Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
This commit is contained in:
parent
36713e8ed9
commit
5187656211
@ -29,8 +29,13 @@
|
|||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
||||||
|
// Comment out to disable prototype change warnings
|
||||||
#define SHOW_PROTOTYPE_CHANGE_WARNINGS
|
#define SHOW_PROTOTYPE_CHANGE_WARNINGS
|
||||||
|
|
||||||
|
#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)
|
||||||
|
#warning "You can disable these warnings by commenting SHOW_PROTOTYPE_CHANGE_WARNINGS in compat-1.2.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_SHA256_C)
|
#if defined(POLARSSL_SHA256_C)
|
||||||
#define POLARSSL_SHA2_C
|
#define POLARSSL_SHA2_C
|
||||||
#include "sha256.h"
|
#include "sha256.h"
|
||||||
@ -169,6 +174,20 @@ inline int sha4_self_test( int verbose ) {
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT POLARSSL_ERR_X509_INVALID_FORMAT
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION POLARSSL_ERR_X509_INVALID_VERSION
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_ALG POLARSSL_ERR_X509_INVALID_ALG
|
||||||
|
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_NAME POLARSSL_ERR_X509_INVALID_NAME
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_DATE POLARSSL_ERR_X509_INVALID_DATE
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS POLARSSL_ERR_X509_INVALID_EXTENSIONS
|
||||||
|
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH POLARSSL_ERR_X509_SIG_MISMATCH
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE POLARSSL_ERR_X509_INVALID_SIGNATURE
|
||||||
|
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL POLARSSL_ERR_X509_INVALID_SERIAL
|
||||||
|
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION POLARSSL_ERR_X509_UNKNOWN_VERSION
|
||||||
|
#endif /* POLARSSL_X509_USE_C || POLARSSL_X509_CREATE_C */
|
||||||
|
|
||||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||||
#define POLARSSL_X509_PARSE_C
|
#define POLARSSL_X509_PARSE_C
|
||||||
#include "x509_crt.h"
|
#include "x509_crt.h"
|
||||||
|
@ -83,7 +83,6 @@
|
|||||||
* RSA 4 9
|
* RSA 4 9
|
||||||
* ECP 4 4 (Started from top)
|
* ECP 4 4 (Started from top)
|
||||||
* MD 5 4
|
* MD 5 4
|
||||||
* X509WRITE 5 3 (Started from top)
|
|
||||||
* CIPHER 6 5
|
* CIPHER 6 5
|
||||||
* SSL 6 6 (Started from top)
|
* SSL 6 6 (Started from top)
|
||||||
* SSL 7 31
|
* SSL 7 31
|
||||||
|
@ -46,26 +46,23 @@
|
|||||||
* \{
|
* \{
|
||||||
*/
|
*/
|
||||||
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
|
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x2100 /**< The PEM-encoded certificate contains invalid elements, e.g. invalid character. */
|
#define POLARSSL_ERR_X509_UNKNOWN_OID -0x2100 /**< Requested OID is unknown. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x2180 /**< The certificate format is invalid, e.g. different type expected. */
|
#define POLARSSL_ERR_X509_INVALID_FORMAT -0x2180 /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x2200 /**< The certificate version element is invalid. */
|
#define POLARSSL_ERR_X509_INVALID_VERSION -0x2200 /**< The CRT/CRL/CSR version element is invalid. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x2280 /**< The serial tag or value is invalid. */
|
#define POLARSSL_ERR_X509_INVALID_SERIAL -0x2280 /**< The serial tag or value is invalid. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */
|
#define POLARSSL_ERR_X509_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */
|
#define POLARSSL_ERR_X509_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */
|
#define POLARSSL_ERR_X509_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x2480 /**< The signature tag or value invalid. */
|
#define POLARSSL_ERR_X509_INVALID_SIGNATURE -0x2480 /**< The signature tag or value invalid. */
|
||||||
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2500 /**< The extension tag or value is invalid. */
|
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS -0x2500 /**< The extension tag or value is invalid. */
|
||||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2580 /**< Certificate or CRL has an unsupported version number. */
|
#define POLARSSL_ERR_X509_UNKNOWN_VERSION -0x2580 /**< CRT/CRL/CSR has an unsupported version number. */
|
||||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2600 /**< Signature algorithm (oid) is unsupported. */
|
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG -0x2600 /**< Signature algorithm (oid) is unsupported. */
|
||||||
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2680 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
|
#define POLARSSL_ERR_X509_SIG_MISMATCH -0x2680 /**< Signature algorithms do not match. (see \c ::x509_cert sig_oid) */
|
||||||
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
|
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
|
||||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /**< Format not recognized as DER or PEM. */
|
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /**< Format not recognized as DER or PEM. */
|
||||||
#define POLARSSL_ERR_X509_INVALID_INPUT -0x2800 /**< Input invalid. */
|
#define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */
|
||||||
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
|
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
|
||||||
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
|
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
|
||||||
#define POLARSSL_ERR_X509WRITE_UNKNOWN_OID -0x5F80 /**< Requested OID is unknown. */
|
|
||||||
#define POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA -0x5F00 /**< Failed to allocate memory. */
|
|
||||||
#define POLARSSL_ERR_X509WRITE_MALLOC_FAILED -0x5E80 /**< Failed to allocate memory. */
|
|
||||||
/* \} name */
|
/* \} name */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -410,46 +410,40 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
|
|||||||
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
|
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_FEATURE_UNAVAILABLE) )
|
if( use_ret == -(POLARSSL_ERR_X509_FEATURE_UNAVAILABLE) )
|
||||||
snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
|
snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_PEM) )
|
if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_OID) )
|
||||||
snprintf( buf, buflen, "X509 - The PEM-encoded certificate contains invalid elements, e.g. invalid character" );
|
snprintf( buf, buflen, "X509 - Requested OID is unknown" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_FORMAT) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_FORMAT) )
|
||||||
snprintf( buf, buflen, "X509 - The certificate format is invalid, e.g. different type expected" );
|
snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_VERSION) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_VERSION) )
|
||||||
snprintf( buf, buflen, "X509 - The certificate version element is invalid" );
|
snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_SERIAL) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_SERIAL) )
|
||||||
snprintf( buf, buflen, "X509 - The serial tag or value is invalid" );
|
snprintf( buf, buflen, "X509 - The serial tag or value is invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_ALG) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_ALG) )
|
||||||
snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" );
|
snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_NAME) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_NAME) )
|
||||||
snprintf( buf, buflen, "X509 - The name tag or value is invalid" );
|
snprintf( buf, buflen, "X509 - The name tag or value is invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_DATE) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_DATE) )
|
||||||
snprintf( buf, buflen, "X509 - The date tag or value is invalid" );
|
snprintf( buf, buflen, "X509 - The date tag or value is invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_SIGNATURE) )
|
||||||
snprintf( buf, buflen, "X509 - The signature tag or value invalid" );
|
snprintf( buf, buflen, "X509 - The signature tag or value invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS) )
|
if( use_ret == -(POLARSSL_ERR_X509_INVALID_EXTENSIONS) )
|
||||||
snprintf( buf, buflen, "X509 - The extension tag or value is invalid" );
|
snprintf( buf, buflen, "X509 - The extension tag or value is invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION) )
|
if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_VERSION) )
|
||||||
snprintf( buf, buflen, "X509 - Certificate or CRL has an unsupported version number" );
|
snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG) )
|
if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_SIG_ALG) )
|
||||||
snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" );
|
snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_SIG_MISMATCH) )
|
if( use_ret == -(POLARSSL_ERR_X509_SIG_MISMATCH) )
|
||||||
snprintf( buf, buflen, "X509 - Certificate signature algorithms do not match. (see \\c ::x509_cert sig_oid)" );
|
snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::x509_cert sig_oid)" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_VERIFY_FAILED) )
|
if( use_ret == -(POLARSSL_ERR_X509_CERT_VERIFY_FAILED) )
|
||||||
snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
|
snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) )
|
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) )
|
||||||
snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
|
snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_INVALID_INPUT) )
|
if( use_ret == -(POLARSSL_ERR_X509_BAD_INPUT_DATA) )
|
||||||
snprintf( buf, buflen, "X509 - Input invalid" );
|
snprintf( buf, buflen, "X509 - Input invalid" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_MALLOC_FAILED) )
|
if( use_ret == -(POLARSSL_ERR_X509_MALLOC_FAILED) )
|
||||||
snprintf( buf, buflen, "X509 - Allocation of memory failed" );
|
snprintf( buf, buflen, "X509 - Allocation of memory failed" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
|
if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
|
||||||
snprintf( buf, buflen, "X509 - Read/write of file failed" );
|
snprintf( buf, buflen, "X509 - Read/write of file failed" );
|
||||||
if( use_ret == -(POLARSSL_ERR_X509WRITE_UNKNOWN_OID) )
|
|
||||||
snprintf( buf, buflen, "X509 - Requested OID is unknown" );
|
|
||||||
if( use_ret == -(POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA) )
|
|
||||||
snprintf( buf, buflen, "X509 - Failed to allocate memory" );
|
|
||||||
if( use_ret == -(POLARSSL_ERR_X509WRITE_MALLOC_FAILED) )
|
|
||||||
snprintf( buf, buflen, "X509 - Failed to allocate memory" );
|
|
||||||
#endif /* POLARSSL_X509_USE,X509_CREATE_C */
|
#endif /* POLARSSL_X509_USE,X509_CREATE_C */
|
||||||
|
|
||||||
if( strlen( buf ) == 0 )
|
if( strlen( buf ) == 0 )
|
||||||
|
@ -78,18 +78,18 @@ int x509_get_serial( unsigned char **p, const unsigned char *end,
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
if( ( end - *p ) < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
|
return( POLARSSL_ERR_X509_INVALID_SERIAL +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
|
||||||
if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
|
if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
|
||||||
**p != ASN1_INTEGER )
|
**p != ASN1_INTEGER )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL +
|
return( POLARSSL_ERR_X509_INVALID_SERIAL +
|
||||||
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
||||||
|
|
||||||
serial->tag = *(*p)++;
|
serial->tag = *(*p)++;
|
||||||
|
|
||||||
if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
|
if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL + ret );
|
return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
|
||||||
|
|
||||||
serial->p = *p;
|
serial->p = *p;
|
||||||
*p += serial->len;
|
*p += serial->len;
|
||||||
@ -109,7 +109,7 @@ int x509_get_alg_null( unsigned char **p, const unsigned char *end,
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
|
if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
|
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -134,36 +134,36 @@ static int x509_get_attr_type_value( unsigned char **p,
|
|||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
|
return( POLARSSL_ERR_X509_INVALID_NAME + ret );
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
if( ( end - *p ) < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
|
return( POLARSSL_ERR_X509_INVALID_NAME +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
|
||||||
oid = &cur->oid;
|
oid = &cur->oid;
|
||||||
oid->tag = **p;
|
oid->tag = **p;
|
||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
|
if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
|
return( POLARSSL_ERR_X509_INVALID_NAME + ret );
|
||||||
|
|
||||||
oid->p = *p;
|
oid->p = *p;
|
||||||
*p += oid->len;
|
*p += oid->len;
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
if( ( end - *p ) < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
|
return( POLARSSL_ERR_X509_INVALID_NAME +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
|
||||||
if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
|
if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
|
||||||
**p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
|
**p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
|
||||||
**p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
|
**p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
|
return( POLARSSL_ERR_X509_INVALID_NAME +
|
||||||
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
||||||
|
|
||||||
val = &cur->val;
|
val = &cur->val;
|
||||||
val->tag = *(*p)++;
|
val->tag = *(*p)++;
|
||||||
|
|
||||||
if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
|
if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
|
return( POLARSSL_ERR_X509_INVALID_NAME + ret );
|
||||||
|
|
||||||
val->p = *p;
|
val->p = *p;
|
||||||
*p += val->len;
|
*p += val->len;
|
||||||
@ -195,7 +195,7 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
|||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
|
return( POLARSSL_ERR_X509_INVALID_NAME + ret );
|
||||||
|
|
||||||
end2 = end;
|
end2 = end;
|
||||||
end = *p + len;
|
end = *p + len;
|
||||||
@ -252,7 +252,7 @@ int x509_get_time( unsigned char **p, const unsigned char *end,
|
|||||||
unsigned char tag;
|
unsigned char tag;
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
if( ( end - *p ) < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
|
return( POLARSSL_ERR_X509_INVALID_DATE +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
|
||||||
tag = **p;
|
tag = **p;
|
||||||
@ -263,7 +263,7 @@ int x509_get_time( unsigned char **p, const unsigned char *end,
|
|||||||
ret = asn1_get_len( p, end, &len );
|
ret = asn1_get_len( p, end, &len );
|
||||||
|
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
|
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
|
||||||
|
|
||||||
memset( date, 0, sizeof( date ) );
|
memset( date, 0, sizeof( date ) );
|
||||||
memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
|
memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
|
||||||
@ -272,7 +272,7 @@ int x509_get_time( unsigned char **p, const unsigned char *end,
|
|||||||
if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
|
if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
|
||||||
&time->year, &time->mon, &time->day,
|
&time->year, &time->mon, &time->day,
|
||||||
&time->hour, &time->min, &time->sec ) < 5 )
|
&time->hour, &time->min, &time->sec ) < 5 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
|
return( POLARSSL_ERR_X509_INVALID_DATE );
|
||||||
|
|
||||||
time->year += 100 * ( time->year < 50 );
|
time->year += 100 * ( time->year < 50 );
|
||||||
time->year += 1900;
|
time->year += 1900;
|
||||||
@ -287,7 +287,7 @@ int x509_get_time( unsigned char **p, const unsigned char *end,
|
|||||||
ret = asn1_get_len( p, end, &len );
|
ret = asn1_get_len( p, end, &len );
|
||||||
|
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
|
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
|
||||||
|
|
||||||
memset( date, 0, sizeof( date ) );
|
memset( date, 0, sizeof( date ) );
|
||||||
memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
|
memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
|
||||||
@ -296,14 +296,15 @@ int x509_get_time( unsigned char **p, const unsigned char *end,
|
|||||||
if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
|
if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
|
||||||
&time->year, &time->mon, &time->day,
|
&time->year, &time->mon, &time->day,
|
||||||
&time->hour, &time->min, &time->sec ) < 5 )
|
&time->hour, &time->min, &time->sec ) < 5 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
|
return( POLARSSL_ERR_X509_INVALID_DATE );
|
||||||
|
|
||||||
*p += len;
|
*p += len;
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
return( POLARSSL_ERR_X509_INVALID_DATE +
|
||||||
|
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
||||||
}
|
}
|
||||||
|
|
||||||
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
|
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
|
||||||
@ -312,13 +313,13 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
|
|||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
if( ( end - *p ) < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE +
|
return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
|
||||||
sig->tag = **p;
|
sig->tag = **p;
|
||||||
|
|
||||||
if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
|
if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + ret );
|
return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
|
||||||
|
|
||||||
sig->len = len;
|
sig->len = len;
|
||||||
sig->p = *p;
|
sig->p = *p;
|
||||||
@ -334,7 +335,7 @@ int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
|
|||||||
int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg );
|
int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg );
|
||||||
|
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG + ret );
|
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -371,10 +372,10 @@ int x509_get_ext( unsigned char **p, const unsigned char *end,
|
|||||||
*/
|
*/
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( end != *p + len )
|
if( end != *p + len )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -63,7 +63,7 @@ int x509write_string_to_names( asn1_named_data **head, char *name )
|
|||||||
oid = OID_AT_STATE;
|
oid = OID_AT_STATE;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ret = POLARSSL_ERR_X509WRITE_UNKNOWN_OID;
|
ret = POLARSSL_ERR_X509_UNKNOWN_OID;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -77,7 +77,7 @@ int x509write_string_to_names( asn1_named_data **head, char *name )
|
|||||||
(unsigned char *) s,
|
(unsigned char *) s,
|
||||||
c - s ) ) == NULL )
|
c - s ) ) == NULL )
|
||||||
{
|
{
|
||||||
return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
|
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
while( c < end && *(c + 1) == ' ' )
|
while( c < end && *(c + 1) == ' ' )
|
||||||
@ -105,7 +105,7 @@ int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len,
|
|||||||
if( ( cur = asn1_store_named_data( head, oid, oid_len,
|
if( ( cur = asn1_store_named_data( head, oid, oid_len,
|
||||||
NULL, val_len + 1 ) ) == NULL )
|
NULL, val_len + 1 ) ) == NULL )
|
||||||
{
|
{
|
||||||
return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
|
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
cur->val.p[0] = critical;
|
cur->val.p[0] = critical;
|
||||||
|
@ -80,7 +80,7 @@ static int x509_crl_get_version( unsigned char **p,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
|
return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -109,13 +109,13 @@ static int x509_get_crl_ext( unsigned char **p,
|
|||||||
{
|
{
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
*p += len;
|
*p += len;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( *p != end )
|
if( *p != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -150,26 +150,26 @@ static int x509_get_crl_entry_ext( unsigned char **p,
|
|||||||
ext->p = NULL;
|
ext->p = NULL;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
end = *p + ext->len;
|
end = *p + ext->len;
|
||||||
|
|
||||||
if( end != *p + ext->len )
|
if( end != *p + ext->len )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
while( *p < end )
|
while( *p < end )
|
||||||
{
|
{
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
*p += len;
|
*p += len;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( *p != end )
|
if( *p != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -260,7 +260,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
* Check for valid input
|
* Check for valid input
|
||||||
*/
|
*/
|
||||||
if( crl == NULL || buf == NULL )
|
if( crl == NULL || buf == NULL )
|
||||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
while( crl->version != 0 && crl->next != NULL )
|
while( crl->version != 0 && crl->next != NULL )
|
||||||
crl = crl->next;
|
crl = crl->next;
|
||||||
@ -340,13 +340,13 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( len != (size_t) ( end - p ) )
|
if( len != (size_t) ( end - p ) )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -359,7 +359,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
end = p + len;
|
end = p + len;
|
||||||
@ -383,14 +383,14 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
if( crl->version > 2 )
|
if( crl->version > 2 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
|
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
|
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
|
||||||
&crl->sig_pk ) ) != 0 )
|
&crl->sig_pk ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
|
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -402,7 +402,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
|
if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
|
||||||
@ -425,9 +425,9 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
|
|
||||||
if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
|
if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
|
||||||
{
|
{
|
||||||
if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
|
if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
|
||||||
POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
|
POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
|
||||||
ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE +
|
ret != ( POLARSSL_ERR_X509_INVALID_DATE +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
|
POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
@ -467,7 +467,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -487,7 +487,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
|
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
|
return( POLARSSL_ERR_X509_SIG_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
|
if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
|
||||||
@ -499,7 +499,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -93,10 +93,10 @@ static int x509_get_version( unsigned char **p,
|
|||||||
end = *p + len;
|
end = *p + len;
|
||||||
|
|
||||||
if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
|
if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
|
return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
|
||||||
|
|
||||||
if( *p != end )
|
if( *p != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_VERSION +
|
return( POLARSSL_ERR_X509_INVALID_VERSION +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -117,7 +117,7 @@ static int x509_get_dates( unsigned char **p,
|
|||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE + ret );
|
return( POLARSSL_ERR_X509_INVALID_DATE + ret );
|
||||||
|
|
||||||
end = *p + len;
|
end = *p + len;
|
||||||
|
|
||||||
@ -128,7 +128,7 @@ static int x509_get_dates( unsigned char **p,
|
|||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
if( *p != end )
|
if( *p != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_DATE +
|
return( POLARSSL_ERR_X509_INVALID_DATE +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -181,7 +181,7 @@ static int x509_get_basic_constraints( unsigned char **p,
|
|||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( *p == end )
|
if( *p == end )
|
||||||
return 0;
|
return 0;
|
||||||
@ -192,7 +192,7 @@ static int x509_get_basic_constraints( unsigned char **p,
|
|||||||
ret = asn1_get_int( p, end, ca_istrue );
|
ret = asn1_get_int( p, end, ca_istrue );
|
||||||
|
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( *ca_istrue != 0 )
|
if( *ca_istrue != 0 )
|
||||||
*ca_istrue = 1;
|
*ca_istrue = 1;
|
||||||
@ -202,10 +202,10 @@ static int x509_get_basic_constraints( unsigned char **p,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
|
if( ( ret = asn1_get_int( p, end, max_pathlen ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( *p != end )
|
if( *p != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
(*max_pathlen)++;
|
(*max_pathlen)++;
|
||||||
@ -221,10 +221,10 @@ static int x509_get_ns_cert_type( unsigned char **p,
|
|||||||
x509_bitstring bs = { 0, 0, NULL };
|
x509_bitstring bs = { 0, 0, NULL };
|
||||||
|
|
||||||
if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( bs.len != 1 )
|
if( bs.len != 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_INVALID_LENGTH );
|
POLARSSL_ERR_ASN1_INVALID_LENGTH );
|
||||||
|
|
||||||
/* Get actual bitstring */
|
/* Get actual bitstring */
|
||||||
@ -240,10 +240,10 @@ static int x509_get_key_usage( unsigned char **p,
|
|||||||
x509_bitstring bs = { 0, 0, NULL };
|
x509_bitstring bs = { 0, 0, NULL };
|
||||||
|
|
||||||
if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( bs.len < 1 )
|
if( bs.len < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_INVALID_LENGTH );
|
POLARSSL_ERR_ASN1_INVALID_LENGTH );
|
||||||
|
|
||||||
/* Get actual bitstring */
|
/* Get actual bitstring */
|
||||||
@ -263,11 +263,11 @@ static int x509_get_ext_key_usage( unsigned char **p,
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
|
if( ( ret = asn1_get_sequence_of( p, end, ext_key_usage, ASN1_OID ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
/* Sequence length must be >= 1 */
|
/* Sequence length must be >= 1 */
|
||||||
if( ext_key_usage->buf.p == NULL )
|
if( ext_key_usage->buf.p == NULL )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_INVALID_LENGTH );
|
POLARSSL_ERR_ASN1_INVALID_LENGTH );
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -312,25 +312,25 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||||||
/* Get main sequence tag */
|
/* Get main sequence tag */
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( *p + len != end )
|
if( *p + len != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
while( *p < end )
|
while( *p < end )
|
||||||
{
|
{
|
||||||
if( ( end - *p ) < 1 )
|
if( ( end - *p ) < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
|
||||||
tag = **p;
|
tag = **p;
|
||||||
(*p)++;
|
(*p)++;
|
||||||
if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
|
if( ( ret = asn1_get_len( p, end, &tag_len ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
|
if( ( tag & ASN1_CONTEXT_SPECIFIC ) != ASN1_CONTEXT_SPECIFIC )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
||||||
|
|
||||||
if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
|
if( tag != ( ASN1_CONTEXT_SPECIFIC | 2 ) )
|
||||||
@ -352,7 +352,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||||||
sizeof( asn1_sequence ) );
|
sizeof( asn1_sequence ) );
|
||||||
|
|
||||||
if( cur->next == NULL )
|
if( cur->next == NULL )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_MALLOC_FAILED );
|
POLARSSL_ERR_ASN1_MALLOC_FAILED );
|
||||||
|
|
||||||
memset( cur->next, 0, sizeof( asn1_sequence ) );
|
memset( cur->next, 0, sizeof( asn1_sequence ) );
|
||||||
@ -364,7 +364,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||||||
cur->next = NULL;
|
cur->next = NULL;
|
||||||
|
|
||||||
if( *p != end )
|
if( *p != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -407,7 +407,7 @@ static int x509_get_crt_ext( unsigned char **p,
|
|||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
if( ( ret = asn1_get_tag( p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
end_ext_data = *p + len;
|
end_ext_data = *p + len;
|
||||||
|
|
||||||
@ -415,29 +415,29 @@ static int x509_get_crt_ext( unsigned char **p,
|
|||||||
extn_oid.tag = **p;
|
extn_oid.tag = **p;
|
||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
|
if( ( ret = asn1_get_tag( p, end, &extn_oid.len, ASN1_OID ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
extn_oid.p = *p;
|
extn_oid.p = *p;
|
||||||
*p += extn_oid.len;
|
*p += extn_oid.len;
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
if( ( end - *p ) < 1 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
||||||
|
|
||||||
/* Get optional critical */
|
/* Get optional critical */
|
||||||
if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
|
if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
|
||||||
( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
|
( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
/* Data should be octet string type */
|
/* Data should be octet string type */
|
||||||
if( ( ret = asn1_get_tag( p, end_ext_data, &len,
|
if( ( ret = asn1_get_tag( p, end_ext_data, &len,
|
||||||
ASN1_OCTET_STRING ) ) != 0 )
|
ASN1_OCTET_STRING ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
|
||||||
|
|
||||||
end_ext_octet = *p + len;
|
end_ext_octet = *p + len;
|
||||||
|
|
||||||
if( end_ext_octet != end_ext_data )
|
if( end_ext_octet != end_ext_data )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -454,7 +454,7 @@ static int x509_get_crt_ext( unsigned char **p,
|
|||||||
if( is_critical )
|
if( is_critical )
|
||||||
{
|
{
|
||||||
/* Data is marked as critical: fail */
|
/* Data is marked as critical: fail */
|
||||||
return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return ( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -506,7 +506,7 @@ static int x509_get_crt_ext( unsigned char **p,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if( *p != end )
|
if( *p != end )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
|
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -526,7 +526,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
* Check for valid input
|
* Check for valid input
|
||||||
*/
|
*/
|
||||||
if( crt == NULL || buf == NULL )
|
if( crt == NULL || buf == NULL )
|
||||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
p = (unsigned char *) polarssl_malloc( len = buflen );
|
p = (unsigned char *) polarssl_malloc( len = buflen );
|
||||||
|
|
||||||
@ -551,13 +551,13 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( len > (size_t) ( end - p ) )
|
if( len > (size_t) ( end - p ) )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
crt_end = p + len;
|
crt_end = p + len;
|
||||||
@ -571,7 +571,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
end = p + len;
|
end = p + len;
|
||||||
@ -597,7 +597,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
if( crt->version > 3 )
|
if( crt->version > 3 )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
|
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_md,
|
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_md,
|
||||||
@ -616,7 +616,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
|
if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
|
||||||
@ -649,7 +649,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( len && ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
|
if( len && ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
|
||||||
@ -710,7 +710,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -733,7 +733,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
|
memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
|
return( POLARSSL_ERR_X509_SIG_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
|
if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
|
||||||
@ -745,7 +745,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
x509_crt_free( crt );
|
x509_crt_free( crt );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -765,7 +765,7 @@ int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen
|
|||||||
* Check for valid input
|
* Check for valid input
|
||||||
*/
|
*/
|
||||||
if( crt == NULL || buf == NULL )
|
if( crt == NULL || buf == NULL )
|
||||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
while( crt->version != 0 && crt->next != NULL )
|
while( crt->version != 0 && crt->next != NULL )
|
||||||
{
|
{
|
||||||
@ -814,7 +814,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
|
|||||||
* Check for valid input
|
* Check for valid input
|
||||||
*/
|
*/
|
||||||
if( chain == NULL || buf == NULL )
|
if( chain == NULL || buf == NULL )
|
||||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Determine buffer content. Buffer contains either one DER certificate or
|
* Determine buffer content. Buffer contains either one DER certificate or
|
||||||
|
@ -102,7 +102,7 @@ int x509write_crt_set_validity( x509write_cert *ctx, char *not_before,
|
|||||||
if( strlen(not_before) != X509_RFC5280_UTC_TIME_LEN - 1 ||
|
if( strlen(not_before) != X509_RFC5280_UTC_TIME_LEN - 1 ||
|
||||||
strlen(not_after) != X509_RFC5280_UTC_TIME_LEN - 1 )
|
strlen(not_after) != X509_RFC5280_UTC_TIME_LEN - 1 )
|
||||||
{
|
{
|
||||||
return( POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
strncpy( ctx->not_before, not_before, X509_RFC5280_UTC_TIME_LEN );
|
strncpy( ctx->not_before, not_before, X509_RFC5280_UTC_TIME_LEN );
|
||||||
strncpy( ctx->not_after , not_after , X509_RFC5280_UTC_TIME_LEN );
|
strncpy( ctx->not_after , not_after , X509_RFC5280_UTC_TIME_LEN );
|
||||||
@ -132,7 +132,7 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx,
|
|||||||
memset( buf, 0, sizeof(buf) );
|
memset( buf, 0, sizeof(buf) );
|
||||||
|
|
||||||
if( is_ca && max_pathlen > 127 )
|
if( is_ca && max_pathlen > 127 )
|
||||||
return( POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
if( is_ca )
|
if( is_ca )
|
||||||
{
|
{
|
||||||
|
@ -78,7 +78,7 @@ static int x509_csr_get_version( unsigned char **p,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_VERSION + ret );
|
return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -101,7 +101,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
* Check for valid input
|
* Check for valid input
|
||||||
*/
|
*/
|
||||||
if( csr == NULL || buf == NULL )
|
if( csr == NULL || buf == NULL )
|
||||||
return( POLARSSL_ERR_X509_INVALID_INPUT );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
memset( csr, 0, sizeof( x509_csr ) );
|
memset( csr, 0, sizeof( x509_csr ) );
|
||||||
|
|
||||||
@ -164,13 +164,13 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( len != (size_t) ( end - p ) )
|
if( len != (size_t) ( end - p ) )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -183,7 +183,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
end = p + len;
|
end = p + len;
|
||||||
@ -203,7 +203,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
if( csr->version != 1 )
|
if( csr->version != 1 )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
|
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -215,7 +215,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
|
if( ( ret = x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
|
||||||
@ -242,7 +242,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
|
||||||
}
|
}
|
||||||
// TODO Parse Attributes / extension requests
|
// TODO Parse Attributes / extension requests
|
||||||
|
|
||||||
@ -264,7 +264,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
&csr->sig_pk ) ) != 0 )
|
&csr->sig_pk ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
|
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 )
|
if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 )
|
||||||
@ -276,7 +276,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
|||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
x509_csr_free( csr );
|
x509_csr_free( csr );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT +
|
return( POLARSSL_ERR_X509_INVALID_FORMAT +
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM",
|
|||||||
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
|
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
|
||||||
"MD2", "MD4", "MD5", "SHA1", "SHA256", "SHA512", "GCM" );
|
"MD2", "MD4", "MD5", "SHA1", "SHA256", "SHA512", "GCM" );
|
||||||
my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL",
|
my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL",
|
||||||
"PK", "PKCS12", "PKCS5", "X509_CREATE" );
|
"PK", "PKCS12", "PKCS5" );
|
||||||
|
|
||||||
my $line_separator = $/;
|
my $line_separator = $/;
|
||||||
undef $/;
|
undef $/;
|
||||||
@ -47,7 +47,6 @@ while (my $line = <GREP>)
|
|||||||
# Fix faulty ones
|
# Fix faulty ones
|
||||||
$module_name = "BIGNUM" if ($module_name eq "MPI");
|
$module_name = "BIGNUM" if ($module_name eq "MPI");
|
||||||
$module_name = "CTR_DRBG" if ($module_name eq "CTR");
|
$module_name = "CTR_DRBG" if ($module_name eq "CTR");
|
||||||
$module_name = "X509" if ($module_name eq "X509WRITE");
|
|
||||||
|
|
||||||
my $define_name = $module_name;
|
my $define_name = $module_name;
|
||||||
$define_name = "X509_USE,X509_CREATE" if ($define_name eq "X509");
|
$define_name = "X509_USE,X509_CREATE" if ($define_name eq "X509");
|
||||||
|
@ -375,121 +375,121 @@ depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_SELF_TEST
|
|||||||
x509_selftest:
|
x509_selftest:
|
||||||
|
|
||||||
X509 Certificate ASN1 (Incorrect first tag)
|
X509 Certificate ASN1 (Incorrect first tag)
|
||||||
x509parse_crt:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT
|
x509parse_crt:"":"":POLARSSL_ERR_X509_INVALID_FORMAT
|
||||||
|
|
||||||
X509 Certificate ASN1 (Correct first tag, data length does not match)
|
X509 Certificate ASN1 (Correct first tag, data length does not match)
|
||||||
x509parse_crt:"300000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"300000":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (Correct first tag, no more data)
|
X509 Certificate ASN1 (Correct first tag, no more data)
|
||||||
x509parse_crt:"3000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"3000":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (Correct first tag, length data incorrect)
|
X509 Certificate ASN1 (Correct first tag, length data incorrect)
|
||||||
x509parse_crt:"30023085":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_INVALID_LENGTH
|
x509parse_crt:"30023085":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_INVALID_LENGTH
|
||||||
|
|
||||||
X509 Certificate ASN1 (Correct first tag, length data incomplete)
|
X509 Certificate ASN1 (Correct first tag, length data incomplete)
|
||||||
x509parse_crt:"30023083":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30023083":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (Correct first tag, length data incomplete)
|
X509 Certificate ASN1 (Correct first tag, length data incomplete)
|
||||||
x509parse_crt:"30023081":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30023081":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (Correct first tag, length data incomplete)
|
X509 Certificate ASN1 (Correct first tag, length data incomplete)
|
||||||
x509parse_crt:"3003308200":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"3003308200":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
|
X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
|
||||||
x509parse_crt:"300100":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"300100":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
|
X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
|
||||||
x509parse_crt:"3003300100":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"3003300100":"":POLARSSL_ERR_X509_INVALID_SERIAL + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, invalid version tag)
|
X509 Certificate ASN1 (TBSCertificate, invalid version tag)
|
||||||
x509parse_crt:"30053003a00101":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"30053003a00101":"":POLARSSL_ERR_X509_INVALID_VERSION + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
|
X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
|
||||||
x509parse_crt:"30053003a00102":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30053003a00102":"":POLARSSL_ERR_X509_INVALID_VERSION + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
|
X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
|
||||||
x509parse_crt:"30163014a012021000000000000000000000000000000000":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION + POLARSSL_ERR_ASN1_INVALID_LENGTH
|
x509parse_crt:"30163014a012021000000000000000000000000000000000":"":POLARSSL_ERR_X509_INVALID_VERSION + POLARSSL_ERR_ASN1_INVALID_LENGTH
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
|
X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
|
||||||
x509parse_crt:"30073005a003020104":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30073005a003020104":"":POLARSSL_ERR_X509_INVALID_SERIAL + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
|
X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
|
||||||
x509parse_crt:"30083006a00402010400":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"30083006a00402010400":"":POLARSSL_ERR_X509_INVALID_VERSION + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
|
X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
|
||||||
x509parse_crt:"30083006a00302010400":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"30083006a00302010400":"":POLARSSL_ERR_X509_INVALID_SERIAL + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
|
X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
|
||||||
x509parse_crt:"30083006a00302010482":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30083006a00302010482":"":POLARSSL_ERR_X509_INVALID_SERIAL + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
|
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
|
||||||
x509parse_crt:"300d300ba0030201048204deadbeef":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"300d300ba0030201048204deadbeef":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
|
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
|
||||||
x509parse_crt:"300e300ca0030201048204deadbeef00":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"300e300ca0030201048204deadbeef00":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, alg oid no data in sequence)
|
X509 Certificate ASN1 (TBSCertificate, alg oid no data in sequence)
|
||||||
x509parse_crt:"300f300da0030201048204deadbeef3000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"300f300da0030201048204deadbeef3000":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, alg with params)
|
X509 Certificate ASN1 (TBSCertificate, alg with params)
|
||||||
x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct alg data, no params unknown version)
|
X509 Certificate ASN1 (TBSCertificate, correct alg data, no params unknown version)
|
||||||
x509parse_crt:"30153013a0030201048204deadbeef30060604cafed00d":"":POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
|
x509parse_crt:"30153013a0030201048204deadbeef30060604cafed00d":"":POLARSSL_ERR_X509_UNKNOWN_VERSION
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
|
X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
|
||||||
x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
|
x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_UNKNOWN_VERSION
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct alg data, length mismatch)
|
X509 Certificate ASN1 (TBSCertificate, correct alg data, length mismatch)
|
||||||
x509parse_crt:"30183016a0030201048204deadbeef30090604cafed00d050000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"30183016a0030201048204deadbeef30090604cafed00d050000":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
|
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
|
||||||
x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG + POLARSSL_ERR_OID_NOT_FOUND
|
x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + POLARSSL_ERR_OID_NOT_FOUND
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
|
X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
|
||||||
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
|
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
|
||||||
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG + POLARSSL_ERR_OID_NOT_FOUND
|
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + POLARSSL_ERR_OID_NOT_FOUND
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer no set data)
|
X509 Certificate ASN1 (TBSCertificate, issuer no set data)
|
||||||
x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
|
X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
|
||||||
x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
|
X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
|
||||||
x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
|
X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
|
||||||
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
|
X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
|
||||||
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
|
X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
|
||||||
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer, no string data)
|
X509 Certificate ASN1 (TBSCertificate, issuer, no string data)
|
||||||
x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
|
X509 Certificate ASN1 (TBSCertificate, issuer, no full following string)
|
||||||
x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
|
X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
|
||||||
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, too much date data)
|
X509 Certificate ASN1 (TBSCertificate, too much date data)
|
||||||
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":POLARSSL_ERR_X509_INVALID_DATE + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, invalid from date)
|
X509 Certificate ASN1 (TBSCertificate, invalid from date)
|
||||||
x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":POLARSSL_ERR_X509_CERT_INVALID_DATE
|
x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":POLARSSL_ERR_X509_INVALID_DATE
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, invalid to date)
|
X509 Certificate ASN1 (TBSCertificate, invalid to date)
|
||||||
x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":POLARSSL_ERR_X509_CERT_INVALID_DATE
|
x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":POLARSSL_ERR_X509_INVALID_DATE
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
|
X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
|
||||||
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
|
X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
|
||||||
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
@ -535,15 +535,15 @@ x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d01010205003
|
|||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
|
X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
|
X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
|
X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length)
|
X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
@ -551,63 +551,63 @@ x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d01010205003
|
|||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext empty)
|
X509 Certificate ASN1 (TBSCertificate v3, ext empty)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
|
X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
|
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag)
|
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
|
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing)
|
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present)
|
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing)
|
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen)
|
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch)
|
X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (correct pubkey, no sig_alg)
|
X509 Certificate ASN1 (correct pubkey, no sig_alg)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (sig_alg mismatch)
|
X509 Certificate ASN1 (sig_alg mismatch)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":POLARSSL_ERR_X509_CERT_SIG_MISMATCH
|
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":POLARSSL_ERR_X509_SIG_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (sig_alg, no sig)
|
X509 Certificate ASN1 (sig_alg, no sig)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (signature, invalid sig data)
|
X509 Certificate ASN1 (signature, invalid sig data)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_INVALID_DATA
|
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_INVALID_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (signature, data left)
|
X509 Certificate ASN1 (signature, data left)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 Certificate ASN1 (correct)
|
X509 Certificate ASN1 (correct)
|
||||||
depends_on:POLARSSL_RSA_C
|
depends_on:POLARSSL_RSA_C
|
||||||
@ -666,52 +666,52 @@ depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
|||||||
x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
|
x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
|
||||||
|
|
||||||
X509 CRL ASN1 (Incorrect first tag)
|
X509 CRL ASN1 (Incorrect first tag)
|
||||||
x509parse_crl:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT
|
x509parse_crl:"":"":POLARSSL_ERR_X509_INVALID_FORMAT
|
||||||
|
|
||||||
X509 CRL ASN1 (Correct first tag, data length does not match)
|
X509 CRL ASN1 (Correct first tag, data length does not match)
|
||||||
x509parse_crl:"300000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crl:"300000":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, tag missing)
|
X509 CRL ASN1 (TBSCertList, tag missing)
|
||||||
x509parse_crl:"3000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crl:"3000":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, version tag len missing)
|
X509 CRL ASN1 (TBSCertList, version tag len missing)
|
||||||
x509parse_crl:"3003300102":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crl:"3003300102":"":POLARSSL_ERR_X509_INVALID_VERSION + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, version correct, alg missing)
|
X509 CRL ASN1 (TBSCertList, version correct, alg missing)
|
||||||
x509parse_crl:"30053003020100":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crl:"30053003020100":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, alg correct, incorrect version)
|
X509 CRL ASN1 (TBSCertList, alg correct, incorrect version)
|
||||||
x509parse_crl:"300b3009020102300406000500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
|
x509parse_crl:"300b3009020102300406000500":"":POLARSSL_ERR_X509_UNKNOWN_VERSION
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, correct version, sig_oid1 unknown)
|
X509 CRL ASN1 (TBSCertList, correct version, sig_oid1 unknown)
|
||||||
x509parse_crl:"300b3009020100300406000500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
|
x509parse_crl:"300b3009020100300406000500":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown)
|
X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown)
|
||||||
x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
|
x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
|
X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
|
||||||
x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, issuer set missing)
|
X509 CRL ASN1 (TBSCertList, issuer set missing)
|
||||||
x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":POLARSSL_ERR_X509_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
|
X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
|
||||||
x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":POLARSSL_ERR_X509_INVALID_DATE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
|
X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
|
||||||
x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
|
X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
|
||||||
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
|
X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
|
||||||
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":POLARSSL_ERR_X509_CERT_INVALID_DATE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":POLARSSL_ERR_X509_INVALID_DATE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
|
X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
|
||||||
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":POLARSSL_ERR_X509_CERT_SIG_MISMATCH
|
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":POLARSSL_ERR_X509_SIG_MISMATCH
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
|
X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
|
||||||
x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||||
|
|
||||||
X509 CRL ASN1 (TBSCertList, sig present)
|
X509 CRL ASN1 (TBSCertList, sig present)
|
||||||
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
|
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
|
||||||
|
Loading…
Reference in New Issue
Block a user