#include "polarssl/config.h"
#include "polarssl/x509_crt.h"
#include "polarssl/oid.h"
#include "polarssl/pem.h"
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <dirent.h>
Go to the source code of this file.
Defines | |
#define | polarssl_malloc malloc |
#define | polarssl_free free |
#define | POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2 |
#define | SAFE_SNPRINTF() |
#define | BEFORE_COLON 14 |
#define | BC "14" |
Functions | |
static int | x509_get_version (unsigned char **p, const unsigned char *end, int *ver) |
static int | x509_get_dates (unsigned char **p, const unsigned char *end, x509_time *from, x509_time *to) |
static int | x509_get_uid (unsigned char **p, const unsigned char *end, x509_buf *uid, int n) |
static int | x509_get_basic_constraints (unsigned char **p, const unsigned char *end, int *ca_istrue, int *max_pathlen) |
static int | x509_get_ns_cert_type (unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type) |
static int | x509_get_key_usage (unsigned char **p, const unsigned char *end, unsigned char *key_usage) |
static int | x509_get_ext_key_usage (unsigned char **p, const unsigned char *end, x509_sequence *ext_key_usage) |
static int | x509_get_subject_alt_name (unsigned char **p, const unsigned char *end, x509_sequence *subject_alt_name) |
static int | x509_get_crt_ext (unsigned char **p, const unsigned char *end, x509_crt *crt) |
static int | x509_crt_parse_der_core (x509_crt *crt, const unsigned char *buf, size_t buflen) |
int | x509_crt_parse_der (x509_crt *chain, const unsigned char *buf, size_t buflen) |
Parse a single DER formatted certificate and add it to the chained list. | |
int | x509_crt_parse (x509_crt *chain, const unsigned char *buf, size_t buflen) |
Parse one or more certificates and add them to the chained list. | |
int | x509_crt_parse_file (x509_crt *chain, const char *path) |
Load one or more certificates and add them to the chained list. | |
int | x509_crt_parse_path (x509_crt *chain, const char *path) |
Load one or more certificate files from a path and add them to the chained list. | |
int | x509_crt_info (char *buf, size_t size, const char *prefix, const x509_crt *crt) |
Returns an informational string about the certificate. | |
int | x509_crt_revoked (const x509_crt *crt, const x509_crl *crl) |
Verify the certificate revocation status. | |
static int | x509_crt_verifycrl (x509_crt *crt, x509_crt *ca, x509_crl *crl_list) |
static int | x509_name_cmp (const void *s1, const void *s2, size_t len) |
static int | x509_wildcard_verify (const char *cn, x509_buf *name) |
static int | x509_crt_verify_top (x509_crt *child, x509_crt *trust_ca, x509_crl *ca_crl, int path_cnt, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy) |
static int | x509_crt_verify_child (x509_crt *child, x509_crt *parent, x509_crt *trust_ca, x509_crl *ca_crl, int path_cnt, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy) |
int | x509_crt_verify (x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy) |
Verify the certificate signature. | |
void | x509_crt_init (x509_crt *crt) |
Initialize a certificate (chain). | |
void | x509_crt_free (x509_crt *crt) |
Unallocate all certificate data. |
#define BC "14" |
Definition at line 1098 of file x509_crt.c.
#define BEFORE_COLON 14 |
Definition at line 1097 of file x509_crt.c.
#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2 |
Definition at line 1078 of file x509_crt.c.
#define polarssl_free free |
Definition at line 51 of file x509_crt.c.
#define polarssl_malloc malloc |
Definition at line 50 of file x509_crt.c.
#define SAFE_SNPRINTF | ( | ) |
{ \ if( ret == -1 ) \ return( -1 ); \ \ if ( (unsigned int) ret > n ) { \ p[n - 1] = '\0'; \ return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\ } \ \ n -= (unsigned int) ret; \ p += (unsigned int) ret; \ }
Definition at line 1080 of file x509_crt.c.
static int x509_crt_parse_der_core | ( | x509_crt * | crt, | |
const unsigned char * | buf, | |||
size_t | buflen | |||
) | [static] |
Definition at line 522 of file x509_crt.c.
References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_SEQUENCE, _x509_crt::issuer, _x509_crt::issuer_id, _x509_crt::issuer_raw, _asn1_buf::len, _asn1_buf::p, _x509_crt::pk, pk_parse_subpubkey(), POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_X509_BAD_INPUT_DATA, POLARSSL_ERR_X509_INVALID_FORMAT, POLARSSL_ERR_X509_MALLOC_FAILED, POLARSSL_ERR_X509_SIG_MISMATCH, POLARSSL_ERR_X509_UNKNOWN_VERSION, polarssl_malloc, _x509_crt::raw, _x509_crt::serial, _x509_crt::sig, _x509_crt::sig_md, _x509_crt::sig_oid1, _x509_crt::sig_oid2, _x509_crt::sig_pk, _x509_crt::subject, _x509_crt::subject_id, _x509_crt::subject_raw, _x509_crt::tbs, _x509_crt::valid_from, _x509_crt::valid_to, _x509_crt::version, x509_crt_free(), x509_get_alg_null(), x509_get_crt_ext(), x509_get_dates(), x509_get_name(), x509_get_serial(), x509_get_sig(), x509_get_sig_alg(), x509_get_uid(), and x509_get_version().
Referenced by x509_crt_parse_der().
static int x509_crt_verify_child | ( | x509_crt * | child, | |
x509_crt * | parent, | |||
x509_crt * | trust_ca, | |||
x509_crl * | ca_crl, | |||
int | path_cnt, | |||
int * | flags, | |||
int(*)(void *, x509_crt *, int, int *) | f_vrfy, | |||
void * | p_vrfy | |||
) | [static] |
Definition at line 1430 of file x509_crt.c.
References BADCERT_EXPIRED, BADCERT_NOT_TRUSTED, _x509_crt::ca_istrue, _x509_crt::issuer_raw, _asn1_buf::len, md(), md_info_from_type(), _x509_crt::next, _asn1_buf::p, _x509_crt::pk, pk_can_do(), pk_verify(), POLARSSL_MD_MAX_SIZE, _x509_crt::sig, _x509_crt::sig_md, _x509_crt::sig_pk, md_info_t::size, _x509_crt::subject_raw, _x509_crt::tbs, _x509_crt::valid_to, _x509_crt::version, x509_crt_verify_top(), x509_crt_verifycrl(), and x509_time_expired().
Referenced by x509_crt_verify().
static int x509_crt_verify_top | ( | x509_crt * | child, | |
x509_crt * | trust_ca, | |||
x509_crl * | ca_crl, | |||
int | path_cnt, | |||
int * | flags, | |||
int(*)(void *, x509_crt *, int, int *) | f_vrfy, | |||
void * | p_vrfy | |||
) | [static] |
Definition at line 1317 of file x509_crt.c.
References BADCERT_EXPIRED, BADCERT_NOT_TRUSTED, _x509_crt::issuer_raw, _asn1_buf::len, _x509_crt::max_pathlen, md(), md_info_from_type(), _x509_crt::next, _asn1_buf::p, _x509_crt::pk, pk_can_do(), pk_verify(), POLARSSL_MD_MAX_SIZE, _x509_crt::sig, _x509_crt::sig_md, _x509_crt::sig_pk, md_info_t::size, _x509_crt::subject_raw, _x509_crt::tbs, _x509_crt::valid_to, _x509_crt::version, x509_crt_verifycrl(), and x509_time_expired().
Referenced by x509_crt_verify(), and x509_crt_verify_child().
Definition at line 1194 of file x509_crt.c.
References BADCERT_REVOKED, BADCRL_EXPIRED, BADCRL_NOT_TRUSTED, _x509_crl::issuer_raw, _asn1_buf::len, md(), md_info_from_type(), _x509_crl::next, _x509_crl::next_update, _asn1_buf::p, _x509_crt::pk, pk_can_do(), pk_verify(), POLARSSL_MD_MAX_SIZE, _x509_crl::sig, _x509_crl::sig_md, _x509_crl::sig_pk, md_info_t::size, _x509_crt::subject_raw, _x509_crl::tbs, _x509_crl::version, x509_crt_revoked(), and x509_time_expired().
Referenced by x509_crt_verify_child(), and x509_crt_verify_top().
static int x509_get_basic_constraints | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
int * | ca_istrue, | |||
int * | max_pathlen | |||
) | [static] |
Definition at line 170 of file x509_crt.c.
References ASN1_CONSTRUCTED, asn1_get_bool(), asn1_get_int(), asn1_get_tag(), ASN1_SEQUENCE, POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_ASN1_UNEXPECTED_TAG, and POLARSSL_ERR_X509_INVALID_EXTENSIONS.
Referenced by x509_get_crt_ext().
static int x509_get_crt_ext | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
x509_crt * | crt | |||
) | [static] |
Definition at line 384 of file x509_crt.c.
References ASN1_CONSTRUCTED, asn1_get_bool(), asn1_get_tag(), ASN1_OCTET_STRING, ASN1_OID, ASN1_SEQUENCE, _x509_crt::ca_istrue, EXT_BASIC_CONSTRAINTS, EXT_EXTENDED_KEY_USAGE, _x509_crt::ext_key_usage, EXT_KEY_USAGE, EXT_NS_CERT_TYPE, EXT_SUBJECT_ALT_NAME, _x509_crt::ext_types, _x509_crt::key_usage, _asn1_buf::len, _x509_crt::max_pathlen, _x509_crt::ns_cert_type, oid_get_x509_ext_type(), _asn1_buf::p, POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_ASN1_OUT_OF_DATA, POLARSSL_ERR_ASN1_UNEXPECTED_TAG, POLARSSL_ERR_X509_FEATURE_UNAVAILABLE, POLARSSL_ERR_X509_INVALID_EXTENSIONS, _x509_crt::subject_alt_names, _asn1_buf::tag, _x509_crt::v3_ext, x509_get_basic_constraints(), x509_get_ext(), x509_get_ext_key_usage(), x509_get_key_usage(), x509_get_ns_cert_type(), and x509_get_subject_alt_name().
Referenced by x509_crt_parse_der_core().
static int x509_get_dates | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
x509_time * | from, | |||
x509_time * | to | |||
) | [static] |
Definition at line 114 of file x509_crt.c.
References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_SEQUENCE, POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_X509_INVALID_DATE, and x509_get_time().
Referenced by x509_crt_parse_der_core().
static int x509_get_ext_key_usage | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
x509_sequence * | ext_key_usage | |||
) | [static] |
Definition at line 263 of file x509_crt.c.
References asn1_get_sequence_of(), ASN1_OID, _asn1_sequence::buf, _asn1_buf::p, POLARSSL_ERR_ASN1_INVALID_LENGTH, and POLARSSL_ERR_X509_INVALID_EXTENSIONS.
Referenced by x509_get_crt_ext().
static int x509_get_key_usage | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
unsigned char * | key_usage | |||
) | [static] |
Definition at line 239 of file x509_crt.c.
References asn1_get_bitstring(), _asn1_bitstring::len, _asn1_bitstring::p, POLARSSL_ERR_ASN1_INVALID_LENGTH, and POLARSSL_ERR_X509_INVALID_EXTENSIONS.
Referenced by x509_get_crt_ext().
static int x509_get_ns_cert_type | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
unsigned char * | ns_cert_type | |||
) | [static] |
Definition at line 220 of file x509_crt.c.
References asn1_get_bitstring(), _asn1_bitstring::len, _asn1_bitstring::p, POLARSSL_ERR_ASN1_INVALID_LENGTH, and POLARSSL_ERR_X509_INVALID_EXTENSIONS.
Referenced by x509_get_crt_ext().
static int x509_get_subject_alt_name | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
x509_sequence * | subject_alt_name | |||
) | [static] |
Definition at line 306 of file x509_crt.c.
References ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, asn1_get_len(), asn1_get_tag(), ASN1_SEQUENCE, _asn1_sequence::buf, _asn1_buf::len, _asn1_sequence::next, _asn1_buf::p, POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_ASN1_MALLOC_FAILED, POLARSSL_ERR_ASN1_OUT_OF_DATA, POLARSSL_ERR_ASN1_UNEXPECTED_TAG, POLARSSL_ERR_X509_INVALID_EXTENSIONS, polarssl_malloc, _asn1_buf::tag, and tag.
Referenced by x509_get_crt_ext().
static int x509_get_uid | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
x509_buf * | uid, | |||
int | n | |||
) | [static] |
Definition at line 144 of file x509_crt.c.
References ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, asn1_get_tag(), _asn1_buf::len, _asn1_buf::p, POLARSSL_ERR_ASN1_UNEXPECTED_TAG, and _asn1_buf::tag.
Referenced by x509_crt_parse_der_core().
static int x509_get_version | ( | unsigned char ** | p, | |
const unsigned char * | end, | |||
int * | ver | |||
) | [static] |
Definition at line 78 of file x509_crt.c.
References ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, asn1_get_int(), asn1_get_tag(), POLARSSL_ERR_ASN1_LENGTH_MISMATCH, POLARSSL_ERR_ASN1_UNEXPECTED_TAG, and POLARSSL_ERR_X509_INVALID_VERSION.
Referenced by x509_crt_parse_der_core().
static int x509_name_cmp | ( | const void * | s1, | |
const void * | s2, | |||
size_t | len | |||
) | [static] |
Definition at line 1266 of file x509_crt.c.
Referenced by x509_crt_verify(), and x509_wildcard_verify().
static int x509_wildcard_verify | ( | const char * | cn, | |
x509_buf * | name | |||
) | [static] |
Definition at line 1288 of file x509_crt.c.
References _asn1_buf::len, _asn1_buf::p, and x509_name_cmp().
Referenced by x509_crt_verify().