37 #if !defined(POLARSSL_CONFIG_FILE)
40 #include POLARSSL_CONFIG_FILE
43 #if defined(POLARSSL_X509_USE_C)
48 #if defined(POLARSSL_PEM_PARSE_C)
52 #if defined(POLARSSL_PLATFORM_C)
55 #define polarssl_printf printf
56 #define polarssl_malloc malloc
57 #define polarssl_free free
62 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
68 #if defined(EFIX64) || defined(EFI32)
72 #if defined(POLARSSL_FS_IO)
75 #include <sys/types.h>
89 if( ( end - *p ) < 1 )
98 serial->
tag = *(*p)++;
135 static int x509_get_attr_type_value(
unsigned char **p,
136 const unsigned char *end,
148 if( ( end - *p ) < 1 )
161 if( ( end - *p ) < 1 )
197 int x509_get_name(
unsigned char **p,
const unsigned char *end,
202 const unsigned char *end2;
215 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
223 if( use->
next == NULL )
242 if( cur->
next == NULL )
255 int x509_get_time(
unsigned char **p,
const unsigned char *end,
263 if( ( end - *p ) < 1 )
277 memset( date, 0,
sizeof( date ) );
278 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
279 len :
sizeof( date ) - 1 );
281 if( sscanf( date,
"%2d%2d%2d%2d%2d%2dZ",
286 time->
year += 100 * ( time->
year < 50 );
301 memset( date, 0,
sizeof( date ) );
302 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
303 len :
sizeof( date ) - 1 );
305 if( sscanf( date,
"%4d%2d%2d%2d%2d%2dZ",
324 if( ( end - *p ) < 1 )
356 int x509_get_ext(
unsigned char **p,
const unsigned char *end,
386 if( end != *p + len )
393 #if defined(POLARSSL_FS_IO)
397 int x509_load_file(
const char *path,
unsigned char **buf,
size_t *n )
402 if( ( f = fopen( path,
"rb" ) ) == NULL )
405 fseek( f, 0, SEEK_END );
406 if( ( size = ftell( f ) ) == -1 )
411 fseek( f, 0, SEEK_SET );
422 if( fread( *buf, 1, *n, f ) != *n )
437 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
441 #if !defined vsnprintf
442 #define vsnprintf _vsnprintf
452 static int compat_snprintf(
char *str,
size_t size,
const char *format, ...)
457 va_start( ap, format );
459 res = vsnprintf( str, size, format, ap );
465 return( (
int) size + 20 );
470 #define snprintf compat_snprintf
473 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
475 #define SAFE_SNPRINTF() \
480 if ( (unsigned int) ret > n ) { \
482 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
485 n -= (unsigned int) ret; \
486 p += (unsigned int) ret; \
499 const char *short_name = NULL;
502 memset( s, 0,
sizeof( s ) );
508 while( name != NULL )
518 ret = snprintf( p, n,
", " );
525 ret = snprintf( p, n,
"%s=", short_name );
527 ret = snprintf( p, n,
"\?\?=" );
530 for( i = 0; i < name->
val.
len; i++ )
532 if( i >=
sizeof( s ) - 1 )
536 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
541 ret = snprintf( p, n,
"%s", s );
546 return( (
int) ( size - n ) );
562 nr = ( serial->
len <= 32 )
565 for( i = 0; i < nr; i++ )
567 if( i == 0 && nr > 1 && serial->
p[i] == 0x0 )
570 ret = snprintf( p, n,
"%02X%s",
571 serial->
p[i], ( i < nr - 1 ) ?
":" :
"" );
575 if( nr != serial->
len )
577 ret = snprintf( p, n,
"...." );
581 return( (
int) ( size - n ) );
593 if( strlen( name ) +
sizeof(
" key size" ) > size )
594 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
596 ret = snprintf( p, n,
"%s key size", name );
607 const char *desc = NULL;
627 #if defined(POLARSSL_HAVE_TIME)
629 static void x509_get_current_time(
x509_time *now )
631 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
636 now->
year = st.wYear;
637 now->
mon = st.wMonth;
639 now->
hour = st.wHour;
640 now->
min = st.wMinute;
641 now->
sec = st.wSecond;
647 gmtime_r( &tt, < );
649 now->
year = lt.tm_year + 1900;
650 now->
mon = lt.tm_mon + 1;
651 now->
day = lt.tm_mday;
652 now->
hour = lt.tm_hour;
653 now->
min = lt.tm_min;
654 now->
sec = lt.tm_sec;
667 before->
mon > after->
mon )
671 before->
mon == after->
mon &&
672 before->
day > after->
day )
676 before->
mon == after->
mon &&
677 before->
day == after->
day &&
682 before->
mon == after->
mon &&
683 before->
day == after->
day &&
685 before->
min > after->
min )
689 before->
mon == after->
mon &&
690 before->
day == after->
day &&
692 before->
min == after->
min &&
693 before->
sec > after->
sec )
703 x509_get_current_time( &now );
705 return( x509_check_time( &now, to ) );
712 x509_get_current_time( &now );
714 return( x509_check_time( from, &now ) );
732 #if defined(POLARSSL_SELF_TEST)
742 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
778 ret =
x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
int x509_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is not expired.
#define ASN1_PRINTABLE_STRING
#define ASN1_GENERALIZED_TIME
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int oid_get_numeric_string(char *buf, size_t size, const asn1_buf *oid)
Translate an ASN.1 OID into its numeric representation (e.g.
int x509_key_size_helper(char *buf, size_t size, const char *name)
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
int x509_get_alg_null(unsigned char **p, const unsigned char *end, x509_buf *alg)
Container for date and time (precision in seconds).
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
#define POLARSSL_ERR_X509_INVALID_SIGNATURE
The signature tag or value invalid.
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
Object Identifier (OID) database.
asn1_buf val
The named value.
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
Container for an X.509 certificate.
Privacy Enhanced Mail (PEM) decoding.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
asn1_buf oid
The object identifier.
int asn1_get_alg_null(unsigned char **p, const unsigned char *end, asn1_buf *alg)
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
unsigned char * p
ASN1 data, e.g.
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
X.509 certificate parsing and writing.
int x509_get_sig_alg(const x509_buf *sig_oid, md_type_t *md_alg, pk_type_t *pk_alg)
pk_type_t
Public key types.
#define POLARSSL_ERR_X509_INVALID_ALG
The algorithm tag or value is invalid.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
X.509 generic defines and structures.
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
#define ASN1_CONTEXT_SPECIFIC
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
const char * test_cli_crt
Container for a sequence or list of 'named' ASN.1 data items.
Type-length-value structure that allows for ASN1 using DER.
#define ASN1_UNIVERSAL_STRING
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
size_t len
ASN1 length, e.g.
#define POLARSSL_ERR_X509_INVALID_NAME
The name tag or value is invalid.
Sample certificates and DHM parameters for testing.
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
struct _asn1_named_data * next
The next entry in the sequence.
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
int x509_time_future(const x509_time *time)
Check a given x509_time against the system time and check if it is not from the future.
int oid_get_sig_alg(const asn1_buf *oid, md_type_t *md_alg, pk_type_t *pk_alg)
Translate SignatureAlgorithm OID into md_type and pk_type.
int x509_self_test(int verbose)
Checkup routine.
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
int oid_get_attr_short_name(const asn1_buf *oid, const char **short_name)
Translate an X.509 attribute type OID into the short name (e.g.
#define POLARSSL_ERR_X509_INVALID_SERIAL
The serial tag or value is invalid.
int oid_get_extended_key_usage(const asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...