59#if !defined(MBEDTLS_CONFIG_FILE)
62#include MBEDTLS_CONFIG_FILE
65#if defined(MBEDTLS_X509_CRT_PARSE_C)
73#if defined(MBEDTLS_PEM_PARSE_C)
77#if defined(MBEDTLS_PLATFORM_C)
82#define mbedtls_free free
83#define mbedtls_calloc calloc
84#define mbedtls_snprintf snprintf
87#if defined(MBEDTLS_THREADING_C)
91#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
97#if defined(MBEDTLS_FS_IO)
99#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
112} x509_crt_verify_chain_item;
117#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
123#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
147#if defined(MBEDTLS_ECP_C)
173#if defined(MBEDTLS_ECP_C)
224#if defined(MBEDTLS_RSA_C)
234#if defined(MBEDTLS_ECP_C)
257static int x509_memcasecmp(
const void *
s1,
const void *
s2,
size_t len )
261 const unsigned char *
n1 =
s1, *
n2 =
s2;
263 for(
i = 0;
i <
len;
i++ )
271 ( (
n1[
i] >=
'a' &&
n1[
i] <=
'z' ) ||
272 (
n1[
i] >=
'A' &&
n1[
i] <=
'Z' ) ) )
289 size_t cn_idx = 0, cn_len =
strlen(
cn );
292 if(
name->len < 3 ||
name->p[0] !=
'*' ||
name->p[1] !=
'.' )
295 for(
i = 0;
i < cn_len; ++
i )
307 if( cn_len - cn_idx ==
name->len - 1 &&
308 x509_memcasecmp(
name->p + 1,
cn + cn_idx,
name->len - 1 ) == 0 )
324 if(
a->tag ==
b->tag &&
334 x509_memcasecmp(
a->p,
b->p,
b->len ) == 0 )
361 if(
a->oid.tag !=
b->oid.tag ||
362 a->oid.len !=
b->oid.len ||
363 memcmp(
a->oid.p,
b->oid.p,
b->oid.len ) != 0 )
369 if( x509_string_cmp( &
a->val, &
b->val ) != 0 )
373 if(
a->next_merged !=
b->next_merged )
387static void x509_crt_verify_chain_reset(
404static int x509_get_version(
unsigned char **
p,
405 const unsigned char *
end,
440static int x509_get_dates(
unsigned char **
p,
441 const unsigned char *
end,
470static int x509_get_uid(
unsigned char **
p,
471 const unsigned char *
end,
496static int x509_get_basic_constraints(
unsigned char **
p,
497 const unsigned char *
end,
527 if( *ca_istrue != 0 )
552static int x509_get_ns_cert_type(
unsigned char **
p,
553 const unsigned char *
end,
554 unsigned char *ns_cert_type)
567 *ns_cert_type = *
bs.p;
571static int x509_get_key_usage(
unsigned char **
p,
572 const unsigned char *
end,
573 unsigned int *key_usage)
588 for(
i = 0;
i <
bs.len &&
i <
sizeof(
unsigned int );
i++ )
590 *key_usage |= (
unsigned int)
bs.p[
i] << (8*
i);
601static int x509_get_ext_key_usage(
unsigned char **
p,
602 const unsigned char *
end,
644static int x509_get_subject_alt_name(
unsigned char **
p,
645 const unsigned char *
end,
665 if( (
end - *
p ) < 1 )
724static int x509_get_crt_ext(
unsigned char **
p,
725 const unsigned char *
end,
730 unsigned char *end_ext_data, *end_ext_octet;
755 end_ext_data = *
p +
len;
776 end_ext_octet = *
p +
len;
778 if( end_ext_octet != end_ext_data )
792#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
813 if( (
ret = x509_get_basic_constraints(
p, end_ext_octet,
820 if( (
ret = x509_get_key_usage(
p, end_ext_octet,
827 if( (
ret = x509_get_ext_key_usage(
p, end_ext_octet,
834 if( (
ret = x509_get_subject_alt_name(
p, end_ext_octet,
841 if( (
ret = x509_get_ns_cert_type(
p, end_ext_octet,
866 unsigned char *
p, *
end, *crt_end;
880 p = (
unsigned char*)
buf;
897 if(
len > (
size_t) (
end -
p ) )
942 &sig_params1 ) ) != 0 )
1054#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
1058 ret = x509_get_crt_ext( &
p,
end, crt );
1090 sig_params1.
tag != sig_params2.
tag ||
1091 sig_params1.
len != sig_params2.
len ||
1092 ( sig_params1.
len != 0 &&
1093 memcmp( sig_params1.
p, sig_params2.
p, sig_params1.
len ) != 0 ) )
1152 if( (
ret = x509_crt_parse_der_core( crt,
buf, buflen ) ) != 0 )
1172#if defined(MBEDTLS_PEM_PARSE_C)
1173 int success = 0, first_error = 0, total_failed = 0;
1187#if defined(MBEDTLS_PEM_PARSE_C)
1188 if( buflen != 0 &&
buf[buflen - 1] ==
'\0' &&
1189 strstr( (
const char *)
buf,
"-----BEGIN CERTIFICATE-----" ) !=
NULL )
1200#if defined(MBEDTLS_PEM_PARSE_C)
1204 mbedtls_pem_context pem;
1210 mbedtls_pem_init( &pem );
1213 ret = mbedtls_pem_read_buffer( &pem,
1214 "-----BEGIN CERTIFICATE-----",
1215 "-----END CERTIFICATE-----",
1232 mbedtls_pem_free( &pem );
1240 if( first_error == 0 )
1251 mbedtls_pem_free( &pem );
1261 if( first_error == 0 )
1273 return( total_failed );
1274 else if( first_error )
1275 return( first_error );
1281#if defined(MBEDTLS_FS_IO)
1291 if( (
ret = mbedtls_pk_load_file(
path, &
buf, &
n ) ) != 0 )
1305#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
1318 memset( szDir, 0,
sizeof(szDir) );
1376#if defined(MBEDTLS_THREADING_C)
1377 if( (
ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
1389 if( snp_ret < 0 || (
size_t)snp_ret >=
sizeof entry_name )
1394 else if(
stat( entry_name, &
sb ) == -1 )
1405 t_ret = mbedtls_x509_crt_parse_file(
chain, entry_name );
1415#if defined(MBEDTLS_THREADING_C)
1416 if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
1426static int x509_info_subject_alt_name(
char **
buf,
size_t *
size,
1433 const char *sep =
"";
1438 if(
cur->buf.len + sep_len >=
n )
1444 n -=
cur->buf.len + sep_len;
1445 for(
i = 0;
i < sep_len;
i++ )
1447 for(
i = 0;
i <
cur->buf.len;
i++ )
1448 *
p++ =
cur->buf.p[
i];
1464#define PRINT_ITEM(i) \
1466 ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
1467 MBEDTLS_X509_SAFE_SNPRINTF; \
1471#define CERT_TYPE(type,name) \
1472 if( ns_cert_type & (type) ) \
1475static int x509_info_cert_type(
char **
buf,
size_t *
size,
1476 unsigned char ns_cert_type )
1481 const char *sep =
"";
1498#define KEY_USAGE(code,name) \
1499 if( key_usage & (code) ) \
1502static int x509_info_key_usage(
char **
buf,
size_t *
size,
1503 unsigned int key_usage )
1508 const char *sep =
"";
1526static int x509_info_ext_key_usage(
char **
buf,
size_t *
size,
1534 const char *sep =
"";
1558#define BEFORE_COLON 18
1566 char key_size_str[BEFORE_COLON];
1576 return( (
int) (
size -
n ) );
1600 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1607 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
1653 if( (
ret = x509_info_subject_alt_name( &
p, &
n,
1672 if( (
ret = x509_info_key_usage( &
p, &
n, crt->
key_usage ) ) != 0 )
1681 if( (
ret = x509_info_ext_key_usage( &
p, &
n,
1689 return( (
int) (
size -
n ) );
1692struct x509_crt_verify_string {
1697static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
1725 const struct x509_crt_verify_string *
cur;
1729 for(
cur = x509_crt_verify_strings;
cur->string !=
NULL ;
cur++ )
1742 "(this should not happen)\n", prefix );
1746 return( (
int) (
size -
n ) );
1749#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1751 unsigned int usage )
1753 unsigned int usage_must, usage_may;
1760 usage_must =
usage & ~may_mask;
1762 if( ( ( crt->
key_usage & ~may_mask ) & usage_must ) != usage_must )
1765 usage_may =
usage & may_mask;
1767 if( ( ( crt->
key_usage & may_mask ) | usage_may ) != usage_may )
1774#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
1776 const char *usage_oid,
1792 if( cur_oid->
len == usage_len &&
1793 memcmp( cur_oid->
p, usage_oid, usage_len ) == 0 )
1806#if defined(MBEDTLS_X509_CRL_PARSE_C)
1843 while( crl_list !=
NULL )
1846 x509_name_cmp( &crl_list->
issuer, &
ca->subject ) != 0 )
1848 crl_list = crl_list->
next;
1855#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
1867 if( x509_profile_check_md_alg(
profile, crl_list->
sig_md ) != 0 )
1870 if( x509_profile_check_pk_alg(
profile, crl_list->
sig_pk ) != 0 )
1881 if( x509_profile_check_key(
profile, &
ca->pk ) != 0 )
1904 if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
1910 crl_list = crl_list->
next;
1938#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1943 child->sig.p,
child->sig.len, &rs_ctx->pk ) );
1967 if( x509_name_cmp( &
child->issuer, &
parent->subject ) != 0 )
1977 if( need_ca_bit && !
parent->ca_istrue )
1980#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
2034static int x509_crt_find_parent_in(
2038 int *r_signature_is_good,
2046 int signature_is_good, fallback_signature_is_good;
2048#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2050 if( rs_ctx !=
NULL && rs_ctx->parent !=
NULL )
2054 fallback_parent = rs_ctx->fallback_parent;
2055 fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
2058 rs_ctx->parent =
NULL;
2059 rs_ctx->fallback_parent =
NULL;
2060 rs_ctx->fallback_signature_is_good = 0;
2063 goto check_signature;
2067 fallback_parent =
NULL;
2068 fallback_signature_is_good = 0;
2077 if(
parent->max_pathlen > 0 &&
2078 (
size_t)
parent->max_pathlen < 1 + path_cnt - self_cnt )
2084#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2089#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2094 rs_ctx->fallback_parent = fallback_parent;
2095 rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
2103 signature_is_good =
ret == 0;
2104 if(
top && ! signature_is_good )
2111 if( fallback_parent ==
NULL )
2113 fallback_parent =
parent;
2114 fallback_signature_is_good = signature_is_good;
2121 *r_signature_is_good = signature_is_good;
2128 *r_parent = fallback_parent;
2129 *r_signature_is_good = fallback_signature_is_good;
2157static int x509_crt_find_parent(
2161 int *parent_is_trusted,
2162 int *signature_is_good,
2170 *parent_is_trusted = 1;
2172#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2174 if( rs_ctx !=
NULL && rs_ctx->parent_is_trusted != -1 )
2176 *parent_is_trusted = rs_ctx->parent_is_trusted;
2177 rs_ctx->parent_is_trusted = -1;
2182 search_list = *parent_is_trusted ? trust_ca :
child->next;
2184 ret = x509_crt_find_parent_in(
child, search_list,
2185 parent, signature_is_good,
2187 path_cnt, self_cnt, rs_ctx );
2189#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2193 rs_ctx->parent_is_trusted = *parent_is_trusted;
2201 if( *
parent !=
NULL || *parent_is_trusted == 0 )
2205 *parent_is_trusted = 0;
2211 *parent_is_trusted = 0;
2212 *signature_is_good = 0;
2224static int x509_crt_check_ee_locally_trusted(
2288static int x509_crt_verify_chain(
2303 int parent_is_trusted;
2304 int child_is_trusted;
2305 int signature_is_good;
2308#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2310 if( rs_ctx !=
NULL && rs_ctx->in_progress == x509_crt_rs_find_parent )
2313 *ver_chain = rs_ctx->ver_chain;
2314 self_cnt = rs_ctx->self_cnt;
2327 parent_is_trusted = 0;
2328 child_is_trusted = 0;
2346 if( child_is_trusted )
2350 if( x509_profile_check_md_alg(
profile,
child->sig_md ) != 0 )
2353 if( x509_profile_check_pk_alg(
profile,
child->sig_pk ) != 0 )
2357 if( ver_chain->
len == 1 &&
2358 x509_crt_check_ee_locally_trusted(
child, trust_ca ) == 0 )
2363#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2368 &parent_is_trusted, &signature_is_good,
2369 ver_chain->
len - 1, self_cnt, rs_ctx );
2371#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2375 rs_ctx->in_progress = x509_crt_rs_find_parent;
2376 rs_ctx->self_cnt = self_cnt;
2377 rs_ctx->ver_chain = *ver_chain;
2395 if( ver_chain->
len != 1 &&
2396 x509_name_cmp( &
child->issuer, &
child->subject ) == 0 )
2403 if( ! parent_is_trusted &&
2411 if( ! signature_is_good )
2418#if defined(MBEDTLS_X509_CRL_PARSE_C)
2428 child_is_trusted = parent_is_trusted;
2429 signature_is_good = 0;
2437 const char *
cn,
size_t cn_len )
2440 if(
name->len == cn_len &&
2441 x509_memcasecmp(
cn,
name->p, cn_len ) == 0 )
2447 if( x509_check_wildcard(
cn,
name ) == 0 )
2470 if( x509_crt_check_cn( &
cur->buf,
cn, cn_len ) == 0 )
2482 x509_crt_check_cn( &
name->val,
cn, cn_len ) == 0 )
2496static int x509_crt_merge_flags_with_cb(
2507 for(
i = ver_chain->
len;
i != 0; --
i )
2510 cur_flags =
cur->flags;
2512 if(
NULL != f_vrfy )
2513 if( (
ret = f_vrfy( p_vrfy,
cur->crt, (
int)
i-1, &cur_flags ) ) != 0 )
2516 *
flags |= cur_flags;
2534 f_vrfy, p_vrfy,
NULL ) );
2578 x509_crt_verify_chain_reset( &ver_chain );
2588 x509_crt_verify_name( crt,
cn, &ee_flags );
2593 if( x509_profile_check_pk_alg(
profile, pk_type ) != 0 )
2596 if( x509_profile_check_key(
profile, &crt->
pk ) != 0 )
2600 ret = x509_crt_verify_chain( crt, trust_ca, ca_crl,
profile,
2601 &ver_chain, rs_ctx );
2610 ret = x509_crt_merge_flags_with_cb(
flags, &ver_chain, f_vrfy, p_vrfy );
2613#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2615 mbedtls_x509_crt_restart_free( rs_ctx );
2663#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
2668 while( name_cur !=
NULL )
2670 name_prv = name_cur;
2671 name_cur = name_cur->
next;
2677 while( name_cur !=
NULL )
2679 name_prv = name_cur;
2680 name_cur = name_cur->
next;
2686 while( seq_cur !=
NULL )
2689 seq_cur = seq_cur->
next;
2696 while( seq_cur !=
NULL )
2699 seq_cur = seq_cur->
next;
2711 cert_cur = cert_cur->
next;
2713 while( cert_cur !=
NULL );
2718 cert_prv = cert_cur;
2719 cert_cur = cert_cur->
next;
2722 if( cert_prv != crt )
2725 while( cert_cur !=
NULL );
2728#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
2734 mbedtls_pk_restart_init( &
ctx->pk );
2738 ctx->fallback_signature_is_good = 0;
2740 ctx->parent_is_trusted = -1;
2742 ctx->in_progress = x509_crt_rs_none;
2744 x509_crt_verify_chain_reset( &
ctx->ver_chain );
2755 mbedtls_pk_restart_free( &
ctx->pk );
2756 mbedtls_x509_crt_restart_init(
ctx );
char * strstr(char *String1, char *String2)
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
ACPI_SIZE strlen(const char *String)
#define INVALID_HANDLE_VALUE
#define WideCharToMultiByte
#define MultiByteToWideChar
static void cleanup(void)
HANDLE WINAPI FindFirstFileW(IN LPCWSTR lpFileName, OUT LPWIN32_FIND_DATAW lpFindFileData)
BOOL WINAPI FindClose(HANDLE hFindFile)
BOOL WINAPI FindNextFileW(IN HANDLE hFindFile, OUT LPWIN32_FIND_DATAW lpFindFileData)
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
GLdouble GLdouble GLdouble GLdouble top
GLboolean GLboolean GLboolean b
GLenum GLuint GLenum GLsizei const GLchar * buf
GLboolean GLboolean GLboolean GLboolean a
GLsizeiptr const GLvoid GLenum usage
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define MBEDTLS_ASN1_TAG_CLASS_MASK
#define MBEDTLS_ASN1_OCTET_STRING
#define MBEDTLS_OID_CMP(oid_str, oid_buf)
#define MBEDTLS_ERR_ASN1_INVALID_LENGTH
#define MBEDTLS_ERR_ASN1_OUT_OF_DATA
struct mbedtls_asn1_named_data * next
#define MBEDTLS_ASN1_PRINTABLE_STRING
#define MBEDTLS_ASN1_SEQUENCE
int mbedtls_asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
int mbedtls_asn1_get_sequence_of(unsigned char **p, const unsigned char *end, mbedtls_asn1_sequence *cur, int tag)
Parses and splits an ASN.1 "SEQUENCE OF <tag>" Updated the pointer to immediately behind the full seq...
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC
#define MBEDTLS_ASN1_CONSTRUCTED
#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
#define MBEDTLS_ERR_ASN1_ALLOC_FAILED
struct mbedtls_asn1_sequence * next
#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
int mbedtls_asn1_get_len(unsigned char **p, const unsigned char *end, size_t *len)
Get the length of an ASN.1 element. Updates the pointer to immediately behind the length.
int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end, mbedtls_asn1_bitstring *bs)
Retrieve a bitstring ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag. Check for the requested tag. Updates the pointer to immediately be...
int mbedtls_asn1_get_bool(unsigned char **p, const unsigned char *end, int *val)
Retrieve a boolean ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
#define MBEDTLS_ASN1_UTF8_STRING
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
mbedtls_x509_time valid_to
int mbedtls_x509_time_is_past(const mbedtls_x509_time *to)
Check a given mbedtls_x509_time against the system time and tell if it's in the past.
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED
int mbedtls_x509_time_is_future(const mbedtls_x509_time *from)
Check a given mbedtls_x509_time against the system time and tell if it's in the future.
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
#define MBEDTLS_X509_BADCRL_BAD_PK
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
#define MBEDTLS_X509_FORMAT_PEM
int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY
mbedtls_x509_sequence subject_alt_names
#define MBEDTLS_X509_BADCERT_KEY_USAGE
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE
#define MBEDTLS_X509_KU_DECIPHER_ONLY
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
#define MBEDTLS_X509_BADCERT_BAD_MD
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL
#define MBEDTLS_ERR_X509_INVALID_FORMAT
#define MBEDTLS_X509_MAX_FILE_PATH_LEN
#define MBEDTLS_ERR_X509_FATAL_ERROR
#define MBEDTLS_ERR_X509_INVALID_VERSION
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written.
#define MBEDTLS_X509_BADCERT_EXPIRED
mbedtls_x509_time this_update
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
#define MBEDTLS_X509_KU_KEY_CERT_SIGN
mbedtls_x509_buf issuer_id
struct mbedtls_x509_crl * next
#define MBEDTLS_X509_BADCERT_CN_MISMATCH
#define MBEDTLS_X509_BADCERT_OTHER
mbedtls_x509_name subject
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
mbedtls_x509_time next_update
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
#define MBEDTLS_X509_BADCERT_MISSING
#define MBEDTLS_X509_SAFE_SNPRINTF
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
#define MBEDTLS_X509_BADCERT_BAD_PK
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature.
#define MBEDTLS_X509_KU_CRL_SIGN
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS
mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE
int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
mbedtls_x509_time valid_from
#define MBEDTLS_X509_KU_NON_REPUDIATION
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
#define MBEDTLS_X509_EXT_KEY_USAGE
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
#define MBEDTLS_X509_MAX_INTERMEDIATE_CA
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name)
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
#define MBEDTLS_X509_KU_KEY_AGREEMENT
#define MBEDTLS_X509_KU_ENCIPHER_ONLY
#define MBEDTLS_X509_BADCRL_BAD_KEY
mbedtls_x509_buf subject_raw
#define MBEDTLS_ERR_X509_INVALID_DATE
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
#define MBEDTLS_ERR_X509_SIG_MISMATCH
int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts)
#define MBEDTLS_X509_BADCERT_FUTURE
mbedtls_x509_sequence ext_key_usage
struct mbedtls_x509_crt * next
#define MBEDTLS_ERR_X509_ALLOC_FAILED
int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
#define MBEDTLS_X509_FORMAT_DER
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT
#define MBEDTLS_X509_BADCRL_BAD_MD
int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define MBEDTLS_ERR_X509_FILE_IO_ERROR
#define MBEDTLS_X509_BADCRL_FUTURE
mbedtls_x509_buf subject_id
unsigned char ns_cert_type
#define MBEDTLS_X509_EXT_NS_CERT_TYPE
#define MBEDTLS_X509_BADCERT_REVOKED
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
#define MBEDTLS_X509_BADCRL_EXPIRED
#define MBEDTLS_X509_ID_FLAG(id)
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA
#define MBEDTLS_X509_BADCERT_BAD_KEY
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature according to profile.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
mbedtls_x509_buf issuer_raw
int __cdecl closedir(DIR *)
DIR *__cdecl opendir(const char *)
struct dirent *__cdecl readdir(DIR *)
mbedtls_md_type_t
Supported message digests.
int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the message-digest of a buffer, with respect to a configurable message-diges...
#define MBEDTLS_MD_MAX_SIZE
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
static struct msdos_boot_sector bs
#define memcpy(s1, s2, n)
static const WCHAR desc[]
#define FILE_ATTRIBUTE_DIRECTORY
Object Identifier (OID) database.
int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc)
Translate Extended Key Usage OID into description.
#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type)
Translate an X.509 extension OID into local values.
#define MBEDTLS_OID_AT_CN
Privacy Enhanced Mail (PEM) decoding.
#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, mbedtls_pk_context *pk)
Parse a SubjectPublicKeyInfo DER structure.
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
Tell if a context can do the operation given by type.
mbedtls_pk_type_t
Public key types.
static mbedtls_ecp_keypair * mbedtls_pk_ec(const mbedtls_pk_context pk)
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len)
Verify signature, with options. (Includes verification of the padding depending on type....
int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx)
Restartable version of mbedtls_pk_verify()
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
Get the key type.
void mbedtls_pk_free(mbedtls_pk_context *ctx)
Free the components of a mbedtls_pk_context.
const char * mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
Access the type name.
#define mbedtls_md_info_from_type
#define mbedtls_pk_get_bitlen
Configuration options (set of defines)
#define MBEDTLS_ERR_ECP_IN_PROGRESS
@ MBEDTLS_ECP_DP_SECP384R1
@ MBEDTLS_ECP_DP_SECP256K1
@ MBEDTLS_ECP_DP_SECP521R1
@ MBEDTLS_ECP_DP_SECP256R1
Threading abstraction layer.
#define MBEDTLS_ERR_THREADING_MUTEX_ERROR
#define success(from, fromstr, to, tostr)
DWORD WINAPI GetLastError(void)
#define ERROR_NO_MORE_FILES
X.509 certificate parsing and writing.