PolarSSL v1.3.4
x509.c
Go to the documentation of this file.
1 /*
2  * X.509 certificate and private key decoding
3  *
4  * Copyright (C) 2006-2013, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The ITU-T X.509 standard defines a certificate format for PKI.
27  *
28  * http://www.ietf.org/rfc/rfc3279.txt
29  * http://www.ietf.org/rfc/rfc3280.txt
30  *
31  * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32  *
33  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35  */
36 
37 #include "polarssl/config.h"
38 
39 #if defined(POLARSSL_X509_USE_C)
40 
41 #include "polarssl/x509.h"
42 #include "polarssl/asn1.h"
43 #include "polarssl/oid.h"
44 #if defined(POLARSSL_PEM_PARSE_C)
45 #include "polarssl/pem.h"
46 #endif
47 
48 #if defined(POLARSSL_MEMORY_C)
49 #include "polarssl/memory.h"
50 #else
51 #define polarssl_malloc malloc
52 #define polarssl_free free
53 #endif
54 
55 #include <string.h>
56 #include <stdlib.h>
57 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
58 #include <windows.h>
59 #else
60 #include <time.h>
61 #endif
62 
63 #if defined(EFIX64) || defined(EFI32)
64 #include <stdio.h>
65 #endif
66 
67 #if defined(POLARSSL_FS_IO)
68 #include <stdio.h>
69 #if !defined(_WIN32)
70 #include <sys/types.h>
71 #include <sys/stat.h>
72 #include <dirent.h>
73 #endif
74 #endif
75 
76 /*
77  * CertificateSerialNumber ::= INTEGER
78  */
79 int x509_get_serial( unsigned char **p, const unsigned char *end,
80  x509_buf *serial )
81 {
82  int ret;
83 
84  if( ( end - *p ) < 1 )
87 
88  if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
89  **p != ASN1_INTEGER )
92 
93  serial->tag = *(*p)++;
94 
95  if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
96  return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
97 
98  serial->p = *p;
99  *p += serial->len;
100 
101  return( 0 );
102 }
103 
104 /* Get an algorithm identifier without parameters (eg for signatures)
105  *
106  * AlgorithmIdentifier ::= SEQUENCE {
107  * algorithm OBJECT IDENTIFIER,
108  * parameters ANY DEFINED BY algorithm OPTIONAL }
109  */
110 int x509_get_alg_null( unsigned char **p, const unsigned char *end,
111  x509_buf *alg )
112 {
113  int ret;
114 
115  if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
116  return( POLARSSL_ERR_X509_INVALID_ALG + ret );
117 
118  return( 0 );
119 }
120 
121 /*
122  * AttributeTypeAndValue ::= SEQUENCE {
123  * type AttributeType,
124  * value AttributeValue }
125  *
126  * AttributeType ::= OBJECT IDENTIFIER
127  *
128  * AttributeValue ::= ANY DEFINED BY AttributeType
129  */
130 static int x509_get_attr_type_value( unsigned char **p,
131  const unsigned char *end,
132  x509_name *cur )
133 {
134  int ret;
135  size_t len;
136  x509_buf *oid;
137  x509_buf *val;
138 
139  if( ( ret = asn1_get_tag( p, end, &len,
140  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
141  return( POLARSSL_ERR_X509_INVALID_NAME + ret );
142 
143  if( ( end - *p ) < 1 )
146 
147  oid = &cur->oid;
148  oid->tag = **p;
149 
150  if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
151  return( POLARSSL_ERR_X509_INVALID_NAME + ret );
152 
153  oid->p = *p;
154  *p += oid->len;
155 
156  if( ( end - *p ) < 1 )
159 
160  if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
161  **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
162  **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
165 
166  val = &cur->val;
167  val->tag = *(*p)++;
168 
169  if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
170  return( POLARSSL_ERR_X509_INVALID_NAME + ret );
171 
172  val->p = *p;
173  *p += val->len;
174 
175  cur->next = NULL;
176 
177  return( 0 );
178 }
179 
180 /*
181  * RelativeDistinguishedName ::=
182  * SET OF AttributeTypeAndValue
183  *
184  * AttributeTypeAndValue ::= SEQUENCE {
185  * type AttributeType,
186  * value AttributeValue }
187  *
188  * AttributeType ::= OBJECT IDENTIFIER
189  *
190  * AttributeValue ::= ANY DEFINED BY AttributeType
191  */
192 int x509_get_name( unsigned char **p, const unsigned char *end,
193  x509_name *cur )
194 {
195  int ret;
196  size_t len;
197  const unsigned char *end2;
198  x509_name *use;
199 
200  if( ( ret = asn1_get_tag( p, end, &len,
201  ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
202  return( POLARSSL_ERR_X509_INVALID_NAME + ret );
203 
204  end2 = end;
205  end = *p + len;
206  use = cur;
207 
208  do
209  {
210  if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
211  return( ret );
212 
213  if( *p != end )
214  {
215  use->next = (x509_name *) polarssl_malloc(
216  sizeof( x509_name ) );
217 
218  if( use->next == NULL )
220 
221  memset( use->next, 0, sizeof( x509_name ) );
222 
223  use = use->next;
224  }
225  }
226  while( *p != end );
227 
228  /*
229  * recurse until end of SEQUENCE is reached
230  */
231  if( *p == end2 )
232  return( 0 );
233 
234  cur->next = (x509_name *) polarssl_malloc(
235  sizeof( x509_name ) );
236 
237  if( cur->next == NULL )
239 
240  memset( cur->next, 0, sizeof( x509_name ) );
241 
242  return( x509_get_name( p, end2, cur->next ) );
243 }
244 
245 /*
246  * Time ::= CHOICE {
247  * utcTime UTCTime,
248  * generalTime GeneralizedTime }
249  */
250 int x509_get_time( unsigned char **p, const unsigned char *end,
251  x509_time *time )
252 {
253  int ret;
254  size_t len;
255  char date[64];
256  unsigned char tag;
257 
258  if( ( end - *p ) < 1 )
261 
262  tag = **p;
263 
264  if ( tag == ASN1_UTC_TIME )
265  {
266  (*p)++;
267  ret = asn1_get_len( p, end, &len );
268 
269  if( ret != 0 )
270  return( POLARSSL_ERR_X509_INVALID_DATE + ret );
271 
272  memset( date, 0, sizeof( date ) );
273  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
274  len : sizeof( date ) - 1 );
275 
276  if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
277  &time->year, &time->mon, &time->day,
278  &time->hour, &time->min, &time->sec ) < 5 )
280 
281  time->year += 100 * ( time->year < 50 );
282  time->year += 1900;
283 
284  *p += len;
285 
286  return( 0 );
287  }
288  else if ( tag == ASN1_GENERALIZED_TIME )
289  {
290  (*p)++;
291  ret = asn1_get_len( p, end, &len );
292 
293  if( ret != 0 )
294  return( POLARSSL_ERR_X509_INVALID_DATE + ret );
295 
296  memset( date, 0, sizeof( date ) );
297  memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
298  len : sizeof( date ) - 1 );
299 
300  if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
301  &time->year, &time->mon, &time->day,
302  &time->hour, &time->min, &time->sec ) < 5 )
304 
305  *p += len;
306 
307  return( 0 );
308  }
309  else
312 }
313 
314 int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
315 {
316  int ret;
317  size_t len;
318 
319  if( ( end - *p ) < 1 )
322 
323  sig->tag = **p;
324 
325  if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
326  return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
327 
328  sig->len = len;
329  sig->p = *p;
330 
331  *p += len;
332 
333  return( 0 );
334 }
335 
336 int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
337  pk_type_t *pk_alg )
338 {
339  int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg );
340 
341  if( ret != 0 )
342  return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
343 
344  return( 0 );
345 }
346 
347 /*
348  * X.509 Extensions (No parsing of extensions, pointer should
349  * be either manually updated or extensions should be parsed!
350  */
351 int x509_get_ext( unsigned char **p, const unsigned char *end,
352  x509_buf *ext, int tag )
353 {
354  int ret;
355  size_t len;
356 
357  if( *p == end )
358  return( 0 );
359 
360  ext->tag = **p;
361 
362  if( ( ret = asn1_get_tag( p, end, &ext->len,
363  ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
364  return( ret );
365 
366  ext->p = *p;
367  end = *p + ext->len;
368 
369  /*
370  * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
371  *
372  * Extension ::= SEQUENCE {
373  * extnID OBJECT IDENTIFIER,
374  * critical BOOLEAN DEFAULT FALSE,
375  * extnValue OCTET STRING }
376  */
377  if( ( ret = asn1_get_tag( p, end, &len,
378  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
379  return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
380 
381  if( end != *p + len )
384 
385  return( 0 );
386 }
387 
388 #if defined(POLARSSL_FS_IO)
389 /*
390  * Load all data from a file into a given buffer.
391  */
392 int x509_load_file( const char *path, unsigned char **buf, size_t *n )
393 {
394  FILE *f;
395  long size;
396 
397  if( ( f = fopen( path, "rb" ) ) == NULL )
399 
400  fseek( f, 0, SEEK_END );
401  if( ( size = ftell( f ) ) == -1 )
402  {
403  fclose( f );
405  }
406  fseek( f, 0, SEEK_SET );
407 
408  *n = (size_t) size;
409 
410  if( *n + 1 == 0 ||
411  ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
412  {
413  fclose( f );
415  }
416 
417  if( fread( *buf, 1, *n, f ) != *n )
418  {
419  fclose( f );
420  polarssl_free( *buf );
422  }
423 
424  fclose( f );
425 
426  (*buf)[*n] = '\0';
427 
428  return( 0 );
429 }
430 #endif /* POLARSSL_FS_IO */
431 
432 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
433  !defined(EFI32)
434 #include <stdarg.h>
435 
436 #if !defined vsnprintf
437 #define vsnprintf _vsnprintf
438 #endif // vsnprintf
439 
440 /*
441  * Windows _snprintf and _vsnprintf are not compatible to linux versions.
442  * Result value is not size of buffer needed, but -1 if no fit is possible.
443  *
444  * This fuction tries to 'fix' this by at least suggesting enlarging the
445  * size by 20.
446  */
447 static int compat_snprintf(char *str, size_t size, const char *format, ...)
448 {
449  va_list ap;
450  int res = -1;
451 
452  va_start( ap, format );
453 
454  res = vsnprintf( str, size, format, ap );
455 
456  va_end( ap );
457 
458  // No quick fix possible
459  if ( res < 0 )
460  return( (int) size + 20 );
461 
462  return res;
463 }
464 
465 #define snprintf compat_snprintf
466 #endif
467 
468 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
469 
470 #define SAFE_SNPRINTF() \
471 { \
472  if( ret == -1 ) \
473  return( -1 ); \
474  \
475  if ( (unsigned int) ret > n ) { \
476  p[n - 1] = '\0'; \
477  return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
478  } \
479  \
480  n -= (unsigned int) ret; \
481  p += (unsigned int) ret; \
482 }
483 
484 /*
485  * Store the name in printable form into buf; no more
486  * than size characters will be written
487  */
488 int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
489 {
490  int ret;
491  size_t i, n;
492  unsigned char c;
493  const x509_name *name;
494  const char *short_name = NULL;
495  char s[128], *p;
496 
497  memset( s, 0, sizeof( s ) );
498 
499  name = dn;
500  p = buf;
501  n = size;
502 
503  while( name != NULL )
504  {
505  if( !name->oid.p )
506  {
507  name = name->next;
508  continue;
509  }
510 
511  if( name != dn )
512  {
513  ret = snprintf( p, n, ", " );
514  SAFE_SNPRINTF();
515  }
516 
517  ret = oid_get_attr_short_name( &name->oid, &short_name );
518 
519  if( ret == 0 )
520  ret = snprintf( p, n, "%s=", short_name );
521  else
522  ret = snprintf( p, n, "\?\?=" );
523  SAFE_SNPRINTF();
524 
525  for( i = 0; i < name->val.len; i++ )
526  {
527  if( i >= sizeof( s ) - 1 )
528  break;
529 
530  c = name->val.p[i];
531  if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
532  s[i] = '?';
533  else s[i] = c;
534  }
535  s[i] = '\0';
536  ret = snprintf( p, n, "%s", s );
537  SAFE_SNPRINTF();
538  name = name->next;
539  }
540 
541  return( (int) ( size - n ) );
542 }
543 
544 /*
545  * Store the serial in printable form into buf; no more
546  * than size characters will be written
547  */
548 int x509_serial_gets( char *buf, size_t size, const x509_buf *serial )
549 {
550  int ret;
551  size_t i, n, nr;
552  char *p;
553 
554  p = buf;
555  n = size;
556 
557  nr = ( serial->len <= 32 )
558  ? serial->len : 28;
559 
560  for( i = 0; i < nr; i++ )
561  {
562  if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
563  continue;
564 
565  ret = snprintf( p, n, "%02X%s",
566  serial->p[i], ( i < nr - 1 ) ? ":" : "" );
567  SAFE_SNPRINTF();
568  }
569 
570  if( nr != serial->len )
571  {
572  ret = snprintf( p, n, "...." );
573  SAFE_SNPRINTF();
574  }
575 
576  return( (int) ( size - n ) );
577 }
578 
579 /*
580  * Helper for writing "RSA key size", "EC key size", etc
581  */
582 int x509_key_size_helper( char *buf, size_t size, const char *name )
583 {
584  char *p = buf;
585  size_t n = size;
586  int ret;
587 
588  if( strlen( name ) + sizeof( " key size" ) > size )
589  return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
590 
591  ret = snprintf( p, n, "%s key size", name );
592  SAFE_SNPRINTF();
593 
594  return( 0 );
595 }
596 
597 /*
598  * Return an informational string describing the given OID
599  */
600 const char *x509_oid_get_description( x509_buf *oid )
601 {
602  const char *desc = NULL;
603  int ret;
604 
605  ret = oid_get_extended_key_usage( oid, &desc );
606 
607  if( ret != 0 )
608  return( NULL );
609 
610  return( desc );
611 }
612 
613 /* Return the x.y.z.... style numeric string for the given OID */
614 int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
615 {
616  return oid_get_numeric_string( buf, size, oid );
617 }
618 
619 /*
620  * Return 0 if the x509_time is still valid, or 1 otherwise.
621  */
622 #if defined(POLARSSL_HAVE_TIME)
623 int x509_time_expired( const x509_time *to )
624 {
625  int year, mon, day;
626  int hour, min, sec;
627 
628 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
629  SYSTEMTIME st;
630 
631  GetLocalTime(&st);
632 
633  year = st.wYear;
634  mon = st.wMonth;
635  day = st.wDay;
636  hour = st.wHour;
637  min = st.wMinute;
638  sec = st.wSecond;
639 #else
640  struct tm *lt;
641  time_t tt;
642 
643  tt = time( NULL );
644  lt = localtime( &tt );
645 
646  year = lt->tm_year + 1900;
647  mon = lt->tm_mon + 1;
648  day = lt->tm_mday;
649  hour = lt->tm_hour;
650  min = lt->tm_min;
651  sec = lt->tm_sec;
652 #endif
653 
654  if( year > to->year )
655  return( 1 );
656 
657  if( year == to->year &&
658  mon > to->mon )
659  return( 1 );
660 
661  if( year == to->year &&
662  mon == to->mon &&
663  day > to->day )
664  return( 1 );
665 
666  if( year == to->year &&
667  mon == to->mon &&
668  day == to->day &&
669  hour > to->hour )
670  return( 1 );
671 
672  if( year == to->year &&
673  mon == to->mon &&
674  day == to->day &&
675  hour == to->hour &&
676  min > to->min )
677  return( 1 );
678 
679  if( year == to->year &&
680  mon == to->mon &&
681  day == to->day &&
682  hour == to->hour &&
683  min == to->min &&
684  sec > to->sec )
685  return( 1 );
686 
687  return( 0 );
688 }
689 #else /* POLARSSL_HAVE_TIME */
690 int x509_time_expired( const x509_time *to )
691 {
692  ((void) to);
693  return( 0 );
694 }
695 #endif /* POLARSSL_HAVE_TIME */
696 
697 #if defined(POLARSSL_SELF_TEST)
698 
699 #include "polarssl/x509_crt.h"
700 #include "polarssl/certs.h"
701 
702 /*
703  * Checkup routine
704  */
705 int x509_self_test( int verbose )
706 {
707 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
708  int ret;
709  int flags;
710  x509_crt cacert;
711  x509_crt clicert;
712 
713  if( verbose != 0 )
714  printf( " X.509 certificate load: " );
715 
716  x509_crt_init( &clicert );
717 
718  ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
719  strlen( test_cli_crt ) );
720  if( ret != 0 )
721  {
722  if( verbose != 0 )
723  printf( "failed\n" );
724 
725  return( ret );
726  }
727 
728  x509_crt_init( &cacert );
729 
730  ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
731  strlen( test_ca_crt ) );
732  if( ret != 0 )
733  {
734  if( verbose != 0 )
735  printf( "failed\n" );
736 
737  return( ret );
738  }
739 
740  if( verbose != 0 )
741  printf( "passed\n X.509 signature verify: ");
742 
743  ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
744  if( ret != 0 )
745  {
746  if( verbose != 0 )
747  printf( "failed\n" );
748 
749  printf("ret = %d, &flags = %04x\n", ret, flags);
750 
751  return( ret );
752  }
753 
754  if( verbose != 0 )
755  printf( "passed\n\n");
756 
757  x509_crt_free( &cacert );
758  x509_crt_free( &clicert );
759 
760  return( 0 );
761 #else
762  ((void) verbose);
764 #endif
765 }
766 
767 #endif
768 
769 #endif /* POLARSSL_X509_USE_C */
int x509_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is valid.
#define ASN1_PRINTABLE_STRING
Definition: asn1.h:80
#define ASN1_UTC_TIME
Definition: asn1.h:83
Memory allocation layer.
#define ASN1_OID
Definition: asn1.h:76
#define ASN1_GENERALIZED_TIME
Definition: asn1.h:84
void *(* polarssl_malloc)(size_t len)
int sec
Time.
Definition: x509.h:175
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
Definition: x509.h:55
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:53
int oid_get_numeric_string(char *buf, size_t size, const asn1_buf *oid)
Translate an ASN.1 OID into its numeric representation (e.g.
int x509_key_size_helper(char *buf, size_t size, const char *name)
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
int x509_get_alg_null(unsigned char **p, const unsigned char *end, x509_buf *alg)
Container for date and time (precision in seconds).
Definition: x509.h:172
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
#define ASN1_SEQUENCE
Definition: asn1.h:78
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
Definition: x509.h:59
#define ASN1_CONSTRUCTED
Definition: asn1.h:88
#define POLARSSL_ERR_X509_INVALID_SIGNATURE
The signature tag or value invalid.
Definition: x509.h:56
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
Object Identifier (OID) database.
md_type_t
Definition: md.h:51
#define ASN1_SET
Definition: asn1.h:79
asn1_buf val
The named value.
Definition: asn1.h:151
int hour
Definition: x509.h:175
#define ASN1_PRIMITIVE
Definition: asn1.h:87
int mon
Definition: x509.h:174
const char * test_ca_crt
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
Generic ASN.1 parsing.
Container for an X.509 certificate.
Definition: x509_crt.h:53
#define ASN1_BMP_STRING
Definition: asn1.h:86
Privacy Enhanced Mail (PEM) decoding.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
asn1_buf oid
The object identifier.
Definition: asn1.h:150
int asn1_get_alg_null(unsigned char **p, const unsigned char *end, asn1_buf *alg)
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
#define ASN1_INTEGER
Definition: asn1.h:72
void(* polarssl_free)(void *ptr)
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:120
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
X.509 certificate parsing and writing.
int day
Date.
Definition: x509.h:174
int x509_get_sig_alg(const x509_buf *sig_oid, md_type_t *md_alg, pk_type_t *pk_alg)
pk_type_t
Public key types.
Definition: pk.h:90
#define POLARSSL_ERR_X509_INVALID_ALG
The algorithm tag or value is invalid.
Definition: x509.h:53
int tag
ASN1 type, e.g.
Definition: asn1.h:118
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
Definition: asn1.h:50
X.509 generic defines and structures.
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
#define ASN1_CONTEXT_SPECIFIC
Definition: asn1.h:89
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
Definition: x509.h:65
const char * test_cli_crt
Container for a sequence or list of &#39;named&#39; ASN.1 data items.
Definition: asn1.h:148
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:116
#define ASN1_UNIVERSAL_STRING
Definition: asn1.h:85
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
size_t len
ASN1 length, e.g.
Definition: asn1.h:119
#define POLARSSL_ERR_X509_INVALID_NAME
The name tag or value is invalid.
Definition: x509.h:54
Sample certificates and DHM parameters for testing.
#define ASN1_IA5_STRING
Definition: asn1.h:82
int year
Definition: x509.h:174
#define ASN1_UTF8_STRING
Definition: asn1.h:77
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
Definition: x509.h:48
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
int min
Definition: x509.h:175
struct _asn1_named_data * next
The next entry in the sequence.
Definition: asn1.h:152
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition: x509.h:57
int oid_get_sig_alg(const asn1_buf *oid, md_type_t *md_alg, pk_type_t *pk_alg)
Translate SignatureAlgorithm OID into md_type and pk_type.
int x509_self_test(int verbose)
Checkup routine.
#define ASN1_T61_STRING
Definition: asn1.h:81
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
Definition: x509.h:64
int oid_get_attr_short_name(const asn1_buf *oid, const char **short_name)
Translate an X.509 attribute type OID into the short name (e.g.
#define POLARSSL_ERR_X509_INVALID_SERIAL
The serial tag or value is invalid.
Definition: x509.h:52
int oid_get_extended_key_usage(const asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:51
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...