Tor
0.4.7.0-alpha-dev
|
Wrapper functions to present a consistent interface to X.509 functions. More...
#include "lib/tls/x509.h"
#include "lib/tls/x509_internal.h"
#include "lib/tls/tortls.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/compat_openssl.h"
#include <openssl/opensslv.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include "lib/log/log.h"
#include "lib/log/util_bug.h"
#include "lib/ctime/di_ops.h"
#include "lib/encoding/time_fmt.h"
#include <stdlib.h>
#include <string.h>
Go to the source code of this file.
Functions | |
static X509_NAME * | tor_x509_name_new (const char *cname) |
X509 * | tor_tls_create_certificate (crypto_pk_t *rsa, crypto_pk_t *rsa_sign, const char *cname, const char *cname_sign, unsigned int cert_lifetime) |
int | tor_x509_cert_set_cached_der_encoding (tor_x509_cert_t *cert) |
void | tor_x509_cert_impl_free_ (tor_x509_cert_impl_t *cert) |
tor_x509_cert_impl_t * | tor_x509_cert_impl_dup_ (tor_x509_cert_impl_t *cert) |
void | tor_x509_cert_get_der (const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out) |
tor_x509_cert_t * | tor_x509_cert_decode (const uint8_t *certificate, size_t certificate_len) |
crypto_pk_t * | tor_tls_cert_get_key (tor_x509_cert_t *cert) |
int | tor_tls_cert_is_valid (int severity, const tor_x509_cert_t *cert, const tor_x509_cert_t *signing_cert, time_t now, int check_rsa_1024) |
static void | log_cert_lifetime (int severity, const X509 *cert, const char *problem, time_t now) |
int | tor_x509_check_cert_lifetime_internal (int severity, const X509 *cert, time_t now, int past_tolerance, int future_tolerance) |
Wrapper functions to present a consistent interface to X.509 functions.
Wrapper functions to present a consistent interface to X.509 functions from OpenSSL.
Definition in file x509_openssl.c.
|
static |
Warn that a certificate lifetime extends through a certain range.
Definition at line 367 of file x509_openssl.c.
crypto_pk_t* tor_tls_cert_get_key | ( | tor_x509_cert_t * | cert | ) |
Return a newly allocated copy of the public key that a certificate certifies. Watch out! This returns NULL if the cert's key is not RSA.
Definition at line 278 of file x509_openssl.c.
int tor_tls_cert_is_valid | ( | int | severity, |
const tor_x509_cert_t * | cert, | ||
const tor_x509_cert_t * | signing_cert, | ||
time_t | now, | ||
int | check_rsa_1024 | ||
) |
Check whether cert is well-formed, currently live, and correctly signed by the public key in signing_cert. If check_rsa_1024, make sure that it has an RSA key with 1024 bits; otherwise, just check that the key is long enough. Return 1 if the cert is good, and 0 if it's bad or we couldn't check it.
Definition at line 301 of file x509_openssl.c.
X509* tor_tls_create_certificate | ( | crypto_pk_t * | rsa, |
crypto_pk_t * | rsa_sign, | ||
const char * | cname, | ||
const char * | cname_sign, | ||
unsigned int | cert_lifetime | ||
) |
Generate and sign an X509 certificate with the public key rsa, signed by the private key rsa_sign. The commonName of the certificate will be cname; the commonName of the issuer will be cname_sign. The cert will be valid for cert_lifetime seconds, starting from some time in the past.
Return a certificate on success, NULL on failure.
Definition at line 105 of file x509_openssl.c.
tor_x509_cert_t* tor_x509_cert_decode | ( | const uint8_t * | certificate, |
size_t | certificate_len | ||
) |
Read a DER-encoded X509 cert, of length exactly certificate_len, from a certificate. Return a newly allocated tor_x509_cert_t on success and NULL on failure.
Definition at line 238 of file x509_openssl.c.
void tor_x509_cert_get_der | ( | const tor_x509_cert_t * | cert, |
const uint8_t ** | encoded_out, | ||
size_t * | size_out | ||
) |
Set *encoded_out and *size_out to cert's encoded DER representation and length, respectively.
Definition at line 224 of file x509_openssl.c.
Referenced by add_x509_cert().
int tor_x509_cert_set_cached_der_encoding | ( | tor_x509_cert_t * | cert | ) |
Set the 'encoded' and 'encoded_len' fields of "cert" from cert->cert.
Definition at line 190 of file x509_openssl.c.
int tor_x509_check_cert_lifetime_internal | ( | int | severity, |
const X509 * | cert, | ||
time_t | now, | ||
int | past_tolerance, | ||
int | future_tolerance | ||
) |
Helper: check whether cert is expired give or take past_tolerance seconds, or not-yet-valid give or take future_tolerance seconds. (Relative to the current time now.) If it is live, return 0. If it is not live, log a message and return -1.
Definition at line 428 of file x509_openssl.c.
|
static |
Return a newly allocated X509 name with commonName cname.
Definition at line 71 of file x509_openssl.c.