG + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]117
118 return( 0 );
119}
120
121/*
122 * AttributeTypeAndValue ::= SEQUENCE {
123 * type AttributeType,
124 * value AttributeValue }
125 *
126 * AttributeType ::= OBJECT IDENTIFIER
127 *
128 * AttributeValue ::= ANY DEFINED BY AttributeType
129 */
130static int x509_get_attr_type_value( unsigned char **p,
131 const unsigned char *end,
132 x509_name *cur )
133{
134 int ret;
135 size_t len;
136 x509_buf *oid;
137 x509_buf *val;
138
139 if( ( ret = asn1_get_tag( p, end, &len,
140 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]141 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]142
143 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]144 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]145 POLARSSL_ERR_ASN1_OUT_OF_DATA );
146
147 oid = &cur->oid;
148 oid->tag = **p;
149
150 if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]151 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]152
153 oid->p = *p;
154 *p += oid->len;
155
156 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]157 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]158 POLARSSL_ERR_ASN1_OUT_OF_DATA );
159
160 if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
161 **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
162 **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]163 return( POLARSSL_ERR_X509_INVALID_NAME +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]164 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
165
166 val = &cur->val;
167 val->tag = *(*p)++;
168
169 if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]170 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]171
172 val->p = *p;
173 *p += val->len;
174
175 cur->next = NULL;
176
177 return( 0 );
178}
179
180/*
181 * RelativeDistinguishedName ::=
182 * SET OF AttributeTypeAndValue
183 *
184 * AttributeTypeAndValue ::= SEQUENCE {
185 * type AttributeType,
186 * value AttributeValue }
187 *
188 * AttributeType ::= OBJECT IDENTIFIER
189 *
190 * AttributeValue ::= ANY DEFINED BY AttributeType
191 */
192int x509_get_name( unsigned char **p, const unsigned char *end,
193 x509_name *cur )
194{
195 int ret;
196 size_t len;
197 const unsigned char *end2;
198 x509_name *use;
199
200 if( ( ret = asn1_get_tag( p, end, &len,
201 ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]202 return( POLARSSL_ERR_X509_INVALID_NAME + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]203
204 end2 = end;
205 end = *p + len;
206 use = cur;
207
208 do
209 {
210 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
211 return( ret );
212
213 if( *p != end )
214 {
215 use->next = (x509_name *) polarssl_malloc(
216 sizeof( x509_name ) );
217
218 if( use->next == NULL )
219 return( POLARSSL_ERR_X509_MALLOC_FAILED );
220
221 memset( use->next, 0, sizeof( x509_name ) );
222
223 use = use->next;
224 }
225 }
226 while( *p != end );
227
228 /*
229 * recurse until end of SEQUENCE is reached
230 */
231 if( *p == end2 )
232 return( 0 );
233
234 cur->next = (x509_name *) polarssl_malloc(
235 sizeof( x509_name ) );
236
237 if( cur->next == NULL )
238 return( POLARSSL_ERR_X509_MALLOC_FAILED );
239
240 memset( cur->next, 0, sizeof( x509_name ) );
241
242 return( x509_get_name( p, end2, cur->next ) );
243}
244
245/*
246 * Time ::= CHOICE {
247 * utcTime UTCTime,
248 * generalTime GeneralizedTime }
249 */
250int x509_get_time( unsigned char **p, const unsigned char *end,
251 x509_time *time )
252{
253 int ret;
254 size_t len;
255 char date[64];
256 unsigned char tag;
257
258 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]259 return( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]260 POLARSSL_ERR_ASN1_OUT_OF_DATA );
261
262 tag = **p;
263
264 if ( tag == ASN1_UTC_TIME )
265 {
266 (*p)++;
267 ret = asn1_get_len( p, end, &len );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]268
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]269 if( ret != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]270 return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]271
272 memset( date, 0, sizeof( date ) );
273 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
274 len : sizeof( date ) - 1 );
275
276 if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
277 &time->year, &time->mon, &time->day,
278 &time->hour, &time->min, &time->sec ) < 5 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]279 return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]280
281 time->year += 100 * ( time->year < 50 );
282 time->year += 1900;
283
284 *p += len;
285
286 return( 0 );
287 }
288 else if ( tag == ASN1_GENERALIZED_TIME )
289 {
290 (*p)++;
291 ret = asn1_get_len( p, end, &len );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]292
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]293 if( ret != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]294 return( POLARSSL_ERR_X509_INVALID_DATE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]295
296 memset( date, 0, sizeof( date ) );
297 memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
298 len : sizeof( date ) - 1 );
299
300 if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
301 &time->year, &time->mon, &time->day,
302 &time->hour, &time->min, &time->sec ) < 5 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]303 return( POLARSSL_ERR_X509_INVALID_DATE );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]304
305 *p += len;
306
307 return( 0 );
308 }
309 else
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]310 return( POLARSSL_ERR_X509_INVALID_DATE +
311 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]312}
313
314int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
315{
316 int ret;
317 size_t len;
318
319 if( ( end - *p ) < 1 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]320 return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]321 POLARSSL_ERR_ASN1_OUT_OF_DATA );
322
323 sig->tag = **p;
324
325 if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]326 return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]327
328 sig->len = len;
329 sig->p = *p;
330
331 *p += len;
332
333 return( 0 );
334}
335
336int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
337 pk_type_t *pk_alg )
338{
339 int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg );
340
341 if( ret != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]342 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]343
344 return( 0 );
345}
346
347/*
348 * X.509 Extensions (No parsing of extensions, pointer should
349 * be either manually updated or extensions should be parsed!
350 */
351int x509_get_ext( unsigned char **p, const unsigned char *end,
352 x509_buf *ext, int tag )
353{
354 int ret;
355 size_t len;
356
357 if( *p == end )
358 return( 0 );
359
360 ext->tag = **p;
361
362 if( ( ret = asn1_get_tag( p, end, &ext->len,
363 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
364 return( ret );
365
366 ext->p = *p;
367 end = *p + ext->len;
368
369 /*
370 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
371 *
372 * Extension ::= SEQUENCE {
373 * extnID OBJECT IDENTIFIER,
374 * critical BOOLEAN DEFAULT FALSE,
375 * extnValue OCTET STRING }
376 */
377 if( ( ret = asn1_get_tag( p, end, &len,
378 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]379 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]380
381 if( end != *p + len )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]382 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]383 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
384
385 return( 0 );
386}
387
388#if defined(POLARSSL_FS_IO)
389/*
390 * Load all data from a file into a given buffer.
391 */
392int x509_load_file( const char *path, unsigned char **buf, size_t *n )
393{
394 FILE *f;
395 long size;
396
397 if( ( f = fopen( path, "rb" ) ) == NULL )
398 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
399
400 fseek( f, 0, SEEK_END );
401 if( ( size = ftell( f ) ) == -1 )
402 {
403 fclose( f );
404 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
405 }
406 fseek( f, 0, SEEK_SET );
407
408 *n = (size_t) size;
409
410 if( *n + 1 == 0 ||
411 ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
412 {
413 fclose( f );
414 return( POLARSSL_ERR_X509_MALLOC_FAILED );
415 }
416
417 if( fread( *buf, 1, *n, f ) != *n )
418 {
419 fclose( f );
420 polarssl_free( *buf );
421 return( POLARSSL_ERR_X509_FILE_IO_ERROR );
422 }
423
424 fclose( f );
425
426 (*buf)[*n] = '\0';
427
428 return( 0 );
429}
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]430#endif /* POLARSSL_FS_IO */
431
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]432#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
433 !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]434#include <stdarg.h>
435
436#if !defined vsnprintf
437#define vsnprintf _vsnprintf
438#endif // vsnprintf
439
440/*
441 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
442 * Result value is not size of buffer needed, but -1 if no fit is possible.
443 *
444 * This fuction tries to 'fix' this by at least suggesting enlarging the
445 * size by 20.
446 */
447static int compat_snprintf(char *str, size_t size, const char *format, ...)
448{
449 va_list ap;
450 int res = -1;
451
452 va_start( ap, format );
453
454 res = vsnprintf( str, size, format, ap );
455
456 va_end( ap );
457
458 // No quick fix possible
459 if ( res < 0 )
460 return( (int) size + 20 );
461
462 return res;
463}
464
465#define snprintf compat_snprintf
466#endif
467
468#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
469
470#define SAFE_SNPRINTF() \
471{ \
472 if( ret == -1 ) \
473 return( -1 ); \
474 \
475 if ( (unsigned int) ret > n ) { \
476 p[n - 1] = '\0'; \
477 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
478 } \
479 \
480 n -= (unsigned int) ret; \
481 p += (unsigned int) ret; \
482}
483
484/*
485 * Store the name in printable form into buf; no more
486 * than size characters will be written
487 */
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]488int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]489{
490 int ret;
491 size_t i, n;
492 unsigned char c;
493 const x509_name *name;
494 const char *short_name = NULL;
495 char s[128], *p;
496
497 memset( s, 0, sizeof( s ) );
498
499 name = dn;
500 p = buf;
501 n = size;
502
503 while( name != NULL )
504 {
505 if( !name->oid.p )
506 {
507 name = name->next;
508 continue;
509 }
510
511 if( name != dn )
512 {
513 ret = snprintf( p, n, ", " );
514 SAFE_SNPRINTF();
515 }
516
517 ret = oid_get_attr_short_name( &name->oid, &short_name );
518
519 if( ret == 0 )
520 ret = snprintf( p, n, "%s=", short_name );
521 else
522 ret = snprintf( p, n, "\?\?=" );
523 SAFE_SNPRINTF();
524
525 for( i = 0; i < name->val.len; i++ )
526 {
527 if( i >= sizeof( s ) - 1 )
528 break;
529
530 c = name->val.p[i];
531 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
532 s[i] = '?';
533 else s[i] = c;
534 }
535 s[i] = '\0';
536 ret = snprintf( p, n, "%s", s );
537 SAFE_SNPRINTF();
538 name = name->next;
539 }
540
541 return( (int) ( size - n ) );
542}
543
544/*
545 * Store the serial in printable form into buf; no more
546 * than size characters will be written
547 */
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]548int x509_serial_gets( char *buf, size_t size, const x509_buf *serial )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]549{
550 int ret;
551 size_t i, n, nr;
552 char *p;
553
554 p = buf;
555 n = size;
556
557 nr = ( serial->len <= 32 )
558 ? serial->len : 28;
559
560 for( i = 0; i < nr; i++ )
561 {
562 if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
563 continue;
564
565 ret = snprintf( p, n, "%02X%s",
566 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
567 SAFE_SNPRINTF();
568 }
569
570 if( nr != serial->len )
571 {
572 ret = snprintf( p, n, "...." );
573 SAFE_SNPRINTF();
574 }
575
576 return( (int) ( size - n ) );
577}
578
579/*
580 * Helper for writing "RSA key size", "EC key size", etc
581 */
582int x509_key_size_helper( char *buf, size_t size, const char *name )
583{
584 char *p = buf;
585 size_t n = size;
586 int ret;
587
588 if( strlen( name ) + sizeof( " key size" ) > size )
589 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
590
591 ret = snprintf( p, n, "%s key size", name );
592 SAFE_SNPRINTF();
593
594 return( 0 );
595}
596
597/*
598 * Return an informational string describing the given OID
599 */
600const char *x509_oid_get_description( x509_buf *oid )
601{
602 const char *desc = NULL;
603 int ret;
604
605 ret = oid_get_extended_key_usage( oid, &desc );
606
607 if( ret != 0 )
608 return( NULL );
609
610 return( desc );
611}
612
613/* Return the x.y.z.... style numeric string for the given OID */
614int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
615{
616 return oid_get_numeric_string( buf, size, oid );
617}
618
619/*
620 * Return 0 if the x509_time is still valid, or 1 otherwise.
621 */
622#if defined(POLARSSL_HAVE_TIME)
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]623int x509_time_expired( const x509_time *to )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]624{
625 int year, mon, day;
626 int hour, min, sec;
627
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]628#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]629 SYSTEMTIME st;
630
631 GetLocalTime(&st);
632
633 year = st.wYear;
634 mon = st.wMonth;
635 day = st.wDay;
636 hour = st.wHour;
637 min = st.wMinute;
638 sec = st.wSecond;
639#else
640 struct tm *lt;
641 time_t tt;
642
643 tt = time( NULL );
644 lt = localtime( &tt );
645
646 year = lt->tm_year + 1900;
647 mon = lt->tm_mon + 1;
648 day = lt->tm_mday;
649 hour = lt->tm_hour;
650 min = lt->tm_min;
651 sec = lt->tm_sec;
652#endif
653
654 if( year > to->year )
655 return( 1 );
656
657 if( year == to->year &&
658 mon > to->mon )
659 return( 1 );
660
661 if( year == to->year &&
662 mon == to->mon &&
663 day > to->day )
664 return( 1 );
665
666 if( year == to->year &&
667 mon == to->mon &&
668 day == to->day &&
669 hour > to->hour )
670 return( 1 );
671
672 if( year == to->year &&
673 mon == to->mon &&
674 day == to->day &&
675 hour == to->hour &&
676 min > to->min )
677 return( 1 );
678
679 if( year == to->year &&
680 mon == to->mon &&
681 day == to->day &&
682 hour == to->hour &&
683 min == to->min &&
684 sec > to->sec )
685 return( 1 );
686
687 return( 0 );
688}
689#else /* POLARSSL_HAVE_TIME */
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]690int x509_time_expired( const x509_time *to )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]691{
692 ((void) to);
693 return( 0 );
694}
695#endif /* POLARSSL_HAVE_TIME */
696
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]697#if defined(POLARSSL_SELF_TEST)
698
699#include "polarssl/x509_crt.h"
700#include "polarssl/certs.h"
701
702/*
703 * Checkup routine
704 */
705int x509_self_test( int verbose )
706{
707#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
708 int ret;
709 int flags;
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200[diff] [blame]710 x509_crt cacert;
711 x509_crt clicert;
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]712
713 if( verbose != 0 )
714 printf( " X.509 certificate load: " );
715
Paul Bakkerb6b09562013-09-18 14:17:41 +0200[diff] [blame]716 x509_crt_init( &clicert );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]717
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]718 ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
719 strlen( test_cli_crt ) );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]720 if( ret != 0 )
721 {
722 if( verbose != 0 )
723 printf( "failed\n" );
724
725 return( ret );
726 }
727
Paul Bakkerb6b09562013-09-18 14:17:41 +0200[diff] [blame]728 x509_crt_init( &cacert );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]729
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]730 ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
731 strlen( test_ca_crt ) );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]732 if( ret != 0 )
733 {
734 if( verbose != 0 )
735 printf( "failed\n" );
736
737 return( ret );
738 }
739
740 if( verbose != 0 )
741 printf( "passed\n X.509 signature verify: ");
742
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]743 ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
Paul Bakkere9e6ae32013-09-16 22:53:25 +0200[diff] [blame]744 if( ret != 0 )
745 {
746 if( verbose != 0 )
747 printf( "failed\n" );
748
749 printf("ret = %d, &flags = %04x\n", ret, flags);
750
751 return( ret );
752 }
753
754 if( verbose != 0 )
755 printf( "passed\n\n");
756
757 x509_crt_free( &cacert );
758 x509_crt_free( &clicert );
759
760 return( 0 );
761#else
762 ((void) verbose);
763 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
764#endif
765}
766
767#endif
768
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]769#endif /* POLARSSL_X509_USE_C */