@@ -322,8 +322,150 @@ mbedtls_x509_san_list;
322322 */
323323int mbedtls_x509_dn_gets (char * buf , size_t size , const mbedtls_x509_name * dn );
324324
325+ /**
326+ * \brief Convert the certificate DN string \p name into
327+ * a linked list of mbedtls_x509_name (equivalent to
328+ * mbedtls_asn1_named_data).
329+ *
330+ * \note This function allocates a linked list, and places the head
331+ * pointer in \p head. This list must later be freed by a
332+ * call to mbedtls_asn1_free_named_data_list().
333+ *
334+ * \param[out] head Address in which to store the pointer to the head of the
335+ * allocated list of mbedtls_x509_name
336+ * \param[in] name The string representation of a DN to convert
337+ *
338+ * \return 0 on success, or a negative error code.
339+ */
325340int mbedtls_x509_string_to_names (mbedtls_asn1_named_data * * head , const char * name );
326341
342+ /**
343+ * \brief Return the next relative DN in an X509 name.
344+ *
345+ * \note Intended use is to compare function result to dn->next
346+ * in order to detect boundaries of multi-valued RDNs.
347+ *
348+ * \param dn Current node in the X509 name
349+ *
350+ * \return Pointer to the first attribute-value pair of the
351+ * next RDN in sequence, or NULL if end is reached.
352+ */
353+ static inline mbedtls_x509_name * mbedtls_x509_dn_get_next (
354+ mbedtls_x509_name * dn )
355+ {
356+ while (dn -> MBEDTLS_PRIVATE (next_merged ) && dn -> next != NULL ) {
357+ dn = dn -> next ;
358+ }
359+ return dn -> next ;
360+ }
361+
362+ /**
363+ * \brief Store the certificate serial in printable form into buf;
364+ * no more than size characters will be written.
365+ *
366+ * \param buf Buffer to write to
367+ * \param size Maximum size of buffer
368+ * \param serial The X509 serial to represent
369+ *
370+ * \return The length of the string written (not including the
371+ * terminated nul byte), or a negative error code.
372+ */
373+ int mbedtls_x509_serial_gets (char * buf , size_t size , const mbedtls_x509_buf * serial );
374+
375+ /**
376+ * \brief Compare pair of mbedtls_x509_time.
377+ *
378+ * \param t1 mbedtls_x509_time to compare
379+ * \param t2 mbedtls_x509_time to compare
380+ *
381+ * \return < 0 if t1 is before t2
382+ * 0 if t1 equals t2
383+ * > 0 if t1 is after t2
384+ */
385+ int mbedtls_x509_time_cmp (const mbedtls_x509_time * t1 , const mbedtls_x509_time * t2 );
386+
387+ #if defined(MBEDTLS_HAVE_TIME_DATE )
388+ /**
389+ * \brief Fill mbedtls_x509_time with provided mbedtls_time_t.
390+ *
391+ * \param tt mbedtls_time_t to convert
392+ * \param now mbedtls_x509_time to fill with converted mbedtls_time_t
393+ *
394+ * \return \c 0 on success
395+ * \return A non-zero return value on failure.
396+ */
397+ int mbedtls_x509_time_gmtime (mbedtls_time_t tt , mbedtls_x509_time * now );
398+ #endif /* MBEDTLS_HAVE_TIME_DATE */
399+
400+ /**
401+ * \brief Check a given mbedtls_x509_time against the system time
402+ * and tell if it's in the past.
403+ *
404+ * \note Intended usage is "if( is_past( valid_to ) ) ERROR".
405+ * Hence the return value of 1 if on internal errors.
406+ *
407+ * \param to mbedtls_x509_time to check
408+ *
409+ * \return 1 if the given time is in the past or an error occurred,
410+ * 0 otherwise.
411+ */
412+ int mbedtls_x509_time_is_past (const mbedtls_x509_time * to );
413+
414+ /**
415+ * \brief Check a given mbedtls_x509_time against the system time
416+ * and tell if it's in the future.
417+ *
418+ * \note Intended usage is "if( is_future( valid_from ) ) ERROR".
419+ * Hence the return value of 1 if on internal errors.
420+ *
421+ * \param from mbedtls_x509_time to check
422+ *
423+ * \return 1 if the given time is in the future or an error occurred,
424+ * 0 otherwise.
425+ */
426+ int mbedtls_x509_time_is_future (const mbedtls_x509_time * from );
427+
428+ /**
429+ * \brief This function parses an item in the SubjectAlternativeNames
430+ * extension. Please note that this function might allocate
431+ * additional memory for a subject alternative name, thus
432+ * mbedtls_x509_free_subject_alt_name has to be called
433+ * to dispose of this additional memory afterwards.
434+ *
435+ * \param san_buf The buffer holding the raw data item of the subject
436+ * alternative name.
437+ * \param san The target structure to populate with the parsed presentation
438+ * of the subject alternative name encoded in \p san_buf.
439+ *
440+ * \note Supported GeneralName types, as defined in RFC 5280:
441+ * "rfc822Name", "dnsName", "directoryName",
442+ * "uniformResourceIdentifier" and "hardware_module_name"
443+ * of type "otherName", as defined in RFC 4108.
444+ *
445+ * \note This function should be called on a single raw data of
446+ * subject alternative name. For example, after successful
447+ * certificate parsing, one must iterate on every item in the
448+ * \c crt->subject_alt_names sequence, and pass it to
449+ * this function.
450+ *
451+ * \warning The target structure contains pointers to the raw data of the
452+ * parsed certificate, and its lifetime is restricted by the
453+ * lifetime of the certificate.
454+ *
455+ * \return \c 0 on success
456+ * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
457+ * SAN type.
458+ * \return Another negative value for any other failure.
459+ */
460+ int mbedtls_x509_parse_subject_alt_name (const mbedtls_x509_buf * san_buf ,
461+ mbedtls_x509_subject_alternative_name * san );
462+ /**
463+ * \brief Unallocate all data related to subject alternative name
464+ *
465+ * \param san SAN structure - extra memory owned by this structure will be freed
466+ */
467+ void mbedtls_x509_free_subject_alt_name (mbedtls_x509_subject_alternative_name * san );
468+
327469/**
328470 * \brief This function parses a CN string as an IP address.
329471 *
0 commit comments