39 #if defined(POLARSSL_X509_USE_C)
44 #if defined(POLARSSL_PEM_PARSE_C)
48 #if defined(POLARSSL_MEMORY_C)
51 #define polarssl_malloc malloc
52 #define polarssl_free free
57 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
63 #if defined(EFIX64) || defined(EFI32)
67 #if defined(POLARSSL_FS_IO)
70 #include <sys/types.h>
84 if( ( end - *p ) < 1 )
93 serial->
tag = *(*p)++;
130 static int x509_get_attr_type_value(
unsigned char **p,
131 const unsigned char *end,
143 if( ( end - *p ) < 1 )
156 if( ( end - *p ) < 1 )
192 int x509_get_name(
unsigned char **p,
const unsigned char *end,
197 const unsigned char *end2;
210 if( ( ret = x509_get_attr_type_value( p, end, use ) ) != 0 )
218 if( use->
next == NULL )
237 if( cur->
next == NULL )
250 int x509_get_time(
unsigned char **p,
const unsigned char *end,
258 if( ( end - *p ) < 1 )
272 memset( date, 0,
sizeof( date ) );
273 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
274 len :
sizeof( date ) - 1 );
276 if( sscanf( date,
"%2d%2d%2d%2d%2d%2d",
281 time->
year += 100 * ( time->
year < 50 );
296 memset( date, 0,
sizeof( date ) );
297 memcpy( date, *p, ( len <
sizeof( date ) - 1 ) ?
298 len :
sizeof( date ) - 1 );
300 if( sscanf( date,
"%4d%2d%2d%2d%2d%2d",
319 if( ( end - *p ) < 1 )
351 int x509_get_ext(
unsigned char **p,
const unsigned char *end,
381 if( end != *p + len )
388 #if defined(POLARSSL_FS_IO)
392 int x509_load_file(
const char *path,
unsigned char **buf,
size_t *n )
397 if( ( f = fopen( path,
"rb" ) ) == NULL )
400 fseek( f, 0, SEEK_END );
401 if( ( size = ftell( f ) ) == -1 )
406 fseek( f, 0, SEEK_SET );
417 if( fread( *buf, 1, *n, f ) != *n )
432 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
436 #if !defined vsnprintf
437 #define vsnprintf _vsnprintf
447 static int compat_snprintf(
char *str,
size_t size,
const char *format, ...)
452 va_start( ap, format );
454 res = vsnprintf( str, size, format, ap );
460 return( (
int) size + 20 );
465 #define snprintf compat_snprintf
468 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
470 #define SAFE_SNPRINTF() \
475 if ( (unsigned int) ret > n ) { \
477 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
480 n -= (unsigned int) ret; \
481 p += (unsigned int) ret; \
494 const char *short_name = NULL;
497 memset( s, 0,
sizeof( s ) );
503 while( name != NULL )
513 ret = snprintf( p, n,
", " );
520 ret = snprintf( p, n,
"%s=", short_name );
522 ret = snprintf( p, n,
"\?\?=" );
525 for( i = 0; i < name->
val.
len; i++ )
527 if( i >=
sizeof( s ) - 1 )
531 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
536 ret = snprintf( p, n,
"%s", s );
541 return( (
int) ( size - n ) );
557 nr = ( serial->
len <= 32 )
560 for( i = 0; i < nr; i++ )
562 if( i == 0 && nr > 1 && serial->
p[i] == 0x0 )
565 ret = snprintf( p, n,
"%02X%s",
566 serial->
p[i], ( i < nr - 1 ) ?
":" :
"" );
570 if( nr != serial->
len )
572 ret = snprintf( p, n,
"...." );
576 return( (
int) ( size - n ) );
588 if( strlen( name ) +
sizeof(
" key size" ) > size )
589 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
591 ret = snprintf( p, n,
"%s key size", name );
602 const char *desc = NULL;
622 #if defined(POLARSSL_HAVE_TIME)
628 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
644 lt = localtime( &tt );
646 year = lt->tm_year + 1900;
647 mon = lt->tm_mon + 1;
654 if( year > to->
year )
657 if( year == to->
year &&
661 if( year == to->
year &&
666 if( year == to->
year &&
672 if( year == to->
year &&
679 if( year == to->
year &&
697 #if defined(POLARSSL_SELF_TEST)
707 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
714 printf(
" X.509 certificate load: " );
723 printf(
"failed\n" );
735 printf(
"failed\n" );
741 printf(
"passed\n X.509 signature verify: ");
743 ret =
x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
747 printf(
"failed\n" );
749 printf(
"ret = %d, &flags = %04x\n", ret, flags);
755 printf(
"passed\n\n");
int x509_time_expired(const x509_time *time)
Check a given x509_time against the system time and check if it is valid.
#define ASN1_PRINTABLE_STRING
#define ASN1_GENERALIZED_TIME
void *(* polarssl_malloc)(size_t len)
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
int oid_get_numeric_string(char *buf, size_t size, const asn1_buf *oid)
Translate an ASN.1 OID into its numeric representation (e.g.
int x509_key_size_helper(char *buf, size_t size, const char *name)
const char * x509_oid_get_description(x509_buf *oid)
Give an known OID, return its descriptive string.
int x509_get_alg_null(unsigned char **p, const unsigned char *end, x509_buf *alg)
Container for date and time (precision in seconds).
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
#define POLARSSL_ERR_X509_INVALID_SIGNATURE
The signature tag or value invalid.
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
Object Identifier (OID) database.
asn1_buf val
The named value.
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
Container for an X.509 certificate.
Privacy Enhanced Mail (PEM) decoding.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
asn1_buf oid
The object identifier.
int asn1_get_alg_null(unsigned char **p, const unsigned char *end, asn1_buf *alg)
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
void(* polarssl_free)(void *ptr)
unsigned char * p
ASN1 data, e.g.
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
int x509_oid_get_numeric_string(char *buf, size_t size, x509_buf *oid)
Give an OID, return a string version of its OID number.
X.509 certificate parsing and writing.
int x509_get_sig_alg(const x509_buf *sig_oid, md_type_t *md_alg, pk_type_t *pk_alg)
pk_type_t
Public key types.
#define POLARSSL_ERR_X509_INVALID_ALG
The algorithm tag or value is invalid.
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
X.509 generic defines and structures.
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
#define ASN1_CONTEXT_SPECIFIC
#define POLARSSL_ERR_X509_FILE_IO_ERROR
Read/write of file failed.
const char * test_cli_crt
Container for a sequence or list of 'named' ASN.1 data items.
Type-length-value structure that allows for ASN1 using DER.
#define ASN1_UNIVERSAL_STRING
int asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, size_t *len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
size_t len
ASN1 length, e.g.
#define POLARSSL_ERR_X509_INVALID_NAME
The name tag or value is invalid.
Sample certificates and DHM parameters for testing.
int asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element.
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
struct _asn1_named_data * next
The next entry in the sequence.
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
int oid_get_sig_alg(const asn1_buf *oid, md_type_t *md_alg, pk_type_t *pk_alg)
Translate SignatureAlgorithm OID into md_type and pk_type.
int x509_self_test(int verbose)
Checkup routine.
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
int oid_get_attr_short_name(const asn1_buf *oid, const char **short_name)
Translate an X.509 attribute type OID into the short name (e.g.
#define POLARSSL_ERR_X509_INVALID_SERIAL
The serial tag or value is invalid.
int oid_get_extended_key_usage(const asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...