PolarSSL v1.3.7
x509_crl.c
Go to the documentation of this file.
1 /*
2  * X.509 certificate and private key decoding
3  *
4  * Copyright (C) 2006-2014, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The ITU-T X.509 standard defines a certificate format for PKI.
27  *
28  * http://www.ietf.org/rfc/rfc3279.txt
29  * http://www.ietf.org/rfc/rfc3280.txt
30  *
31  * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32  *
33  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35  */
36 
37 #if !defined(POLARSSL_CONFIG_FILE)
38 #include "polarssl/config.h"
39 #else
40 #include POLARSSL_CONFIG_FILE
41 #endif
42 
43 #if defined(POLARSSL_X509_CRL_PARSE_C)
44 
45 #include "polarssl/x509_crl.h"
46 #include "polarssl/oid.h"
47 #if defined(POLARSSL_PEM_PARSE_C)
48 #include "polarssl/pem.h"
49 #endif
50 
51 #if defined(POLARSSL_PLATFORM_C)
52 #include "polarssl/platform.h"
53 #else
54 #define polarssl_malloc malloc
55 #define polarssl_free free
56 #endif
57 
58 #include <string.h>
59 #include <stdlib.h>
60 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
61 
62 #include <windows.h>
63 #else
64 #include <time.h>
65 #endif
66 
67 #if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
68 #include <stdio.h>
69 #endif
70 
71 /*
72  * Version ::= INTEGER { v1(0), v2(1) }
73  */
74 static int x509_crl_get_version( unsigned char **p,
75  const unsigned char *end,
76  int *ver )
77 {
78  int ret;
79 
80  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
81  {
83  {
84  *ver = 0;
85  return( 0 );
86  }
87 
88  return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
89  }
90 
91  return( 0 );
92 }
93 
94 /*
95  * X.509 CRL v2 extensions (no extensions parsed yet.)
96  */
97 static int x509_get_crl_ext( unsigned char **p,
98  const unsigned char *end,
99  x509_buf *ext )
100 {
101  int ret;
102  size_t len = 0;
103 
104  /* Get explicit tag */
105  if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
106  {
108  return( 0 );
109 
110  return( ret );
111  }
112 
113  while( *p < end )
114  {
115  if( ( ret = asn1_get_tag( p, end, &len,
116  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
117  return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
118 
119  *p += len;
120  }
121 
122  if( *p != end )
125 
126  return( 0 );
127 }
128 
129 /*
130  * X.509 CRL v2 entry extensions (no extensions parsed yet.)
131  */
132 static int x509_get_crl_entry_ext( unsigned char **p,
133  const unsigned char *end,
134  x509_buf *ext )
135 {
136  int ret;
137  size_t len = 0;
138 
139  /* OPTIONAL */
140  if (end <= *p)
141  return( 0 );
142 
143  ext->tag = **p;
144  ext->p = *p;
145 
146  /*
147  * Get CRL-entry extension sequence header
148  * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
149  */
150  if( ( ret = asn1_get_tag( p, end, &ext->len,
151  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
152  {
154  {
155  ext->p = NULL;
156  return( 0 );
157  }
158  return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
159  }
160 
161  end = *p + ext->len;
162 
163  if( end != *p + ext->len )
166 
167  while( *p < end )
168  {
169  if( ( ret = asn1_get_tag( p, end, &len,
170  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
171  return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
172 
173  *p += len;
174  }
175 
176  if( *p != end )
179 
180  return( 0 );
181 }
182 
183 /*
184  * X.509 CRL Entries
185  */
186 static int x509_get_entries( unsigned char **p,
187  const unsigned char *end,
188  x509_crl_entry *entry )
189 {
190  int ret;
191  size_t entry_len;
192  x509_crl_entry *cur_entry = entry;
193 
194  if( *p == end )
195  return( 0 );
196 
197  if( ( ret = asn1_get_tag( p, end, &entry_len,
198  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
199  {
201  return( 0 );
202 
203  return( ret );
204  }
205 
206  end = *p + entry_len;
207 
208  while( *p < end )
209  {
210  size_t len2;
211  const unsigned char *end2;
212 
213  if( ( ret = asn1_get_tag( p, end, &len2,
214  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
215  {
216  return( ret );
217  }
218 
219  cur_entry->raw.tag = **p;
220  cur_entry->raw.p = *p;
221  cur_entry->raw.len = len2;
222  end2 = *p + len2;
223 
224  if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
225  return( ret );
226 
227  if( ( ret = x509_get_time( p, end2,
228  &cur_entry->revocation_date ) ) != 0 )
229  return( ret );
230 
231  if( ( ret = x509_get_crl_entry_ext( p, end2,
232  &cur_entry->entry_ext ) ) != 0 )
233  return( ret );
234 
235  if ( *p < end )
236  {
237  cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) );
238 
239  if( cur_entry->next == NULL )
241 
242  cur_entry = cur_entry->next;
243  memset( cur_entry, 0, sizeof( x509_crl_entry ) );
244  }
245  }
246 
247  return( 0 );
248 }
249 
250 /*
251  * Parse one or more CRLs and add them to the chained list
252  */
253 int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
254 {
255  int ret;
256  size_t len;
257  unsigned char *p, *end;
258  x509_crl *crl;
259 #if defined(POLARSSL_PEM_PARSE_C)
260  size_t use_len;
261  pem_context pem;
262 #endif
263 
264  crl = chain;
265 
266  /*
267  * Check for valid input
268  */
269  if( crl == NULL || buf == NULL )
271 
272  while( crl->version != 0 && crl->next != NULL )
273  crl = crl->next;
274 
275  /*
276  * Add new CRL on the end of the chain if needed.
277  */
278  if ( crl->version != 0 && crl->next == NULL)
279  {
280  crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
281 
282  if( crl->next == NULL )
283  {
284  x509_crl_free( crl );
286  }
287 
288  crl = crl->next;
289  x509_crl_init( crl );
290  }
291 
292 #if defined(POLARSSL_PEM_PARSE_C)
293  pem_init( &pem );
294  ret = pem_read_buffer( &pem,
295  "-----BEGIN X509 CRL-----",
296  "-----END X509 CRL-----",
297  buf, NULL, 0, &use_len );
298 
299  if( ret == 0 )
300  {
301  /*
302  * Was PEM encoded
303  */
304  buflen -= use_len;
305  buf += use_len;
306 
307  /*
308  * Steal PEM buffer
309  */
310  p = pem.buf;
311  pem.buf = NULL;
312  len = pem.buflen;
313  pem_free( &pem );
314  }
316  {
317  pem_free( &pem );
318  return( ret );
319  }
320  else
321 #endif /* POLARSSL_PEM_PARSE_C */
322  {
323  /*
324  * nope, copy the raw DER data
325  */
326  p = (unsigned char *) polarssl_malloc( len = buflen );
327 
328  if( p == NULL )
330 
331  memcpy( p, buf, buflen );
332 
333  buflen = 0;
334  }
335 
336  crl->raw.p = p;
337  crl->raw.len = len;
338  end = p + len;
339 
340  /*
341  * CertificateList ::= SEQUENCE {
342  * tbsCertList TBSCertList,
343  * signatureAlgorithm AlgorithmIdentifier,
344  * signatureValue BIT STRING }
345  */
346  if( ( ret = asn1_get_tag( &p, end, &len,
347  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
348  {
349  x509_crl_free( crl );
351  }
352 
353  if( len != (size_t) ( end - p ) )
354  {
355  x509_crl_free( crl );
358  }
359 
360  /*
361  * TBSCertList ::= SEQUENCE {
362  */
363  crl->tbs.p = p;
364 
365  if( ( ret = asn1_get_tag( &p, end, &len,
366  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
367  {
368  x509_crl_free( crl );
369  return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
370  }
371 
372  end = p + len;
373  crl->tbs.len = end - crl->tbs.p;
374 
375  /*
376  * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
377  * -- if present, MUST be v2
378  *
379  * signature AlgorithmIdentifier
380  */
381  if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
382  ( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 )
383  {
384  x509_crl_free( crl );
385  return( ret );
386  }
387 
388  crl->version++;
389 
390  if( crl->version > 2 )
391  {
392  x509_crl_free( crl );
394  }
395 
396  if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
397  &crl->sig_pk ) ) != 0 )
398  {
399  x509_crl_free( crl );
401  }
402 
403  /*
404  * issuer Name
405  */
406  crl->issuer_raw.p = p;
407 
408  if( ( ret = asn1_get_tag( &p, end, &len,
409  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
410  {
411  x509_crl_free( crl );
412  return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
413  }
414 
415  if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
416  {
417  x509_crl_free( crl );
418  return( ret );
419  }
420 
421  crl->issuer_raw.len = p - crl->issuer_raw.p;
422 
423  /*
424  * thisUpdate Time
425  * nextUpdate Time OPTIONAL
426  */
427  if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
428  {
429  x509_crl_free( crl );
430  return( ret );
431  }
432 
433  if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
434  {
435  if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
439  {
440  x509_crl_free( crl );
441  return( ret );
442  }
443  }
444 
445  /*
446  * revokedCertificates SEQUENCE OF SEQUENCE {
447  * userCertificate CertificateSerialNumber,
448  * revocationDate Time,
449  * crlEntryExtensions Extensions OPTIONAL
450  * -- if present, MUST be v2
451  * } OPTIONAL
452  */
453  if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
454  {
455  x509_crl_free( crl );
456  return( ret );
457  }
458 
459  /*
460  * crlExtensions EXPLICIT Extensions OPTIONAL
461  * -- if present, MUST be v2
462  */
463  if( crl->version == 2 )
464  {
465  ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
466 
467  if( ret != 0 )
468  {
469  x509_crl_free( crl );
470  return( ret );
471  }
472  }
473 
474  if( p != end )
475  {
476  x509_crl_free( crl );
479  }
480 
481  end = crl->raw.p + crl->raw.len;
482 
483  /*
484  * signatureAlgorithm AlgorithmIdentifier,
485  * signatureValue BIT STRING
486  */
487  if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 )
488  {
489  x509_crl_free( crl );
490  return( ret );
491  }
492 
493  if( crl->sig_oid1.len != crl->sig_oid2.len ||
494  memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
495  {
496  x509_crl_free( crl );
498  }
499 
500  if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
501  {
502  x509_crl_free( crl );
503  return( ret );
504  }
505 
506  if( p != end )
507  {
508  x509_crl_free( crl );
511  }
512 
513  if( buflen > 0 )
514  {
515  crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
516 
517  if( crl->next == NULL )
518  {
519  x509_crl_free( crl );
521  }
522 
523  crl = crl->next;
524  x509_crl_init( crl );
525 
526  return( x509_crl_parse( crl, buf, buflen ) );
527  }
528 
529  return( 0 );
530 }
531 
532 #if defined(POLARSSL_FS_IO)
533 /*
534  * Load one or more CRLs and add them to the chained list
535  */
536 int x509_crl_parse_file( x509_crl *chain, const char *path )
537 {
538  int ret;
539  size_t n;
540  unsigned char *buf;
541 
542  if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
543  return( ret );
544 
545  ret = x509_crl_parse( chain, buf, n );
546 
547  memset( buf, 0, n + 1 );
548  polarssl_free( buf );
549 
550  return( ret );
551 }
552 #endif /* POLARSSL_FS_IO */
553 
554 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
555  !defined(EFI32)
556 #include <stdarg.h>
557 
558 #if !defined vsnprintf
559 #define vsnprintf _vsnprintf
560 #endif // vsnprintf
561 
562 /*
563  * Windows _snprintf and _vsnprintf are not compatible to linux versions.
564  * Result value is not size of buffer needed, but -1 if no fit is possible.
565  *
566  * This fuction tries to 'fix' this by at least suggesting enlarging the
567  * size by 20.
568  */
569 static int compat_snprintf(char *str, size_t size, const char *format, ...)
570 {
571  va_list ap;
572  int res = -1;
573 
574  va_start( ap, format );
575 
576  res = vsnprintf( str, size, format, ap );
577 
578  va_end( ap );
579 
580  // No quick fix possible
581  if ( res < 0 )
582  return( (int) size + 20 );
583 
584  return res;
585 }
586 
587 #define snprintf compat_snprintf
588 #endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
589 
590 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
591 
592 #define SAFE_SNPRINTF() \
593 { \
594  if( ret == -1 ) \
595  return( -1 ); \
596  \
597  if ( (unsigned int) ret > n ) { \
598  p[n - 1] = '\0'; \
599  return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
600  } \
601  \
602  n -= (unsigned int) ret; \
603  p += (unsigned int) ret; \
604 }
605 
606 /*
607  * Return an informational string about the certificate.
608  */
609 #define BEFORE_COLON 14
610 #define BC "14"
611 /*
612  * Return an informational string about the CRL.
613  */
614 int x509_crl_info( char *buf, size_t size, const char *prefix,
615  const x509_crl *crl )
616 {
617  int ret;
618  size_t n;
619  char *p;
620  const char *desc;
621  const x509_crl_entry *entry;
622 
623  p = buf;
624  n = size;
625 
626  ret = snprintf( p, n, "%sCRL version : %d",
627  prefix, crl->version );
628  SAFE_SNPRINTF();
629 
630  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
631  SAFE_SNPRINTF();
632  ret = x509_dn_gets( p, n, &crl->issuer );
633  SAFE_SNPRINTF();
634 
635  ret = snprintf( p, n, "\n%sthis update : " \
636  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
637  crl->this_update.year, crl->this_update.mon,
638  crl->this_update.day, crl->this_update.hour,
639  crl->this_update.min, crl->this_update.sec );
640  SAFE_SNPRINTF();
641 
642  ret = snprintf( p, n, "\n%snext update : " \
643  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
644  crl->next_update.year, crl->next_update.mon,
645  crl->next_update.day, crl->next_update.hour,
646  crl->next_update.min, crl->next_update.sec );
647  SAFE_SNPRINTF();
648 
649  entry = &crl->entry;
650 
651  ret = snprintf( p, n, "\n%sRevoked certificates:",
652  prefix );
653  SAFE_SNPRINTF();
654 
655  while( entry != NULL && entry->raw.len != 0 )
656  {
657  ret = snprintf( p, n, "\n%sserial number: ",
658  prefix );
659  SAFE_SNPRINTF();
660 
661  ret = x509_serial_gets( p, n, &entry->serial);
662  SAFE_SNPRINTF();
663 
664  ret = snprintf( p, n, " revocation date: " \
665  "%04d-%02d-%02d %02d:%02d:%02d",
666  entry->revocation_date.year, entry->revocation_date.mon,
667  entry->revocation_date.day, entry->revocation_date.hour,
668  entry->revocation_date.min, entry->revocation_date.sec );
669  SAFE_SNPRINTF();
670 
671  entry = entry->next;
672  }
673 
674  ret = snprintf( p, n, "\n%ssigned using : ", prefix );
675  SAFE_SNPRINTF();
676 
677  ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc );
678  if( ret != 0 )
679  ret = snprintf( p, n, "???" );
680  else
681  ret = snprintf( p, n, "%s", desc );
682  SAFE_SNPRINTF();
683 
684  ret = snprintf( p, n, "\n" );
685  SAFE_SNPRINTF();
686 
687  return( (int) ( size - n ) );
688 }
689 
690 /*
691  * Initialize a CRL chain
692  */
693 void x509_crl_init( x509_crl *crl )
694 {
695  memset( crl, 0, sizeof(x509_crl) );
696 }
697 
698 /*
699  * Unallocate all CRL data
700  */
701 void x509_crl_free( x509_crl *crl )
702 {
703  x509_crl *crl_cur = crl;
704  x509_crl *crl_prv;
705  x509_name *name_cur;
706  x509_name *name_prv;
707  x509_crl_entry *entry_cur;
708  x509_crl_entry *entry_prv;
709 
710  if( crl == NULL )
711  return;
712 
713  do
714  {
715  name_cur = crl_cur->issuer.next;
716  while( name_cur != NULL )
717  {
718  name_prv = name_cur;
719  name_cur = name_cur->next;
720  memset( name_prv, 0, sizeof( x509_name ) );
721  polarssl_free( name_prv );
722  }
723 
724  entry_cur = crl_cur->entry.next;
725  while( entry_cur != NULL )
726  {
727  entry_prv = entry_cur;
728  entry_cur = entry_cur->next;
729  memset( entry_prv, 0, sizeof( x509_crl_entry ) );
730  polarssl_free( entry_prv );
731  }
732 
733  if( crl_cur->raw.p != NULL )
734  {
735  memset( crl_cur->raw.p, 0, crl_cur->raw.len );
736  polarssl_free( crl_cur->raw.p );
737  }
738 
739  crl_cur = crl_cur->next;
740  }
741  while( crl_cur != NULL );
742 
743  crl_cur = crl;
744  do
745  {
746  crl_prv = crl_cur;
747  crl_cur = crl_cur->next;
748 
749  memset( crl_prv, 0, sizeof( x509_crl ) );
750  if( crl_prv != crl )
751  polarssl_free( crl_prv );
752  }
753  while( crl_cur != NULL );
754 }
755 
756 #endif /* POLARSSL_X509_CRL_PARSE_C */
x509_buf sig
Definition: x509_crl.h:93
void x509_crl_init(x509_crl *crl)
Initialize a CRL (chain)
int sec
Time.
Definition: x509.h:184
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
Definition: x509.h:59
int version
Definition: x509_crl.h:78
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
x509_time next_update
Definition: x509_crl.h:86
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:57
Certificate revocation list entry.
Definition: x509_crl.h:55
#define POLARSSL_ERR_X509_INVALID_FORMAT
The CRT/CRL/CSR format is invalid, e.g.
Definition: x509.h:54
struct _x509_crl * next
Definition: x509_crl.h:97
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
int x509_get_alg_null(unsigned char **p, const unsigned char *end, x509_buf *alg)
#define polarssl_free
Definition: platform.h:91
#define ASN1_SEQUENCE
Definition: asn1.h:82
Configuration options (set of defines)
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
Definition: x509.h:63
#define ASN1_CONSTRUCTED
Definition: asn1.h:92
x509_buf sig_oid2
Definition: x509_crl.h:92
PolarSSL Platform abstraction layer.
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
#define POLARSSL_ERR_X509_UNKNOWN_VERSION
CRT/CRL/CSR has an unsupported version number.
Definition: x509.h:62
x509_name issuer
The parsed issuer data (named information object).
Definition: x509_crl.h:83
int x509_crl_parse_file(x509_crl *chain, const char *path)
Load one or more CRLs and add them to the chained list.
Object Identifier (OID) database.
x509_buf serial
Definition: x509_crl.h:59
int x509_crl_parse(x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and add them to the chained list.
int x509_crl_info(char *buf, size_t size, const char *prefix, const x509_crl *crl)
Returns an informational string about the CRL.
x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
Definition: x509_crl.h:88
int hour
Definition: x509.h:184
int mon
Definition: x509.h:183
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
x509_buf sig_oid1
Definition: x509_crl.h:79
Privacy Enhanced Mail (PEM) decoding.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
void x509_crl_free(x509_crl *crl)
Unallocate all CRL data.
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:124
int oid_get_sig_alg_desc(const asn1_buf *oid, const char **desc)
Translate SignatureAlgorithm OID into description.
x509_buf tbs
The raw certificate body (DER).
Definition: x509_crl.h:76
struct _x509_crl_entry * next
Definition: x509_crl.h:65
md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
Definition: x509_crl.h:94
int day
Date.
Definition: x509.h:183
int x509_get_sig_alg(const x509_buf *sig_oid, md_type_t *md_alg, pk_type_t *pk_alg)
int tag
ASN1 type, e.g.
Definition: asn1.h:122
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
Definition: asn1.h:54
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
x509_time this_update
Definition: x509_crl.h:85
Container for a sequence or list of &#39;named&#39; ASN.1 data items.
Definition: asn1.h:152
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:120
x509_buf entry_ext
Definition: x509_crl.h:63
pk_type_t sig_pk
&lt; Internal representation of the Public Key algorithm of the signature algorithm, e...
Definition: x509_crl.h:95
size_t len
ASN1 length, e.g.
Definition: asn1.h:123
int year
Definition: x509.h:183
x509_buf raw
Definition: x509_crl.h:57
X.509 certificate revocation list parsing.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
#define POLARSSL_ERR_X509_INVALID_VERSION
The CRT/CRL/CSR version element is invalid.
Definition: x509.h:55
Certificate revocation list structure.
Definition: x509_crl.h:73
int min
Definition: x509.h:184
struct _asn1_named_data * next
The next entry in the sequence.
Definition: asn1.h:156
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition: x509.h:61
#define POLARSSL_ERR_X509_BAD_INPUT_DATA
Input invalid.
Definition: x509.h:67
x509_buf raw
The raw certificate data (DER).
Definition: x509_crl.h:75
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:38
#define polarssl_malloc
Definition: platform.h:90
x509_time revocation_date
Definition: x509_crl.h:61
x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509_crl.h:81
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
Definition: x509.h:68
x509_buf crl_ext
Definition: x509_crl.h:90
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:55
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
#define POLARSSL_ERR_X509_SIG_MISMATCH
Signature algorithms do not match.
Definition: x509.h:64