25
27
#ifndef POLARSSL_X509_H
26
28
#define POLARSSL_X509_H
28
#include "polarssl/rsa.h"
33
* These error codes will be OR'ed to X509 error codes for
34
* higher error granularity.
36
#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
37
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
38
#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
39
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
40
#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
45
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
46
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
47
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
48
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
49
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
50
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
51
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
52
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100
53
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
54
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
55
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
56
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
57
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
58
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
59
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
60
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
61
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220
62
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
63
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
64
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
65
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
66
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
67
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
68
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300
69
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
74
#define BADCERT_EXPIRED 1
75
#define BADCERT_REVOKED 2
76
#define BADCERT_CN_MISMATCH 4
77
#define BADCERT_NOT_TRUSTED 8
78
#define BADCRL_NOT_TRUSTED 16
79
#define BADCRL_EXPIRED 32
84
#define ASN1_BOOLEAN 0x01
85
#define ASN1_INTEGER 0x02
86
#define ASN1_BIT_STRING 0x03
87
#define ASN1_OCTET_STRING 0x04
88
#define ASN1_NULL 0x05
90
#define ASN1_UTF8_STRING 0x0C
91
#define ASN1_SEQUENCE 0x10
93
#define ASN1_PRINTABLE_STRING 0x13
94
#define ASN1_T61_STRING 0x14
95
#define ASN1_IA5_STRING 0x16
96
#define ASN1_UTC_TIME 0x17
97
#define ASN1_GENERALIZED_TIME 0x18
98
#define ASN1_UNIVERSAL_STRING 0x1C
99
#define ASN1_BMP_STRING 0x1E
100
#define ASN1_PRIMITIVE 0x00
101
#define ASN1_CONSTRUCTED 0x20
102
#define ASN1_CONTEXT_SPECIFIC 0x80
35
* \addtogroup x509_module
40
* \name X509 Error codes
43
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
44
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x2100 /**< The PEM-encoded certificate contains invalid elements, e.g. invalid character. */
45
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x2180 /**< The certificate format is invalid, e.g. different type expected. */
46
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x2200 /**< The certificate version element is invalid. */
47
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x2280 /**< The serial tag or value is invalid. */
48
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */
49
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */
50
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */
51
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x2480 /**< The pubkey tag or value is invalid (only RSA is supported). */
52
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x2500 /**< The signature tag or value invalid. */
53
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2580 /**< The extension tag or value is invalid. */
54
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2600 /**< Certificate or CRL has an unsupported version number. */
55
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2680 /**< Signature algorithm (oid) is unsupported. */
56
#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG -0x2700 /**< Key algorithm is unsupported (only RSA is supported). */
57
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2780 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
58
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2800 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
59
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Unsupported RSA key version */
60
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< Invalid RSA key tag or value. */
61
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2980 /**< Format not recognized as DER or PEM. */
62
#define POLARSSL_ERR_X509_INVALID_INPUT -0x2A00 /**< Input invalid. */
63
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2A80 /**< Allocation of memory failed. */
64
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2B00 /**< Read/write of file failed. */
69
* \name X509 Verify codes
72
#define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
73
#define BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
74
#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
75
#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
76
#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
77
#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
78
#define BADCERT_MISSING 0x40 /**< Certificate was missing. */
79
#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
81
/* \} addtogroup x509_module */
105
84
* various object identifiers
119
98
#define X509_SUBJECT 0x02
121
100
#define OID_X520 "\x55\x04"
122
#define OID_CN "\x55\x04\x03"
101
#define OID_CN OID_X520 "\x03"
123
103
#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
124
#define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
104
#define OID_PKCS1_RSA OID_PKCS1 "\x01"
125
106
#define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
126
108
#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
127
#define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
130
* Structures for parsing X.509 certificates
132
typedef struct _x509_buf
109
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01"
111
/** ISO arc for standard certificate and CRL extensions */
112
#define OID_ID_CE "\x55\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */
115
* Private Internet Extensions
116
* { iso(1) identified-organization(3) dod(6) internet(1)
117
* security(5) mechanisms(5) pkix(7) }
119
#define OID_PKIX "\x2B\x06\x01\x05\x05\x07"
122
* OIDs for standard certificate extensions
124
#define OID_AUTHORITY_KEY_IDENTIFIER OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
125
#define OID_SUBJECT_KEY_IDENTIFIER OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
126
#define OID_KEY_USAGE OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */
127
#define OID_CERTIFICATE_POLICIES OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
128
#define OID_POLICY_MAPPINGS OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */
129
#define OID_SUBJECT_ALT_NAME OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */
130
#define OID_ISSUER_ALT_NAME OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */
131
#define OID_SUBJECT_DIRECTORY_ATTRS OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
132
#define OID_BASIC_CONSTRAINTS OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
133
#define OID_NAME_CONSTRAINTS OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */
134
#define OID_POLICY_CONSTRAINTS OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
135
#define OID_EXTENDED_KEY_USAGE OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
136
#define OID_CRL_DISTRIBUTION_POINTS OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
137
#define OID_INIHIBIT_ANYPOLICY OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
138
#define OID_FRESHEST_CRL OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
141
* X.509 v3 Key Usage Extension flags
143
#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
144
#define KU_NON_REPUDIATION (0x40) /* bit 1 */
145
#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
146
#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
147
#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
148
#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
149
#define KU_CRL_SIGN (0x02) /* bit 6 */
152
* X.509 v3 Extended key usage OIDs
154
#define OID_ANY_EXTENDED_KEY_USAGE OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
156
#define OID_KP OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
157
#define OID_SERVER_AUTH OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
158
#define OID_CLIENT_AUTH OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
159
#define OID_CODE_SIGNING OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
160
#define OID_EMAIL_PROTECTION OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
161
#define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
162
#define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
164
#define STRING_SERVER_AUTH "TLS Web Server Authentication"
165
#define STRING_CLIENT_AUTH "TLS Web Client Authentication"
166
#define STRING_CODE_SIGNING "Code Signing"
167
#define STRING_EMAIL_PROTECTION "E-mail Protection"
168
#define STRING_TIME_STAMPING "Time Stamping"
169
#define STRING_OCSP_SIGNING "OCSP Signing"
172
* OIDs for CRL extensions
174
#define OID_PRIVATE_KEY_USAGE_PERIOD OID_ID_CE "\x10"
175
#define OID_CRL_NUMBER OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
178
* Netscape certificate extensions
180
#define OID_NETSCAPE "\x60\x86\x48\x01\x86\xF8\x42" /**< Netscape OID */
181
#define OID_NS_CERT OID_NETSCAPE "\x01"
182
#define OID_NS_CERT_TYPE OID_NS_CERT "\x01"
183
#define OID_NS_BASE_URL OID_NS_CERT "\x02"
184
#define OID_NS_REVOCATION_URL OID_NS_CERT "\x03"
185
#define OID_NS_CA_REVOCATION_URL OID_NS_CERT "\x04"
186
#define OID_NS_RENEWAL_URL OID_NS_CERT "\x07"
187
#define OID_NS_CA_POLICY_URL OID_NS_CERT "\x08"
188
#define OID_NS_SSL_SERVER_NAME OID_NS_CERT "\x0C"
189
#define OID_NS_COMMENT OID_NS_CERT "\x0D"
190
#define OID_NS_DATA_TYPE OID_NETSCAPE "\x02"
191
#define OID_NS_CERT_SEQUENCE OID_NS_DATA_TYPE "\x05"
194
* Netscape certificate types
195
* (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
198
#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
199
#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
200
#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
201
#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
202
#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
203
#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
204
#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
205
#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
207
#define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
208
#define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
209
#define EXT_KEY_USAGE (1 << 2)
210
#define EXT_CERTIFICATE_POLICIES (1 << 3)
211
#define EXT_POLICY_MAPPINGS (1 << 4)
212
#define EXT_SUBJECT_ALT_NAME (1 << 5)
213
#define EXT_ISSUER_ALT_NAME (1 << 6)
214
#define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
215
#define EXT_BASIC_CONSTRAINTS (1 << 8)
216
#define EXT_NAME_CONSTRAINTS (1 << 9)
217
#define EXT_POLICY_CONSTRAINTS (1 << 10)
218
#define EXT_EXTENDED_KEY_USAGE (1 << 11)
219
#define EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
220
#define EXT_INIHIBIT_ANYPOLICY (1 << 13)
221
#define EXT_FRESHEST_CRL (1 << 14)
223
#define EXT_NS_CERT_TYPE (1 << 16)
226
* Storage format identifiers
227
* Recognized formats: PEM and DER
229
#define X509_FORMAT_DER 1
230
#define X509_FORMAT_PEM 2
233
* \addtogroup x509_module
237
* \name Structures for parsing X.509 certificates and CRLs
242
* Type-length-value structure that allows for ASN1 using DER.
244
typedef asn1_buf x509_buf;
247
* Container for ASN1 bit strings.
249
typedef asn1_bitstring x509_bitstring;
252
* Container for ASN1 named information objects.
253
* It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).
140
255
typedef struct _x509_name
144
struct _x509_name *next;
257
x509_buf oid; /**< The object identifier. */
258
x509_buf val; /**< The named value. */
259
struct _x509_name *next; /**< The next named information object. */
264
* Container for a sequence of ASN.1 items
266
typedef asn1_sequence x509_sequence;
268
/** Container for date and time (precision in seconds). */
148
269
typedef struct _x509_time
271
int year, mon, day; /**< Date. */
272
int hour, min, sec; /**< Time. */
277
* Container for an X.509 certificate. The certificate may be chained.
155
279
typedef struct _x509_cert
165
x509_buf subject_raw;
170
x509_time valid_from;
187
struct _x509_cert *next;
281
x509_buf raw; /**< The raw certificate data (DER). */
282
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
284
int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
285
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
286
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
288
x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
289
x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
291
x509_name issuer; /**< The parsed issuer data (named information object). */
292
x509_name subject; /**< The parsed subject data (named information object). */
294
x509_time valid_from; /**< Start time of certificate validity. */
295
x509_time valid_to; /**< End time of certificate validity. */
297
x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */
298
rsa_context rsa; /**< Container for the RSA context. Only RSA is supported for public keys at this time. */
300
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
301
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
302
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
304
int ext_types; /**< Bit string containing detected and parsed extensions */
305
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
306
int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. */
308
unsigned char key_usage; /**< Optional key usage extension value: See the values below */
310
x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
312
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values below */
314
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
315
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
316
int sig_alg; /**< Internal representation of the signature algorithm, e.g. SIG_RSA_MD2 */
318
struct _x509_cert *next; /**< Next certificate in the CA-chain. */
323
* Certificate revocation list entry.
324
* Contains the CA-specific serial numbers and revocation dates.
191
326
typedef struct _x509_crl_entry
263
409
#ifdef __cplusplus
414
* \name Functions to read in DHM parameters, a certificate, CRL or private RSA key
418
/** \ingroup x509_module */
268
420
* \brief Parse one or more certificates and add them
269
* to the chained list
421
* to the chained list. Parses permissively. If some
422
* certificates can be parsed, the result is the number
423
* of failed certificates it encountered. If none complete
424
* correctly, the first error is returned.
271
426
* \param chain points to the start of the chain
272
427
* \param buf buffer holding the certificate data
273
428
* \param buflen size of the buffer
275
* \return 0 if successful, or a specific X509 error code
430
* \return 0 if all certificates parsed successfully, a positive number
431
* if partly successful or a specific X509 or PEM error code
277
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
433
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
435
/** \ingroup x509_module */
280
437
* \brief Load one or more certificates and add them
281
* to the chained list
438
* to the chained list. Parses permissively. If some
439
* certificates can be parsed, the result is the number
440
* of failed certificates it encountered. If none complete
441
* correctly, the first error is returned.
283
443
* \param chain points to the start of the chain
284
444
* \param path filename to read the certificates from
286
* \return 0 if successful, or a specific X509 error code
446
* \return 0 if all certificates parsed successfully, a positive number
447
* if partly successful or a specific X509 or PEM error code
288
449
int x509parse_crtfile( x509_cert *chain, const char *path );
451
/** \ingroup x509_module */
291
453
* \brief Parse one or more CRLs and add them
292
454
* to the chained list
319
483
* \param pwd password for decryption (optional)
320
484
* \param pwdlen size of the password
322
* \return 0 if successful, or a specific X509 error code
486
* \return 0 if successful, or a specific X509 or PEM error code
324
488
int x509parse_key( rsa_context *rsa,
325
const unsigned char *key, int keylen,
326
const unsigned char *pwd, int pwdlen );
489
const unsigned char *key, size_t keylen,
490
const unsigned char *pwd, size_t pwdlen );
492
/** \ingroup x509_module */
329
494
* \brief Load and parse a private RSA key
331
496
* \param rsa RSA context to be initialized
332
497
* \param path filename to read the private key from
333
* \param pwd password to decrypt the file (can be NULL)
498
* \param password password to decrypt the file (can be NULL)
335
* \return 0 if successful, or a specific X509 error code
500
* \return 0 if successful, or a specific X509 or PEM error code
337
502
int x509parse_keyfile( rsa_context *rsa, const char *path,
338
503
const char *password );
505
/** \ingroup x509_module */
507
* \brief Parse a public RSA key
509
* \param rsa RSA context to be initialized
510
* \param key input buffer
511
* \param keylen size of the buffer
513
* \return 0 if successful, or a specific X509 or PEM error code
515
int x509parse_public_key( rsa_context *rsa,
516
const unsigned char *key, size_t keylen );
518
/** \ingroup x509_module */
520
* \brief Load and parse a public RSA key
522
* \param rsa RSA context to be initialized
523
* \param path filename to read the private key from
525
* \return 0 if successful, or a specific X509 or PEM error code
527
int x509parse_public_keyfile( rsa_context *rsa, const char *path );
529
/** \ingroup x509_module */
531
* \brief Parse DHM parameters
533
* \param dhm DHM context to be initialized
534
* \param dhmin input buffer
535
* \param dhminlen size of the buffer
537
* \return 0 if successful, or a specific X509 or PEM error code
539
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen );
541
/** \ingroup x509_module */
543
* \brief Load and parse DHM parameters
545
* \param dhm DHM context to be initialized
546
* \param path filename to read the DHM Parameters from
548
* \return 0 if successful, or a specific X509 or PEM error code
550
int x509parse_dhmfile( dhm_context *dhm, const char *path );
552
/** \} name Functions to read in DHM parameters, a certificate, CRL or private RSA key */
341
555
* \brief Store the certificate DN in printable form into buf;
342
556
* no more than size characters will be written.