2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
25 #include <gnutls_int.h>
26 #include <gnutls_errors.h>
28 #include <sys/socket.h>
31 #include <sys/types.h>
36 # include <wincrypt.h>
37 # if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
38 typedef PCCRL_CONTEXT WINAPI(*Type_CertEnumCRLsInStore) (HCERTSTORE
42 static Type_CertEnumCRLsInStore Loaded_CertEnumCRLsInStore;
43 static HMODULE Crypt32_dll;
45 # define Loaded_CertEnumCRLsInStore CertEnumCRLsInStore
49 # include <sys/select.h>
51 # ifdef HAVE_PTHREAD_LOCKS
55 # if defined(HAVE_GETPWUID_R)
60 /* System specific function wrappers.
64 /* Do not use the gnulib functions for sending and receiving data.
65 * Using them makes gnutls only working with gnulib applications.
71 int system_errno(gnutls_transport_ptr p)
73 int tmperr = WSAGetLastError();
92 WSASetLastError(tmperr);
98 system_write(gnutls_transport_ptr ptr, const void *data, size_t data_size)
100 return send(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
103 int system_errno(gnutls_transport_ptr_t ptr)
105 #if defined(_AIX) || defined(AIX)
114 system_writev(gnutls_transport_ptr_t ptr, const giovec_t * iovec,
117 return writev(GNUTLS_POINTER_TO_INT(ptr), (struct iovec *) iovec,
124 system_read(gnutls_transport_ptr_t ptr, void *data, size_t data_size)
126 return recv(GNUTLS_POINTER_TO_INT(ptr), data, data_size, 0);
129 /* Wait for data to be received within a timeout period in milliseconds.
130 * To catch a termination it will also try to receive 0 bytes from the
131 * socket if select reports to proceed.
133 * Returns -1 on error, 0 on timeout, positive value if data are available for reading.
135 int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
140 int fd = GNUTLS_POINTER_TO_INT(ptr);
142 if (fd < 0 || fd >= FD_SETSIZE) {
151 tv.tv_usec = ms * 1000;
153 while (tv.tv_usec >= 1000000) {
154 tv.tv_usec -= 1000000;
158 ret = select(fd + 1, &rfds, NULL, NULL, &tv);
167 #ifdef HAVE_WIN32_LOCKS
168 static int gnutls_system_mutex_init(void **priv)
170 CRITICAL_SECTION *lock = malloc(sizeof(CRITICAL_SECTION));
173 return GNUTLS_E_MEMORY_ERROR;
175 InitializeCriticalSection(lock);
182 static int gnutls_system_mutex_deinit(void **priv)
184 DeleteCriticalSection((CRITICAL_SECTION *) * priv);
190 static int gnutls_system_mutex_lock(void **priv)
192 EnterCriticalSection((CRITICAL_SECTION *) * priv);
196 static int gnutls_system_mutex_unlock(void **priv)
198 LeaveCriticalSection((CRITICAL_SECTION *) * priv);
202 #endif /* WIN32_LOCKS */
204 #ifdef HAVE_PTHREAD_LOCKS
206 static int gnutls_system_mutex_init(void **priv)
208 pthread_mutex_t *lock = malloc(sizeof(pthread_mutex_t));
212 return GNUTLS_E_MEMORY_ERROR;
214 ret = pthread_mutex_init(lock, NULL);
218 return GNUTLS_E_LOCKING_ERROR;
226 static int gnutls_system_mutex_deinit(void **priv)
228 pthread_mutex_destroy((pthread_mutex_t *) * priv);
233 static int gnutls_system_mutex_lock(void **priv)
235 if (pthread_mutex_lock((pthread_mutex_t *) * priv)) {
237 return GNUTLS_E_LOCKING_ERROR;
243 static int gnutls_system_mutex_unlock(void **priv)
245 if (pthread_mutex_unlock((pthread_mutex_t *) * priv)) {
247 return GNUTLS_E_LOCKING_ERROR;
253 #endif /* PTHREAD_LOCKS */
257 static int gnutls_system_mutex_init(void **priv)
262 static int gnutls_system_mutex_deinit(void **priv)
267 static int gnutls_system_mutex_lock(void **priv)
272 static int gnutls_system_mutex_unlock(void **priv)
277 #endif /* NO_LOCKS */
279 gnutls_time_func gnutls_time = time;
280 mutex_init_func gnutls_mutex_init = gnutls_system_mutex_init;
281 mutex_deinit_func gnutls_mutex_deinit = gnutls_system_mutex_deinit;
282 mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock;
283 mutex_unlock_func gnutls_mutex_unlock = gnutls_system_mutex_unlock;
285 int gnutls_system_global_init()
288 #if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
290 crypto = LoadLibraryA("Crypt32.dll");
293 return GNUTLS_E_CRYPTO_INIT_FAILED;
295 Loaded_CertEnumCRLsInStore =
296 (Type_CertEnumCRLsInStore) GetProcAddress(crypto,
297 "CertEnumCRLsInStore");
298 if (Loaded_CertEnumCRLsInStore == NULL) {
300 return GNUTLS_E_CRYPTO_INIT_FAILED;
303 Crypt32_dll = crypto;
309 void gnutls_system_global_deinit()
312 #if defined(__MINGW32__) && !defined(__MINGW64__) && __MINGW32_MAJOR_VERSION <= 3 && __MINGW32_MINOR_VERSION <= 20
313 FreeLibrary(Crypt32_dll);
319 #define CONFIG_PATH ".gnutls"
321 /* Returns a path to store user-specific configuration
324 int _gnutls_find_config_path(char *path, size_t max_size)
326 const char *home_dir = secure_getenv("HOME");
328 if (home_dir != NULL && home_dir[0] != 0) {
329 snprintf(path, max_size, "%s/" CONFIG_PATH, home_dir);
334 if (home_dir == NULL || home_dir[0] == '\0') {
335 const char *home_drive = getenv("HOMEDRIVE");
336 const char *home_path = getenv("HOMEPATH");
338 if (home_drive != NULL && home_path != NULL) {
339 snprintf(path, max_size, "%s%s/" CONFIG_PATH, home_drive, home_path);
344 #elif defined(HAVE_GETPWUID_R)
345 if (home_dir == NULL || home_dir[0] == '\0') {
351 ret = getpwuid_r(getuid(), &_pwd, tmp, sizeof(tmp), &pwd);
352 if (ret == 0 && pwd != NULL) {
353 snprintf(path, max_size, "%s/" CONFIG_PATH, pwd->pw_dir);
359 if (home_dir == NULL || home_dir[0] == '\0') {
367 #if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
370 add_system_trust(gnutls_x509_trust_list_t list,
371 unsigned int tl_flags, unsigned int tl_vflags)
374 const char *crl_file =
375 #ifdef DEFAULT_CRL_FILE
381 #if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
383 gnutls_x509_trust_list_add_trust_file(list,
384 DEFAULT_TRUST_STORE_PKCS11,
387 tl_flags, tl_vflags);
392 #ifdef DEFAULT_TRUST_STORE_FILE
394 gnutls_x509_trust_list_add_trust_file(list,
395 DEFAULT_TRUST_STORE_FILE,
398 tl_flags, tl_vflags);
403 #ifdef DEFAULT_BLACKLIST_FILE
404 ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
406 _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
412 #elif defined(_WIN32)
414 int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
415 unsigned int tl_vflags)
417 char path[GNUTLS_PATH_MAX];
421 for (i = 0; i < 2; i++) {
423 const CERT_CONTEXT *cert;
424 const CRL_CONTEXT *crl;
428 store = CertOpenSystemStore(0, "ROOT");
430 store = CertOpenSystemStore(0, "CA");
433 return GNUTLS_E_FILE_ERROR;
435 cert = CertEnumCertificatesInStore(store, NULL);
436 crl = Loaded_CertEnumCRLsInStore(store, NULL);
438 while (cert != NULL) {
439 if (cert->dwCertEncodingType == X509_ASN_ENCODING) {
440 data.data = cert->pbCertEncoded;
441 data.size = cert->cbCertEncoded;
442 if (gnutls_x509_trust_list_add_trust_mem
444 GNUTLS_X509_FMT_DER, tl_flags,
448 cert = CertEnumCertificatesInStore(store, cert);
451 while (crl != NULL) {
452 if (crl->dwCertEncodingType == X509_ASN_ENCODING) {
453 data.data = crl->pbCrlEncoded;
454 data.size = crl->cbCrlEncoded;
455 gnutls_x509_trust_list_add_trust_mem(list,
462 crl = Loaded_CertEnumCRLsInStore(store, crl);
464 CertCloseStore(store, 0);
467 #ifdef DEFAULT_BLACKLIST_FILE
468 ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
470 _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
476 #elif defined(ANDROID) || defined(__ANDROID__) || defined(DEFAULT_TRUST_STORE_DIR)
481 # if defined(ANDROID) || defined(__ANDROID__)
482 # define DEFAULT_TRUST_STORE_DIR "/system/etc/security/cacerts/"
484 static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
490 char path[GNUTLS_PATH_MAX];
492 dirp = opendir("/data/misc/keychain/cacerts-removed/");
496 if (d != NULL && d->d_type == DT_REG) {
497 snprintf(path, sizeof(path),
498 "/data/misc/keychain/cacerts-removed/%s",
502 gnutls_x509_trust_list_remove_trust_file
517 /* This works on android 4.x
520 int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
521 unsigned int tl_vflags)
525 ret = gnutls_x509_trust_list_add_trust_dir(list, DEFAULT_TRUST_STORE_DIR,
526 NULL, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags);
530 # if defined(ANDROID) || defined(__ANDROID__)
531 ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
535 ret = gnutls_x509_trust_list_add_trust_dir(list, "/data/misc/keychain/cacerts-added/",
536 NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
545 #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
550 * gnutls_x509_trust_list_add_system_trust:
551 * @list: The structure of the list
552 * @tl_flags: GNUTLS_TL_*
553 * @tl_vflags: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL
555 * This function adds the system's default trusted certificate
556 * authorities to the trusted list. Note that on unsupported systems
557 * this function returns %GNUTLS_E_UNIMPLEMENTED_FEATURE.
559 * This function implies the flag %GNUTLS_TL_NO_DUPLICATES.
561 * Returns: The number of added elements or a negative error code on error.
566 gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
567 unsigned int tl_flags,
568 unsigned int tl_vflags)
570 return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags);
576 /* Can convert only english */
577 int _gnutls_ucs2_to_utf8(const void *data, size_t size,
578 gnutls_datum_t * output)
582 int len = 0, src_len;
585 static unsigned flags = 0;
586 static int checked = 0;
589 /* Not all windows versions support MB_ERR_INVALID_CHARS */
591 WideCharToMultiByte(CP_UTF8, MB_ERR_INVALID_CHARS,
592 L"hello", -1, NULL, 0, NULL, NULL);
594 flags = MB_ERR_INVALID_CHARS;
598 if (((uint8_t *) data)[size] == 0 && ((uint8_t *) data)[size+1] == 0) {
602 src = gnutls_malloc(size+2);
604 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
607 for (i = 0; i < size; i += 2) {
608 src[i] = ((uint8_t *) data)[1 + i];
609 src[1 + i] = ((uint8_t *) data)[i];
614 src_len = wcslen(src);
617 WideCharToMultiByte(CP_UTF8, flags,
618 (void *) src, src_len, NULL, 0,
621 _gnutls_debug_log("WideCharToMultiByte: %d\n", (int)GetLastError());
622 ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
627 dst = gnutls_malloc(len);
629 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
635 WideCharToMultiByte(CP_UTF8, flags,
636 (void *) src, src_len, dst, len-1, NULL,
639 ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
658 #elif defined(HAVE_ICONV) || defined(HAVE_LIBICONV)
662 int _gnutls_ucs2_to_utf8(const void *data, size_t size,
663 gnutls_datum_t * output)
667 size_t orig, dstlen = size * 2;
668 char *src = (void *) data;
669 char *dst = NULL, *pdst;
672 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
674 conv = iconv_open("UTF-8", "UTF-16BE");
675 if (conv == (iconv_t) - 1)
676 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
678 /* Note that dstlen has enough size for every possible input characters.
679 * (remember the in UTF-16 the characters in data are at most size/2,
680 * and we allocate 4 bytes per character).
682 pdst = dst = gnutls_malloc(dstlen + 1);
684 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
689 ret = iconv(conv, &src, &size, &pdst, &dstlen);
691 ret = gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
695 output->data = (void *) dst;
696 output->size = orig - dstlen;
697 output->data[output->size] = 0;
713 /* Can convert only english (ASCII) */
714 int _gnutls_ucs2_to_utf8(const void *data, size_t size,
715 gnutls_datum_t * output)
719 const char *src = data;
721 if (size == 0 || size % 2 != 0)
722 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
724 dst = gnutls_malloc(size + 1);
726 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
728 for (i = j = 0; i < size; i += 2, j++) {
729 if (src[i] != 0 || !c_isascii(src[i + 1]))
730 return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
734 output->data = (void *) dst;
736 output->data[output->size] = 0;