EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2025-08-27 09:37:34
0001 /** 0002 * \file x509.h 0003 * 0004 * \brief X.509 generic defines and structures 0005 */ 0006 /* 0007 * Copyright The Mbed TLS Contributors 0008 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 0009 */ 0010 #ifndef MBEDTLS_X509_H 0011 #define MBEDTLS_X509_H 0012 #include "mbedtls/private_access.h" 0013 0014 #include "mbedtls/build_info.h" 0015 0016 #include "mbedtls/asn1.h" 0017 #include "mbedtls/pk.h" 0018 0019 #if defined(MBEDTLS_RSA_C) 0020 #include "mbedtls/rsa.h" 0021 #endif 0022 0023 /** 0024 * \addtogroup x509_module 0025 * \{ 0026 */ 0027 0028 #if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA) 0029 /** 0030 * Maximum number of intermediate CAs in a verification chain. 0031 * That is, maximum length of the chain, excluding the end-entity certificate 0032 * and the trusted root certificate. 0033 * 0034 * Set this to a low value to prevent an adversary from making you waste 0035 * resources verifying an overlong certificate chain. 0036 */ 0037 #define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 0038 #endif 0039 0040 /** 0041 * \name X509 Error codes 0042 * \{ 0043 */ 0044 /** Unavailable feature, e.g. RSA hashing/encryption combination. */ 0045 #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 0046 /** Requested OID is unknown. */ 0047 #define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 0048 /** The CRT/CRL/CSR format is invalid, e.g. different type expected. */ 0049 #define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 0050 /** The CRT/CRL/CSR version element is invalid. */ 0051 #define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 0052 /** The serial tag or value is invalid. */ 0053 #define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 0054 /** The algorithm tag or value is invalid. */ 0055 #define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 0056 /** The name tag or value is invalid. */ 0057 #define MBEDTLS_ERR_X509_INVALID_NAME -0x2380 0058 /** The date tag or value is invalid. */ 0059 #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 0060 /** The signature tag or value invalid. */ 0061 #define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 0062 /** The extension tag or value is invalid. */ 0063 #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 0064 /** CRT/CRL/CSR has an unsupported version number. */ 0065 #define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 0066 /** Signature algorithm (oid) is unsupported. */ 0067 #define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 0068 /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ 0069 #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 0070 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */ 0071 #define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 0072 /** Format not recognized as DER or PEM. */ 0073 #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 0074 /** Input invalid. */ 0075 #define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 0076 /** Allocation of memory failed. */ 0077 #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 0078 /** Read/write of file failed. */ 0079 #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 0080 /** Destination buffer is too small. */ 0081 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 0082 /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ 0083 #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 0084 /** \} name X509 Error codes */ 0085 0086 /** 0087 * \name X509 Verify codes 0088 * \{ 0089 */ 0090 /* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ 0091 #define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ 0092 #define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ 0093 #define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ 0094 #define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ 0095 #define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ 0096 #define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ 0097 #define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */ 0098 #define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ 0099 #define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ 0100 #define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ 0101 #define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ 0102 #define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ 0103 #define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ 0104 #define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ 0105 #define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 /**< The certificate is signed with an unacceptable hash. */ 0106 #define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ 0107 #define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */ 0108 #define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */ 0109 #define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ 0110 #define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */ 0111 0112 /** \} name X509 Verify codes */ 0113 /** \} addtogroup x509_module */ 0114 0115 /* 0116 * X.509 v3 Subject Alternative Name types. 0117 * otherName [0] OtherName, 0118 * rfc822Name [1] IA5String, 0119 * dNSName [2] IA5String, 0120 * x400Address [3] ORAddress, 0121 * directoryName [4] Name, 0122 * ediPartyName [5] EDIPartyName, 0123 * uniformResourceIdentifier [6] IA5String, 0124 * iPAddress [7] OCTET STRING, 0125 * registeredID [8] OBJECT IDENTIFIER 0126 */ 0127 #define MBEDTLS_X509_SAN_OTHER_NAME 0 0128 #define MBEDTLS_X509_SAN_RFC822_NAME 1 0129 #define MBEDTLS_X509_SAN_DNS_NAME 2 0130 #define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3 0131 #define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 0132 #define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5 0133 #define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 0134 #define MBEDTLS_X509_SAN_IP_ADDRESS 7 0135 #define MBEDTLS_X509_SAN_REGISTERED_ID 8 0136 0137 /* 0138 * X.509 v3 Key Usage Extension flags 0139 * Reminder: update mbedtls_x509_info_key_usage() when adding new flags. 0140 */ 0141 #define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ 0142 #define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */ 0143 #define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ 0144 #define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ 0145 #define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */ 0146 #define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ 0147 #define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ 0148 #define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */ 0149 #define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */ 0150 0151 /* 0152 * Netscape certificate types 0153 * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html) 0154 */ 0155 0156 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ 0157 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ 0158 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ 0159 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ 0160 #define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ 0161 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ 0162 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ 0163 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ 0164 0165 /* 0166 * X.509 extension types 0167 * 0168 * Comments refer to the status for using certificates. Status can be 0169 * different for writing certificates or reading CRLs or CSRs. 0170 * 0171 * Those are defined in oid.h as oid.c needs them in a data structure. Since 0172 * these were previously defined here, let's have aliases for compatibility. 0173 */ 0174 #define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER 0175 #define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER 0176 #define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE 0177 #define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES 0178 #define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS 0179 #define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ 0180 #define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME 0181 #define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS 0182 #define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ 0183 #define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS 0184 #define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS 0185 #define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE 0186 #define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS 0187 #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY 0188 #define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL 0189 #define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE 0190 0191 /* 0192 * Storage format identifiers 0193 * Recognized formats: PEM and DER 0194 */ 0195 #define MBEDTLS_X509_FORMAT_DER 1 0196 #define MBEDTLS_X509_FORMAT_PEM 2 0197 0198 #define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */ 0199 0200 #ifdef __cplusplus 0201 extern "C" { 0202 #endif 0203 0204 /** 0205 * \addtogroup x509_module 0206 * \{ */ 0207 0208 /** 0209 * \name Structures for parsing X.509 certificates, CRLs and CSRs 0210 * \{ 0211 */ 0212 0213 /** 0214 * Type-length-value structure that allows for ASN1 using DER. 0215 */ 0216 typedef mbedtls_asn1_buf mbedtls_x509_buf; 0217 0218 /** 0219 * Container for ASN1 bit strings. 0220 */ 0221 typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring; 0222 0223 /** 0224 * Container for ASN1 named information objects. 0225 * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). 0226 */ 0227 typedef mbedtls_asn1_named_data mbedtls_x509_name; 0228 0229 /** 0230 * Container for a sequence of ASN.1 items 0231 */ 0232 typedef mbedtls_asn1_sequence mbedtls_x509_sequence; 0233 0234 /* 0235 * Container for the fields of the Authority Key Identifier object 0236 */ 0237 typedef struct mbedtls_x509_authority { 0238 mbedtls_x509_buf keyIdentifier; 0239 mbedtls_x509_sequence authorityCertIssuer; 0240 mbedtls_x509_buf authorityCertSerialNumber; 0241 mbedtls_x509_buf raw; 0242 } 0243 mbedtls_x509_authority; 0244 0245 /** Container for date and time (precision in seconds). */ 0246 typedef struct mbedtls_x509_time { 0247 int year, mon, day; /**< Date. */ 0248 int hour, min, sec; /**< Time. */ 0249 } 0250 mbedtls_x509_time; 0251 0252 /** 0253 * From RFC 5280 section 4.2.1.6: 0254 * OtherName ::= SEQUENCE { 0255 * type-id OBJECT IDENTIFIER, 0256 * value [0] EXPLICIT ANY DEFINED BY type-id } 0257 * 0258 * Future versions of the library may add new fields to this structure or 0259 * to its embedded union and structure. 0260 */ 0261 typedef struct mbedtls_x509_san_other_name { 0262 /** 0263 * The type_id is an OID as defined in RFC 5280. 0264 * To check the value of the type id, you should use 0265 * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. 0266 */ 0267 mbedtls_x509_buf type_id; /**< The type id. */ 0268 union { 0269 /** 0270 * From RFC 4108 section 5: 0271 * HardwareModuleName ::= SEQUENCE { 0272 * hwType OBJECT IDENTIFIER, 0273 * hwSerialNum OCTET STRING } 0274 */ 0275 struct { 0276 mbedtls_x509_buf oid; /**< The object identifier. */ 0277 mbedtls_x509_buf val; /**< The named value. */ 0278 } 0279 hardware_module_name; 0280 } 0281 value; 0282 } 0283 mbedtls_x509_san_other_name; 0284 0285 /** 0286 * A structure for holding the parsed Subject Alternative Name, 0287 * according to type. 0288 * 0289 * Future versions of the library may add new fields to this structure or 0290 * to its embedded union and structure. 0291 */ 0292 typedef struct mbedtls_x509_subject_alternative_name { 0293 int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ 0294 union { 0295 mbedtls_x509_san_other_name other_name; 0296 mbedtls_x509_name directory_name; 0297 mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */ 0298 } 0299 san; /**< A union of the supported SAN types */ 0300 } 0301 mbedtls_x509_subject_alternative_name; 0302 0303 typedef struct mbedtls_x509_san_list { 0304 mbedtls_x509_subject_alternative_name node; 0305 struct mbedtls_x509_san_list *next; 0306 } 0307 mbedtls_x509_san_list; 0308 0309 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ 0310 /** \} addtogroup x509_module */ 0311 0312 /** 0313 * \brief Store the certificate DN in printable form into buf; 0314 * no more than size characters will be written. 0315 * 0316 * \param buf Buffer to write to 0317 * \param size Maximum size of buffer 0318 * \param dn The X509 name to represent 0319 * 0320 * \return The length of the string written (not including the 0321 * terminated nul byte), or a negative error code. 0322 */ 0323 int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); 0324 0325 /** 0326 * \brief Convert the certificate DN string \p name into 0327 * a linked list of mbedtls_x509_name (equivalent to 0328 * mbedtls_asn1_named_data). 0329 * 0330 * \note This function allocates a linked list, and places the head 0331 * pointer in \p head. This list must later be freed by a 0332 * call to mbedtls_asn1_free_named_data_list(). 0333 * 0334 * \param[out] head Address in which to store the pointer to the head of the 0335 * allocated list of mbedtls_x509_name 0336 * \param[in] name The string representation of a DN to convert 0337 * 0338 * \return 0 on success, or a negative error code. 0339 */ 0340 int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name); 0341 0342 /** 0343 * \brief Return the next relative DN in an X509 name. 0344 * 0345 * \note Intended use is to compare function result to dn->next 0346 * in order to detect boundaries of multi-valued RDNs. 0347 * 0348 * \param dn Current node in the X509 name 0349 * 0350 * \return Pointer to the first attribute-value pair of the 0351 * next RDN in sequence, or NULL if end is reached. 0352 */ 0353 static inline mbedtls_x509_name *mbedtls_x509_dn_get_next( 0354 mbedtls_x509_name *dn) 0355 { 0356 while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) { 0357 dn = dn->next; 0358 } 0359 return dn->next; 0360 } 0361 0362 /** 0363 * \brief Store the certificate serial in printable form into buf; 0364 * no more than size characters will be written. 0365 * 0366 * \param buf Buffer to write to 0367 * \param size Maximum size of buffer 0368 * \param serial The X509 serial to represent 0369 * 0370 * \return The length of the string written (not including the 0371 * terminated nul byte), or a negative error code. 0372 */ 0373 int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial); 0374 0375 /** 0376 * \brief Compare pair of mbedtls_x509_time. 0377 * 0378 * \param t1 mbedtls_x509_time to compare 0379 * \param t2 mbedtls_x509_time to compare 0380 * 0381 * \return < 0 if t1 is before t2 0382 * 0 if t1 equals t2 0383 * > 0 if t1 is after t2 0384 */ 0385 int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2); 0386 0387 #if defined(MBEDTLS_HAVE_TIME_DATE) 0388 /** 0389 * \brief Fill mbedtls_x509_time with provided mbedtls_time_t. 0390 * 0391 * \param tt mbedtls_time_t to convert 0392 * \param now mbedtls_x509_time to fill with converted mbedtls_time_t 0393 * 0394 * \return \c 0 on success 0395 * \return A non-zero return value on failure. 0396 */ 0397 int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now); 0398 #endif /* MBEDTLS_HAVE_TIME_DATE */ 0399 0400 /** 0401 * \brief Check a given mbedtls_x509_time against the system time 0402 * and tell if it's in the past. 0403 * 0404 * \note Intended usage is "if( is_past( valid_to ) ) ERROR". 0405 * Hence the return value of 1 if on internal errors. 0406 * 0407 * \param to mbedtls_x509_time to check 0408 * 0409 * \return 1 if the given time is in the past or an error occurred, 0410 * 0 otherwise. 0411 */ 0412 int mbedtls_x509_time_is_past(const mbedtls_x509_time *to); 0413 0414 /** 0415 * \brief Check a given mbedtls_x509_time against the system time 0416 * and tell if it's in the future. 0417 * 0418 * \note Intended usage is "if( is_future( valid_from ) ) ERROR". 0419 * Hence the return value of 1 if on internal errors. 0420 * 0421 * \param from mbedtls_x509_time to check 0422 * 0423 * \return 1 if the given time is in the future or an error occurred, 0424 * 0 otherwise. 0425 */ 0426 int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); 0427 0428 /** 0429 * \brief This function parses an item in the SubjectAlternativeNames 0430 * extension. Please note that this function might allocate 0431 * additional memory for a subject alternative name, thus 0432 * mbedtls_x509_free_subject_alt_name has to be called 0433 * to dispose of this additional memory afterwards. 0434 * 0435 * \param san_buf The buffer holding the raw data item of the subject 0436 * alternative name. 0437 * \param san The target structure to populate with the parsed presentation 0438 * of the subject alternative name encoded in \p san_buf. 0439 * 0440 * \note Supported GeneralName types, as defined in RFC 5280: 0441 * "rfc822Name", "dnsName", "directoryName", 0442 * "uniformResourceIdentifier" and "hardware_module_name" 0443 * of type "otherName", as defined in RFC 4108. 0444 * 0445 * \note This function should be called on a single raw data of 0446 * subject alternative name. For example, after successful 0447 * certificate parsing, one must iterate on every item in the 0448 * \c crt->subject_alt_names sequence, and pass it to 0449 * this function. 0450 * 0451 * \warning The target structure contains pointers to the raw data of the 0452 * parsed certificate, and its lifetime is restricted by the 0453 * lifetime of the certificate. 0454 * 0455 * \return \c 0 on success 0456 * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported 0457 * SAN type. 0458 * \return Another negative value for any other failure. 0459 */ 0460 int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, 0461 mbedtls_x509_subject_alternative_name *san); 0462 /** 0463 * \brief Unallocate all data related to subject alternative name 0464 * 0465 * \param san SAN structure - extra memory owned by this structure will be freed 0466 */ 0467 void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san); 0468 0469 /** 0470 * \brief This function parses a CN string as an IP address. 0471 * 0472 * \param cn The CN string to parse. CN string MUST be null-terminated. 0473 * \param dst The target buffer to populate with the binary IP address. 0474 * The buffer MUST be 16 bytes to save IPv6, and should be 0475 * 4-byte aligned if the result will be used as struct in_addr. 0476 * e.g. uint32_t dst[4] 0477 * 0478 * \note \p cn is parsed as an IPv6 address if string contains ':', 0479 * else \p cn is parsed as an IPv4 address. 0480 * 0481 * \return Length of binary IP address; num bytes written to target. 0482 * \return \c 0 on failure to parse CN string as an IP address. 0483 */ 0484 size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); 0485 0486 #define MBEDTLS_X509_SAFE_SNPRINTF \ 0487 do { \ 0488 if (ret < 0 || (size_t) ret >= n) \ 0489 return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \ 0490 \ 0491 n -= (size_t) ret; \ 0492 p += (size_t) ret; \ 0493 } while (0) 0494 0495 #ifdef __cplusplus 0496 } 0497 #endif 0498 0499 #endif /* MBEDTLS_X509_H */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|