CyaSSL - A library for setting up Secure Socket Layer (SSL…

MultiTech » Code » CyaSSL

A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.

Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL

src/crl.c@6:cf58d49e1a86, 2015-03-23 (annotated)

Committer:: Mike Fiore
Date:: Mon Mar 23 16:51:07 2015 -0500
Revision:: 6:cf58d49e1a86
Parent:: 0:b86d15c6ba29

fix whitespace in sha512.c

Who changed what in which revision?

User	Revision	Line number	New contents of line
Vanger	0:b86d15c6ba29	1	/* crl.c
Vanger	0:b86d15c6ba29	2	*
Vanger	0:b86d15c6ba29	3	* Copyright (C) 2006-2014 wolfSSL Inc.
Vanger	0:b86d15c6ba29	4	*
Vanger	0:b86d15c6ba29	5	* This file is part of CyaSSL.
Vanger	0:b86d15c6ba29	6	*
Vanger	0:b86d15c6ba29	7	* CyaSSL is free software; you can redistribute it and/or modify
Vanger	0:b86d15c6ba29	8	* it under the terms of the GNU General Public License as published by
Vanger	0:b86d15c6ba29	9	* the Free Software Foundation; either version 2 of the License, or
Vanger	0:b86d15c6ba29	10	* (at your option) any later version.
Vanger	0:b86d15c6ba29	11	*
Vanger	0:b86d15c6ba29	12	* CyaSSL is distributed in the hope that it will be useful,
Vanger	0:b86d15c6ba29	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
Vanger	0:b86d15c6ba29	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Vanger	0:b86d15c6ba29	15	* GNU General Public License for more details.
Vanger	0:b86d15c6ba29	16	*
Vanger	0:b86d15c6ba29	17	* You should have received a copy of the GNU General Public License
Vanger	0:b86d15c6ba29	18	* along with this program; if not, write to the Free Software
Vanger	0:b86d15c6ba29	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Vanger	0:b86d15c6ba29	20	*/
Vanger	0:b86d15c6ba29	21
Vanger	0:b86d15c6ba29	22	#ifdef HAVE_CONFIG_H
Vanger	0:b86d15c6ba29	23	#include <config.h>
Vanger	0:b86d15c6ba29	24	#endif
Vanger	0:b86d15c6ba29	25
Vanger	0:b86d15c6ba29	26	#include <cyassl/ctaocrypt/settings.h>
Vanger	0:b86d15c6ba29	27
Vanger	0:b86d15c6ba29	28	#ifdef HAVE_CRL
Vanger	0:b86d15c6ba29	29
Vanger	0:b86d15c6ba29	30	#include <cyassl/internal.h>
Vanger	0:b86d15c6ba29	31	#include <cyassl/error-ssl.h>
Vanger	0:b86d15c6ba29	32
Vanger	0:b86d15c6ba29	33	#include <dirent.h>
Vanger	0:b86d15c6ba29	34	#include <sys/stat.h>
Vanger	0:b86d15c6ba29	35	#include <string.h>
Vanger	0:b86d15c6ba29	36
Vanger	0:b86d15c6ba29	37	#ifdef HAVE_CRL_MONITOR
Vanger	0:b86d15c6ba29	38	static int StopMonitor(int mfd);
Vanger	0:b86d15c6ba29	39	#endif
Vanger	0:b86d15c6ba29	40
Vanger	0:b86d15c6ba29	41
Vanger	0:b86d15c6ba29	42	/* Initialze CRL members */
Vanger	0:b86d15c6ba29	43	int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm)
Vanger	0:b86d15c6ba29	44	{
Vanger	0:b86d15c6ba29	45	CYASSL_ENTER("InitCRL");
Vanger	0:b86d15c6ba29	46
Vanger	0:b86d15c6ba29	47	crl->cm = cm;
Vanger	0:b86d15c6ba29	48	crl->crlList = NULL;
Vanger	0:b86d15c6ba29	49	crl->monitors[0].path = NULL;
Vanger	0:b86d15c6ba29	50	crl->monitors[1].path = NULL;
Vanger	0:b86d15c6ba29	51	#ifdef HAVE_CRL_MONITOR
Vanger	0:b86d15c6ba29	52	crl->tid = 0;
Vanger	0:b86d15c6ba29	53	crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
Vanger	0:b86d15c6ba29	54	#endif
Vanger	0:b86d15c6ba29	55	if (InitMutex(&crl->crlLock) != 0)
Vanger	0:b86d15c6ba29	56	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	57
Vanger	0:b86d15c6ba29	58	return 0;
Vanger	0:b86d15c6ba29	59	}
Vanger	0:b86d15c6ba29	60
Vanger	0:b86d15c6ba29	61
Vanger	0:b86d15c6ba29	62	/* Initialze CRL Entry */
Vanger	0:b86d15c6ba29	63	static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
Vanger	0:b86d15c6ba29	64	{
Vanger	0:b86d15c6ba29	65	CYASSL_ENTER("InitCRL_Entry");
Vanger	0:b86d15c6ba29	66
Vanger	0:b86d15c6ba29	67	XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	68	/* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	69	* copy the hash here if needed for optimized comparisons */
Vanger	0:b86d15c6ba29	70	XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
Vanger	0:b86d15c6ba29	71	XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
Vanger	0:b86d15c6ba29	72	crle->lastDateFormat = dcrl->lastDateFormat;
Vanger	0:b86d15c6ba29	73	crle->nextDateFormat = dcrl->nextDateFormat;
Vanger	0:b86d15c6ba29	74
Vanger	0:b86d15c6ba29	75	crle->certs = dcrl->certs; /* take ownsership */
Vanger	0:b86d15c6ba29	76	dcrl->certs = NULL;
Vanger	0:b86d15c6ba29	77	crle->totalCerts = dcrl->totalCerts;
Vanger	0:b86d15c6ba29	78
Vanger	0:b86d15c6ba29	79	return 0;
Vanger	0:b86d15c6ba29	80	}
Vanger	0:b86d15c6ba29	81
Vanger	0:b86d15c6ba29	82
Vanger	0:b86d15c6ba29	83	/* Free all CRL Entry resources */
Vanger	0:b86d15c6ba29	84	static void FreeCRL_Entry(CRL_Entry* crle)
Vanger	0:b86d15c6ba29	85	{
Vanger	0:b86d15c6ba29	86	RevokedCert* tmp = crle->certs;
Vanger	0:b86d15c6ba29	87
Vanger	0:b86d15c6ba29	88	CYASSL_ENTER("FreeCRL_Entry");
Vanger	0:b86d15c6ba29	89
Vanger	0:b86d15c6ba29	90	while(tmp) {
Vanger	0:b86d15c6ba29	91	RevokedCert* next = tmp->next;
Vanger	0:b86d15c6ba29	92	XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
Vanger	0:b86d15c6ba29	93	tmp = next;
Vanger	0:b86d15c6ba29	94	}
Vanger	0:b86d15c6ba29	95	}
Vanger	0:b86d15c6ba29	96
Vanger	0:b86d15c6ba29	97
Vanger	0:b86d15c6ba29	98
Vanger	0:b86d15c6ba29	99	/* Free all CRL resources */
Vanger	0:b86d15c6ba29	100	void FreeCRL(CYASSL_CRL* crl, int dynamic)
Vanger	0:b86d15c6ba29	101	{
Vanger	0:b86d15c6ba29	102	CRL_Entry* tmp = crl->crlList;
Vanger	0:b86d15c6ba29	103
Vanger	0:b86d15c6ba29	104	CYASSL_ENTER("FreeCRL");
Vanger	0:b86d15c6ba29	105
Vanger	0:b86d15c6ba29	106	if (crl->monitors[0].path)
Vanger	0:b86d15c6ba29	107	XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
Vanger	0:b86d15c6ba29	108
Vanger	0:b86d15c6ba29	109	if (crl->monitors[1].path)
Vanger	0:b86d15c6ba29	110	XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
Vanger	0:b86d15c6ba29	111
Vanger	0:b86d15c6ba29	112	while(tmp) {
Vanger	0:b86d15c6ba29	113	CRL_Entry* next = tmp->next;
Vanger	0:b86d15c6ba29	114	FreeCRL_Entry(tmp);
Vanger	0:b86d15c6ba29	115	XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
Vanger	0:b86d15c6ba29	116	tmp = next;
Vanger	0:b86d15c6ba29	117	}
Vanger	0:b86d15c6ba29	118
Vanger	0:b86d15c6ba29	119	#ifdef HAVE_CRL_MONITOR
Vanger	0:b86d15c6ba29	120	if (crl->tid != 0) {
Vanger	0:b86d15c6ba29	121	CYASSL_MSG("stopping monitor thread");
Vanger	0:b86d15c6ba29	122	if (StopMonitor(crl->mfd) == 0)
Vanger	0:b86d15c6ba29	123	pthread_join(crl->tid, NULL);
Vanger	0:b86d15c6ba29	124	else {
Vanger	0:b86d15c6ba29	125	CYASSL_MSG("stop monitor failed, cancel instead");
Vanger	0:b86d15c6ba29	126	pthread_cancel(crl->tid);
Vanger	0:b86d15c6ba29	127	}
Vanger	0:b86d15c6ba29	128	}
Vanger	0:b86d15c6ba29	129	#endif
Vanger	0:b86d15c6ba29	130	FreeMutex(&crl->crlLock);
Vanger	0:b86d15c6ba29	131	if (dynamic) /* free self */
Vanger	0:b86d15c6ba29	132	XFREE(crl, NULL, DYNAMIC_TYPE_CRL);
Vanger	0:b86d15c6ba29	133	}
Vanger	0:b86d15c6ba29	134
Vanger	0:b86d15c6ba29	135
Vanger	0:b86d15c6ba29	136	/* Is the cert ok with CRL, return 0 on success */
Vanger	0:b86d15c6ba29	137	int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
Vanger	0:b86d15c6ba29	138	{
Vanger	0:b86d15c6ba29	139	CRL_Entry* crle;
Vanger	0:b86d15c6ba29	140	int foundEntry = 0;
Vanger	0:b86d15c6ba29	141	int ret = 0;
Vanger	0:b86d15c6ba29	142
Vanger	0:b86d15c6ba29	143	CYASSL_ENTER("CheckCertCRL");
Vanger	0:b86d15c6ba29	144
Vanger	0:b86d15c6ba29	145	if (LockMutex(&crl->crlLock) != 0) {
Vanger	0:b86d15c6ba29	146	CYASSL_MSG("LockMutex failed");
Vanger	0:b86d15c6ba29	147	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	148	}
Vanger	0:b86d15c6ba29	149
Vanger	0:b86d15c6ba29	150	crle = crl->crlList;
Vanger	0:b86d15c6ba29	151
Vanger	0:b86d15c6ba29	152	while (crle) {
Vanger	0:b86d15c6ba29	153	if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
Vanger	0:b86d15c6ba29	154	CYASSL_MSG("Found CRL Entry on list");
Vanger	0:b86d15c6ba29	155	CYASSL_MSG("Checking next date validity");
Vanger	0:b86d15c6ba29	156
Vanger	0:b86d15c6ba29	157	if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
Vanger	0:b86d15c6ba29	158	CYASSL_MSG("CRL next date is no longer valid");
Vanger	0:b86d15c6ba29	159	ret = ASN_AFTER_DATE_E;
Vanger	0:b86d15c6ba29	160	}
Vanger	0:b86d15c6ba29	161	else
Vanger	0:b86d15c6ba29	162	foundEntry = 1;
Vanger	0:b86d15c6ba29	163	break;
Vanger	0:b86d15c6ba29	164	}
Vanger	0:b86d15c6ba29	165	crle = crle->next;
Vanger	0:b86d15c6ba29	166	}
Vanger	0:b86d15c6ba29	167
Vanger	0:b86d15c6ba29	168	if (foundEntry) {
Vanger	0:b86d15c6ba29	169	RevokedCert* rc = crle->certs;
Vanger	0:b86d15c6ba29	170
Vanger	0:b86d15c6ba29	171	while (rc) {
Vanger	0:b86d15c6ba29	172	if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
Vanger	0:b86d15c6ba29	173	CYASSL_MSG("Cert revoked");
Vanger	0:b86d15c6ba29	174	ret = CRL_CERT_REVOKED;
Vanger	0:b86d15c6ba29	175	break;
Vanger	0:b86d15c6ba29	176	}
Vanger	0:b86d15c6ba29	177	rc = rc->next;
Vanger	0:b86d15c6ba29	178	}
Vanger	0:b86d15c6ba29	179	}
Vanger	0:b86d15c6ba29	180
Vanger	0:b86d15c6ba29	181	UnLockMutex(&crl->crlLock);
Vanger	0:b86d15c6ba29	182
Vanger	0:b86d15c6ba29	183	if (foundEntry == 0) {
Vanger	0:b86d15c6ba29	184	CYASSL_MSG("Couldn't find CRL for status check");
Vanger	0:b86d15c6ba29	185	ret = CRL_MISSING;
Vanger	0:b86d15c6ba29	186	if (crl->cm->cbMissingCRL) {
Vanger	0:b86d15c6ba29	187	char url[256];
Vanger	0:b86d15c6ba29	188
Vanger	0:b86d15c6ba29	189	CYASSL_MSG("Issuing missing CRL callback");
Vanger	0:b86d15c6ba29	190	url[0] = '\0';
Vanger	0:b86d15c6ba29	191	if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
Vanger	0:b86d15c6ba29	192	XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
Vanger	0:b86d15c6ba29	193	url[cert->extCrlInfoSz] = '\0';
Vanger	0:b86d15c6ba29	194	}
Vanger	0:b86d15c6ba29	195	else {
Vanger	0:b86d15c6ba29	196	CYASSL_MSG("CRL url too long");
Vanger	0:b86d15c6ba29	197	}
Vanger	0:b86d15c6ba29	198	crl->cm->cbMissingCRL(url);
Vanger	0:b86d15c6ba29	199	}
Vanger	0:b86d15c6ba29	200	}
Vanger	0:b86d15c6ba29	201
Vanger	0:b86d15c6ba29	202
Vanger	0:b86d15c6ba29	203	return ret;
Vanger	0:b86d15c6ba29	204	}
Vanger	0:b86d15c6ba29	205
Vanger	0:b86d15c6ba29	206
Vanger	0:b86d15c6ba29	207	/* Add Decoded CRL, 0 on success */
Vanger	0:b86d15c6ba29	208	static int AddCRL(CYASSL_CRL* crl, DecodedCRL* dcrl)
Vanger	0:b86d15c6ba29	209	{
Vanger	0:b86d15c6ba29	210	CRL_Entry* crle;
Vanger	0:b86d15c6ba29	211
Vanger	0:b86d15c6ba29	212	CYASSL_ENTER("AddCRL");
Vanger	0:b86d15c6ba29	213
Vanger	0:b86d15c6ba29	214	crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
Vanger	0:b86d15c6ba29	215	if (crle == NULL) {
Vanger	0:b86d15c6ba29	216	CYASSL_MSG("alloc CRL Entry failed");
Vanger	0:b86d15c6ba29	217	return -1;
Vanger	0:b86d15c6ba29	218	}
Vanger	0:b86d15c6ba29	219
Vanger	0:b86d15c6ba29	220	if (InitCRL_Entry(crle, dcrl) < 0) {
Vanger	0:b86d15c6ba29	221	CYASSL_MSG("Init CRL Entry failed");
Vanger	0:b86d15c6ba29	222	XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
Vanger	0:b86d15c6ba29	223	return -1;
Vanger	0:b86d15c6ba29	224	}
Vanger	0:b86d15c6ba29	225
Vanger	0:b86d15c6ba29	226	if (LockMutex(&crl->crlLock) != 0) {
Vanger	0:b86d15c6ba29	227	CYASSL_MSG("LockMutex failed");
Vanger	0:b86d15c6ba29	228	FreeCRL_Entry(crle);
Vanger	0:b86d15c6ba29	229	XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
Vanger	0:b86d15c6ba29	230	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	231	}
Vanger	0:b86d15c6ba29	232	crle->next = crl->crlList;
Vanger	0:b86d15c6ba29	233	crl->crlList = crle;
Vanger	0:b86d15c6ba29	234	UnLockMutex(&crl->crlLock);
Vanger	0:b86d15c6ba29	235
Vanger	0:b86d15c6ba29	236	return 0;
Vanger	0:b86d15c6ba29	237	}
Vanger	0:b86d15c6ba29	238
Vanger	0:b86d15c6ba29	239
Vanger	0:b86d15c6ba29	240	/* Load CRL File of type, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	241	int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
Vanger	0:b86d15c6ba29	242	{
Vanger	0:b86d15c6ba29	243	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	244	const byte* myBuffer = buff; /* if DER ok, otherwise switch */
Vanger	0:b86d15c6ba29	245	buffer der;
Vanger	0:b86d15c6ba29	246	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	247	DecodedCRL* dcrl;
Vanger	0:b86d15c6ba29	248	#else
Vanger	0:b86d15c6ba29	249	DecodedCRL dcrl[1];
Vanger	0:b86d15c6ba29	250	#endif
Vanger	0:b86d15c6ba29	251
Vanger	0:b86d15c6ba29	252	der.buffer = NULL;
Vanger	0:b86d15c6ba29	253
Vanger	0:b86d15c6ba29	254	CYASSL_ENTER("BufferLoadCRL");
Vanger	0:b86d15c6ba29	255
Vanger	0:b86d15c6ba29	256	if (crl == NULL \|\| buff == NULL \|\| sz == 0)
Vanger	0:b86d15c6ba29	257	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	258
Vanger	0:b86d15c6ba29	259	if (type == SSL_FILETYPE_PEM) {
Vanger	0:b86d15c6ba29	260	int eccKey = 0; /* not used */
Vanger	0:b86d15c6ba29	261	EncryptedInfo info;
Vanger	0:b86d15c6ba29	262	info.ctx = NULL;
Vanger	0:b86d15c6ba29	263
Vanger	0:b86d15c6ba29	264	ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
Vanger	0:b86d15c6ba29	265	if (ret == 0) {
Vanger	0:b86d15c6ba29	266	myBuffer = der.buffer;
Vanger	0:b86d15c6ba29	267	sz = der.length;
Vanger	0:b86d15c6ba29	268	}
Vanger	0:b86d15c6ba29	269	else {
Vanger	0:b86d15c6ba29	270	CYASSL_MSG("Pem to Der failed");
Vanger	0:b86d15c6ba29	271	return -1;
Vanger	0:b86d15c6ba29	272	}
Vanger	0:b86d15c6ba29	273	}
Vanger	0:b86d15c6ba29	274
Vanger	0:b86d15c6ba29	275	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	276	dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	277	if (dcrl == NULL) {
Vanger	0:b86d15c6ba29	278	if (der.buffer)
Vanger	0:b86d15c6ba29	279	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
Vanger	0:b86d15c6ba29	280
Vanger	0:b86d15c6ba29	281	return MEMORY_E;
Vanger	0:b86d15c6ba29	282	}
Vanger	0:b86d15c6ba29	283	#endif
Vanger	0:b86d15c6ba29	284
Vanger	0:b86d15c6ba29	285	InitDecodedCRL(dcrl);
Vanger	0:b86d15c6ba29	286	ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
Vanger	0:b86d15c6ba29	287	if (ret != 0) {
Vanger	0:b86d15c6ba29	288	CYASSL_MSG("ParseCRL error");
Vanger	0:b86d15c6ba29	289	}
Vanger	0:b86d15c6ba29	290	else {
Vanger	0:b86d15c6ba29	291	ret = AddCRL(crl, dcrl);
Vanger	0:b86d15c6ba29	292	if (ret != 0) {
Vanger	0:b86d15c6ba29	293	CYASSL_MSG("AddCRL error");
Vanger	0:b86d15c6ba29	294	}
Vanger	0:b86d15c6ba29	295	}
Vanger	0:b86d15c6ba29	296
Vanger	0:b86d15c6ba29	297	FreeDecodedCRL(dcrl);
Vanger	0:b86d15c6ba29	298
Vanger	0:b86d15c6ba29	299	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	300	XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	301	#endif
Vanger	0:b86d15c6ba29	302
Vanger	0:b86d15c6ba29	303	if (der.buffer)
Vanger	0:b86d15c6ba29	304	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
Vanger	0:b86d15c6ba29	305
Vanger	0:b86d15c6ba29	306	return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */
Vanger	0:b86d15c6ba29	307	}
Vanger	0:b86d15c6ba29	308
Vanger	0:b86d15c6ba29	309
Vanger	0:b86d15c6ba29	310	#ifdef HAVE_CRL_MONITOR
Vanger	0:b86d15c6ba29	311
Vanger	0:b86d15c6ba29	312
Vanger	0:b86d15c6ba29	313	/* read in new CRL entries and save new list */
Vanger	0:b86d15c6ba29	314	static int SwapLists(CYASSL_CRL* crl)
Vanger	0:b86d15c6ba29	315	{
Vanger	0:b86d15c6ba29	316	int ret;
Vanger	0:b86d15c6ba29	317	CRL_Entry* newList;
Vanger	0:b86d15c6ba29	318	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	319	CYASSL_CRL* tmp;
Vanger	0:b86d15c6ba29	320	#else
Vanger	0:b86d15c6ba29	321	CYASSL_CRL tmp[1];
Vanger	0:b86d15c6ba29	322	#endif
Vanger	0:b86d15c6ba29	323
Vanger	0:b86d15c6ba29	324	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	325	tmp = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	326	if (tmp == NULL)
Vanger	0:b86d15c6ba29	327	return MEMORY_E;
Vanger	0:b86d15c6ba29	328	#endif
Vanger	0:b86d15c6ba29	329
Vanger	0:b86d15c6ba29	330	if (InitCRL(tmp, crl->cm) < 0) {
Vanger	0:b86d15c6ba29	331	CYASSL_MSG("Init tmp CRL failed");
Vanger	0:b86d15c6ba29	332	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	333	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	334	#endif
Vanger	0:b86d15c6ba29	335	return -1;
Vanger	0:b86d15c6ba29	336	}
Vanger	0:b86d15c6ba29	337
Vanger	0:b86d15c6ba29	338	if (crl->monitors[0].path) {
Vanger	0:b86d15c6ba29	339	ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
Vanger	0:b86d15c6ba29	340	if (ret != SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	341	CYASSL_MSG("PEM LoadCRL on dir change failed");
Vanger	0:b86d15c6ba29	342	FreeCRL(tmp, 0);
Vanger	0:b86d15c6ba29	343	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	344	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	345	#endif
Vanger	0:b86d15c6ba29	346	return -1;
Vanger	0:b86d15c6ba29	347	}
Vanger	0:b86d15c6ba29	348	}
Vanger	0:b86d15c6ba29	349
Vanger	0:b86d15c6ba29	350	if (crl->monitors[1].path) {
Vanger	0:b86d15c6ba29	351	ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
Vanger	0:b86d15c6ba29	352	if (ret != SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	353	CYASSL_MSG("DER LoadCRL on dir change failed");
Vanger	0:b86d15c6ba29	354	FreeCRL(tmp, 0);
Vanger	0:b86d15c6ba29	355	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	356	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	357	#endif
Vanger	0:b86d15c6ba29	358	return -1;
Vanger	0:b86d15c6ba29	359	}
Vanger	0:b86d15c6ba29	360	}
Vanger	0:b86d15c6ba29	361
Vanger	0:b86d15c6ba29	362	if (LockMutex(&crl->crlLock) != 0) {
Vanger	0:b86d15c6ba29	363	CYASSL_MSG("LockMutex failed");
Vanger	0:b86d15c6ba29	364	FreeCRL(tmp, 0);
Vanger	0:b86d15c6ba29	365	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	366	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	367	#endif
Vanger	0:b86d15c6ba29	368	return -1;
Vanger	0:b86d15c6ba29	369	}
Vanger	0:b86d15c6ba29	370
Vanger	0:b86d15c6ba29	371	newList = tmp->crlList;
Vanger	0:b86d15c6ba29	372
Vanger	0:b86d15c6ba29	373	/* swap lists */
Vanger	0:b86d15c6ba29	374	tmp->crlList = crl->crlList;
Vanger	0:b86d15c6ba29	375	crl->crlList = newList;
Vanger	0:b86d15c6ba29	376
Vanger	0:b86d15c6ba29	377	UnLockMutex(&crl->crlLock);
Vanger	0:b86d15c6ba29	378
Vanger	0:b86d15c6ba29	379	FreeCRL(tmp, 0);
Vanger	0:b86d15c6ba29	380
Vanger	0:b86d15c6ba29	381	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	382	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	383	#endif
Vanger	0:b86d15c6ba29	384
Vanger	0:b86d15c6ba29	385	return 0;
Vanger	0:b86d15c6ba29	386	}
Vanger	0:b86d15c6ba29	387
Vanger	0:b86d15c6ba29	388
Vanger	0:b86d15c6ba29	389	#if (defined(__MACH__) \|\| defined(__FreeBSD__))
Vanger	0:b86d15c6ba29	390
Vanger	0:b86d15c6ba29	391	#include <sys/types.h>
Vanger	0:b86d15c6ba29	392	#include <sys/event.h>
Vanger	0:b86d15c6ba29	393	#include <sys/time.h>
Vanger	0:b86d15c6ba29	394	#include <fcntl.h>
Vanger	0:b86d15c6ba29	395	#include <unistd.h>
Vanger	0:b86d15c6ba29	396
Vanger	0:b86d15c6ba29	397	#ifdef __MACH__
Vanger	0:b86d15c6ba29	398	#define XEVENT_MODE O_EVTONLY
Vanger	0:b86d15c6ba29	399	#elif defined(__FreeBSD__)
Vanger	0:b86d15c6ba29	400	#define XEVENT_MODE EVFILT_VNODE
Vanger	0:b86d15c6ba29	401	#endif
Vanger	0:b86d15c6ba29	402
Vanger	0:b86d15c6ba29	403
Vanger	0:b86d15c6ba29	404	/* we need a unique kqueue user filter fd for crl in case user is doing custom
Vanger	0:b86d15c6ba29	405	* events too */
Vanger	0:b86d15c6ba29	406	#ifndef CRL_CUSTOM_FD
Vanger	0:b86d15c6ba29	407	#define CRL_CUSTOM_FD 123456
Vanger	0:b86d15c6ba29	408	#endif
Vanger	0:b86d15c6ba29	409
Vanger	0:b86d15c6ba29	410
Vanger	0:b86d15c6ba29	411	/* shutdown monitor thread, 0 on success */
Vanger	0:b86d15c6ba29	412	static int StopMonitor(int mfd)
Vanger	0:b86d15c6ba29	413	{
Vanger	0:b86d15c6ba29	414	struct kevent change;
Vanger	0:b86d15c6ba29	415
Vanger	0:b86d15c6ba29	416	/* trigger custom shutdown */
Vanger	0:b86d15c6ba29	417	EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
Vanger	0:b86d15c6ba29	418	if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
Vanger	0:b86d15c6ba29	419	CYASSL_MSG("kevent trigger customer event failed");
Vanger	0:b86d15c6ba29	420	return -1;
Vanger	0:b86d15c6ba29	421	}
Vanger	0:b86d15c6ba29	422
Vanger	0:b86d15c6ba29	423	return 0;
Vanger	0:b86d15c6ba29	424	}
Vanger	0:b86d15c6ba29	425
Vanger	0:b86d15c6ba29	426
Vanger	0:b86d15c6ba29	427	/* OS X monitoring */
Vanger	0:b86d15c6ba29	428	static void* DoMonitor(void* arg)
Vanger	0:b86d15c6ba29	429	{
Vanger	0:b86d15c6ba29	430	int fPEM, fDER;
Vanger	0:b86d15c6ba29	431	struct kevent change;
Vanger	0:b86d15c6ba29	432
Vanger	0:b86d15c6ba29	433	CYASSL_CRL* crl = (CYASSL_CRL*)arg;
Vanger	0:b86d15c6ba29	434
Vanger	0:b86d15c6ba29	435	CYASSL_ENTER("DoMonitor");
Vanger	0:b86d15c6ba29	436
Vanger	0:b86d15c6ba29	437	crl->mfd = kqueue();
Vanger	0:b86d15c6ba29	438	if (crl->mfd == -1) {
Vanger	0:b86d15c6ba29	439	CYASSL_MSG("kqueue failed");
Vanger	0:b86d15c6ba29	440	return NULL;
Vanger	0:b86d15c6ba29	441	}
Vanger	0:b86d15c6ba29	442
Vanger	0:b86d15c6ba29	443	/* listen for custom shutdown event */
Vanger	0:b86d15c6ba29	444	EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
Vanger	0:b86d15c6ba29	445	if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
Vanger	0:b86d15c6ba29	446	CYASSL_MSG("kevent monitor customer event failed");
Vanger	0:b86d15c6ba29	447	close(crl->mfd);
Vanger	0:b86d15c6ba29	448	return NULL;
Vanger	0:b86d15c6ba29	449	}
Vanger	0:b86d15c6ba29	450
Vanger	0:b86d15c6ba29	451	fPEM = -1;
Vanger	0:b86d15c6ba29	452	fDER = -1;
Vanger	0:b86d15c6ba29	453
Vanger	0:b86d15c6ba29	454	if (crl->monitors[0].path) {
Vanger	0:b86d15c6ba29	455	fPEM = open(crl->monitors[0].path, XEVENT_MODE);
Vanger	0:b86d15c6ba29	456	if (fPEM == -1) {
Vanger	0:b86d15c6ba29	457	CYASSL_MSG("PEM event dir open failed");
Vanger	0:b86d15c6ba29	458	close(crl->mfd);
Vanger	0:b86d15c6ba29	459	return NULL;
Vanger	0:b86d15c6ba29	460	}
Vanger	0:b86d15c6ba29	461	}
Vanger	0:b86d15c6ba29	462
Vanger	0:b86d15c6ba29	463	if (crl->monitors[1].path) {
Vanger	0:b86d15c6ba29	464	fDER = open(crl->monitors[1].path, XEVENT_MODE);
Vanger	0:b86d15c6ba29	465	if (fDER == -1) {
Vanger	0:b86d15c6ba29	466	CYASSL_MSG("DER event dir open failed");
Vanger	0:b86d15c6ba29	467	close(crl->mfd);
Vanger	0:b86d15c6ba29	468	return NULL;
Vanger	0:b86d15c6ba29	469	}
Vanger	0:b86d15c6ba29	470	}
Vanger	0:b86d15c6ba29	471
Vanger	0:b86d15c6ba29	472	if (fPEM != -1)
Vanger	0:b86d15c6ba29	473	EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD \| EV_ENABLE \| EV_ONESHOT,
Vanger	0:b86d15c6ba29	474	NOTE_DELETE \| NOTE_EXTEND \| NOTE_WRITE \| NOTE_ATTRIB, 0, 0);
Vanger	0:b86d15c6ba29	475
Vanger	0:b86d15c6ba29	476	if (fDER != -1)
Vanger	0:b86d15c6ba29	477	EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD \| EV_ENABLE \| EV_ONESHOT,
Vanger	0:b86d15c6ba29	478	NOTE_DELETE \| NOTE_EXTEND \| NOTE_WRITE \| NOTE_ATTRIB, 0, 0);
Vanger	0:b86d15c6ba29	479
Vanger	0:b86d15c6ba29	480	for (;;) {
Vanger	0:b86d15c6ba29	481	struct kevent event;
Vanger	0:b86d15c6ba29	482	int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
Vanger	0:b86d15c6ba29	483
Vanger	0:b86d15c6ba29	484	CYASSL_MSG("Got kevent");
Vanger	0:b86d15c6ba29	485
Vanger	0:b86d15c6ba29	486	if (numEvents == -1) {
Vanger	0:b86d15c6ba29	487	CYASSL_MSG("kevent problem, continue");
Vanger	0:b86d15c6ba29	488	continue;
Vanger	0:b86d15c6ba29	489	}
Vanger	0:b86d15c6ba29	490
Vanger	0:b86d15c6ba29	491	if (event.filter == EVFILT_USER) {
Vanger	0:b86d15c6ba29	492	CYASSL_MSG("Got user shutdown event, breaking out");
Vanger	0:b86d15c6ba29	493	break;
Vanger	0:b86d15c6ba29	494	}
Vanger	0:b86d15c6ba29	495
Vanger	0:b86d15c6ba29	496	if (SwapLists(crl) < 0) {
Vanger	0:b86d15c6ba29	497	CYASSL_MSG("SwapLists problem, continue");
Vanger	0:b86d15c6ba29	498	}
Vanger	0:b86d15c6ba29	499	}
Vanger	0:b86d15c6ba29	500
Vanger	0:b86d15c6ba29	501	if (fPEM != -1)
Vanger	0:b86d15c6ba29	502	close(fPEM);
Vanger	0:b86d15c6ba29	503	if (fDER != -1)
Vanger	0:b86d15c6ba29	504	close(fDER);
Vanger	0:b86d15c6ba29	505
Vanger	0:b86d15c6ba29	506	close(crl->mfd);
Vanger	0:b86d15c6ba29	507
Vanger	0:b86d15c6ba29	508	return NULL;
Vanger	0:b86d15c6ba29	509	}
Vanger	0:b86d15c6ba29	510
Vanger	0:b86d15c6ba29	511
Vanger	0:b86d15c6ba29	512	#elif defined(__linux__)
Vanger	0:b86d15c6ba29	513
Vanger	0:b86d15c6ba29	514	#include <sys/types.h>
Vanger	0:b86d15c6ba29	515	#include <sys/inotify.h>
Vanger	0:b86d15c6ba29	516	#include <sys/eventfd.h>
Vanger	0:b86d15c6ba29	517	#include <unistd.h>
Vanger	0:b86d15c6ba29	518
Vanger	0:b86d15c6ba29	519
Vanger	0:b86d15c6ba29	520	#ifndef max
Vanger	0:b86d15c6ba29	521	static INLINE int max(int a, int b)
Vanger	0:b86d15c6ba29	522	{
Vanger	0:b86d15c6ba29	523	return a > b ? a : b;
Vanger	0:b86d15c6ba29	524	}
Vanger	0:b86d15c6ba29	525	#endif /* max */
Vanger	0:b86d15c6ba29	526
Vanger	0:b86d15c6ba29	527
Vanger	0:b86d15c6ba29	528	/* shutdown monitor thread, 0 on success */
Vanger	0:b86d15c6ba29	529	static int StopMonitor(int mfd)
Vanger	0:b86d15c6ba29	530	{
Vanger	0:b86d15c6ba29	531	word64 w64 = 1;
Vanger	0:b86d15c6ba29	532
Vanger	0:b86d15c6ba29	533	/* write to our custom event */
Vanger	0:b86d15c6ba29	534	if (write(mfd, &w64, sizeof(w64)) < 0) {
Vanger	0:b86d15c6ba29	535	CYASSL_MSG("StopMonitor write failed");
Vanger	0:b86d15c6ba29	536	return -1;
Vanger	0:b86d15c6ba29	537	}
Vanger	0:b86d15c6ba29	538
Vanger	0:b86d15c6ba29	539	return 0;
Vanger	0:b86d15c6ba29	540	}
Vanger	0:b86d15c6ba29	541
Vanger	0:b86d15c6ba29	542
Vanger	0:b86d15c6ba29	543	/* linux monitoring */
Vanger	0:b86d15c6ba29	544	static void* DoMonitor(void* arg)
Vanger	0:b86d15c6ba29	545	{
Vanger	0:b86d15c6ba29	546	int notifyFd;
Vanger	0:b86d15c6ba29	547	int wd = -1;
Vanger	0:b86d15c6ba29	548	CYASSL_CRL* crl = (CYASSL_CRL*)arg;
Vanger	0:b86d15c6ba29	549	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	550	char* buff;
Vanger	0:b86d15c6ba29	551	#else
Vanger	0:b86d15c6ba29	552	char buff[8192];
Vanger	0:b86d15c6ba29	553	#endif
Vanger	0:b86d15c6ba29	554
Vanger	0:b86d15c6ba29	555	CYASSL_ENTER("DoMonitor");
Vanger	0:b86d15c6ba29	556
Vanger	0:b86d15c6ba29	557	crl->mfd = eventfd(0, 0); /* our custom shutdown event */
Vanger	0:b86d15c6ba29	558	if (crl->mfd < 0) {
Vanger	0:b86d15c6ba29	559	CYASSL_MSG("eventfd failed");
Vanger	0:b86d15c6ba29	560	return NULL;
Vanger	0:b86d15c6ba29	561	}
Vanger	0:b86d15c6ba29	562
Vanger	0:b86d15c6ba29	563	notifyFd = inotify_init();
Vanger	0:b86d15c6ba29	564	if (notifyFd < 0) {
Vanger	0:b86d15c6ba29	565	CYASSL_MSG("inotify failed");
Vanger	0:b86d15c6ba29	566	close(crl->mfd);
Vanger	0:b86d15c6ba29	567	return NULL;
Vanger	0:b86d15c6ba29	568	}
Vanger	0:b86d15c6ba29	569
Vanger	0:b86d15c6ba29	570	if (crl->monitors[0].path) {
Vanger	0:b86d15c6ba29	571	wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE \|
Vanger	0:b86d15c6ba29	572	IN_DELETE);
Vanger	0:b86d15c6ba29	573	if (wd < 0) {
Vanger	0:b86d15c6ba29	574	CYASSL_MSG("PEM notify add watch failed");
Vanger	0:b86d15c6ba29	575	close(crl->mfd);
Vanger	0:b86d15c6ba29	576	close(notifyFd);
Vanger	0:b86d15c6ba29	577	return NULL;
Vanger	0:b86d15c6ba29	578	}
Vanger	0:b86d15c6ba29	579	}
Vanger	0:b86d15c6ba29	580
Vanger	0:b86d15c6ba29	581	if (crl->monitors[1].path) {
Vanger	0:b86d15c6ba29	582	wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE \|
Vanger	0:b86d15c6ba29	583	IN_DELETE);
Vanger	0:b86d15c6ba29	584	if (wd < 0) {
Vanger	0:b86d15c6ba29	585	CYASSL_MSG("DER notify add watch failed");
Vanger	0:b86d15c6ba29	586	close(crl->mfd);
Vanger	0:b86d15c6ba29	587	close(notifyFd);
Vanger	0:b86d15c6ba29	588	return NULL;
Vanger	0:b86d15c6ba29	589	}
Vanger	0:b86d15c6ba29	590	}
Vanger	0:b86d15c6ba29	591
Vanger	0:b86d15c6ba29	592	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	593	buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	594	if (buff == NULL)
Vanger	0:b86d15c6ba29	595	return NULL;
Vanger	0:b86d15c6ba29	596	#endif
Vanger	0:b86d15c6ba29	597
Vanger	0:b86d15c6ba29	598	for (;;) {
Vanger	0:b86d15c6ba29	599	fd_set readfds;
Vanger	0:b86d15c6ba29	600	int result;
Vanger	0:b86d15c6ba29	601	int length;
Vanger	0:b86d15c6ba29	602
Vanger	0:b86d15c6ba29	603	FD_ZERO(&readfds);
Vanger	0:b86d15c6ba29	604	FD_SET(notifyFd, &readfds);
Vanger	0:b86d15c6ba29	605	FD_SET(crl->mfd, &readfds);
Vanger	0:b86d15c6ba29	606
Vanger	0:b86d15c6ba29	607	result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
Vanger	0:b86d15c6ba29	608
Vanger	0:b86d15c6ba29	609	CYASSL_MSG("Got notify event");
Vanger	0:b86d15c6ba29	610
Vanger	0:b86d15c6ba29	611	if (result < 0) {
Vanger	0:b86d15c6ba29	612	CYASSL_MSG("select problem, continue");
Vanger	0:b86d15c6ba29	613	continue;
Vanger	0:b86d15c6ba29	614	}
Vanger	0:b86d15c6ba29	615
Vanger	0:b86d15c6ba29	616	if (FD_ISSET(crl->mfd, &readfds)) {
Vanger	0:b86d15c6ba29	617	CYASSL_MSG("got custom shutdown event, breaking out");
Vanger	0:b86d15c6ba29	618	break;
Vanger	0:b86d15c6ba29	619	}
Vanger	0:b86d15c6ba29	620
Vanger	0:b86d15c6ba29	621	length = read(notifyFd, buff, 8192);
Vanger	0:b86d15c6ba29	622	if (length < 0) {
Vanger	0:b86d15c6ba29	623	CYASSL_MSG("notify read problem, continue");
Vanger	0:b86d15c6ba29	624	continue;
Vanger	0:b86d15c6ba29	625	}
Vanger	0:b86d15c6ba29	626
Vanger	0:b86d15c6ba29	627	if (SwapLists(crl) < 0) {
Vanger	0:b86d15c6ba29	628	CYASSL_MSG("SwapLists problem, continue");
Vanger	0:b86d15c6ba29	629	}
Vanger	0:b86d15c6ba29	630	}
Vanger	0:b86d15c6ba29	631
Vanger	0:b86d15c6ba29	632	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	633	XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	634	#endif
Vanger	0:b86d15c6ba29	635
Vanger	0:b86d15c6ba29	636	if (wd > 0)
Vanger	0:b86d15c6ba29	637	inotify_rm_watch(notifyFd, wd);
Vanger	0:b86d15c6ba29	638	close(crl->mfd);
Vanger	0:b86d15c6ba29	639	close(notifyFd);
Vanger	0:b86d15c6ba29	640
Vanger	0:b86d15c6ba29	641	return NULL;
Vanger	0:b86d15c6ba29	642	}
Vanger	0:b86d15c6ba29	643
Vanger	0:b86d15c6ba29	644
Vanger	0:b86d15c6ba29	645	#else
Vanger	0:b86d15c6ba29	646
Vanger	0:b86d15c6ba29	647	#error "CRL monitor only currently supported on linux or mach"
Vanger	0:b86d15c6ba29	648
Vanger	0:b86d15c6ba29	649	#endif /* MACH or linux */
Vanger	0:b86d15c6ba29	650
Vanger	0:b86d15c6ba29	651
Vanger	0:b86d15c6ba29	652	/* Start Monitoring the CRL path(s) in a thread */
Vanger	0:b86d15c6ba29	653	static int StartMonitorCRL(CYASSL_CRL* crl)
Vanger	0:b86d15c6ba29	654	{
Vanger	0:b86d15c6ba29	655	pthread_attr_t attr;
Vanger	0:b86d15c6ba29	656
Vanger	0:b86d15c6ba29	657	CYASSL_ENTER("StartMonitorCRL");
Vanger	0:b86d15c6ba29	658
Vanger	0:b86d15c6ba29	659	if (crl == NULL)
Vanger	0:b86d15c6ba29	660	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	661
Vanger	0:b86d15c6ba29	662	if (crl->tid != 0) {
Vanger	0:b86d15c6ba29	663	CYASSL_MSG("Monitor thread already running");
Vanger	0:b86d15c6ba29	664	return MONITOR_RUNNING_E;
Vanger	0:b86d15c6ba29	665	}
Vanger	0:b86d15c6ba29	666
Vanger	0:b86d15c6ba29	667	pthread_attr_init(&attr);
Vanger	0:b86d15c6ba29	668
Vanger	0:b86d15c6ba29	669	if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
Vanger	0:b86d15c6ba29	670	CYASSL_MSG("Thread creation error");
Vanger	0:b86d15c6ba29	671	return THREAD_CREATE_E;
Vanger	0:b86d15c6ba29	672	}
Vanger	0:b86d15c6ba29	673
Vanger	0:b86d15c6ba29	674	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	675	}
Vanger	0:b86d15c6ba29	676
Vanger	0:b86d15c6ba29	677
Vanger	0:b86d15c6ba29	678	#else /* HAVE_CRL_MONITOR */
Vanger	0:b86d15c6ba29	679
Vanger	0:b86d15c6ba29	680	static int StartMonitorCRL(CYASSL_CRL* crl)
Vanger	0:b86d15c6ba29	681	{
Vanger	0:b86d15c6ba29	682	(void)crl;
Vanger	0:b86d15c6ba29	683
Vanger	0:b86d15c6ba29	684	CYASSL_ENTER("StartMonitorCRL");
Vanger	0:b86d15c6ba29	685	CYASSL_MSG("Not compiled in");
Vanger	0:b86d15c6ba29	686
Vanger	0:b86d15c6ba29	687	return NOT_COMPILED_IN;
Vanger	0:b86d15c6ba29	688	}
Vanger	0:b86d15c6ba29	689
Vanger	0:b86d15c6ba29	690	#endif /* HAVE_CRL_MONITOR */
Vanger	0:b86d15c6ba29	691
Vanger	0:b86d15c6ba29	692
Vanger	0:b86d15c6ba29	693	/* Load CRL path files of type, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	694	int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
Vanger	0:b86d15c6ba29	695	{
Vanger	0:b86d15c6ba29	696	struct dirent* entry;
Vanger	0:b86d15c6ba29	697	DIR* dir;
Vanger	0:b86d15c6ba29	698	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	699	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	700	char* name;
Vanger	0:b86d15c6ba29	701	#else
Vanger	0:b86d15c6ba29	702	char name[MAX_FILENAME_SZ];
Vanger	0:b86d15c6ba29	703	#endif
Vanger	0:b86d15c6ba29	704
Vanger	0:b86d15c6ba29	705	CYASSL_ENTER("LoadCRL");
Vanger	0:b86d15c6ba29	706	if (crl == NULL)
Vanger	0:b86d15c6ba29	707	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	708
Vanger	0:b86d15c6ba29	709	dir = opendir(path);
Vanger	0:b86d15c6ba29	710	if (dir == NULL) {
Vanger	0:b86d15c6ba29	711	CYASSL_MSG("opendir path crl load failed");
Vanger	0:b86d15c6ba29	712	return BAD_PATH_ERROR;
Vanger	0:b86d15c6ba29	713	}
Vanger	0:b86d15c6ba29	714
Vanger	0:b86d15c6ba29	715	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	716	name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	717	if (name == NULL)
Vanger	0:b86d15c6ba29	718	return MEMORY_E;
Vanger	0:b86d15c6ba29	719	#endif
Vanger	0:b86d15c6ba29	720
Vanger	0:b86d15c6ba29	721	while ( (entry = readdir(dir)) != NULL) {
Vanger	0:b86d15c6ba29	722	struct stat s;
Vanger	0:b86d15c6ba29	723
Vanger	0:b86d15c6ba29	724	XMEMSET(name, 0, MAX_FILENAME_SZ);
Vanger	0:b86d15c6ba29	725	XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
Vanger	0:b86d15c6ba29	726	XSTRNCAT(name, "/", 1);
Vanger	0:b86d15c6ba29	727	XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
Vanger	0:b86d15c6ba29	728
Vanger	0:b86d15c6ba29	729	if (stat(name, &s) != 0) {
Vanger	0:b86d15c6ba29	730	CYASSL_MSG("stat on name failed");
Vanger	0:b86d15c6ba29	731	continue;
Vanger	0:b86d15c6ba29	732	}
Vanger	0:b86d15c6ba29	733	if (s.st_mode & S_IFREG) {
Vanger	0:b86d15c6ba29	734
Vanger	0:b86d15c6ba29	735	if (type == SSL_FILETYPE_PEM) {
Vanger	0:b86d15c6ba29	736	if (strstr(entry->d_name, ".pem") == NULL) {
Vanger	0:b86d15c6ba29	737	CYASSL_MSG("not .pem file, skipping");
Vanger	0:b86d15c6ba29	738	continue;
Vanger	0:b86d15c6ba29	739	}
Vanger	0:b86d15c6ba29	740	}
Vanger	0:b86d15c6ba29	741	else {
Vanger	0:b86d15c6ba29	742	if (strstr(entry->d_name, ".der") == NULL &&
Vanger	0:b86d15c6ba29	743	strstr(entry->d_name, ".crl") == NULL) {
Vanger	0:b86d15c6ba29	744
Vanger	0:b86d15c6ba29	745	CYASSL_MSG("not .der or .crl file, skipping");
Vanger	0:b86d15c6ba29	746	continue;
Vanger	0:b86d15c6ba29	747	}
Vanger	0:b86d15c6ba29	748	}
Vanger	0:b86d15c6ba29	749
Vanger	0:b86d15c6ba29	750	if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
Vanger	0:b86d15c6ba29	751	!= SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	752	CYASSL_MSG("CRL file load failed, continuing");
Vanger	0:b86d15c6ba29	753	}
Vanger	0:b86d15c6ba29	754	}
Vanger	0:b86d15c6ba29	755	}
Vanger	0:b86d15c6ba29	756
Vanger	0:b86d15c6ba29	757	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	758	XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	759	#endif
Vanger	0:b86d15c6ba29	760
Vanger	0:b86d15c6ba29	761	if (monitor & CYASSL_CRL_MONITOR) {
Vanger	0:b86d15c6ba29	762	CYASSL_MSG("monitor path requested");
Vanger	0:b86d15c6ba29	763
Vanger	0:b86d15c6ba29	764	if (type == SSL_FILETYPE_PEM) {
Vanger	0:b86d15c6ba29	765	crl->monitors[0].path = strdup(path);
Vanger	0:b86d15c6ba29	766	crl->monitors[0].type = SSL_FILETYPE_PEM;
Vanger	0:b86d15c6ba29	767	if (crl->monitors[0].path == NULL)
Vanger	0:b86d15c6ba29	768	ret = MEMORY_E;
Vanger	0:b86d15c6ba29	769	} else {
Vanger	0:b86d15c6ba29	770	crl->monitors[1].path = strdup(path);
Vanger	0:b86d15c6ba29	771	crl->monitors[1].type = SSL_FILETYPE_ASN1;
Vanger	0:b86d15c6ba29	772	if (crl->monitors[1].path == NULL)
Vanger	0:b86d15c6ba29	773	ret = MEMORY_E;
Vanger	0:b86d15c6ba29	774	}
Vanger	0:b86d15c6ba29	775
Vanger	0:b86d15c6ba29	776	if (monitor & CYASSL_CRL_START_MON) {
Vanger	0:b86d15c6ba29	777	CYASSL_MSG("start monitoring requested");
Vanger	0:b86d15c6ba29	778
Vanger	0:b86d15c6ba29	779	ret = StartMonitorCRL(crl);
Vanger	0:b86d15c6ba29	780	}
Vanger	0:b86d15c6ba29	781	}
Vanger	0:b86d15c6ba29	782
Vanger	0:b86d15c6ba29	783	closedir(dir);
Vanger	0:b86d15c6ba29	784
Vanger	0:b86d15c6ba29	785	return ret;
Vanger	0:b86d15c6ba29	786	}
Vanger	0:b86d15c6ba29	787
Vanger	0:b86d15c6ba29	788	#endif /* HAVE_CRL */

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	27 Mar 2015
Imports:	27
Forks:	0
Commits:	7
Dependents:	4
Dependencies:	0
Followers:	87

src/crl.c@6:cf58d49e1a86, 2015-03-23 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning