wolfSSL SSL/TLS library, support up to TLS1.3
src/crl.c@17:ff9d1e86ad5f, 2019-11-20 (annotated)
- Committer:
- sPymbed
- Date:
- Wed Nov 20 13:27:48 2019 +0000
- Revision:
- 17:ff9d1e86ad5f
- Parent:
- 15:117db924cf7c
removed: wolfcrypt
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
sPymbed | 17:ff9d1e86ad5f | 1 | /* crl.c |
sPymbed | 17:ff9d1e86ad5f | 2 | * |
sPymbed | 17:ff9d1e86ad5f | 3 | * Copyright (C) 2006-2017 wolfSSL Inc. |
sPymbed | 17:ff9d1e86ad5f | 4 | * |
sPymbed | 17:ff9d1e86ad5f | 5 | * This file is part of wolfSSL. |
sPymbed | 17:ff9d1e86ad5f | 6 | * |
sPymbed | 17:ff9d1e86ad5f | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
sPymbed | 17:ff9d1e86ad5f | 8 | * it under the terms of the GNU General Public License as published by |
sPymbed | 17:ff9d1e86ad5f | 9 | * the Free Software Foundation; either version 2 of the License, or |
sPymbed | 17:ff9d1e86ad5f | 10 | * (at your option) any later version. |
sPymbed | 17:ff9d1e86ad5f | 11 | * |
sPymbed | 17:ff9d1e86ad5f | 12 | * wolfSSL is distributed in the hope that it will be useful, |
sPymbed | 17:ff9d1e86ad5f | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
sPymbed | 17:ff9d1e86ad5f | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
sPymbed | 17:ff9d1e86ad5f | 15 | * GNU General Public License for more details. |
sPymbed | 17:ff9d1e86ad5f | 16 | * |
sPymbed | 17:ff9d1e86ad5f | 17 | * You should have received a copy of the GNU General Public License |
sPymbed | 17:ff9d1e86ad5f | 18 | * along with this program; if not, write to the Free Software |
sPymbed | 17:ff9d1e86ad5f | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
sPymbed | 17:ff9d1e86ad5f | 20 | */ |
sPymbed | 17:ff9d1e86ad5f | 21 | |
sPymbed | 17:ff9d1e86ad5f | 22 | |
sPymbed | 17:ff9d1e86ad5f | 23 | /* Name change compatibility layer no longer needs included here */ |
sPymbed | 17:ff9d1e86ad5f | 24 | |
sPymbed | 17:ff9d1e86ad5f | 25 | #ifdef HAVE_CONFIG_H |
sPymbed | 17:ff9d1e86ad5f | 26 | #include <config.h> |
sPymbed | 17:ff9d1e86ad5f | 27 | #endif |
sPymbed | 17:ff9d1e86ad5f | 28 | |
sPymbed | 17:ff9d1e86ad5f | 29 | #include <wolfcrypt/settings.h> |
sPymbed | 17:ff9d1e86ad5f | 30 | |
sPymbed | 17:ff9d1e86ad5f | 31 | #ifndef WOLFCRYPT_ONLY |
sPymbed | 17:ff9d1e86ad5f | 32 | #ifdef HAVE_CRL |
sPymbed | 17:ff9d1e86ad5f | 33 | |
sPymbed | 17:ff9d1e86ad5f | 34 | #include <wolfssl/internal.h> |
sPymbed | 17:ff9d1e86ad5f | 35 | #include <wolfssl/error-ssl.h> |
sPymbed | 17:ff9d1e86ad5f | 36 | |
sPymbed | 17:ff9d1e86ad5f | 37 | #include <string.h> |
sPymbed | 17:ff9d1e86ad5f | 38 | |
sPymbed | 17:ff9d1e86ad5f | 39 | #ifdef HAVE_CRL_MONITOR |
sPymbed | 17:ff9d1e86ad5f | 40 | #if (defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__)) |
sPymbed | 17:ff9d1e86ad5f | 41 | static int StopMonitor(int mfd); |
sPymbed | 17:ff9d1e86ad5f | 42 | #else |
sPymbed | 17:ff9d1e86ad5f | 43 | #error "CRL monitor only currently supported on linux or mach" |
sPymbed | 17:ff9d1e86ad5f | 44 | #endif |
sPymbed | 17:ff9d1e86ad5f | 45 | #endif /* HAVE_CRL_MONITOR */ |
sPymbed | 17:ff9d1e86ad5f | 46 | |
sPymbed | 17:ff9d1e86ad5f | 47 | |
sPymbed | 17:ff9d1e86ad5f | 48 | /* Initialize CRL members */ |
sPymbed | 17:ff9d1e86ad5f | 49 | int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) |
sPymbed | 17:ff9d1e86ad5f | 50 | { |
sPymbed | 17:ff9d1e86ad5f | 51 | WOLFSSL_ENTER("InitCRL"); |
sPymbed | 17:ff9d1e86ad5f | 52 | if(cm != NULL) |
sPymbed | 17:ff9d1e86ad5f | 53 | crl->heap = cm->heap; |
sPymbed | 17:ff9d1e86ad5f | 54 | else |
sPymbed | 17:ff9d1e86ad5f | 55 | crl->heap = NULL; |
sPymbed | 17:ff9d1e86ad5f | 56 | crl->cm = cm; |
sPymbed | 17:ff9d1e86ad5f | 57 | crl->crlList = NULL; |
sPymbed | 17:ff9d1e86ad5f | 58 | crl->monitors[0].path = NULL; |
sPymbed | 17:ff9d1e86ad5f | 59 | crl->monitors[1].path = NULL; |
sPymbed | 17:ff9d1e86ad5f | 60 | #ifdef HAVE_CRL_MONITOR |
sPymbed | 17:ff9d1e86ad5f | 61 | crl->tid = 0; |
sPymbed | 17:ff9d1e86ad5f | 62 | crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */ |
sPymbed | 17:ff9d1e86ad5f | 63 | crl->setup = 0; /* thread setup done predicate */ |
sPymbed | 17:ff9d1e86ad5f | 64 | if (pthread_cond_init(&crl->cond, 0) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 65 | WOLFSSL_MSG("Pthread condition init failed"); |
sPymbed | 17:ff9d1e86ad5f | 66 | return BAD_COND_E; |
sPymbed | 17:ff9d1e86ad5f | 67 | } |
sPymbed | 17:ff9d1e86ad5f | 68 | #endif |
sPymbed | 17:ff9d1e86ad5f | 69 | if (wc_InitMutex(&crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 70 | WOLFSSL_MSG("Init Mutex failed"); |
sPymbed | 17:ff9d1e86ad5f | 71 | return BAD_MUTEX_E; |
sPymbed | 17:ff9d1e86ad5f | 72 | } |
sPymbed | 17:ff9d1e86ad5f | 73 | |
sPymbed | 17:ff9d1e86ad5f | 74 | return 0; |
sPymbed | 17:ff9d1e86ad5f | 75 | } |
sPymbed | 17:ff9d1e86ad5f | 76 | |
sPymbed | 17:ff9d1e86ad5f | 77 | |
sPymbed | 17:ff9d1e86ad5f | 78 | /* Initialize CRL Entry */ |
sPymbed | 17:ff9d1e86ad5f | 79 | static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, |
sPymbed | 17:ff9d1e86ad5f | 80 | int verified, void* heap) |
sPymbed | 17:ff9d1e86ad5f | 81 | { |
sPymbed | 17:ff9d1e86ad5f | 82 | WOLFSSL_ENTER("InitCRL_Entry"); |
sPymbed | 17:ff9d1e86ad5f | 83 | |
sPymbed | 17:ff9d1e86ad5f | 84 | XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE); |
sPymbed | 17:ff9d1e86ad5f | 85 | /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE); |
sPymbed | 17:ff9d1e86ad5f | 86 | * copy the hash here if needed for optimized comparisons */ |
sPymbed | 17:ff9d1e86ad5f | 87 | XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE); |
sPymbed | 17:ff9d1e86ad5f | 88 | XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE); |
sPymbed | 17:ff9d1e86ad5f | 89 | crle->lastDateFormat = dcrl->lastDateFormat; |
sPymbed | 17:ff9d1e86ad5f | 90 | crle->nextDateFormat = dcrl->nextDateFormat; |
sPymbed | 17:ff9d1e86ad5f | 91 | |
sPymbed | 17:ff9d1e86ad5f | 92 | crle->certs = dcrl->certs; /* take ownsership */ |
sPymbed | 17:ff9d1e86ad5f | 93 | dcrl->certs = NULL; |
sPymbed | 17:ff9d1e86ad5f | 94 | crle->totalCerts = dcrl->totalCerts; |
sPymbed | 17:ff9d1e86ad5f | 95 | crle->verified = verified; |
sPymbed | 17:ff9d1e86ad5f | 96 | if (!verified) { |
sPymbed | 17:ff9d1e86ad5f | 97 | crle->tbsSz = dcrl->sigIndex - dcrl->certBegin; |
sPymbed | 17:ff9d1e86ad5f | 98 | crle->signatureSz = dcrl->sigLength; |
sPymbed | 17:ff9d1e86ad5f | 99 | crle->signatureOID = dcrl->signatureOID; |
sPymbed | 17:ff9d1e86ad5f | 100 | crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap, |
sPymbed | 17:ff9d1e86ad5f | 101 | DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 102 | if (crle->toBeSigned == NULL) |
sPymbed | 17:ff9d1e86ad5f | 103 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 104 | crle->signature = (byte*)XMALLOC(crle->signatureSz, heap, |
sPymbed | 17:ff9d1e86ad5f | 105 | DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 106 | if (crle->signature == NULL) { |
sPymbed | 17:ff9d1e86ad5f | 107 | XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 108 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 109 | } |
sPymbed | 17:ff9d1e86ad5f | 110 | XMEMCPY(crle->toBeSigned, buff + dcrl->certBegin, crle->tbsSz); |
sPymbed | 17:ff9d1e86ad5f | 111 | XMEMCPY(crle->signature, dcrl->signature, crle->signatureSz); |
sPymbed | 17:ff9d1e86ad5f | 112 | #if !defined(NO_SKID) && defined(CRL_SKID_READY) |
sPymbed | 17:ff9d1e86ad5f | 113 | crle->extAuthKeyIdSet = dcrl->extAuthKeyIdSet; |
sPymbed | 17:ff9d1e86ad5f | 114 | if (crle->extAuthKeyIdSet) |
sPymbed | 17:ff9d1e86ad5f | 115 | XMEMCPY(crle->extAuthKeyId, dcrl->extAuthKeyId, KEYID_SIZE); |
sPymbed | 17:ff9d1e86ad5f | 116 | #endif |
sPymbed | 17:ff9d1e86ad5f | 117 | } |
sPymbed | 17:ff9d1e86ad5f | 118 | else { |
sPymbed | 17:ff9d1e86ad5f | 119 | crle->toBeSigned = NULL; |
sPymbed | 17:ff9d1e86ad5f | 120 | crle->signature = NULL; |
sPymbed | 17:ff9d1e86ad5f | 121 | } |
sPymbed | 17:ff9d1e86ad5f | 122 | |
sPymbed | 17:ff9d1e86ad5f | 123 | (void)verified; |
sPymbed | 17:ff9d1e86ad5f | 124 | |
sPymbed | 17:ff9d1e86ad5f | 125 | return 0; |
sPymbed | 17:ff9d1e86ad5f | 126 | } |
sPymbed | 17:ff9d1e86ad5f | 127 | |
sPymbed | 17:ff9d1e86ad5f | 128 | |
sPymbed | 17:ff9d1e86ad5f | 129 | /* Free all CRL Entry resources */ |
sPymbed | 17:ff9d1e86ad5f | 130 | static void FreeCRL_Entry(CRL_Entry* crle, void* heap) |
sPymbed | 17:ff9d1e86ad5f | 131 | { |
sPymbed | 17:ff9d1e86ad5f | 132 | RevokedCert* tmp = crle->certs; |
sPymbed | 17:ff9d1e86ad5f | 133 | RevokedCert* next; |
sPymbed | 17:ff9d1e86ad5f | 134 | |
sPymbed | 17:ff9d1e86ad5f | 135 | WOLFSSL_ENTER("FreeCRL_Entry"); |
sPymbed | 17:ff9d1e86ad5f | 136 | |
sPymbed | 17:ff9d1e86ad5f | 137 | while (tmp) { |
sPymbed | 17:ff9d1e86ad5f | 138 | next = tmp->next; |
sPymbed | 17:ff9d1e86ad5f | 139 | XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED); |
sPymbed | 17:ff9d1e86ad5f | 140 | tmp = next; |
sPymbed | 17:ff9d1e86ad5f | 141 | } |
sPymbed | 17:ff9d1e86ad5f | 142 | if (crle->signature != NULL) |
sPymbed | 17:ff9d1e86ad5f | 143 | XFREE(crle->signature, heap, DYNAMIC_TYPE_REVOKED); |
sPymbed | 17:ff9d1e86ad5f | 144 | if (crle->toBeSigned != NULL) |
sPymbed | 17:ff9d1e86ad5f | 145 | XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_REVOKED); |
sPymbed | 17:ff9d1e86ad5f | 146 | |
sPymbed | 17:ff9d1e86ad5f | 147 | (void)heap; |
sPymbed | 17:ff9d1e86ad5f | 148 | } |
sPymbed | 17:ff9d1e86ad5f | 149 | |
sPymbed | 17:ff9d1e86ad5f | 150 | |
sPymbed | 17:ff9d1e86ad5f | 151 | |
sPymbed | 17:ff9d1e86ad5f | 152 | /* Free all CRL resources */ |
sPymbed | 17:ff9d1e86ad5f | 153 | void FreeCRL(WOLFSSL_CRL* crl, int dynamic) |
sPymbed | 17:ff9d1e86ad5f | 154 | { |
sPymbed | 17:ff9d1e86ad5f | 155 | CRL_Entry* tmp = crl->crlList; |
sPymbed | 17:ff9d1e86ad5f | 156 | |
sPymbed | 17:ff9d1e86ad5f | 157 | WOLFSSL_ENTER("FreeCRL"); |
sPymbed | 17:ff9d1e86ad5f | 158 | if (crl->monitors[0].path) |
sPymbed | 17:ff9d1e86ad5f | 159 | XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); |
sPymbed | 17:ff9d1e86ad5f | 160 | |
sPymbed | 17:ff9d1e86ad5f | 161 | if (crl->monitors[1].path) |
sPymbed | 17:ff9d1e86ad5f | 162 | XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); |
sPymbed | 17:ff9d1e86ad5f | 163 | |
sPymbed | 17:ff9d1e86ad5f | 164 | while(tmp) { |
sPymbed | 17:ff9d1e86ad5f | 165 | CRL_Entry* next = tmp->next; |
sPymbed | 17:ff9d1e86ad5f | 166 | FreeCRL_Entry(tmp, crl->heap); |
sPymbed | 17:ff9d1e86ad5f | 167 | XFREE(tmp, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 168 | tmp = next; |
sPymbed | 17:ff9d1e86ad5f | 169 | } |
sPymbed | 17:ff9d1e86ad5f | 170 | |
sPymbed | 17:ff9d1e86ad5f | 171 | #ifdef HAVE_CRL_MONITOR |
sPymbed | 17:ff9d1e86ad5f | 172 | if (crl->tid != 0) { |
sPymbed | 17:ff9d1e86ad5f | 173 | WOLFSSL_MSG("stopping monitor thread"); |
sPymbed | 17:ff9d1e86ad5f | 174 | if (StopMonitor(crl->mfd) == 0) |
sPymbed | 17:ff9d1e86ad5f | 175 | pthread_join(crl->tid, NULL); |
sPymbed | 17:ff9d1e86ad5f | 176 | else { |
sPymbed | 17:ff9d1e86ad5f | 177 | WOLFSSL_MSG("stop monitor failed"); |
sPymbed | 17:ff9d1e86ad5f | 178 | } |
sPymbed | 17:ff9d1e86ad5f | 179 | } |
sPymbed | 17:ff9d1e86ad5f | 180 | pthread_cond_destroy(&crl->cond); |
sPymbed | 17:ff9d1e86ad5f | 181 | #endif |
sPymbed | 17:ff9d1e86ad5f | 182 | wc_FreeMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 183 | if (dynamic) /* free self */ |
sPymbed | 17:ff9d1e86ad5f | 184 | XFREE(crl, crl->heap, DYNAMIC_TYPE_CRL); |
sPymbed | 17:ff9d1e86ad5f | 185 | } |
sPymbed | 17:ff9d1e86ad5f | 186 | |
sPymbed | 17:ff9d1e86ad5f | 187 | |
sPymbed | 17:ff9d1e86ad5f | 188 | static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry) |
sPymbed | 17:ff9d1e86ad5f | 189 | { |
sPymbed | 17:ff9d1e86ad5f | 190 | CRL_Entry* crle; |
sPymbed | 17:ff9d1e86ad5f | 191 | int foundEntry = 0; |
sPymbed | 17:ff9d1e86ad5f | 192 | int ret = 0; |
sPymbed | 17:ff9d1e86ad5f | 193 | |
sPymbed | 17:ff9d1e86ad5f | 194 | if (wc_LockMutex(&crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 195 | WOLFSSL_MSG("wc_LockMutex failed"); |
sPymbed | 17:ff9d1e86ad5f | 196 | return BAD_MUTEX_E; |
sPymbed | 17:ff9d1e86ad5f | 197 | } |
sPymbed | 17:ff9d1e86ad5f | 198 | |
sPymbed | 17:ff9d1e86ad5f | 199 | crle = crl->crlList; |
sPymbed | 17:ff9d1e86ad5f | 200 | |
sPymbed | 17:ff9d1e86ad5f | 201 | while (crle) { |
sPymbed | 17:ff9d1e86ad5f | 202 | if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) { |
sPymbed | 17:ff9d1e86ad5f | 203 | int doNextDate = 1; |
sPymbed | 17:ff9d1e86ad5f | 204 | |
sPymbed | 17:ff9d1e86ad5f | 205 | WOLFSSL_MSG("Found CRL Entry on list"); |
sPymbed | 17:ff9d1e86ad5f | 206 | |
sPymbed | 17:ff9d1e86ad5f | 207 | if (crle->verified == 0) { |
sPymbed | 17:ff9d1e86ad5f | 208 | Signer* ca; |
sPymbed | 17:ff9d1e86ad5f | 209 | #if !defined(NO_SKID) && defined(CRL_SKID_READY) |
sPymbed | 17:ff9d1e86ad5f | 210 | byte extAuthKeyId[KEYID_SIZE] |
sPymbed | 17:ff9d1e86ad5f | 211 | #endif |
sPymbed | 17:ff9d1e86ad5f | 212 | byte issuerHash[CRL_DIGEST_SIZE]; |
sPymbed | 17:ff9d1e86ad5f | 213 | byte* tbs = NULL; |
sPymbed | 17:ff9d1e86ad5f | 214 | word32 tbsSz = crle->tbsSz; |
sPymbed | 17:ff9d1e86ad5f | 215 | byte* sig = NULL; |
sPymbed | 17:ff9d1e86ad5f | 216 | word32 sigSz = crle->signatureSz; |
sPymbed | 17:ff9d1e86ad5f | 217 | word32 sigOID = crle->signatureOID; |
sPymbed | 17:ff9d1e86ad5f | 218 | SignatureCtx sigCtx; |
sPymbed | 17:ff9d1e86ad5f | 219 | |
sPymbed | 17:ff9d1e86ad5f | 220 | tbs = (byte*)XMALLOC(tbsSz, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 221 | if (tbs == NULL) { |
sPymbed | 17:ff9d1e86ad5f | 222 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 223 | return MEMORY_E; |
sPymbed | 17:ff9d1e86ad5f | 224 | } |
sPymbed | 17:ff9d1e86ad5f | 225 | sig = (byte*)XMALLOC(sigSz, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 226 | if (sig == NULL) { |
sPymbed | 17:ff9d1e86ad5f | 227 | XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 228 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 229 | return MEMORY_E; |
sPymbed | 17:ff9d1e86ad5f | 230 | } |
sPymbed | 17:ff9d1e86ad5f | 231 | |
sPymbed | 17:ff9d1e86ad5f | 232 | XMEMCPY(tbs, crle->toBeSigned, tbsSz); |
sPymbed | 17:ff9d1e86ad5f | 233 | XMEMCPY(sig, crle->signature, sigSz); |
sPymbed | 17:ff9d1e86ad5f | 234 | #if !defined(NO_SKID) && defined(CRL_SKID_READY) |
sPymbed | 17:ff9d1e86ad5f | 235 | XMEMCMPY(extAuthKeyId, crle->extAuthKeyId, |
sPymbed | 17:ff9d1e86ad5f | 236 | sizeof(extAuthKeyId)); |
sPymbed | 17:ff9d1e86ad5f | 237 | #endif |
sPymbed | 17:ff9d1e86ad5f | 238 | XMEMCPY(issuerHash, crle->issuerHash, sizeof(issuerHash)); |
sPymbed | 17:ff9d1e86ad5f | 239 | |
sPymbed | 17:ff9d1e86ad5f | 240 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 241 | |
sPymbed | 17:ff9d1e86ad5f | 242 | #if !defined(NO_SKID) && defined(CRL_SKID_READY) |
sPymbed | 17:ff9d1e86ad5f | 243 | if (crle->extAuthKeyIdSet) |
sPymbed | 17:ff9d1e86ad5f | 244 | ca = GetCA(crl->cm, extAuthKeyId); |
sPymbed | 17:ff9d1e86ad5f | 245 | if (ca == NULL) |
sPymbed | 17:ff9d1e86ad5f | 246 | ca = GetCAByName(crl->cm, issuerHash); |
sPymbed | 17:ff9d1e86ad5f | 247 | #else /* NO_SKID */ |
sPymbed | 17:ff9d1e86ad5f | 248 | ca = GetCA(crl->cm, issuerHash); |
sPymbed | 17:ff9d1e86ad5f | 249 | #endif /* NO_SKID */ |
sPymbed | 17:ff9d1e86ad5f | 250 | if (ca == NULL) { |
sPymbed | 17:ff9d1e86ad5f | 251 | XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 252 | XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 253 | WOLFSSL_MSG("Did NOT find CRL issuer CA"); |
sPymbed | 17:ff9d1e86ad5f | 254 | return ASN_CRL_NO_SIGNER_E; |
sPymbed | 17:ff9d1e86ad5f | 255 | } |
sPymbed | 17:ff9d1e86ad5f | 256 | |
sPymbed | 17:ff9d1e86ad5f | 257 | ret = VerifyCRL_Signature(&sigCtx, tbs, tbsSz, sig, sigSz, |
sPymbed | 17:ff9d1e86ad5f | 258 | sigOID, ca, crl->heap); |
sPymbed | 17:ff9d1e86ad5f | 259 | |
sPymbed | 17:ff9d1e86ad5f | 260 | XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 261 | XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 262 | |
sPymbed | 17:ff9d1e86ad5f | 263 | if (wc_LockMutex(&crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 264 | WOLFSSL_MSG("wc_LockMutex failed"); |
sPymbed | 17:ff9d1e86ad5f | 265 | return BAD_MUTEX_E; |
sPymbed | 17:ff9d1e86ad5f | 266 | } |
sPymbed | 17:ff9d1e86ad5f | 267 | |
sPymbed | 17:ff9d1e86ad5f | 268 | crle = crl->crlList; |
sPymbed | 17:ff9d1e86ad5f | 269 | while (crle) { |
sPymbed | 17:ff9d1e86ad5f | 270 | if (XMEMCMP(crle->issuerHash, cert->issuerHash, |
sPymbed | 17:ff9d1e86ad5f | 271 | CRL_DIGEST_SIZE) == 0) { |
sPymbed | 17:ff9d1e86ad5f | 272 | |
sPymbed | 17:ff9d1e86ad5f | 273 | if (ret == 0) |
sPymbed | 17:ff9d1e86ad5f | 274 | crle->verified = 1; |
sPymbed | 17:ff9d1e86ad5f | 275 | else |
sPymbed | 17:ff9d1e86ad5f | 276 | crle->verified = ret; |
sPymbed | 17:ff9d1e86ad5f | 277 | |
sPymbed | 17:ff9d1e86ad5f | 278 | XFREE(crle->toBeSigned, crl->heap, |
sPymbed | 17:ff9d1e86ad5f | 279 | DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 280 | crle->toBeSigned = NULL; |
sPymbed | 17:ff9d1e86ad5f | 281 | XFREE(crle->signature, crl->heap, |
sPymbed | 17:ff9d1e86ad5f | 282 | DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 283 | crle->signature = NULL; |
sPymbed | 17:ff9d1e86ad5f | 284 | break; |
sPymbed | 17:ff9d1e86ad5f | 285 | } |
sPymbed | 17:ff9d1e86ad5f | 286 | crle = crle->next; |
sPymbed | 17:ff9d1e86ad5f | 287 | } |
sPymbed | 17:ff9d1e86ad5f | 288 | if (crle == NULL || crle->verified < 0) |
sPymbed | 17:ff9d1e86ad5f | 289 | break; |
sPymbed | 17:ff9d1e86ad5f | 290 | } |
sPymbed | 17:ff9d1e86ad5f | 291 | else if (crle->verified < 0) { |
sPymbed | 17:ff9d1e86ad5f | 292 | WOLFSSL_MSG("Cannot use CRL as it didn't verify"); |
sPymbed | 17:ff9d1e86ad5f | 293 | ret = crle->verified; |
sPymbed | 17:ff9d1e86ad5f | 294 | break; |
sPymbed | 17:ff9d1e86ad5f | 295 | } |
sPymbed | 17:ff9d1e86ad5f | 296 | |
sPymbed | 17:ff9d1e86ad5f | 297 | WOLFSSL_MSG("Checking next date validity"); |
sPymbed | 17:ff9d1e86ad5f | 298 | |
sPymbed | 17:ff9d1e86ad5f | 299 | #ifdef WOLFSSL_NO_CRL_NEXT_DATE |
sPymbed | 17:ff9d1e86ad5f | 300 | if (crle->nextDateFormat == ASN_OTHER_TYPE) |
sPymbed | 17:ff9d1e86ad5f | 301 | doNextDate = 0; /* skip */ |
sPymbed | 17:ff9d1e86ad5f | 302 | #endif |
sPymbed | 17:ff9d1e86ad5f | 303 | |
sPymbed | 17:ff9d1e86ad5f | 304 | if (doNextDate) { |
sPymbed | 17:ff9d1e86ad5f | 305 | #ifndef NO_ASN_TIME |
sPymbed | 17:ff9d1e86ad5f | 306 | if (!ValidateDate(crle->nextDate,crle->nextDateFormat, AFTER)) { |
sPymbed | 17:ff9d1e86ad5f | 307 | WOLFSSL_MSG("CRL next date is no longer valid"); |
sPymbed | 17:ff9d1e86ad5f | 308 | ret = ASN_AFTER_DATE_E; |
sPymbed | 17:ff9d1e86ad5f | 309 | } |
sPymbed | 17:ff9d1e86ad5f | 310 | #endif |
sPymbed | 17:ff9d1e86ad5f | 311 | } |
sPymbed | 17:ff9d1e86ad5f | 312 | if (ret == 0) { |
sPymbed | 17:ff9d1e86ad5f | 313 | foundEntry = 1; |
sPymbed | 17:ff9d1e86ad5f | 314 | } |
sPymbed | 17:ff9d1e86ad5f | 315 | break; |
sPymbed | 17:ff9d1e86ad5f | 316 | } |
sPymbed | 17:ff9d1e86ad5f | 317 | crle = crle->next; |
sPymbed | 17:ff9d1e86ad5f | 318 | } |
sPymbed | 17:ff9d1e86ad5f | 319 | |
sPymbed | 17:ff9d1e86ad5f | 320 | if (foundEntry) { |
sPymbed | 17:ff9d1e86ad5f | 321 | RevokedCert* rc = crle->certs; |
sPymbed | 17:ff9d1e86ad5f | 322 | |
sPymbed | 17:ff9d1e86ad5f | 323 | while (rc) { |
sPymbed | 17:ff9d1e86ad5f | 324 | if (rc->serialSz == cert->serialSz && |
sPymbed | 17:ff9d1e86ad5f | 325 | XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { |
sPymbed | 17:ff9d1e86ad5f | 326 | WOLFSSL_MSG("Cert revoked"); |
sPymbed | 17:ff9d1e86ad5f | 327 | ret = CRL_CERT_REVOKED; |
sPymbed | 17:ff9d1e86ad5f | 328 | break; |
sPymbed | 17:ff9d1e86ad5f | 329 | } |
sPymbed | 17:ff9d1e86ad5f | 330 | rc = rc->next; |
sPymbed | 17:ff9d1e86ad5f | 331 | } |
sPymbed | 17:ff9d1e86ad5f | 332 | } |
sPymbed | 17:ff9d1e86ad5f | 333 | |
sPymbed | 17:ff9d1e86ad5f | 334 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 335 | |
sPymbed | 17:ff9d1e86ad5f | 336 | *pFoundEntry = foundEntry; |
sPymbed | 17:ff9d1e86ad5f | 337 | |
sPymbed | 17:ff9d1e86ad5f | 338 | return ret; |
sPymbed | 17:ff9d1e86ad5f | 339 | } |
sPymbed | 17:ff9d1e86ad5f | 340 | |
sPymbed | 17:ff9d1e86ad5f | 341 | /* Is the cert ok with CRL, return 0 on success */ |
sPymbed | 17:ff9d1e86ad5f | 342 | int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) |
sPymbed | 17:ff9d1e86ad5f | 343 | { |
sPymbed | 17:ff9d1e86ad5f | 344 | int foundEntry = 0; |
sPymbed | 17:ff9d1e86ad5f | 345 | int ret = 0; |
sPymbed | 17:ff9d1e86ad5f | 346 | |
sPymbed | 17:ff9d1e86ad5f | 347 | WOLFSSL_ENTER("CheckCertCRL"); |
sPymbed | 17:ff9d1e86ad5f | 348 | |
sPymbed | 17:ff9d1e86ad5f | 349 | ret = CheckCertCRLList(crl, cert, &foundEntry); |
sPymbed | 17:ff9d1e86ad5f | 350 | |
sPymbed | 17:ff9d1e86ad5f | 351 | #ifdef HAVE_CRL_IO |
sPymbed | 17:ff9d1e86ad5f | 352 | if (foundEntry == 0) { |
sPymbed | 17:ff9d1e86ad5f | 353 | /* perform embedded lookup */ |
sPymbed | 17:ff9d1e86ad5f | 354 | if (crl->crlIOCb) { |
sPymbed | 17:ff9d1e86ad5f | 355 | ret = crl->crlIOCb(crl, (const char*)cert->extCrlInfo, |
sPymbed | 17:ff9d1e86ad5f | 356 | cert->extCrlInfoSz); |
sPymbed | 17:ff9d1e86ad5f | 357 | if (ret == WOLFSSL_CBIO_ERR_WANT_READ) { |
sPymbed | 17:ff9d1e86ad5f | 358 | ret = WANT_READ; |
sPymbed | 17:ff9d1e86ad5f | 359 | } |
sPymbed | 17:ff9d1e86ad5f | 360 | else if (ret >= 0) { |
sPymbed | 17:ff9d1e86ad5f | 361 | /* try again */ |
sPymbed | 17:ff9d1e86ad5f | 362 | ret = CheckCertCRLList(crl, cert, &foundEntry); |
sPymbed | 17:ff9d1e86ad5f | 363 | } |
sPymbed | 17:ff9d1e86ad5f | 364 | } |
sPymbed | 17:ff9d1e86ad5f | 365 | } |
sPymbed | 17:ff9d1e86ad5f | 366 | #endif |
sPymbed | 17:ff9d1e86ad5f | 367 | |
sPymbed | 17:ff9d1e86ad5f | 368 | if (foundEntry == 0) { |
sPymbed | 17:ff9d1e86ad5f | 369 | WOLFSSL_MSG("Couldn't find CRL for status check"); |
sPymbed | 17:ff9d1e86ad5f | 370 | ret = CRL_MISSING; |
sPymbed | 17:ff9d1e86ad5f | 371 | |
sPymbed | 17:ff9d1e86ad5f | 372 | if (crl->cm->cbMissingCRL) { |
sPymbed | 17:ff9d1e86ad5f | 373 | char url[256]; |
sPymbed | 17:ff9d1e86ad5f | 374 | |
sPymbed | 17:ff9d1e86ad5f | 375 | WOLFSSL_MSG("Issuing missing CRL callback"); |
sPymbed | 17:ff9d1e86ad5f | 376 | url[0] = '\0'; |
sPymbed | 17:ff9d1e86ad5f | 377 | if (cert->extCrlInfo) { |
sPymbed | 17:ff9d1e86ad5f | 378 | if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) { |
sPymbed | 17:ff9d1e86ad5f | 379 | XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); |
sPymbed | 17:ff9d1e86ad5f | 380 | url[cert->extCrlInfoSz] = '\0'; |
sPymbed | 17:ff9d1e86ad5f | 381 | } |
sPymbed | 17:ff9d1e86ad5f | 382 | else { |
sPymbed | 17:ff9d1e86ad5f | 383 | WOLFSSL_MSG("CRL url too long"); |
sPymbed | 17:ff9d1e86ad5f | 384 | } |
sPymbed | 17:ff9d1e86ad5f | 385 | } |
sPymbed | 17:ff9d1e86ad5f | 386 | |
sPymbed | 17:ff9d1e86ad5f | 387 | crl->cm->cbMissingCRL(url); |
sPymbed | 17:ff9d1e86ad5f | 388 | } |
sPymbed | 17:ff9d1e86ad5f | 389 | } |
sPymbed | 17:ff9d1e86ad5f | 390 | |
sPymbed | 17:ff9d1e86ad5f | 391 | return ret; |
sPymbed | 17:ff9d1e86ad5f | 392 | } |
sPymbed | 17:ff9d1e86ad5f | 393 | |
sPymbed | 17:ff9d1e86ad5f | 394 | |
sPymbed | 17:ff9d1e86ad5f | 395 | /* Add Decoded CRL, 0 on success */ |
sPymbed | 17:ff9d1e86ad5f | 396 | static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, |
sPymbed | 17:ff9d1e86ad5f | 397 | int verified) |
sPymbed | 17:ff9d1e86ad5f | 398 | { |
sPymbed | 17:ff9d1e86ad5f | 399 | CRL_Entry* crle; |
sPymbed | 17:ff9d1e86ad5f | 400 | |
sPymbed | 17:ff9d1e86ad5f | 401 | WOLFSSL_ENTER("AddCRL"); |
sPymbed | 17:ff9d1e86ad5f | 402 | |
sPymbed | 17:ff9d1e86ad5f | 403 | crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 404 | if (crle == NULL) { |
sPymbed | 17:ff9d1e86ad5f | 405 | WOLFSSL_MSG("alloc CRL Entry failed"); |
sPymbed | 17:ff9d1e86ad5f | 406 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 407 | } |
sPymbed | 17:ff9d1e86ad5f | 408 | |
sPymbed | 17:ff9d1e86ad5f | 409 | if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) { |
sPymbed | 17:ff9d1e86ad5f | 410 | WOLFSSL_MSG("Init CRL Entry failed"); |
sPymbed | 17:ff9d1e86ad5f | 411 | XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 412 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 413 | } |
sPymbed | 17:ff9d1e86ad5f | 414 | |
sPymbed | 17:ff9d1e86ad5f | 415 | if (wc_LockMutex(&crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 416 | WOLFSSL_MSG("wc_LockMutex failed"); |
sPymbed | 17:ff9d1e86ad5f | 417 | FreeCRL_Entry(crle, crl->heap); |
sPymbed | 17:ff9d1e86ad5f | 418 | XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); |
sPymbed | 17:ff9d1e86ad5f | 419 | return BAD_MUTEX_E; |
sPymbed | 17:ff9d1e86ad5f | 420 | } |
sPymbed | 17:ff9d1e86ad5f | 421 | crle->next = crl->crlList; |
sPymbed | 17:ff9d1e86ad5f | 422 | crl->crlList = crle; |
sPymbed | 17:ff9d1e86ad5f | 423 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 424 | |
sPymbed | 17:ff9d1e86ad5f | 425 | return 0; |
sPymbed | 17:ff9d1e86ad5f | 426 | } |
sPymbed | 17:ff9d1e86ad5f | 427 | |
sPymbed | 17:ff9d1e86ad5f | 428 | |
sPymbed | 17:ff9d1e86ad5f | 429 | /* Load CRL File of type, WOLFSSL_SUCCESS on ok */ |
sPymbed | 17:ff9d1e86ad5f | 430 | int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, |
sPymbed | 17:ff9d1e86ad5f | 431 | int noVerify) |
sPymbed | 17:ff9d1e86ad5f | 432 | { |
sPymbed | 17:ff9d1e86ad5f | 433 | int ret = WOLFSSL_SUCCESS; |
sPymbed | 17:ff9d1e86ad5f | 434 | const byte* myBuffer = buff; /* if DER ok, otherwise switch */ |
sPymbed | 17:ff9d1e86ad5f | 435 | DerBuffer* der = NULL; |
sPymbed | 17:ff9d1e86ad5f | 436 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 437 | DecodedCRL* dcrl; |
sPymbed | 17:ff9d1e86ad5f | 438 | #else |
sPymbed | 17:ff9d1e86ad5f | 439 | DecodedCRL dcrl[1]; |
sPymbed | 17:ff9d1e86ad5f | 440 | #endif |
sPymbed | 17:ff9d1e86ad5f | 441 | |
sPymbed | 17:ff9d1e86ad5f | 442 | WOLFSSL_ENTER("BufferLoadCRL"); |
sPymbed | 17:ff9d1e86ad5f | 443 | |
sPymbed | 17:ff9d1e86ad5f | 444 | if (crl == NULL || buff == NULL || sz == 0) |
sPymbed | 17:ff9d1e86ad5f | 445 | return BAD_FUNC_ARG; |
sPymbed | 17:ff9d1e86ad5f | 446 | |
sPymbed | 17:ff9d1e86ad5f | 447 | if (type == WOLFSSL_FILETYPE_PEM) { |
sPymbed | 17:ff9d1e86ad5f | 448 | #ifdef WOLFSSL_PEM_TO_DER |
sPymbed | 17:ff9d1e86ad5f | 449 | ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL); |
sPymbed | 17:ff9d1e86ad5f | 450 | if (ret == 0) { |
sPymbed | 17:ff9d1e86ad5f | 451 | myBuffer = der->buffer; |
sPymbed | 17:ff9d1e86ad5f | 452 | sz = der->length; |
sPymbed | 17:ff9d1e86ad5f | 453 | } |
sPymbed | 17:ff9d1e86ad5f | 454 | else { |
sPymbed | 17:ff9d1e86ad5f | 455 | WOLFSSL_MSG("Pem to Der failed"); |
sPymbed | 17:ff9d1e86ad5f | 456 | FreeDer(&der); |
sPymbed | 17:ff9d1e86ad5f | 457 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 458 | } |
sPymbed | 17:ff9d1e86ad5f | 459 | #else |
sPymbed | 17:ff9d1e86ad5f | 460 | ret = NOT_COMPILED_IN; |
sPymbed | 17:ff9d1e86ad5f | 461 | #endif |
sPymbed | 17:ff9d1e86ad5f | 462 | } |
sPymbed | 17:ff9d1e86ad5f | 463 | |
sPymbed | 17:ff9d1e86ad5f | 464 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 465 | dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 466 | if (dcrl == NULL) { |
sPymbed | 17:ff9d1e86ad5f | 467 | FreeDer(&der); |
sPymbed | 17:ff9d1e86ad5f | 468 | return MEMORY_E; |
sPymbed | 17:ff9d1e86ad5f | 469 | } |
sPymbed | 17:ff9d1e86ad5f | 470 | #endif |
sPymbed | 17:ff9d1e86ad5f | 471 | |
sPymbed | 17:ff9d1e86ad5f | 472 | InitDecodedCRL(dcrl, crl->heap); |
sPymbed | 17:ff9d1e86ad5f | 473 | ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm); |
sPymbed | 17:ff9d1e86ad5f | 474 | if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && noVerify)) { |
sPymbed | 17:ff9d1e86ad5f | 475 | WOLFSSL_MSG("ParseCRL error"); |
sPymbed | 17:ff9d1e86ad5f | 476 | } |
sPymbed | 17:ff9d1e86ad5f | 477 | else { |
sPymbed | 17:ff9d1e86ad5f | 478 | ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E); |
sPymbed | 17:ff9d1e86ad5f | 479 | if (ret != 0) { |
sPymbed | 17:ff9d1e86ad5f | 480 | WOLFSSL_MSG("AddCRL error"); |
sPymbed | 17:ff9d1e86ad5f | 481 | } |
sPymbed | 17:ff9d1e86ad5f | 482 | } |
sPymbed | 17:ff9d1e86ad5f | 483 | |
sPymbed | 17:ff9d1e86ad5f | 484 | FreeDecodedCRL(dcrl); |
sPymbed | 17:ff9d1e86ad5f | 485 | |
sPymbed | 17:ff9d1e86ad5f | 486 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 487 | XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 488 | #endif |
sPymbed | 17:ff9d1e86ad5f | 489 | |
sPymbed | 17:ff9d1e86ad5f | 490 | FreeDer(&der); |
sPymbed | 17:ff9d1e86ad5f | 491 | |
sPymbed | 17:ff9d1e86ad5f | 492 | return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ |
sPymbed | 17:ff9d1e86ad5f | 493 | } |
sPymbed | 17:ff9d1e86ad5f | 494 | |
sPymbed | 17:ff9d1e86ad5f | 495 | #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) |
sPymbed | 17:ff9d1e86ad5f | 496 | int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) |
sPymbed | 17:ff9d1e86ad5f | 497 | { |
sPymbed | 17:ff9d1e86ad5f | 498 | CRL_Entry *crle; |
sPymbed | 17:ff9d1e86ad5f | 499 | WOLFSSL_CRL *crl; |
sPymbed | 17:ff9d1e86ad5f | 500 | |
sPymbed | 17:ff9d1e86ad5f | 501 | WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl"); |
sPymbed | 17:ff9d1e86ad5f | 502 | if (store == NULL || newcrl == NULL) |
sPymbed | 17:ff9d1e86ad5f | 503 | return BAD_FUNC_ARG; |
sPymbed | 17:ff9d1e86ad5f | 504 | |
sPymbed | 17:ff9d1e86ad5f | 505 | crl = store->crl; |
sPymbed | 17:ff9d1e86ad5f | 506 | crle = newcrl->crlList; |
sPymbed | 17:ff9d1e86ad5f | 507 | |
sPymbed | 17:ff9d1e86ad5f | 508 | if (wc_LockMutex(&crl->crlLock) != 0) |
sPymbed | 17:ff9d1e86ad5f | 509 | { |
sPymbed | 17:ff9d1e86ad5f | 510 | WOLFSSL_MSG("wc_LockMutex failed"); |
sPymbed | 17:ff9d1e86ad5f | 511 | return BAD_MUTEX_E; |
sPymbed | 17:ff9d1e86ad5f | 512 | } |
sPymbed | 17:ff9d1e86ad5f | 513 | crle->next = crl->crlList; |
sPymbed | 17:ff9d1e86ad5f | 514 | crl->crlList = crle; |
sPymbed | 17:ff9d1e86ad5f | 515 | newcrl->crlList = NULL; |
sPymbed | 17:ff9d1e86ad5f | 516 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 517 | |
sPymbed | 17:ff9d1e86ad5f | 518 | WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS); |
sPymbed | 17:ff9d1e86ad5f | 519 | |
sPymbed | 17:ff9d1e86ad5f | 520 | return WOLFSSL_SUCCESS; |
sPymbed | 17:ff9d1e86ad5f | 521 | } |
sPymbed | 17:ff9d1e86ad5f | 522 | #endif |
sPymbed | 17:ff9d1e86ad5f | 523 | |
sPymbed | 17:ff9d1e86ad5f | 524 | #ifdef HAVE_CRL_MONITOR |
sPymbed | 17:ff9d1e86ad5f | 525 | |
sPymbed | 17:ff9d1e86ad5f | 526 | |
sPymbed | 17:ff9d1e86ad5f | 527 | /* Signal Monitor thread is setup, save status to setup flag, 0 on success */ |
sPymbed | 17:ff9d1e86ad5f | 528 | static int SignalSetup(WOLFSSL_CRL* crl, int status) |
sPymbed | 17:ff9d1e86ad5f | 529 | { |
sPymbed | 17:ff9d1e86ad5f | 530 | int ret; |
sPymbed | 17:ff9d1e86ad5f | 531 | |
sPymbed | 17:ff9d1e86ad5f | 532 | /* signal to calling thread we're setup */ |
sPymbed | 17:ff9d1e86ad5f | 533 | if (wc_LockMutex(&crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 534 | WOLFSSL_MSG("wc_LockMutex crlLock failed"); |
sPymbed | 17:ff9d1e86ad5f | 535 | return BAD_MUTEX_E; |
sPymbed | 17:ff9d1e86ad5f | 536 | } |
sPymbed | 17:ff9d1e86ad5f | 537 | |
sPymbed | 17:ff9d1e86ad5f | 538 | crl->setup = status; |
sPymbed | 17:ff9d1e86ad5f | 539 | ret = pthread_cond_signal(&crl->cond); |
sPymbed | 17:ff9d1e86ad5f | 540 | |
sPymbed | 17:ff9d1e86ad5f | 541 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 542 | |
sPymbed | 17:ff9d1e86ad5f | 543 | if (ret != 0) |
sPymbed | 17:ff9d1e86ad5f | 544 | return BAD_COND_E; |
sPymbed | 17:ff9d1e86ad5f | 545 | |
sPymbed | 17:ff9d1e86ad5f | 546 | return 0; |
sPymbed | 17:ff9d1e86ad5f | 547 | } |
sPymbed | 17:ff9d1e86ad5f | 548 | |
wolfSSL | 15:117db924cf7c | 549 | |
sPymbed | 17:ff9d1e86ad5f | 550 | /* read in new CRL entries and save new list */ |
sPymbed | 17:ff9d1e86ad5f | 551 | static int SwapLists(WOLFSSL_CRL* crl) |
sPymbed | 17:ff9d1e86ad5f | 552 | { |
sPymbed | 17:ff9d1e86ad5f | 553 | int ret; |
sPymbed | 17:ff9d1e86ad5f | 554 | CRL_Entry* newList; |
sPymbed | 17:ff9d1e86ad5f | 555 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 556 | WOLFSSL_CRL* tmp; |
sPymbed | 17:ff9d1e86ad5f | 557 | #else |
sPymbed | 17:ff9d1e86ad5f | 558 | WOLFSSL_CRL tmp[1]; |
sPymbed | 17:ff9d1e86ad5f | 559 | #endif |
sPymbed | 17:ff9d1e86ad5f | 560 | |
sPymbed | 17:ff9d1e86ad5f | 561 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 562 | tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 563 | if (tmp == NULL) |
sPymbed | 17:ff9d1e86ad5f | 564 | return MEMORY_E; |
sPymbed | 17:ff9d1e86ad5f | 565 | #endif |
sPymbed | 17:ff9d1e86ad5f | 566 | |
sPymbed | 17:ff9d1e86ad5f | 567 | if (InitCRL(tmp, crl->cm) < 0) { |
sPymbed | 17:ff9d1e86ad5f | 568 | WOLFSSL_MSG("Init tmp CRL failed"); |
sPymbed | 17:ff9d1e86ad5f | 569 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 570 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 571 | #endif |
sPymbed | 17:ff9d1e86ad5f | 572 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 573 | } |
sPymbed | 17:ff9d1e86ad5f | 574 | |
sPymbed | 17:ff9d1e86ad5f | 575 | if (crl->monitors[0].path) { |
sPymbed | 17:ff9d1e86ad5f | 576 | ret = LoadCRL(tmp, crl->monitors[0].path, WOLFSSL_FILETYPE_PEM, 0); |
sPymbed | 17:ff9d1e86ad5f | 577 | if (ret != WOLFSSL_SUCCESS) { |
sPymbed | 17:ff9d1e86ad5f | 578 | WOLFSSL_MSG("PEM LoadCRL on dir change failed"); |
sPymbed | 17:ff9d1e86ad5f | 579 | FreeCRL(tmp, 0); |
sPymbed | 17:ff9d1e86ad5f | 580 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 581 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 582 | #endif |
sPymbed | 17:ff9d1e86ad5f | 583 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 584 | } |
sPymbed | 17:ff9d1e86ad5f | 585 | } |
sPymbed | 17:ff9d1e86ad5f | 586 | |
sPymbed | 17:ff9d1e86ad5f | 587 | if (crl->monitors[1].path) { |
sPymbed | 17:ff9d1e86ad5f | 588 | ret = LoadCRL(tmp, crl->monitors[1].path, WOLFSSL_FILETYPE_ASN1, 0); |
sPymbed | 17:ff9d1e86ad5f | 589 | if (ret != WOLFSSL_SUCCESS) { |
sPymbed | 17:ff9d1e86ad5f | 590 | WOLFSSL_MSG("DER LoadCRL on dir change failed"); |
sPymbed | 17:ff9d1e86ad5f | 591 | FreeCRL(tmp, 0); |
sPymbed | 17:ff9d1e86ad5f | 592 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 593 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 594 | #endif |
sPymbed | 17:ff9d1e86ad5f | 595 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 596 | } |
sPymbed | 17:ff9d1e86ad5f | 597 | } |
sPymbed | 17:ff9d1e86ad5f | 598 | |
sPymbed | 17:ff9d1e86ad5f | 599 | if (wc_LockMutex(&crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 600 | WOLFSSL_MSG("wc_LockMutex failed"); |
sPymbed | 17:ff9d1e86ad5f | 601 | FreeCRL(tmp, 0); |
sPymbed | 17:ff9d1e86ad5f | 602 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 603 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 604 | #endif |
sPymbed | 17:ff9d1e86ad5f | 605 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 606 | } |
sPymbed | 17:ff9d1e86ad5f | 607 | |
sPymbed | 17:ff9d1e86ad5f | 608 | newList = tmp->crlList; |
sPymbed | 17:ff9d1e86ad5f | 609 | |
sPymbed | 17:ff9d1e86ad5f | 610 | /* swap lists */ |
sPymbed | 17:ff9d1e86ad5f | 611 | tmp->crlList = crl->crlList; |
sPymbed | 17:ff9d1e86ad5f | 612 | crl->crlList = newList; |
sPymbed | 17:ff9d1e86ad5f | 613 | |
sPymbed | 17:ff9d1e86ad5f | 614 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 615 | |
sPymbed | 17:ff9d1e86ad5f | 616 | FreeCRL(tmp, 0); |
sPymbed | 17:ff9d1e86ad5f | 617 | |
sPymbed | 17:ff9d1e86ad5f | 618 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 619 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 620 | #endif |
sPymbed | 17:ff9d1e86ad5f | 621 | |
sPymbed | 17:ff9d1e86ad5f | 622 | return 0; |
sPymbed | 17:ff9d1e86ad5f | 623 | } |
sPymbed | 17:ff9d1e86ad5f | 624 | |
sPymbed | 17:ff9d1e86ad5f | 625 | |
sPymbed | 17:ff9d1e86ad5f | 626 | #if (defined(__MACH__) || defined(__FreeBSD__)) |
sPymbed | 17:ff9d1e86ad5f | 627 | |
sPymbed | 17:ff9d1e86ad5f | 628 | #include <sys/types.h> |
sPymbed | 17:ff9d1e86ad5f | 629 | #include <sys/event.h> |
sPymbed | 17:ff9d1e86ad5f | 630 | #include <sys/time.h> |
sPymbed | 17:ff9d1e86ad5f | 631 | #include <fcntl.h> |
sPymbed | 17:ff9d1e86ad5f | 632 | #include <unistd.h> |
sPymbed | 17:ff9d1e86ad5f | 633 | |
sPymbed | 17:ff9d1e86ad5f | 634 | #ifdef __MACH__ |
sPymbed | 17:ff9d1e86ad5f | 635 | #define XEVENT_MODE O_EVTONLY |
sPymbed | 17:ff9d1e86ad5f | 636 | #elif defined(__FreeBSD__) |
sPymbed | 17:ff9d1e86ad5f | 637 | #define XEVENT_MODE EVFILT_VNODE |
sPymbed | 17:ff9d1e86ad5f | 638 | #endif |
sPymbed | 17:ff9d1e86ad5f | 639 | |
sPymbed | 17:ff9d1e86ad5f | 640 | |
sPymbed | 17:ff9d1e86ad5f | 641 | /* we need a unique kqueue user filter fd for crl in case user is doing custom |
sPymbed | 17:ff9d1e86ad5f | 642 | * events too */ |
sPymbed | 17:ff9d1e86ad5f | 643 | #ifndef CRL_CUSTOM_FD |
sPymbed | 17:ff9d1e86ad5f | 644 | #define CRL_CUSTOM_FD 123456 |
sPymbed | 17:ff9d1e86ad5f | 645 | #endif |
sPymbed | 17:ff9d1e86ad5f | 646 | |
sPymbed | 17:ff9d1e86ad5f | 647 | |
sPymbed | 17:ff9d1e86ad5f | 648 | /* shutdown monitor thread, 0 on success */ |
sPymbed | 17:ff9d1e86ad5f | 649 | static int StopMonitor(int mfd) |
sPymbed | 17:ff9d1e86ad5f | 650 | { |
sPymbed | 17:ff9d1e86ad5f | 651 | struct kevent change; |
sPymbed | 17:ff9d1e86ad5f | 652 | |
sPymbed | 17:ff9d1e86ad5f | 653 | /* trigger custom shutdown */ |
sPymbed | 17:ff9d1e86ad5f | 654 | EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL); |
sPymbed | 17:ff9d1e86ad5f | 655 | if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) { |
sPymbed | 17:ff9d1e86ad5f | 656 | WOLFSSL_MSG("kevent trigger customer event failed"); |
sPymbed | 17:ff9d1e86ad5f | 657 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 658 | } |
sPymbed | 17:ff9d1e86ad5f | 659 | |
sPymbed | 17:ff9d1e86ad5f | 660 | return 0; |
sPymbed | 17:ff9d1e86ad5f | 661 | } |
sPymbed | 17:ff9d1e86ad5f | 662 | |
sPymbed | 17:ff9d1e86ad5f | 663 | |
sPymbed | 17:ff9d1e86ad5f | 664 | /* OS X monitoring */ |
sPymbed | 17:ff9d1e86ad5f | 665 | static void* DoMonitor(void* arg) |
sPymbed | 17:ff9d1e86ad5f | 666 | { |
sPymbed | 17:ff9d1e86ad5f | 667 | int fPEM, fDER; |
sPymbed | 17:ff9d1e86ad5f | 668 | struct kevent change; |
sPymbed | 17:ff9d1e86ad5f | 669 | |
sPymbed | 17:ff9d1e86ad5f | 670 | WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg; |
sPymbed | 17:ff9d1e86ad5f | 671 | |
sPymbed | 17:ff9d1e86ad5f | 672 | WOLFSSL_ENTER("DoMonitor"); |
sPymbed | 17:ff9d1e86ad5f | 673 | |
sPymbed | 17:ff9d1e86ad5f | 674 | crl->mfd = kqueue(); |
sPymbed | 17:ff9d1e86ad5f | 675 | if (crl->mfd == -1) { |
sPymbed | 17:ff9d1e86ad5f | 676 | WOLFSSL_MSG("kqueue failed"); |
sPymbed | 17:ff9d1e86ad5f | 677 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 678 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 679 | } |
sPymbed | 17:ff9d1e86ad5f | 680 | |
sPymbed | 17:ff9d1e86ad5f | 681 | /* listen for custom shutdown event */ |
sPymbed | 17:ff9d1e86ad5f | 682 | EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL); |
sPymbed | 17:ff9d1e86ad5f | 683 | if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) { |
sPymbed | 17:ff9d1e86ad5f | 684 | WOLFSSL_MSG("kevent monitor customer event failed"); |
sPymbed | 17:ff9d1e86ad5f | 685 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 686 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 687 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 688 | } |
sPymbed | 17:ff9d1e86ad5f | 689 | |
sPymbed | 17:ff9d1e86ad5f | 690 | fPEM = -1; |
sPymbed | 17:ff9d1e86ad5f | 691 | fDER = -1; |
sPymbed | 17:ff9d1e86ad5f | 692 | |
sPymbed | 17:ff9d1e86ad5f | 693 | if (crl->monitors[0].path) { |
sPymbed | 17:ff9d1e86ad5f | 694 | fPEM = open(crl->monitors[0].path, XEVENT_MODE); |
sPymbed | 17:ff9d1e86ad5f | 695 | if (fPEM == -1) { |
sPymbed | 17:ff9d1e86ad5f | 696 | WOLFSSL_MSG("PEM event dir open failed"); |
sPymbed | 17:ff9d1e86ad5f | 697 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 698 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 699 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 700 | } |
sPymbed | 17:ff9d1e86ad5f | 701 | } |
sPymbed | 17:ff9d1e86ad5f | 702 | |
sPymbed | 17:ff9d1e86ad5f | 703 | if (crl->monitors[1].path) { |
sPymbed | 17:ff9d1e86ad5f | 704 | fDER = open(crl->monitors[1].path, XEVENT_MODE); |
sPymbed | 17:ff9d1e86ad5f | 705 | if (fDER == -1) { |
sPymbed | 17:ff9d1e86ad5f | 706 | WOLFSSL_MSG("DER event dir open failed"); |
sPymbed | 17:ff9d1e86ad5f | 707 | if (fPEM != -1) |
sPymbed | 17:ff9d1e86ad5f | 708 | close(fPEM); |
sPymbed | 17:ff9d1e86ad5f | 709 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 710 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 711 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 712 | } |
sPymbed | 17:ff9d1e86ad5f | 713 | } |
sPymbed | 17:ff9d1e86ad5f | 714 | |
sPymbed | 17:ff9d1e86ad5f | 715 | if (fPEM != -1) |
sPymbed | 17:ff9d1e86ad5f | 716 | EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT, |
sPymbed | 17:ff9d1e86ad5f | 717 | NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0); |
sPymbed | 17:ff9d1e86ad5f | 718 | |
sPymbed | 17:ff9d1e86ad5f | 719 | if (fDER != -1) |
sPymbed | 17:ff9d1e86ad5f | 720 | EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT, |
sPymbed | 17:ff9d1e86ad5f | 721 | NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0); |
sPymbed | 17:ff9d1e86ad5f | 722 | |
sPymbed | 17:ff9d1e86ad5f | 723 | /* signal to calling thread we're setup */ |
sPymbed | 17:ff9d1e86ad5f | 724 | if (SignalSetup(crl, 1) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 725 | if (fPEM != -1) |
sPymbed | 17:ff9d1e86ad5f | 726 | close(fPEM); |
sPymbed | 17:ff9d1e86ad5f | 727 | if (fDER != -1) |
sPymbed | 17:ff9d1e86ad5f | 728 | close(fDER); |
sPymbed | 17:ff9d1e86ad5f | 729 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 730 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 731 | } |
sPymbed | 17:ff9d1e86ad5f | 732 | |
sPymbed | 17:ff9d1e86ad5f | 733 | for (;;) { |
sPymbed | 17:ff9d1e86ad5f | 734 | struct kevent event; |
sPymbed | 17:ff9d1e86ad5f | 735 | int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL); |
sPymbed | 17:ff9d1e86ad5f | 736 | |
sPymbed | 17:ff9d1e86ad5f | 737 | WOLFSSL_MSG("Got kevent"); |
sPymbed | 17:ff9d1e86ad5f | 738 | |
sPymbed | 17:ff9d1e86ad5f | 739 | if (numEvents == -1) { |
sPymbed | 17:ff9d1e86ad5f | 740 | WOLFSSL_MSG("kevent problem, continue"); |
sPymbed | 17:ff9d1e86ad5f | 741 | continue; |
sPymbed | 17:ff9d1e86ad5f | 742 | } |
sPymbed | 17:ff9d1e86ad5f | 743 | |
sPymbed | 17:ff9d1e86ad5f | 744 | if (event.filter == EVFILT_USER) { |
sPymbed | 17:ff9d1e86ad5f | 745 | WOLFSSL_MSG("Got user shutdown event, breaking out"); |
sPymbed | 17:ff9d1e86ad5f | 746 | break; |
sPymbed | 17:ff9d1e86ad5f | 747 | } |
sPymbed | 17:ff9d1e86ad5f | 748 | |
sPymbed | 17:ff9d1e86ad5f | 749 | if (SwapLists(crl) < 0) { |
sPymbed | 17:ff9d1e86ad5f | 750 | WOLFSSL_MSG("SwapLists problem, continue"); |
sPymbed | 17:ff9d1e86ad5f | 751 | } |
sPymbed | 17:ff9d1e86ad5f | 752 | } |
sPymbed | 17:ff9d1e86ad5f | 753 | |
sPymbed | 17:ff9d1e86ad5f | 754 | if (fPEM != -1) |
sPymbed | 17:ff9d1e86ad5f | 755 | close(fPEM); |
sPymbed | 17:ff9d1e86ad5f | 756 | if (fDER != -1) |
sPymbed | 17:ff9d1e86ad5f | 757 | close(fDER); |
sPymbed | 17:ff9d1e86ad5f | 758 | |
sPymbed | 17:ff9d1e86ad5f | 759 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 760 | |
sPymbed | 17:ff9d1e86ad5f | 761 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 762 | } |
sPymbed | 17:ff9d1e86ad5f | 763 | |
sPymbed | 17:ff9d1e86ad5f | 764 | |
sPymbed | 17:ff9d1e86ad5f | 765 | #elif defined(__linux__) |
sPymbed | 17:ff9d1e86ad5f | 766 | |
sPymbed | 17:ff9d1e86ad5f | 767 | #include <sys/types.h> |
sPymbed | 17:ff9d1e86ad5f | 768 | #include <sys/inotify.h> |
sPymbed | 17:ff9d1e86ad5f | 769 | #include <sys/eventfd.h> |
sPymbed | 17:ff9d1e86ad5f | 770 | #include <unistd.h> |
sPymbed | 17:ff9d1e86ad5f | 771 | |
sPymbed | 17:ff9d1e86ad5f | 772 | |
sPymbed | 17:ff9d1e86ad5f | 773 | #ifndef max |
sPymbed | 17:ff9d1e86ad5f | 774 | static WC_INLINE int max(int a, int b) |
sPymbed | 17:ff9d1e86ad5f | 775 | { |
sPymbed | 17:ff9d1e86ad5f | 776 | return a > b ? a : b; |
sPymbed | 17:ff9d1e86ad5f | 777 | } |
sPymbed | 17:ff9d1e86ad5f | 778 | #endif /* max */ |
sPymbed | 17:ff9d1e86ad5f | 779 | |
sPymbed | 17:ff9d1e86ad5f | 780 | |
sPymbed | 17:ff9d1e86ad5f | 781 | /* shutdown monitor thread, 0 on success */ |
sPymbed | 17:ff9d1e86ad5f | 782 | static int StopMonitor(int mfd) |
sPymbed | 17:ff9d1e86ad5f | 783 | { |
sPymbed | 17:ff9d1e86ad5f | 784 | word64 w64 = 1; |
sPymbed | 17:ff9d1e86ad5f | 785 | |
sPymbed | 17:ff9d1e86ad5f | 786 | /* write to our custom event */ |
sPymbed | 17:ff9d1e86ad5f | 787 | if (write(mfd, &w64, sizeof(w64)) < 0) { |
sPymbed | 17:ff9d1e86ad5f | 788 | WOLFSSL_MSG("StopMonitor write failed"); |
sPymbed | 17:ff9d1e86ad5f | 789 | return -1; |
sPymbed | 17:ff9d1e86ad5f | 790 | } |
sPymbed | 17:ff9d1e86ad5f | 791 | |
sPymbed | 17:ff9d1e86ad5f | 792 | return 0; |
sPymbed | 17:ff9d1e86ad5f | 793 | } |
sPymbed | 17:ff9d1e86ad5f | 794 | |
sPymbed | 17:ff9d1e86ad5f | 795 | |
sPymbed | 17:ff9d1e86ad5f | 796 | /* linux monitoring */ |
sPymbed | 17:ff9d1e86ad5f | 797 | static void* DoMonitor(void* arg) |
sPymbed | 17:ff9d1e86ad5f | 798 | { |
sPymbed | 17:ff9d1e86ad5f | 799 | int notifyFd; |
sPymbed | 17:ff9d1e86ad5f | 800 | int wd = -1; |
sPymbed | 17:ff9d1e86ad5f | 801 | WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg; |
sPymbed | 17:ff9d1e86ad5f | 802 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 803 | char* buff; |
sPymbed | 17:ff9d1e86ad5f | 804 | #else |
sPymbed | 17:ff9d1e86ad5f | 805 | char buff[8192]; |
sPymbed | 17:ff9d1e86ad5f | 806 | #endif |
sPymbed | 17:ff9d1e86ad5f | 807 | |
sPymbed | 17:ff9d1e86ad5f | 808 | WOLFSSL_ENTER("DoMonitor"); |
sPymbed | 17:ff9d1e86ad5f | 809 | |
sPymbed | 17:ff9d1e86ad5f | 810 | crl->mfd = eventfd(0, 0); /* our custom shutdown event */ |
sPymbed | 17:ff9d1e86ad5f | 811 | if (crl->mfd < 0) { |
sPymbed | 17:ff9d1e86ad5f | 812 | WOLFSSL_MSG("eventfd failed"); |
sPymbed | 17:ff9d1e86ad5f | 813 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 814 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 815 | } |
sPymbed | 17:ff9d1e86ad5f | 816 | |
sPymbed | 17:ff9d1e86ad5f | 817 | notifyFd = inotify_init(); |
sPymbed | 17:ff9d1e86ad5f | 818 | if (notifyFd < 0) { |
sPymbed | 17:ff9d1e86ad5f | 819 | WOLFSSL_MSG("inotify failed"); |
sPymbed | 17:ff9d1e86ad5f | 820 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 821 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 822 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 823 | } |
sPymbed | 17:ff9d1e86ad5f | 824 | |
sPymbed | 17:ff9d1e86ad5f | 825 | if (crl->monitors[0].path) { |
sPymbed | 17:ff9d1e86ad5f | 826 | wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE | |
sPymbed | 17:ff9d1e86ad5f | 827 | IN_DELETE); |
sPymbed | 17:ff9d1e86ad5f | 828 | if (wd < 0) { |
sPymbed | 17:ff9d1e86ad5f | 829 | WOLFSSL_MSG("PEM notify add watch failed"); |
sPymbed | 17:ff9d1e86ad5f | 830 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 831 | close(notifyFd); |
sPymbed | 17:ff9d1e86ad5f | 832 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 833 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 834 | } |
sPymbed | 17:ff9d1e86ad5f | 835 | } |
sPymbed | 17:ff9d1e86ad5f | 836 | |
sPymbed | 17:ff9d1e86ad5f | 837 | if (crl->monitors[1].path) { |
sPymbed | 17:ff9d1e86ad5f | 838 | wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE | |
sPymbed | 17:ff9d1e86ad5f | 839 | IN_DELETE); |
sPymbed | 17:ff9d1e86ad5f | 840 | if (wd < 0) { |
sPymbed | 17:ff9d1e86ad5f | 841 | WOLFSSL_MSG("DER notify add watch failed"); |
sPymbed | 17:ff9d1e86ad5f | 842 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 843 | close(notifyFd); |
sPymbed | 17:ff9d1e86ad5f | 844 | SignalSetup(crl, MONITOR_SETUP_E); |
sPymbed | 17:ff9d1e86ad5f | 845 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 846 | } |
sPymbed | 17:ff9d1e86ad5f | 847 | } |
sPymbed | 17:ff9d1e86ad5f | 848 | |
sPymbed | 17:ff9d1e86ad5f | 849 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 850 | buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 851 | if (buff == NULL) |
sPymbed | 17:ff9d1e86ad5f | 852 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 853 | #endif |
sPymbed | 17:ff9d1e86ad5f | 854 | |
sPymbed | 17:ff9d1e86ad5f | 855 | /* signal to calling thread we're setup */ |
sPymbed | 17:ff9d1e86ad5f | 856 | if (SignalSetup(crl, 1) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 857 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 858 | XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 859 | #endif |
sPymbed | 17:ff9d1e86ad5f | 860 | |
sPymbed | 17:ff9d1e86ad5f | 861 | if (wd > 0) |
sPymbed | 17:ff9d1e86ad5f | 862 | inotify_rm_watch(notifyFd, wd); |
sPymbed | 17:ff9d1e86ad5f | 863 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 864 | close(notifyFd); |
sPymbed | 17:ff9d1e86ad5f | 865 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 866 | } |
sPymbed | 17:ff9d1e86ad5f | 867 | |
sPymbed | 17:ff9d1e86ad5f | 868 | for (;;) { |
sPymbed | 17:ff9d1e86ad5f | 869 | fd_set readfds; |
sPymbed | 17:ff9d1e86ad5f | 870 | int result; |
sPymbed | 17:ff9d1e86ad5f | 871 | int length; |
sPymbed | 17:ff9d1e86ad5f | 872 | |
sPymbed | 17:ff9d1e86ad5f | 873 | FD_ZERO(&readfds); |
sPymbed | 17:ff9d1e86ad5f | 874 | FD_SET(notifyFd, &readfds); |
sPymbed | 17:ff9d1e86ad5f | 875 | FD_SET(crl->mfd, &readfds); |
sPymbed | 17:ff9d1e86ad5f | 876 | |
sPymbed | 17:ff9d1e86ad5f | 877 | result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL); |
sPymbed | 17:ff9d1e86ad5f | 878 | |
sPymbed | 17:ff9d1e86ad5f | 879 | WOLFSSL_MSG("Got notify event"); |
sPymbed | 17:ff9d1e86ad5f | 880 | |
sPymbed | 17:ff9d1e86ad5f | 881 | if (result < 0) { |
sPymbed | 17:ff9d1e86ad5f | 882 | WOLFSSL_MSG("select problem, continue"); |
sPymbed | 17:ff9d1e86ad5f | 883 | continue; |
sPymbed | 17:ff9d1e86ad5f | 884 | } |
sPymbed | 17:ff9d1e86ad5f | 885 | |
sPymbed | 17:ff9d1e86ad5f | 886 | if (FD_ISSET(crl->mfd, &readfds)) { |
sPymbed | 17:ff9d1e86ad5f | 887 | WOLFSSL_MSG("got custom shutdown event, breaking out"); |
sPymbed | 17:ff9d1e86ad5f | 888 | break; |
sPymbed | 17:ff9d1e86ad5f | 889 | } |
sPymbed | 17:ff9d1e86ad5f | 890 | |
sPymbed | 17:ff9d1e86ad5f | 891 | length = (int) read(notifyFd, buff, 8192); |
sPymbed | 17:ff9d1e86ad5f | 892 | if (length < 0) { |
sPymbed | 17:ff9d1e86ad5f | 893 | WOLFSSL_MSG("notify read problem, continue"); |
sPymbed | 17:ff9d1e86ad5f | 894 | continue; |
sPymbed | 17:ff9d1e86ad5f | 895 | } |
sPymbed | 17:ff9d1e86ad5f | 896 | |
sPymbed | 17:ff9d1e86ad5f | 897 | if (SwapLists(crl) < 0) { |
sPymbed | 17:ff9d1e86ad5f | 898 | WOLFSSL_MSG("SwapLists problem, continue"); |
sPymbed | 17:ff9d1e86ad5f | 899 | } |
sPymbed | 17:ff9d1e86ad5f | 900 | } |
sPymbed | 17:ff9d1e86ad5f | 901 | |
sPymbed | 17:ff9d1e86ad5f | 902 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 903 | XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 904 | #endif |
sPymbed | 17:ff9d1e86ad5f | 905 | |
sPymbed | 17:ff9d1e86ad5f | 906 | if (wd > 0) |
sPymbed | 17:ff9d1e86ad5f | 907 | inotify_rm_watch(notifyFd, wd); |
sPymbed | 17:ff9d1e86ad5f | 908 | close(crl->mfd); |
sPymbed | 17:ff9d1e86ad5f | 909 | close(notifyFd); |
sPymbed | 17:ff9d1e86ad5f | 910 | |
sPymbed | 17:ff9d1e86ad5f | 911 | return NULL; |
sPymbed | 17:ff9d1e86ad5f | 912 | } |
sPymbed | 17:ff9d1e86ad5f | 913 | |
sPymbed | 17:ff9d1e86ad5f | 914 | #endif /* MACH or linux */ |
sPymbed | 17:ff9d1e86ad5f | 915 | |
sPymbed | 17:ff9d1e86ad5f | 916 | |
sPymbed | 17:ff9d1e86ad5f | 917 | /* Start Monitoring the CRL path(s) in a thread */ |
sPymbed | 17:ff9d1e86ad5f | 918 | static int StartMonitorCRL(WOLFSSL_CRL* crl) |
sPymbed | 17:ff9d1e86ad5f | 919 | { |
sPymbed | 17:ff9d1e86ad5f | 920 | int ret = WOLFSSL_SUCCESS; |
sPymbed | 17:ff9d1e86ad5f | 921 | |
sPymbed | 17:ff9d1e86ad5f | 922 | WOLFSSL_ENTER("StartMonitorCRL"); |
sPymbed | 17:ff9d1e86ad5f | 923 | |
sPymbed | 17:ff9d1e86ad5f | 924 | if (crl == NULL) |
sPymbed | 17:ff9d1e86ad5f | 925 | return BAD_FUNC_ARG; |
sPymbed | 17:ff9d1e86ad5f | 926 | |
sPymbed | 17:ff9d1e86ad5f | 927 | if (crl->tid != 0) { |
sPymbed | 17:ff9d1e86ad5f | 928 | WOLFSSL_MSG("Monitor thread already running"); |
sPymbed | 17:ff9d1e86ad5f | 929 | return ret; /* that's ok, someone already started */ |
sPymbed | 17:ff9d1e86ad5f | 930 | } |
sPymbed | 17:ff9d1e86ad5f | 931 | |
sPymbed | 17:ff9d1e86ad5f | 932 | if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 933 | WOLFSSL_MSG("Thread creation error"); |
sPymbed | 17:ff9d1e86ad5f | 934 | return THREAD_CREATE_E; |
sPymbed | 17:ff9d1e86ad5f | 935 | } |
sPymbed | 17:ff9d1e86ad5f | 936 | |
sPymbed | 17:ff9d1e86ad5f | 937 | /* wait for setup to complete */ |
sPymbed | 17:ff9d1e86ad5f | 938 | if (wc_LockMutex(&crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 939 | WOLFSSL_MSG("wc_LockMutex crlLock error"); |
sPymbed | 17:ff9d1e86ad5f | 940 | return BAD_MUTEX_E; |
sPymbed | 17:ff9d1e86ad5f | 941 | } |
sPymbed | 17:ff9d1e86ad5f | 942 | |
sPymbed | 17:ff9d1e86ad5f | 943 | while (crl->setup == 0) { |
sPymbed | 17:ff9d1e86ad5f | 944 | if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) { |
sPymbed | 17:ff9d1e86ad5f | 945 | ret = BAD_COND_E; |
sPymbed | 17:ff9d1e86ad5f | 946 | break; |
sPymbed | 17:ff9d1e86ad5f | 947 | } |
sPymbed | 17:ff9d1e86ad5f | 948 | } |
sPymbed | 17:ff9d1e86ad5f | 949 | |
sPymbed | 17:ff9d1e86ad5f | 950 | if (crl->setup < 0) |
sPymbed | 17:ff9d1e86ad5f | 951 | ret = crl->setup; /* store setup error */ |
sPymbed | 17:ff9d1e86ad5f | 952 | |
sPymbed | 17:ff9d1e86ad5f | 953 | wc_UnLockMutex(&crl->crlLock); |
sPymbed | 17:ff9d1e86ad5f | 954 | |
sPymbed | 17:ff9d1e86ad5f | 955 | if (ret < 0) { |
sPymbed | 17:ff9d1e86ad5f | 956 | WOLFSSL_MSG("DoMonitor setup failure"); |
sPymbed | 17:ff9d1e86ad5f | 957 | crl->tid = 0; /* thread already done */ |
sPymbed | 17:ff9d1e86ad5f | 958 | } |
sPymbed | 17:ff9d1e86ad5f | 959 | |
sPymbed | 17:ff9d1e86ad5f | 960 | return ret; |
sPymbed | 17:ff9d1e86ad5f | 961 | } |
sPymbed | 17:ff9d1e86ad5f | 962 | |
sPymbed | 17:ff9d1e86ad5f | 963 | |
sPymbed | 17:ff9d1e86ad5f | 964 | #else /* HAVE_CRL_MONITOR */ |
sPymbed | 17:ff9d1e86ad5f | 965 | |
sPymbed | 17:ff9d1e86ad5f | 966 | #ifndef NO_FILESYSTEM |
sPymbed | 17:ff9d1e86ad5f | 967 | |
sPymbed | 17:ff9d1e86ad5f | 968 | static int StartMonitorCRL(WOLFSSL_CRL* crl) |
sPymbed | 17:ff9d1e86ad5f | 969 | { |
sPymbed | 17:ff9d1e86ad5f | 970 | (void)crl; |
sPymbed | 17:ff9d1e86ad5f | 971 | |
sPymbed | 17:ff9d1e86ad5f | 972 | WOLFSSL_ENTER("StartMonitorCRL"); |
sPymbed | 17:ff9d1e86ad5f | 973 | WOLFSSL_MSG("Not compiled in"); |
sPymbed | 17:ff9d1e86ad5f | 974 | |
sPymbed | 17:ff9d1e86ad5f | 975 | return NOT_COMPILED_IN; |
sPymbed | 17:ff9d1e86ad5f | 976 | } |
sPymbed | 17:ff9d1e86ad5f | 977 | |
sPymbed | 17:ff9d1e86ad5f | 978 | #endif /* NO_FILESYSTEM */ |
sPymbed | 17:ff9d1e86ad5f | 979 | |
sPymbed | 17:ff9d1e86ad5f | 980 | #endif /* HAVE_CRL_MONITOR */ |
sPymbed | 17:ff9d1e86ad5f | 981 | |
sPymbed | 17:ff9d1e86ad5f | 982 | #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) |
sPymbed | 17:ff9d1e86ad5f | 983 | |
sPymbed | 17:ff9d1e86ad5f | 984 | /* Load CRL path files of type, WOLFSSL_SUCCESS on ok */ |
sPymbed | 17:ff9d1e86ad5f | 985 | int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) |
sPymbed | 17:ff9d1e86ad5f | 986 | { |
sPymbed | 17:ff9d1e86ad5f | 987 | int ret = WOLFSSL_SUCCESS; |
sPymbed | 17:ff9d1e86ad5f | 988 | char* name = NULL; |
sPymbed | 17:ff9d1e86ad5f | 989 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 990 | ReadDirCtx* readCtx = NULL; |
sPymbed | 17:ff9d1e86ad5f | 991 | #else |
sPymbed | 17:ff9d1e86ad5f | 992 | ReadDirCtx readCtx[1]; |
sPymbed | 17:ff9d1e86ad5f | 993 | #endif |
sPymbed | 17:ff9d1e86ad5f | 994 | |
sPymbed | 17:ff9d1e86ad5f | 995 | WOLFSSL_ENTER("LoadCRL"); |
sPymbed | 17:ff9d1e86ad5f | 996 | if (crl == NULL) |
sPymbed | 17:ff9d1e86ad5f | 997 | return BAD_FUNC_ARG; |
sPymbed | 17:ff9d1e86ad5f | 998 | |
sPymbed | 17:ff9d1e86ad5f | 999 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 1000 | readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), crl->heap, |
sPymbed | 17:ff9d1e86ad5f | 1001 | DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 1002 | if (readCtx == NULL) |
sPymbed | 17:ff9d1e86ad5f | 1003 | return MEMORY_E; |
sPymbed | 17:ff9d1e86ad5f | 1004 | #endif |
sPymbed | 17:ff9d1e86ad5f | 1005 | |
sPymbed | 17:ff9d1e86ad5f | 1006 | /* try to load each regular file in path */ |
sPymbed | 17:ff9d1e86ad5f | 1007 | ret = wc_ReadDirFirst(readCtx, path, &name); |
sPymbed | 17:ff9d1e86ad5f | 1008 | while (ret == 0 && name) { |
sPymbed | 17:ff9d1e86ad5f | 1009 | int skip = 0; |
sPymbed | 17:ff9d1e86ad5f | 1010 | if (type == WOLFSSL_FILETYPE_PEM) { |
sPymbed | 17:ff9d1e86ad5f | 1011 | if (XSTRSTR(name, ".pem") == NULL) { |
sPymbed | 17:ff9d1e86ad5f | 1012 | WOLFSSL_MSG("not .pem file, skipping"); |
sPymbed | 17:ff9d1e86ad5f | 1013 | skip = 1; |
sPymbed | 17:ff9d1e86ad5f | 1014 | } |
sPymbed | 17:ff9d1e86ad5f | 1015 | } |
sPymbed | 17:ff9d1e86ad5f | 1016 | else { |
sPymbed | 17:ff9d1e86ad5f | 1017 | if (XSTRSTR(name, ".der") == NULL && |
sPymbed | 17:ff9d1e86ad5f | 1018 | XSTRSTR(name, ".crl") == NULL) |
sPymbed | 17:ff9d1e86ad5f | 1019 | { |
sPymbed | 17:ff9d1e86ad5f | 1020 | WOLFSSL_MSG("not .der or .crl file, skipping"); |
sPymbed | 17:ff9d1e86ad5f | 1021 | skip = 1; |
sPymbed | 17:ff9d1e86ad5f | 1022 | } |
sPymbed | 17:ff9d1e86ad5f | 1023 | } |
sPymbed | 17:ff9d1e86ad5f | 1024 | |
sPymbed | 17:ff9d1e86ad5f | 1025 | if (!skip && ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl) |
sPymbed | 17:ff9d1e86ad5f | 1026 | != WOLFSSL_SUCCESS) { |
sPymbed | 17:ff9d1e86ad5f | 1027 | WOLFSSL_MSG("CRL file load failed, continuing"); |
sPymbed | 17:ff9d1e86ad5f | 1028 | } |
sPymbed | 17:ff9d1e86ad5f | 1029 | |
sPymbed | 17:ff9d1e86ad5f | 1030 | ret = wc_ReadDirNext(readCtx, path, &name); |
sPymbed | 17:ff9d1e86ad5f | 1031 | } |
sPymbed | 17:ff9d1e86ad5f | 1032 | wc_ReadDirClose(readCtx); |
sPymbed | 17:ff9d1e86ad5f | 1033 | ret = WOLFSSL_SUCCESS; /* load failures not reported, for backwards compat */ |
sPymbed | 17:ff9d1e86ad5f | 1034 | |
sPymbed | 17:ff9d1e86ad5f | 1035 | #ifdef WOLFSSL_SMALL_STACK |
sPymbed | 17:ff9d1e86ad5f | 1036 | XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
sPymbed | 17:ff9d1e86ad5f | 1037 | #endif |
sPymbed | 17:ff9d1e86ad5f | 1038 | |
sPymbed | 17:ff9d1e86ad5f | 1039 | if (monitor & WOLFSSL_CRL_MONITOR) { |
sPymbed | 17:ff9d1e86ad5f | 1040 | word32 pathLen; |
sPymbed | 17:ff9d1e86ad5f | 1041 | char* pathBuf; |
sPymbed | 17:ff9d1e86ad5f | 1042 | |
sPymbed | 17:ff9d1e86ad5f | 1043 | WOLFSSL_MSG("monitor path requested"); |
sPymbed | 17:ff9d1e86ad5f | 1044 | |
sPymbed | 17:ff9d1e86ad5f | 1045 | pathLen = (word32)XSTRLEN(path); |
sPymbed | 17:ff9d1e86ad5f | 1046 | pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR); |
sPymbed | 17:ff9d1e86ad5f | 1047 | if (pathBuf) { |
sPymbed | 17:ff9d1e86ad5f | 1048 | XSTRNCPY(pathBuf, path, pathLen); |
sPymbed | 17:ff9d1e86ad5f | 1049 | pathBuf[pathLen] = '\0'; /* Null Terminate */ |
sPymbed | 17:ff9d1e86ad5f | 1050 | |
sPymbed | 17:ff9d1e86ad5f | 1051 | if (type == WOLFSSL_FILETYPE_PEM) { |
sPymbed | 17:ff9d1e86ad5f | 1052 | /* free old path before setting a new one */ |
sPymbed | 17:ff9d1e86ad5f | 1053 | if (crl->monitors[0].path) { |
sPymbed | 17:ff9d1e86ad5f | 1054 | XFREE(crl->monitors[0].path, crl->heap, |
sPymbed | 17:ff9d1e86ad5f | 1055 | DYNAMIC_TYPE_CRL_MONITOR); |
sPymbed | 17:ff9d1e86ad5f | 1056 | } |
sPymbed | 17:ff9d1e86ad5f | 1057 | crl->monitors[0].path = pathBuf; |
sPymbed | 17:ff9d1e86ad5f | 1058 | crl->monitors[0].type = WOLFSSL_FILETYPE_PEM; |
sPymbed | 17:ff9d1e86ad5f | 1059 | } else { |
sPymbed | 17:ff9d1e86ad5f | 1060 | /* free old path before setting a new one */ |
sPymbed | 17:ff9d1e86ad5f | 1061 | if (crl->monitors[1].path) { |
sPymbed | 17:ff9d1e86ad5f | 1062 | XFREE(crl->monitors[1].path, crl->heap, |
sPymbed | 17:ff9d1e86ad5f | 1063 | DYNAMIC_TYPE_CRL_MONITOR); |
sPymbed | 17:ff9d1e86ad5f | 1064 | } |
sPymbed | 17:ff9d1e86ad5f | 1065 | crl->monitors[1].path = pathBuf; |
sPymbed | 17:ff9d1e86ad5f | 1066 | crl->monitors[1].type = WOLFSSL_FILETYPE_ASN1; |
sPymbed | 17:ff9d1e86ad5f | 1067 | } |
sPymbed | 17:ff9d1e86ad5f | 1068 | |
sPymbed | 17:ff9d1e86ad5f | 1069 | if (monitor & WOLFSSL_CRL_START_MON) { |
sPymbed | 17:ff9d1e86ad5f | 1070 | WOLFSSL_MSG("start monitoring requested"); |
sPymbed | 17:ff9d1e86ad5f | 1071 | |
sPymbed | 17:ff9d1e86ad5f | 1072 | ret = StartMonitorCRL(crl); |
sPymbed | 17:ff9d1e86ad5f | 1073 | } |
sPymbed | 17:ff9d1e86ad5f | 1074 | } |
sPymbed | 17:ff9d1e86ad5f | 1075 | else { |
sPymbed | 17:ff9d1e86ad5f | 1076 | ret = MEMORY_E; |
sPymbed | 17:ff9d1e86ad5f | 1077 | } |
sPymbed | 17:ff9d1e86ad5f | 1078 | } |
sPymbed | 17:ff9d1e86ad5f | 1079 | |
sPymbed | 17:ff9d1e86ad5f | 1080 | return ret; |
sPymbed | 17:ff9d1e86ad5f | 1081 | } |
sPymbed | 17:ff9d1e86ad5f | 1082 | |
sPymbed | 17:ff9d1e86ad5f | 1083 | #else |
sPymbed | 17:ff9d1e86ad5f | 1084 | int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) |
sPymbed | 17:ff9d1e86ad5f | 1085 | { |
sPymbed | 17:ff9d1e86ad5f | 1086 | (void)crl; |
sPymbed | 17:ff9d1e86ad5f | 1087 | (void)path; |
sPymbed | 17:ff9d1e86ad5f | 1088 | (void)type; |
sPymbed | 17:ff9d1e86ad5f | 1089 | (void)monitor; |
sPymbed | 17:ff9d1e86ad5f | 1090 | |
sPymbed | 17:ff9d1e86ad5f | 1091 | /* stub for scenario where file system is not supported */ |
sPymbed | 17:ff9d1e86ad5f | 1092 | return NOT_COMPILED_IN; |
sPymbed | 17:ff9d1e86ad5f | 1093 | } |
sPymbed | 17:ff9d1e86ad5f | 1094 | #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ |
sPymbed | 17:ff9d1e86ad5f | 1095 | |
sPymbed | 17:ff9d1e86ad5f | 1096 | #endif /* HAVE_CRL */ |
sPymbed | 17:ff9d1e86ad5f | 1097 | #endif /* !WOLFCRYPT_ONLY */ |
sPymbed | 17:ff9d1e86ad5f | 1098 |