39 #if defined(POLARSSL_X509_USE_C)
44 #if defined(POLARSSL_PEM_PARSE_C)
48 #if defined(POLARSSL_MEMORY_C)
51 #define polarssl_malloc malloc
52 #define polarssl_free free
63 #if defined(POLARSSL_FS_IO)
66 #include <sys/types.h>
80 if( ( end - *p ) < 1 )
89 serial->
tag = *(*p)++;
126 static int x509_get_attr_type_value(
unsigned char **p,
127 const unsigned char *end,
139 if( ( end - *p ) < 1 )
152 if( ( end - *p ) < 1 )
188 int x509_get_name(
unsigned char **p,
const unsigned char *end,
193 const unsigned char *end2;
206 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
214 if( use->
next == NULL )
233 if( cur->
next == NULL )
246 int x509_get_time(
unsigned char **p,
const unsigned char *end,
254 if( ( end - *p ) < 1 )
268 memset( date, 0,
sizeof( date ) );
269 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
270 len :
sizeof( date ) - 1 );
272 if( sscanf( date,
"%2d%2d%2d%2d%2d%2d",
277 time->
year += 100 * ( time->
year < 50 );
292 memset( date, 0,
sizeof( date ) );
293 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
294 len :
sizeof( date ) - 1 );
296 if( sscanf( date,
"%4d%2d%2d%2d%2d%2d",
315 if( ( end - *p ) < 1 )
347 int x509_get_ext(
unsigned char **p,
const unsigned char *end,
377 if( end != *p + len )
384 #if defined(POLARSSL_FS_IO)
388 int x509_load_file(
const char *path,
unsigned char **buf,
size_t *n )
393 if( ( f = fopen( path,
"rb" ) ) == NULL )
396 fseek( f, 0, SEEK_END );
397 if( ( size = ftell( f ) ) == -1 )
402 fseek( f, 0, SEEK_SET );
413 if( fread( *buf, 1, *n, f ) != *n )
428 #if defined _MSC_VER && !defined snprintf
431 #if !defined vsnprintf
432 #define vsnprintf _vsnprintf
442 static int compat_snprintf(
char *str,
size_t size,
const char *format, ...)
447 va_start( ap, format );
449 res = vsnprintf( str, size, format, ap );
455 return( (
int) size + 20 );
460 #define snprintf compat_snprintf
463 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
465 #define SAFE_SNPRINTF() \
470 if ( (unsigned int) ret > n ) { \
472 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
475 n -= (unsigned int) ret; \
476 p += (unsigned int) ret; \
489 const char *short_name = NULL;
492 memset( s, 0,
sizeof( s ) );
498 while( name != NULL )
508 ret = snprintf( p, n,
", " );
515 ret = snprintf( p, n,
"%s=", short_name );
517 ret = snprintf( p, n,
"\?\?=" );
520 for( i = 0; i < name->
val.
len; i++ )
522 if( i >=
sizeof( s ) - 1 )
526 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
531 ret = snprintf( p, n,
"%s", s );
536 return( (
int) ( size - n ) );
552 nr = ( serial->
len <= 32 )
555 for( i = 0; i < nr; i++ )
557 if( i == 0 && nr > 1 && serial->
p[i] == 0x0 )
560 ret = snprintf( p, n,
"%02X%s",
561 serial->
p[i], ( i < nr - 1 ) ?
":" :
"" );
565 if( nr != serial->
len )
567 ret = snprintf( p, n,
"...." );
571 return( (
int) ( size - n ) );
583 if( strlen( name ) +
sizeof(
" key size" ) > size )
584 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
586 ret = snprintf( p, n,
"%s key size", name );
597 const char *desc = NULL;
617 #if defined(POLARSSL_HAVE_TIME)
639 lt = localtime( &tt );
641 year = lt->tm_year + 1900;
642 mon = lt->tm_mon + 1;
649 if( year > to->
year )
652 if( year == to->
year &&
656 if( year == to->
year &&
661 if( year == to->
year &&
667 if( year == to->
year &&
674 if( year == to->
year &&
692 #if defined(POLARSSL_SELF_TEST)
702 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
709 printf(
" X.509 certificate load: " );
718 printf(
"failed\n" );
730 printf(
"failed\n" );
736 printf(
"passed\n X.509 signature verify: ");
738 ret =
x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
742 printf(
"failed\n" );
744 printf(
"ret = %d, &flags = %04x\n", ret, flags);
750 printf(
"passed\n\n");
int x509_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is valid.
#define ASN1_PRINTABLE_STRING
#define ASN1_GENERALIZED_TIME
void *(* polarssl_malloc)(size_t len)
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int oid_get_numeric_string(char *buf, size_t size, const asn1_buf *oid)
Translate an ASN.1 OID into its numeric representation (e.g.
int x509_key_size_helper(char *buf, size_t size, const char *name)
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
int x509_get_alg_null(unsigned char **p, const unsigned char *end, x509_buf *alg)
Container for date and time (precision in seconds).
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
#define POLARSSL_ERR_X509_INVALID_SIGNATURE
The signature tag or value invalid.
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
Object Identifier (OID) database.
asn1_buf val
The named value.
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
Container for an X.509 certificate.
Privacy Enhanced Mail (PEM) decoding.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
asn1_buf oid
The object identifier.
int asn1_get_alg_null(unsigned char **p, const unsigned char *end, asn1_buf *alg)
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
void(* polarssl_free)(void *ptr)
unsigned char * p
ASN1 data, e.g.
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
X.509 certificate parsing and writing.
int x509_get_sig_alg(const x509_buf *sig_oid, md_type_t *md_alg, pk_type_t *pk_alg)
pk_type_t
Public key types.
#define POLARSSL_ERR_X509_INVALID_ALG
The algorithm tag or value is invalid.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
X.509 generic defines and structures.
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
#define ASN1_CONTEXT_SPECIFIC
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
const char * test_cli_crt
Container for a sequence or list of 'named' ASN.1 data items.
Type-length-value structure that allows for ASN1 using DER.
#define ASN1_UNIVERSAL_STRING
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
size_t len
ASN1 length, e.g.
#define POLARSSL_ERR_X509_INVALID_NAME
The name tag or value is invalid.
Sample certificates and DHM parameters for testing.
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
struct _asn1_named_data * next
The next entry in the sequence.
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
int oid_get_sig_alg(const asn1_buf *oid, md_type_t *md_alg, pk_type_t *pk_alg)
Translate SignatureAlgorithm OID into md_type and pk_type.
int x509_self_test(int verbose)
Checkup routine.
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
int oid_get_attr_short_name(const asn1_buf *oid, const char **short_name)
Translate an X.509 attribute type OID into the short name (e.g.
#define POLARSSL_ERR_X509_INVALID_SERIAL
The serial tag or value is invalid.
int oid_get_extended_key_usage(const asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...