36 #if !defined(POLARSSL_CONFIG_FILE)
39 #include POLARSSL_CONFIG_FILE
42 #if defined(POLARSSL_X509_CRT_PARSE_C)
46 #if defined(POLARSSL_PEM_PARSE_C)
50 #if defined(POLARSSL_PLATFORM_C)
53 #define polarssl_malloc malloc
54 #define polarssl_free free
57 #if defined(POLARSSL_THREADING_C)
63 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
69 #if defined(EFIX64) || defined(EFI32)
73 #if defined(POLARSSL_FS_IO)
75 #if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
76 #include <sys/types.h>
83 static void polarssl_zeroize(
void *v,
size_t n ) {
84 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
90 static int x509_get_version(
unsigned char **p,
91 const unsigned char *end,
126 static int x509_get_dates(
unsigned char **p,
127 const unsigned char *end,
156 static int x509_get_uid(
unsigned char **p,
157 const unsigned char *end,
182 static int x509_get_basic_constraints(
unsigned char **p,
183 const unsigned char *end,
213 if( *ca_istrue != 0 )
220 if( ( ret =
asn1_get_int( p, end, max_pathlen ) ) != 0 )
232 static int x509_get_ns_cert_type(
unsigned char **p,
233 const unsigned char *end,
234 unsigned char *ns_cert_type)
247 *ns_cert_type = *bs.
p;
251 static int x509_get_key_usage(
unsigned char **p,
252 const unsigned char *end,
253 unsigned char *key_usage)
275 static int x509_get_ext_key_usage(
unsigned char **p,
276 const unsigned char *end,
285 if( ext_key_usage->
buf.
p == NULL )
318 static int x509_get_subject_alt_name(
unsigned char **p,
319 const unsigned char *end,
333 if( *p + len != end )
339 if( ( end - *p ) < 1 )
353 if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
360 if( cur->
buf.
p != NULL )
365 if( cur->
next == NULL )
397 static int x509_get_crt_ext(
unsigned char **p,
398 const unsigned char *end,
403 unsigned char *end_ext_data, *end_ext_octet;
429 end_ext_data = *p + len;
440 if( ( end - *p ) < 1 )
445 if( ( ret =
asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
454 end_ext_octet = *p + len;
456 if( end_ext_octet != end_ext_data )
470 #if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
487 if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
494 if( ( ret = x509_get_key_usage( p, end_ext_octet,
501 if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
508 if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
515 if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
535 static int x509_crt_parse_der_core(
x509_crt *crt,
const unsigned char *buf,
540 unsigned char *p, *end, *crt_end;
543 memset( &sig_params1, 0,
sizeof(
x509_buf ) );
544 memset( &sig_params2, 0,
sizeof(
x509_buf ) );
549 if( crt == NULL || buf == NULL )
557 memcpy( p, buf, buflen );
576 if( len > (
size_t) ( end - p ) )
606 if( ( ret = x509_get_version( &p, end, &crt->
version ) ) != 0 ||
609 &sig_params1 ) ) != 0 )
657 if( ( ret = x509_get_dates( &p, end, &crt->
valid_from,
703 ret = x509_get_uid( &p, end, &crt->
issuer_id, 1 );
713 ret = x509_get_uid( &p, end, &crt->
subject_id, 2 );
721 #if !defined(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
725 ret = x509_get_crt_ext( &p, end, crt );
731 #if !defined(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
759 sig_params1.
len != sig_params2.
len ||
760 memcmp( sig_params1.
p, sig_params2.
p, sig_params1.
len ) != 0 )
790 x509_crt *crt = chain, *prev = NULL;
795 if( crt == NULL || buf == NULL )
811 if( crt->
next == NULL )
819 if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
839 int success = 0, first_error = 0, total_failed = 0;
845 if( chain == NULL || buf == NULL )
852 #if defined(POLARSSL_PEM_PARSE_C)
853 if( strstr( (
const char *) buf,
"-----BEGIN CERTIFICATE-----" ) != NULL )
860 #if defined(POLARSSL_PEM_PARSE_C)
871 ret = pem_read_buffer( &pem,
872 "-----BEGIN CERTIFICATE-----",
873 "-----END CERTIFICATE-----",
874 buf, NULL, 0, &use_len );
898 if( first_error == 0 )
918 if( first_error == 0 )
931 return( total_failed );
932 else if( first_error )
933 return( first_error );
938 #if defined(POLARSSL_FS_IO)
953 polarssl_zeroize( buf, n + 1 );
959 #if defined(POLARSSL_THREADING_PTHREAD)
960 static threading_mutex_t readdir_mutex = PTHREAD_MUTEX_INITIALIZER;
966 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
968 WCHAR szDir[MAX_PATH];
969 char filename[MAX_PATH];
971 int len = (int) strlen( path );
973 WIN32_FIND_DATAW file_data;
976 if( len > MAX_PATH - 3 )
979 memset( szDir, 0,
sizeof(szDir) );
980 memset( filename, 0, MAX_PATH );
981 memcpy( filename, path, len );
982 filename[len++] =
'\\';
984 filename[len++] =
'*';
986 w_ret = MultiByteToWideChar( CP_ACP, 0, filename, len, szDir,
989 hFind = FindFirstFileW( szDir, &file_data );
990 if( hFind == INVALID_HANDLE_VALUE )
993 len = MAX_PATH - len;
998 if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
1001 w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
1002 lstrlenW( file_data.cFileName ),
1012 while( FindNextFileW( hFind, &file_data ) != 0 );
1014 if( GetLastError() != ERROR_NO_MORE_FILES )
1021 struct dirent *entry;
1022 char entry_name[255];
1023 DIR *dir = opendir( path );
1028 #if defined(POLARSSL_THREADING_PTHREAD)
1033 while( ( entry = readdir( dir ) ) != NULL )
1035 snprintf( entry_name,
sizeof entry_name,
"%s/%s", path, entry->d_name );
1037 if( stat( entry_name, &sb ) == -1 )
1044 if( !S_ISREG( sb.st_mode ) )
1058 #if defined(POLARSSL_THREADING_PTHREAD)
1069 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
1073 #if !defined vsnprintf
1074 #define vsnprintf _vsnprintf
1084 static int compat_snprintf(
char *str,
size_t size,
const char *format, ... )
1089 va_start( ap, format );
1091 res = vsnprintf( str, size, format, ap );
1097 return( (
int) size + 20 );
1102 #define snprintf compat_snprintf
1105 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
1107 #define SAFE_SNPRINTF() \
1112 if( (unsigned int) ret > n ) { \
1114 return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
1117 n -= (unsigned int) ret; \
1118 p += (unsigned int) ret; \
1121 static int x509_info_subject_alt_name(
char **buf,
size_t *size,
1128 const char *sep =
"";
1131 while( cur != NULL )
1133 if( cur->
buf.
len + sep_len >= n )
1136 return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
1139 n -= cur->
buf.
len + sep_len;
1140 for( i = 0; i < sep_len; i++ )
1142 for( i = 0; i < cur->
buf.
len; i++ )
1143 *p++ = cur->
buf.
p[i];
1159 #define PRINT_ITEM(i) \
1161 ret = snprintf( p, n, "%s" i, sep ); \
1166 #define CERT_TYPE(type,name) \
1167 if( ns_cert_type & type ) \
1170 static int x509_info_cert_type(
char **buf,
size_t *size,
1171 unsigned char ns_cert_type )
1176 const char *sep =
"";
1193 #define KEY_USAGE(code,name) \
1194 if( key_usage & code ) \
1197 static int x509_info_key_usage(
char **buf,
size_t *size,
1198 unsigned char key_usage )
1203 const char *sep =
"";
1219 static int x509_info_ext_key_usage(
char **buf,
size_t *size,
1227 const char *sep =
"";
1229 while( cur != NULL )
1234 ret = snprintf( p, n,
"%s%s", sep, desc );
1251 #define BEFORE_COLON 18
1253 int x509_crt_info(
char *buf,
size_t size,
const char *prefix,
1259 char key_size_str[BEFORE_COLON];
1264 ret = snprintf( p, n,
"%scert. version : %d\n",
1267 ret = snprintf( p, n,
"%sserial number : ",
1274 ret = snprintf( p, n,
"\n%sissuer name : ", prefix );
1279 ret = snprintf( p, n,
"\n%ssubject name : ", prefix );
1284 ret = snprintf( p, n,
"\n%sissued on : " \
1285 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1291 ret = snprintf( p, n,
"\n%sexpires on : " \
1292 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1298 ret = snprintf( p, n,
"\n%ssigned using : ", prefix );
1312 ret = snprintf( p, n,
"\n%s%-" BC
"s: %d bits", prefix, key_size_str,
1322 ret = snprintf( p, n,
"\n%sbasic constraints : CA=%s", prefix,
1328 ret = snprintf( p, n,
", max_pathlen=%d", crt->
max_pathlen - 1 );
1335 ret = snprintf( p, n,
"\n%ssubject alt name : ", prefix );
1338 if( ( ret = x509_info_subject_alt_name( &p, &n,
1345 ret = snprintf( p, n,
"\n%scert. type : ", prefix );
1348 if( ( ret = x509_info_cert_type( &p, &n, crt->
ns_cert_type ) ) != 0 )
1354 ret = snprintf( p, n,
"\n%skey usage : ", prefix );
1357 if( ( ret = x509_info_key_usage( &p, &n, crt->
key_usage ) ) != 0 )
1363 ret = snprintf( p, n,
"\n%sext key usage : ", prefix );
1366 if( ( ret = x509_info_ext_key_usage( &p, &n,
1371 ret = snprintf( p, n,
"\n" );
1374 return( (
int) ( size - n ) );
1377 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
1388 #if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
1390 const char *usage_oid,
1406 if( cur_oid->
len == usage_len &&
1407 memcmp( cur_oid->
p, usage_oid, usage_len ) == 0 )
1420 #if defined(POLARSSL_X509_CRL_PARSE_C)
1428 while( cur != NULL && cur->
serial.
len != 0 )
1462 while( crl_list != NULL )
1469 crl_list = crl_list->
next;
1476 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
1488 if( md_info == NULL )
1497 md( md_info, crl_list->
tbs.
p, crl_list->
tbs.
len, hash );
1525 crl_list = crl_list->
next;
1532 static int x509_name_cmp(
const void *s1,
const void *s2,
size_t len )
1536 const unsigned char *n1 = s1, *n2 = s2;
1538 for( i = 0; i < len; i++ )
1540 diff = n1[i] ^ n2[i];
1546 ( ( n1[i] >=
'a' && n1[i] <=
'z' ) ||
1547 ( n1[i] >=
'A' && n1[i] <=
'Z' ) ) )
1558 static int x509_wildcard_verify(
const char *cn,
x509_buf *name )
1561 size_t cn_idx = 0, cn_len = strlen( cn );
1563 if( name->
len < 3 || name->
p[0] !=
'*' || name->
p[1] !=
'.' )
1566 for( i = 0; i < cn_len; ++i )
1578 if( cn_len - cn_idx == name->
len - 1 &&
1579 x509_name_cmp( name->
p + 1, cn + cn_idx, name->
len - 1 ) == 0 )
1594 static int x509_crt_check_parent(
const x509_crt *child,
1596 int top,
int bottom )
1612 if( top && parent->
version < 3 )
1616 if( top && bottom &&
1623 if( need_ca_bit && ! parent->
ca_istrue )
1626 #if defined(POLARSSL_X509_CHECK_KEY_USAGE)
1637 static int x509_crt_verify_top(
1639 x509_crl *ca_crl,
int path_cnt,
int *flags,
1640 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
1644 int ca_flags = 0, check_path_cnt = path_cnt + 1;
1660 if( md_info == NULL )
1670 for( ; trust_ca != NULL; trust_ca = trust_ca->
next )
1672 if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
1711 if( trust_ca != NULL &&
1716 #if defined(POLARSSL_X509_CRL_PARSE_C)
1718 *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl );
1729 if( NULL != f_vrfy )
1731 if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
1732 &ca_flags ) ) != 0 )
1740 if( NULL != f_vrfy )
1742 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
1751 static int x509_crt_verify_child(
1753 x509_crl *ca_crl,
int path_cnt,
int *flags,
1754 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
1758 int parent_flags = 0;
1770 if( md_info == NULL )
1789 #if defined(POLARSSL_X509_CRL_PARSE_C)
1791 *flags |= x509_crt_verifycrl(child, parent, ca_crl);
1795 for( grandparent = parent->
next;
1796 grandparent != NULL;
1797 grandparent = grandparent->
next )
1799 if( x509_crt_check_parent( parent, grandparent,
1800 0, path_cnt == 0 ) == 0 )
1805 if( grandparent != NULL )
1807 ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
1808 path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
1814 ret = x509_crt_verify_top( parent, trust_ca, ca_crl,
1815 path_cnt + 1, &parent_flags, f_vrfy, p_vrfy );
1821 if( NULL != f_vrfy )
1822 if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
1825 *flags |= parent_flags;
1836 const char *cn,
int *flags,
1837 int (*f_vrfy)(
void *,
x509_crt *,
int,
int *),
1852 cn_len = strlen( cn );
1858 while( cur != NULL )
1860 if( cur->
buf.
len == cn_len &&
1861 x509_name_cmp( cn, cur->
buf.
p, cn_len ) == 0 )
1865 memcmp( cur->
buf.
p,
"*.", 2 ) == 0 &&
1866 x509_wildcard_verify( cn, &cur->
buf ) )
1877 while( name != NULL )
1881 if( name->
val.
len == cn_len &&
1882 x509_name_cmp( name->
val.
p, cn, cn_len ) == 0 )
1886 memcmp( name->
val.
p,
"*.", 2 ) == 0 &&
1887 x509_wildcard_verify( cn, &name->
val ) )
1900 for( parent = crt->
next; parent != NULL; parent = parent->
next )
1902 if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
1907 if( parent != NULL )
1909 ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl,
1910 pathlen, flags, f_vrfy, p_vrfy );
1916 ret = x509_crt_verify_top( crt, trust_ca, ca_crl,
1917 pathlen, flags, f_vrfy, p_vrfy );
1933 memset( crt, 0,
sizeof(
x509_crt) );
1955 #if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
1960 while( name_cur != NULL )
1962 name_prv = name_cur;
1963 name_cur = name_cur->
next;
1964 polarssl_zeroize( name_prv,
sizeof(
x509_name ) );
1969 while( name_cur != NULL )
1971 name_prv = name_cur;
1972 name_cur = name_cur->
next;
1973 polarssl_zeroize( name_prv,
sizeof(
x509_name ) );
1978 while( seq_cur != NULL )
1981 seq_cur = seq_cur->
next;
1987 while( seq_cur != NULL )
1990 seq_cur = seq_cur->
next;
1995 if( cert_cur->
raw.
p != NULL )
1997 polarssl_zeroize( cert_cur->
raw.
p, cert_cur->
raw.
len );
2001 cert_cur = cert_cur->
next;
2003 while( cert_cur != NULL );
2008 cert_prv = cert_cur;
2009 cert_cur = cert_cur->
next;
2011 polarssl_zeroize( cert_prv,
sizeof(
x509_crt ) );
2012 if( cert_prv != crt )
2015 while( cert_cur != NULL );
int md(const md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
Output = message_digest( input buffer )
int x509_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is not expired.
int asn1_get_sequence_of(unsigned char **p, const unsigned char *end, asn1_sequence *cur, int tag)
Parses and splits an ASN.1 "SEQUENCE OF <tag>" Updated the pointer to immediately behind the full seq...
x509_sequence subject_alt_names
Optional list of Subject Alternative Names (Only dNSName supported).
#define KU_NON_REPUDIATION
int(* polarssl_mutex_lock)(threading_mutex_t *mutex)
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
int version
CRL version (1=v1, 2=v2)
asn1_buf buf
Buffer containing the given ASN.1 item.
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
x509_buf raw
The raw certificate data (DER).
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int ext_types
Bit string containing detected and parsed extensions.
Certificate revocation list entry.
size_t pk_get_size(const pk_context *ctx)
Get the size in bits of the underlying key.
#define OID_ANY_EXTENDED_KEY_USAGE
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
void * sig_opts
Signature options to be passed to pk_verify_ext(), e.g.
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT
Format not recognized as DER or PEM.
#define EXT_BASIC_CONSTRAINTS
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values in x509.h.
int x509_get_sig_alg(const x509_buf *sig_oid, const x509_buf *sig_params, md_type_t *md_alg, pk_type_t *pk_alg, void **sig_opts)
#define KU_DATA_ENCIPHERMENT
x509_buf issuer_raw
The raw issuer data (DER).
#define POLARSSL_ERR_X509_INVALID_FORMAT
The CRT/CRL/CSR format is invalid, e.g.
int x509_key_size_helper(char *buf, size_t size, const char *name)
#define NS_CERT_TYPE_OBJECT_SIGNING
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
size_t len
ASN1 length, e.g.
void * sig_opts
Signature options to be passed to pk_verify_ext(), e.g.
Container for date and time (precision in seconds).
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
x509_buf sig_oid2
Signature algorithm.
int oid_get_x509_ext_type(const asn1_buf *oid, int *ext_type)
Translate an X.509 extension OID into local values.
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
#define OID_CMP(oid_str, oid_buf)
Compares an asn1_buf structure to a reference OID.
x509_buf tbs
The raw certificate body (DER).
x509_buf serial
Unique id for certificate issued by a specific CA.
md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
#define NS_CERT_TYPE_OBJECT_SIGNING_CA
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise...
int x509_crt_parse_der(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
const char * pk_get_name(const pk_context *ctx)
Access the type name.
#define BADCRL_NOT_TRUSTED
CRL is not correctly signed by the trusted CA.
#define POLARSSL_ERR_ASN1_INVALID_LENGTH
Error when trying to determine the length or invalid length.
Container for ASN1 bit strings.
#define POLARSSL_ERR_X509_UNKNOWN_VERSION
CRT/CRL/CSR has an unsupported version number.
Object Identifier (OID) database.
#define OID_AT_CN
id-at-commonName AttributeType:= {id-at 3}
int x509_get_alg(unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params)
struct _x509_crt * next
Next certificate in the CA-chain.
int x509_crt_check_key_usage(const x509_crt *crt, int usage)
Check usage of certificate against keyUsage extension.
int pk_verify_ext(pk_type_t type, const void *options, pk_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len)
Verify signature, with options.
x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
asn1_buf val
The named value.
Container for a sequence of ASN.1 items.
#define NS_CERT_TYPE_RESERVED
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
#define BADCERT_EXPIRED
The certificate validity has expired.
#define BADCERT_FUTURE
The certificate validity starts in the future.
unsigned char * p
Raw ASN1 data for the bit string.
Threading abstraction layer.
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED
Certificate verification failed, e.g.
Container for an X.509 certificate.
Privacy Enhanced Mail (PEM) decoding.
x509_time valid_from
Start time of certificate validity.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
asn1_buf oid
The object identifier.
#define NS_CERT_TYPE_EMAIL
x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
unsigned char * p
ASN1 data, e.g.
x509_name subject
The parsed subject data (named information object).
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
x509_buf tbs
The raw certificate body (DER).
int asn1_get_bool(unsigned char **p, const unsigned char *end, int *val)
Retrieve a boolean ASN.1 tag and its value.
x509_time valid_to
End time of certificate validity.
struct _x509_crl_entry * next
md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
X.509 certificate parsing and writing.
#define NS_CERT_TYPE_SSL_CA
x509_buf sig_oid1
Signature algorithm, e.g.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
int x509_sig_alg_gets(char *buf, size_t size, const x509_buf *sig_oid, pk_type_t pk_alg, md_type_t md_alg, const void *sig_opts)
#define EXT_EXTENDED_KEY_USAGE
int pk_parse_subpubkey(unsigned char **p, const unsigned char *end, pk_context *pk)
Parse a SubjectPublicKeyInfo DER structure.
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
#define POLARSSL_ERR_ASN1_MALLOC_FAILED
Memory allocation failed.
#define ASN1_CONTEXT_SPECIFIC
#define BADCERT_NOT_TRUSTED
The certificate is not correctly signed by the trusted CA.
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
int x509_crt_revoked(const x509_crt *crt, const x509_crl *crl)
Verify the certificate revocation status.
Container for a sequence or list of 'named' ASN.1 data items.
Type-length-value structure that allows for ASN1 using DER.
pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
size_t len
ASN1 length, e.g.
#define BADCRL_FUTURE
The CRL is from the future.
x509_name issuer
The parsed issuer data (named information object).
void pk_free(pk_context *ctx)
Free a pk_context.
#define POLARSSL_MD_MAX_SIZE
int(* polarssl_mutex_unlock)(threading_mutex_t *mutex)
#define NS_CERT_TYPE_EMAIL_CA
#define BADCERT_REVOKED
The certificate has been revoked (is on a CRL).
#define BADCRL_EXPIRED
CRL is expired.
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
#define KU_DIGITAL_SIGNATURE
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
#define NS_CERT_TYPE_SSL_SERVER
#define POLARSSL_ERR_X509_INVALID_VERSION
The CRT/CRL/CSR version element is invalid.
Certificate revocation list structure.
int asn1_get_bitstring(unsigned char **p, const unsigned char *end, asn1_bitstring *bs)
Retrieve a bitstring ASN.1 tag and its value.
pk_context pk
Container for the public key context.
#define POLARSSL_ERR_THREADING_MUTEX_ERROR
Locking / unlocking / free failed with error code.
struct _asn1_named_data * next
The next entry in the sequence.
int size
Output length of the digest function.
x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
#define ASN1_OCTET_STRING
int x509_time_future(const x509_time *time)
Check a given x509_time against the system time and check if it is not from the future.
int x509_crt_parse_path(x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list.
x509_buf v3_ext
Optional X.509 v3 extensions.
#define POLARSSL_ERR_X509_BAD_INPUT_DATA
Input invalid.
x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
#define BADCERT_CN_MISMATCH
The certificate Common Name (CN) does not match with the expected CN.
int version
The X.509 version.
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
x509_time revocation_date
x509_buf issuer_raw
The raw issuer data (DER).
int x509_crt_info(char *buf, size_t size, const char *prefix, const x509_crt *crt)
Returns an informational string about the certificate.
#define NS_CERT_TYPE_SSL_CLIENT
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA
Bad input parameters to function.
unsigned char key_usage
Optional key usage extension value: See the values in x509.h.
x509_buf subject_raw
The raw subject data (DER).
int x509_crt_check_extended_key_usage(const x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extentedJeyUsage.
Message digest information.
int oid_get_extended_key_usage(const asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
#define KU_KEY_ENCIPHERMENT
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
#define POLARSSL_ERR_X509_SIG_MISMATCH
Signature algorithms do not match.
struct _asn1_sequence * next
The next entry in the sequence.
int x509_crt_parse_file(x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list.
x509_buf sig
Signature: hash of the tbs part signed with the private key.
#define EXT_SUBJECT_ALT_NAME