ReactOS 0.4.16-dev-319-g6cf4263
x509_crl.c
Go to the documentation of this file.
1/*
2 * X.509 Certidicate Revocation List (CRL) parsing
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46/*
47 * The ITU-T X.509 standard defines a certificate format for PKI.
48 *
49 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
50 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
51 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
52 *
53 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
54 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
55 */
56
57#if !defined(MBEDTLS_CONFIG_FILE)
58#include "mbedtls/config.h"
59#else
60#include MBEDTLS_CONFIG_FILE
61#endif
62
63#if defined(MBEDTLS_X509_CRL_PARSE_C)
64
65#include "mbedtls/x509_crl.h"
66#include "mbedtls/oid.h"
68
69#include <string.h>
70
71#if defined(MBEDTLS_PEM_PARSE_C)
72#include "mbedtls/pem.h"
73#endif
74
75#if defined(MBEDTLS_PLATFORM_C)
76#include "mbedtls/platform.h"
77#else
78#include <stdlib.h>
79#include <stdio.h>
80#define mbedtls_free free
81#define mbedtls_calloc calloc
82#define mbedtls_snprintf snprintf
83#endif
84
85#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
86#include <windows.h>
87#else
88#include <time.h>
89#endif
90
91#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
92#include <stdio.h>
93#endif
94
95/*
96 * Version ::= INTEGER { v1(0), v2(1) }
97 */
98static int x509_crl_get_version( unsigned char **p,
99 const unsigned char *end,
100 int *ver )
101{
102 int ret;
103
104 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
105 {
107 {
108 *ver = 0;
109 return( 0 );
110 }
111
113 }
114
115 return( 0 );
116}
117
118/*
119 * X.509 CRL v2 extensions
120 *
121 * We currently don't parse any extension's content, but we do check that the
122 * list of extensions is well-formed and abort on critical extensions (that
123 * are unsupported as we don't support any extension so far)
124 */
125static int x509_get_crl_ext( unsigned char **p,
126 const unsigned char *end,
128{
129 int ret;
130
131 if( *p == end )
132 return( 0 );
133
134 /*
135 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
136 * -- if present, version MUST be v2
137 */
138 if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
139 return( ret );
140
141 end = ext->p + ext->len;
142
143 while( *p < end )
144 {
145 /*
146 * Extension ::= SEQUENCE {
147 * extnID OBJECT IDENTIFIER,
148 * critical BOOLEAN DEFAULT FALSE,
149 * extnValue OCTET STRING }
150 */
151 int is_critical = 0;
152 const unsigned char *end_ext_data;
153 size_t len;
154
155 /* Get enclosing sequence tag */
156 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
159
160 end_ext_data = *p + len;
161
162 /* Get OID (currently ignored) */
163 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
164 MBEDTLS_ASN1_OID ) ) != 0 )
165 {
167 }
168 *p += len;
169
170 /* Get optional critical */
171 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
172 &is_critical ) ) != 0 &&
174 {
176 }
177
178 /* Data should be octet string type */
179 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
182
183 /* Ignore data so far and just check its length */
184 *p += len;
185 if( *p != end_ext_data )
188
189 /* Abort on (unsupported) critical extensions */
190 if( is_critical )
193 }
194
195 if( *p != end )
198
199 return( 0 );
200}
201
202/*
203 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
204 */
205static int x509_get_crl_entry_ext( unsigned char **p,
206 const unsigned char *end,
208{
209 int ret;
210 size_t len = 0;
211
212 /* OPTIONAL */
213 if( end <= *p )
214 return( 0 );
215
216 ext->tag = **p;
217 ext->p = *p;
218
219 /*
220 * Get CRL-entry extension sequence header
221 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
222 */
223 if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
225 {
227 {
228 ext->p = NULL;
229 return( 0 );
230 }
232 }
233
234 end = *p + ext->len;
235
236 if( end != *p + ext->len )
239
240 while( *p < end )
241 {
242 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
245
246 *p += len;
247 }
248
249 if( *p != end )
252
253 return( 0 );
254}
255
256/*
257 * X.509 CRL Entries
258 */
259static int x509_get_entries( unsigned char **p,
260 const unsigned char *end,
262{
263 int ret;
264 size_t entry_len;
265 mbedtls_x509_crl_entry *cur_entry = entry;
266
267 if( *p == end )
268 return( 0 );
269
270 if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len,
272 {
274 return( 0 );
275
276 return( ret );
277 }
278
279 end = *p + entry_len;
280
281 while( *p < end )
282 {
283 size_t len2;
284 const unsigned char *end2;
285
286 cur_entry->raw.tag = **p;
287 if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
289 {
290 return( ret );
291 }
292
293 cur_entry->raw.p = *p;
294 cur_entry->raw.len = len2;
295 end2 = *p + len2;
296
297 if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
298 return( ret );
299
300 if( ( ret = mbedtls_x509_get_time( p, end2,
301 &cur_entry->revocation_date ) ) != 0 )
302 return( ret );
303
304 if( ( ret = x509_get_crl_entry_ext( p, end2,
305 &cur_entry->entry_ext ) ) != 0 )
306 return( ret );
307
308 if( *p < end )
309 {
310 cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) );
311
312 if( cur_entry->next == NULL )
314
315 cur_entry = cur_entry->next;
316 }
317 }
318
319 return( 0 );
320}
321
322/*
323 * Parse one CRLs in DER format and append it to the chained list
324 */
326 const unsigned char *buf, size_t buflen )
327{
328 int ret;
329 size_t len;
330 unsigned char *p = NULL, *end = NULL;
331 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
333
334 /*
335 * Check for valid input
336 */
337 if( crl == NULL || buf == NULL )
339
340 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
341 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
342 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
343
344 /*
345 * Add new CRL on the end of the chain if needed.
346 */
347 while( crl->version != 0 && crl->next != NULL )
348 crl = crl->next;
349
350 if( crl->version != 0 && crl->next == NULL )
351 {
352 crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) );
353
354 if( crl->next == NULL )
355 {
358 }
359
360 mbedtls_x509_crl_init( crl->next );
361 crl = crl->next;
362 }
363
364 /*
365 * Copy raw DER-encoded CRL
366 */
367 if( buflen == 0 )
369
370 p = mbedtls_calloc( 1, buflen );
371 if( p == NULL )
373
374 memcpy( p, buf, buflen );
375
376 crl->raw.p = p;
377 crl->raw.len = buflen;
378
379 end = p + buflen;
380
381 /*
382 * CertificateList ::= SEQUENCE {
383 * tbsCertList TBSCertList,
384 * signatureAlgorithm AlgorithmIdentifier,
385 * signatureValue BIT STRING }
386 */
387 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
389 {
392 }
393
394 if( len != (size_t) ( end - p ) )
395 {
399 }
400
401 /*
402 * TBSCertList ::= SEQUENCE {
403 */
404 crl->tbs.p = p;
405
406 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
408 {
411 }
412
413 end = p + len;
414 crl->tbs.len = end - crl->tbs.p;
415
416 /*
417 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
418 * -- if present, MUST be v2
419 *
420 * signature AlgorithmIdentifier
421 */
422 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
423 ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
424 {
426 return( ret );
427 }
428
429 if( crl->version < 0 || crl->version > 1 )
430 {
433 }
434
435 crl->version++;
436
437 if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
438 &crl->sig_md, &crl->sig_pk,
439 &crl->sig_opts ) ) != 0 )
440 {
443 }
444
445 /*
446 * issuer Name
447 */
448 crl->issuer_raw.p = p;
449
450 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
452 {
455 }
456
457 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
458 {
460 return( ret );
461 }
462
463 crl->issuer_raw.len = p - crl->issuer_raw.p;
464
465 /*
466 * thisUpdate Time
467 * nextUpdate Time OPTIONAL
468 */
469 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 )
470 {
472 return( ret );
473 }
474
475 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
476 {
481 {
483 return( ret );
484 }
485 }
486
487 /*
488 * revokedCertificates SEQUENCE OF SEQUENCE {
489 * userCertificate CertificateSerialNumber,
490 * revocationDate Time,
491 * crlEntryExtensions Extensions OPTIONAL
492 * -- if present, MUST be v2
493 * } OPTIONAL
494 */
495 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
496 {
498 return( ret );
499 }
500
501 /*
502 * crlExtensions EXPLICIT Extensions OPTIONAL
503 * -- if present, MUST be v2
504 */
505 if( crl->version == 2 )
506 {
507 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
508
509 if( ret != 0 )
510 {
512 return( ret );
513 }
514 }
515
516 if( p != end )
517 {
521 }
522
523 end = crl->raw.p + crl->raw.len;
524
525 /*
526 * signatureAlgorithm AlgorithmIdentifier,
527 * signatureValue BIT STRING
528 */
529 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
530 {
532 return( ret );
533 }
534
535 if( crl->sig_oid.len != sig_oid2.len ||
536 memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
537 sig_params1.len != sig_params2.len ||
538 ( sig_params1.len != 0 &&
539 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
540 {
543 }
544
545 if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 )
546 {
548 return( ret );
549 }
550
551 if( p != end )
552 {
556 }
557
558 return( 0 );
559}
560
561/*
562 * Parse one or more CRLs and add them to the chained list
563 */
564int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen )
565{
566#if defined(MBEDTLS_PEM_PARSE_C)
567 int ret;
568 size_t use_len;
569 mbedtls_pem_context pem;
570 int is_pem = 0;
571
572 if( chain == NULL || buf == NULL )
574
575 do
576 {
577 mbedtls_pem_init( &pem );
578
579 // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
580 // string
581 if( buflen == 0 || buf[buflen - 1] != '\0' )
583 else
584 ret = mbedtls_pem_read_buffer( &pem,
585 "-----BEGIN X509 CRL-----",
586 "-----END X509 CRL-----",
587 buf, NULL, 0, &use_len );
588
589 if( ret == 0 )
590 {
591 /*
592 * Was PEM encoded
593 */
594 is_pem = 1;
595
596 buflen -= use_len;
597 buf += use_len;
598
600 pem.buf, pem.buflen ) ) != 0 )
601 {
602 mbedtls_pem_free( &pem );
603 return( ret );
604 }
605 }
606 else if( is_pem )
607 {
608 mbedtls_pem_free( &pem );
609 return( ret );
610 }
611
612 mbedtls_pem_free( &pem );
613 }
614 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
615 * And a valid CRL cannot be less than 1 byte anyway. */
616 while( is_pem && buflen > 1 );
617
618 if( is_pem )
619 return( 0 );
620 else
621#endif /* MBEDTLS_PEM_PARSE_C */
622 return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) );
623}
624
625#if defined(MBEDTLS_FS_IO)
626/*
627 * Load one or more CRLs and add them to the chained list
628 */
629int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
630{
631 int ret;
632 size_t n;
633 unsigned char *buf;
634
635 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
636 return( ret );
637
639
641 mbedtls_free( buf );
642
643 return( ret );
644}
645#endif /* MBEDTLS_FS_IO */
646
647/*
648 * Return an informational string about the certificate.
649 */
650#define BEFORE_COLON 14
651#define BC "14"
652/*
653 * Return an informational string about the CRL.
654 */
655int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
656 const mbedtls_x509_crl *crl )
657{
658 int ret;
659 size_t n;
660 char *p;
662
663 p = buf;
664 n = size;
665
666 ret = mbedtls_snprintf( p, n, "%sCRL version : %d",
667 prefix, crl->version );
669
670 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
672 ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
674
675 ret = mbedtls_snprintf( p, n, "\n%sthis update : " \
676 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
677 crl->this_update.year, crl->this_update.mon,
678 crl->this_update.day, crl->this_update.hour,
679 crl->this_update.min, crl->this_update.sec );
681
682 ret = mbedtls_snprintf( p, n, "\n%snext update : " \
683 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
684 crl->next_update.year, crl->next_update.mon,
685 crl->next_update.day, crl->next_update.hour,
686 crl->next_update.min, crl->next_update.sec );
688
689 entry = &crl->entry;
690
691 ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
692 prefix );
694
695 while( entry != NULL && entry->raw.len != 0 )
696 {
697 ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
698 prefix );
700
701 ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
703
704 ret = mbedtls_snprintf( p, n, " revocation date: " \
705 "%04d-%02d-%02d %02d:%02d:%02d",
706 entry->revocation_date.year, entry->revocation_date.mon,
707 entry->revocation_date.day, entry->revocation_date.hour,
708 entry->revocation_date.min, entry->revocation_date.sec );
710
711 entry = entry->next;
712 }
713
714 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
716
717 ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
718 crl->sig_opts );
720
721 ret = mbedtls_snprintf( p, n, "\n" );
723
724 return( (int) ( size - n ) );
725}
726
727/*
728 * Initialize a CRL chain
729 */
731{
732 memset( crl, 0, sizeof(mbedtls_x509_crl) );
733}
734
735/*
736 * Unallocate all CRL data
737 */
739{
740 mbedtls_x509_crl *crl_cur = crl;
741 mbedtls_x509_crl *crl_prv;
742 mbedtls_x509_name *name_cur;
743 mbedtls_x509_name *name_prv;
744 mbedtls_x509_crl_entry *entry_cur;
745 mbedtls_x509_crl_entry *entry_prv;
746
747 if( crl == NULL )
748 return;
749
750 do
751 {
752#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
753 mbedtls_free( crl_cur->sig_opts );
754#endif
755
756 name_cur = crl_cur->issuer.next;
757 while( name_cur != NULL )
758 {
759 name_prv = name_cur;
760 name_cur = name_cur->next;
761 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
762 mbedtls_free( name_prv );
763 }
764
765 entry_cur = crl_cur->entry.next;
766 while( entry_cur != NULL )
767 {
768 entry_prv = entry_cur;
769 entry_cur = entry_cur->next;
770 mbedtls_platform_zeroize( entry_prv,
771 sizeof( mbedtls_x509_crl_entry ) );
772 mbedtls_free( entry_prv );
773 }
774
775 if( crl_cur->raw.p != NULL )
776 {
777 mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
778 mbedtls_free( crl_cur->raw.p );
779 }
780
781 crl_cur = crl_cur->next;
782 }
783 while( crl_cur != NULL );
784
785 crl_cur = crl;
786 do
787 {
788 crl_prv = crl_cur;
789 crl_cur = crl_cur->next;
790
791 mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
792 if( crl_prv != crl )
793 mbedtls_free( crl_prv );
794 }
795 while( crl_cur != NULL );
796}
797
798#endif /* MBEDTLS_X509_CRL_PARSE_C */
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
#define NULL
Definition: types.h:112
static const WCHAR *const ext[]
Definition: module.c:53
GLuint GLuint end
Definition: gl.h:1545
GLsizeiptr size
Definition: glext.h:5919
GLdouble n
Definition: glext.h:7729
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLsizei len
Definition: glext.h:6722
size_t len
Definition: asn1.h:162
#define MBEDTLS_ASN1_OCTET_STRING
Definition: asn1.h:100
unsigned char * p
Definition: asn1.h:163
#define MBEDTLS_ERR_ASN1_OUT_OF_DATA
Definition: asn1.h:76
struct mbedtls_asn1_named_data * next
Definition: asn1.h:195
#define MBEDTLS_ASN1_SEQUENCE
Definition: asn1.h:104
int mbedtls_asn1_get_int(unsigned char **p, const unsigned char *end, int *val)
Retrieve an integer ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
#define MBEDTLS_ASN1_CONSTRUCTED
Definition: asn1.h:114
#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
Definition: asn1.h:77
#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
Definition: asn1.h:79
#define MBEDTLS_ASN1_OID
Definition: asn1.h:102
int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag)
Get the tag and length of the tag. Check for the requested tag. Updates the pointer to immediately be...
int mbedtls_asn1_get_bool(unsigned char **p, const unsigned char *end, int *val)
Retrieve a boolean ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse a DER-encoded CRL and append it to the chained list.
mbedtls_x509_buf serial
Definition: x509_crl.h:81
int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl)
Returns an informational string about the CRL.
#define MBEDTLS_ERR_X509_INVALID_FORMAT
Definition: x509.h:88
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
Definition: x509.h:97
#define MBEDTLS_ERR_X509_INVALID_VERSION
Definition: x509.h:89
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
Store the certificate DN in printable form into buf; no more than size characters will be written.
mbedtls_x509_buf entry_ext
Definition: x509_crl.h:85
struct mbedtls_x509_crl * next
Definition: x509_crl.h:120
mbedtls_x509_buf raw
Definition: x509_crl.h:97
void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)
Initialize a CRL (chain)
mbedtls_x509_crl_entry entry
Definition: x509_crl.h:110
#define MBEDTLS_X509_SAFE_SNPRINTF
Definition: x509.h:349
int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS
Definition: x509.h:95
mbedtls_x509_buf raw
Definition: x509_crl.h:79
int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
mbedtls_x509_name issuer
Definition: x509_crl.h:105
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION
Definition: x509.h:96
mbedtls_x509_time revocation_date
Definition: x509_crl.h:83
struct mbedtls_x509_crl_entry * next
Definition: x509_crl.h:87
#define MBEDTLS_ERR_X509_INVALID_DATE
Definition: x509.h:93
#define MBEDTLS_ERR_X509_SIG_MISMATCH
Definition: x509.h:98
int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts)
#define MBEDTLS_ERR_X509_ALLOC_FAILED
Definition: x509.h:102
int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
void * sig_opts
Definition: x509_crl.h:118
int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
Parse one or more CRLs and append them to the chained list.
void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
Unallocate all CRL data.
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA
Definition: x509.h:101
int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial)
Store the certificate serial in printable form into buf; no more than size characters will be written...
uint32_t entry
Definition: isohybrid.c:63
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
static const BYTE crl[]
Definition: message.c:864
Object Identifier (OID) database.
Privacy Enhanced Mail (PEM) decoding.
#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
Definition: pem.h:66
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
Definition: platform_util.c:98
Common and shared functions used by multiple modules in the Mbed TLS library.
Configuration options (set of defines)
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
#define mbedtls_free
Definition: platform.h:168
#define mbedtls_snprintf
Definition: platform.h:254
#define mbedtls_calloc
Definition: platform.h:169
#define memset(x, y, z)
Definition: compat.h:39
Definition: x509_crl.h:78
struct sock * chain
Definition: tcpcore.h:1
int ret
X.509 certificate revocation list parsing.