sandbox
/
mbedtls
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
mbedtls
by 
Christopher Haster
Embed:
(wiki syntax)
Show/hide line numbers
x509_crl.c
00001 /* 00002 * X.509 Certidicate Revocation List (CRL) parsing 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * The ITU-T X.509 standard defines a certificate format for PKI. 00023 * 00024 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 00025 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 00026 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 00027 * 00028 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 00029 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 00030 */ 00031 00032 #if !defined(MBEDTLS_CONFIG_FILE) 00033 #include "mbedtls/config.h" 00034 #else 00035 #include MBEDTLS_CONFIG_FILE 00036 #endif 00037 00038 #if defined(MBEDTLS_X509_CRL_PARSE_C) 00039 00040 #include "mbedtls/x509_crl.h" 00041 #include "mbedtls/oid.h" 00042 00043 #include <string.h> 00044 00045 #if defined(MBEDTLS_PEM_PARSE_C) 00046 #include "mbedtls/pem.h" 00047 #endif 00048 00049 #if defined(MBEDTLS_PLATFORM_C) 00050 #include "mbedtls/platform.h" 00051 #else 00052 #include <stdlib.h> 00053 #include <stdio.h> 00054 #define mbedtls_free free 00055 #define mbedtls_calloc calloc 00056 #define mbedtls_snprintf snprintf 00057 #endif 00058 00059 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 00060 #include <windows.h> 00061 #else 00062 #include <time.h> 00063 #endif 00064 00065 #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) 00066 #include <stdio.h> 00067 #endif 00068 00069 /* Implementation that should never be optimized out by the compiler */ 00070 static void mbedtls_zeroize( void *v, size_t n ) { 00071 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 00072 } 00073 00074 /* 00075 * Version ::= INTEGER { v1(0), v2(1) } 00076 */ 00077 static int x509_crl_get_version( unsigned char **p, 00078 const unsigned char *end, 00079 int *ver ) 00080 { 00081 int ret; 00082 00083 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) 00084 { 00085 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00086 { 00087 *ver = 0; 00088 return( 0 ); 00089 } 00090 00091 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); 00092 } 00093 00094 return( 0 ); 00095 } 00096 00097 /* 00098 * X.509 CRL v2 extensions (no extensions parsed yet.) 00099 */ 00100 static int x509_get_crl_ext( unsigned char **p, 00101 const unsigned char *end, 00102 mbedtls_x509_buf *ext ) 00103 { 00104 int ret; 00105 size_t len = 0; 00106 00107 /* Get explicit tag */ 00108 if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 ) 00109 { 00110 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00111 return( 0 ); 00112 00113 return( ret ); 00114 } 00115 00116 while( *p < end ) 00117 { 00118 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00119 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00120 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00121 00122 *p += len; 00123 } 00124 00125 if( *p != end ) 00126 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00127 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00128 00129 return( 0 ); 00130 } 00131 00132 /* 00133 * X.509 CRL v2 entry extensions (no extensions parsed yet.) 00134 */ 00135 static int x509_get_crl_entry_ext( unsigned char **p, 00136 const unsigned char *end, 00137 mbedtls_x509_buf *ext ) 00138 { 00139 int ret; 00140 size_t len = 0; 00141 00142 /* OPTIONAL */ 00143 if( end <= *p ) 00144 return( 0 ); 00145 00146 ext->tag = **p; 00147 ext->p = *p; 00148 00149 /* 00150 * Get CRL-entry extension sequence header 00151 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 00152 */ 00153 if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len, 00154 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00155 { 00156 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00157 { 00158 ext->p = NULL; 00159 return( 0 ); 00160 } 00161 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00162 } 00163 00164 end = *p + ext->len; 00165 00166 if( end != *p + ext->len ) 00167 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00168 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00169 00170 while( *p < end ) 00171 { 00172 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00173 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00174 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00175 00176 *p += len; 00177 } 00178 00179 if( *p != end ) 00180 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00181 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00182 00183 return( 0 ); 00184 } 00185 00186 /* 00187 * X.509 CRL Entries 00188 */ 00189 static int x509_get_entries( unsigned char **p, 00190 const unsigned char *end, 00191 mbedtls_x509_crl_entry *entry ) 00192 { 00193 int ret; 00194 size_t entry_len; 00195 mbedtls_x509_crl_entry *cur_entry = entry; 00196 00197 if( *p == end ) 00198 return( 0 ); 00199 00200 if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len, 00201 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) 00202 { 00203 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00204 return( 0 ); 00205 00206 return( ret ); 00207 } 00208 00209 end = *p + entry_len; 00210 00211 while( *p < end ) 00212 { 00213 size_t len2; 00214 const unsigned char *end2; 00215 00216 if( ( ret = mbedtls_asn1_get_tag( p, end, &len2, 00217 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) 00218 { 00219 return( ret ); 00220 } 00221 00222 cur_entry->raw.tag = **p; 00223 cur_entry->raw.p = *p; 00224 cur_entry->raw.len = len2; 00225 end2 = *p + len2; 00226 00227 if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 ) 00228 return( ret ); 00229 00230 if( ( ret = mbedtls_x509_get_time( p, end2, 00231 &cur_entry->revocation_date ) ) != 0 ) 00232 return( ret ); 00233 00234 if( ( ret = x509_get_crl_entry_ext( p, end2, 00235 &cur_entry->entry_ext ) ) != 0 ) 00236 return( ret ); 00237 00238 if( *p < end ) 00239 { 00240 cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) ); 00241 00242 if( cur_entry->next == NULL ) 00243 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 00244 00245 cur_entry = cur_entry->next; 00246 } 00247 } 00248 00249 return( 0 ); 00250 } 00251 00252 /* 00253 * Parse one CRLs in DER format and append it to the chained list 00254 */ 00255 int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, 00256 const unsigned char *buf, size_t buflen ) 00257 { 00258 int ret; 00259 size_t len; 00260 unsigned char *p, *end; 00261 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 00262 mbedtls_x509_crl *crl = chain; 00263 00264 /* 00265 * Check for valid input 00266 */ 00267 if( crl == NULL || buf == NULL ) 00268 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 00269 00270 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); 00271 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); 00272 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); 00273 00274 /* 00275 * Add new CRL on the end of the chain if needed. 00276 */ 00277 while( crl->version != 0 && crl->next != NULL ) 00278 crl = crl->next; 00279 00280 if( crl->version != 0 && crl->next == NULL ) 00281 { 00282 crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ); 00283 00284 if( crl->next == NULL ) 00285 { 00286 mbedtls_x509_crl_free( crl ); 00287 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 00288 } 00289 00290 mbedtls_x509_crl_init( crl->next ); 00291 crl = crl->next; 00292 } 00293 00294 /* 00295 * Copy raw DER-encoded CRL 00296 */ 00297 if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) 00298 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 00299 00300 memcpy( p, buf, buflen ); 00301 00302 crl->raw.p = p; 00303 crl->raw.len = buflen; 00304 00305 end = p + buflen; 00306 00307 /* 00308 * CertificateList ::= SEQUENCE { 00309 * tbsCertList TBSCertList, 00310 * signatureAlgorithm AlgorithmIdentifier, 00311 * signatureValue BIT STRING } 00312 */ 00313 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00314 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00315 { 00316 mbedtls_x509_crl_free( crl ); 00317 return( MBEDTLS_ERR_X509_INVALID_FORMAT ); 00318 } 00319 00320 if( len != (size_t) ( end - p ) ) 00321 { 00322 mbedtls_x509_crl_free( crl ); 00323 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 00324 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00325 } 00326 00327 /* 00328 * TBSCertList ::= SEQUENCE { 00329 */ 00330 crl->tbs.p = p; 00331 00332 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00333 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00334 { 00335 mbedtls_x509_crl_free( crl ); 00336 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 00337 } 00338 00339 end = p + len; 00340 crl->tbs.len = end - crl->tbs.p; 00341 00342 /* 00343 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } 00344 * -- if present, MUST be v2 00345 * 00346 * signature AlgorithmIdentifier 00347 */ 00348 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || 00349 ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 ) 00350 { 00351 mbedtls_x509_crl_free( crl ); 00352 return( ret ); 00353 } 00354 00355 crl->version++; 00356 00357 if( crl->version > 2 ) 00358 { 00359 mbedtls_x509_crl_free( crl ); 00360 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); 00361 } 00362 00363 if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, 00364 &crl->sig_md, &crl->sig_pk, 00365 &crl->sig_opts ) ) != 0 ) 00366 { 00367 mbedtls_x509_crl_free( crl ); 00368 return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); 00369 } 00370 00371 /* 00372 * issuer Name 00373 */ 00374 crl->issuer_raw.p = p; 00375 00376 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00377 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00378 { 00379 mbedtls_x509_crl_free( crl ); 00380 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 00381 } 00382 00383 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) 00384 { 00385 mbedtls_x509_crl_free( crl ); 00386 return( ret ); 00387 } 00388 00389 crl->issuer_raw.len = p - crl->issuer_raw.p; 00390 00391 /* 00392 * thisUpdate Time 00393 * nextUpdate Time OPTIONAL 00394 */ 00395 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 ) 00396 { 00397 mbedtls_x509_crl_free( crl ); 00398 return( ret ); 00399 } 00400 00401 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 ) 00402 { 00403 if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE + 00404 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) && 00405 ret != ( MBEDTLS_ERR_X509_INVALID_DATE + 00406 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) 00407 { 00408 mbedtls_x509_crl_free( crl ); 00409 return( ret ); 00410 } 00411 } 00412 00413 /* 00414 * revokedCertificates SEQUENCE OF SEQUENCE { 00415 * userCertificate CertificateSerialNumber, 00416 * revocationDate Time, 00417 * crlEntryExtensions Extensions OPTIONAL 00418 * -- if present, MUST be v2 00419 * } OPTIONAL 00420 */ 00421 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 ) 00422 { 00423 mbedtls_x509_crl_free( crl ); 00424 return( ret ); 00425 } 00426 00427 /* 00428 * crlExtensions EXPLICIT Extensions OPTIONAL 00429 * -- if present, MUST be v2 00430 */ 00431 if( crl->version == 2 ) 00432 { 00433 ret = x509_get_crl_ext( &p, end, &crl->crl_ext ); 00434 00435 if( ret != 0 ) 00436 { 00437 mbedtls_x509_crl_free( crl ); 00438 return( ret ); 00439 } 00440 } 00441 00442 if( p != end ) 00443 { 00444 mbedtls_x509_crl_free( crl ); 00445 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 00446 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00447 } 00448 00449 end = crl->raw.p + crl->raw.len; 00450 00451 /* 00452 * signatureAlgorithm AlgorithmIdentifier, 00453 * signatureValue BIT STRING 00454 */ 00455 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) 00456 { 00457 mbedtls_x509_crl_free( crl ); 00458 return( ret ); 00459 } 00460 00461 if( crl->sig_oid.len != sig_oid2.len || 00462 memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 || 00463 sig_params1.len != sig_params2.len || 00464 ( sig_params1.len != 0 && 00465 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) 00466 { 00467 mbedtls_x509_crl_free( crl ); 00468 return( MBEDTLS_ERR_X509_SIG_MISMATCH ); 00469 } 00470 00471 if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 ) 00472 { 00473 mbedtls_x509_crl_free( crl ); 00474 return( ret ); 00475 } 00476 00477 if( p != end ) 00478 { 00479 mbedtls_x509_crl_free( crl ); 00480 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 00481 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00482 } 00483 00484 return( 0 ); 00485 } 00486 00487 /* 00488 * Parse one or more CRLs and add them to the chained list 00489 */ 00490 int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) 00491 { 00492 #if defined(MBEDTLS_PEM_PARSE_C) 00493 int ret; 00494 size_t use_len; 00495 mbedtls_pem_context pem; 00496 int is_pem = 0; 00497 00498 if( chain == NULL || buf == NULL ) 00499 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 00500 00501 do 00502 { 00503 mbedtls_pem_init( &pem ); 00504 00505 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 00506 if( buflen == 0 || buf[buflen - 1] != '\0' ) 00507 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 00508 else 00509 ret = mbedtls_pem_read_buffer( &pem, 00510 "-----BEGIN X509 CRL-----", 00511 "-----END X509 CRL-----", 00512 buf, NULL, 0, &use_len ); 00513 00514 if( ret == 0 ) 00515 { 00516 /* 00517 * Was PEM encoded 00518 */ 00519 is_pem = 1; 00520 00521 buflen -= use_len; 00522 buf += use_len; 00523 00524 if( ( ret = mbedtls_x509_crl_parse_der( chain, 00525 pem.buf , pem.buflen ) ) != 0 ) 00526 { 00527 return( ret ); 00528 } 00529 00530 mbedtls_pem_free( &pem ); 00531 } 00532 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 00533 { 00534 mbedtls_pem_free( &pem ); 00535 return( ret ); 00536 } 00537 } 00538 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. 00539 * And a valid CRL cannot be less than 1 byte anyway. */ 00540 while( is_pem && buflen > 1 ); 00541 00542 if( is_pem ) 00543 return( 0 ); 00544 else 00545 #endif /* MBEDTLS_PEM_PARSE_C */ 00546 return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) ); 00547 } 00548 00549 #if defined(MBEDTLS_FS_IO) 00550 /* 00551 * Load one or more CRLs and add them to the chained list 00552 */ 00553 int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) 00554 { 00555 int ret; 00556 size_t n; 00557 unsigned char *buf; 00558 00559 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 00560 return( ret ); 00561 00562 ret = mbedtls_x509_crl_parse( chain, buf, n ); 00563 00564 mbedtls_zeroize( buf, n ); 00565 mbedtls_free( buf ); 00566 00567 return( ret ); 00568 } 00569 #endif /* MBEDTLS_FS_IO */ 00570 00571 /* 00572 * Return an informational string about the certificate. 00573 */ 00574 #define BEFORE_COLON 14 00575 #define BC "14" 00576 /* 00577 * Return an informational string about the CRL. 00578 */ 00579 int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, 00580 const mbedtls_x509_crl *crl ) 00581 { 00582 int ret; 00583 size_t n; 00584 char *p; 00585 const mbedtls_x509_crl_entry *entry; 00586 00587 p = buf; 00588 n = size; 00589 00590 ret = mbedtls_snprintf( p, n, "%sCRL version : %d", 00591 prefix, crl->version ); 00592 MBEDTLS_X509_SAFE_SNPRINTF; 00593 00594 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); 00595 MBEDTLS_X509_SAFE_SNPRINTF; 00596 ret = mbedtls_x509_dn_gets( p, n, &crl->issuer ); 00597 MBEDTLS_X509_SAFE_SNPRINTF; 00598 00599 ret = mbedtls_snprintf( p, n, "\n%sthis update : " \ 00600 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 00601 crl->this_update.year, crl->this_update.mon, 00602 crl->this_update.day, crl->this_update.hour, 00603 crl->this_update.min, crl->this_update.sec ); 00604 MBEDTLS_X509_SAFE_SNPRINTF; 00605 00606 ret = mbedtls_snprintf( p, n, "\n%snext update : " \ 00607 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 00608 crl->next_update.year, crl->next_update.mon, 00609 crl->next_update.day, crl->next_update.hour, 00610 crl->next_update.min, crl->next_update.sec ); 00611 MBEDTLS_X509_SAFE_SNPRINTF; 00612 00613 entry = &crl->entry; 00614 00615 ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:", 00616 prefix ); 00617 MBEDTLS_X509_SAFE_SNPRINTF; 00618 00619 while( entry != NULL && entry->raw.len != 0 ) 00620 { 00621 ret = mbedtls_snprintf( p, n, "\n%sserial number: ", 00622 prefix ); 00623 MBEDTLS_X509_SAFE_SNPRINTF; 00624 00625 ret = mbedtls_x509_serial_gets( p, n, &entry->serial ); 00626 MBEDTLS_X509_SAFE_SNPRINTF; 00627 00628 ret = mbedtls_snprintf( p, n, " revocation date: " \ 00629 "%04d-%02d-%02d %02d:%02d:%02d", 00630 entry->revocation_date.year, entry->revocation_date.mon, 00631 entry->revocation_date.day, entry->revocation_date.hour, 00632 entry->revocation_date.min, entry->revocation_date.sec ); 00633 MBEDTLS_X509_SAFE_SNPRINTF; 00634 00635 entry = entry->next; 00636 } 00637 00638 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); 00639 MBEDTLS_X509_SAFE_SNPRINTF; 00640 00641 ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, 00642 crl->sig_opts ); 00643 MBEDTLS_X509_SAFE_SNPRINTF; 00644 00645 ret = mbedtls_snprintf( p, n, "\n" ); 00646 MBEDTLS_X509_SAFE_SNPRINTF; 00647 00648 return( (int) ( size - n ) ); 00649 } 00650 00651 /* 00652 * Initialize a CRL chain 00653 */ 00654 void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ) 00655 { 00656 memset( crl, 0, sizeof(mbedtls_x509_crl) ); 00657 } 00658 00659 /* 00660 * Unallocate all CRL data 00661 */ 00662 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) 00663 { 00664 mbedtls_x509_crl *crl_cur = crl; 00665 mbedtls_x509_crl *crl_prv; 00666 mbedtls_x509_name *name_cur; 00667 mbedtls_x509_name *name_prv; 00668 mbedtls_x509_crl_entry *entry_cur; 00669 mbedtls_x509_crl_entry *entry_prv; 00670 00671 if( crl == NULL ) 00672 return; 00673 00674 do 00675 { 00676 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 00677 mbedtls_free( crl_cur->sig_opts ); 00678 #endif 00679 00680 name_cur = crl_cur->issuer.next; 00681 while( name_cur != NULL ) 00682 { 00683 name_prv = name_cur; 00684 name_cur = name_cur->next; 00685 mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 00686 mbedtls_free( name_prv ); 00687 } 00688 00689 entry_cur = crl_cur->entry.next; 00690 while( entry_cur != NULL ) 00691 { 00692 entry_prv = entry_cur; 00693 entry_cur = entry_cur->next; 00694 mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) ); 00695 mbedtls_free( entry_prv ); 00696 } 00697 00698 if( crl_cur->raw.p != NULL ) 00699 { 00700 mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len ); 00701 mbedtls_free( crl_cur->raw.p ); 00702 } 00703 00704 crl_cur = crl_cur->next; 00705 } 00706 while( crl_cur != NULL ); 00707 00708 crl_cur = crl; 00709 do 00710 { 00711 crl_prv = crl_cur; 00712 crl_cur = crl_cur->next; 00713 00714 mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); 00715 if( crl_prv != crl ) 00716 mbedtls_free( crl_prv ); 00717 } 00718 while( crl_cur != NULL ); 00719 } 00720 00721 #endif /* MBEDTLS_X509_CRL_PARSE_C */
Generated on Tue Jul 12 2022 12:52:49 by
1.7.2