PolarSSL v1.3.9
x509_crl.c
Go to the documentation of this file.
1/*
2 * X.509 Certidicate Revocation List (CRL) parsing
3 *
4 * Copyright (C) 2006-2014, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
29 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
30 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
31 *
32 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
34 */
35
36#if !defined(POLARSSL_CONFIG_FILE)
37#include "polarssl/config.h"
38#else
39#include POLARSSL_CONFIG_FILE
40#endif
41
42#if defined(POLARSSL_X509_CRL_PARSE_C)
43
44#include "polarssl/x509_crl.h"
45#include "polarssl/oid.h"
46#if defined(POLARSSL_PEM_PARSE_C)
47#include "polarssl/pem.h"
48#endif
49
50#if defined(POLARSSL_PLATFORM_C)
51#include "polarssl/platform.h"
52#else
53#define polarssl_malloc malloc
54#define polarssl_free free
55#endif
56
57#include <string.h>
58#include <stdlib.h>
59#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
60
61#include <windows.h>
62#else
63#include <time.h>
64#endif
65
66#if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
67#include <stdio.h>
68#endif
69
70/* Implementation that should never be optimized out by the compiler */
71static void polarssl_zeroize( void *v, size_t n ) {
72 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
73}
74
75/*
76 * Version ::= INTEGER { v1(0), v2(1) }
77 */
78static int x509_crl_get_version( unsigned char **p,
79 const unsigned char *end,
80 int *ver )
81{
82 int ret;
83
84 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
85 {
86 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
87 {
88 *ver = 0;
89 return( 0 );
90 }
91
92 return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
93 }
94
95 return( 0 );
96}
97
98/*
99 * X.509 CRL v2 extensions (no extensions parsed yet.)
100 */
101static int x509_get_crl_ext( unsigned char **p,
102 const unsigned char *end,
103 x509_buf *ext )
104{
105 int ret;
106 size_t len = 0;
107
108 /* Get explicit tag */
109 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
110 {
111 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
112 return( 0 );
113
114 return( ret );
115 }
116
117 while( *p < end )
118 {
119 if( ( ret = asn1_get_tag( p, end, &len,
120 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
121 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
122
123 *p += len;
124 }
125
126 if( *p != end )
127 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
128 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
129
130 return( 0 );
131}
132
133/*
134 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
135 */
136static int x509_get_crl_entry_ext( unsigned char **p,
137 const unsigned char *end,
138 x509_buf *ext )
139{
140 int ret;
141 size_t len = 0;
142
143 /* OPTIONAL */
144 if( end <= *p )
145 return( 0 );
146
147 ext->tag = **p;
148 ext->p = *p;
149
150 /*
151 * Get CRL-entry extension sequence header
152 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
153 */
154 if( ( ret = asn1_get_tag( p, end, &ext->len,
155 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
156 {
157 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
158 {
159 ext->p = NULL;
160 return( 0 );
161 }
162 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
163 }
164
165 end = *p + ext->len;
166
167 if( end != *p + ext->len )
168 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
169 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
170
171 while( *p < end )
172 {
173 if( ( ret = asn1_get_tag( p, end, &len,
174 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
175 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
176
177 *p += len;
178 }
179
180 if( *p != end )
181 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
182 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
183
184 return( 0 );
185}
186
187/*
188 * X.509 CRL Entries
189 */
190static int x509_get_entries( unsigned char **p,
191 const unsigned char *end,
192 x509_crl_entry *entry )
193{
194 int ret;
195 size_t entry_len;
196 x509_crl_entry *cur_entry = entry;
197
198 if( *p == end )
199 return( 0 );
200
201 if( ( ret = asn1_get_tag( p, end, &entry_len,
202 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
203 {
204 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
205 return( 0 );
206
207 return( ret );
208 }
209
210 end = *p + entry_len;
211
212 while( *p < end )
213 {
214 size_t len2;
215 const unsigned char *end2;
216
217 if( ( ret = asn1_get_tag( p, end, &len2,
218 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
219 {
220 return( ret );
221 }
222
223 cur_entry->raw.tag = **p;
224 cur_entry->raw.p = *p;
225 cur_entry->raw.len = len2;
226 end2 = *p + len2;
227
228 if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
229 return( ret );
230
231 if( ( ret = x509_get_time( p, end2,
232 &cur_entry->revocation_date ) ) != 0 )
233 return( ret );
234
235 if( ( ret = x509_get_crl_entry_ext( p, end2,
236 &cur_entry->entry_ext ) ) != 0 )
237 return( ret );
238
239 if( *p < end )
240 {
241 cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) );
242
243 if( cur_entry->next == NULL )
244 return( POLARSSL_ERR_X509_MALLOC_FAILED );
245
246 cur_entry = cur_entry->next;
247 memset( cur_entry, 0, sizeof( x509_crl_entry ) );
248 }
249 }
250
251 return( 0 );
252}
253
254/*
255 * Parse one or more CRLs and add them to the chained list
256 */
257int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
258{
259 int ret;
260 size_t len;
261 unsigned char *p, *end;
262 x509_crl *crl;
263 x509_buf sig_params1, sig_params2;
264
265#if defined(POLARSSL_PEM_PARSE_C)
266 size_t use_len;
267 pem_context pem;
268#endif
269
270 memset( &sig_params1, 0, sizeof( x509_buf ) );
271 memset( &sig_params2, 0, sizeof( x509_buf ) );
272
273 crl = chain;
274
275 /*
276 * Check for valid input
277 */
278 if( crl == NULL || buf == NULL )
279 return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
280
281 while( crl->version != 0 && crl->next != NULL )
282 crl = crl->next;
283
284 /*
285 * Add new CRL on the end of the chain if needed.
286 */
287 if( crl->version != 0 && crl->next == NULL )
288 {
289 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
290
291 if( crl->next == NULL )
292 {
293 x509_crl_free( crl );
294 return( POLARSSL_ERR_X509_MALLOC_FAILED );
295 }
296
297 crl = crl->next;
298 x509_crl_init( crl );
299 }
300
301#if defined(POLARSSL_PEM_PARSE_C)
302 pem_init( &pem );
303 ret = pem_read_buffer( &pem,
304 "-----BEGIN X509 CRL-----",
305 "-----END X509 CRL-----",
306 buf, NULL, 0, &use_len );
307
308 if( ret == 0 )
309 {
310 /*
311 * Was PEM encoded
312 */
313 buflen -= use_len;
314 buf += use_len;
315
316 /*
317 * Steal PEM buffer
318 */
319 p = pem.buf;
320 pem.buf = NULL;
321 len = pem.buflen;
322 pem_free( &pem );
323 }
324 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
325 {
326 pem_free( &pem );
327 return( ret );
328 }
329 else
330#endif /* POLARSSL_PEM_PARSE_C */
331 {
332 /*
333 * nope, copy the raw DER data
334 */
335 p = (unsigned char *) polarssl_malloc( len = buflen );
336
337 if( p == NULL )
338 return( POLARSSL_ERR_X509_MALLOC_FAILED );
339
340 memcpy( p, buf, buflen );
341
342 buflen = 0;
343 }
344
345 crl->raw.p = p;
346 crl->raw.len = len;
347 end = p + len;
348
349 /*
350 * CertificateList ::= SEQUENCE {
351 * tbsCertList TBSCertList,
352 * signatureAlgorithm AlgorithmIdentifier,
353 * signatureValue BIT STRING }
354 */
355 if( ( ret = asn1_get_tag( &p, end, &len,
356 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
357 {
358 x509_crl_free( crl );
359 return( POLARSSL_ERR_X509_INVALID_FORMAT );
360 }
361
362 if( len != (size_t) ( end - p ) )
363 {
364 x509_crl_free( crl );
365 return( POLARSSL_ERR_X509_INVALID_FORMAT +
366 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
367 }
368
369 /*
370 * TBSCertList ::= SEQUENCE {
371 */
372 crl->tbs.p = p;
373
374 if( ( ret = asn1_get_tag( &p, end, &len,
375 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
376 {
377 x509_crl_free( crl );
378 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
379 }
380
381 end = p + len;
382 crl->tbs.len = end - crl->tbs.p;
383
384 /*
385 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
386 * -- if present, MUST be v2
387 *
388 * signature AlgorithmIdentifier
389 */
390 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
391 ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params1 ) ) != 0 )
392 {
393 x509_crl_free( crl );
394 return( ret );
395 }
396
397 crl->version++;
398
399 if( crl->version > 2 )
400 {
401 x509_crl_free( crl );
402 return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
403 }
404
405 if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1,
406 &crl->sig_md, &crl->sig_pk,
407 &crl->sig_opts ) ) != 0 )
408 {
409 x509_crl_free( crl );
410 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
411 }
412
413 /*
414 * issuer Name
415 */
416 crl->issuer_raw.p = p;
417
418 if( ( ret = asn1_get_tag( &p, end, &len,
419 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
420 {
421 x509_crl_free( crl );
422 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
423 }
424
425 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
426 {
427 x509_crl_free( crl );
428 return( ret );
429 }
430
431 crl->issuer_raw.len = p - crl->issuer_raw.p;
432
433 /*
434 * thisUpdate Time
435 * nextUpdate Time OPTIONAL
436 */
437 if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
438 {
439 x509_crl_free( crl );
440 return( ret );
441 }
442
443 if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
444 {
445 if( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
446 POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
447 ret != ( POLARSSL_ERR_X509_INVALID_DATE +
448 POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
449 {
450 x509_crl_free( crl );
451 return( ret );
452 }
453 }
454
455 /*
456 * revokedCertificates SEQUENCE OF SEQUENCE {
457 * userCertificate CertificateSerialNumber,
458 * revocationDate Time,
459 * crlEntryExtensions Extensions OPTIONAL
460 * -- if present, MUST be v2
461 * } OPTIONAL
462 */
463 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
464 {
465 x509_crl_free( crl );
466 return( ret );
467 }
468
469 /*
470 * crlExtensions EXPLICIT Extensions OPTIONAL
471 * -- if present, MUST be v2
472 */
473 if( crl->version == 2 )
474 {
475 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
476
477 if( ret != 0 )
478 {
479 x509_crl_free( crl );
480 return( ret );
481 }
482 }
483
484 if( p != end )
485 {
486 x509_crl_free( crl );
487 return( POLARSSL_ERR_X509_INVALID_FORMAT +
488 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
489 }
490
491 end = crl->raw.p + crl->raw.len;
492
493 /*
494 * signatureAlgorithm AlgorithmIdentifier,
495 * signatureValue BIT STRING
496 */
497 if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params2 ) ) != 0 )
498 {
499 x509_crl_free( crl );
500 return( ret );
501 }
502
503 if( crl->sig_oid1.len != crl->sig_oid2.len ||
504 memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
505 sig_params1.len != sig_params2.len ||
506 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
507 {
508 x509_crl_free( crl );
509 return( POLARSSL_ERR_X509_SIG_MISMATCH );
510 }
511
512 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
513 {
514 x509_crl_free( crl );
515 return( ret );
516 }
517
518 if( p != end )
519 {
520 x509_crl_free( crl );
521 return( POLARSSL_ERR_X509_INVALID_FORMAT +
522 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
523 }
524
525 if( buflen > 0 )
526 {
527 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
528
529 if( crl->next == NULL )
530 {
531 x509_crl_free( crl );
532 return( POLARSSL_ERR_X509_MALLOC_FAILED );
533 }
534
535 crl = crl->next;
536 x509_crl_init( crl );
537
538 return( x509_crl_parse( crl, buf, buflen ) );
539 }
540
541 return( 0 );
542}
543
544#if defined(POLARSSL_FS_IO)
545/*
546 * Load one or more CRLs and add them to the chained list
547 */
548int x509_crl_parse_file( x509_crl *chain, const char *path )
549{
550 int ret;
551 size_t n;
552 unsigned char *buf;
553
554 if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
555 return( ret );
556
557 ret = x509_crl_parse( chain, buf, n );
558
559 polarssl_zeroize( buf, n + 1 );
560 polarssl_free( buf );
561
562 return( ret );
563}
564#endif /* POLARSSL_FS_IO */
565
566#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
567 !defined(EFI32)
568#include <stdarg.h>
569
570#if !defined vsnprintf
571#define vsnprintf _vsnprintf
572#endif // vsnprintf
573
574/*
575 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
576 * Result value is not size of buffer needed, but -1 if no fit is possible.
577 *
578 * This fuction tries to 'fix' this by at least suggesting enlarging the
579 * size by 20.
580 */
581static int compat_snprintf( char *str, size_t size, const char *format, ... )
582{
583 va_list ap;
584 int res = -1;
585
586 va_start( ap, format );
587
588 res = vsnprintf( str, size, format, ap );
589
590 va_end( ap );
591
592 // No quick fix possible
593 if( res < 0 )
594 return( (int) size + 20 );
595
596 return( res );
597}
598
599#define snprintf compat_snprintf
600#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
601
602#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
603
604#define SAFE_SNPRINTF() \
605{ \
606 if( ret == -1 ) \
607 return( -1 ); \
608 \
609 if( (unsigned int) ret > n ) { \
610 p[n - 1] = '\0'; \
611 return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
612 } \
613 \
614 n -= (unsigned int) ret; \
615 p += (unsigned int) ret; \
616}
617
618/*
619 * Return an informational string about the certificate.
620 */
621#define BEFORE_COLON 14
622#define BC "14"
623/*
624 * Return an informational string about the CRL.
625 */
626int x509_crl_info( char *buf, size_t size, const char *prefix,
627 const x509_crl *crl )
628{
629 int ret;
630 size_t n;
631 char *p;
632 const x509_crl_entry *entry;
633
634 p = buf;
635 n = size;
636
637 ret = snprintf( p, n, "%sCRL version : %d",
638 prefix, crl->version );
639 SAFE_SNPRINTF();
640
641 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
642 SAFE_SNPRINTF();
643 ret = x509_dn_gets( p, n, &crl->issuer );
644 SAFE_SNPRINTF();
645
646 ret = snprintf( p, n, "\n%sthis update : " \
647 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
648 crl->this_update.year, crl->this_update.mon,
649 crl->this_update.day, crl->this_update.hour,
650 crl->this_update.min, crl->this_update.sec );
651 SAFE_SNPRINTF();
652
653 ret = snprintf( p, n, "\n%snext update : " \
654 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
655 crl->next_update.year, crl->next_update.mon,
656 crl->next_update.day, crl->next_update.hour,
657 crl->next_update.min, crl->next_update.sec );
658 SAFE_SNPRINTF();
659
660 entry = &crl->entry;
661
662 ret = snprintf( p, n, "\n%sRevoked certificates:",
663 prefix );
664 SAFE_SNPRINTF();
665
666 while( entry != NULL && entry->raw.len != 0 )
667 {
668 ret = snprintf( p, n, "\n%sserial number: ",
669 prefix );
670 SAFE_SNPRINTF();
671
672 ret = x509_serial_gets( p, n, &entry->serial );
673 SAFE_SNPRINTF();
674
675 ret = snprintf( p, n, " revocation date: " \
676 "%04d-%02d-%02d %02d:%02d:%02d",
677 entry->revocation_date.year, entry->revocation_date.mon,
678 entry->revocation_date.day, entry->revocation_date.hour,
679 entry->revocation_date.min, entry->revocation_date.sec );
680 SAFE_SNPRINTF();
681
682 entry = entry->next;
683 }
684
685 ret = snprintf( p, n, "\n%ssigned using : ", prefix );
686 SAFE_SNPRINTF();
687
688 ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md,
689 crl->sig_opts );
690 SAFE_SNPRINTF();
691
692 ret = snprintf( p, n, "\n" );
693 SAFE_SNPRINTF();
694
695 return( (int) ( size - n ) );
696}
697
698/*
699 * Initialize a CRL chain
700 */
701void x509_crl_init( x509_crl *crl )
702{
703 memset( crl, 0, sizeof(x509_crl) );
704}
705
706/*
707 * Unallocate all CRL data
708 */
709void x509_crl_free( x509_crl *crl )
710{
711 x509_crl *crl_cur = crl;
712 x509_crl *crl_prv;
713 x509_name *name_cur;
714 x509_name *name_prv;
715 x509_crl_entry *entry_cur;
716 x509_crl_entry *entry_prv;
717
718 if( crl == NULL )
719 return;
720
721 do
722 {
723#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
724 polarssl_free( crl_cur->sig_opts );
725#endif
726
727 name_cur = crl_cur->issuer.next;
728 while( name_cur != NULL )
729 {
730 name_prv = name_cur;
731 name_cur = name_cur->next;
732 polarssl_zeroize( name_prv, sizeof( x509_name ) );
733 polarssl_free( name_prv );
734 }
735
736 entry_cur = crl_cur->entry.next;
737 while( entry_cur != NULL )
738 {
739 entry_prv = entry_cur;
740 entry_cur = entry_cur->next;
741 polarssl_zeroize( entry_prv, sizeof( x509_crl_entry ) );
742 polarssl_free( entry_prv );
743 }
744
745 if( crl_cur->raw.p != NULL )
746 {
747 polarssl_zeroize( crl_cur->raw.p, crl_cur->raw.len );
748 polarssl_free( crl_cur->raw.p );
749 }
750
751 crl_cur = crl_cur->next;
752 }
753 while( crl_cur != NULL );
754
755 crl_cur = crl;
756 do
757 {
758 crl_prv = crl_cur;
759 crl_cur = crl_cur->next;
760
761 polarssl_zeroize( crl_prv, sizeof( x509_crl ) );
762 if( crl_prv != crl )
763 polarssl_free( crl_prv );
764 }
765 while( crl_cur != NULL );
766}
767
768#endif /* POLARSSL_X509_CRL_PARSE_C */
config.h
Configuration options (set of defines)
POLARSSL_ERR_ASN1_OUT_OF_DATA
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
Definition asn1.h:54
_asn1_buf::tag
int tag
ASN1 type, e.g.
Definition asn1.h:126
POLARSSL_ERR_ASN1_UNEXPECTED_TAG
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition asn1.h:55
_asn1_buf::len
size_t len
ASN1 length, e.g.
Definition asn1.h:127
_asn1_named_data::next
struct _asn1_named_data * next
The next entry in the sequence.
Definition asn1.h:160
_asn1_buf::p
unsigned char * p
ASN1 data, e.g.
Definition asn1.h:128
ASN1_CONSTRUCTED
#define ASN1_CONSTRUCTED
Definition asn1.h:92
ASN1_SEQUENCE
#define ASN1_SEQUENCE
Definition asn1.h:82
asn1_get_int
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
asn1_get_tag
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
POLARSSL_ERR_ASN1_LENGTH_MISMATCH
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition asn1.h:57
_x509_crl_entry::next
struct _x509_crl_entry * next
Definition x509_crl.h:65
POLARSSL_ERR_X509_UNKNOWN_VERSION
#define POLARSSL_ERR_X509_UNKNOWN_VERSION
CRT/CRL/CSR has an unsupported version number.
Definition x509.h:62
_x509_crl::entry
x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
Definition x509_crl.h:88
x509_load_file
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
x509_get_alg
int x509_get_alg(unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params)
_x509_crl_entry::revocation_date
x509_time revocation_date
Definition x509_crl.h:61
_x509_crl::sig_pk
pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e....
Definition x509_crl.h:95
x509_crl_info
int x509_crl_info(char *buf, size_t size, const char *prefix, const x509_crl *crl)
Returns an informational string about the CRL.
_x509_time::day
int day
Date.
Definition x509.h:185
_x509_time::year
int year
Definition x509.h:185
_x509_crl::sig_opts
void * sig_opts
Signature options to be passed to pk_verify_ext(), e.g.
Definition x509_crl.h:96
_x509_crl_entry::raw
x509_buf raw
Definition x509_crl.h:57
_x509_crl::issuer
x509_name issuer
The parsed issuer data (named information object).
Definition x509_crl.h:83
_x509_crl_entry::entry_ext
x509_buf entry_ext
Definition x509_crl.h:63
_x509_crl::raw
x509_buf raw
The raw certificate data (DER).
Definition x509_crl.h:75
_x509_crl::version
int version
CRL version (1=v1, 2=v2)
Definition x509_crl.h:78
POLARSSL_ERR_X509_INVALID_DATE
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
Definition x509.h:59
_x509_crl::sig_oid2
x509_buf sig_oid2
Definition x509_crl.h:92
x509_dn_gets
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written.
_x509_crl::crl_ext
x509_buf crl_ext
Definition x509_crl.h:90
_x509_time::hour
int hour
Definition x509.h:186
POLARSSL_ERR_X509_BAD_INPUT_DATA
#define POLARSSL_ERR_X509_BAD_INPUT_DATA
Input invalid.
Definition x509.h:67
POLARSSL_ERR_X509_MALLOC_FAILED
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
Definition x509.h:68
_x509_time::sec
int sec
Time.
Definition x509.h:186
_x509_crl::next_update
x509_time next_update
Definition x509_crl.h:86
_x509_crl::this_update
x509_time this_update
Definition x509_crl.h:85
_x509_crl::sig_oid1
x509_buf sig_oid1
Definition x509_crl.h:79
_x509_time::min
int min
Definition x509.h:186
POLARSSL_ERR_X509_INVALID_VERSION
#define POLARSSL_ERR_X509_INVALID_VERSION
The CRT/CRL/CSR version element is invalid.
Definition x509.h:55
POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
Definition x509.h:63
x509_get_ext
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
_x509_crl::sig
x509_buf sig
Definition x509_crl.h:93
_x509_crl::tbs
x509_buf tbs
The raw certificate body (DER).
Definition x509_crl.h:76
_x509_crl::next
struct _x509_crl * next
Definition x509_crl.h:98
x509_crl_free
void x509_crl_free(x509_crl *crl)
Unallocate all CRL data.
_x509_crl::issuer_raw
x509_buf issuer_raw
The raw issuer data (DER).
Definition x509_crl.h:81
_x509_time::mon
int mon
Definition x509.h:185
x509_sig_alg_gets
int x509_sig_alg_gets(char *buf, size_t size, const x509_buf *sig_oid, pk_type_t pk_alg, md_type_t md_alg, const void *sig_opts)
POLARSSL_ERR_X509_INVALID_FORMAT
#define POLARSSL_ERR_X509_INVALID_FORMAT
The CRT/CRL/CSR format is invalid, e.g.
Definition x509.h:54
x509_crl_parse_file
int x509_crl_parse_file(x509_crl *chain, const char *path)
Load one or more CRLs and add them to the chained list.
POLARSSL_ERR_X509_SIG_MISMATCH
#define POLARSSL_ERR_X509_SIG_MISMATCH
Signature algorithms do not match.
Definition x509.h:64
x509_get_sig_alg
int x509_get_sig_alg(const x509_buf *sig_oid, const x509_buf *sig_params, md_type_t *md_alg, pk_type_t *pk_alg, void **sig_opts)
x509_serial_gets
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
x509_get_time
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
_x509_crl_entry::serial
x509_buf serial
Definition x509_crl.h:59
x509_crl_parse
int x509_crl_parse(x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and add them to the chained list.
x509_crl_init
void x509_crl_init(x509_crl *crl)
Initialize a CRL (chain)
_x509_crl::sig_md
md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
Definition x509_crl.h:94
x509_get_name
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
POLARSSL_ERR_X509_INVALID_EXTENSIONS
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition x509.h:61
x509_get_serial
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
x509_get_sig
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
oid.h
Object Identifier (OID) database.
pem.h
Privacy Enhanced Mail (PEM) decoding.
POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition pem.h:38
platform.h
PolarSSL Platform abstraction layer.
_asn1_buf
Type-length-value structure that allows for ASN1 using DER.
Definition asn1.h:125
_asn1_named_data
Container for a sequence or list of 'named' ASN.1 data items.
Definition asn1.h:157
_x509_crl_entry
Certificate revocation list entry.
Definition x509_crl.h:56
_x509_crl
Certificate revocation list structure.
Definition x509_crl.h:74
polarssl_malloc
#define polarssl_malloc
Definition test_suite_aes.cbc.c:20
polarssl_free
#define polarssl_free
Definition test_suite_aes.cbc.c:21
x509_crl.h
X.509 certificate revocation list parsing.
Generated on Tue Feb 20 2024 18:30:54 for PolarSSL v1.3.9 by doxygen 1.9.8