Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
x509_crl.c
00001 /* 00002 * X.509 Certidicate Revocation List (CRL) parsing 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * The ITU-T X.509 standard defines a certificate format for PKI. 00023 * 00024 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) 00025 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) 00026 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) 00027 * 00028 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf 00029 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf 00030 */ 00031 00032 #if !defined(MBEDTLS_CONFIG_FILE) 00033 #include "mbedtls/config.h" 00034 #else 00035 #include MBEDTLS_CONFIG_FILE 00036 #endif 00037 00038 #if defined(MBEDTLS_X509_CRL_PARSE_C) 00039 00040 #include "mbedtls/x509_crl.h" 00041 #include "mbedtls/oid.h" 00042 #include "mbedtls/platform_util.h" 00043 00044 #include <string.h> 00045 00046 #if defined(MBEDTLS_PEM_PARSE_C) 00047 #include "mbedtls/pem.h" 00048 #endif 00049 00050 #if defined(MBEDTLS_PLATFORM_C) 00051 #include "mbedtls/platform.h" 00052 #else 00053 #include <stdlib.h> 00054 #include <stdio.h> 00055 #define mbedtls_free free 00056 #define mbedtls_calloc calloc 00057 #define mbedtls_snprintf snprintf 00058 #endif 00059 00060 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) 00061 #include <windows.h> 00062 #else 00063 #include <time.h> 00064 #endif 00065 00066 #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32) 00067 #include <stdio.h> 00068 #endif 00069 00070 /* 00071 * Version ::= INTEGER { v1(0), v2(1) } 00072 */ 00073 static int x509_crl_get_version( unsigned char **p, 00074 const unsigned char *end, 00075 int *ver ) 00076 { 00077 int ret; 00078 00079 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) 00080 { 00081 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00082 { 00083 *ver = 0; 00084 return( 0 ); 00085 } 00086 00087 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); 00088 } 00089 00090 return( 0 ); 00091 } 00092 00093 /* 00094 * X.509 CRL v2 extensions 00095 * 00096 * We currently don't parse any extension's content, but we do check that the 00097 * list of extensions is well-formed and abort on critical extensions (that 00098 * are unsupported as we don't support any extension so far) 00099 */ 00100 static int x509_get_crl_ext( unsigned char **p, 00101 const unsigned char *end, 00102 mbedtls_x509_buf *ext ) 00103 { 00104 int ret; 00105 00106 if( *p == end ) 00107 return( 0 ); 00108 00109 /* 00110 * crlExtensions [0] EXPLICIT Extensions OPTIONAL 00111 * -- if present, version MUST be v2 00112 */ 00113 if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 ) 00114 return( ret ); 00115 00116 end = ext->p + ext->len; 00117 00118 while( *p < end ) 00119 { 00120 /* 00121 * Extension ::= SEQUENCE { 00122 * extnID OBJECT IDENTIFIER, 00123 * critical BOOLEAN DEFAULT FALSE, 00124 * extnValue OCTET STRING } 00125 */ 00126 int is_critical = 0; 00127 const unsigned char *end_ext_data; 00128 size_t len; 00129 00130 /* Get enclosing sequence tag */ 00131 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00132 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00133 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00134 00135 end_ext_data = *p + len; 00136 00137 /* Get OID (currently ignored) */ 00138 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, 00139 MBEDTLS_ASN1_OID ) ) != 0 ) 00140 { 00141 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00142 } 00143 *p += len; 00144 00145 /* Get optional critical */ 00146 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, 00147 &is_critical ) ) != 0 && 00148 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) 00149 { 00150 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00151 } 00152 00153 /* Data should be octet string type */ 00154 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, 00155 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) 00156 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00157 00158 /* Ignore data so far and just check its length */ 00159 *p += len; 00160 if( *p != end_ext_data ) 00161 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00162 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00163 00164 /* Abort on (unsupported) critical extensions */ 00165 if( is_critical ) 00166 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00167 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); 00168 } 00169 00170 if( *p != end ) 00171 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00172 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00173 00174 return( 0 ); 00175 } 00176 00177 /* 00178 * X.509 CRL v2 entry extensions (no extensions parsed yet.) 00179 */ 00180 static int x509_get_crl_entry_ext( unsigned char **p, 00181 const unsigned char *end, 00182 mbedtls_x509_buf *ext ) 00183 { 00184 int ret; 00185 size_t len = 0; 00186 00187 /* OPTIONAL */ 00188 if( end <= *p ) 00189 return( 0 ); 00190 00191 ext->tag = **p; 00192 ext->p = *p; 00193 00194 /* 00195 * Get CRL-entry extension sequence header 00196 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 00197 */ 00198 if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len, 00199 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00200 { 00201 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00202 { 00203 ext->p = NULL; 00204 return( 0 ); 00205 } 00206 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00207 } 00208 00209 end = *p + ext->len; 00210 00211 if( end != *p + ext->len ) 00212 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00213 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00214 00215 while( *p < end ) 00216 { 00217 if( ( ret = mbedtls_asn1_get_tag( p, end, &len, 00218 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00219 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); 00220 00221 *p += len; 00222 } 00223 00224 if( *p != end ) 00225 return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + 00226 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00227 00228 return( 0 ); 00229 } 00230 00231 /* 00232 * X.509 CRL Entries 00233 */ 00234 static int x509_get_entries( unsigned char **p, 00235 const unsigned char *end, 00236 mbedtls_x509_crl_entry *entry ) 00237 { 00238 int ret; 00239 size_t entry_len; 00240 mbedtls_x509_crl_entry *cur_entry = entry; 00241 00242 if( *p == end ) 00243 return( 0 ); 00244 00245 if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len, 00246 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) 00247 { 00248 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) 00249 return( 0 ); 00250 00251 return( ret ); 00252 } 00253 00254 end = *p + entry_len; 00255 00256 while( *p < end ) 00257 { 00258 size_t len2; 00259 const unsigned char *end2; 00260 00261 if( ( ret = mbedtls_asn1_get_tag( p, end, &len2, 00262 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) 00263 { 00264 return( ret ); 00265 } 00266 00267 cur_entry->raw.tag = **p; 00268 cur_entry->raw.p = *p; 00269 cur_entry->raw.len = len2; 00270 end2 = *p + len2; 00271 00272 if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 ) 00273 return( ret ); 00274 00275 if( ( ret = mbedtls_x509_get_time( p, end2, 00276 &cur_entry->revocation_date ) ) != 0 ) 00277 return( ret ); 00278 00279 if( ( ret = x509_get_crl_entry_ext( p, end2, 00280 &cur_entry->entry_ext ) ) != 0 ) 00281 return( ret ); 00282 00283 if( *p < end ) 00284 { 00285 cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) ); 00286 00287 if( cur_entry->next == NULL ) 00288 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 00289 00290 cur_entry = cur_entry->next; 00291 } 00292 } 00293 00294 return( 0 ); 00295 } 00296 00297 /* 00298 * Parse one CRLs in DER format and append it to the chained list 00299 */ 00300 int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, 00301 const unsigned char *buf, size_t buflen ) 00302 { 00303 int ret; 00304 size_t len; 00305 unsigned char *p = NULL, *end = NULL; 00306 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 00307 mbedtls_x509_crl *crl = chain; 00308 00309 /* 00310 * Check for valid input 00311 */ 00312 if( crl == NULL || buf == NULL ) 00313 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 00314 00315 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); 00316 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); 00317 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); 00318 00319 /* 00320 * Add new CRL on the end of the chain if needed. 00321 */ 00322 while( crl->version != 0 && crl->next != NULL ) 00323 crl = crl->next; 00324 00325 if( crl->version != 0 && crl->next == NULL ) 00326 { 00327 crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ); 00328 00329 if( crl->next == NULL ) 00330 { 00331 mbedtls_x509_crl_free( crl ); 00332 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 00333 } 00334 00335 mbedtls_x509_crl_init( crl->next ); 00336 crl = crl->next; 00337 } 00338 00339 /* 00340 * Copy raw DER-encoded CRL 00341 */ 00342 if( buflen == 0 ) 00343 return( MBEDTLS_ERR_X509_INVALID_FORMAT ); 00344 00345 p = mbedtls_calloc( 1, buflen ); 00346 if( p == NULL ) 00347 return( MBEDTLS_ERR_X509_ALLOC_FAILED ); 00348 00349 memcpy( p, buf, buflen ); 00350 00351 crl->raw.p = p; 00352 crl->raw.len = buflen; 00353 00354 end = p + buflen; 00355 00356 /* 00357 * CertificateList ::= SEQUENCE { 00358 * tbsCertList TBSCertList, 00359 * signatureAlgorithm AlgorithmIdentifier, 00360 * signatureValue BIT STRING } 00361 */ 00362 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00363 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00364 { 00365 mbedtls_x509_crl_free( crl ); 00366 return( MBEDTLS_ERR_X509_INVALID_FORMAT ); 00367 } 00368 00369 if( len != (size_t) ( end - p ) ) 00370 { 00371 mbedtls_x509_crl_free( crl ); 00372 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 00373 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00374 } 00375 00376 /* 00377 * TBSCertList ::= SEQUENCE { 00378 */ 00379 crl->tbs.p = p; 00380 00381 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00382 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00383 { 00384 mbedtls_x509_crl_free( crl ); 00385 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 00386 } 00387 00388 end = p + len; 00389 crl->tbs.len = end - crl->tbs.p; 00390 00391 /* 00392 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } 00393 * -- if present, MUST be v2 00394 * 00395 * signature AlgorithmIdentifier 00396 */ 00397 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || 00398 ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 ) 00399 { 00400 mbedtls_x509_crl_free( crl ); 00401 return( ret ); 00402 } 00403 00404 if( crl->version < 0 || crl->version > 1 ) 00405 { 00406 mbedtls_x509_crl_free( crl ); 00407 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); 00408 } 00409 00410 crl->version++; 00411 00412 if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, 00413 &crl->sig_md, &crl->sig_pk, 00414 &crl->sig_opts ) ) != 0 ) 00415 { 00416 mbedtls_x509_crl_free( crl ); 00417 return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); 00418 } 00419 00420 /* 00421 * issuer Name 00422 */ 00423 crl->issuer_raw.p = p; 00424 00425 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, 00426 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) 00427 { 00428 mbedtls_x509_crl_free( crl ); 00429 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); 00430 } 00431 00432 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) 00433 { 00434 mbedtls_x509_crl_free( crl ); 00435 return( ret ); 00436 } 00437 00438 crl->issuer_raw.len = p - crl->issuer_raw.p; 00439 00440 /* 00441 * thisUpdate Time 00442 * nextUpdate Time OPTIONAL 00443 */ 00444 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 ) 00445 { 00446 mbedtls_x509_crl_free( crl ); 00447 return( ret ); 00448 } 00449 00450 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 ) 00451 { 00452 if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE + 00453 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) && 00454 ret != ( MBEDTLS_ERR_X509_INVALID_DATE + 00455 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) 00456 { 00457 mbedtls_x509_crl_free( crl ); 00458 return( ret ); 00459 } 00460 } 00461 00462 /* 00463 * revokedCertificates SEQUENCE OF SEQUENCE { 00464 * userCertificate CertificateSerialNumber, 00465 * revocationDate Time, 00466 * crlEntryExtensions Extensions OPTIONAL 00467 * -- if present, MUST be v2 00468 * } OPTIONAL 00469 */ 00470 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 ) 00471 { 00472 mbedtls_x509_crl_free( crl ); 00473 return( ret ); 00474 } 00475 00476 /* 00477 * crlExtensions EXPLICIT Extensions OPTIONAL 00478 * -- if present, MUST be v2 00479 */ 00480 if( crl->version == 2 ) 00481 { 00482 ret = x509_get_crl_ext( &p, end, &crl->crl_ext ); 00483 00484 if( ret != 0 ) 00485 { 00486 mbedtls_x509_crl_free( crl ); 00487 return( ret ); 00488 } 00489 } 00490 00491 if( p != end ) 00492 { 00493 mbedtls_x509_crl_free( crl ); 00494 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 00495 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00496 } 00497 00498 end = crl->raw.p + crl->raw.len; 00499 00500 /* 00501 * signatureAlgorithm AlgorithmIdentifier, 00502 * signatureValue BIT STRING 00503 */ 00504 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) 00505 { 00506 mbedtls_x509_crl_free( crl ); 00507 return( ret ); 00508 } 00509 00510 if( crl->sig_oid.len != sig_oid2.len || 00511 memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 || 00512 sig_params1.len != sig_params2.len || 00513 ( sig_params1.len != 0 && 00514 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) 00515 { 00516 mbedtls_x509_crl_free( crl ); 00517 return( MBEDTLS_ERR_X509_SIG_MISMATCH ); 00518 } 00519 00520 if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 ) 00521 { 00522 mbedtls_x509_crl_free( crl ); 00523 return( ret ); 00524 } 00525 00526 if( p != end ) 00527 { 00528 mbedtls_x509_crl_free( crl ); 00529 return( MBEDTLS_ERR_X509_INVALID_FORMAT + 00530 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); 00531 } 00532 00533 return( 0 ); 00534 } 00535 00536 /* 00537 * Parse one or more CRLs and add them to the chained list 00538 */ 00539 int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) 00540 { 00541 #if defined(MBEDTLS_PEM_PARSE_C) 00542 int ret; 00543 size_t use_len; 00544 mbedtls_pem_context pem; 00545 int is_pem = 0; 00546 00547 if( chain == NULL || buf == NULL ) 00548 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); 00549 00550 do 00551 { 00552 mbedtls_pem_init( &pem ); 00553 00554 // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated 00555 // string 00556 if( buflen == 0 || buf[buflen - 1] != '\0' ) 00557 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 00558 else 00559 ret = mbedtls_pem_read_buffer( &pem, 00560 "-----BEGIN X509 CRL-----", 00561 "-----END X509 CRL-----", 00562 buf, NULL, 0, &use_len ); 00563 00564 if( ret == 0 ) 00565 { 00566 /* 00567 * Was PEM encoded 00568 */ 00569 is_pem = 1; 00570 00571 buflen -= use_len; 00572 buf += use_len; 00573 00574 if( ( ret = mbedtls_x509_crl_parse_der( chain, 00575 pem.buf , pem.buflen ) ) != 0 ) 00576 { 00577 mbedtls_pem_free( &pem ); 00578 return( ret ); 00579 } 00580 } 00581 else if( is_pem ) 00582 { 00583 mbedtls_pem_free( &pem ); 00584 return( ret ); 00585 } 00586 00587 mbedtls_pem_free( &pem ); 00588 } 00589 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. 00590 * And a valid CRL cannot be less than 1 byte anyway. */ 00591 while( is_pem && buflen > 1 ); 00592 00593 if( is_pem ) 00594 return( 0 ); 00595 else 00596 #endif /* MBEDTLS_PEM_PARSE_C */ 00597 return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) ); 00598 } 00599 00600 #if defined(MBEDTLS_FS_IO) 00601 /* 00602 * Load one or more CRLs and add them to the chained list 00603 */ 00604 int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) 00605 { 00606 int ret; 00607 size_t n; 00608 unsigned char *buf; 00609 00610 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) 00611 return( ret ); 00612 00613 ret = mbedtls_x509_crl_parse( chain, buf, n ); 00614 00615 mbedtls_platform_zeroize( buf, n ); 00616 mbedtls_free( buf ); 00617 00618 return( ret ); 00619 } 00620 #endif /* MBEDTLS_FS_IO */ 00621 00622 /* 00623 * Return an informational string about the certificate. 00624 */ 00625 #define BEFORE_COLON 14 00626 #define BC "14" 00627 /* 00628 * Return an informational string about the CRL. 00629 */ 00630 int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, 00631 const mbedtls_x509_crl *crl ) 00632 { 00633 int ret; 00634 size_t n; 00635 char *p; 00636 const mbedtls_x509_crl_entry *entry; 00637 00638 p = buf; 00639 n = size; 00640 00641 ret = mbedtls_snprintf( p, n, "%sCRL version : %d", 00642 prefix, crl->version ); 00643 MBEDTLS_X509_SAFE_SNPRINTF; 00644 00645 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); 00646 MBEDTLS_X509_SAFE_SNPRINTF; 00647 ret = mbedtls_x509_dn_gets( p, n, &crl->issuer ); 00648 MBEDTLS_X509_SAFE_SNPRINTF; 00649 00650 ret = mbedtls_snprintf( p, n, "\n%sthis update : " \ 00651 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 00652 crl->this_update.year, crl->this_update.mon, 00653 crl->this_update.day, crl->this_update.hour, 00654 crl->this_update.min, crl->this_update.sec ); 00655 MBEDTLS_X509_SAFE_SNPRINTF; 00656 00657 ret = mbedtls_snprintf( p, n, "\n%snext update : " \ 00658 "%04d-%02d-%02d %02d:%02d:%02d", prefix, 00659 crl->next_update.year, crl->next_update.mon, 00660 crl->next_update.day, crl->next_update.hour, 00661 crl->next_update.min, crl->next_update.sec ); 00662 MBEDTLS_X509_SAFE_SNPRINTF; 00663 00664 entry = &crl->entry; 00665 00666 ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:", 00667 prefix ); 00668 MBEDTLS_X509_SAFE_SNPRINTF; 00669 00670 while( entry != NULL && entry->raw.len != 0 ) 00671 { 00672 ret = mbedtls_snprintf( p, n, "\n%sserial number: ", 00673 prefix ); 00674 MBEDTLS_X509_SAFE_SNPRINTF; 00675 00676 ret = mbedtls_x509_serial_gets( p, n, &entry->serial ); 00677 MBEDTLS_X509_SAFE_SNPRINTF; 00678 00679 ret = mbedtls_snprintf( p, n, " revocation date: " \ 00680 "%04d-%02d-%02d %02d:%02d:%02d", 00681 entry->revocation_date.year, entry->revocation_date.mon, 00682 entry->revocation_date.day, entry->revocation_date.hour, 00683 entry->revocation_date.min, entry->revocation_date.sec ); 00684 MBEDTLS_X509_SAFE_SNPRINTF; 00685 00686 entry = entry->next; 00687 } 00688 00689 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); 00690 MBEDTLS_X509_SAFE_SNPRINTF; 00691 00692 ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, 00693 crl->sig_opts ); 00694 MBEDTLS_X509_SAFE_SNPRINTF; 00695 00696 ret = mbedtls_snprintf( p, n, "\n" ); 00697 MBEDTLS_X509_SAFE_SNPRINTF; 00698 00699 return( (int) ( size - n ) ); 00700 } 00701 00702 /* 00703 * Initialize a CRL chain 00704 */ 00705 void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ) 00706 { 00707 memset( crl, 0, sizeof(mbedtls_x509_crl) ); 00708 } 00709 00710 /* 00711 * Unallocate all CRL data 00712 */ 00713 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) 00714 { 00715 mbedtls_x509_crl *crl_cur = crl; 00716 mbedtls_x509_crl *crl_prv; 00717 mbedtls_x509_name *name_cur; 00718 mbedtls_x509_name *name_prv; 00719 mbedtls_x509_crl_entry *entry_cur; 00720 mbedtls_x509_crl_entry *entry_prv; 00721 00722 if( crl == NULL ) 00723 return; 00724 00725 do 00726 { 00727 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 00728 mbedtls_free( crl_cur->sig_opts ); 00729 #endif 00730 00731 name_cur = crl_cur->issuer.next; 00732 while( name_cur != NULL ) 00733 { 00734 name_prv = name_cur; 00735 name_cur = name_cur->next; 00736 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); 00737 mbedtls_free( name_prv ); 00738 } 00739 00740 entry_cur = crl_cur->entry.next; 00741 while( entry_cur != NULL ) 00742 { 00743 entry_prv = entry_cur; 00744 entry_cur = entry_cur->next; 00745 mbedtls_platform_zeroize( entry_prv, 00746 sizeof( mbedtls_x509_crl_entry ) ); 00747 mbedtls_free( entry_prv ); 00748 } 00749 00750 if( crl_cur->raw.p != NULL ) 00751 { 00752 mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len ); 00753 mbedtls_free( crl_cur->raw.p ); 00754 } 00755 00756 crl_cur = crl_cur->next; 00757 } 00758 while( crl_cur != NULL ); 00759 00760 crl_cur = crl; 00761 do 00762 { 00763 crl_prv = crl_cur; 00764 crl_cur = crl_cur->next; 00765 00766 mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); 00767 if( crl_prv != crl ) 00768 mbedtls_free( crl_prv ); 00769 } 00770 while( crl_cur != NULL ); 00771 } 00772 00773 #endif /* MBEDTLS_X509_CRL_PARSE_C */
Generated on Tue Jul 12 2022 13:55:05 by
1.7.2