#include "xyssl/rsa.h"Go to the source code of this file.
Data Structures | |
| struct | _x509_buf |
| struct | _x509_name |
| struct | _x509_time |
| struct | _x509_cert |
| struct | _x509_node |
| struct | _x509_raw |
Defines | |
| #define | XYSSL_ERR_ASN1_OUT_OF_DATA -0x0014 |
| #define | XYSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 |
| #define | XYSSL_ERR_ASN1_INVALID_LENGTH -0x0018 |
| #define | XYSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A |
| #define | XYSSL_ERR_ASN1_INVALID_DATA -0x001C |
| #define | XYSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 |
| #define | XYSSL_ERR_X509_CERT_INVALID_PEM -0x0040 |
| #define | XYSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 |
| #define | XYSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 |
| #define | XYSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 |
| #define | XYSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 |
| #define | XYSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 |
| #define | XYSSL_ERR_X509_CERT_INVALID_DATE -0x0100 |
| #define | XYSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 |
| #define | XYSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 |
| #define | XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 |
| #define | XYSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 |
| #define | XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 |
| #define | XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 |
| #define | XYSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 |
| #define | XYSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 |
| #define | XYSSL_ERR_X509_KEY_INVALID_PEM -0x0220 |
| #define | XYSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 |
| #define | XYSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 |
| #define | XYSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 |
| #define | XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 |
| #define | XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 |
| #define | XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 |
| #define | XYSSL_ERR_X509_POINT_ERROR -0x0300 |
| #define | XYSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 |
| #define | BADCERT_EXPIRED 1 |
| #define | BADCERT_REVOKED 2 |
| #define | BADCERT_CN_MISMATCH 4 |
| #define | BADCERT_NOT_TRUSTED 8 |
| #define | ASN1_BOOLEAN 0x01 |
| #define | ASN1_INTEGER 0x02 |
| #define | ASN1_BIT_STRING 0x03 |
| #define | ASN1_OCTET_STRING 0x04 |
| #define | ASN1_NULL 0x05 |
| #define | ASN1_OID 0x06 |
| #define | ASN1_UTF8_STRING 0x0C |
| #define | ASN1_SEQUENCE 0x10 |
| #define | ASN1_SET 0x11 |
| #define | ASN1_PRINTABLE_STRING 0x13 |
| #define | ASN1_T61_STRING 0x14 |
| #define | ASN1_IA5_STRING 0x16 |
| #define | ASN1_UTC_TIME 0x17 |
| #define | ASN1_UNIVERSAL_STRING 0x1C |
| #define | ASN1_BMP_STRING 0x1E |
| #define | ASN1_PRIMITIVE 0x00 |
| #define | ASN1_CONSTRUCTED 0x20 |
| #define | ASN1_CONTEXT_SPECIFIC 0x80 |
| #define | X520_COMMON_NAME 3 |
| #define | X520_COUNTRY 6 |
| #define | X520_LOCALITY 7 |
| #define | X520_STATE 8 |
| #define | X520_ORGANIZATION 10 |
| #define | X520_ORG_UNIT 11 |
| #define | PKCS9_EMAIL 1 |
| #define | X509_OUTPUT_DER 0x01 |
| #define | X509_OUTPUT_PEM 0x02 |
| #define | PEM_LINE_LENGTH 72 |
| #define | X509_ISSUER 0x01 |
| #define | X509_SUBJECT 0x02 |
| #define | OID_X520 "\x55\x04" |
| #define | OID_CN "\x55\x04\x03" |
| #define | OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01" |
| #define | OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" |
| #define | OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05" |
| #define | OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09" |
| #define | OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" |
Typedefs | |
| typedef struct _x509_buf | x509_buf |
| typedef struct _x509_name | x509_name |
| typedef struct _x509_time | x509_time |
| typedef struct _x509_cert | x509_cert |
| typedef struct _x509_node | x509_node |
| typedef struct _x509_raw | x509_raw |
Functions | |
| int | x509parse_crt (x509_cert *crt, unsigned char *buf, int buflen) |
| Parse one or more certificates and add them to the chained list. | |
| int | x509parse_crtfile (x509_cert *crt, char *path) |
| Load one or more certificates and add them to the chained list. | |
| int | x509parse_key (rsa_context *rsa, unsigned char *buf, int buflen, unsigned char *pwd, int pwdlen) |
| Parse a private RSA key. | |
| int | x509parse_keyfile (rsa_context *rsa, char *path, char *password) |
| Load and parse a private RSA key. | |
| int | x509parse_dn_gets (char *buf, char *end, x509_name *dn) |
| Store the certificate DN in printable form into buf; no more than (end - buf) characters will be written. | |
| char * | x509parse_cert_info (char *prefix, x509_cert *crt) |
| Returns an informational string about the certificate. | |
| int | x509parse_expired (x509_cert *crt) |
| Return 0 if the certificate is still valid, or BADCERT_EXPIRED. | |
| int | x509parse_verify (x509_cert *crt, x509_cert *trust_ca, char *cn, int *flags) |
| Verify the certificate signature. | |
| void | x509_free (x509_cert *crt) |
| Unallocate all certificate data. | |
| int | x509_self_test (int verbose) |
| Checkup routine. | |
Definition in file x509.h.
| #define ASN1_BIT_STRING 0x03 |
Definition at line 51 of file x509.h.
Referenced by x509_get_pubkey(), and x509_get_sig().
| #define ASN1_BMP_STRING 0x1E |
Definition at line 63 of file x509.h.
Referenced by x509_get_name().
| #define ASN1_BOOLEAN 0x01 |
Definition at line 49 of file x509.h.
Referenced by asn1_get_bool().
| #define ASN1_CONSTRUCTED 0x20 |
Definition at line 65 of file x509.h.
Referenced by x509_get_alg(), x509_get_dates(), x509_get_ext(), x509_get_name(), x509_get_pubkey(), x509_get_uid(), x509_get_version(), x509parse_crt(), and x509parse_key().
| #define ASN1_CONTEXT_SPECIFIC 0x80 |
Definition at line 66 of file x509.h.
Referenced by x509_get_ext(), x509_get_serial(), x509_get_uid(), and x509_get_version().
| #define ASN1_IA5_STRING 0x16 |
Definition at line 60 of file x509.h.
Referenced by x509_get_name().
| #define ASN1_INTEGER 0x02 |
Definition at line 50 of file x509.h.
Referenced by asn1_get_int(), asn1_get_mpi(), and x509_get_serial().
| #define ASN1_NULL 0x05 |
Definition at line 53 of file x509.h.
Referenced by x509_get_alg().
| #define ASN1_OCTET_STRING 0x04 |
Definition at line 52 of file x509.h.
Referenced by x509_get_ext().
| #define ASN1_OID 0x06 |
Definition at line 54 of file x509.h.
Referenced by x509_get_alg(), and x509_get_name().
| #define ASN1_PRIMITIVE 0x00 |
Definition at line 64 of file x509.h.
Referenced by x509_get_serial().
| #define ASN1_PRINTABLE_STRING 0x13 |
Definition at line 58 of file x509.h.
Referenced by x509_get_name().
| #define ASN1_SEQUENCE 0x10 |
Definition at line 56 of file x509.h.
Referenced by x509_get_alg(), x509_get_dates(), x509_get_ext(), x509_get_name(), x509_get_pubkey(), x509parse_crt(), and x509parse_key().
| #define ASN1_SET 0x11 |
Definition at line 57 of file x509.h.
Referenced by x509_get_name().
| #define ASN1_T61_STRING 0x14 |
Definition at line 59 of file x509.h.
Referenced by x509_get_name().
| #define ASN1_UNIVERSAL_STRING 0x1C |
Definition at line 62 of file x509.h.
Referenced by x509_get_name().
| #define ASN1_UTC_TIME 0x17 |
Definition at line 61 of file x509.h.
Referenced by x509_get_dates().
| #define ASN1_UTF8_STRING 0x0C |
Definition at line 55 of file x509.h.
Referenced by x509_get_name().
| #define BADCERT_CN_MISMATCH 4 |
Definition at line 43 of file x509.h.
Referenced by main(), and x509parse_verify().
| #define BADCERT_EXPIRED 1 |
Definition at line 41 of file x509.h.
Referenced by main(), and x509parse_expired().
| #define BADCERT_NOT_TRUSTED 8 |
Definition at line 44 of file x509.h.
Referenced by main(), and x509parse_verify().
| #define OID_CN "\x55\x04\x03" |
Definition at line 86 of file x509.h.
Referenced by x509parse_verify().
| #define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01" |
Definition at line 87 of file x509.h.
Referenced by x509parse_crt().
| #define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" |
Definition at line 88 of file x509.h.
Referenced by x509_get_pubkey().
| #define OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05" |
| #define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09" |
Definition at line 90 of file x509.h.
Referenced by x509parse_dn_gets().
| #define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" |
| #define OID_X520 "\x55\x04" |
Definition at line 85 of file x509.h.
Referenced by x509parse_dn_gets().
| #define PKCS9_EMAIL 1 |
Definition at line 77 of file x509.h.
Referenced by x509parse_dn_gets().
| #define X520_COMMON_NAME 3 |
Definition at line 71 of file x509.h.
Referenced by x509parse_dn_gets().
| #define X520_COUNTRY 6 |
Definition at line 72 of file x509.h.
Referenced by x509parse_dn_gets().
| #define X520_LOCALITY 7 |
Definition at line 73 of file x509.h.
Referenced by x509parse_dn_gets().
| #define X520_ORG_UNIT 11 |
Definition at line 76 of file x509.h.
Referenced by x509parse_dn_gets().
| #define X520_ORGANIZATION 10 |
Definition at line 75 of file x509.h.
Referenced by x509parse_dn_gets().
| #define X520_STATE 8 |
Definition at line 74 of file x509.h.
Referenced by x509parse_dn_gets().
| #define XYSSL_ERR_ASN1_INVALID_LENGTH -0x0018 |
Definition at line 11 of file x509.h.
Referenced by asn1_get_bool(), asn1_get_int(), and asn1_get_len().
| #define XYSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A |
Definition at line 12 of file x509.h.
Referenced by x509_get_alg(), x509_get_dates(), x509_get_ext(), x509_get_name(), x509_get_pubkey(), x509_get_version(), x509parse_crt(), and x509parse_key().
| #define XYSSL_ERR_ASN1_OUT_OF_DATA -0x0014 |
Definition at line 9 of file x509.h.
Referenced by asn1_get_len(), asn1_get_tag(), x509_get_name(), x509_get_pubkey(), and x509_get_serial().
| #define XYSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 |
Definition at line 10 of file x509.h.
Referenced by asn1_get_tag(), x509_get_ext(), x509_get_name(), x509_get_serial(), x509_get_uid(), and x509_get_version().
| #define XYSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 |
Definition at line 20 of file x509.h.
Referenced by x509_get_alg().
| #define XYSSL_ERR_X509_CERT_INVALID_DATE -0x0100 |
Definition at line 22 of file x509.h.
Referenced by x509_get_dates().
| #define XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 |
Definition at line 25 of file x509.h.
Referenced by x509_get_ext().
| #define XYSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 |
Definition at line 17 of file x509.h.
Referenced by x509parse_crt().
| #define XYSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 |
Definition at line 21 of file x509.h.
Referenced by x509_get_name().
| #define XYSSL_ERR_X509_CERT_INVALID_PEM -0x0040 |
Definition at line 16 of file x509.h.
Referenced by x509parse_crt().
| #define XYSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 |
Definition at line 23 of file x509.h.
Referenced by x509_get_pubkey().
| #define XYSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 |
Definition at line 19 of file x509.h.
Referenced by x509_get_serial().
| #define XYSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 |
Definition at line 24 of file x509.h.
Referenced by x509_get_sig().
| #define XYSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 |
Definition at line 18 of file x509.h.
Referenced by x509_get_version().
| #define XYSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 |
Definition at line 29 of file x509.h.
Referenced by x509parse_crt().
| #define XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 |
Definition at line 28 of file x509.h.
Referenced by x509_get_pubkey().
| #define XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 |
Definition at line 27 of file x509.h.
Referenced by x509parse_crt().
| #define XYSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 |
Definition at line 26 of file x509.h.
Referenced by x509parse_crt().
| #define XYSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 |
Definition at line 30 of file x509.h.
Referenced by x509parse_verify().
| #define XYSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 |
Definition at line 15 of file x509.h.
Referenced by x509parse_key().
| #define XYSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 |
Definition at line 34 of file x509.h.
Referenced by x509_get_iv(), and x509parse_key().
| #define XYSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 |
Definition at line 33 of file x509.h.
Referenced by x509parse_key().
| #define XYSSL_ERR_X509_KEY_INVALID_PEM -0x0220 |
Definition at line 31 of file x509.h.
Referenced by x509parse_key().
| #define XYSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 |
Definition at line 32 of file x509.h.
Referenced by x509parse_key().
| #define XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 |
Definition at line 37 of file x509.h.
Referenced by x509parse_key().
| #define XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 |
Definition at line 36 of file x509.h.
Referenced by x509parse_key().
| #define XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 |
Definition at line 35 of file x509.h.
Referenced by x509parse_key().
| typedef struct _x509_cert x509_cert |
| typedef struct _x509_name x509_name |
| typedef struct _x509_node x509_node |
| typedef struct _x509_time x509_time |
| void x509_free | ( | x509_cert * | crt | ) |
Unallocate all certificate data.
Definition at line 1613 of file x509parse.c.
References _x509_cert::issuer, _x509_buf::len, _x509_cert::next, _x509_name::next, _x509_buf::p, _x509_cert::raw, _x509_cert::rsa, rsa_free(), and _x509_cert::subject.
Referenced by main(), ssl_free(), ssl_test(), x509_self_test(), and x509parse_crt().
Checkup routine.
Definition at line 1675 of file x509parse.c.
References rsa_free(), test_ca_crt, test_ca_key, test_ca_pwd, test_cli_crt, x509_free(), x509parse_crt(), x509parse_key(), and x509parse_verify().
Referenced by main().
| char* x509parse_cert_info | ( | char * | prefix, | |
| x509_cert * | crt | |||
| ) |
Returns an informational string about the certificate.
Definition at line 1399 of file x509parse.c.
References buf, _x509_time::day, _x509_time::hour, _x509_cert::issuer, _x509_buf::len, _x509_time::min, _x509_time::mon, mpi::n, rsa_context::N, _x509_buf::p, _x509_cert::rsa, RSA_MD2, RSA_MD4, RSA_MD5, RSA_SHA1, _x509_time::sec, _x509_cert::serial, _x509_cert::sig_oid1, _x509_cert::subject, _x509_cert::valid_from, _x509_cert::valid_to, _x509_cert::version, x509parse_dn_gets(), and _x509_time::year.
Referenced by debug_print_crt(), and main().
Parse one or more certificates and add them to the chained list.
| chain | points to the start of the chain | |
| buf | buffer holding the certificate data | |
| buflen | size of the buffer |
Definition at line 647 of file x509parse.c.
References ASN1_CONSTRUCTED, asn1_get_tag(), ASN1_SEQUENCE, base64_decode(), _x509_cert::ca_istrue, rsa_context::E, _x509_cert::issuer, _x509_cert::issuer_id, _x509_cert::issuer_raw, rsa_context::len, _x509_buf::len, _x509_cert::max_pathlen, mpi_size(), rsa_context::N, _x509_cert::next, OID_PKCS1, _x509_buf::p, _x509_cert::pk_oid, _x509_cert::raw, _x509_cert::rsa, rsa_check_pubkey(), _x509_cert::serial, _x509_cert::sig, _x509_cert::sig_oid1, _x509_cert::sig_oid2, _x509_cert::subject, _x509_cert::subject_id, _x509_cert::subject_raw, _x509_cert::tbs, _x509_cert::v3_ext, _x509_cert::valid_from, _x509_cert::valid_to, _x509_cert::version, x509_free(), x509_get_alg(), x509_get_dates(), x509_get_ext(), x509_get_name(), x509_get_pubkey(), x509_get_serial(), x509_get_sig(), x509_get_uid(), x509_get_version(), x509parse_crt(), XYSSL_ERR_ASN1_LENGTH_MISMATCH, XYSSL_ERR_BASE64_INVALID_CHARACTER, XYSSL_ERR_X509_CERT_INVALID_FORMAT, XYSSL_ERR_X509_CERT_INVALID_PEM, XYSSL_ERR_X509_CERT_SIG_MISMATCH, XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG, and XYSSL_ERR_X509_CERT_UNKNOWN_VERSION.
Referenced by main(), ssl_parse_certificate(), ssl_test(), x509_self_test(), x509parse_crt(), and x509parse_crtfile().
Load one or more certificates and add them to the chained list.
| chain | points to the start of the chain | |
| path | filename to read the certificates from |
Definition at line 979 of file x509parse.c.
References buf, f, and x509parse_crt().
Store the certificate DN in printable form into buf; no more than (end - buf) characters will be written.
Definition at line 1316 of file x509parse.c.
References _x509_buf::len, _x509_name::next, _x509_name::oid, OID_PKCS9, OID_X520, _x509_buf::p, PKCS9_EMAIL, _x509_name::val, X520_COMMON_NAME, X520_COUNTRY, X520_LOCALITY, X520_ORG_UNIT, X520_ORGANIZATION, and X520_STATE.
Referenced by x509parse_cert_info().
Return 0 if the certificate is still valid, or BADCERT_EXPIRED.
Definition at line 1458 of file x509parse.c.
References BADCERT_EXPIRED, _x509_time::day, _x509_time::mon, _x509_cert::valid_to, and _x509_time::year.
Referenced by x509parse_verify().
| int x509parse_key | ( | rsa_context * | rsa, | |
| unsigned char * | buf, | |||
| int | buflen, | |||
| unsigned char * | pwd, | |||
| int | pwdlen | |||
| ) |
Parse a private RSA key.
| rsa | RSA context to be initialized | |
| buf | input buffer | |
| buflen | size of the buffer | |
| pwd | password for decryption (optional) | |
| pwdlen | size of the password |
Definition at line 1082 of file x509parse.c.
References ASN1_CONSTRUCTED, asn1_get_int(), asn1_get_mpi(), asn1_get_tag(), ASN1_SEQUENCE, base64_decode(), rsa_context::D, rsa_context::DP, rsa_context::DQ, rsa_context::E, rsa_context::len, mpi_size(), rsa_context::N, rsa_context::P, rsa_context::Q, rsa_context::QP, rsa_check_privkey(), rsa_free(), rsa_context::ver, x509_des3_decrypt(), x509_get_iv(), XYSSL_ERR_ASN1_LENGTH_MISMATCH, XYSSL_ERR_BASE64_INVALID_CHARACTER, XYSSL_ERR_X509_FEATURE_UNAVAILABLE, XYSSL_ERR_X509_KEY_INVALID_ENC_IV, XYSSL_ERR_X509_KEY_INVALID_FORMAT, XYSSL_ERR_X509_KEY_INVALID_PEM, XYSSL_ERR_X509_KEY_INVALID_VERSION, XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH, XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED, and XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG.
Referenced by main(), ssl_test(), x509_self_test(), and x509parse_keyfile().
| int x509parse_keyfile | ( | rsa_context * | rsa, | |
| char * | path, | |||
| char * | password | |||
| ) |
Load and parse a private RSA key.
| rsa | RSA context to be initialized | |
| path | filename to read the private key from | |
| pwd | password to decrypt the file (can be NULL) |
Definition at line 1269 of file x509parse.c.
References buf, f, and x509parse_key().
Verify the certificate signature.
| crt | a certificate to be verified | |
| trust_ca | the trusted CA chain | |
| cn | expected Common Name (can be set to NULL if the CN must not be verified) | |
| flags | result of the verification |
Definition at line 1503 of file x509parse.c.
References BADCERT_CN_MISMATCH, BADCERT_NOT_TRUSTED, _x509_cert::ca_istrue, cur, _x509_cert::issuer_raw, _x509_buf::len, _x509_cert::max_pathlen, _x509_cert::next, _x509_name::next, _x509_name::oid, OID_CN, _x509_buf::p, _x509_cert::rsa, rsa_pkcs1_verify(), RSA_PUBLIC, _x509_cert::sig, _x509_cert::sig_oid1, _x509_cert::subject, _x509_cert::subject_raw, _x509_cert::tbs, _x509_name::val, _x509_cert::version, x509_hash(), x509parse_expired(), and XYSSL_ERR_X509_CERT_VERIFY_FAILED.
Referenced by ssl_parse_certificate(), and x509_self_test().
1.6.3