2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
25 #include <gnutls_int.h>
26 #include <gnutls_errors.h>
28 #include <sys/socket.h>
31 #include <sys/types.h>
36 # include <wincrypt.h>
37 # if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
38 typedef PCCRL_CONTEXT WINAPI(*Type_CertEnumCRLsInStore) (HCERTSTORE
42 static Type_CertEnumCRLsInStore Loaded_CertEnumCRLsInStore;
43 static HMODULE Crypt32_dll;
45 # define Loaded_CertEnumCRLsInStore CertEnumCRLsInStore
49 # include <sys/select.h>
51 # ifdef HAVE_PTHREAD_LOCKS
55 # if defined(HAVE_GETPWUID_R)
60 /* System specific function wrappers.
64 /* Do not use the gnulib functions for sending and receiving data.
65 * Using them makes gnutls only working with gnulib applications.
71 int system_errno(gnutls_transport_ptr p)
73 int tmperr = WSAGetLastError();
92 WSASetLastError(tmperr);
98 system_write(gnutls_transport_ptr ptr, const void *data, size_t data_size)
100 return send(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
103 int system_errno(gnutls_transport_ptr_t ptr)
105 #if defined(_AIX) || defined(AIX)
114 system_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec,
117 return writev(GNUTLS_POINTER_TO_INT(ptr), (struct iovec *) iovec,
124 system_read(gnutls_transport_ptr_t ptr, void *data, size_t data_size)
126 return recv(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
129 /* Wait for data to be received within a timeout period in milliseconds.
130 * To catch a termination it will also try to receive 0 bytes from the
131 * socket if select reports to proceed.
133 * Returns -1 on error, 0 on timeout, positive value if data are available for reading.
135 int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
140 int fd = GNUTLS_POINTER_TO_INT(ptr);
146 tv.tv_usec = ms * 1000;
148 while (tv.tv_usec >= 1000000) {
149 tv.tv_usec -= 1000000;
153 ret = select(fd + 1, &rfds, NULL, NULL, &tv);
162 #ifdef HAVE_WIN32_LOCKS
163 static int gnutls_system_mutex_init(void **priv)
165 CRITICAL_SECTION *lock = malloc(sizeof(CRITICAL_SECTION));
168 return GNUTLS_E_MEMORY_ERROR;
170 InitializeCriticalSection(lock);
177 static int gnutls_system_mutex_deinit(void **priv)
179 DeleteCriticalSection((CRITICAL_SECTION *) * priv);
185 static int gnutls_system_mutex_lock(void **priv)
187 EnterCriticalSection((CRITICAL_SECTION *) * priv);
191 static int gnutls_system_mutex_unlock(void **priv)
193 LeaveCriticalSection((CRITICAL_SECTION *) * priv);
197 #endif /* WIN32_LOCKS */
199 #ifdef HAVE_PTHREAD_LOCKS
201 static int gnutls_system_mutex_init(void **priv)
203 pthread_mutex_t *lock = malloc(sizeof(pthread_mutex_t));
207 return GNUTLS_E_MEMORY_ERROR;
209 ret = pthread_mutex_init(lock, NULL);
213 return GNUTLS_E_LOCKING_ERROR;
221 static int gnutls_system_mutex_deinit(void **priv)
223 pthread_mutex_destroy((pthread_mutex_t *) * priv);
228 static int gnutls_system_mutex_lock(void **priv)
230 if (pthread_mutex_lock((pthread_mutex_t *) * priv)) {
232 return GNUTLS_E_LOCKING_ERROR;
238 static int gnutls_system_mutex_unlock(void **priv)
240 if (pthread_mutex_unlock((pthread_mutex_t *) * priv)) {
242 return GNUTLS_E_LOCKING_ERROR;
248 #endif /* PTHREAD_LOCKS */
252 static int gnutls_system_mutex_init(void **priv)
257 static int gnutls_system_mutex_deinit(void **priv)
262 static int gnutls_system_mutex_lock(void **priv)
267 static int gnutls_system_mutex_unlock(void **priv)
272 #endif /* NO_LOCKS */
274 gnutls_time_func gnutls_time = time;
275 mutex_init_func gnutls_mutex_init = gnutls_system_mutex_init;
276 mutex_deinit_func gnutls_mutex_deinit = gnutls_system_mutex_deinit;
277 mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock;
278 mutex_unlock_func gnutls_mutex_unlock = gnutls_system_mutex_unlock;
280 int gnutls_system_global_init()
283 #if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
285 crypto = LoadLibraryA("Crypt32.dll");
288 return GNUTLS_E_CRYPTO_INIT_FAILED;
290 Loaded_CertEnumCRLsInStore =
291 (Type_CertEnumCRLsInStore) GetProcAddress(crypto,
292 "CertEnumCRLsInStore");
293 if (Loaded_CertEnumCRLsInStore == NULL) {
295 return GNUTLS_E_CRYPTO_INIT_FAILED;
298 Crypt32_dll = crypto;
304 void gnutls_system_global_deinit()
307 #if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
308 FreeLibrary(Crypt32_dll);
314 #define CONFIG_PATH ".gnutls"
316 /* Returns a path to store user-specific configuration
319 int _gnutls_find_config_path(char *path, size_t max_size)
321 const char *home_dir = getenv("HOME");
323 if (home_dir != NULL && home_dir[0] != 0) {
324 snprintf(path, max_size, "%s/" CONFIG_PATH, home_dir);
329 if (home_dir == NULL || home_dir[0] == '\0') {
330 const char *home_drive = getenv("HOMEDRIVE");
331 const char *home_path = getenv("HOMEPATH");
333 if (home_drive != NULL && home_path != NULL) {
334 snprintf(path, max_size, "%s%s/" CONFIG_PATH, home_drive, home_path);
339 #elif defined(HAVE_GETPWUID_R)
340 if (home_dir == NULL || home_dir[0] == '\0') {
346 ret = getpwuid_r(getuid(), &_pwd, tmp, sizeof(tmp), &pwd);
347 if (ret == 0 && pwd != NULL) {
348 snprintf(path, max_size, "%s/" CONFIG_PATH, pwd->pw_dir);
354 if (home_dir == NULL || home_dir[0] == '\0') {
362 #if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
365 add_system_trust(gnutls_x509_trust_list_t list,
366 unsigned int tl_flags, unsigned int tl_vflags)
369 const char *crl_file =
370 #ifdef DEFAULT_CRL_FILE
376 #if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
378 gnutls_x509_trust_list_add_trust_file(list,
379 DEFAULT_TRUST_STORE_PKCS11,
382 tl_flags, tl_vflags);
387 #ifdef DEFAULT_TRUST_STORE_FILE
389 gnutls_x509_trust_list_add_trust_file(list,
390 DEFAULT_TRUST_STORE_FILE,
393 tl_flags, tl_vflags);
398 #ifdef DEFAULT_BLACKLIST_FILE
399 ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
401 _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
407 #elif defined(_WIN32)
409 int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
410 unsigned int tl_vflags)
412 char path[GNUTLS_PATH_MAX];
416 for (i = 0; i < 2; i++) {
418 const CERT_CONTEXT *cert;
419 const CRL_CONTEXT *crl;
423 store = CertOpenSystemStore(0, "ROOT");
425 store = CertOpenSystemStore(0, "CA");
428 return GNUTLS_E_FILE_ERROR;
430 cert = CertEnumCertificatesInStore(store, NULL);
431 crl = Loaded_CertEnumCRLsInStore(store, NULL);
433 while (cert != NULL) {
434 if (cert->dwCertEncodingType == X509_ASN_ENCODING) {
435 data.data = cert->pbCertEncoded;
436 data.size = cert->cbCertEncoded;
437 if (gnutls_x509_trust_list_add_trust_mem
439 GNUTLS_X509_FMT_DER, tl_flags,
443 cert = CertEnumCertificatesInStore(store, cert);
446 while (crl != NULL) {
447 if (crl->dwCertEncodingType == X509_ASN_ENCODING) {
448 data.data = crl->pbCrlEncoded;
449 data.size = crl->cbCrlEncoded;
450 gnutls_x509_trust_list_add_trust_mem(list,
457 crl = Loaded_CertEnumCRLsInStore(store, crl);
459 CertCloseStore(store, 0);
462 #ifdef DEFAULT_BLACKLIST_FILE
463 ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
465 _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
471 #elif defined(ANDROID) || defined(__ANDROID__)
474 static int load_dir_certs(const char *dirname,
475 gnutls_x509_trust_list_t list,
476 unsigned int tl_flags, unsigned int tl_vflags,
483 char path[GNUTLS_PATH_MAX];
485 dirp = opendir(dirname);
489 if (d != NULL && d->d_type == DT_REG) {
490 snprintf(path, sizeof(path), "%s/%s",
494 gnutls_x509_trust_list_add_trust_file
495 (list, path, NULL, type, tl_flags,
508 static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
514 char path[GNUTLS_PATH_MAX];
516 dirp = opendir("/data/misc/keychain/cacerts-removed/");
520 if (d != NULL && d->d_type == DT_REG) {
521 snprintf(path, sizeof(path),
522 "/data/misc/keychain/cacerts-removed/%s",
526 gnutls_x509_trust_list_remove_trust_file
539 /* This works on android 4.x
542 int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
543 unsigned int tl_vflags)
548 load_dir_certs("/system/etc/security/cacerts/", list, tl_flags,
549 tl_vflags, GNUTLS_X509_FMT_PEM);
553 ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
558 load_dir_certs("/data/misc/keychain/cacerts-added/", list,
559 tl_flags, tl_vflags, GNUTLS_X509_FMT_DER);
567 #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
572 * gnutls_x509_trust_list_add_system_trust:
573 * @list: The structure of the list
574 * @tl_flags: GNUTLS_TL_*
575 * @tl_vflags: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL
577 * This function adds the system's default trusted certificate
578 * authorities to the trusted list. Note that on unsupported system
579 * this function returns %GNUTLS_E_UNIMPLEMENTED_FEATURE.
581 * Returns: The number of added elements or a negative error code on error.
586 gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
587 unsigned int tl_flags,
588 unsigned int tl_vflags)
590 return add_system_trust(list, tl_flags, tl_vflags);
593 #if defined(HAVE_ICONV) || defined(HAVE_LIBICONV)
597 int _gnutls_ucs2_to_utf8(const void *data, size_t size,
598 gnutls_datum_t * output)
602 size_t orig, dstlen = size * 2;
603 char *src = (void *) data;
604 char *dst = NULL, *pdst;
607 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
609 conv = iconv_open("UTF-8", "UTF-16BE");
610 if (conv == (iconv_t) - 1)
611 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
613 /* Note that dstlen has enough size for every possible input characters.
614 * (remember the in UTF-16 the characters in data are at most size/2,
615 * and we allocate 4 bytes per character).
617 pdst = dst = gnutls_malloc(dstlen + 1);
619 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
624 ret = iconv(conv, &src, &size, &pdst, &dstlen);
626 ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
630 output->data = (void *) dst;
631 output->size = orig - dstlen;
632 output->data[output->size] = 0;
645 #elif defined(_WIN32)
648 /* Can convert only english */
649 int _gnutls_ucs2_to_utf8(const void *data, size_t size,
650 gnutls_datum_t * output)
654 int len = 0, src_len;
660 src = gnutls_malloc(size);
662 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
665 for (i = 0; i < size; i += 2) {
666 src[i] = ((char *) data)[1 + i];
667 src[1 + i] = ((char *) data)[i];
671 WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS,
672 (void *) src, src_len, NULL, 0, NULL,
675 ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
680 dst = gnutls_malloc(len);
682 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
687 WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS,
688 (void *) src, src_len, dst, len, NULL,
691 ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
711 /* Can convert only english (ASCII) */
712 int _gnutls_ucs2_to_utf8(const void *data, size_t size,
713 gnutls_datum_t * output)
717 const char *src = data;
719 if (size == 0 || size % 2 != 0)
720 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
722 dst = gnutls_malloc(size + 1);
724 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
726 for (i = j = 0; i < size; i += 2, j++) {
727 if (src[i] != 0 || !c_isascii(src[i + 1]))
728 return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
732 output->data = (void *) dst;
734 output->data[output->size] = 0;