/*
* Unallocate all CSR data
*/
void x509_csr_free( x509_csr *csr )
{
x509_name *name_cur;
x509_name *name_prv;
if( csr == NULL )
return;
pk_free( &csr->pk );
#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
polarssl_free( csr->sig_opts );
#endif
name_cur = csr->subject.next;
while( name_cur != NULL )
{
name_prv = name_cur;
name_cur = name_cur->next;
polarssl_zeroize( name_prv, sizeof( x509_name ) );
polarssl_free( name_prv );
}
if( csr->raw.p != NULL )
{
polarssl_zeroize( csr->raw.p, csr->raw.len );
polarssl_free( csr->raw.p );
}
polarssl_zeroize( csr, sizeof( x509_csr ) );
}
/*
* Unallocate all CSR data
*/
void x509_csr_free( x509_csr *csr )
{
x509_name *name_cur;
x509_name *name_prv;
if( csr == NULL )
return;
pk_free( &csr->pk );
name_cur = csr->subject.next;
while( name_cur != NULL )
{
name_prv = name_cur;
name_cur = name_cur->next;
memset( name_prv, 0, sizeof( x509_name ) );
polarssl_free( name_prv );
}
if( csr->raw.p != NULL )
{
memset( csr->raw.p, 0, csr->raw.len );
polarssl_free( csr->raw.p );
}
memset( csr, 0, sizeof( x509_csr ) );
}
/*
* Unallocate all CRL data
*/
void x509_crl_free( x509_crl *crl )
{
x509_crl *crl_cur = crl;
x509_crl *crl_prv;
x509_name *name_cur;
x509_name *name_prv;
x509_crl_entry *entry_cur;
x509_crl_entry *entry_prv;
if( crl == NULL )
return;
do
{
#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
polarssl_free( crl_cur->sig_opts );
#endif
name_cur = crl_cur->issuer.next;
while( name_cur != NULL )
{
name_prv = name_cur;
name_cur = name_cur->next;
polarssl_zeroize( name_prv, sizeof( x509_name ) );
polarssl_free( name_prv );
}
entry_cur = crl_cur->entry.next;
while( entry_cur != NULL )
{
entry_prv = entry_cur;
entry_cur = entry_cur->next;
polarssl_zeroize( entry_prv, sizeof( x509_crl_entry ) );
polarssl_free( entry_prv );
}
if( crl_cur->raw.p != NULL )
{
polarssl_zeroize( crl_cur->raw.p, crl_cur->raw.len );
polarssl_free( crl_cur->raw.p );
}
crl_cur = crl_cur->next;
}
while( crl_cur != NULL );
crl_cur = crl;
do
{
crl_prv = crl_cur;
crl_cur = crl_cur->next;
polarssl_zeroize( crl_prv, sizeof( x509_crl ) );
if( crl_prv != crl )
polarssl_free( crl_prv );
}
while( crl_cur != NULL );
}
void asn1_free_named_data( asn1_named_data *cur )
{
if( cur == NULL )
return;
polarssl_free( cur->oid.p );
polarssl_free( cur->val.p );
memset( cur, 0, sizeof( asn1_named_data ) );
}
/*
* Unallocate all CRL data
*/
void x509_crl_free( x509_crl *crl )
{
x509_crl *crl_cur = crl;
x509_crl *crl_prv;
x509_name *name_cur;
x509_name *name_prv;
x509_crl_entry *entry_cur;
x509_crl_entry *entry_prv;
if( crl == NULL )
return;
do
{
name_cur = crl_cur->issuer.next;
while( name_cur != NULL )
{
name_prv = name_cur;
name_cur = name_cur->next;
memset( name_prv, 0, sizeof( x509_name ) );
polarssl_free( name_prv );
}
entry_cur = crl_cur->entry.next;
while( entry_cur != NULL )
{
entry_prv = entry_cur;
entry_cur = entry_cur->next;
memset( entry_prv, 0, sizeof( x509_crl_entry ) );
polarssl_free( entry_prv );
}
if( crl_cur->raw.p != NULL )
{
memset( crl_cur->raw.p, 0, crl_cur->raw.len );
polarssl_free( crl_cur->raw.p );
}
crl_cur = crl_cur->next;
}
while( crl_cur != NULL );
crl_cur = crl;
do
{
crl_prv = crl_cur;
crl_cur = crl_cur->next;
memset( crl_prv, 0, sizeof( x509_crl ) );
if( crl_prv != crl )
polarssl_free( crl_prv );
}
while( crl_cur != NULL );
}
void debug_print_msg_free( const ssl_context *ssl, int level,
const char *file, int line, char *text )
{
if( text != NULL )
debug_print_msg( ssl, level, file, line, text );
#if defined(POLARSSL_THREADING_C)
polarssl_free( text );
#endif
}
void asn1_free_named_data_list( asn1_named_data **head )
{
asn1_named_data *cur;
while( ( cur = *head ) != NULL )
{
*head = cur->next;
asn1_free_named_data( cur );
polarssl_free( cur );
}
}
asn1_named_data *asn1_store_named_data( asn1_named_data **head,
const char *oid, size_t oid_len,
const unsigned char *val,
size_t val_len )
{
asn1_named_data *cur;
if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
{
// Add new entry if not present yet based on OID
//
if( ( cur = polarssl_malloc( sizeof(asn1_named_data) ) ) == NULL )
return( NULL );
memset( cur, 0, sizeof(asn1_named_data) );
cur->oid.len = oid_len;
cur->oid.p = polarssl_malloc( oid_len );
if( cur->oid.p == NULL )
{
polarssl_free( cur );
return( NULL );
}
cur->val.len = val_len;
cur->val.p = polarssl_malloc( val_len );
if( cur->val.p == NULL )
{
polarssl_free( cur->oid.p );
polarssl_free( cur );
return( NULL );
}
memcpy( cur->oid.p, oid, oid_len );
cur->next = *head;
*head = cur;
}
else if( cur->val.len < val_len )
{
// Enlarge existing value buffer if needed
//
polarssl_free( cur->val.p );
cur->val.p = NULL;
cur->val.len = val_len;
cur->val.p = polarssl_malloc( val_len );
if( cur->val.p == NULL )
{
polarssl_free( cur->oid.p );
polarssl_free( cur );
return( NULL );
}
}
if( val != NULL )
memcpy( cur->val.p, val, val_len );
return( cur );
}
void ssl_cache_free( ssl_cache_context *cache )
{
ssl_cache_entry *cur, *prv;
cur = cache->chain;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
ssl_session_free( &prv->session );
#if defined(POLARSSL_X509_CRT_PARSE_C)
polarssl_free( prv->peer_cert.p );
#endif /* POLARSSL_X509_CRT_PARSE_C */
polarssl_free( prv );
}
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_free( &cache->mutex );
#endif
}
/*
* Load one or more CRLs and add them to the chained list
*/
int x509_crl_parse_file( x509_crl *chain, const char *path )
{
int ret;
size_t n;
unsigned char *buf;
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = x509_crl_parse( chain, buf, n );
polarssl_zeroize( buf, n + 1 );
polarssl_free( buf );
return( ret );
}
/*
* Load and parse a public key
*/
int pk_parse_public_keyfile( pk_context *ctx, const char *path )
{
int ret;
size_t n;
unsigned char *buf;
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = pk_parse_public_key( ctx, buf, n );
polarssl_zeroize( buf, n + 1 );
polarssl_free( buf );
return( ret );
}
/*
* Load a CSR into the structure
*/
int x509_csr_parse_file( x509_csr *csr, const char *path )
{
int ret;
size_t n;
unsigned char *buf;
if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = x509_csr_parse( csr, buf, n );
memset( buf, 0, n + 1 );
polarssl_free( buf );
return( ret );
}
int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
{
int ret = 1;
unsigned char *cert_blob = NULL;
size_t cert_blob_size = 0;
if( cert == NULL )
{
ret = 2;
goto cleanup;
}
if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
&cert_blob_size ) != CKR_OK )
{
ret = 3;
goto cleanup;
}
cert_blob = polarssl_malloc( cert_blob_size );
if( NULL == cert_blob )
{
ret = 4;
goto cleanup;
}
if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
&cert_blob_size ) != CKR_OK )
{
ret = 5;
goto cleanup;
}
if( 0 != x509_crt_parse( cert, cert_blob, cert_blob_size ) )
{
ret = 6;
goto cleanup;
}
ret = 0;
cleanup:
if( NULL != cert_blob )
polarssl_free( cert_blob );
return( ret );
}
/*
* Parse one X.509 certificate in DER format from a buffer and add them to a
* chained list
*/
int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf,
size_t buflen )
{
int ret;
x509_crt *crt = chain, *prev = NULL;
/*
* Check for valid input
*/
if( crt == NULL || buf == NULL )
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
while( crt->version != 0 && crt->next != NULL )
{
prev = crt;
crt = crt->next;
}
/*
* Add new certificate on the end of the chain if needed.
*/
if ( crt->version != 0 && crt->next == NULL)
{
crt->next = (x509_crt *) polarssl_malloc( sizeof( x509_crt ) );
if( crt->next == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
prev = crt;
crt = crt->next;
x509_crt_init( crt );
}
if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
{
if( prev )
prev->next = NULL;
if( crt != chain )
polarssl_free( crt );
return( ret );
}
return( 0 );
}
/*
* Get signature algorithm from alg OID and optional parameters
*/
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg,
void **sig_opts )
{
int ret;
if( *sig_opts != NULL )
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
{
pk_rsassa_pss_options *pss_opts;
pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
if( pss_opts == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
ret = x509_get_rsassa_pss_params( sig_params,
md_alg,
&pss_opts->mgf1_hash_id,
&pss_opts->expected_salt_len );
if( ret != 0 )
{
polarssl_free( pss_opts );
return( ret );
}
*sig_opts = (void *) pss_opts;
}
else
#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
{
/* Make sure parameters are absent or NULL */
if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) ||
sig_params->len != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG );
}
return( 0 );
}
/*
* Load and parse a private key
*/
int pk_parse_keyfile( pk_context *ctx,
const char *path, const char *pwd )
{
int ret;
size_t n;
unsigned char *buf;
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
if( pwd == NULL )
ret = pk_parse_key( ctx, buf, n, NULL, 0 );
else
ret = pk_parse_key( ctx, buf, n,
(const unsigned char *) pwd, strlen( pwd ) );
polarssl_zeroize( buf, n + 1 );
polarssl_free( buf );
return( ret );
}
/*
* Load all data from a file into a given buffer.
*/
int x509_load_file( const char *path, unsigned char **buf, size_t *n )
{
FILE *f;
long size;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
fseek( f, 0, SEEK_END );
if( ( size = ftell( f ) ) == -1 )
{
fclose( f );
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
}
fseek( f, 0, SEEK_SET );
*n = (size_t) size;
if( *n + 1 == 0 ||
( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
{
fclose( f );
return( POLARSSL_ERR_X509_MALLOC_FAILED );
}
if( fread( *buf, 1, *n, f ) != *n )
{
fclose( f );
polarssl_free( *buf );
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
}
fclose( f );
(*buf)[*n] = '\0';
return( 0 );
}
static void ecdsa_free_wrap( void *ctx )
{
ecdsa_free( (ecdsa_context *) ctx );
polarssl_free( ctx );
}
static void sha512_ctx_free( void *ctx )
{
sha512_free( (sha512_context *) ctx );
polarssl_free( ctx );
}
static void ripemd160_ctx_free( void *ctx )
{
ripemd160_free( (ripemd160_context *) ctx );
polarssl_free( ctx );
}
static void aes_ctx_free( void *ctx )
{
aes_free( (aes_context *) ctx );
polarssl_free( ctx );
}
static void blowfish_ctx_free( void *ctx )
{
blowfish_free( (blowfish_context *) ctx );
polarssl_free( ctx );
}
static void rsa_alt_free_wrap( void *ctx )
{
polarssl_free( ctx );
}
static void camellia_ctx_free( void *ctx )
{
camellia_free( (camellia_context *) ctx );
polarssl_free( ctx );
}
static void md5_ctx_free( void *ctx )
{
polarssl_zeroize( ctx, sizeof( md5_context ) );
polarssl_free( ctx );
}
static void des3_ctx_free( void *ctx )
{
des3_free( (des3_context *) ctx );
polarssl_free( ctx );
}
static void sha384_ctx_free( void *ctx )
{
polarssl_zeroize( ctx, sizeof( sha512_context ) );
polarssl_free( ctx );
}
static void ccm_ctx_free( void *ctx )
{
ccm_free( ctx );
polarssl_free( ctx );
}
static void arc4_ctx_free( void *ctx )
{
arc4_free( (arc4_context *) ctx );
polarssl_free( ctx );
}
static void eckey_free_wrap( void *ctx )
{
ecp_keypair_free( (ecp_keypair *) ctx );
polarssl_free( ctx );
}
