forked from kroeckx/x509lint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
checks.h
136 lines (126 loc) · 5.96 KB
/
checks.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#ifndef _CHECKS_H_
#define _CHECKS_H_
#include <stdint.h>
typedef enum { SubscriberCertificate, IntermediateCA, RootCA } CertType;
typedef enum { PEM, DER } CertFormat;
/* This should never happen in certificates, and violates a MUST */
#define ERR_INVALID 0
#define ERR_ISSUER_ORG_NAME 1
#define ERR_ISSUER_COUNTRY 2
#define ERR_SUBJECT_ADDR 3
#define ERR_SUBJECT_ORG_NO_PLACE 4
#define ERR_SUBJECT_NO_ORG_PLACE 5
#define ERR_INVALID_ENCODING 6
#define ERR_STRING_WITH_NUL 7
#define ERR_INVALID_NAME_ENTRY_TYPE 8
#define ERR_NON_PRINTABLE 9
#define ERR_SUBJECT_COUNTRY 10
#define ERR_DOMAIN_WITH_ORG 11
#define ERR_ORGANIZATION_WITHOUT_ORG 12
#define ERR_NO_POLICY 13
#define ERR_NO_SUBJECT_ALT_NAME 14
#define ERR_NOT_VERSION3 15
#define ERR_INVALID_URL 16
#define ERR_LONGER_60_MONTHS 17
#define ERR_COUNTRY_SIZE 18
#define ERR_INVALID_TIME_FORMAT 19
#define ERR_DUPLICATE_EXTENSION 20
#define ERR_INVALID_CRL_DIST_POINT 21
#define ERR_INVALID_DISPLAY_TEXT_TYPE 22
#define ERR_INVALID_DISPLAY_TEXT_LENGTH 23
#define ERR_INVALID_TYPE_USER_NOTICE 24
#define ERR_INVALID_POLICY_QUALIFIER_ID 25
#define ERR_INDIVIDUAL_WITHOUT_NAME 26
#define ERR_INDIVIDUAL_WITHOUT_COUNTRY 27
#define ERR_EV_WITHOUT_ORGANIZATION 28
#define ERR_EV_WITHOUT_BUSINESS 29
#define ERR_EV_WITHOUT_JURISDICTION_COUNTRY 30
#define ERR_EV_WITHOUT_NUMBER 31
#define ERR_EV_WITHOUT_LOCALITY 32
#define ERR_EV_WITHOUT_COUNTRY 33
#define ERR_DOMAIN_WITH_STREET 34
#define ERR_DOMAIN_WITH_LOCALITY 35
#define ERR_DOMAIN_WITH_STATE 36
#define ERR_DOMAIN_WITH_POSTAL 37
#define ERR_ORGANIZATION_WITHOUT_COUNTRY 38
#define ERR_COMMON_NAME_SIZE 39
#define ERR_LOCALITY_NAME_SIZE 40
#define ERR_STATE_NAME_SIZE 41
#define ERR_ORGANIZATION_NAME_SIZE 42
#define ERR_ORGANIZATIONAL_UNIT_NAME_SIZE 43
#define ERR_SERIAL_NUMBER_SIZE 44
#define ERR_POSTAL_CODE_SIZE 45
#define ERR_EMAIL_SIZE 46
#define ERR_GIVEN_NAME_SIZE 47
#define ERR_SURNAME_SIZE 48
#define ERR_STREET_ADDRESS_SIZE 49
#define ERR_AIA_CRITICAL 50
#define ERR_NO_OCSP_HTTP 51
#define ERR_NO_AIA 52
#define ERR_SAN_TYPE 53
#define ERR_GEN_NAME_TYPE 54
#define ERR_EV_LONGER_27_MONTHS 55
#define ERR_SAN_WITHOUT_NAME 56
#define ERR_IP_FAMILY 57
#define ERR_CN_NOT_IN_SAN 58
#define ERR_BUSINESS_CATEGORY_SIZE 59
#define ERR_DN_QUALIFIER_SIZE 60
#define ERR_URL_WITH_NUL 61
#define ERR_POST_OFFICE_BOX_SIZE 62
#define ERR_IP_IN_DNSNAME 63
#define ERR_SERIAL_NOT_POSITIVE 64
#define ERR_SERIAL_TOO_LARGE 65
#define ERR_ASN1_INTEGER_NOT_MINIMAL 66
#define ERR_RSA_SIZE_2048 67
#define ERR_RSA_EXP_NOT_ODD 68
#define ERR_RSA_EXP_3 69
#define ERR_RSA_SMALL_FACTOR 70
#define ERR_EC_AT_INFINITY 71
#define ERR_EC_POINT_NOT_ON_CURVE 72
#define ERR_EC_INVALID_GROUP_ORDER 73
#define ERR_EC_INCORRECT_ORDER 74
#define ERR_EC_NON_ALLOWED_CURVE 75
#define ERR_UNKNOWN_PUBLIC_KEY_TYPE 76
#define ERR_SUBJECT_POSTAL 77
#define ERR_DOMAIN_WITH_NAME 78
#define ERR_NAME_NO_IV_POLICY 79
#define ERR_ROOT_CA_WITH_EKU 80
#define ERR_EMPTY_EKU 81
#define ERR_MISSING_EKU 82
#define ERR_DOMAINCOMPONENT_SIZE 83
#define ERR_UNSTRUCTUREDNAME_SIZE 84
#define ERR_TELETEX_WITH_ESCAPE 85
#define ERR_POLICY_BR 86
#define MAX_ERR ERR_POLICY_BR
/* This violates a SHOULD (or MUST with exception that can't be checked) */
#define WARN_NON_PRINTABLE_STRING 0
#define WARN_LONGER_39_MONTHS 1
#define WARN_CHECKED_AS_SUBSCRIBER 2
#define WARN_CHECKED_AS_CA 3
#define WARN_CRL_RELATIVE 4
#define WARN_NO_ISSUING_CERT_HTTP 5
#define WARN_DUPLICATE_SAN 6
#define WARN_EV_LONGER_12_MONTHS 7
#define WARN_UNKNOWN_EKU 8
#define WARN_RSA_EXP_RANGE 9
#define WARN_POLICY_QUALIFIER_NOT_CPS 10
#define WARN_EXPLICIT_TEXT_ENCODING 11
#define WARN_NO_EKU 12
#define WARN_NO_CN 13
#define WARN_TLS_CLIENT_DNS 14
#define MAX_WARN WARN_TLS_CLIENT_DNS
/* Certificate is valid, but contains things like deprecated or not checked. */
#define INF_SUBJECT_CN 0
#define INF_STRING_NOT_CHECKED 1 /* Software doesn't know how to check it yet. */
#define INF_CRL_NOT_URL 2
#define INF_UNKNOWN_VALIDATION 3 /* Software doesn't know OID yet. */
#define INF_NAME_ENTRY_LENGTH_NOT_CHECKED 4 /* Software doesn't know how to check size yet. */
#define MAX_INF INF_NAME_ENTRY_LENGTH_NOT_CHECKED
extern uint32_t errors[];
extern uint32_t warnings[];
extern uint32_t info[];
void check_init();
void check(unsigned char *cert_buffer, size_t cert_len, CertFormat format, CertType type);
int GetBit(uint32_t *val, int bit);
void check_finish();
#endif