#include <string.h>#include <stdlib.h>#include <stdio.h>#include <time.h>#include "xyssl/x509.h"#include "xyssl/base64.h"#include "xyssl/des.h"#include "xyssl/sha1.h"#include "xyssl/md5.h"#include "xyssl/md4.h"#include "xyssl/md2.h"Go to the source code of this file.
Defines | |
| #define | _CRT_SECURE_NO_DEPRECATE 1 |
Functions | |
| static int | asn1_get_len (unsigned char **p, unsigned char *end, int *len) |
| static int | asn1_get_tag (unsigned char **p, unsigned char *end, int *len, int tag) |
| static int | asn1_get_bool (unsigned char **p, unsigned char *end, int *val) |
| static int | asn1_get_int (unsigned char **p, unsigned char *end, int *val) |
| static int | asn1_get_mpi (unsigned char **p, unsigned char *end, mpi *X) |
| static int | x509_get_version (unsigned char **p, unsigned char *end, int *ver) |
| static int | x509_get_serial (unsigned char **p, unsigned char *end, x509_buf *serial) |
| static int | x509_get_alg (unsigned char **p, unsigned char *end, x509_buf *alg) |
| static int | x509_get_name (unsigned char **p, unsigned char *end, x509_name *cur) |
| static int | x509_get_dates (unsigned char **p, unsigned char *end, x509_time *from, x509_time *to) |
| static int | x509_get_pubkey (unsigned char **p, unsigned char *end, x509_buf *pk_alg_oid, mpi *N, mpi *E) |
| static int | x509_get_sig (unsigned char **p, unsigned char *end, x509_buf *sig) |
| static int | x509_get_uid (unsigned char **p, unsigned char *end, x509_buf *uid, int n) |
| static int | x509_get_ext (unsigned char **p, unsigned char *end, x509_buf *ext, int *ca_istrue, int *max_pathlen) |
| int | x509_add_certs (x509_cert *chain, unsigned char *buf, int buflen) |
| Parse one or more certificates and add them to the chain. | |
| int | x509_read_crtfile (x509_cert *chain, char *path) |
| Load one or more certificates and add them to the chain. | |
| static int | x509_des3_getiv (unsigned char *s, unsigned char iv[8]) |
| static void | x509_des3_decrypt (unsigned char des3_iv[8], unsigned char *buf, int buflen, unsigned char *pwd, int pwdlen) |
| int | x509_parse_key (rsa_context *rsa, unsigned char *buf, int buflen, unsigned char *pwd, int pwdlen) |
| Parse a private RSA key. | |
| int | x509_read_keyfile (rsa_context *rsa, char *path, char *pwd) |
| Load and parse a private RSA key. | |
| int | x509_dn_gets (char *buf, char *end, x509_name *dn) |
| Store the certificate DN in printable form into buf; no more than (end - buf) characters will be written. | |
| char * | x509_cert_info (x509_cert *crt) |
| Return an informational string about the certificate, or NULL if memory allocation failed. | |
| int | x509_is_cert_expired (x509_cert *crt) |
| Return 0 if the certificate is still valid, or BADCERT_HAS_EXPIRED. | |
| static void | x509_hash (unsigned char *in, int len, int alg, unsigned char *out) |
| int | x509_verify_cert (x509_cert *crt, x509_cert *trust_ca, char *cn, int *flags) |
| Verify the certificate signature. | |
| void | x509_free_cert (x509_cert *crt) |
| Unallocate all certificate data. | |
| int | x509_self_test (int verbose) |
| Checkup routine. | |
Variables | |
| static const char | _x509_read_src [] = "_x509read_src" |
| #define _CRT_SECURE_NO_DEPRECATE 1 |
Definition at line 33 of file x509read.c.
Definition at line 113 of file x509read.c.
References ASN1_BOOLEAN, asn1_get_tag(), and ERR_ASN1_INVALID_LENGTH.
Referenced by x509_get_ext().
Definition at line 131 of file x509read.c.
References asn1_get_tag(), ASN1_INTEGER, and ERR_ASN1_INVALID_LENGTH.
Referenced by x509_get_ext(), x509_get_version(), and x509_parse_key().
Definition at line 57 of file x509read.c.
References ERR_ASN1_INVALID_LENGTH, and ERR_ASN1_OUT_OF_DATA.
Referenced by asn1_get_tag(), x509_get_name(), and x509_get_serial().
Definition at line 154 of file x509read.c.
References asn1_get_tag(), ASN1_INTEGER, and mpi_read_binary().
Referenced by x509_get_pubkey(), and x509_parse_key().
Definition at line 98 of file x509read.c.
References asn1_get_len(), ERR_ASN1_OUT_OF_DATA, and ERR_ASN1_UNEXPECTED_TAG.
Referenced by asn1_get_bool(), asn1_get_int(), asn1_get_mpi(), x509_add_certs(), x509_get_alg(), x509_get_dates(), x509_get_ext(), x509_get_name(), x509_get_pubkey(), x509_get_sig(), x509_get_uid(), x509_get_version(), and x509_parse_key().
Parse one or more certificates and add them to the chain.
| chain | points to the start of the chain | |
| buf | buffer holding the certificate data | |
| buflen | size of the buffer |
Definition at line 643 of file x509read.c.
References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_SEQUENCE, base64_decode(), _x509_cert::ca_istrue, rsa_context::E, ERR_ASN1_LENGTH_MISMATCH, ERR_BASE64_INVALID_CHARACTER, ERR_X509_CERT_INVALID_FORMAT, ERR_X509_CERT_INVALID_PEM, ERR_X509_CERT_SIG_MISMATCH, ERR_X509_CERT_UNKNOWN_SIG_ALG, ERR_X509_CERT_UNKNOWN_VERSION, _x509_cert::issuer, _x509_cert::issuer_id, _x509_cert::issuer_raw, rsa_context::len, _x509_buf::len, _x509_cert::max_pathlen, mpi_msb(), rsa_context::N, _x509_cert::next, OID_PKCS1, _x509_buf::p, _x509_cert::pk_oid, _x509_cert::raw, _x509_cert::rsa, rsa_check_pubkey(), _x509_cert::serial, _x509_cert::sig, _x509_cert::sig_oid1, _x509_cert::sig_oid2, _x509_cert::subject, _x509_cert::subject_id, _x509_cert::subject_raw, _x509_cert::tbs, _x509_cert::v3_ext, _x509_cert::valid_from, _x509_cert::valid_to, _x509_cert::version, x509_add_certs(), x509_free_cert(), x509_get_alg(), x509_get_dates(), x509_get_ext(), x509_get_name(), x509_get_pubkey(), x509_get_serial(), x509_get_sig(), x509_get_uid(), and x509_get_version().
Referenced by main(), x509_add_certs(), and x509_read_crtfile().
| char* x509_cert_info | ( | x509_cert * | crt | ) |
Return an informational string about the certificate, or NULL if memory allocation failed.
Definition at line 1388 of file x509read.c.
References _x509_time::day, _x509_time::hour, _x509_cert::issuer, _x509_buf::len, _x509_time::min, _x509_time::mon, mpi::n, rsa_context::N, _x509_buf::p, _x509_cert::rsa, RSA_MD2, RSA_MD4, RSA_MD5, RSA_SHA1, _x509_time::sec, _x509_cert::serial, _x509_cert::sig_oid1, _x509_cert::subject, _x509_cert::valid_from, _x509_cert::valid_to, _x509_cert::version, x509_dn_gets(), and _x509_time::year.
| static void x509_des3_decrypt | ( | unsigned char | des3_iv[8], | |
| unsigned char * | buf, | |||
| int | buflen, | |||
| unsigned char * | pwd, | |||
| int | pwdlen | |||
| ) | [static] |
Definition at line 1035 of file x509read.c.
References des3_cbc_decrypt(), des3_set_3keys(), md5_finish(), md5_starts(), and md5_update().
Referenced by x509_parse_key().
| static int x509_des3_getiv | ( | unsigned char * | s, | |
| unsigned char | iv[8] | |||
| ) | [static] |
Definition at line 1010 of file x509read.c.
References ERR_X509_KEY_INVALID_ENC_IV.
Referenced by x509_parse_key().
Store the certificate DN in printable form into buf; no more than (end - buf) characters will be written.
Definition at line 1305 of file x509read.c.
References _x509_buf::len, _x509_name::next, _x509_name::oid, OID_PKCS9, OID_X520, _x509_buf::p, PKCS9_EMAIL, _x509_name::val, X520_COMMON_NAME, X520_COUNTRY, X520_LOCALITY, X520_ORG_UNIT, X520_ORGANIZATION, and X520_STATE.
Referenced by x509_cert_info().
| void x509_free_cert | ( | x509_cert * | crt | ) |
Unallocate all certificate data.
Definition at line 1595 of file x509read.c.
References _x509_cert::issuer, _x509_cert::next, _x509_name::next, _x509_buf::p, _x509_cert::raw, _x509_cert::rsa, rsa_free(), and _x509_cert::subject.
Referenced by main(), ssl_free(), and x509_add_certs().
Definition at line 234 of file x509read.c.
References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_NULL, ASN1_OID, ASN1_SEQUENCE, ERR_ASN1_LENGTH_MISMATCH, ERR_X509_CERT_INVALID_ALG, _x509_buf::len, _x509_buf::p, and _x509_buf::tag.
Referenced by x509_add_certs(), and x509_get_pubkey().
| static int x509_get_dates | ( | unsigned char ** | p, | |
| unsigned char * | end, | |||
| x509_time * | from, | |||
| x509_time * | to | |||
| ) | [static] |
Definition at line 363 of file x509read.c.
References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_SEQUENCE, ASN1_UTC_TIME, _x509_time::day, ERR_ASN1_LENGTH_MISMATCH, ERR_X509_CERT_INVALID_DATE, _x509_time::hour, _x509_time::min, _x509_time::mon, _x509_time::sec, and _x509_time::year.
Referenced by x509_add_certs().
| static int x509_get_ext | ( | unsigned char ** | p, | |
| unsigned char * | end, | |||
| x509_buf * | ext, | |||
| int * | ca_istrue, | |||
| int * | max_pathlen | |||
| ) | [static] |
Definition at line 535 of file x509read.c.
References ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, asn1_get_bool(), asn1_get_int(), asn1_get_tag(), ASN1_OCTET_STRING, ASN1_SEQUENCE, ERR_ASN1_LENGTH_MISMATCH, ERR_ASN1_UNEXPECTED_TAG, ERR_X509_CERT_INVALID_EXTENSIONS, _x509_buf::len, _x509_buf::p, and _x509_buf::tag.
Referenced by x509_add_certs().
Definition at line 281 of file x509read.c.
References ASN1_BMP_STRING, ASN1_CONSTRUCTED, asn1_get_len(), asn1_get_tag(), ASN1_IA5_STRING, ASN1_OID, ASN1_PRINTABLE_STRING, ASN1_SEQUENCE, ASN1_SET, ASN1_T61_STRING, ASN1_UNIVERSAL_STRING, ASN1_UTF8_STRING, ERR_ASN1_LENGTH_MISMATCH, ERR_ASN1_OUT_OF_DATA, ERR_ASN1_UNEXPECTED_TAG, ERR_X509_CERT_INVALID_NAME, _x509_buf::len, _x509_name::next, _x509_name::oid, _x509_buf::p, _x509_buf::tag, and _x509_name::val.
Referenced by x509_add_certs().
| static int x509_get_pubkey | ( | unsigned char ** | p, | |
| unsigned char * | end, | |||
| x509_buf * | pk_alg_oid, | |||
| mpi * | N, | |||
| mpi * | E | |||
| ) | [static] |
Definition at line 426 of file x509read.c.
References ASN1_BIT_STRING, ASN1_CONSTRUCTED, asn1_get_mpi(), asn1_get_tag(), ASN1_SEQUENCE, ERR_ASN1_LENGTH_MISMATCH, ERR_ASN1_OUT_OF_DATA, ERR_X509_CERT_INVALID_PUBKEY, ERR_X509_CERT_UNKNOWN_PK_ALG, _x509_buf::len, OID_PKCS1_RSA, _x509_buf::p, and x509_get_alg().
Referenced by x509_add_certs().
Definition at line 203 of file x509read.c.
References ASN1_CONTEXT_SPECIFIC, asn1_get_len(), ASN1_INTEGER, ASN1_PRIMITIVE, ERR_ASN1_OUT_OF_DATA, ERR_ASN1_UNEXPECTED_TAG, ERR_X509_CERT_INVALID_SERIAL, _x509_buf::len, _x509_buf::p, and _x509_buf::tag.
Referenced by x509_add_certs().
Definition at line 481 of file x509read.c.
References ASN1_BIT_STRING, asn1_get_tag(), ERR_X509_CERT_INVALID_SIGNATURE, _x509_buf::len, _x509_buf::p, and _x509_buf::tag.
Referenced by x509_add_certs().
Definition at line 506 of file x509read.c.
References ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, asn1_get_tag(), ERR_ASN1_UNEXPECTED_TAG, _x509_buf::len, _x509_buf::p, and _x509_buf::tag.
Referenced by x509_add_certs().
Definition at line 173 of file x509read.c.
References ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, asn1_get_int(), asn1_get_tag(), ERR_ASN1_LENGTH_MISMATCH, ERR_ASN1_UNEXPECTED_TAG, and ERR_X509_CERT_INVALID_VERSION.
Referenced by x509_add_certs().
Return 0 if the certificate is still valid, or BADCERT_HAS_EXPIRED.
Definition at line 1449 of file x509read.c.
References BADCERT_HAS_EXPIRED, _x509_time::day, _x509_time::mon, _x509_cert::valid_to, and _x509_time::year.
Referenced by x509_verify_cert().
| int x509_parse_key | ( | rsa_context * | rsa, | |
| unsigned char * | buf, | |||
| int | buflen, | |||
| unsigned char * | pwd, | |||
| int | pwdlen | |||
| ) |
Parse a private RSA key.
| rsa | RSA context to be initialized | |
| buf | input buffer | |
| buflen | size of the buffer | |
| pwd | password for decryption (optional) | |
| pwdlen | size of the password |
Definition at line 1074 of file x509read.c.
References ASN1_CONSTRUCTED, asn1_get_int(), asn1_get_mpi(), asn1_get_tag(), ASN1_SEQUENCE, base64_decode(), rsa_context::D, rsa_context::DP, rsa_context::DQ, rsa_context::E, ERR_ASN1_LENGTH_MISMATCH, ERR_BASE64_INVALID_CHARACTER, ERR_X509_FEATURE_UNAVAILABLE, ERR_X509_KEY_INVALID_ENC_IV, ERR_X509_KEY_INVALID_FORMAT, ERR_X509_KEY_INVALID_PEM, ERR_X509_KEY_INVALID_VERSION, ERR_X509_KEY_PASSWORD_MISMATCH, ERR_X509_KEY_PASSWORD_REQUIRED, ERR_X509_KEY_UNKNOWN_ENC_ALG, rsa_context::len, mpi_msb(), rsa_context::N, rsa_context::P, rsa_context::Q, rsa_context::QP, rsa_check_privkey(), rsa_free(), rsa_context::ver, x509_des3_decrypt(), and x509_des3_getiv().
Referenced by main(), and x509_read_keyfile().
Load one or more certificates and add them to the chain.
| chain | points to the start of the chain | |
| path | filename to read the certificates from |
Definition at line 971 of file x509read.c.
References f, and x509_add_certs().
| int x509_read_keyfile | ( | rsa_context * | rsa, | |
| char * | path, | |||
| char * | password | |||
| ) |
Load and parse a private RSA key.
| rsa | RSA context to be initialized | |
| path | filename to read the private key from | |
| pwd | password to decrypt the file (can be NULL) |
Definition at line 1258 of file x509read.c.
References f, and x509_parse_key().
Checkup routine.
Definition at line 1723 of file x509read.c.
Referenced by main().
Verify the certificate signature.
| crt | a certificate to be verified | |
| trust_ca | the trusted CA chain | |
| cn | expected Common Name (can be set to NULL if the CN must not be verified) | |
| flags | result of the verification |
Definition at line 1494 of file x509read.c.
References BADCERT_CN_MISMATCH, BADCERT_NOT_TRUSTED, _x509_cert::ca_istrue, ERR_X509_SIG_VERIFY_FAILED, _x509_cert::issuer_raw, _x509_buf::len, _x509_cert::max_pathlen, _x509_cert::next, _x509_name::next, _x509_name::oid, _x509_buf::p, _x509_cert::rsa, rsa_pkcs1_verify(), _x509_cert::sig, _x509_cert::sig_oid1, _x509_cert::subject, _x509_cert::subject_raw, _x509_cert::tbs, _x509_name::val, _x509_cert::version, x509_hash(), and x509_is_cert_expired().
const char _x509_read_src[] = "_x509read_src" [static] |
Definition at line 1644 of file x509read.c.
1.5.4