mbedtls - mbedtls ported to mbed-classic

sandbox » Code » mbedtls

mbedtls ported to mbed-classic

Fork of mbedtls by Christopher Haster

source/x509_crl.c@4:bef26f687287, 2016-04-07 (annotated)

Committer:: Brian Daniels
Date:: Thu Apr 07 11:11:18 2016 +0100
Revision:: 4:bef26f687287
Parent:: 1:24750b9ad5ef

Adding ported selftest test case

Who changed what in which revision?

User	Revision	Line number	New contents of line
Christopher Haster	1:24750b9ad5ef	1	/*
Christopher Haster	1:24750b9ad5ef	2	* X.509 Certidicate Revocation List (CRL) parsing
Christopher Haster	1:24750b9ad5ef	3	*
Christopher Haster	1:24750b9ad5ef	4	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster	1:24750b9ad5ef	5	* SPDX-License-Identifier: Apache-2.0
Christopher Haster	1:24750b9ad5ef	6	*
Christopher Haster	1:24750b9ad5ef	7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster	1:24750b9ad5ef	8	* not use this file except in compliance with the License.
Christopher Haster	1:24750b9ad5ef	9	* You may obtain a copy of the License at
Christopher Haster	1:24750b9ad5ef	10	*
Christopher Haster	1:24750b9ad5ef	11	* http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster	1:24750b9ad5ef	12	*
Christopher Haster	1:24750b9ad5ef	13	* Unless required by applicable law or agreed to in writing, software
Christopher Haster	1:24750b9ad5ef	14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster	1:24750b9ad5ef	15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster	1:24750b9ad5ef	16	* See the License for the specific language governing permissions and
Christopher Haster	1:24750b9ad5ef	17	* limitations under the License.
Christopher Haster	1:24750b9ad5ef	18	*
Christopher Haster	1:24750b9ad5ef	19	* This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster	1:24750b9ad5ef	20	*/
Christopher Haster	1:24750b9ad5ef	21	/*
Christopher Haster	1:24750b9ad5ef	22	* The ITU-T X.509 standard defines a certificate format for PKI.
Christopher Haster	1:24750b9ad5ef	23	*
Christopher Haster	1:24750b9ad5ef	24	* http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
Christopher Haster	1:24750b9ad5ef	25	* http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
Christopher Haster	1:24750b9ad5ef	26	* http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Christopher Haster	1:24750b9ad5ef	27	*
Christopher Haster	1:24750b9ad5ef	28	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
Christopher Haster	1:24750b9ad5ef	29	* http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
Christopher Haster	1:24750b9ad5ef	30	*/
Christopher Haster	1:24750b9ad5ef	31
Christopher Haster	1:24750b9ad5ef	32	#if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster	1:24750b9ad5ef	33	#include "mbedtls/config.h"
Christopher Haster	1:24750b9ad5ef	34	#else
Christopher Haster	1:24750b9ad5ef	35	#include MBEDTLS_CONFIG_FILE
Christopher Haster	1:24750b9ad5ef	36	#endif
Christopher Haster	1:24750b9ad5ef	37
Christopher Haster	1:24750b9ad5ef	38	#if defined(MBEDTLS_X509_CRL_PARSE_C)
Christopher Haster	1:24750b9ad5ef	39
Christopher Haster	1:24750b9ad5ef	40	#include "mbedtls/x509_crl.h"
Christopher Haster	1:24750b9ad5ef	41	#include "mbedtls/oid.h"
Christopher Haster	1:24750b9ad5ef	42
Christopher Haster	1:24750b9ad5ef	43	#include <string.h>
Christopher Haster	1:24750b9ad5ef	44
Christopher Haster	1:24750b9ad5ef	45	#if defined(MBEDTLS_PEM_PARSE_C)
Christopher Haster	1:24750b9ad5ef	46	#include "mbedtls/pem.h"
Christopher Haster	1:24750b9ad5ef	47	#endif
Christopher Haster	1:24750b9ad5ef	48
Christopher Haster	1:24750b9ad5ef	49	#if defined(MBEDTLS_PLATFORM_C)
Christopher Haster	1:24750b9ad5ef	50	#include "mbedtls/platform.h"
Christopher Haster	1:24750b9ad5ef	51	#else
Christopher Haster	1:24750b9ad5ef	52	#include <stdlib.h>
Christopher Haster	1:24750b9ad5ef	53	#include <stdio.h>
Christopher Haster	1:24750b9ad5ef	54	#define mbedtls_free free
Christopher Haster	1:24750b9ad5ef	55	#define mbedtls_calloc calloc
Christopher Haster	1:24750b9ad5ef	56	#define mbedtls_snprintf snprintf
Christopher Haster	1:24750b9ad5ef	57	#endif
Christopher Haster	1:24750b9ad5ef	58
Christopher Haster	1:24750b9ad5ef	59	#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Christopher Haster	1:24750b9ad5ef	60	#include <windows.h>
Christopher Haster	1:24750b9ad5ef	61	#else
Christopher Haster	1:24750b9ad5ef	62	#include <time.h>
Christopher Haster	1:24750b9ad5ef	63	#endif
Christopher Haster	1:24750b9ad5ef	64
Christopher Haster	1:24750b9ad5ef	65	#if defined(MBEDTLS_FS_IO) \|\| defined(EFIX64) \|\| defined(EFI32)
Christopher Haster	1:24750b9ad5ef	66	#include <stdio.h>
Christopher Haster	1:24750b9ad5ef	67	#endif
Christopher Haster	1:24750b9ad5ef	68
Christopher Haster	1:24750b9ad5ef	69	/* Implementation that should never be optimized out by the compiler */
Christopher Haster	1:24750b9ad5ef	70	static void mbedtls_zeroize( void *v, size_t n ) {
Christopher Haster	1:24750b9ad5ef	71	volatile unsigned char p = v; while( n-- ) p++ = 0;
Christopher Haster	1:24750b9ad5ef	72	}
Christopher Haster	1:24750b9ad5ef	73
Christopher Haster	1:24750b9ad5ef	74	/*
Christopher Haster	1:24750b9ad5ef	75	* Version ::= INTEGER { v1(0), v2(1) }
Christopher Haster	1:24750b9ad5ef	76	*/
Christopher Haster	1:24750b9ad5ef	77	static int x509_crl_get_version( unsigned char **p,
Christopher Haster	1:24750b9ad5ef	78	const unsigned char *end,
Christopher Haster	1:24750b9ad5ef	79	int *ver )
Christopher Haster	1:24750b9ad5ef	80	{
Christopher Haster	1:24750b9ad5ef	81	int ret;
Christopher Haster	1:24750b9ad5ef	82
Christopher Haster	1:24750b9ad5ef	83	if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	84	{
Christopher Haster	1:24750b9ad5ef	85	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Christopher Haster	1:24750b9ad5ef	86	{
Christopher Haster	1:24750b9ad5ef	87	*ver = 0;
Christopher Haster	1:24750b9ad5ef	88	return( 0 );
Christopher Haster	1:24750b9ad5ef	89	}
Christopher Haster	1:24750b9ad5ef	90
Christopher Haster	1:24750b9ad5ef	91	return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
Christopher Haster	1:24750b9ad5ef	92	}
Christopher Haster	1:24750b9ad5ef	93
Christopher Haster	1:24750b9ad5ef	94	return( 0 );
Christopher Haster	1:24750b9ad5ef	95	}
Christopher Haster	1:24750b9ad5ef	96
Christopher Haster	1:24750b9ad5ef	97	/*
Christopher Haster	1:24750b9ad5ef	98	* X.509 CRL v2 extensions (no extensions parsed yet.)
Christopher Haster	1:24750b9ad5ef	99	*/
Christopher Haster	1:24750b9ad5ef	100	static int x509_get_crl_ext( unsigned char **p,
Christopher Haster	1:24750b9ad5ef	101	const unsigned char *end,
Christopher Haster	1:24750b9ad5ef	102	mbedtls_x509_buf *ext )
Christopher Haster	1:24750b9ad5ef	103	{
Christopher Haster	1:24750b9ad5ef	104	int ret;
Christopher Haster	1:24750b9ad5ef	105	size_t len = 0;
Christopher Haster	1:24750b9ad5ef	106
Christopher Haster	1:24750b9ad5ef	107	/* Get explicit tag */
Christopher Haster	1:24750b9ad5ef	108	if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 )
Christopher Haster	1:24750b9ad5ef	109	{
Christopher Haster	1:24750b9ad5ef	110	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Christopher Haster	1:24750b9ad5ef	111	return( 0 );
Christopher Haster	1:24750b9ad5ef	112
Christopher Haster	1:24750b9ad5ef	113	return( ret );
Christopher Haster	1:24750b9ad5ef	114	}
Christopher Haster	1:24750b9ad5ef	115
Christopher Haster	1:24750b9ad5ef	116	while( *p < end )
Christopher Haster	1:24750b9ad5ef	117	{
Christopher Haster	1:24750b9ad5ef	118	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
Christopher Haster	1:24750b9ad5ef	119	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	120	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
Christopher Haster	1:24750b9ad5ef	121
Christopher Haster	1:24750b9ad5ef	122	*p += len;
Christopher Haster	1:24750b9ad5ef	123	}
Christopher Haster	1:24750b9ad5ef	124
Christopher Haster	1:24750b9ad5ef	125	if( *p != end )
Christopher Haster	1:24750b9ad5ef	126	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
Christopher Haster	1:24750b9ad5ef	127	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster	1:24750b9ad5ef	128
Christopher Haster	1:24750b9ad5ef	129	return( 0 );
Christopher Haster	1:24750b9ad5ef	130	}
Christopher Haster	1:24750b9ad5ef	131
Christopher Haster	1:24750b9ad5ef	132	/*
Christopher Haster	1:24750b9ad5ef	133	* X.509 CRL v2 entry extensions (no extensions parsed yet.)
Christopher Haster	1:24750b9ad5ef	134	*/
Christopher Haster	1:24750b9ad5ef	135	static int x509_get_crl_entry_ext( unsigned char **p,
Christopher Haster	1:24750b9ad5ef	136	const unsigned char *end,
Christopher Haster	1:24750b9ad5ef	137	mbedtls_x509_buf *ext )
Christopher Haster	1:24750b9ad5ef	138	{
Christopher Haster	1:24750b9ad5ef	139	int ret;
Christopher Haster	1:24750b9ad5ef	140	size_t len = 0;
Christopher Haster	1:24750b9ad5ef	141
Christopher Haster	1:24750b9ad5ef	142	/* OPTIONAL */
Christopher Haster	1:24750b9ad5ef	143	if( end <= *p )
Christopher Haster	1:24750b9ad5ef	144	return( 0 );
Christopher Haster	1:24750b9ad5ef	145
Christopher Haster	1:24750b9ad5ef	146	ext->tag = **p;
Christopher Haster	1:24750b9ad5ef	147	ext->p = *p;
Christopher Haster	1:24750b9ad5ef	148
Christopher Haster	1:24750b9ad5ef	149	/*
Christopher Haster	1:24750b9ad5ef	150	* Get CRL-entry extension sequence header
Christopher Haster	1:24750b9ad5ef	151	* crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
Christopher Haster	1:24750b9ad5ef	152	*/
Christopher Haster	1:24750b9ad5ef	153	if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
Christopher Haster	1:24750b9ad5ef	154	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	155	{
Christopher Haster	1:24750b9ad5ef	156	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Christopher Haster	1:24750b9ad5ef	157	{
Christopher Haster	1:24750b9ad5ef	158	ext->p = NULL;
Christopher Haster	1:24750b9ad5ef	159	return( 0 );
Christopher Haster	1:24750b9ad5ef	160	}
Christopher Haster	1:24750b9ad5ef	161	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
Christopher Haster	1:24750b9ad5ef	162	}
Christopher Haster	1:24750b9ad5ef	163
Christopher Haster	1:24750b9ad5ef	164	end = *p + ext->len;
Christopher Haster	1:24750b9ad5ef	165
Christopher Haster	1:24750b9ad5ef	166	if( end != *p + ext->len )
Christopher Haster	1:24750b9ad5ef	167	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
Christopher Haster	1:24750b9ad5ef	168	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster	1:24750b9ad5ef	169
Christopher Haster	1:24750b9ad5ef	170	while( *p < end )
Christopher Haster	1:24750b9ad5ef	171	{
Christopher Haster	1:24750b9ad5ef	172	if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
Christopher Haster	1:24750b9ad5ef	173	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	174	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
Christopher Haster	1:24750b9ad5ef	175
Christopher Haster	1:24750b9ad5ef	176	*p += len;
Christopher Haster	1:24750b9ad5ef	177	}
Christopher Haster	1:24750b9ad5ef	178
Christopher Haster	1:24750b9ad5ef	179	if( *p != end )
Christopher Haster	1:24750b9ad5ef	180	return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
Christopher Haster	1:24750b9ad5ef	181	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster	1:24750b9ad5ef	182
Christopher Haster	1:24750b9ad5ef	183	return( 0 );
Christopher Haster	1:24750b9ad5ef	184	}
Christopher Haster	1:24750b9ad5ef	185
Christopher Haster	1:24750b9ad5ef	186	/*
Christopher Haster	1:24750b9ad5ef	187	* X.509 CRL Entries
Christopher Haster	1:24750b9ad5ef	188	*/
Christopher Haster	1:24750b9ad5ef	189	static int x509_get_entries( unsigned char **p,
Christopher Haster	1:24750b9ad5ef	190	const unsigned char *end,
Christopher Haster	1:24750b9ad5ef	191	mbedtls_x509_crl_entry *entry )
Christopher Haster	1:24750b9ad5ef	192	{
Christopher Haster	1:24750b9ad5ef	193	int ret;
Christopher Haster	1:24750b9ad5ef	194	size_t entry_len;
Christopher Haster	1:24750b9ad5ef	195	mbedtls_x509_crl_entry *cur_entry = entry;
Christopher Haster	1:24750b9ad5ef	196
Christopher Haster	1:24750b9ad5ef	197	if( *p == end )
Christopher Haster	1:24750b9ad5ef	198	return( 0 );
Christopher Haster	1:24750b9ad5ef	199
Christopher Haster	1:24750b9ad5ef	200	if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len,
Christopher Haster	1:24750b9ad5ef	201	MBEDTLS_ASN1_SEQUENCE \| MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	202	{
Christopher Haster	1:24750b9ad5ef	203	if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Christopher Haster	1:24750b9ad5ef	204	return( 0 );
Christopher Haster	1:24750b9ad5ef	205
Christopher Haster	1:24750b9ad5ef	206	return( ret );
Christopher Haster	1:24750b9ad5ef	207	}
Christopher Haster	1:24750b9ad5ef	208
Christopher Haster	1:24750b9ad5ef	209	end = *p + entry_len;
Christopher Haster	1:24750b9ad5ef	210
Christopher Haster	1:24750b9ad5ef	211	while( *p < end )
Christopher Haster	1:24750b9ad5ef	212	{
Christopher Haster	1:24750b9ad5ef	213	size_t len2;
Christopher Haster	1:24750b9ad5ef	214	const unsigned char *end2;
Christopher Haster	1:24750b9ad5ef	215
Christopher Haster	1:24750b9ad5ef	216	if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
Christopher Haster	1:24750b9ad5ef	217	MBEDTLS_ASN1_SEQUENCE \| MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	218	{
Christopher Haster	1:24750b9ad5ef	219	return( ret );
Christopher Haster	1:24750b9ad5ef	220	}
Christopher Haster	1:24750b9ad5ef	221
Christopher Haster	1:24750b9ad5ef	222	cur_entry->raw.tag = **p;
Christopher Haster	1:24750b9ad5ef	223	cur_entry->raw.p = *p;
Christopher Haster	1:24750b9ad5ef	224	cur_entry->raw.len = len2;
Christopher Haster	1:24750b9ad5ef	225	end2 = *p + len2;
Christopher Haster	1:24750b9ad5ef	226
Christopher Haster	1:24750b9ad5ef	227	if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	228	return( ret );
Christopher Haster	1:24750b9ad5ef	229
Christopher Haster	1:24750b9ad5ef	230	if( ( ret = mbedtls_x509_get_time( p, end2,
Christopher Haster	1:24750b9ad5ef	231	&cur_entry->revocation_date ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	232	return( ret );
Christopher Haster	1:24750b9ad5ef	233
Christopher Haster	1:24750b9ad5ef	234	if( ( ret = x509_get_crl_entry_ext( p, end2,
Christopher Haster	1:24750b9ad5ef	235	&cur_entry->entry_ext ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	236	return( ret );
Christopher Haster	1:24750b9ad5ef	237
Christopher Haster	1:24750b9ad5ef	238	if( *p < end )
Christopher Haster	1:24750b9ad5ef	239	{
Christopher Haster	1:24750b9ad5ef	240	cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) );
Christopher Haster	1:24750b9ad5ef	241
Christopher Haster	1:24750b9ad5ef	242	if( cur_entry->next == NULL )
Christopher Haster	1:24750b9ad5ef	243	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Christopher Haster	1:24750b9ad5ef	244
Christopher Haster	1:24750b9ad5ef	245	cur_entry = cur_entry->next;
Christopher Haster	1:24750b9ad5ef	246	}
Christopher Haster	1:24750b9ad5ef	247	}
Christopher Haster	1:24750b9ad5ef	248
Christopher Haster	1:24750b9ad5ef	249	return( 0 );
Christopher Haster	1:24750b9ad5ef	250	}
Christopher Haster	1:24750b9ad5ef	251
Christopher Haster	1:24750b9ad5ef	252	/*
Christopher Haster	1:24750b9ad5ef	253	* Parse one CRLs in DER format and append it to the chained list
Christopher Haster	1:24750b9ad5ef	254	*/
Christopher Haster	1:24750b9ad5ef	255	int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
Christopher Haster	1:24750b9ad5ef	256	const unsigned char *buf, size_t buflen )
Christopher Haster	1:24750b9ad5ef	257	{
Christopher Haster	1:24750b9ad5ef	258	int ret;
Christopher Haster	1:24750b9ad5ef	259	size_t len;
Christopher Haster	1:24750b9ad5ef	260	unsigned char p, end;
Christopher Haster	1:24750b9ad5ef	261	mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
Christopher Haster	1:24750b9ad5ef	262	mbedtls_x509_crl *crl = chain;
Christopher Haster	1:24750b9ad5ef	263
Christopher Haster	1:24750b9ad5ef	264	/*
Christopher Haster	1:24750b9ad5ef	265	* Check for valid input
Christopher Haster	1:24750b9ad5ef	266	*/
Christopher Haster	1:24750b9ad5ef	267	if( crl == NULL \|\| buf == NULL )
Christopher Haster	1:24750b9ad5ef	268	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
Christopher Haster	1:24750b9ad5ef	269
Christopher Haster	1:24750b9ad5ef	270	memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
Christopher Haster	1:24750b9ad5ef	271	memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
Christopher Haster	1:24750b9ad5ef	272	memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
Christopher Haster	1:24750b9ad5ef	273
Christopher Haster	1:24750b9ad5ef	274	/*
Christopher Haster	1:24750b9ad5ef	275	* Add new CRL on the end of the chain if needed.
Christopher Haster	1:24750b9ad5ef	276	*/
Christopher Haster	1:24750b9ad5ef	277	while( crl->version != 0 && crl->next != NULL )
Christopher Haster	1:24750b9ad5ef	278	crl = crl->next;
Christopher Haster	1:24750b9ad5ef	279
Christopher Haster	1:24750b9ad5ef	280	if( crl->version != 0 && crl->next == NULL )
Christopher Haster	1:24750b9ad5ef	281	{
Christopher Haster	1:24750b9ad5ef	282	crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) );
Christopher Haster	1:24750b9ad5ef	283
Christopher Haster	1:24750b9ad5ef	284	if( crl->next == NULL )
Christopher Haster	1:24750b9ad5ef	285	{
Christopher Haster	1:24750b9ad5ef	286	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	287	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Christopher Haster	1:24750b9ad5ef	288	}
Christopher Haster	1:24750b9ad5ef	289
Christopher Haster	1:24750b9ad5ef	290	mbedtls_x509_crl_init( crl->next );
Christopher Haster	1:24750b9ad5ef	291	crl = crl->next;
Christopher Haster	1:24750b9ad5ef	292	}
Christopher Haster	1:24750b9ad5ef	293
Christopher Haster	1:24750b9ad5ef	294	/*
Christopher Haster	1:24750b9ad5ef	295	* Copy raw DER-encoded CRL
Christopher Haster	1:24750b9ad5ef	296	*/
Christopher Haster	1:24750b9ad5ef	297	if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
Christopher Haster	1:24750b9ad5ef	298	return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Christopher Haster	1:24750b9ad5ef	299
Christopher Haster	1:24750b9ad5ef	300	memcpy( p, buf, buflen );
Christopher Haster	1:24750b9ad5ef	301
Christopher Haster	1:24750b9ad5ef	302	crl->raw.p = p;
Christopher Haster	1:24750b9ad5ef	303	crl->raw.len = buflen;
Christopher Haster	1:24750b9ad5ef	304
Christopher Haster	1:24750b9ad5ef	305	end = p + buflen;
Christopher Haster	1:24750b9ad5ef	306
Christopher Haster	1:24750b9ad5ef	307	/*
Christopher Haster	1:24750b9ad5ef	308	* CertificateList ::= SEQUENCE {
Christopher Haster	1:24750b9ad5ef	309	* tbsCertList TBSCertList,
Christopher Haster	1:24750b9ad5ef	310	* signatureAlgorithm AlgorithmIdentifier,
Christopher Haster	1:24750b9ad5ef	311	* signatureValue BIT STRING }
Christopher Haster	1:24750b9ad5ef	312	*/
Christopher Haster	1:24750b9ad5ef	313	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
Christopher Haster	1:24750b9ad5ef	314	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	315	{
Christopher Haster	1:24750b9ad5ef	316	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	317	return( MBEDTLS_ERR_X509_INVALID_FORMAT );
Christopher Haster	1:24750b9ad5ef	318	}
Christopher Haster	1:24750b9ad5ef	319
Christopher Haster	1:24750b9ad5ef	320	if( len != (size_t) ( end - p ) )
Christopher Haster	1:24750b9ad5ef	321	{
Christopher Haster	1:24750b9ad5ef	322	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	323	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
Christopher Haster	1:24750b9ad5ef	324	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster	1:24750b9ad5ef	325	}
Christopher Haster	1:24750b9ad5ef	326
Christopher Haster	1:24750b9ad5ef	327	/*
Christopher Haster	1:24750b9ad5ef	328	* TBSCertList ::= SEQUENCE {
Christopher Haster	1:24750b9ad5ef	329	*/
Christopher Haster	1:24750b9ad5ef	330	crl->tbs.p = p;
Christopher Haster	1:24750b9ad5ef	331
Christopher Haster	1:24750b9ad5ef	332	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
Christopher Haster	1:24750b9ad5ef	333	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	334	{
Christopher Haster	1:24750b9ad5ef	335	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	336	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
Christopher Haster	1:24750b9ad5ef	337	}
Christopher Haster	1:24750b9ad5ef	338
Christopher Haster	1:24750b9ad5ef	339	end = p + len;
Christopher Haster	1:24750b9ad5ef	340	crl->tbs.len = end - crl->tbs.p;
Christopher Haster	1:24750b9ad5ef	341
Christopher Haster	1:24750b9ad5ef	342	/*
Christopher Haster	1:24750b9ad5ef	343	* Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
Christopher Haster	1:24750b9ad5ef	344	* -- if present, MUST be v2
Christopher Haster	1:24750b9ad5ef	345	*
Christopher Haster	1:24750b9ad5ef	346	* signature AlgorithmIdentifier
Christopher Haster	1:24750b9ad5ef	347	*/
Christopher Haster	1:24750b9ad5ef	348	if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 \|\|
Christopher Haster	1:24750b9ad5ef	349	( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	350	{
Christopher Haster	1:24750b9ad5ef	351	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	352	return( ret );
Christopher Haster	1:24750b9ad5ef	353	}
Christopher Haster	1:24750b9ad5ef	354
Christopher Haster	1:24750b9ad5ef	355	crl->version++;
Christopher Haster	1:24750b9ad5ef	356
Christopher Haster	1:24750b9ad5ef	357	if( crl->version > 2 )
Christopher Haster	1:24750b9ad5ef	358	{
Christopher Haster	1:24750b9ad5ef	359	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	360	return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
Christopher Haster	1:24750b9ad5ef	361	}
Christopher Haster	1:24750b9ad5ef	362
Christopher Haster	1:24750b9ad5ef	363	if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
Christopher Haster	1:24750b9ad5ef	364	&crl->sig_md, &crl->sig_pk,
Christopher Haster	1:24750b9ad5ef	365	&crl->sig_opts ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	366	{
Christopher Haster	1:24750b9ad5ef	367	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	368	return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
Christopher Haster	1:24750b9ad5ef	369	}
Christopher Haster	1:24750b9ad5ef	370
Christopher Haster	1:24750b9ad5ef	371	/*
Christopher Haster	1:24750b9ad5ef	372	* issuer Name
Christopher Haster	1:24750b9ad5ef	373	*/
Christopher Haster	1:24750b9ad5ef	374	crl->issuer_raw.p = p;
Christopher Haster	1:24750b9ad5ef	375
Christopher Haster	1:24750b9ad5ef	376	if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
Christopher Haster	1:24750b9ad5ef	377	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	378	{
Christopher Haster	1:24750b9ad5ef	379	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	380	return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
Christopher Haster	1:24750b9ad5ef	381	}
Christopher Haster	1:24750b9ad5ef	382
Christopher Haster	1:24750b9ad5ef	383	if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	384	{
Christopher Haster	1:24750b9ad5ef	385	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	386	return( ret );
Christopher Haster	1:24750b9ad5ef	387	}
Christopher Haster	1:24750b9ad5ef	388
Christopher Haster	1:24750b9ad5ef	389	crl->issuer_raw.len = p - crl->issuer_raw.p;
Christopher Haster	1:24750b9ad5ef	390
Christopher Haster	1:24750b9ad5ef	391	/*
Christopher Haster	1:24750b9ad5ef	392	* thisUpdate Time
Christopher Haster	1:24750b9ad5ef	393	* nextUpdate Time OPTIONAL
Christopher Haster	1:24750b9ad5ef	394	*/
Christopher Haster	1:24750b9ad5ef	395	if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	396	{
Christopher Haster	1:24750b9ad5ef	397	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	398	return( ret );
Christopher Haster	1:24750b9ad5ef	399	}
Christopher Haster	1:24750b9ad5ef	400
Christopher Haster	1:24750b9ad5ef	401	if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	402	{
Christopher Haster	1:24750b9ad5ef	403	if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE +
Christopher Haster	1:24750b9ad5ef	404	MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) &&
Christopher Haster	1:24750b9ad5ef	405	ret != ( MBEDTLS_ERR_X509_INVALID_DATE +
Christopher Haster	1:24750b9ad5ef	406	MBEDTLS_ERR_ASN1_OUT_OF_DATA ) )
Christopher Haster	1:24750b9ad5ef	407	{
Christopher Haster	1:24750b9ad5ef	408	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	409	return( ret );
Christopher Haster	1:24750b9ad5ef	410	}
Christopher Haster	1:24750b9ad5ef	411	}
Christopher Haster	1:24750b9ad5ef	412
Christopher Haster	1:24750b9ad5ef	413	/*
Christopher Haster	1:24750b9ad5ef	414	* revokedCertificates SEQUENCE OF SEQUENCE {
Christopher Haster	1:24750b9ad5ef	415	* userCertificate CertificateSerialNumber,
Christopher Haster	1:24750b9ad5ef	416	* revocationDate Time,
Christopher Haster	1:24750b9ad5ef	417	* crlEntryExtensions Extensions OPTIONAL
Christopher Haster	1:24750b9ad5ef	418	* -- if present, MUST be v2
Christopher Haster	1:24750b9ad5ef	419	* } OPTIONAL
Christopher Haster	1:24750b9ad5ef	420	*/
Christopher Haster	1:24750b9ad5ef	421	if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	422	{
Christopher Haster	1:24750b9ad5ef	423	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	424	return( ret );
Christopher Haster	1:24750b9ad5ef	425	}
Christopher Haster	1:24750b9ad5ef	426
Christopher Haster	1:24750b9ad5ef	427	/*
Christopher Haster	1:24750b9ad5ef	428	* crlExtensions EXPLICIT Extensions OPTIONAL
Christopher Haster	1:24750b9ad5ef	429	* -- if present, MUST be v2
Christopher Haster	1:24750b9ad5ef	430	*/
Christopher Haster	1:24750b9ad5ef	431	if( crl->version == 2 )
Christopher Haster	1:24750b9ad5ef	432	{
Christopher Haster	1:24750b9ad5ef	433	ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
Christopher Haster	1:24750b9ad5ef	434
Christopher Haster	1:24750b9ad5ef	435	if( ret != 0 )
Christopher Haster	1:24750b9ad5ef	436	{
Christopher Haster	1:24750b9ad5ef	437	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	438	return( ret );
Christopher Haster	1:24750b9ad5ef	439	}
Christopher Haster	1:24750b9ad5ef	440	}
Christopher Haster	1:24750b9ad5ef	441
Christopher Haster	1:24750b9ad5ef	442	if( p != end )
Christopher Haster	1:24750b9ad5ef	443	{
Christopher Haster	1:24750b9ad5ef	444	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	445	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
Christopher Haster	1:24750b9ad5ef	446	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster	1:24750b9ad5ef	447	}
Christopher Haster	1:24750b9ad5ef	448
Christopher Haster	1:24750b9ad5ef	449	end = crl->raw.p + crl->raw.len;
Christopher Haster	1:24750b9ad5ef	450
Christopher Haster	1:24750b9ad5ef	451	/*
Christopher Haster	1:24750b9ad5ef	452	* signatureAlgorithm AlgorithmIdentifier,
Christopher Haster	1:24750b9ad5ef	453	* signatureValue BIT STRING
Christopher Haster	1:24750b9ad5ef	454	*/
Christopher Haster	1:24750b9ad5ef	455	if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	456	{
Christopher Haster	1:24750b9ad5ef	457	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	458	return( ret );
Christopher Haster	1:24750b9ad5ef	459	}
Christopher Haster	1:24750b9ad5ef	460
Christopher Haster	1:24750b9ad5ef	461	if( crl->sig_oid.len != sig_oid2.len \|\|
Christopher Haster	1:24750b9ad5ef	462	memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 \|\|
Christopher Haster	1:24750b9ad5ef	463	sig_params1.len != sig_params2.len \|\|
Christopher Haster	1:24750b9ad5ef	464	( sig_params1.len != 0 &&
Christopher Haster	1:24750b9ad5ef	465	memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
Christopher Haster	1:24750b9ad5ef	466	{
Christopher Haster	1:24750b9ad5ef	467	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	468	return( MBEDTLS_ERR_X509_SIG_MISMATCH );
Christopher Haster	1:24750b9ad5ef	469	}
Christopher Haster	1:24750b9ad5ef	470
Christopher Haster	1:24750b9ad5ef	471	if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	472	{
Christopher Haster	1:24750b9ad5ef	473	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	474	return( ret );
Christopher Haster	1:24750b9ad5ef	475	}
Christopher Haster	1:24750b9ad5ef	476
Christopher Haster	1:24750b9ad5ef	477	if( p != end )
Christopher Haster	1:24750b9ad5ef	478	{
Christopher Haster	1:24750b9ad5ef	479	mbedtls_x509_crl_free( crl );
Christopher Haster	1:24750b9ad5ef	480	return( MBEDTLS_ERR_X509_INVALID_FORMAT +
Christopher Haster	1:24750b9ad5ef	481	MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster	1:24750b9ad5ef	482	}
Christopher Haster	1:24750b9ad5ef	483
Christopher Haster	1:24750b9ad5ef	484	return( 0 );
Christopher Haster	1:24750b9ad5ef	485	}
Christopher Haster	1:24750b9ad5ef	486
Christopher Haster	1:24750b9ad5ef	487	/*
Christopher Haster	1:24750b9ad5ef	488	* Parse one or more CRLs and add them to the chained list
Christopher Haster	1:24750b9ad5ef	489	*/
Christopher Haster	1:24750b9ad5ef	490	int mbedtls_x509_crl_parse( mbedtls_x509_crl chain, const unsigned char buf, size_t buflen )
Christopher Haster	1:24750b9ad5ef	491	{
Christopher Haster	1:24750b9ad5ef	492	#if defined(MBEDTLS_PEM_PARSE_C)
Christopher Haster	1:24750b9ad5ef	493	int ret;
Christopher Haster	1:24750b9ad5ef	494	size_t use_len;
Christopher Haster	1:24750b9ad5ef	495	mbedtls_pem_context pem;
Christopher Haster	1:24750b9ad5ef	496	int is_pem = 0;
Christopher Haster	1:24750b9ad5ef	497
Christopher Haster	1:24750b9ad5ef	498	if( chain == NULL \|\| buf == NULL )
Christopher Haster	1:24750b9ad5ef	499	return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
Christopher Haster	1:24750b9ad5ef	500
Christopher Haster	1:24750b9ad5ef	501	do
Christopher Haster	1:24750b9ad5ef	502	{
Christopher Haster	1:24750b9ad5ef	503	mbedtls_pem_init( &pem );
Christopher Haster	1:24750b9ad5ef	504
Christopher Haster	1:24750b9ad5ef	505	/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
Christopher Haster	1:24750b9ad5ef	506	if( buflen == 0 \|\| buf[buflen - 1] != '\0' )
Christopher Haster	1:24750b9ad5ef	507	ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
Christopher Haster	1:24750b9ad5ef	508	else
Christopher Haster	1:24750b9ad5ef	509	ret = mbedtls_pem_read_buffer( &pem,
Christopher Haster	1:24750b9ad5ef	510	"-----BEGIN X509 CRL-----",
Christopher Haster	1:24750b9ad5ef	511	"-----END X509 CRL-----",
Christopher Haster	1:24750b9ad5ef	512	buf, NULL, 0, &use_len );
Christopher Haster	1:24750b9ad5ef	513
Christopher Haster	1:24750b9ad5ef	514	if( ret == 0 )
Christopher Haster	1:24750b9ad5ef	515	{
Christopher Haster	1:24750b9ad5ef	516	/*
Christopher Haster	1:24750b9ad5ef	517	* Was PEM encoded
Christopher Haster	1:24750b9ad5ef	518	*/
Christopher Haster	1:24750b9ad5ef	519	is_pem = 1;
Christopher Haster	1:24750b9ad5ef	520
Christopher Haster	1:24750b9ad5ef	521	buflen -= use_len;
Christopher Haster	1:24750b9ad5ef	522	buf += use_len;
Christopher Haster	1:24750b9ad5ef	523
Christopher Haster	1:24750b9ad5ef	524	if( ( ret = mbedtls_x509_crl_parse_der( chain,
Christopher Haster	1:24750b9ad5ef	525	pem.buf, pem.buflen ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	526	{
Christopher Haster	1:24750b9ad5ef	527	return( ret );
Christopher Haster	1:24750b9ad5ef	528	}
Christopher Haster	1:24750b9ad5ef	529
Christopher Haster	1:24750b9ad5ef	530	mbedtls_pem_free( &pem );
Christopher Haster	1:24750b9ad5ef	531	}
Christopher Haster	1:24750b9ad5ef	532	else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
Christopher Haster	1:24750b9ad5ef	533	{
Christopher Haster	1:24750b9ad5ef	534	mbedtls_pem_free( &pem );
Christopher Haster	1:24750b9ad5ef	535	return( ret );
Christopher Haster	1:24750b9ad5ef	536	}
Christopher Haster	1:24750b9ad5ef	537	}
Christopher Haster	1:24750b9ad5ef	538	/* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
Christopher Haster	1:24750b9ad5ef	539	* And a valid CRL cannot be less than 1 byte anyway. */
Christopher Haster	1:24750b9ad5ef	540	while( is_pem && buflen > 1 );
Christopher Haster	1:24750b9ad5ef	541
Christopher Haster	1:24750b9ad5ef	542	if( is_pem )
Christopher Haster	1:24750b9ad5ef	543	return( 0 );
Christopher Haster	1:24750b9ad5ef	544	else
Christopher Haster	1:24750b9ad5ef	545	#endif /* MBEDTLS_PEM_PARSE_C */
Christopher Haster	1:24750b9ad5ef	546	return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) );
Christopher Haster	1:24750b9ad5ef	547	}
Christopher Haster	1:24750b9ad5ef	548
Christopher Haster	1:24750b9ad5ef	549	#if defined(MBEDTLS_FS_IO)
Christopher Haster	1:24750b9ad5ef	550	/*
Christopher Haster	1:24750b9ad5ef	551	* Load one or more CRLs and add them to the chained list
Christopher Haster	1:24750b9ad5ef	552	*/
Christopher Haster	1:24750b9ad5ef	553	int mbedtls_x509_crl_parse_file( mbedtls_x509_crl chain, const char path )
Christopher Haster	1:24750b9ad5ef	554	{
Christopher Haster	1:24750b9ad5ef	555	int ret;
Christopher Haster	1:24750b9ad5ef	556	size_t n;
Christopher Haster	1:24750b9ad5ef	557	unsigned char *buf;
Christopher Haster	1:24750b9ad5ef	558
Christopher Haster	1:24750b9ad5ef	559	if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
Christopher Haster	1:24750b9ad5ef	560	return( ret );
Christopher Haster	1:24750b9ad5ef	561
Christopher Haster	1:24750b9ad5ef	562	ret = mbedtls_x509_crl_parse( chain, buf, n );
Christopher Haster	1:24750b9ad5ef	563
Christopher Haster	1:24750b9ad5ef	564	mbedtls_zeroize( buf, n );
Christopher Haster	1:24750b9ad5ef	565	mbedtls_free( buf );
Christopher Haster	1:24750b9ad5ef	566
Christopher Haster	1:24750b9ad5ef	567	return( ret );
Christopher Haster	1:24750b9ad5ef	568	}
Christopher Haster	1:24750b9ad5ef	569	#endif /* MBEDTLS_FS_IO */
Christopher Haster	1:24750b9ad5ef	570
Christopher Haster	1:24750b9ad5ef	571	/*
Christopher Haster	1:24750b9ad5ef	572	* Return an informational string about the certificate.
Christopher Haster	1:24750b9ad5ef	573	*/
Christopher Haster	1:24750b9ad5ef	574	#define BEFORE_COLON 14
Christopher Haster	1:24750b9ad5ef	575	#define BC "14"
Christopher Haster	1:24750b9ad5ef	576	/*
Christopher Haster	1:24750b9ad5ef	577	* Return an informational string about the CRL.
Christopher Haster	1:24750b9ad5ef	578	*/
Christopher Haster	1:24750b9ad5ef	579	int mbedtls_x509_crl_info( char buf, size_t size, const char prefix,
Christopher Haster	1:24750b9ad5ef	580	const mbedtls_x509_crl *crl )
Christopher Haster	1:24750b9ad5ef	581	{
Christopher Haster	1:24750b9ad5ef	582	int ret;
Christopher Haster	1:24750b9ad5ef	583	size_t n;
Christopher Haster	1:24750b9ad5ef	584	char *p;
Christopher Haster	1:24750b9ad5ef	585	const mbedtls_x509_crl_entry *entry;
Christopher Haster	1:24750b9ad5ef	586
Christopher Haster	1:24750b9ad5ef	587	p = buf;
Christopher Haster	1:24750b9ad5ef	588	n = size;
Christopher Haster	1:24750b9ad5ef	589
Christopher Haster	1:24750b9ad5ef	590	ret = mbedtls_snprintf( p, n, "%sCRL version : %d",
Christopher Haster	1:24750b9ad5ef	591	prefix, crl->version );
Christopher Haster	1:24750b9ad5ef	592	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	593
Christopher Haster	1:24750b9ad5ef	594	ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
Christopher Haster	1:24750b9ad5ef	595	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	596	ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
Christopher Haster	1:24750b9ad5ef	597	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	598
Christopher Haster	1:24750b9ad5ef	599	ret = mbedtls_snprintf( p, n, "\n%sthis update : " \
Christopher Haster	1:24750b9ad5ef	600	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
Christopher Haster	1:24750b9ad5ef	601	crl->this_update.year, crl->this_update.mon,
Christopher Haster	1:24750b9ad5ef	602	crl->this_update.day, crl->this_update.hour,
Christopher Haster	1:24750b9ad5ef	603	crl->this_update.min, crl->this_update.sec );
Christopher Haster	1:24750b9ad5ef	604	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	605
Christopher Haster	1:24750b9ad5ef	606	ret = mbedtls_snprintf( p, n, "\n%snext update : " \
Christopher Haster	1:24750b9ad5ef	607	"%04d-%02d-%02d %02d:%02d:%02d", prefix,
Christopher Haster	1:24750b9ad5ef	608	crl->next_update.year, crl->next_update.mon,
Christopher Haster	1:24750b9ad5ef	609	crl->next_update.day, crl->next_update.hour,
Christopher Haster	1:24750b9ad5ef	610	crl->next_update.min, crl->next_update.sec );
Christopher Haster	1:24750b9ad5ef	611	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	612
Christopher Haster	1:24750b9ad5ef	613	entry = &crl->entry;
Christopher Haster	1:24750b9ad5ef	614
Christopher Haster	1:24750b9ad5ef	615	ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
Christopher Haster	1:24750b9ad5ef	616	prefix );
Christopher Haster	1:24750b9ad5ef	617	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	618
Christopher Haster	1:24750b9ad5ef	619	while( entry != NULL && entry->raw.len != 0 )
Christopher Haster	1:24750b9ad5ef	620	{
Christopher Haster	1:24750b9ad5ef	621	ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
Christopher Haster	1:24750b9ad5ef	622	prefix );
Christopher Haster	1:24750b9ad5ef	623	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	624
Christopher Haster	1:24750b9ad5ef	625	ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
Christopher Haster	1:24750b9ad5ef	626	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	627
Christopher Haster	1:24750b9ad5ef	628	ret = mbedtls_snprintf( p, n, " revocation date: " \
Christopher Haster	1:24750b9ad5ef	629	"%04d-%02d-%02d %02d:%02d:%02d",
Christopher Haster	1:24750b9ad5ef	630	entry->revocation_date.year, entry->revocation_date.mon,
Christopher Haster	1:24750b9ad5ef	631	entry->revocation_date.day, entry->revocation_date.hour,
Christopher Haster	1:24750b9ad5ef	632	entry->revocation_date.min, entry->revocation_date.sec );
Christopher Haster	1:24750b9ad5ef	633	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	634
Christopher Haster	1:24750b9ad5ef	635	entry = entry->next;
Christopher Haster	1:24750b9ad5ef	636	}
Christopher Haster	1:24750b9ad5ef	637
Christopher Haster	1:24750b9ad5ef	638	ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
Christopher Haster	1:24750b9ad5ef	639	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	640
Christopher Haster	1:24750b9ad5ef	641	ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
Christopher Haster	1:24750b9ad5ef	642	crl->sig_opts );
Christopher Haster	1:24750b9ad5ef	643	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	644
Christopher Haster	1:24750b9ad5ef	645	ret = mbedtls_snprintf( p, n, "\n" );
Christopher Haster	1:24750b9ad5ef	646	MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster	1:24750b9ad5ef	647
Christopher Haster	1:24750b9ad5ef	648	return( (int) ( size - n ) );
Christopher Haster	1:24750b9ad5ef	649	}
Christopher Haster	1:24750b9ad5ef	650
Christopher Haster	1:24750b9ad5ef	651	/*
Christopher Haster	1:24750b9ad5ef	652	* Initialize a CRL chain
Christopher Haster	1:24750b9ad5ef	653	*/
Christopher Haster	1:24750b9ad5ef	654	void mbedtls_x509_crl_init( mbedtls_x509_crl *crl )
Christopher Haster	1:24750b9ad5ef	655	{
Christopher Haster	1:24750b9ad5ef	656	memset( crl, 0, sizeof(mbedtls_x509_crl) );
Christopher Haster	1:24750b9ad5ef	657	}
Christopher Haster	1:24750b9ad5ef	658
Christopher Haster	1:24750b9ad5ef	659	/*
Christopher Haster	1:24750b9ad5ef	660	* Unallocate all CRL data
Christopher Haster	1:24750b9ad5ef	661	*/
Christopher Haster	1:24750b9ad5ef	662	void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
Christopher Haster	1:24750b9ad5ef	663	{
Christopher Haster	1:24750b9ad5ef	664	mbedtls_x509_crl *crl_cur = crl;
Christopher Haster	1:24750b9ad5ef	665	mbedtls_x509_crl *crl_prv;
Christopher Haster	1:24750b9ad5ef	666	mbedtls_x509_name *name_cur;
Christopher Haster	1:24750b9ad5ef	667	mbedtls_x509_name *name_prv;
Christopher Haster	1:24750b9ad5ef	668	mbedtls_x509_crl_entry *entry_cur;
Christopher Haster	1:24750b9ad5ef	669	mbedtls_x509_crl_entry *entry_prv;
Christopher Haster	1:24750b9ad5ef	670
Christopher Haster	1:24750b9ad5ef	671	if( crl == NULL )
Christopher Haster	1:24750b9ad5ef	672	return;
Christopher Haster	1:24750b9ad5ef	673
Christopher Haster	1:24750b9ad5ef	674	do
Christopher Haster	1:24750b9ad5ef	675	{
Christopher Haster	1:24750b9ad5ef	676	#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
Christopher Haster	1:24750b9ad5ef	677	mbedtls_free( crl_cur->sig_opts );
Christopher Haster	1:24750b9ad5ef	678	#endif
Christopher Haster	1:24750b9ad5ef	679
Christopher Haster	1:24750b9ad5ef	680	name_cur = crl_cur->issuer.next;
Christopher Haster	1:24750b9ad5ef	681	while( name_cur != NULL )
Christopher Haster	1:24750b9ad5ef	682	{
Christopher Haster	1:24750b9ad5ef	683	name_prv = name_cur;
Christopher Haster	1:24750b9ad5ef	684	name_cur = name_cur->next;
Christopher Haster	1:24750b9ad5ef	685	mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
Christopher Haster	1:24750b9ad5ef	686	mbedtls_free( name_prv );
Christopher Haster	1:24750b9ad5ef	687	}
Christopher Haster	1:24750b9ad5ef	688
Christopher Haster	1:24750b9ad5ef	689	entry_cur = crl_cur->entry.next;
Christopher Haster	1:24750b9ad5ef	690	while( entry_cur != NULL )
Christopher Haster	1:24750b9ad5ef	691	{
Christopher Haster	1:24750b9ad5ef	692	entry_prv = entry_cur;
Christopher Haster	1:24750b9ad5ef	693	entry_cur = entry_cur->next;
Christopher Haster	1:24750b9ad5ef	694	mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) );
Christopher Haster	1:24750b9ad5ef	695	mbedtls_free( entry_prv );
Christopher Haster	1:24750b9ad5ef	696	}
Christopher Haster	1:24750b9ad5ef	697
Christopher Haster	1:24750b9ad5ef	698	if( crl_cur->raw.p != NULL )
Christopher Haster	1:24750b9ad5ef	699	{
Christopher Haster	1:24750b9ad5ef	700	mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len );
Christopher Haster	1:24750b9ad5ef	701	mbedtls_free( crl_cur->raw.p );
Christopher Haster	1:24750b9ad5ef	702	}
Christopher Haster	1:24750b9ad5ef	703
Christopher Haster	1:24750b9ad5ef	704	crl_cur = crl_cur->next;
Christopher Haster	1:24750b9ad5ef	705	}
Christopher Haster	1:24750b9ad5ef	706	while( crl_cur != NULL );
Christopher Haster	1:24750b9ad5ef	707
Christopher Haster	1:24750b9ad5ef	708	crl_cur = crl;
Christopher Haster	1:24750b9ad5ef	709	do
Christopher Haster	1:24750b9ad5ef	710	{
Christopher Haster	1:24750b9ad5ef	711	crl_prv = crl_cur;
Christopher Haster	1:24750b9ad5ef	712	crl_cur = crl_cur->next;
Christopher Haster	1:24750b9ad5ef	713
Christopher Haster	1:24750b9ad5ef	714	mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
Christopher Haster	1:24750b9ad5ef	715	if( crl_prv != crl )
Christopher Haster	1:24750b9ad5ef	716	mbedtls_free( crl_prv );
Christopher Haster	1:24750b9ad5ef	717	}
Christopher Haster	1:24750b9ad5ef	718	while( crl_cur != NULL );
Christopher Haster	1:24750b9ad5ef	719	}
Christopher Haster	1:24750b9ad5ef	720
Christopher Haster	1:24750b9ad5ef	721	#endif /* MBEDTLS_X509_CRL_PARSE_C */

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	28 Jan 2016
Imports:	47
Forks:	1
Commits:	5
Dependents:	0
Dependencies:	0
Followers:	36

This repository is Public (Unlisted).

The code in this repository is Apache licensed.

source/x509_crl.c@4:bef26f687287, 2016-04-07 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning