Hannes Tschofenig
/
aes-gcm-test-program
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
x509_crl.c
00001 /* 00002 * X.509 certificate and private key decoding 00003 * 00004 * Copyright (C) 2006-2014, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * The ITU-T X.509 standard defines a certificate format for PKI. 00027 * 00028 * http://www.ietf.org/rfc/rfc3279.txt 00029 * http://www.ietf.org/rfc/rfc3280.txt 00030 * 00031 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc 00032 * 00033 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 00034 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 00035 */ 00036 00037 #if !defined(POLARSSL_CONFIG_FILE) 00038 #include "polarssl/config.h" 00039 #else 00040 #include POLARSSL_CONFIG_FILE 00041 #endif 00042 00043 #if defined(POLARSSL_X509_CRL_PARSE_C) 00044 00045 #include "polarssl/x509_crl.h" 00046 #include "polarssl/oid.h" 00047 #if defined(POLARSSL_PEM_PARSE_C) 00048 #include "polarssl/pem.h" 00049 #endif 00050 00051 #if defined(POLARSSL_PLATFORM_C) 00052 #include "polarssl/platform.h" 00053 #else 00054 #define polarssl_malloc malloc 00055 #define polarssl_free free 00056 #endif 00057 00058 #include <string.h> 00059 #include <stdlib.h> 00060 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 00061 00062 #include <windows.h> 00063 #else 00064 #include <time.h> 00065 #endif 00066 00067 #if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32) 00068 #include <stdio.h> 00069 #endif 00070 00071 /* 00072 * Version ::= INTEGER { v1(0), v2(1) } 00073 */ 00074 static int x509_crl_get_version( unsigned char **p, 00075 const unsigned char *end, 00076 int *ver ) 00077 { 00078 int ret; 00079 00080 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 ) 00081 { 00082 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) 00083 { 00084 *ver = 0; 00085 return( 0 ); 00086 } 00087 00088 return( POLARSSL_ERR_X509_INVALID_VERSION + ret ); 00089 } 00090 00091 return( 0 ); 00092 } 00093 00094 /* 00095 * X.509 CRL v2 extensions (no extensions parsed yet.) 00096 */ 00097 static int x509_get_crl_ext( unsigned char **p, 00098 const unsigned char *end, 00099 x509_buf *ext ) 00100 { 00101 int ret; 00102 size_t len = 0; 00103 00104 /* Get explicit tag */ 00105 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 ) 00106 { 00107 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) 00108 return( 0 ); 00109 00110 return( ret ); 00111 } 00112 00113 while( *p < end ) 00114 { 00115 if( ( ret = asn1_get_tag( p, end, &len, 00116 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) 00117 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret ); 00118 00119 *p += len; 00120 } 00121 00122 if( *p != end ) 00123 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + 00124 POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); 00125 00126 return( 0 ); 00127 } 00128 00129 /* 00130 * X.509 CRL v2 entry extensions (no extensions parsed yet.) 00131 */ 00132 static int x509_get_crl_entry_ext( unsigned char **p, 00133 const unsigned char *end, 00134 x509_buf *ext ) 00135 { 00136 int ret; 00137 size_t len = 0; 00138 00139 /* OPTIONAL */ 00140 if (end <= *p) 00141 return( 0 ); 00142 00143 ext->tag = **p; 00144 ext->p = *p; 00145 00146 /* 00147 * Get CRL-entry extension sequence header 00148 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 00149 */ 00150 if( ( ret = asn1_get_tag( p, end, &ext->len, 00151 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) 00152 { 00153 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) 00154 { 00155 ext->p = NULL; 00156 return( 0 ); 00157 } 00158 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret ); 00159 } 00160 00161 end = *p + ext->len; 00162 00163 if( end != *p + ext->len ) 00164 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + 00165 POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); 00166 00167 while( *p < end ) 00168 { 00169 if( ( ret = asn1_get_tag( p, end, &len, 00170 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) 00171 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret ); 00172 00173 *p += len; 00174 } 00175 00176 if( *p != end ) 00177 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + 00178 POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); 00179 00180 return( 0 ); 00181 } 00182 00183 /* 00184 * X.509 CRL Entries 00185 */ 00186 static int x509_get_entries( unsigned char **p, 00187 const unsigned char *end, 00188 x509_crl_entry *entry ) 00189 { 00190 int ret; 00191 size_t entry_len; 00192 x509_crl_entry *cur_entry = entry; 00193 00194 if( *p == end ) 00195 return( 0 ); 00196 00197 if( ( ret = asn1_get_tag( p, end, &entry_len, 00198 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 ) 00199 { 00200 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) 00201 return( 0 ); 00202 00203 return( ret ); 00204 } 00205 00206 end = *p + entry_len; 00207 00208 while( *p < end ) 00209 { 00210 size_t len2; 00211 const unsigned char *end2; 00212 00213 if( ( ret = asn1_get_tag( p, end, &len2, 00214 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 ) 00215 { 00216 return( ret ); 00217 } 00218 00219 cur_entry->raw.tag = **p; 00220 cur_entry->raw.p = *p; 00221 cur_entry->raw.len = len2; 00222 end2 = *p + len2; 00223 00224 if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 ) 00225 return( ret ); 00226 00227 if( ( ret = x509_get_time( p, end2, 00228 &cur_entry->revocation_date ) ) != 0 ) 00229 return( ret ); 00230 00231 if( ( ret = x509_get_crl_entry_ext( p, end2, 00232 &cur_entry->entry_ext ) ) != 0 ) 00233 return( ret ); 00234 00235 if ( *p < end ) 00236 { 00237 cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) ); 00238 00239 if( cur_entry->next == NULL ) 00240 return( POLARSSL_ERR_X509_MALLOC_FAILED ); 00241 00242 cur_entry = cur_entry->next; 00243 memset( cur_entry, 0, sizeof( x509_crl_entry ) ); 00244 } 00245 } 00246 00247 return( 0 ); 00248 } 00249 00250 /* 00251 * Parse one or more CRLs and add them to the chained list 00252 */ 00253 int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) 00254 { 00255 int ret; 00256 size_t len; 00257 unsigned char *p, *end; 00258 x509_crl *crl; 00259 #if defined(POLARSSL_PEM_PARSE_C) 00260 size_t use_len; 00261 pem_context pem; 00262 #endif 00263 00264 crl = chain; 00265 00266 /* 00267 * Check for valid input 00268 */ 00269 if( crl == NULL || buf == NULL ) 00270 return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); 00271 00272 while( crl->version != 0 && crl->next != NULL ) 00273 crl = crl->next; 00274 00275 /* 00276 * Add new CRL on the end of the chain if needed. 00277 */ 00278 if ( crl->version != 0 && crl->next == NULL) 00279 { 00280 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) ); 00281 00282 if( crl->next == NULL ) 00283 { 00284 x509_crl_free( crl ); 00285 return( POLARSSL_ERR_X509_MALLOC_FAILED ); 00286 } 00287 00288 crl = crl->next; 00289 x509_crl_init( crl ); 00290 } 00291 00292 #if defined(POLARSSL_PEM_PARSE_C) 00293 pem_init( &pem ); 00294 ret = pem_read_buffer( &pem, 00295 "-----BEGIN X509 CRL-----", 00296 "-----END X509 CRL-----", 00297 buf, NULL, 0, &use_len ); 00298 00299 if( ret == 0 ) 00300 { 00301 /* 00302 * Was PEM encoded 00303 */ 00304 buflen -= use_len; 00305 buf += use_len; 00306 00307 /* 00308 * Steal PEM buffer 00309 */ 00310 p = pem.buf ; 00311 pem.buf = NULL; 00312 len = pem.buflen ; 00313 pem_free( &pem ); 00314 } 00315 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) 00316 { 00317 pem_free( &pem ); 00318 return( ret ); 00319 } 00320 else 00321 #endif /* POLARSSL_PEM_PARSE_C */ 00322 { 00323 /* 00324 * nope, copy the raw DER data 00325 */ 00326 p = (unsigned char *) polarssl_malloc( len = buflen ); 00327 00328 if( p == NULL ) 00329 return( POLARSSL_ERR_X509_MALLOC_FAILED ); 00330 00331 memcpy( p, buf, buflen ); 00332 00333 buflen = 0; 00334 } 00335 00336 crl->raw.p = p; 00337 crl->raw.len = len; 00338 end = p + len; 00339 00340 /* 00341 * CertificateList ::= SEQUENCE { 00342 * tbsCertList TBSCertList, 00343 * signatureAlgorithm AlgorithmIdentifier, 00344 * signatureValue BIT STRING } 00345 */ 00346 if( ( ret = asn1_get_tag( &p, end, &len, 00347 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) 00348 { 00349 x509_crl_free( crl ); 00350 return( POLARSSL_ERR_X509_INVALID_FORMAT ); 00351 } 00352 00353 if( len != (size_t) ( end - p ) ) 00354 { 00355 x509_crl_free( crl ); 00356 return( POLARSSL_ERR_X509_INVALID_FORMAT + 00357 POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); 00358 } 00359 00360 /* 00361 * TBSCertList ::= SEQUENCE { 00362 */ 00363 crl->tbs.p = p; 00364 00365 if( ( ret = asn1_get_tag( &p, end, &len, 00366 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) 00367 { 00368 x509_crl_free( crl ); 00369 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret ); 00370 } 00371 00372 end = p + len; 00373 crl->tbs.len = end - crl->tbs.p; 00374 00375 /* 00376 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } 00377 * -- if present, MUST be v2 00378 * 00379 * signature AlgorithmIdentifier 00380 */ 00381 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || 00382 ( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 ) 00383 { 00384 x509_crl_free( crl ); 00385 return( ret ); 00386 } 00387 00388 crl->version++; 00389 00390 if( crl->version > 2 ) 00391 { 00392 x509_crl_free( crl ); 00393 return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); 00394 } 00395 00396 if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md, 00397 &crl->sig_pk ) ) != 0 ) 00398 { 00399 x509_crl_free( crl ); 00400 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); 00401 } 00402 00403 /* 00404 * issuer Name 00405 */ 00406 crl->issuer_raw.p = p; 00407 00408 if( ( ret = asn1_get_tag( &p, end, &len, 00409 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) 00410 { 00411 x509_crl_free( crl ); 00412 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret ); 00413 } 00414 00415 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) 00416 { 00417 x509_crl_free( crl ); 00418 return( ret ); 00419 } 00420 00421 crl->issuer_raw.len = p - crl->issuer_raw.p; 00422 00423 /* 00424 * thisUpdate Time 00425 * nextUpdate Time OPTIONAL 00426 */ 00427 if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 ) 00428 { 00429 x509_crl_free( crl ); 00430 return( ret ); 00431 } 00432 00433 if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 ) 00434 { 00435 if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE + 00436 POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) && 00437 ret != ( POLARSSL_ERR_X509_INVALID_DATE + 00438 POLARSSL_ERR_ASN1_OUT_OF_DATA ) ) 00439 { 00440 x509_crl_free( crl ); 00441 return( ret ); 00442 } 00443 } 00444 00445 /* 00446 * revokedCertificates SEQUENCE OF SEQUENCE { 00447 * userCertificate CertificateSerialNumber, 00448 * revocationDate Time, 00449 * crlEntryExtensions Extensions OPTIONAL 00450 * -- if present, MUST be v2 00451 * } OPTIONAL 00452 */ 00453 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 ) 00454 { 00455 x509_crl_free( crl ); 00456 return( ret ); 00457 } 00458 00459 /* 00460 * crlExtensions EXPLICIT Extensions OPTIONAL 00461 * -- if present, MUST be v2 00462 */ 00463 if( crl->version == 2 ) 00464 { 00465 ret = x509_get_crl_ext( &p, end, &crl->crl_ext ); 00466 00467 if( ret != 0 ) 00468 { 00469 x509_crl_free( crl ); 00470 return( ret ); 00471 } 00472 } 00473 00474 if( p != end ) 00475 { 00476 x509_crl_free( crl ); 00477 return( POLARSSL_ERR_X509_INVALID_FORMAT + 00478 POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); 00479 } 00480 00481 end = crl->raw.p + crl->raw.len; 00482 00483 /* 00484 * signatureAlgorithm AlgorithmIdentifier, 00485 * signatureValue BIT STRING 00486 */ 00487 if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 ) 00488 { 00489 x509_crl_free( crl ); 00490 return( ret ); 00491 } 00492 00493 if( crl->sig_oid1.len != crl->sig_oid2.len || 00494 memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ) 00495 { 00496 x509_crl_free( crl ); 00497 return( POLARSSL_ERR_X509_SIG_MISMATCH ); 00498 } 00499 00500 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 ) 00501 { 00502 x509_crl_free( crl ); 00503 return( ret ); 00504 } 00505 00506 if( p != end ) 00507 { 00508 x509_crl_free( crl ); 00509 return( POLARSSL_ERR_X509_INVALID_FORMAT + 00510 POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); 00511 } 00512 00513 if( buflen > 0 ) 00514 { 00515 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) ); 00516 00517 if( crl->next == NULL ) 00518 { 00519 x509_crl_free( crl ); 00520 return( POLARSSL_ERR_X509_MALLOC_FAILED ); 00521 } 00522 00523 crl = crl->next; 00524 x509_crl_init( crl ); 00525 00526 return( x509_crl_parse( crl, buf, buflen ) ); 00527 } 00528 00529 return( 0 ); 00530 } 00531 00532 #if defined(POLARSSL_FS_IO) 00533 /* 00534 * Load one or more CRLs and add them to the chained list 00535 */ 00536 int x509_crl_parse_file( x509_crl *chain, const char *path ) 00537 { 00538 int ret; 00539 size_t n; 00540 unsigned char *buf; 00541 00542 if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 ) 00543 return( ret ); 00544 00545 ret = x509_crl_parse( chain, buf, n ); 00546 00547 memset( buf, 0, n + 1 ); 00548 polarssl_free( buf ); 00549 00550 return( ret ); 00551 } 00552 #endif /* POLARSSL_FS_IO */ 00553 00554 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \ 00555 !defined(EFI32) 00556 #include <stdarg.h> 00557 00558 #if !defined vsnprintf 00559 #define vsnprintf _vsnprintf 00560 #endif // vsnprintf 00561 00562 /* 00563 * Windows _snprintf and _vsnprintf are not compatible to linux versions. 00564 * Result value is not size of buffer needed, but -1 if no fit is possible. 00565 * 00566 * This fuction tries to 'fix' this by at least suggesting enlarging the 00567 * size by 20. 00568 */ 00569 static int compat_snprintf(char *str, size_t size, const char *format, ...) 00570 { 00571 va_list ap; 00572 int res = -1; 00573 00574 va_start( ap, format ); 00575 00576 res = vsnprintf( str, size, format, ap ); 00577 00578 va_end( ap ); 00579 00580 // No quick fix possible 00581 if ( res < 0 ) 00582 return( (int) size + 20 ); 00583 00584 return res; 00585 } 00586 00587 #define snprintf compat_snprintf 00588 #endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */ 00589 00590 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2 00591 00592 #define SAFE_SNPRINTF() \ 00593 { \ 00594 if( ret == -1 ) \ 00595 return( -1 ); \ 00596 \ 00597 if ( (unsigned int) ret > n ) { \ 00598 p[n - 1] = '\0'; \ 00599 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\ 00600 } \ 00601 \ 00602 n -= (unsigned int) ret; \ 00603 p += (unsigned int) ret; \ 00604 } 00605 00606 /* 00607 * Return an informational string about the certificate. 00608 */ 00609 #define BEFORE_COLON 14 00610 #define BC "14" 00611 /* 00612 * Return an informational string about the CRL. 00613 */ 00614 int x509_crl_info( char *buf, size_t size, const char *prefix, 00615 const x509_crl *crl ) 00616 { 00617 int ret; 00618 size_t n; 00619 char *p; 00620 const char *desc; 00621 const x509_crl_entry *entry; 00622 00623 p = buf; 00624 n = size; 00625 00626 ret = snprintf( p, n, "%sCRL version : %d", 00627 prefix, crl->version ); 00628 SAFE_SNPRINTF(); 00629 00630 ret = snprintf( p, n, "\n%sissuer name : ", prefix ); 00631 SAFE_SNPRINTF(); 00632 ret = x509_dn_gets( p, n, &crl->issuer ); 00633 SAFE_SNPRINTF(); 00634 00635 ret = snprintf( p, n, "\n%sthis update : " \ 00636 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 00637 crl->this_update.year, crl->this_update.mon, 00638 crl->this_update.day, crl->this_update.hour, 00639 crl->this_update.min, crl->this_update.sec ); 00640 SAFE_SNPRINTF(); 00641 00642 ret = snprintf( p, n, "\n%snext update : " \ 00643 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 00644 crl->next_update.year, crl->next_update.mon, 00645 crl->next_update.day, crl->next_update.hour, 00646 crl->next_update.min, crl->next_update.sec ); 00647 SAFE_SNPRINTF(); 00648 00649 entry = &crl->entry; 00650 00651 ret = snprintf( p, n, "\n%sRevoked certificates:", 00652 prefix ); 00653 SAFE_SNPRINTF(); 00654 00655 while( entry != NULL && entry->raw.len != 0 ) 00656 { 00657 ret = snprintf( p, n, "\n%sserial number: ", 00658 prefix ); 00659 SAFE_SNPRINTF(); 00660 00661 ret = x509_serial_gets( p, n, &entry->serial); 00662 SAFE_SNPRINTF(); 00663 00664 ret = snprintf( p, n, " revocation date: " \ 00665 "%04d-%02d-%02d %02d:%02d:%02d", 00666 entry->revocation_date.year, entry->revocation_date.mon, 00667 entry->revocation_date.day, entry->revocation_date.hour, 00668 entry->revocation_date.min, entry->revocation_date.sec ); 00669 SAFE_SNPRINTF(); 00670 00671 entry = entry->next; 00672 } 00673 00674 ret = snprintf( p, n, "\n%ssigned using : ", prefix ); 00675 SAFE_SNPRINTF(); 00676 00677 ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc ); 00678 if( ret != 0 ) 00679 ret = snprintf( p, n, "???" ); 00680 else 00681 ret = snprintf( p, n, "%s", desc ); 00682 SAFE_SNPRINTF(); 00683 00684 ret = snprintf( p, n, "\n" ); 00685 SAFE_SNPRINTF(); 00686 00687 return( (int) ( size - n ) ); 00688 } 00689 00690 /* 00691 * Initialize a CRL chain 00692 */ 00693 void x509_crl_init( x509_crl *crl ) 00694 { 00695 memset( crl, 0, sizeof(x509_crl) ); 00696 } 00697 00698 /* 00699 * Unallocate all CRL data 00700 */ 00701 void x509_crl_free( x509_crl *crl ) 00702 { 00703 x509_crl *crl_cur = crl; 00704 x509_crl *crl_prv; 00705 x509_name *name_cur; 00706 x509_name *name_prv; 00707 x509_crl_entry *entry_cur; 00708 x509_crl_entry *entry_prv; 00709 00710 if( crl == NULL ) 00711 return; 00712 00713 do 00714 { 00715 name_cur = crl_cur->issuer.next; 00716 while( name_cur != NULL ) 00717 { 00718 name_prv = name_cur; 00719 name_cur = name_cur->next; 00720 memset( name_prv, 0, sizeof( x509_name ) ); 00721 polarssl_free( name_prv ); 00722 } 00723 00724 entry_cur = crl_cur->entry.next; 00725 while( entry_cur != NULL ) 00726 { 00727 entry_prv = entry_cur; 00728 entry_cur = entry_cur->next; 00729 memset( entry_prv, 0, sizeof( x509_crl_entry ) ); 00730 polarssl_free( entry_prv ); 00731 } 00732 00733 if( crl_cur->raw.p != NULL ) 00734 { 00735 memset( crl_cur->raw.p, 0, crl_cur->raw.len ); 00736 polarssl_free( crl_cur->raw.p ); 00737 } 00738 00739 crl_cur = crl_cur->next; 00740 } 00741 while( crl_cur != NULL ); 00742 00743 crl_cur = crl; 00744 do 00745 { 00746 crl_prv = crl_cur; 00747 crl_cur = crl_cur->next; 00748 00749 memset( crl_prv, 0, sizeof( x509_crl ) ); 00750 if( crl_prv != crl ) 00751 polarssl_free( crl_prv ); 00752 } 00753 while( crl_cur != NULL ); 00754 } 00755 00756 #endif /* POLARSSL_X509_CRL_PARSE_C */ 00757 00758
Generated on Tue Jul 12 2022 19:40:21 by 1.7.2