36 #if !defined(POLARSSL_CONFIG_FILE)
39 #include POLARSSL_CONFIG_FILE
42 #if defined(POLARSSL_X509_USE_C)
47 #if defined(POLARSSL_PEM_PARSE_C)
51 #if defined(POLARSSL_PLATFORM_C)
54 #define polarssl_printf printf
55 #define polarssl_malloc malloc
56 #define polarssl_free free
61 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
67 #if defined(EFIX64) || defined(EFI32)
71 #if defined(POLARSSL_FS_IO)
74 #include <sys/types.h>
88 if( ( end - *p ) < 1 )
97 serial->
tag = *(*p)++;
128 int x509_get_alg(
unsigned char **p,
const unsigned char *end,
133 if( ( ret =
asn1_get_alg( p, end, alg, params ) ) != 0 )
139 #if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
153 const unsigned char *end;
162 p = (
unsigned char *) alg->
p;
214 const unsigned char *end, *end2;
228 p = (
unsigned char *) params->
p;
229 end = p + params->
len;
268 if( ( ret =
x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
277 if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
321 if( ( ret =
asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
328 if( trailer_field != 1 )
351 static int x509_get_attr_type_value(
unsigned char **p,
352 const unsigned char *end,
364 if( ( end - *p ) < 1 )
377 if( ( end - *p ) < 1 )
413 int x509_get_name(
unsigned char **p,
const unsigned char *end,
418 const unsigned char *end2;
431 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
439 if( use->
next == NULL )
458 if( cur->
next == NULL )
471 int x509_get_time(
unsigned char **p,
const unsigned char *end,
479 if( ( end - *p ) < 1 )
493 memset( date, 0,
sizeof( date ) );
494 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
495 len :
sizeof( date ) - 1 );
497 if( sscanf( date,
"%2d%2d%2d%2d%2d%2dZ",
502 time->
year += 100 * ( time->
year < 50 );
517 memset( date, 0,
sizeof( date ) );
518 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
519 len :
sizeof( date ) - 1 );
521 if( sscanf( date,
"%4d%2d%2d%2d%2d%2dZ",
540 if( ( end - *p ) < 1 )
566 if( *sig_opts != NULL )
572 #if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
578 if( pss_opts == NULL )
591 *sig_opts = (
void *) pss_opts;
598 sig_params->
len != 0 )
609 int x509_get_ext(
unsigned char **p,
const unsigned char *end,
639 if( end != *p + len )
646 #if defined(POLARSSL_FS_IO)
650 int x509_load_file(
const char *path,
unsigned char **buf,
size_t *n )
655 if( ( f = fopen( path,
"rb" ) ) == NULL )
658 fseek( f, 0, SEEK_END );
659 if( ( size = ftell( f ) ) == -1 )
664 fseek( f, 0, SEEK_SET );
675 if( fread( *buf, 1, *n, f ) != *n )
690 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
694 #if !defined vsnprintf
695 #define vsnprintf _vsnprintf
705 static int compat_snprintf(
char *str,
size_t size,
const char *format, ... )
710 va_start( ap, format );
712 res = vsnprintf( str, size, format, ap );
718 return( (
int) size + 20 );
723 #define snprintf compat_snprintf
726 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
728 #define SAFE_SNPRINTF() \
733 if( (unsigned int) ret > n ) { \
735 return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
738 n -= (unsigned int) ret; \
739 p += (unsigned int) ret; \
752 const char *short_name = NULL;
755 memset( s, 0,
sizeof( s ) );
761 while( name != NULL )
771 ret = snprintf( p, n,
", " );
778 ret = snprintf( p, n,
"%s=", short_name );
780 ret = snprintf( p, n,
"\?\?=" );
783 for( i = 0; i < name->
val.
len; i++ )
785 if( i >=
sizeof( s ) - 1 )
789 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
794 ret = snprintf( p, n,
"%s", s );
799 return( (
int) ( size - n ) );
815 nr = ( serial->
len <= 32 )
818 for( i = 0; i < nr; i++ )
820 if( i == 0 && nr > 1 && serial->
p[i] == 0x0 )
823 ret = snprintf( p, n,
"%02X%s",
824 serial->
p[i], ( i < nr - 1 ) ?
":" :
"" );
828 if( nr != serial->
len )
830 ret = snprintf( p, n,
"...." );
834 return( (
int) ( size - n ) );
842 const void *sig_opts )
847 const char *desc = NULL;
851 ret = snprintf( p, n,
"???" );
853 ret = snprintf( p, n,
"%s", desc );
856 #if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
867 ret = snprintf( p, n,
" (%s, MGF1-%s, 0x%02X)",
868 md_info ? md_info->
name :
"???",
869 mgf_md_info ? mgf_md_info->
name :
"???",
879 return( (
int) size - n );
891 if( strlen( name ) +
sizeof(
" key size" ) > size )
892 return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
894 ret = snprintf( p, n,
"%s key size", name );
905 const char *desc = NULL;
925 #if defined(POLARSSL_HAVE_TIME)
927 static void x509_get_current_time(
x509_time *now )
929 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
932 GetSystemTime( &st );
934 now->
year = st.wYear;
935 now->
mon = st.wMonth;
937 now->
hour = st.wHour;
938 now->
min = st.wMinute;
939 now->
sec = st.wSecond;
945 gmtime_r( &tt, < );
947 now->
year = lt.tm_year + 1900;
948 now->
mon = lt.tm_mon + 1;
949 now->
day = lt.tm_mday;
950 now->
hour = lt.tm_hour;
951 now->
min = lt.tm_min;
952 now->
sec = lt.tm_sec;
965 before->
mon > after->
mon )
969 before->
mon == after->
mon &&
970 before->
day > after->
day )
974 before->
mon == after->
mon &&
975 before->
day == after->
day &&
980 before->
mon == after->
mon &&
981 before->
day == after->
day &&
983 before->
min > after->
min )
987 before->
mon == after->
mon &&
988 before->
day == after->
day &&
990 before->
min == after->
min &&
991 before->
sec > after->
sec )
1001 x509_get_current_time( &now );
1003 return( x509_check_time( &now, to ) );
1010 x509_get_current_time( &now );
1012 return( x509_check_time( from, &now ) );
1030 #if defined(POLARSSL_SELF_TEST)
1040 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
1076 ret =
x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
int x509_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is not expired.
#define ASN1_PRINTABLE_STRING
#define ASN1_GENERALIZED_TIME
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int oid_get_numeric_string(char *buf, size_t size, const asn1_buf *oid)
Translate an ASN.1 OID into its numeric representation (e.g.
int x509_get_sig_alg(const x509_buf *sig_oid, const x509_buf *sig_params, md_type_t *md_alg, pk_type_t *pk_alg, void **sig_opts)
Options for RSASSA-PSS signature verification.
int x509_key_size_helper(char *buf, size_t size, const char *name)
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
int x509_get_alg_null(unsigned char **p, const unsigned char *end, x509_buf *alg)
Container for date and time (precision in seconds).
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
#define OID_CMP(oid_str, oid_buf)
Compares an asn1_buf structure to a reference OID.
int oid_get_md_alg(const asn1_buf *oid, md_type_t *md_alg)
Translate hash algorithm OID into md_type.
#define POLARSSL_ERR_X509_INVALID_SIGNATURE
The signature tag or value invalid.
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
Object Identifier (OID) database.
int x509_get_alg(unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params)
asn1_buf val
The named value.
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
Container for an X.509 certificate.
#define POLARSSL_ERR_OID_NOT_FOUND
OID is not found.
Privacy Enhanced Mail (PEM) decoding.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
asn1_buf oid
The object identifier.
int asn1_get_alg_null(unsigned char **p, const unsigned char *end, asn1_buf *alg)
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
int asn1_get_alg(unsigned char **p, const unsigned char *end, asn1_buf *alg, asn1_buf *params)
Retrieve an AlgorithmIdentifier ASN.1 sequence.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
unsigned char * p
ASN1 data, e.g.
int oid_get_sig_alg_desc(const asn1_buf *oid, const char **desc)
Translate SignatureAlgorithm OID into description.
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
X.509 certificate parsing and writing.
pk_type_t
Public key types.
#define POLARSSL_ERR_X509_INVALID_ALG
The algorithm tag or value is invalid.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
int x509_sig_alg_gets(char *buf, size_t size, const x509_buf *sig_oid, pk_type_t pk_alg, md_type_t md_alg, const void *sig_opts)
X.509 generic defines and structures.
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
int x509_get_rsassa_pss_params(const x509_buf *params, md_type_t *md_alg, md_type_t *mgf_md, int *salt_len)
#define ASN1_CONTEXT_SPECIFIC
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
const char * test_cli_crt
Container for a sequence or list of 'named' ASN.1 data items.
Type-length-value structure that allows for ASN1 using DER.
#define ASN1_UNIVERSAL_STRING
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
size_t len
ASN1 length, e.g.
#define POLARSSL_ERR_X509_INVALID_NAME
The name tag or value is invalid.
Sample certificates and DHM parameters for testing.
const char * name
Name of the message digest.
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
struct _asn1_named_data * next
The next entry in the sequence.
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
int x509_time_future(const x509_time *time)
Check a given x509_time against the system time and check if it is not from the future.
#define POLARSSL_ERR_X509_BAD_INPUT_DATA
Input invalid.
int oid_get_sig_alg(const asn1_buf *oid, md_type_t *md_alg, pk_type_t *pk_alg)
Translate SignatureAlgorithm OID into md_type and pk_type.
int x509_self_test(int verbose)
Checkup routine.
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
int oid_get_attr_short_name(const asn1_buf *oid, const char **short_name)
Translate an X.509 attribute type OID into the short name (e.g.
#define POLARSSL_ERR_X509_INVALID_SERIAL
The serial tag or value is invalid.
Message digest information.
int oid_get_extended_key_usage(const asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
#define OID_MGF1
id-mgf1 ::= { pkcs-1 8 }