wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » sPymbed » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

src/crl.c@17:ff9d1e86ad5f, 2019-11-20 (annotated)

Committer:: sPymbed
Date:: Wed Nov 20 13:27:48 2019 +0000
Revision:: 17:ff9d1e86ad5f
Parent:: 15:117db924cf7c

removed: wolfcrypt

Who changed what in which revision?

User	Revision	Line number	New contents of line
sPymbed	17:ff9d1e86ad5f	1	/* crl.c
sPymbed	17:ff9d1e86ad5f	2	*
sPymbed	17:ff9d1e86ad5f	3	* Copyright (C) 2006-2017 wolfSSL Inc.
sPymbed	17:ff9d1e86ad5f	4	*
sPymbed	17:ff9d1e86ad5f	5	* This file is part of wolfSSL.
sPymbed	17:ff9d1e86ad5f	6	*
sPymbed	17:ff9d1e86ad5f	7	* wolfSSL is free software; you can redistribute it and/or modify
sPymbed	17:ff9d1e86ad5f	8	* it under the terms of the GNU General Public License as published by
sPymbed	17:ff9d1e86ad5f	9	* the Free Software Foundation; either version 2 of the License, or
sPymbed	17:ff9d1e86ad5f	10	* (at your option) any later version.
sPymbed	17:ff9d1e86ad5f	11	*
sPymbed	17:ff9d1e86ad5f	12	* wolfSSL is distributed in the hope that it will be useful,
sPymbed	17:ff9d1e86ad5f	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
sPymbed	17:ff9d1e86ad5f	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
sPymbed	17:ff9d1e86ad5f	15	* GNU General Public License for more details.
sPymbed	17:ff9d1e86ad5f	16	*
sPymbed	17:ff9d1e86ad5f	17	* You should have received a copy of the GNU General Public License
sPymbed	17:ff9d1e86ad5f	18	* along with this program; if not, write to the Free Software
sPymbed	17:ff9d1e86ad5f	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
sPymbed	17:ff9d1e86ad5f	20	*/
sPymbed	17:ff9d1e86ad5f	21
sPymbed	17:ff9d1e86ad5f	22
sPymbed	17:ff9d1e86ad5f	23	/* Name change compatibility layer no longer needs included here */
sPymbed	17:ff9d1e86ad5f	24
sPymbed	17:ff9d1e86ad5f	25	#ifdef HAVE_CONFIG_H
sPymbed	17:ff9d1e86ad5f	26	#include <config.h>
sPymbed	17:ff9d1e86ad5f	27	#endif
sPymbed	17:ff9d1e86ad5f	28
sPymbed	17:ff9d1e86ad5f	29	#include <wolfcrypt/settings.h>
sPymbed	17:ff9d1e86ad5f	30
sPymbed	17:ff9d1e86ad5f	31	#ifndef WOLFCRYPT_ONLY
sPymbed	17:ff9d1e86ad5f	32	#ifdef HAVE_CRL
sPymbed	17:ff9d1e86ad5f	33
sPymbed	17:ff9d1e86ad5f	34	#include <wolfssl/internal.h>
sPymbed	17:ff9d1e86ad5f	35	#include <wolfssl/error-ssl.h>
sPymbed	17:ff9d1e86ad5f	36
sPymbed	17:ff9d1e86ad5f	37	#include <string.h>
sPymbed	17:ff9d1e86ad5f	38
sPymbed	17:ff9d1e86ad5f	39	#ifdef HAVE_CRL_MONITOR
sPymbed	17:ff9d1e86ad5f	40	#if (defined(__MACH__) \|\| defined(__FreeBSD__) \|\| defined(__linux__))
sPymbed	17:ff9d1e86ad5f	41	static int StopMonitor(int mfd);
sPymbed	17:ff9d1e86ad5f	42	#else
sPymbed	17:ff9d1e86ad5f	43	#error "CRL monitor only currently supported on linux or mach"
sPymbed	17:ff9d1e86ad5f	44	#endif
sPymbed	17:ff9d1e86ad5f	45	#endif /* HAVE_CRL_MONITOR */
sPymbed	17:ff9d1e86ad5f	46
sPymbed	17:ff9d1e86ad5f	47
sPymbed	17:ff9d1e86ad5f	48	/* Initialize CRL members */
sPymbed	17:ff9d1e86ad5f	49	int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
sPymbed	17:ff9d1e86ad5f	50	{
sPymbed	17:ff9d1e86ad5f	51	WOLFSSL_ENTER("InitCRL");
sPymbed	17:ff9d1e86ad5f	52	if(cm != NULL)
sPymbed	17:ff9d1e86ad5f	53	crl->heap = cm->heap;
sPymbed	17:ff9d1e86ad5f	54	else
sPymbed	17:ff9d1e86ad5f	55	crl->heap = NULL;
sPymbed	17:ff9d1e86ad5f	56	crl->cm = cm;
sPymbed	17:ff9d1e86ad5f	57	crl->crlList = NULL;
sPymbed	17:ff9d1e86ad5f	58	crl->monitors[0].path = NULL;
sPymbed	17:ff9d1e86ad5f	59	crl->monitors[1].path = NULL;
sPymbed	17:ff9d1e86ad5f	60	#ifdef HAVE_CRL_MONITOR
sPymbed	17:ff9d1e86ad5f	61	crl->tid = 0;
sPymbed	17:ff9d1e86ad5f	62	crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
sPymbed	17:ff9d1e86ad5f	63	crl->setup = 0; /* thread setup done predicate */
sPymbed	17:ff9d1e86ad5f	64	if (pthread_cond_init(&crl->cond, 0) != 0) {
sPymbed	17:ff9d1e86ad5f	65	WOLFSSL_MSG("Pthread condition init failed");
sPymbed	17:ff9d1e86ad5f	66	return BAD_COND_E;
sPymbed	17:ff9d1e86ad5f	67	}
sPymbed	17:ff9d1e86ad5f	68	#endif
sPymbed	17:ff9d1e86ad5f	69	if (wc_InitMutex(&crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	70	WOLFSSL_MSG("Init Mutex failed");
sPymbed	17:ff9d1e86ad5f	71	return BAD_MUTEX_E;
sPymbed	17:ff9d1e86ad5f	72	}
sPymbed	17:ff9d1e86ad5f	73
sPymbed	17:ff9d1e86ad5f	74	return 0;
sPymbed	17:ff9d1e86ad5f	75	}
sPymbed	17:ff9d1e86ad5f	76
sPymbed	17:ff9d1e86ad5f	77
sPymbed	17:ff9d1e86ad5f	78	/* Initialize CRL Entry */
sPymbed	17:ff9d1e86ad5f	79	static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
sPymbed	17:ff9d1e86ad5f	80	int verified, void* heap)
sPymbed	17:ff9d1e86ad5f	81	{
sPymbed	17:ff9d1e86ad5f	82	WOLFSSL_ENTER("InitCRL_Entry");
sPymbed	17:ff9d1e86ad5f	83
sPymbed	17:ff9d1e86ad5f	84	XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
sPymbed	17:ff9d1e86ad5f	85	/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
sPymbed	17:ff9d1e86ad5f	86	* copy the hash here if needed for optimized comparisons */
sPymbed	17:ff9d1e86ad5f	87	XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
sPymbed	17:ff9d1e86ad5f	88	XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
sPymbed	17:ff9d1e86ad5f	89	crle->lastDateFormat = dcrl->lastDateFormat;
sPymbed	17:ff9d1e86ad5f	90	crle->nextDateFormat = dcrl->nextDateFormat;
sPymbed	17:ff9d1e86ad5f	91
sPymbed	17:ff9d1e86ad5f	92	crle->certs = dcrl->certs; /* take ownsership */
sPymbed	17:ff9d1e86ad5f	93	dcrl->certs = NULL;
sPymbed	17:ff9d1e86ad5f	94	crle->totalCerts = dcrl->totalCerts;
sPymbed	17:ff9d1e86ad5f	95	crle->verified = verified;
sPymbed	17:ff9d1e86ad5f	96	if (!verified) {
sPymbed	17:ff9d1e86ad5f	97	crle->tbsSz = dcrl->sigIndex - dcrl->certBegin;
sPymbed	17:ff9d1e86ad5f	98	crle->signatureSz = dcrl->sigLength;
sPymbed	17:ff9d1e86ad5f	99	crle->signatureOID = dcrl->signatureOID;
sPymbed	17:ff9d1e86ad5f	100	crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap,
sPymbed	17:ff9d1e86ad5f	101	DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	102	if (crle->toBeSigned == NULL)
sPymbed	17:ff9d1e86ad5f	103	return -1;
sPymbed	17:ff9d1e86ad5f	104	crle->signature = (byte*)XMALLOC(crle->signatureSz, heap,
sPymbed	17:ff9d1e86ad5f	105	DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	106	if (crle->signature == NULL) {
sPymbed	17:ff9d1e86ad5f	107	XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	108	return -1;
sPymbed	17:ff9d1e86ad5f	109	}
sPymbed	17:ff9d1e86ad5f	110	XMEMCPY(crle->toBeSigned, buff + dcrl->certBegin, crle->tbsSz);
sPymbed	17:ff9d1e86ad5f	111	XMEMCPY(crle->signature, dcrl->signature, crle->signatureSz);
sPymbed	17:ff9d1e86ad5f	112	#if !defined(NO_SKID) && defined(CRL_SKID_READY)
sPymbed	17:ff9d1e86ad5f	113	crle->extAuthKeyIdSet = dcrl->extAuthKeyIdSet;
sPymbed	17:ff9d1e86ad5f	114	if (crle->extAuthKeyIdSet)
sPymbed	17:ff9d1e86ad5f	115	XMEMCPY(crle->extAuthKeyId, dcrl->extAuthKeyId, KEYID_SIZE);
sPymbed	17:ff9d1e86ad5f	116	#endif
sPymbed	17:ff9d1e86ad5f	117	}
sPymbed	17:ff9d1e86ad5f	118	else {
sPymbed	17:ff9d1e86ad5f	119	crle->toBeSigned = NULL;
sPymbed	17:ff9d1e86ad5f	120	crle->signature = NULL;
sPymbed	17:ff9d1e86ad5f	121	}
sPymbed	17:ff9d1e86ad5f	122
sPymbed	17:ff9d1e86ad5f	123	(void)verified;
sPymbed	17:ff9d1e86ad5f	124
sPymbed	17:ff9d1e86ad5f	125	return 0;
sPymbed	17:ff9d1e86ad5f	126	}
sPymbed	17:ff9d1e86ad5f	127
sPymbed	17:ff9d1e86ad5f	128
sPymbed	17:ff9d1e86ad5f	129	/* Free all CRL Entry resources */
sPymbed	17:ff9d1e86ad5f	130	static void FreeCRL_Entry(CRL_Entry* crle, void* heap)
sPymbed	17:ff9d1e86ad5f	131	{
sPymbed	17:ff9d1e86ad5f	132	RevokedCert* tmp = crle->certs;
sPymbed	17:ff9d1e86ad5f	133	RevokedCert* next;
sPymbed	17:ff9d1e86ad5f	134
sPymbed	17:ff9d1e86ad5f	135	WOLFSSL_ENTER("FreeCRL_Entry");
sPymbed	17:ff9d1e86ad5f	136
sPymbed	17:ff9d1e86ad5f	137	while (tmp) {
sPymbed	17:ff9d1e86ad5f	138	next = tmp->next;
sPymbed	17:ff9d1e86ad5f	139	XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
sPymbed	17:ff9d1e86ad5f	140	tmp = next;
sPymbed	17:ff9d1e86ad5f	141	}
sPymbed	17:ff9d1e86ad5f	142	if (crle->signature != NULL)
sPymbed	17:ff9d1e86ad5f	143	XFREE(crle->signature, heap, DYNAMIC_TYPE_REVOKED);
sPymbed	17:ff9d1e86ad5f	144	if (crle->toBeSigned != NULL)
sPymbed	17:ff9d1e86ad5f	145	XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_REVOKED);
sPymbed	17:ff9d1e86ad5f	146
sPymbed	17:ff9d1e86ad5f	147	(void)heap;
sPymbed	17:ff9d1e86ad5f	148	}
sPymbed	17:ff9d1e86ad5f	149
sPymbed	17:ff9d1e86ad5f	150
sPymbed	17:ff9d1e86ad5f	151
sPymbed	17:ff9d1e86ad5f	152	/* Free all CRL resources */
sPymbed	17:ff9d1e86ad5f	153	void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
sPymbed	17:ff9d1e86ad5f	154	{
sPymbed	17:ff9d1e86ad5f	155	CRL_Entry* tmp = crl->crlList;
sPymbed	17:ff9d1e86ad5f	156
sPymbed	17:ff9d1e86ad5f	157	WOLFSSL_ENTER("FreeCRL");
sPymbed	17:ff9d1e86ad5f	158	if (crl->monitors[0].path)
sPymbed	17:ff9d1e86ad5f	159	XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
sPymbed	17:ff9d1e86ad5f	160
sPymbed	17:ff9d1e86ad5f	161	if (crl->monitors[1].path)
sPymbed	17:ff9d1e86ad5f	162	XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
sPymbed	17:ff9d1e86ad5f	163
sPymbed	17:ff9d1e86ad5f	164	while(tmp) {
sPymbed	17:ff9d1e86ad5f	165	CRL_Entry* next = tmp->next;
sPymbed	17:ff9d1e86ad5f	166	FreeCRL_Entry(tmp, crl->heap);
sPymbed	17:ff9d1e86ad5f	167	XFREE(tmp, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	168	tmp = next;
sPymbed	17:ff9d1e86ad5f	169	}
sPymbed	17:ff9d1e86ad5f	170
sPymbed	17:ff9d1e86ad5f	171	#ifdef HAVE_CRL_MONITOR
sPymbed	17:ff9d1e86ad5f	172	if (crl->tid != 0) {
sPymbed	17:ff9d1e86ad5f	173	WOLFSSL_MSG("stopping monitor thread");
sPymbed	17:ff9d1e86ad5f	174	if (StopMonitor(crl->mfd) == 0)
sPymbed	17:ff9d1e86ad5f	175	pthread_join(crl->tid, NULL);
sPymbed	17:ff9d1e86ad5f	176	else {
sPymbed	17:ff9d1e86ad5f	177	WOLFSSL_MSG("stop monitor failed");
sPymbed	17:ff9d1e86ad5f	178	}
sPymbed	17:ff9d1e86ad5f	179	}
sPymbed	17:ff9d1e86ad5f	180	pthread_cond_destroy(&crl->cond);
sPymbed	17:ff9d1e86ad5f	181	#endif
sPymbed	17:ff9d1e86ad5f	182	wc_FreeMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	183	if (dynamic) /* free self */
sPymbed	17:ff9d1e86ad5f	184	XFREE(crl, crl->heap, DYNAMIC_TYPE_CRL);
sPymbed	17:ff9d1e86ad5f	185	}
sPymbed	17:ff9d1e86ad5f	186
sPymbed	17:ff9d1e86ad5f	187
sPymbed	17:ff9d1e86ad5f	188	static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry)
sPymbed	17:ff9d1e86ad5f	189	{
sPymbed	17:ff9d1e86ad5f	190	CRL_Entry* crle;
sPymbed	17:ff9d1e86ad5f	191	int foundEntry = 0;
sPymbed	17:ff9d1e86ad5f	192	int ret = 0;
sPymbed	17:ff9d1e86ad5f	193
sPymbed	17:ff9d1e86ad5f	194	if (wc_LockMutex(&crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	195	WOLFSSL_MSG("wc_LockMutex failed");
sPymbed	17:ff9d1e86ad5f	196	return BAD_MUTEX_E;
sPymbed	17:ff9d1e86ad5f	197	}
sPymbed	17:ff9d1e86ad5f	198
sPymbed	17:ff9d1e86ad5f	199	crle = crl->crlList;
sPymbed	17:ff9d1e86ad5f	200
sPymbed	17:ff9d1e86ad5f	201	while (crle) {
sPymbed	17:ff9d1e86ad5f	202	if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
sPymbed	17:ff9d1e86ad5f	203	int doNextDate = 1;
sPymbed	17:ff9d1e86ad5f	204
sPymbed	17:ff9d1e86ad5f	205	WOLFSSL_MSG("Found CRL Entry on list");
sPymbed	17:ff9d1e86ad5f	206
sPymbed	17:ff9d1e86ad5f	207	if (crle->verified == 0) {
sPymbed	17:ff9d1e86ad5f	208	Signer* ca;
sPymbed	17:ff9d1e86ad5f	209	#if !defined(NO_SKID) && defined(CRL_SKID_READY)
sPymbed	17:ff9d1e86ad5f	210	byte extAuthKeyId[KEYID_SIZE]
sPymbed	17:ff9d1e86ad5f	211	#endif
sPymbed	17:ff9d1e86ad5f	212	byte issuerHash[CRL_DIGEST_SIZE];
sPymbed	17:ff9d1e86ad5f	213	byte* tbs = NULL;
sPymbed	17:ff9d1e86ad5f	214	word32 tbsSz = crle->tbsSz;
sPymbed	17:ff9d1e86ad5f	215	byte* sig = NULL;
sPymbed	17:ff9d1e86ad5f	216	word32 sigSz = crle->signatureSz;
sPymbed	17:ff9d1e86ad5f	217	word32 sigOID = crle->signatureOID;
sPymbed	17:ff9d1e86ad5f	218	SignatureCtx sigCtx;
sPymbed	17:ff9d1e86ad5f	219
sPymbed	17:ff9d1e86ad5f	220	tbs = (byte*)XMALLOC(tbsSz, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	221	if (tbs == NULL) {
sPymbed	17:ff9d1e86ad5f	222	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	223	return MEMORY_E;
sPymbed	17:ff9d1e86ad5f	224	}
sPymbed	17:ff9d1e86ad5f	225	sig = (byte*)XMALLOC(sigSz, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	226	if (sig == NULL) {
sPymbed	17:ff9d1e86ad5f	227	XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	228	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	229	return MEMORY_E;
sPymbed	17:ff9d1e86ad5f	230	}
sPymbed	17:ff9d1e86ad5f	231
sPymbed	17:ff9d1e86ad5f	232	XMEMCPY(tbs, crle->toBeSigned, tbsSz);
sPymbed	17:ff9d1e86ad5f	233	XMEMCPY(sig, crle->signature, sigSz);
sPymbed	17:ff9d1e86ad5f	234	#if !defined(NO_SKID) && defined(CRL_SKID_READY)
sPymbed	17:ff9d1e86ad5f	235	XMEMCMPY(extAuthKeyId, crle->extAuthKeyId,
sPymbed	17:ff9d1e86ad5f	236	sizeof(extAuthKeyId));
sPymbed	17:ff9d1e86ad5f	237	#endif
sPymbed	17:ff9d1e86ad5f	238	XMEMCPY(issuerHash, crle->issuerHash, sizeof(issuerHash));
sPymbed	17:ff9d1e86ad5f	239
sPymbed	17:ff9d1e86ad5f	240	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	241
sPymbed	17:ff9d1e86ad5f	242	#if !defined(NO_SKID) && defined(CRL_SKID_READY)
sPymbed	17:ff9d1e86ad5f	243	if (crle->extAuthKeyIdSet)
sPymbed	17:ff9d1e86ad5f	244	ca = GetCA(crl->cm, extAuthKeyId);
sPymbed	17:ff9d1e86ad5f	245	if (ca == NULL)
sPymbed	17:ff9d1e86ad5f	246	ca = GetCAByName(crl->cm, issuerHash);
sPymbed	17:ff9d1e86ad5f	247	#else /* NO_SKID */
sPymbed	17:ff9d1e86ad5f	248	ca = GetCA(crl->cm, issuerHash);
sPymbed	17:ff9d1e86ad5f	249	#endif /* NO_SKID */
sPymbed	17:ff9d1e86ad5f	250	if (ca == NULL) {
sPymbed	17:ff9d1e86ad5f	251	XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	252	XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	253	WOLFSSL_MSG("Did NOT find CRL issuer CA");
sPymbed	17:ff9d1e86ad5f	254	return ASN_CRL_NO_SIGNER_E;
sPymbed	17:ff9d1e86ad5f	255	}
sPymbed	17:ff9d1e86ad5f	256
sPymbed	17:ff9d1e86ad5f	257	ret = VerifyCRL_Signature(&sigCtx, tbs, tbsSz, sig, sigSz,
sPymbed	17:ff9d1e86ad5f	258	sigOID, ca, crl->heap);
sPymbed	17:ff9d1e86ad5f	259
sPymbed	17:ff9d1e86ad5f	260	XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	261	XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	262
sPymbed	17:ff9d1e86ad5f	263	if (wc_LockMutex(&crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	264	WOLFSSL_MSG("wc_LockMutex failed");
sPymbed	17:ff9d1e86ad5f	265	return BAD_MUTEX_E;
sPymbed	17:ff9d1e86ad5f	266	}
sPymbed	17:ff9d1e86ad5f	267
sPymbed	17:ff9d1e86ad5f	268	crle = crl->crlList;
sPymbed	17:ff9d1e86ad5f	269	while (crle) {
sPymbed	17:ff9d1e86ad5f	270	if (XMEMCMP(crle->issuerHash, cert->issuerHash,
sPymbed	17:ff9d1e86ad5f	271	CRL_DIGEST_SIZE) == 0) {
sPymbed	17:ff9d1e86ad5f	272
sPymbed	17:ff9d1e86ad5f	273	if (ret == 0)
sPymbed	17:ff9d1e86ad5f	274	crle->verified = 1;
sPymbed	17:ff9d1e86ad5f	275	else
sPymbed	17:ff9d1e86ad5f	276	crle->verified = ret;
sPymbed	17:ff9d1e86ad5f	277
sPymbed	17:ff9d1e86ad5f	278	XFREE(crle->toBeSigned, crl->heap,
sPymbed	17:ff9d1e86ad5f	279	DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	280	crle->toBeSigned = NULL;
sPymbed	17:ff9d1e86ad5f	281	XFREE(crle->signature, crl->heap,
sPymbed	17:ff9d1e86ad5f	282	DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	283	crle->signature = NULL;
sPymbed	17:ff9d1e86ad5f	284	break;
sPymbed	17:ff9d1e86ad5f	285	}
sPymbed	17:ff9d1e86ad5f	286	crle = crle->next;
sPymbed	17:ff9d1e86ad5f	287	}
sPymbed	17:ff9d1e86ad5f	288	if (crle == NULL \|\| crle->verified < 0)
sPymbed	17:ff9d1e86ad5f	289	break;
sPymbed	17:ff9d1e86ad5f	290	}
sPymbed	17:ff9d1e86ad5f	291	else if (crle->verified < 0) {
sPymbed	17:ff9d1e86ad5f	292	WOLFSSL_MSG("Cannot use CRL as it didn't verify");
sPymbed	17:ff9d1e86ad5f	293	ret = crle->verified;
sPymbed	17:ff9d1e86ad5f	294	break;
sPymbed	17:ff9d1e86ad5f	295	}
sPymbed	17:ff9d1e86ad5f	296
sPymbed	17:ff9d1e86ad5f	297	WOLFSSL_MSG("Checking next date validity");
sPymbed	17:ff9d1e86ad5f	298
sPymbed	17:ff9d1e86ad5f	299	#ifdef WOLFSSL_NO_CRL_NEXT_DATE
sPymbed	17:ff9d1e86ad5f	300	if (crle->nextDateFormat == ASN_OTHER_TYPE)
sPymbed	17:ff9d1e86ad5f	301	doNextDate = 0; /* skip */
sPymbed	17:ff9d1e86ad5f	302	#endif
sPymbed	17:ff9d1e86ad5f	303
sPymbed	17:ff9d1e86ad5f	304	if (doNextDate) {
sPymbed	17:ff9d1e86ad5f	305	#ifndef NO_ASN_TIME
sPymbed	17:ff9d1e86ad5f	306	if (!ValidateDate(crle->nextDate,crle->nextDateFormat, AFTER)) {
sPymbed	17:ff9d1e86ad5f	307	WOLFSSL_MSG("CRL next date is no longer valid");
sPymbed	17:ff9d1e86ad5f	308	ret = ASN_AFTER_DATE_E;
sPymbed	17:ff9d1e86ad5f	309	}
sPymbed	17:ff9d1e86ad5f	310	#endif
sPymbed	17:ff9d1e86ad5f	311	}
sPymbed	17:ff9d1e86ad5f	312	if (ret == 0) {
sPymbed	17:ff9d1e86ad5f	313	foundEntry = 1;
sPymbed	17:ff9d1e86ad5f	314	}
sPymbed	17:ff9d1e86ad5f	315	break;
sPymbed	17:ff9d1e86ad5f	316	}
sPymbed	17:ff9d1e86ad5f	317	crle = crle->next;
sPymbed	17:ff9d1e86ad5f	318	}
sPymbed	17:ff9d1e86ad5f	319
sPymbed	17:ff9d1e86ad5f	320	if (foundEntry) {
sPymbed	17:ff9d1e86ad5f	321	RevokedCert* rc = crle->certs;
sPymbed	17:ff9d1e86ad5f	322
sPymbed	17:ff9d1e86ad5f	323	while (rc) {
sPymbed	17:ff9d1e86ad5f	324	if (rc->serialSz == cert->serialSz &&
sPymbed	17:ff9d1e86ad5f	325	XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
sPymbed	17:ff9d1e86ad5f	326	WOLFSSL_MSG("Cert revoked");
sPymbed	17:ff9d1e86ad5f	327	ret = CRL_CERT_REVOKED;
sPymbed	17:ff9d1e86ad5f	328	break;
sPymbed	17:ff9d1e86ad5f	329	}
sPymbed	17:ff9d1e86ad5f	330	rc = rc->next;
sPymbed	17:ff9d1e86ad5f	331	}
sPymbed	17:ff9d1e86ad5f	332	}
sPymbed	17:ff9d1e86ad5f	333
sPymbed	17:ff9d1e86ad5f	334	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	335
sPymbed	17:ff9d1e86ad5f	336	*pFoundEntry = foundEntry;
sPymbed	17:ff9d1e86ad5f	337
sPymbed	17:ff9d1e86ad5f	338	return ret;
sPymbed	17:ff9d1e86ad5f	339	}
sPymbed	17:ff9d1e86ad5f	340
sPymbed	17:ff9d1e86ad5f	341	/* Is the cert ok with CRL, return 0 on success */
sPymbed	17:ff9d1e86ad5f	342	int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
sPymbed	17:ff9d1e86ad5f	343	{
sPymbed	17:ff9d1e86ad5f	344	int foundEntry = 0;
sPymbed	17:ff9d1e86ad5f	345	int ret = 0;
sPymbed	17:ff9d1e86ad5f	346
sPymbed	17:ff9d1e86ad5f	347	WOLFSSL_ENTER("CheckCertCRL");
sPymbed	17:ff9d1e86ad5f	348
sPymbed	17:ff9d1e86ad5f	349	ret = CheckCertCRLList(crl, cert, &foundEntry);
sPymbed	17:ff9d1e86ad5f	350
sPymbed	17:ff9d1e86ad5f	351	#ifdef HAVE_CRL_IO
sPymbed	17:ff9d1e86ad5f	352	if (foundEntry == 0) {
sPymbed	17:ff9d1e86ad5f	353	/* perform embedded lookup */
sPymbed	17:ff9d1e86ad5f	354	if (crl->crlIOCb) {
sPymbed	17:ff9d1e86ad5f	355	ret = crl->crlIOCb(crl, (const char*)cert->extCrlInfo,
sPymbed	17:ff9d1e86ad5f	356	cert->extCrlInfoSz);
sPymbed	17:ff9d1e86ad5f	357	if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
sPymbed	17:ff9d1e86ad5f	358	ret = WANT_READ;
sPymbed	17:ff9d1e86ad5f	359	}
sPymbed	17:ff9d1e86ad5f	360	else if (ret >= 0) {
sPymbed	17:ff9d1e86ad5f	361	/* try again */
sPymbed	17:ff9d1e86ad5f	362	ret = CheckCertCRLList(crl, cert, &foundEntry);
sPymbed	17:ff9d1e86ad5f	363	}
sPymbed	17:ff9d1e86ad5f	364	}
sPymbed	17:ff9d1e86ad5f	365	}
sPymbed	17:ff9d1e86ad5f	366	#endif
sPymbed	17:ff9d1e86ad5f	367
sPymbed	17:ff9d1e86ad5f	368	if (foundEntry == 0) {
sPymbed	17:ff9d1e86ad5f	369	WOLFSSL_MSG("Couldn't find CRL for status check");
sPymbed	17:ff9d1e86ad5f	370	ret = CRL_MISSING;
sPymbed	17:ff9d1e86ad5f	371
sPymbed	17:ff9d1e86ad5f	372	if (crl->cm->cbMissingCRL) {
sPymbed	17:ff9d1e86ad5f	373	char url[256];
sPymbed	17:ff9d1e86ad5f	374
sPymbed	17:ff9d1e86ad5f	375	WOLFSSL_MSG("Issuing missing CRL callback");
sPymbed	17:ff9d1e86ad5f	376	url[0] = '\0';
sPymbed	17:ff9d1e86ad5f	377	if (cert->extCrlInfo) {
sPymbed	17:ff9d1e86ad5f	378	if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
sPymbed	17:ff9d1e86ad5f	379	XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
sPymbed	17:ff9d1e86ad5f	380	url[cert->extCrlInfoSz] = '\0';
sPymbed	17:ff9d1e86ad5f	381	}
sPymbed	17:ff9d1e86ad5f	382	else {
sPymbed	17:ff9d1e86ad5f	383	WOLFSSL_MSG("CRL url too long");
sPymbed	17:ff9d1e86ad5f	384	}
sPymbed	17:ff9d1e86ad5f	385	}
sPymbed	17:ff9d1e86ad5f	386
sPymbed	17:ff9d1e86ad5f	387	crl->cm->cbMissingCRL(url);
sPymbed	17:ff9d1e86ad5f	388	}
sPymbed	17:ff9d1e86ad5f	389	}
sPymbed	17:ff9d1e86ad5f	390
sPymbed	17:ff9d1e86ad5f	391	return ret;
sPymbed	17:ff9d1e86ad5f	392	}
sPymbed	17:ff9d1e86ad5f	393
sPymbed	17:ff9d1e86ad5f	394
sPymbed	17:ff9d1e86ad5f	395	/* Add Decoded CRL, 0 on success */
sPymbed	17:ff9d1e86ad5f	396	static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
sPymbed	17:ff9d1e86ad5f	397	int verified)
sPymbed	17:ff9d1e86ad5f	398	{
sPymbed	17:ff9d1e86ad5f	399	CRL_Entry* crle;
sPymbed	17:ff9d1e86ad5f	400
sPymbed	17:ff9d1e86ad5f	401	WOLFSSL_ENTER("AddCRL");
sPymbed	17:ff9d1e86ad5f	402
sPymbed	17:ff9d1e86ad5f	403	crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	404	if (crle == NULL) {
sPymbed	17:ff9d1e86ad5f	405	WOLFSSL_MSG("alloc CRL Entry failed");
sPymbed	17:ff9d1e86ad5f	406	return -1;
sPymbed	17:ff9d1e86ad5f	407	}
sPymbed	17:ff9d1e86ad5f	408
sPymbed	17:ff9d1e86ad5f	409	if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) {
sPymbed	17:ff9d1e86ad5f	410	WOLFSSL_MSG("Init CRL Entry failed");
sPymbed	17:ff9d1e86ad5f	411	XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	412	return -1;
sPymbed	17:ff9d1e86ad5f	413	}
sPymbed	17:ff9d1e86ad5f	414
sPymbed	17:ff9d1e86ad5f	415	if (wc_LockMutex(&crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	416	WOLFSSL_MSG("wc_LockMutex failed");
sPymbed	17:ff9d1e86ad5f	417	FreeCRL_Entry(crle, crl->heap);
sPymbed	17:ff9d1e86ad5f	418	XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
sPymbed	17:ff9d1e86ad5f	419	return BAD_MUTEX_E;
sPymbed	17:ff9d1e86ad5f	420	}
sPymbed	17:ff9d1e86ad5f	421	crle->next = crl->crlList;
sPymbed	17:ff9d1e86ad5f	422	crl->crlList = crle;
sPymbed	17:ff9d1e86ad5f	423	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	424
sPymbed	17:ff9d1e86ad5f	425	return 0;
sPymbed	17:ff9d1e86ad5f	426	}
sPymbed	17:ff9d1e86ad5f	427
sPymbed	17:ff9d1e86ad5f	428
sPymbed	17:ff9d1e86ad5f	429	/* Load CRL File of type, WOLFSSL_SUCCESS on ok */
sPymbed	17:ff9d1e86ad5f	430	int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
sPymbed	17:ff9d1e86ad5f	431	int noVerify)
sPymbed	17:ff9d1e86ad5f	432	{
sPymbed	17:ff9d1e86ad5f	433	int ret = WOLFSSL_SUCCESS;
sPymbed	17:ff9d1e86ad5f	434	const byte* myBuffer = buff; /* if DER ok, otherwise switch */
sPymbed	17:ff9d1e86ad5f	435	DerBuffer* der = NULL;
sPymbed	17:ff9d1e86ad5f	436	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	437	DecodedCRL* dcrl;
sPymbed	17:ff9d1e86ad5f	438	#else
sPymbed	17:ff9d1e86ad5f	439	DecodedCRL dcrl[1];
sPymbed	17:ff9d1e86ad5f	440	#endif
sPymbed	17:ff9d1e86ad5f	441
sPymbed	17:ff9d1e86ad5f	442	WOLFSSL_ENTER("BufferLoadCRL");
sPymbed	17:ff9d1e86ad5f	443
sPymbed	17:ff9d1e86ad5f	444	if (crl == NULL \|\| buff == NULL \|\| sz == 0)
sPymbed	17:ff9d1e86ad5f	445	return BAD_FUNC_ARG;
sPymbed	17:ff9d1e86ad5f	446
sPymbed	17:ff9d1e86ad5f	447	if (type == WOLFSSL_FILETYPE_PEM) {
sPymbed	17:ff9d1e86ad5f	448	#ifdef WOLFSSL_PEM_TO_DER
sPymbed	17:ff9d1e86ad5f	449	ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
sPymbed	17:ff9d1e86ad5f	450	if (ret == 0) {
sPymbed	17:ff9d1e86ad5f	451	myBuffer = der->buffer;
sPymbed	17:ff9d1e86ad5f	452	sz = der->length;
sPymbed	17:ff9d1e86ad5f	453	}
sPymbed	17:ff9d1e86ad5f	454	else {
sPymbed	17:ff9d1e86ad5f	455	WOLFSSL_MSG("Pem to Der failed");
sPymbed	17:ff9d1e86ad5f	456	FreeDer(&der);
sPymbed	17:ff9d1e86ad5f	457	return -1;
sPymbed	17:ff9d1e86ad5f	458	}
sPymbed	17:ff9d1e86ad5f	459	#else
sPymbed	17:ff9d1e86ad5f	460	ret = NOT_COMPILED_IN;
sPymbed	17:ff9d1e86ad5f	461	#endif
sPymbed	17:ff9d1e86ad5f	462	}
sPymbed	17:ff9d1e86ad5f	463
sPymbed	17:ff9d1e86ad5f	464	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	465	dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	466	if (dcrl == NULL) {
sPymbed	17:ff9d1e86ad5f	467	FreeDer(&der);
sPymbed	17:ff9d1e86ad5f	468	return MEMORY_E;
sPymbed	17:ff9d1e86ad5f	469	}
sPymbed	17:ff9d1e86ad5f	470	#endif
sPymbed	17:ff9d1e86ad5f	471
sPymbed	17:ff9d1e86ad5f	472	InitDecodedCRL(dcrl, crl->heap);
sPymbed	17:ff9d1e86ad5f	473	ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
sPymbed	17:ff9d1e86ad5f	474	if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && noVerify)) {
sPymbed	17:ff9d1e86ad5f	475	WOLFSSL_MSG("ParseCRL error");
sPymbed	17:ff9d1e86ad5f	476	}
sPymbed	17:ff9d1e86ad5f	477	else {
sPymbed	17:ff9d1e86ad5f	478	ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E);
sPymbed	17:ff9d1e86ad5f	479	if (ret != 0) {
sPymbed	17:ff9d1e86ad5f	480	WOLFSSL_MSG("AddCRL error");
sPymbed	17:ff9d1e86ad5f	481	}
sPymbed	17:ff9d1e86ad5f	482	}
sPymbed	17:ff9d1e86ad5f	483
sPymbed	17:ff9d1e86ad5f	484	FreeDecodedCRL(dcrl);
sPymbed	17:ff9d1e86ad5f	485
sPymbed	17:ff9d1e86ad5f	486	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	487	XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	488	#endif
sPymbed	17:ff9d1e86ad5f	489
sPymbed	17:ff9d1e86ad5f	490	FreeDer(&der);
sPymbed	17:ff9d1e86ad5f	491
sPymbed	17:ff9d1e86ad5f	492	return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
sPymbed	17:ff9d1e86ad5f	493	}
sPymbed	17:ff9d1e86ad5f	494
sPymbed	17:ff9d1e86ad5f	495	#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
sPymbed	17:ff9d1e86ad5f	496	int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE store, WOLFSSL_X509_CRL newcrl)
sPymbed	17:ff9d1e86ad5f	497	{
sPymbed	17:ff9d1e86ad5f	498	CRL_Entry *crle;
sPymbed	17:ff9d1e86ad5f	499	WOLFSSL_CRL *crl;
sPymbed	17:ff9d1e86ad5f	500
sPymbed	17:ff9d1e86ad5f	501	WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl");
sPymbed	17:ff9d1e86ad5f	502	if (store == NULL \|\| newcrl == NULL)
sPymbed	17:ff9d1e86ad5f	503	return BAD_FUNC_ARG;
sPymbed	17:ff9d1e86ad5f	504
sPymbed	17:ff9d1e86ad5f	505	crl = store->crl;
sPymbed	17:ff9d1e86ad5f	506	crle = newcrl->crlList;
sPymbed	17:ff9d1e86ad5f	507
sPymbed	17:ff9d1e86ad5f	508	if (wc_LockMutex(&crl->crlLock) != 0)
sPymbed	17:ff9d1e86ad5f	509	{
sPymbed	17:ff9d1e86ad5f	510	WOLFSSL_MSG("wc_LockMutex failed");
sPymbed	17:ff9d1e86ad5f	511	return BAD_MUTEX_E;
sPymbed	17:ff9d1e86ad5f	512	}
sPymbed	17:ff9d1e86ad5f	513	crle->next = crl->crlList;
sPymbed	17:ff9d1e86ad5f	514	crl->crlList = crle;
sPymbed	17:ff9d1e86ad5f	515	newcrl->crlList = NULL;
sPymbed	17:ff9d1e86ad5f	516	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	517
sPymbed	17:ff9d1e86ad5f	518	WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS);
sPymbed	17:ff9d1e86ad5f	519
sPymbed	17:ff9d1e86ad5f	520	return WOLFSSL_SUCCESS;
sPymbed	17:ff9d1e86ad5f	521	}
sPymbed	17:ff9d1e86ad5f	522	#endif
sPymbed	17:ff9d1e86ad5f	523
sPymbed	17:ff9d1e86ad5f	524	#ifdef HAVE_CRL_MONITOR
sPymbed	17:ff9d1e86ad5f	525
sPymbed	17:ff9d1e86ad5f	526
sPymbed	17:ff9d1e86ad5f	527	/* Signal Monitor thread is setup, save status to setup flag, 0 on success */
sPymbed	17:ff9d1e86ad5f	528	static int SignalSetup(WOLFSSL_CRL* crl, int status)
sPymbed	17:ff9d1e86ad5f	529	{
sPymbed	17:ff9d1e86ad5f	530	int ret;
sPymbed	17:ff9d1e86ad5f	531
sPymbed	17:ff9d1e86ad5f	532	/* signal to calling thread we're setup */
sPymbed	17:ff9d1e86ad5f	533	if (wc_LockMutex(&crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	534	WOLFSSL_MSG("wc_LockMutex crlLock failed");
sPymbed	17:ff9d1e86ad5f	535	return BAD_MUTEX_E;
sPymbed	17:ff9d1e86ad5f	536	}
sPymbed	17:ff9d1e86ad5f	537
sPymbed	17:ff9d1e86ad5f	538	crl->setup = status;
sPymbed	17:ff9d1e86ad5f	539	ret = pthread_cond_signal(&crl->cond);
sPymbed	17:ff9d1e86ad5f	540
sPymbed	17:ff9d1e86ad5f	541	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	542
sPymbed	17:ff9d1e86ad5f	543	if (ret != 0)
sPymbed	17:ff9d1e86ad5f	544	return BAD_COND_E;
sPymbed	17:ff9d1e86ad5f	545
sPymbed	17:ff9d1e86ad5f	546	return 0;
sPymbed	17:ff9d1e86ad5f	547	}
sPymbed	17:ff9d1e86ad5f	548
wolfSSL	15:117db924cf7c	549
sPymbed	17:ff9d1e86ad5f	550	/* read in new CRL entries and save new list */
sPymbed	17:ff9d1e86ad5f	551	static int SwapLists(WOLFSSL_CRL* crl)
sPymbed	17:ff9d1e86ad5f	552	{
sPymbed	17:ff9d1e86ad5f	553	int ret;
sPymbed	17:ff9d1e86ad5f	554	CRL_Entry* newList;
sPymbed	17:ff9d1e86ad5f	555	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	556	WOLFSSL_CRL* tmp;
sPymbed	17:ff9d1e86ad5f	557	#else
sPymbed	17:ff9d1e86ad5f	558	WOLFSSL_CRL tmp[1];
sPymbed	17:ff9d1e86ad5f	559	#endif
sPymbed	17:ff9d1e86ad5f	560
sPymbed	17:ff9d1e86ad5f	561	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	562	tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	563	if (tmp == NULL)
sPymbed	17:ff9d1e86ad5f	564	return MEMORY_E;
sPymbed	17:ff9d1e86ad5f	565	#endif
sPymbed	17:ff9d1e86ad5f	566
sPymbed	17:ff9d1e86ad5f	567	if (InitCRL(tmp, crl->cm) < 0) {
sPymbed	17:ff9d1e86ad5f	568	WOLFSSL_MSG("Init tmp CRL failed");
sPymbed	17:ff9d1e86ad5f	569	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	570	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	571	#endif
sPymbed	17:ff9d1e86ad5f	572	return -1;
sPymbed	17:ff9d1e86ad5f	573	}
sPymbed	17:ff9d1e86ad5f	574
sPymbed	17:ff9d1e86ad5f	575	if (crl->monitors[0].path) {
sPymbed	17:ff9d1e86ad5f	576	ret = LoadCRL(tmp, crl->monitors[0].path, WOLFSSL_FILETYPE_PEM, 0);
sPymbed	17:ff9d1e86ad5f	577	if (ret != WOLFSSL_SUCCESS) {
sPymbed	17:ff9d1e86ad5f	578	WOLFSSL_MSG("PEM LoadCRL on dir change failed");
sPymbed	17:ff9d1e86ad5f	579	FreeCRL(tmp, 0);
sPymbed	17:ff9d1e86ad5f	580	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	581	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	582	#endif
sPymbed	17:ff9d1e86ad5f	583	return -1;
sPymbed	17:ff9d1e86ad5f	584	}
sPymbed	17:ff9d1e86ad5f	585	}
sPymbed	17:ff9d1e86ad5f	586
sPymbed	17:ff9d1e86ad5f	587	if (crl->monitors[1].path) {
sPymbed	17:ff9d1e86ad5f	588	ret = LoadCRL(tmp, crl->monitors[1].path, WOLFSSL_FILETYPE_ASN1, 0);
sPymbed	17:ff9d1e86ad5f	589	if (ret != WOLFSSL_SUCCESS) {
sPymbed	17:ff9d1e86ad5f	590	WOLFSSL_MSG("DER LoadCRL on dir change failed");
sPymbed	17:ff9d1e86ad5f	591	FreeCRL(tmp, 0);
sPymbed	17:ff9d1e86ad5f	592	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	593	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	594	#endif
sPymbed	17:ff9d1e86ad5f	595	return -1;
sPymbed	17:ff9d1e86ad5f	596	}
sPymbed	17:ff9d1e86ad5f	597	}
sPymbed	17:ff9d1e86ad5f	598
sPymbed	17:ff9d1e86ad5f	599	if (wc_LockMutex(&crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	600	WOLFSSL_MSG("wc_LockMutex failed");
sPymbed	17:ff9d1e86ad5f	601	FreeCRL(tmp, 0);
sPymbed	17:ff9d1e86ad5f	602	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	603	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	604	#endif
sPymbed	17:ff9d1e86ad5f	605	return -1;
sPymbed	17:ff9d1e86ad5f	606	}
sPymbed	17:ff9d1e86ad5f	607
sPymbed	17:ff9d1e86ad5f	608	newList = tmp->crlList;
sPymbed	17:ff9d1e86ad5f	609
sPymbed	17:ff9d1e86ad5f	610	/* swap lists */
sPymbed	17:ff9d1e86ad5f	611	tmp->crlList = crl->crlList;
sPymbed	17:ff9d1e86ad5f	612	crl->crlList = newList;
sPymbed	17:ff9d1e86ad5f	613
sPymbed	17:ff9d1e86ad5f	614	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	615
sPymbed	17:ff9d1e86ad5f	616	FreeCRL(tmp, 0);
sPymbed	17:ff9d1e86ad5f	617
sPymbed	17:ff9d1e86ad5f	618	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	619	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	620	#endif
sPymbed	17:ff9d1e86ad5f	621
sPymbed	17:ff9d1e86ad5f	622	return 0;
sPymbed	17:ff9d1e86ad5f	623	}
sPymbed	17:ff9d1e86ad5f	624
sPymbed	17:ff9d1e86ad5f	625
sPymbed	17:ff9d1e86ad5f	626	#if (defined(__MACH__) \|\| defined(__FreeBSD__))
sPymbed	17:ff9d1e86ad5f	627
sPymbed	17:ff9d1e86ad5f	628	#include <sys/types.h>
sPymbed	17:ff9d1e86ad5f	629	#include <sys/event.h>
sPymbed	17:ff9d1e86ad5f	630	#include <sys/time.h>
sPymbed	17:ff9d1e86ad5f	631	#include <fcntl.h>
sPymbed	17:ff9d1e86ad5f	632	#include <unistd.h>
sPymbed	17:ff9d1e86ad5f	633
sPymbed	17:ff9d1e86ad5f	634	#ifdef __MACH__
sPymbed	17:ff9d1e86ad5f	635	#define XEVENT_MODE O_EVTONLY
sPymbed	17:ff9d1e86ad5f	636	#elif defined(__FreeBSD__)
sPymbed	17:ff9d1e86ad5f	637	#define XEVENT_MODE EVFILT_VNODE
sPymbed	17:ff9d1e86ad5f	638	#endif
sPymbed	17:ff9d1e86ad5f	639
sPymbed	17:ff9d1e86ad5f	640
sPymbed	17:ff9d1e86ad5f	641	/* we need a unique kqueue user filter fd for crl in case user is doing custom
sPymbed	17:ff9d1e86ad5f	642	* events too */
sPymbed	17:ff9d1e86ad5f	643	#ifndef CRL_CUSTOM_FD
sPymbed	17:ff9d1e86ad5f	644	#define CRL_CUSTOM_FD 123456
sPymbed	17:ff9d1e86ad5f	645	#endif
sPymbed	17:ff9d1e86ad5f	646
sPymbed	17:ff9d1e86ad5f	647
sPymbed	17:ff9d1e86ad5f	648	/* shutdown monitor thread, 0 on success */
sPymbed	17:ff9d1e86ad5f	649	static int StopMonitor(int mfd)
sPymbed	17:ff9d1e86ad5f	650	{
sPymbed	17:ff9d1e86ad5f	651	struct kevent change;
sPymbed	17:ff9d1e86ad5f	652
sPymbed	17:ff9d1e86ad5f	653	/* trigger custom shutdown */
sPymbed	17:ff9d1e86ad5f	654	EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
sPymbed	17:ff9d1e86ad5f	655	if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
sPymbed	17:ff9d1e86ad5f	656	WOLFSSL_MSG("kevent trigger customer event failed");
sPymbed	17:ff9d1e86ad5f	657	return -1;
sPymbed	17:ff9d1e86ad5f	658	}
sPymbed	17:ff9d1e86ad5f	659
sPymbed	17:ff9d1e86ad5f	660	return 0;
sPymbed	17:ff9d1e86ad5f	661	}
sPymbed	17:ff9d1e86ad5f	662
sPymbed	17:ff9d1e86ad5f	663
sPymbed	17:ff9d1e86ad5f	664	/* OS X monitoring */
sPymbed	17:ff9d1e86ad5f	665	static void* DoMonitor(void* arg)
sPymbed	17:ff9d1e86ad5f	666	{
sPymbed	17:ff9d1e86ad5f	667	int fPEM, fDER;
sPymbed	17:ff9d1e86ad5f	668	struct kevent change;
sPymbed	17:ff9d1e86ad5f	669
sPymbed	17:ff9d1e86ad5f	670	WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
sPymbed	17:ff9d1e86ad5f	671
sPymbed	17:ff9d1e86ad5f	672	WOLFSSL_ENTER("DoMonitor");
sPymbed	17:ff9d1e86ad5f	673
sPymbed	17:ff9d1e86ad5f	674	crl->mfd = kqueue();
sPymbed	17:ff9d1e86ad5f	675	if (crl->mfd == -1) {
sPymbed	17:ff9d1e86ad5f	676	WOLFSSL_MSG("kqueue failed");
sPymbed	17:ff9d1e86ad5f	677	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	678	return NULL;
sPymbed	17:ff9d1e86ad5f	679	}
sPymbed	17:ff9d1e86ad5f	680
sPymbed	17:ff9d1e86ad5f	681	/* listen for custom shutdown event */
sPymbed	17:ff9d1e86ad5f	682	EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
sPymbed	17:ff9d1e86ad5f	683	if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
sPymbed	17:ff9d1e86ad5f	684	WOLFSSL_MSG("kevent monitor customer event failed");
sPymbed	17:ff9d1e86ad5f	685	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	686	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	687	return NULL;
sPymbed	17:ff9d1e86ad5f	688	}
sPymbed	17:ff9d1e86ad5f	689
sPymbed	17:ff9d1e86ad5f	690	fPEM = -1;
sPymbed	17:ff9d1e86ad5f	691	fDER = -1;
sPymbed	17:ff9d1e86ad5f	692
sPymbed	17:ff9d1e86ad5f	693	if (crl->monitors[0].path) {
sPymbed	17:ff9d1e86ad5f	694	fPEM = open(crl->monitors[0].path, XEVENT_MODE);
sPymbed	17:ff9d1e86ad5f	695	if (fPEM == -1) {
sPymbed	17:ff9d1e86ad5f	696	WOLFSSL_MSG("PEM event dir open failed");
sPymbed	17:ff9d1e86ad5f	697	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	698	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	699	return NULL;
sPymbed	17:ff9d1e86ad5f	700	}
sPymbed	17:ff9d1e86ad5f	701	}
sPymbed	17:ff9d1e86ad5f	702
sPymbed	17:ff9d1e86ad5f	703	if (crl->monitors[1].path) {
sPymbed	17:ff9d1e86ad5f	704	fDER = open(crl->monitors[1].path, XEVENT_MODE);
sPymbed	17:ff9d1e86ad5f	705	if (fDER == -1) {
sPymbed	17:ff9d1e86ad5f	706	WOLFSSL_MSG("DER event dir open failed");
sPymbed	17:ff9d1e86ad5f	707	if (fPEM != -1)
sPymbed	17:ff9d1e86ad5f	708	close(fPEM);
sPymbed	17:ff9d1e86ad5f	709	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	710	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	711	return NULL;
sPymbed	17:ff9d1e86ad5f	712	}
sPymbed	17:ff9d1e86ad5f	713	}
sPymbed	17:ff9d1e86ad5f	714
sPymbed	17:ff9d1e86ad5f	715	if (fPEM != -1)
sPymbed	17:ff9d1e86ad5f	716	EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD \| EV_ENABLE \| EV_ONESHOT,
sPymbed	17:ff9d1e86ad5f	717	NOTE_DELETE \| NOTE_EXTEND \| NOTE_WRITE \| NOTE_ATTRIB, 0, 0);
sPymbed	17:ff9d1e86ad5f	718
sPymbed	17:ff9d1e86ad5f	719	if (fDER != -1)
sPymbed	17:ff9d1e86ad5f	720	EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD \| EV_ENABLE \| EV_ONESHOT,
sPymbed	17:ff9d1e86ad5f	721	NOTE_DELETE \| NOTE_EXTEND \| NOTE_WRITE \| NOTE_ATTRIB, 0, 0);
sPymbed	17:ff9d1e86ad5f	722
sPymbed	17:ff9d1e86ad5f	723	/* signal to calling thread we're setup */
sPymbed	17:ff9d1e86ad5f	724	if (SignalSetup(crl, 1) != 0) {
sPymbed	17:ff9d1e86ad5f	725	if (fPEM != -1)
sPymbed	17:ff9d1e86ad5f	726	close(fPEM);
sPymbed	17:ff9d1e86ad5f	727	if (fDER != -1)
sPymbed	17:ff9d1e86ad5f	728	close(fDER);
sPymbed	17:ff9d1e86ad5f	729	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	730	return NULL;
sPymbed	17:ff9d1e86ad5f	731	}
sPymbed	17:ff9d1e86ad5f	732
sPymbed	17:ff9d1e86ad5f	733	for (;;) {
sPymbed	17:ff9d1e86ad5f	734	struct kevent event;
sPymbed	17:ff9d1e86ad5f	735	int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
sPymbed	17:ff9d1e86ad5f	736
sPymbed	17:ff9d1e86ad5f	737	WOLFSSL_MSG("Got kevent");
sPymbed	17:ff9d1e86ad5f	738
sPymbed	17:ff9d1e86ad5f	739	if (numEvents == -1) {
sPymbed	17:ff9d1e86ad5f	740	WOLFSSL_MSG("kevent problem, continue");
sPymbed	17:ff9d1e86ad5f	741	continue;
sPymbed	17:ff9d1e86ad5f	742	}
sPymbed	17:ff9d1e86ad5f	743
sPymbed	17:ff9d1e86ad5f	744	if (event.filter == EVFILT_USER) {
sPymbed	17:ff9d1e86ad5f	745	WOLFSSL_MSG("Got user shutdown event, breaking out");
sPymbed	17:ff9d1e86ad5f	746	break;
sPymbed	17:ff9d1e86ad5f	747	}
sPymbed	17:ff9d1e86ad5f	748
sPymbed	17:ff9d1e86ad5f	749	if (SwapLists(crl) < 0) {
sPymbed	17:ff9d1e86ad5f	750	WOLFSSL_MSG("SwapLists problem, continue");
sPymbed	17:ff9d1e86ad5f	751	}
sPymbed	17:ff9d1e86ad5f	752	}
sPymbed	17:ff9d1e86ad5f	753
sPymbed	17:ff9d1e86ad5f	754	if (fPEM != -1)
sPymbed	17:ff9d1e86ad5f	755	close(fPEM);
sPymbed	17:ff9d1e86ad5f	756	if (fDER != -1)
sPymbed	17:ff9d1e86ad5f	757	close(fDER);
sPymbed	17:ff9d1e86ad5f	758
sPymbed	17:ff9d1e86ad5f	759	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	760
sPymbed	17:ff9d1e86ad5f	761	return NULL;
sPymbed	17:ff9d1e86ad5f	762	}
sPymbed	17:ff9d1e86ad5f	763
sPymbed	17:ff9d1e86ad5f	764
sPymbed	17:ff9d1e86ad5f	765	#elif defined(__linux__)
sPymbed	17:ff9d1e86ad5f	766
sPymbed	17:ff9d1e86ad5f	767	#include <sys/types.h>
sPymbed	17:ff9d1e86ad5f	768	#include <sys/inotify.h>
sPymbed	17:ff9d1e86ad5f	769	#include <sys/eventfd.h>
sPymbed	17:ff9d1e86ad5f	770	#include <unistd.h>
sPymbed	17:ff9d1e86ad5f	771
sPymbed	17:ff9d1e86ad5f	772
sPymbed	17:ff9d1e86ad5f	773	#ifndef max
sPymbed	17:ff9d1e86ad5f	774	static WC_INLINE int max(int a, int b)
sPymbed	17:ff9d1e86ad5f	775	{
sPymbed	17:ff9d1e86ad5f	776	return a > b ? a : b;
sPymbed	17:ff9d1e86ad5f	777	}
sPymbed	17:ff9d1e86ad5f	778	#endif /* max */
sPymbed	17:ff9d1e86ad5f	779
sPymbed	17:ff9d1e86ad5f	780
sPymbed	17:ff9d1e86ad5f	781	/* shutdown monitor thread, 0 on success */
sPymbed	17:ff9d1e86ad5f	782	static int StopMonitor(int mfd)
sPymbed	17:ff9d1e86ad5f	783	{
sPymbed	17:ff9d1e86ad5f	784	word64 w64 = 1;
sPymbed	17:ff9d1e86ad5f	785
sPymbed	17:ff9d1e86ad5f	786	/* write to our custom event */
sPymbed	17:ff9d1e86ad5f	787	if (write(mfd, &w64, sizeof(w64)) < 0) {
sPymbed	17:ff9d1e86ad5f	788	WOLFSSL_MSG("StopMonitor write failed");
sPymbed	17:ff9d1e86ad5f	789	return -1;
sPymbed	17:ff9d1e86ad5f	790	}
sPymbed	17:ff9d1e86ad5f	791
sPymbed	17:ff9d1e86ad5f	792	return 0;
sPymbed	17:ff9d1e86ad5f	793	}
sPymbed	17:ff9d1e86ad5f	794
sPymbed	17:ff9d1e86ad5f	795
sPymbed	17:ff9d1e86ad5f	796	/* linux monitoring */
sPymbed	17:ff9d1e86ad5f	797	static void* DoMonitor(void* arg)
sPymbed	17:ff9d1e86ad5f	798	{
sPymbed	17:ff9d1e86ad5f	799	int notifyFd;
sPymbed	17:ff9d1e86ad5f	800	int wd = -1;
sPymbed	17:ff9d1e86ad5f	801	WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
sPymbed	17:ff9d1e86ad5f	802	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	803	char* buff;
sPymbed	17:ff9d1e86ad5f	804	#else
sPymbed	17:ff9d1e86ad5f	805	char buff[8192];
sPymbed	17:ff9d1e86ad5f	806	#endif
sPymbed	17:ff9d1e86ad5f	807
sPymbed	17:ff9d1e86ad5f	808	WOLFSSL_ENTER("DoMonitor");
sPymbed	17:ff9d1e86ad5f	809
sPymbed	17:ff9d1e86ad5f	810	crl->mfd = eventfd(0, 0); /* our custom shutdown event */
sPymbed	17:ff9d1e86ad5f	811	if (crl->mfd < 0) {
sPymbed	17:ff9d1e86ad5f	812	WOLFSSL_MSG("eventfd failed");
sPymbed	17:ff9d1e86ad5f	813	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	814	return NULL;
sPymbed	17:ff9d1e86ad5f	815	}
sPymbed	17:ff9d1e86ad5f	816
sPymbed	17:ff9d1e86ad5f	817	notifyFd = inotify_init();
sPymbed	17:ff9d1e86ad5f	818	if (notifyFd < 0) {
sPymbed	17:ff9d1e86ad5f	819	WOLFSSL_MSG("inotify failed");
sPymbed	17:ff9d1e86ad5f	820	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	821	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	822	return NULL;
sPymbed	17:ff9d1e86ad5f	823	}
sPymbed	17:ff9d1e86ad5f	824
sPymbed	17:ff9d1e86ad5f	825	if (crl->monitors[0].path) {
sPymbed	17:ff9d1e86ad5f	826	wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE \|
sPymbed	17:ff9d1e86ad5f	827	IN_DELETE);
sPymbed	17:ff9d1e86ad5f	828	if (wd < 0) {
sPymbed	17:ff9d1e86ad5f	829	WOLFSSL_MSG("PEM notify add watch failed");
sPymbed	17:ff9d1e86ad5f	830	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	831	close(notifyFd);
sPymbed	17:ff9d1e86ad5f	832	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	833	return NULL;
sPymbed	17:ff9d1e86ad5f	834	}
sPymbed	17:ff9d1e86ad5f	835	}
sPymbed	17:ff9d1e86ad5f	836
sPymbed	17:ff9d1e86ad5f	837	if (crl->monitors[1].path) {
sPymbed	17:ff9d1e86ad5f	838	wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE \|
sPymbed	17:ff9d1e86ad5f	839	IN_DELETE);
sPymbed	17:ff9d1e86ad5f	840	if (wd < 0) {
sPymbed	17:ff9d1e86ad5f	841	WOLFSSL_MSG("DER notify add watch failed");
sPymbed	17:ff9d1e86ad5f	842	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	843	close(notifyFd);
sPymbed	17:ff9d1e86ad5f	844	SignalSetup(crl, MONITOR_SETUP_E);
sPymbed	17:ff9d1e86ad5f	845	return NULL;
sPymbed	17:ff9d1e86ad5f	846	}
sPymbed	17:ff9d1e86ad5f	847	}
sPymbed	17:ff9d1e86ad5f	848
sPymbed	17:ff9d1e86ad5f	849	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	850	buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	851	if (buff == NULL)
sPymbed	17:ff9d1e86ad5f	852	return NULL;
sPymbed	17:ff9d1e86ad5f	853	#endif
sPymbed	17:ff9d1e86ad5f	854
sPymbed	17:ff9d1e86ad5f	855	/* signal to calling thread we're setup */
sPymbed	17:ff9d1e86ad5f	856	if (SignalSetup(crl, 1) != 0) {
sPymbed	17:ff9d1e86ad5f	857	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	858	XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	859	#endif
sPymbed	17:ff9d1e86ad5f	860
sPymbed	17:ff9d1e86ad5f	861	if (wd > 0)
sPymbed	17:ff9d1e86ad5f	862	inotify_rm_watch(notifyFd, wd);
sPymbed	17:ff9d1e86ad5f	863	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	864	close(notifyFd);
sPymbed	17:ff9d1e86ad5f	865	return NULL;
sPymbed	17:ff9d1e86ad5f	866	}
sPymbed	17:ff9d1e86ad5f	867
sPymbed	17:ff9d1e86ad5f	868	for (;;) {
sPymbed	17:ff9d1e86ad5f	869	fd_set readfds;
sPymbed	17:ff9d1e86ad5f	870	int result;
sPymbed	17:ff9d1e86ad5f	871	int length;
sPymbed	17:ff9d1e86ad5f	872
sPymbed	17:ff9d1e86ad5f	873	FD_ZERO(&readfds);
sPymbed	17:ff9d1e86ad5f	874	FD_SET(notifyFd, &readfds);
sPymbed	17:ff9d1e86ad5f	875	FD_SET(crl->mfd, &readfds);
sPymbed	17:ff9d1e86ad5f	876
sPymbed	17:ff9d1e86ad5f	877	result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
sPymbed	17:ff9d1e86ad5f	878
sPymbed	17:ff9d1e86ad5f	879	WOLFSSL_MSG("Got notify event");
sPymbed	17:ff9d1e86ad5f	880
sPymbed	17:ff9d1e86ad5f	881	if (result < 0) {
sPymbed	17:ff9d1e86ad5f	882	WOLFSSL_MSG("select problem, continue");
sPymbed	17:ff9d1e86ad5f	883	continue;
sPymbed	17:ff9d1e86ad5f	884	}
sPymbed	17:ff9d1e86ad5f	885
sPymbed	17:ff9d1e86ad5f	886	if (FD_ISSET(crl->mfd, &readfds)) {
sPymbed	17:ff9d1e86ad5f	887	WOLFSSL_MSG("got custom shutdown event, breaking out");
sPymbed	17:ff9d1e86ad5f	888	break;
sPymbed	17:ff9d1e86ad5f	889	}
sPymbed	17:ff9d1e86ad5f	890
sPymbed	17:ff9d1e86ad5f	891	length = (int) read(notifyFd, buff, 8192);
sPymbed	17:ff9d1e86ad5f	892	if (length < 0) {
sPymbed	17:ff9d1e86ad5f	893	WOLFSSL_MSG("notify read problem, continue");
sPymbed	17:ff9d1e86ad5f	894	continue;
sPymbed	17:ff9d1e86ad5f	895	}
sPymbed	17:ff9d1e86ad5f	896
sPymbed	17:ff9d1e86ad5f	897	if (SwapLists(crl) < 0) {
sPymbed	17:ff9d1e86ad5f	898	WOLFSSL_MSG("SwapLists problem, continue");
sPymbed	17:ff9d1e86ad5f	899	}
sPymbed	17:ff9d1e86ad5f	900	}
sPymbed	17:ff9d1e86ad5f	901
sPymbed	17:ff9d1e86ad5f	902	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	903	XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	904	#endif
sPymbed	17:ff9d1e86ad5f	905
sPymbed	17:ff9d1e86ad5f	906	if (wd > 0)
sPymbed	17:ff9d1e86ad5f	907	inotify_rm_watch(notifyFd, wd);
sPymbed	17:ff9d1e86ad5f	908	close(crl->mfd);
sPymbed	17:ff9d1e86ad5f	909	close(notifyFd);
sPymbed	17:ff9d1e86ad5f	910
sPymbed	17:ff9d1e86ad5f	911	return NULL;
sPymbed	17:ff9d1e86ad5f	912	}
sPymbed	17:ff9d1e86ad5f	913
sPymbed	17:ff9d1e86ad5f	914	#endif /* MACH or linux */
sPymbed	17:ff9d1e86ad5f	915
sPymbed	17:ff9d1e86ad5f	916
sPymbed	17:ff9d1e86ad5f	917	/* Start Monitoring the CRL path(s) in a thread */
sPymbed	17:ff9d1e86ad5f	918	static int StartMonitorCRL(WOLFSSL_CRL* crl)
sPymbed	17:ff9d1e86ad5f	919	{
sPymbed	17:ff9d1e86ad5f	920	int ret = WOLFSSL_SUCCESS;
sPymbed	17:ff9d1e86ad5f	921
sPymbed	17:ff9d1e86ad5f	922	WOLFSSL_ENTER("StartMonitorCRL");
sPymbed	17:ff9d1e86ad5f	923
sPymbed	17:ff9d1e86ad5f	924	if (crl == NULL)
sPymbed	17:ff9d1e86ad5f	925	return BAD_FUNC_ARG;
sPymbed	17:ff9d1e86ad5f	926
sPymbed	17:ff9d1e86ad5f	927	if (crl->tid != 0) {
sPymbed	17:ff9d1e86ad5f	928	WOLFSSL_MSG("Monitor thread already running");
sPymbed	17:ff9d1e86ad5f	929	return ret; /* that's ok, someone already started */
sPymbed	17:ff9d1e86ad5f	930	}
sPymbed	17:ff9d1e86ad5f	931
sPymbed	17:ff9d1e86ad5f	932	if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) {
sPymbed	17:ff9d1e86ad5f	933	WOLFSSL_MSG("Thread creation error");
sPymbed	17:ff9d1e86ad5f	934	return THREAD_CREATE_E;
sPymbed	17:ff9d1e86ad5f	935	}
sPymbed	17:ff9d1e86ad5f	936
sPymbed	17:ff9d1e86ad5f	937	/* wait for setup to complete */
sPymbed	17:ff9d1e86ad5f	938	if (wc_LockMutex(&crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	939	WOLFSSL_MSG("wc_LockMutex crlLock error");
sPymbed	17:ff9d1e86ad5f	940	return BAD_MUTEX_E;
sPymbed	17:ff9d1e86ad5f	941	}
sPymbed	17:ff9d1e86ad5f	942
sPymbed	17:ff9d1e86ad5f	943	while (crl->setup == 0) {
sPymbed	17:ff9d1e86ad5f	944	if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) {
sPymbed	17:ff9d1e86ad5f	945	ret = BAD_COND_E;
sPymbed	17:ff9d1e86ad5f	946	break;
sPymbed	17:ff9d1e86ad5f	947	}
sPymbed	17:ff9d1e86ad5f	948	}
sPymbed	17:ff9d1e86ad5f	949
sPymbed	17:ff9d1e86ad5f	950	if (crl->setup < 0)
sPymbed	17:ff9d1e86ad5f	951	ret = crl->setup; /* store setup error */
sPymbed	17:ff9d1e86ad5f	952
sPymbed	17:ff9d1e86ad5f	953	wc_UnLockMutex(&crl->crlLock);
sPymbed	17:ff9d1e86ad5f	954
sPymbed	17:ff9d1e86ad5f	955	if (ret < 0) {
sPymbed	17:ff9d1e86ad5f	956	WOLFSSL_MSG("DoMonitor setup failure");
sPymbed	17:ff9d1e86ad5f	957	crl->tid = 0; /* thread already done */
sPymbed	17:ff9d1e86ad5f	958	}
sPymbed	17:ff9d1e86ad5f	959
sPymbed	17:ff9d1e86ad5f	960	return ret;
sPymbed	17:ff9d1e86ad5f	961	}
sPymbed	17:ff9d1e86ad5f	962
sPymbed	17:ff9d1e86ad5f	963
sPymbed	17:ff9d1e86ad5f	964	#else /* HAVE_CRL_MONITOR */
sPymbed	17:ff9d1e86ad5f	965
sPymbed	17:ff9d1e86ad5f	966	#ifndef NO_FILESYSTEM
sPymbed	17:ff9d1e86ad5f	967
sPymbed	17:ff9d1e86ad5f	968	static int StartMonitorCRL(WOLFSSL_CRL* crl)
sPymbed	17:ff9d1e86ad5f	969	{
sPymbed	17:ff9d1e86ad5f	970	(void)crl;
sPymbed	17:ff9d1e86ad5f	971
sPymbed	17:ff9d1e86ad5f	972	WOLFSSL_ENTER("StartMonitorCRL");
sPymbed	17:ff9d1e86ad5f	973	WOLFSSL_MSG("Not compiled in");
sPymbed	17:ff9d1e86ad5f	974
sPymbed	17:ff9d1e86ad5f	975	return NOT_COMPILED_IN;
sPymbed	17:ff9d1e86ad5f	976	}
sPymbed	17:ff9d1e86ad5f	977
sPymbed	17:ff9d1e86ad5f	978	#endif /* NO_FILESYSTEM */
sPymbed	17:ff9d1e86ad5f	979
sPymbed	17:ff9d1e86ad5f	980	#endif /* HAVE_CRL_MONITOR */
sPymbed	17:ff9d1e86ad5f	981
sPymbed	17:ff9d1e86ad5f	982	#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
sPymbed	17:ff9d1e86ad5f	983
sPymbed	17:ff9d1e86ad5f	984	/* Load CRL path files of type, WOLFSSL_SUCCESS on ok */
sPymbed	17:ff9d1e86ad5f	985	int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
sPymbed	17:ff9d1e86ad5f	986	{
sPymbed	17:ff9d1e86ad5f	987	int ret = WOLFSSL_SUCCESS;
sPymbed	17:ff9d1e86ad5f	988	char* name = NULL;
sPymbed	17:ff9d1e86ad5f	989	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	990	ReadDirCtx* readCtx = NULL;
sPymbed	17:ff9d1e86ad5f	991	#else
sPymbed	17:ff9d1e86ad5f	992	ReadDirCtx readCtx[1];
sPymbed	17:ff9d1e86ad5f	993	#endif
sPymbed	17:ff9d1e86ad5f	994
sPymbed	17:ff9d1e86ad5f	995	WOLFSSL_ENTER("LoadCRL");
sPymbed	17:ff9d1e86ad5f	996	if (crl == NULL)
sPymbed	17:ff9d1e86ad5f	997	return BAD_FUNC_ARG;
sPymbed	17:ff9d1e86ad5f	998
sPymbed	17:ff9d1e86ad5f	999	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	1000	readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), crl->heap,
sPymbed	17:ff9d1e86ad5f	1001	DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	1002	if (readCtx == NULL)
sPymbed	17:ff9d1e86ad5f	1003	return MEMORY_E;
sPymbed	17:ff9d1e86ad5f	1004	#endif
sPymbed	17:ff9d1e86ad5f	1005
sPymbed	17:ff9d1e86ad5f	1006	/* try to load each regular file in path */
sPymbed	17:ff9d1e86ad5f	1007	ret = wc_ReadDirFirst(readCtx, path, &name);
sPymbed	17:ff9d1e86ad5f	1008	while (ret == 0 && name) {
sPymbed	17:ff9d1e86ad5f	1009	int skip = 0;
sPymbed	17:ff9d1e86ad5f	1010	if (type == WOLFSSL_FILETYPE_PEM) {
sPymbed	17:ff9d1e86ad5f	1011	if (XSTRSTR(name, ".pem") == NULL) {
sPymbed	17:ff9d1e86ad5f	1012	WOLFSSL_MSG("not .pem file, skipping");
sPymbed	17:ff9d1e86ad5f	1013	skip = 1;
sPymbed	17:ff9d1e86ad5f	1014	}
sPymbed	17:ff9d1e86ad5f	1015	}
sPymbed	17:ff9d1e86ad5f	1016	else {
sPymbed	17:ff9d1e86ad5f	1017	if (XSTRSTR(name, ".der") == NULL &&
sPymbed	17:ff9d1e86ad5f	1018	XSTRSTR(name, ".crl") == NULL)
sPymbed	17:ff9d1e86ad5f	1019	{
sPymbed	17:ff9d1e86ad5f	1020	WOLFSSL_MSG("not .der or .crl file, skipping");
sPymbed	17:ff9d1e86ad5f	1021	skip = 1;
sPymbed	17:ff9d1e86ad5f	1022	}
sPymbed	17:ff9d1e86ad5f	1023	}
sPymbed	17:ff9d1e86ad5f	1024
sPymbed	17:ff9d1e86ad5f	1025	if (!skip && ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
sPymbed	17:ff9d1e86ad5f	1026	!= WOLFSSL_SUCCESS) {
sPymbed	17:ff9d1e86ad5f	1027	WOLFSSL_MSG("CRL file load failed, continuing");
sPymbed	17:ff9d1e86ad5f	1028	}
sPymbed	17:ff9d1e86ad5f	1029
sPymbed	17:ff9d1e86ad5f	1030	ret = wc_ReadDirNext(readCtx, path, &name);
sPymbed	17:ff9d1e86ad5f	1031	}
sPymbed	17:ff9d1e86ad5f	1032	wc_ReadDirClose(readCtx);
sPymbed	17:ff9d1e86ad5f	1033	ret = WOLFSSL_SUCCESS; /* load failures not reported, for backwards compat */
sPymbed	17:ff9d1e86ad5f	1034
sPymbed	17:ff9d1e86ad5f	1035	#ifdef WOLFSSL_SMALL_STACK
sPymbed	17:ff9d1e86ad5f	1036	XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER);
sPymbed	17:ff9d1e86ad5f	1037	#endif
sPymbed	17:ff9d1e86ad5f	1038
sPymbed	17:ff9d1e86ad5f	1039	if (monitor & WOLFSSL_CRL_MONITOR) {
sPymbed	17:ff9d1e86ad5f	1040	word32 pathLen;
sPymbed	17:ff9d1e86ad5f	1041	char* pathBuf;
sPymbed	17:ff9d1e86ad5f	1042
sPymbed	17:ff9d1e86ad5f	1043	WOLFSSL_MSG("monitor path requested");
sPymbed	17:ff9d1e86ad5f	1044
sPymbed	17:ff9d1e86ad5f	1045	pathLen = (word32)XSTRLEN(path);
sPymbed	17:ff9d1e86ad5f	1046	pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
sPymbed	17:ff9d1e86ad5f	1047	if (pathBuf) {
sPymbed	17:ff9d1e86ad5f	1048	XSTRNCPY(pathBuf, path, pathLen);
sPymbed	17:ff9d1e86ad5f	1049	pathBuf[pathLen] = '\0'; /* Null Terminate */
sPymbed	17:ff9d1e86ad5f	1050
sPymbed	17:ff9d1e86ad5f	1051	if (type == WOLFSSL_FILETYPE_PEM) {
sPymbed	17:ff9d1e86ad5f	1052	/* free old path before setting a new one */
sPymbed	17:ff9d1e86ad5f	1053	if (crl->monitors[0].path) {
sPymbed	17:ff9d1e86ad5f	1054	XFREE(crl->monitors[0].path, crl->heap,
sPymbed	17:ff9d1e86ad5f	1055	DYNAMIC_TYPE_CRL_MONITOR);
sPymbed	17:ff9d1e86ad5f	1056	}
sPymbed	17:ff9d1e86ad5f	1057	crl->monitors[0].path = pathBuf;
sPymbed	17:ff9d1e86ad5f	1058	crl->monitors[0].type = WOLFSSL_FILETYPE_PEM;
sPymbed	17:ff9d1e86ad5f	1059	} else {
sPymbed	17:ff9d1e86ad5f	1060	/* free old path before setting a new one */
sPymbed	17:ff9d1e86ad5f	1061	if (crl->monitors[1].path) {
sPymbed	17:ff9d1e86ad5f	1062	XFREE(crl->monitors[1].path, crl->heap,
sPymbed	17:ff9d1e86ad5f	1063	DYNAMIC_TYPE_CRL_MONITOR);
sPymbed	17:ff9d1e86ad5f	1064	}
sPymbed	17:ff9d1e86ad5f	1065	crl->monitors[1].path = pathBuf;
sPymbed	17:ff9d1e86ad5f	1066	crl->monitors[1].type = WOLFSSL_FILETYPE_ASN1;
sPymbed	17:ff9d1e86ad5f	1067	}
sPymbed	17:ff9d1e86ad5f	1068
sPymbed	17:ff9d1e86ad5f	1069	if (monitor & WOLFSSL_CRL_START_MON) {
sPymbed	17:ff9d1e86ad5f	1070	WOLFSSL_MSG("start monitoring requested");
sPymbed	17:ff9d1e86ad5f	1071
sPymbed	17:ff9d1e86ad5f	1072	ret = StartMonitorCRL(crl);
sPymbed	17:ff9d1e86ad5f	1073	}
sPymbed	17:ff9d1e86ad5f	1074	}
sPymbed	17:ff9d1e86ad5f	1075	else {
sPymbed	17:ff9d1e86ad5f	1076	ret = MEMORY_E;
sPymbed	17:ff9d1e86ad5f	1077	}
sPymbed	17:ff9d1e86ad5f	1078	}
sPymbed	17:ff9d1e86ad5f	1079
sPymbed	17:ff9d1e86ad5f	1080	return ret;
sPymbed	17:ff9d1e86ad5f	1081	}
sPymbed	17:ff9d1e86ad5f	1082
sPymbed	17:ff9d1e86ad5f	1083	#else
sPymbed	17:ff9d1e86ad5f	1084	int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
sPymbed	17:ff9d1e86ad5f	1085	{
sPymbed	17:ff9d1e86ad5f	1086	(void)crl;
sPymbed	17:ff9d1e86ad5f	1087	(void)path;
sPymbed	17:ff9d1e86ad5f	1088	(void)type;
sPymbed	17:ff9d1e86ad5f	1089	(void)monitor;
sPymbed	17:ff9d1e86ad5f	1090
sPymbed	17:ff9d1e86ad5f	1091	/* stub for scenario where file system is not supported */
sPymbed	17:ff9d1e86ad5f	1092	return NOT_COMPILED_IN;
sPymbed	17:ff9d1e86ad5f	1093	}
sPymbed	17:ff9d1e86ad5f	1094	#endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
sPymbed	17:ff9d1e86ad5f	1095
sPymbed	17:ff9d1e86ad5f	1096	#endif /* HAVE_CRL */
sPymbed	17:ff9d1e86ad5f	1097	#endif /* !WOLFCRYPT_ONLY */
sPymbed	17:ff9d1e86ad5f	1098

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	19 Nov 2019
Imports:	7
Forks:	0
Commits:	18
Dependents:	1
Dependencies:	0
Followers:	1

src/crl.c@17:ff9d1e86ad5f, 2019-11-20 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning