PolarSSL v1.3.9
x509_crl.c
Go to the documentation of this file.
1 /*
2  * X.509 Certidicate Revocation List (CRL) parsing
3  *
4  * Copyright (C) 2006-2014, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The ITU-T X.509 standard defines a certificate format for PKI.
27  *
28  * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
29  * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
30  * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
31  *
32  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
33  * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
34  */
35 
36 #if !defined(POLARSSL_CONFIG_FILE)
37 #include "polarssl/config.h"
38 #else
39 #include POLARSSL_CONFIG_FILE
40 #endif
41 
42 #if defined(POLARSSL_X509_CRL_PARSE_C)
43 
44 #include "polarssl/x509_crl.h"
45 #include "polarssl/oid.h"
46 #if defined(POLARSSL_PEM_PARSE_C)
47 #include "polarssl/pem.h"
48 #endif
49 
50 #if defined(POLARSSL_PLATFORM_C)
51 #include "polarssl/platform.h"
52 #else
53 #define polarssl_malloc malloc
54 #define polarssl_free free
55 #endif
56 
57 #include <string.h>
58 #include <stdlib.h>
59 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
60 
61 #include <windows.h>
62 #else
63 #include <time.h>
64 #endif
65 
66 #if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
67 #include <stdio.h>
68 #endif
69 
70 /* Implementation that should never be optimized out by the compiler */
71 static void polarssl_zeroize( void *v, size_t n ) {
72  volatile unsigned char *p = v; while( n-- ) *p++ = 0;
73 }
74 
75 /*
76  * Version ::= INTEGER { v1(0), v2(1) }
77  */
78 static int x509_crl_get_version( unsigned char **p,
79  const unsigned char *end,
80  int *ver )
81 {
82  int ret;
83 
84  if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
85  {
87  {
88  *ver = 0;
89  return( 0 );
90  }
91 
92  return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
93  }
94 
95  return( 0 );
96 }
97 
98 /*
99  * X.509 CRL v2 extensions (no extensions parsed yet.)
100  */
101 static int x509_get_crl_ext( unsigned char **p,
102  const unsigned char *end,
103  x509_buf *ext )
104 {
105  int ret;
106  size_t len = 0;
107 
108  /* Get explicit tag */
109  if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
110  {
112  return( 0 );
113 
114  return( ret );
115  }
116 
117  while( *p < end )
118  {
119  if( ( ret = asn1_get_tag( p, end, &len,
120  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
121  return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
122 
123  *p += len;
124  }
125 
126  if( *p != end )
129 
130  return( 0 );
131 }
132 
133 /*
134  * X.509 CRL v2 entry extensions (no extensions parsed yet.)
135  */
136 static int x509_get_crl_entry_ext( unsigned char **p,
137  const unsigned char *end,
138  x509_buf *ext )
139 {
140  int ret;
141  size_t len = 0;
142 
143  /* OPTIONAL */
144  if( end <= *p )
145  return( 0 );
146 
147  ext->tag = **p;
148  ext->p = *p;
149 
150  /*
151  * Get CRL-entry extension sequence header
152  * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
153  */
154  if( ( ret = asn1_get_tag( p, end, &ext->len,
155  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
156  {
158  {
159  ext->p = NULL;
160  return( 0 );
161  }
162  return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
163  }
164 
165  end = *p + ext->len;
166 
167  if( end != *p + ext->len )
170 
171  while( *p < end )
172  {
173  if( ( ret = asn1_get_tag( p, end, &len,
174  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
175  return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
176 
177  *p += len;
178  }
179 
180  if( *p != end )
183 
184  return( 0 );
185 }
186 
187 /*
188  * X.509 CRL Entries
189  */
190 static int x509_get_entries( unsigned char **p,
191  const unsigned char *end,
192  x509_crl_entry *entry )
193 {
194  int ret;
195  size_t entry_len;
196  x509_crl_entry *cur_entry = entry;
197 
198  if( *p == end )
199  return( 0 );
200 
201  if( ( ret = asn1_get_tag( p, end, &entry_len,
202  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
203  {
205  return( 0 );
206 
207  return( ret );
208  }
209 
210  end = *p + entry_len;
211 
212  while( *p < end )
213  {
214  size_t len2;
215  const unsigned char *end2;
216 
217  if( ( ret = asn1_get_tag( p, end, &len2,
218  ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
219  {
220  return( ret );
221  }
222 
223  cur_entry->raw.tag = **p;
224  cur_entry->raw.p = *p;
225  cur_entry->raw.len = len2;
226  end2 = *p + len2;
227 
228  if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
229  return( ret );
230 
231  if( ( ret = x509_get_time( p, end2,
232  &cur_entry->revocation_date ) ) != 0 )
233  return( ret );
234 
235  if( ( ret = x509_get_crl_entry_ext( p, end2,
236  &cur_entry->entry_ext ) ) != 0 )
237  return( ret );
238 
239  if( *p < end )
240  {
241  cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) );
242 
243  if( cur_entry->next == NULL )
245 
246  cur_entry = cur_entry->next;
247  memset( cur_entry, 0, sizeof( x509_crl_entry ) );
248  }
249  }
250 
251  return( 0 );
252 }
253 
254 /*
255  * Parse one or more CRLs and add them to the chained list
256  */
257 int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
258 {
259  int ret;
260  size_t len;
261  unsigned char *p, *end;
262  x509_crl *crl;
263  x509_buf sig_params1, sig_params2;
264 
265 #if defined(POLARSSL_PEM_PARSE_C)
266  size_t use_len;
267  pem_context pem;
268 #endif
269 
270  memset( &sig_params1, 0, sizeof( x509_buf ) );
271  memset( &sig_params2, 0, sizeof( x509_buf ) );
272 
273  crl = chain;
274 
275  /*
276  * Check for valid input
277  */
278  if( crl == NULL || buf == NULL )
280 
281  while( crl->version != 0 && crl->next != NULL )
282  crl = crl->next;
283 
284  /*
285  * Add new CRL on the end of the chain if needed.
286  */
287  if( crl->version != 0 && crl->next == NULL )
288  {
289  crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
290 
291  if( crl->next == NULL )
292  {
293  x509_crl_free( crl );
295  }
296 
297  crl = crl->next;
298  x509_crl_init( crl );
299  }
300 
301 #if defined(POLARSSL_PEM_PARSE_C)
302  pem_init( &pem );
303  ret = pem_read_buffer( &pem,
304  "-----BEGIN X509 CRL-----",
305  "-----END X509 CRL-----",
306  buf, NULL, 0, &use_len );
307 
308  if( ret == 0 )
309  {
310  /*
311  * Was PEM encoded
312  */
313  buflen -= use_len;
314  buf += use_len;
315 
316  /*
317  * Steal PEM buffer
318  */
319  p = pem.buf;
320  pem.buf = NULL;
321  len = pem.buflen;
322  pem_free( &pem );
323  }
325  {
326  pem_free( &pem );
327  return( ret );
328  }
329  else
330 #endif /* POLARSSL_PEM_PARSE_C */
331  {
332  /*
333  * nope, copy the raw DER data
334  */
335  p = (unsigned char *) polarssl_malloc( len = buflen );
336 
337  if( p == NULL )
339 
340  memcpy( p, buf, buflen );
341 
342  buflen = 0;
343  }
344 
345  crl->raw.p = p;
346  crl->raw.len = len;
347  end = p + len;
348 
349  /*
350  * CertificateList ::= SEQUENCE {
351  * tbsCertList TBSCertList,
352  * signatureAlgorithm AlgorithmIdentifier,
353  * signatureValue BIT STRING }
354  */
355  if( ( ret = asn1_get_tag( &p, end, &len,
356  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
357  {
358  x509_crl_free( crl );
360  }
361 
362  if( len != (size_t) ( end - p ) )
363  {
364  x509_crl_free( crl );
367  }
368 
369  /*
370  * TBSCertList ::= SEQUENCE {
371  */
372  crl->tbs.p = p;
373 
374  if( ( ret = asn1_get_tag( &p, end, &len,
375  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
376  {
377  x509_crl_free( crl );
378  return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
379  }
380 
381  end = p + len;
382  crl->tbs.len = end - crl->tbs.p;
383 
384  /*
385  * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
386  * -- if present, MUST be v2
387  *
388  * signature AlgorithmIdentifier
389  */
390  if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
391  ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params1 ) ) != 0 )
392  {
393  x509_crl_free( crl );
394  return( ret );
395  }
396 
397  crl->version++;
398 
399  if( crl->version > 2 )
400  {
401  x509_crl_free( crl );
403  }
404 
405  if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1,
406  &crl->sig_md, &crl->sig_pk,
407  &crl->sig_opts ) ) != 0 )
408  {
409  x509_crl_free( crl );
411  }
412 
413  /*
414  * issuer Name
415  */
416  crl->issuer_raw.p = p;
417 
418  if( ( ret = asn1_get_tag( &p, end, &len,
419  ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
420  {
421  x509_crl_free( crl );
422  return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
423  }
424 
425  if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
426  {
427  x509_crl_free( crl );
428  return( ret );
429  }
430 
431  crl->issuer_raw.len = p - crl->issuer_raw.p;
432 
433  /*
434  * thisUpdate Time
435  * nextUpdate Time OPTIONAL
436  */
437  if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
438  {
439  x509_crl_free( crl );
440  return( ret );
441  }
442 
443  if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
444  {
445  if( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
449  {
450  x509_crl_free( crl );
451  return( ret );
452  }
453  }
454 
455  /*
456  * revokedCertificates SEQUENCE OF SEQUENCE {
457  * userCertificate CertificateSerialNumber,
458  * revocationDate Time,
459  * crlEntryExtensions Extensions OPTIONAL
460  * -- if present, MUST be v2
461  * } OPTIONAL
462  */
463  if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
464  {
465  x509_crl_free( crl );
466  return( ret );
467  }
468 
469  /*
470  * crlExtensions EXPLICIT Extensions OPTIONAL
471  * -- if present, MUST be v2
472  */
473  if( crl->version == 2 )
474  {
475  ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
476 
477  if( ret != 0 )
478  {
479  x509_crl_free( crl );
480  return( ret );
481  }
482  }
483 
484  if( p != end )
485  {
486  x509_crl_free( crl );
489  }
490 
491  end = crl->raw.p + crl->raw.len;
492 
493  /*
494  * signatureAlgorithm AlgorithmIdentifier,
495  * signatureValue BIT STRING
496  */
497  if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params2 ) ) != 0 )
498  {
499  x509_crl_free( crl );
500  return( ret );
501  }
502 
503  if( crl->sig_oid1.len != crl->sig_oid2.len ||
504  memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
505  sig_params1.len != sig_params2.len ||
506  memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
507  {
508  x509_crl_free( crl );
510  }
511 
512  if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
513  {
514  x509_crl_free( crl );
515  return( ret );
516  }
517 
518  if( p != end )
519  {
520  x509_crl_free( crl );
523  }
524 
525  if( buflen > 0 )
526  {
527  crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
528 
529  if( crl->next == NULL )
530  {
531  x509_crl_free( crl );
533  }
534 
535  crl = crl->next;
536  x509_crl_init( crl );
537 
538  return( x509_crl_parse( crl, buf, buflen ) );
539  }
540 
541  return( 0 );
542 }
543 
544 #if defined(POLARSSL_FS_IO)
545 /*
546  * Load one or more CRLs and add them to the chained list
547  */
548 int x509_crl_parse_file( x509_crl *chain, const char *path )
549 {
550  int ret;
551  size_t n;
552  unsigned char *buf;
553 
554  if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
555  return( ret );
556 
557  ret = x509_crl_parse( chain, buf, n );
558 
559  polarssl_zeroize( buf, n + 1 );
560  polarssl_free( buf );
561 
562  return( ret );
563 }
564 #endif /* POLARSSL_FS_IO */
565 
566 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
567  !defined(EFI32)
568 #include <stdarg.h>
569 
570 #if !defined vsnprintf
571 #define vsnprintf _vsnprintf
572 #endif // vsnprintf
573 
574 /*
575  * Windows _snprintf and _vsnprintf are not compatible to linux versions.
576  * Result value is not size of buffer needed, but -1 if no fit is possible.
577  *
578  * This fuction tries to 'fix' this by at least suggesting enlarging the
579  * size by 20.
580  */
581 static int compat_snprintf( char *str, size_t size, const char *format, ... )
582 {
583  va_list ap;
584  int res = -1;
585 
586  va_start( ap, format );
587 
588  res = vsnprintf( str, size, format, ap );
589 
590  va_end( ap );
591 
592  // No quick fix possible
593  if( res < 0 )
594  return( (int) size + 20 );
595 
596  return( res );
597 }
598 
599 #define snprintf compat_snprintf
600 #endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
601 
602 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
603 
604 #define SAFE_SNPRINTF() \
605 { \
606  if( ret == -1 ) \
607  return( -1 ); \
608  \
609  if( (unsigned int) ret > n ) { \
610  p[n - 1] = '\0'; \
611  return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
612  } \
613  \
614  n -= (unsigned int) ret; \
615  p += (unsigned int) ret; \
616 }
617 
618 /*
619  * Return an informational string about the certificate.
620  */
621 #define BEFORE_COLON 14
622 #define BC "14"
623 /*
624  * Return an informational string about the CRL.
625  */
626 int x509_crl_info( char *buf, size_t size, const char *prefix,
627  const x509_crl *crl )
628 {
629  int ret;
630  size_t n;
631  char *p;
632  const x509_crl_entry *entry;
633 
634  p = buf;
635  n = size;
636 
637  ret = snprintf( p, n, "%sCRL version : %d",
638  prefix, crl->version );
639  SAFE_SNPRINTF();
640 
641  ret = snprintf( p, n, "\n%sissuer name : ", prefix );
642  SAFE_SNPRINTF();
643  ret = x509_dn_gets( p, n, &crl->issuer );
644  SAFE_SNPRINTF();
645 
646  ret = snprintf( p, n, "\n%sthis update : " \
647  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
648  crl->this_update.year, crl->this_update.mon,
649  crl->this_update.day, crl->this_update.hour,
650  crl->this_update.min, crl->this_update.sec );
651  SAFE_SNPRINTF();
652 
653  ret = snprintf( p, n, "\n%snext update : " \
654  "%04d-%02d-%02d %02d:%02d:%02d", prefix,
655  crl->next_update.year, crl->next_update.mon,
656  crl->next_update.day, crl->next_update.hour,
657  crl->next_update.min, crl->next_update.sec );
658  SAFE_SNPRINTF();
659 
660  entry = &crl->entry;
661 
662  ret = snprintf( p, n, "\n%sRevoked certificates:",
663  prefix );
664  SAFE_SNPRINTF();
665 
666  while( entry != NULL && entry->raw.len != 0 )
667  {
668  ret = snprintf( p, n, "\n%sserial number: ",
669  prefix );
670  SAFE_SNPRINTF();
671 
672  ret = x509_serial_gets( p, n, &entry->serial );
673  SAFE_SNPRINTF();
674 
675  ret = snprintf( p, n, " revocation date: " \
676  "%04d-%02d-%02d %02d:%02d:%02d",
677  entry->revocation_date.year, entry->revocation_date.mon,
678  entry->revocation_date.day, entry->revocation_date.hour,
679  entry->revocation_date.min, entry->revocation_date.sec );
680  SAFE_SNPRINTF();
681 
682  entry = entry->next;
683  }
684 
685  ret = snprintf( p, n, "\n%ssigned using : ", prefix );
686  SAFE_SNPRINTF();
687 
688  ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md,
689  crl->sig_opts );
690  SAFE_SNPRINTF();
691 
692  ret = snprintf( p, n, "\n" );
693  SAFE_SNPRINTF();
694 
695  return( (int) ( size - n ) );
696 }
697 
698 /*
699  * Initialize a CRL chain
700  */
701 void x509_crl_init( x509_crl *crl )
702 {
703  memset( crl, 0, sizeof(x509_crl) );
704 }
705 
706 /*
707  * Unallocate all CRL data
708  */
709 void x509_crl_free( x509_crl *crl )
710 {
711  x509_crl *crl_cur = crl;
712  x509_crl *crl_prv;
713  x509_name *name_cur;
714  x509_name *name_prv;
715  x509_crl_entry *entry_cur;
716  x509_crl_entry *entry_prv;
717 
718  if( crl == NULL )
719  return;
720 
721  do
722  {
723 #if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
724  polarssl_free( crl_cur->sig_opts );
725 #endif
726 
727  name_cur = crl_cur->issuer.next;
728  while( name_cur != NULL )
729  {
730  name_prv = name_cur;
731  name_cur = name_cur->next;
732  polarssl_zeroize( name_prv, sizeof( x509_name ) );
733  polarssl_free( name_prv );
734  }
735 
736  entry_cur = crl_cur->entry.next;
737  while( entry_cur != NULL )
738  {
739  entry_prv = entry_cur;
740  entry_cur = entry_cur->next;
741  polarssl_zeroize( entry_prv, sizeof( x509_crl_entry ) );
742  polarssl_free( entry_prv );
743  }
744 
745  if( crl_cur->raw.p != NULL )
746  {
747  polarssl_zeroize( crl_cur->raw.p, crl_cur->raw.len );
748  polarssl_free( crl_cur->raw.p );
749  }
750 
751  crl_cur = crl_cur->next;
752  }
753  while( crl_cur != NULL );
754 
755  crl_cur = crl;
756  do
757  {
758  crl_prv = crl_cur;
759  crl_cur = crl_cur->next;
760 
761  polarssl_zeroize( crl_prv, sizeof( x509_crl ) );
762  if( crl_prv != crl )
763  polarssl_free( crl_prv );
764  }
765  while( crl_cur != NULL );
766 }
767 
768 #endif /* POLARSSL_X509_CRL_PARSE_C */
x509_buf sig
Definition: x509_crl.h:93
void x509_crl_init(x509_crl *crl)
Initialize a CRL (chain)
int sec
Time.
Definition: x509.h:186
int x509_get_name(unsigned char **p, const unsigned char *end, x509_name *cur)
#define POLARSSL_ERR_X509_INVALID_DATE
The date tag or value is invalid.
Definition: x509.h:59
int version
CRL version (1=v1, 2=v2)
Definition: x509_crl.h:78
int x509_get_serial(unsigned char **p, const unsigned char *end, x509_buf *serial)
x509_time next_update
Definition: x509_crl.h:86
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH
Actual length differs from expected length.
Definition: asn1.h:57
Certificate revocation list entry.
Definition: x509_crl.h:55
#define polarssl_malloc
#define polarssl_free
int x509_get_sig_alg(const x509_buf *sig_oid, const x509_buf *sig_params, md_type_t *md_alg, pk_type_t *pk_alg, void **sig_opts)
#define POLARSSL_ERR_X509_INVALID_FORMAT
The CRT/CRL/CSR format is invalid, e.g.
Definition: x509.h:54
struct _x509_crl * next
Definition: x509_crl.h:98
int asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value.
void * sig_opts
Signature options to be passed to pk_verify_ext(), e.g.
Definition: x509_crl.h:96
#define ASN1_SEQUENCE
Definition: asn1.h:82
Configuration options (set of defines)
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
Signature algorithm (oid) is unsupported.
Definition: x509.h:63
#define ASN1_CONSTRUCTED
Definition: asn1.h:92
x509_buf sig_oid2
Definition: x509_crl.h:92
PolarSSL Platform abstraction layer.
int x509_get_sig(unsigned char **p, const unsigned char *end, x509_buf *sig)
#define POLARSSL_ERR_X509_UNKNOWN_VERSION
CRT/CRL/CSR has an unsupported version number.
Definition: x509.h:62
x509_name issuer
The parsed issuer data (named information object).
Definition: x509_crl.h:83
int x509_crl_parse_file(x509_crl *chain, const char *path)
Load one or more CRLs and add them to the chained list.
Object Identifier (OID) database.
x509_buf serial
Definition: x509_crl.h:59
int x509_crl_parse(x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and add them to the chained list.
int x509_crl_info(char *buf, size_t size, const char *prefix, const x509_crl *crl)
Returns an informational string about the CRL.
int x509_get_alg(unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params)
x509_crl_entry entry
The CRL entries containing the certificate revocation times for this CA.
Definition: x509_crl.h:88
int hour
Definition: x509.h:186
int mon
Definition: x509.h:185
int x509_get_time(unsigned char **p, const unsigned char *end, x509_time *time)
x509_buf sig_oid1
Definition: x509_crl.h:79
Privacy Enhanced Mail (PEM) decoding.
int x509_dn_gets(char *buf, size_t size, const x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written...
void x509_crl_free(x509_crl *crl)
Unallocate all CRL data.
unsigned char * p
ASN1 data, e.g.
Definition: asn1.h:128
x509_buf tbs
The raw certificate body (DER).
Definition: x509_crl.h:76
struct _x509_crl_entry * next
Definition: x509_crl.h:65
md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
Definition: x509_crl.h:94
int day
Date.
Definition: x509.h:185
int tag
ASN1 type, e.g.
Definition: asn1.h:126
#define POLARSSL_ERR_ASN1_OUT_OF_DATA
Out of data when parsing an ASN1 data structure.
Definition: asn1.h:54
int x509_sig_alg_gets(char *buf, size_t size, const x509_buf *sig_oid, pk_type_t pk_alg, md_type_t md_alg, const void *sig_opts)
int x509_load_file(const char *path, unsigned char **buf, size_t *n)
x509_time this_update
Definition: x509_crl.h:85
Container for a sequence or list of &#39;named&#39; ASN.1 data items.
Definition: asn1.h:156
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:124
x509_buf entry_ext
Definition: x509_crl.h:63
pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
Definition: x509_crl.h:95
size_t len
ASN1 length, e.g.
Definition: asn1.h:127
int year
Definition: x509.h:185
x509_buf raw
Definition: x509_crl.h:57
X.509 certificate revocation list parsing.
int asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag.
int x509_get_ext(unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
#define POLARSSL_ERR_X509_INVALID_VERSION
The CRT/CRL/CSR version element is invalid.
Definition: x509.h:55
Certificate revocation list structure.
Definition: x509_crl.h:73
int min
Definition: x509.h:186
struct _asn1_named_data * next
The next entry in the sequence.
Definition: asn1.h:160
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS
The extension tag or value is invalid.
Definition: x509.h:61
#define POLARSSL_ERR_X509_BAD_INPUT_DATA
Input invalid.
Definition: x509.h:67
x509_buf raw
The raw certificate data (DER).
Definition: x509_crl.h:75
#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT
No PEM header or footer found.
Definition: pem.h:38
x509_time revocation_date
Definition: x509_crl.h:61
x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509_crl.h:81
#define POLARSSL_ERR_X509_MALLOC_FAILED
Allocation of memory failed.
Definition: x509.h:68
x509_buf crl_ext
Definition: x509_crl.h:90
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG
ASN1 tag was of an unexpected value.
Definition: asn1.h:55
int x509_serial_gets(char *buf, size_t size, const x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
#define POLARSSL_ERR_X509_SIG_MISMATCH
Signature algorithms do not match.
Definition: x509.h:64