wolfSSL-TLS13-Beta - wolfSSL 3.11.1 for TLS1.3 beta

Users » wolfSSL » Code » wolfSSL-TLS13-Beta

wolfSSL 3.11.1 for TLS1.3 beta

src/crl.c@0:d92f9d21154c, 2015-06-26 (annotated)

Committer:: wolfSSL
Date:: Fri Jun 26 00:39:20 2015 +0000
Revision:: 0:d92f9d21154c

wolfSSL 3.6.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	0:d92f9d21154c	1	/* crl.c
wolfSSL	0:d92f9d21154c	2	*
wolfSSL	0:d92f9d21154c	3	* Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL	0:d92f9d21154c	4	*
wolfSSL	0:d92f9d21154c	5	* This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL	0:d92f9d21154c	6	*
wolfSSL	0:d92f9d21154c	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	0:d92f9d21154c	8	* it under the terms of the GNU General Public License as published by
wolfSSL	0:d92f9d21154c	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	0:d92f9d21154c	10	* (at your option) any later version.
wolfSSL	0:d92f9d21154c	11	*
wolfSSL	0:d92f9d21154c	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	0:d92f9d21154c	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	0:d92f9d21154c	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	0:d92f9d21154c	15	* GNU General Public License for more details.
wolfSSL	0:d92f9d21154c	16	*
wolfSSL	0:d92f9d21154c	17	* You should have received a copy of the GNU General Public License
wolfSSL	0:d92f9d21154c	18	* along with this program; if not, write to the Free Software
wolfSSL	0:d92f9d21154c	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL	0:d92f9d21154c	20	*/
wolfSSL	0:d92f9d21154c	21
wolfSSL	0:d92f9d21154c	22	/* Name change compatibility layer no longer needs included here */
wolfSSL	0:d92f9d21154c	23
wolfSSL	0:d92f9d21154c	24	#ifdef HAVE_CONFIG_H
wolfSSL	0:d92f9d21154c	25	#include <config.h>
wolfSSL	0:d92f9d21154c	26	#endif
wolfSSL	0:d92f9d21154c	27
wolfSSL	0:d92f9d21154c	28	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	0:d92f9d21154c	29
wolfSSL	0:d92f9d21154c	30	#ifdef HAVE_CRL
wolfSSL	0:d92f9d21154c	31
wolfSSL	0:d92f9d21154c	32	#include <wolfssl/internal.h>
wolfSSL	0:d92f9d21154c	33	#include <wolfssl/error-ssl.h>
wolfSSL	0:d92f9d21154c	34
wolfSSL	0:d92f9d21154c	35	#include <dirent.h>
wolfSSL	0:d92f9d21154c	36	#include <sys/stat.h>
wolfSSL	0:d92f9d21154c	37	#include <string.h>
wolfSSL	0:d92f9d21154c	38
wolfSSL	0:d92f9d21154c	39	#ifdef HAVE_CRL_MONITOR
wolfSSL	0:d92f9d21154c	40	static int StopMonitor(int mfd);
wolfSSL	0:d92f9d21154c	41	#endif
wolfSSL	0:d92f9d21154c	42
wolfSSL	0:d92f9d21154c	43
wolfSSL	0:d92f9d21154c	44	/* Initialze CRL members */
wolfSSL	0:d92f9d21154c	45	int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
wolfSSL	0:d92f9d21154c	46	{
wolfSSL	0:d92f9d21154c	47	WOLFSSL_ENTER("InitCRL");
wolfSSL	0:d92f9d21154c	48
wolfSSL	0:d92f9d21154c	49	crl->cm = cm;
wolfSSL	0:d92f9d21154c	50	crl->crlList = NULL;
wolfSSL	0:d92f9d21154c	51	crl->monitors[0].path = NULL;
wolfSSL	0:d92f9d21154c	52	crl->monitors[1].path = NULL;
wolfSSL	0:d92f9d21154c	53	#ifdef HAVE_CRL_MONITOR
wolfSSL	0:d92f9d21154c	54	crl->tid = 0;
wolfSSL	0:d92f9d21154c	55	crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
wolfSSL	0:d92f9d21154c	56	#endif
wolfSSL	0:d92f9d21154c	57	if (InitMutex(&crl->crlLock) != 0)
wolfSSL	0:d92f9d21154c	58	return BAD_MUTEX_E;
wolfSSL	0:d92f9d21154c	59
wolfSSL	0:d92f9d21154c	60	return 0;
wolfSSL	0:d92f9d21154c	61	}
wolfSSL	0:d92f9d21154c	62
wolfSSL	0:d92f9d21154c	63
wolfSSL	0:d92f9d21154c	64	/* Initialze CRL Entry */
wolfSSL	0:d92f9d21154c	65	static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
wolfSSL	0:d92f9d21154c	66	{
wolfSSL	0:d92f9d21154c	67	WOLFSSL_ENTER("InitCRL_Entry");
wolfSSL	0:d92f9d21154c	68
wolfSSL	0:d92f9d21154c	69	XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
wolfSSL	0:d92f9d21154c	70	/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
wolfSSL	0:d92f9d21154c	71	* copy the hash here if needed for optimized comparisons */
wolfSSL	0:d92f9d21154c	72	XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
wolfSSL	0:d92f9d21154c	73	XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
wolfSSL	0:d92f9d21154c	74	crle->lastDateFormat = dcrl->lastDateFormat;
wolfSSL	0:d92f9d21154c	75	crle->nextDateFormat = dcrl->nextDateFormat;
wolfSSL	0:d92f9d21154c	76
wolfSSL	0:d92f9d21154c	77	crle->certs = dcrl->certs; /* take ownsership */
wolfSSL	0:d92f9d21154c	78	dcrl->certs = NULL;
wolfSSL	0:d92f9d21154c	79	crle->totalCerts = dcrl->totalCerts;
wolfSSL	0:d92f9d21154c	80
wolfSSL	0:d92f9d21154c	81	return 0;
wolfSSL	0:d92f9d21154c	82	}
wolfSSL	0:d92f9d21154c	83
wolfSSL	0:d92f9d21154c	84
wolfSSL	0:d92f9d21154c	85	/* Free all CRL Entry resources */
wolfSSL	0:d92f9d21154c	86	static void FreeCRL_Entry(CRL_Entry* crle)
wolfSSL	0:d92f9d21154c	87	{
wolfSSL	0:d92f9d21154c	88	RevokedCert* tmp = crle->certs;
wolfSSL	0:d92f9d21154c	89
wolfSSL	0:d92f9d21154c	90	WOLFSSL_ENTER("FreeCRL_Entry");
wolfSSL	0:d92f9d21154c	91
wolfSSL	0:d92f9d21154c	92	while(tmp) {
wolfSSL	0:d92f9d21154c	93	RevokedCert* next = tmp->next;
wolfSSL	0:d92f9d21154c	94	XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED);
wolfSSL	0:d92f9d21154c	95	tmp = next;
wolfSSL	0:d92f9d21154c	96	}
wolfSSL	0:d92f9d21154c	97	}
wolfSSL	0:d92f9d21154c	98
wolfSSL	0:d92f9d21154c	99
wolfSSL	0:d92f9d21154c	100
wolfSSL	0:d92f9d21154c	101	/* Free all CRL resources */
wolfSSL	0:d92f9d21154c	102	void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
wolfSSL	0:d92f9d21154c	103	{
wolfSSL	0:d92f9d21154c	104	CRL_Entry* tmp = crl->crlList;
wolfSSL	0:d92f9d21154c	105
wolfSSL	0:d92f9d21154c	106	WOLFSSL_ENTER("FreeCRL");
wolfSSL	0:d92f9d21154c	107
wolfSSL	0:d92f9d21154c	108	if (crl->monitors[0].path)
wolfSSL	0:d92f9d21154c	109	XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
wolfSSL	0:d92f9d21154c	110
wolfSSL	0:d92f9d21154c	111	if (crl->monitors[1].path)
wolfSSL	0:d92f9d21154c	112	XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
wolfSSL	0:d92f9d21154c	113
wolfSSL	0:d92f9d21154c	114	while(tmp) {
wolfSSL	0:d92f9d21154c	115	CRL_Entry* next = tmp->next;
wolfSSL	0:d92f9d21154c	116	FreeCRL_Entry(tmp);
wolfSSL	0:d92f9d21154c	117	XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
wolfSSL	0:d92f9d21154c	118	tmp = next;
wolfSSL	0:d92f9d21154c	119	}
wolfSSL	0:d92f9d21154c	120
wolfSSL	0:d92f9d21154c	121	#ifdef HAVE_CRL_MONITOR
wolfSSL	0:d92f9d21154c	122	if (crl->tid != 0) {
wolfSSL	0:d92f9d21154c	123	WOLFSSL_MSG("stopping monitor thread");
wolfSSL	0:d92f9d21154c	124	if (StopMonitor(crl->mfd) == 0)
wolfSSL	0:d92f9d21154c	125	pthread_join(crl->tid, NULL);
wolfSSL	0:d92f9d21154c	126	else {
wolfSSL	0:d92f9d21154c	127	WOLFSSL_MSG("stop monitor failed, cancel instead");
wolfSSL	0:d92f9d21154c	128	pthread_cancel(crl->tid);
wolfSSL	0:d92f9d21154c	129	}
wolfSSL	0:d92f9d21154c	130	}
wolfSSL	0:d92f9d21154c	131	#endif
wolfSSL	0:d92f9d21154c	132	FreeMutex(&crl->crlLock);
wolfSSL	0:d92f9d21154c	133	if (dynamic) /* free self */
wolfSSL	0:d92f9d21154c	134	XFREE(crl, NULL, DYNAMIC_TYPE_CRL);
wolfSSL	0:d92f9d21154c	135	}
wolfSSL	0:d92f9d21154c	136
wolfSSL	0:d92f9d21154c	137
wolfSSL	0:d92f9d21154c	138	/* Is the cert ok with CRL, return 0 on success */
wolfSSL	0:d92f9d21154c	139	int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
wolfSSL	0:d92f9d21154c	140	{
wolfSSL	0:d92f9d21154c	141	CRL_Entry* crle;
wolfSSL	0:d92f9d21154c	142	int foundEntry = 0;
wolfSSL	0:d92f9d21154c	143	int ret = 0;
wolfSSL	0:d92f9d21154c	144
wolfSSL	0:d92f9d21154c	145	WOLFSSL_ENTER("CheckCertCRL");
wolfSSL	0:d92f9d21154c	146
wolfSSL	0:d92f9d21154c	147	if (LockMutex(&crl->crlLock) != 0) {
wolfSSL	0:d92f9d21154c	148	WOLFSSL_MSG("LockMutex failed");
wolfSSL	0:d92f9d21154c	149	return BAD_MUTEX_E;
wolfSSL	0:d92f9d21154c	150	}
wolfSSL	0:d92f9d21154c	151
wolfSSL	0:d92f9d21154c	152	crle = crl->crlList;
wolfSSL	0:d92f9d21154c	153
wolfSSL	0:d92f9d21154c	154	while (crle) {
wolfSSL	0:d92f9d21154c	155	if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
wolfSSL	0:d92f9d21154c	156	WOLFSSL_MSG("Found CRL Entry on list");
wolfSSL	0:d92f9d21154c	157	WOLFSSL_MSG("Checking next date validity");
wolfSSL	0:d92f9d21154c	158
wolfSSL	0:d92f9d21154c	159	if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
wolfSSL	0:d92f9d21154c	160	WOLFSSL_MSG("CRL next date is no longer valid");
wolfSSL	0:d92f9d21154c	161	ret = ASN_AFTER_DATE_E;
wolfSSL	0:d92f9d21154c	162	}
wolfSSL	0:d92f9d21154c	163	else
wolfSSL	0:d92f9d21154c	164	foundEntry = 1;
wolfSSL	0:d92f9d21154c	165	break;
wolfSSL	0:d92f9d21154c	166	}
wolfSSL	0:d92f9d21154c	167	crle = crle->next;
wolfSSL	0:d92f9d21154c	168	}
wolfSSL	0:d92f9d21154c	169
wolfSSL	0:d92f9d21154c	170	if (foundEntry) {
wolfSSL	0:d92f9d21154c	171	RevokedCert* rc = crle->certs;
wolfSSL	0:d92f9d21154c	172
wolfSSL	0:d92f9d21154c	173	while (rc) {
wolfSSL	0:d92f9d21154c	174	if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
wolfSSL	0:d92f9d21154c	175	WOLFSSL_MSG("Cert revoked");
wolfSSL	0:d92f9d21154c	176	ret = CRL_CERT_REVOKED;
wolfSSL	0:d92f9d21154c	177	break;
wolfSSL	0:d92f9d21154c	178	}
wolfSSL	0:d92f9d21154c	179	rc = rc->next;
wolfSSL	0:d92f9d21154c	180	}
wolfSSL	0:d92f9d21154c	181	}
wolfSSL	0:d92f9d21154c	182
wolfSSL	0:d92f9d21154c	183	UnLockMutex(&crl->crlLock);
wolfSSL	0:d92f9d21154c	184
wolfSSL	0:d92f9d21154c	185	if (foundEntry == 0) {
wolfSSL	0:d92f9d21154c	186	WOLFSSL_MSG("Couldn't find CRL for status check");
wolfSSL	0:d92f9d21154c	187	ret = CRL_MISSING;
wolfSSL	0:d92f9d21154c	188	if (crl->cm->cbMissingCRL) {
wolfSSL	0:d92f9d21154c	189	char url[256];
wolfSSL	0:d92f9d21154c	190
wolfSSL	0:d92f9d21154c	191	WOLFSSL_MSG("Issuing missing CRL callback");
wolfSSL	0:d92f9d21154c	192	url[0] = '\0';
wolfSSL	0:d92f9d21154c	193	if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
wolfSSL	0:d92f9d21154c	194	XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
wolfSSL	0:d92f9d21154c	195	url[cert->extCrlInfoSz] = '\0';
wolfSSL	0:d92f9d21154c	196	}
wolfSSL	0:d92f9d21154c	197	else {
wolfSSL	0:d92f9d21154c	198	WOLFSSL_MSG("CRL url too long");
wolfSSL	0:d92f9d21154c	199	}
wolfSSL	0:d92f9d21154c	200	crl->cm->cbMissingCRL(url);
wolfSSL	0:d92f9d21154c	201	}
wolfSSL	0:d92f9d21154c	202	}
wolfSSL	0:d92f9d21154c	203
wolfSSL	0:d92f9d21154c	204
wolfSSL	0:d92f9d21154c	205	return ret;
wolfSSL	0:d92f9d21154c	206	}
wolfSSL	0:d92f9d21154c	207
wolfSSL	0:d92f9d21154c	208
wolfSSL	0:d92f9d21154c	209	/* Add Decoded CRL, 0 on success */
wolfSSL	0:d92f9d21154c	210	static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl)
wolfSSL	0:d92f9d21154c	211	{
wolfSSL	0:d92f9d21154c	212	CRL_Entry* crle;
wolfSSL	0:d92f9d21154c	213
wolfSSL	0:d92f9d21154c	214	WOLFSSL_ENTER("AddCRL");
wolfSSL	0:d92f9d21154c	215
wolfSSL	0:d92f9d21154c	216	crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY);
wolfSSL	0:d92f9d21154c	217	if (crle == NULL) {
wolfSSL	0:d92f9d21154c	218	WOLFSSL_MSG("alloc CRL Entry failed");
wolfSSL	0:d92f9d21154c	219	return -1;
wolfSSL	0:d92f9d21154c	220	}
wolfSSL	0:d92f9d21154c	221
wolfSSL	0:d92f9d21154c	222	if (InitCRL_Entry(crle, dcrl) < 0) {
wolfSSL	0:d92f9d21154c	223	WOLFSSL_MSG("Init CRL Entry failed");
wolfSSL	0:d92f9d21154c	224	XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
wolfSSL	0:d92f9d21154c	225	return -1;
wolfSSL	0:d92f9d21154c	226	}
wolfSSL	0:d92f9d21154c	227
wolfSSL	0:d92f9d21154c	228	if (LockMutex(&crl->crlLock) != 0) {
wolfSSL	0:d92f9d21154c	229	WOLFSSL_MSG("LockMutex failed");
wolfSSL	0:d92f9d21154c	230	FreeCRL_Entry(crle);
wolfSSL	0:d92f9d21154c	231	XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
wolfSSL	0:d92f9d21154c	232	return BAD_MUTEX_E;
wolfSSL	0:d92f9d21154c	233	}
wolfSSL	0:d92f9d21154c	234	crle->next = crl->crlList;
wolfSSL	0:d92f9d21154c	235	crl->crlList = crle;
wolfSSL	0:d92f9d21154c	236	UnLockMutex(&crl->crlLock);
wolfSSL	0:d92f9d21154c	237
wolfSSL	0:d92f9d21154c	238	return 0;
wolfSSL	0:d92f9d21154c	239	}
wolfSSL	0:d92f9d21154c	240
wolfSSL	0:d92f9d21154c	241
wolfSSL	0:d92f9d21154c	242	/* Load CRL File of type, SSL_SUCCESS on ok */
wolfSSL	0:d92f9d21154c	243	int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type)
wolfSSL	0:d92f9d21154c	244	{
wolfSSL	0:d92f9d21154c	245	int ret = SSL_SUCCESS;
wolfSSL	0:d92f9d21154c	246	const byte* myBuffer = buff; /* if DER ok, otherwise switch */
wolfSSL	0:d92f9d21154c	247	buffer der;
wolfSSL	0:d92f9d21154c	248	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	249	DecodedCRL* dcrl;
wolfSSL	0:d92f9d21154c	250	#else
wolfSSL	0:d92f9d21154c	251	DecodedCRL dcrl[1];
wolfSSL	0:d92f9d21154c	252	#endif
wolfSSL	0:d92f9d21154c	253
wolfSSL	0:d92f9d21154c	254	der.buffer = NULL;
wolfSSL	0:d92f9d21154c	255
wolfSSL	0:d92f9d21154c	256	WOLFSSL_ENTER("BufferLoadCRL");
wolfSSL	0:d92f9d21154c	257
wolfSSL	0:d92f9d21154c	258	if (crl == NULL \|\| buff == NULL \|\| sz == 0)
wolfSSL	0:d92f9d21154c	259	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	260
wolfSSL	0:d92f9d21154c	261	if (type == SSL_FILETYPE_PEM) {
wolfSSL	0:d92f9d21154c	262	int eccKey = 0; /* not used */
wolfSSL	0:d92f9d21154c	263	EncryptedInfo info;
wolfSSL	0:d92f9d21154c	264	info.ctx = NULL;
wolfSSL	0:d92f9d21154c	265
wolfSSL	0:d92f9d21154c	266	ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey);
wolfSSL	0:d92f9d21154c	267	if (ret == 0) {
wolfSSL	0:d92f9d21154c	268	myBuffer = der.buffer;
wolfSSL	0:d92f9d21154c	269	sz = der.length;
wolfSSL	0:d92f9d21154c	270	}
wolfSSL	0:d92f9d21154c	271	else {
wolfSSL	0:d92f9d21154c	272	WOLFSSL_MSG("Pem to Der failed");
wolfSSL	0:d92f9d21154c	273	return -1;
wolfSSL	0:d92f9d21154c	274	}
wolfSSL	0:d92f9d21154c	275	}
wolfSSL	0:d92f9d21154c	276
wolfSSL	0:d92f9d21154c	277	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	278	dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	279	if (dcrl == NULL) {
wolfSSL	0:d92f9d21154c	280	if (der.buffer)
wolfSSL	0:d92f9d21154c	281	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
wolfSSL	0:d92f9d21154c	282
wolfSSL	0:d92f9d21154c	283	return MEMORY_E;
wolfSSL	0:d92f9d21154c	284	}
wolfSSL	0:d92f9d21154c	285	#endif
wolfSSL	0:d92f9d21154c	286
wolfSSL	0:d92f9d21154c	287	InitDecodedCRL(dcrl);
wolfSSL	0:d92f9d21154c	288	ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
wolfSSL	0:d92f9d21154c	289	if (ret != 0) {
wolfSSL	0:d92f9d21154c	290	WOLFSSL_MSG("ParseCRL error");
wolfSSL	0:d92f9d21154c	291	}
wolfSSL	0:d92f9d21154c	292	else {
wolfSSL	0:d92f9d21154c	293	ret = AddCRL(crl, dcrl);
wolfSSL	0:d92f9d21154c	294	if (ret != 0) {
wolfSSL	0:d92f9d21154c	295	WOLFSSL_MSG("AddCRL error");
wolfSSL	0:d92f9d21154c	296	}
wolfSSL	0:d92f9d21154c	297	}
wolfSSL	0:d92f9d21154c	298
wolfSSL	0:d92f9d21154c	299	FreeDecodedCRL(dcrl);
wolfSSL	0:d92f9d21154c	300
wolfSSL	0:d92f9d21154c	301	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	302	XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	303	#endif
wolfSSL	0:d92f9d21154c	304
wolfSSL	0:d92f9d21154c	305	if (der.buffer)
wolfSSL	0:d92f9d21154c	306	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CRL);
wolfSSL	0:d92f9d21154c	307
wolfSSL	0:d92f9d21154c	308	return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */
wolfSSL	0:d92f9d21154c	309	}
wolfSSL	0:d92f9d21154c	310
wolfSSL	0:d92f9d21154c	311
wolfSSL	0:d92f9d21154c	312	#ifdef HAVE_CRL_MONITOR
wolfSSL	0:d92f9d21154c	313
wolfSSL	0:d92f9d21154c	314
wolfSSL	0:d92f9d21154c	315	/* read in new CRL entries and save new list */
wolfSSL	0:d92f9d21154c	316	static int SwapLists(WOLFSSL_CRL* crl)
wolfSSL	0:d92f9d21154c	317	{
wolfSSL	0:d92f9d21154c	318	int ret;
wolfSSL	0:d92f9d21154c	319	CRL_Entry* newList;
wolfSSL	0:d92f9d21154c	320	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	321	WOLFSSL_CRL* tmp;
wolfSSL	0:d92f9d21154c	322	#else
wolfSSL	0:d92f9d21154c	323	WOLFSSL_CRL tmp[1];
wolfSSL	0:d92f9d21154c	324	#endif
wolfSSL	0:d92f9d21154c	325
wolfSSL	0:d92f9d21154c	326	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	327	tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	328	if (tmp == NULL)
wolfSSL	0:d92f9d21154c	329	return MEMORY_E;
wolfSSL	0:d92f9d21154c	330	#endif
wolfSSL	0:d92f9d21154c	331
wolfSSL	0:d92f9d21154c	332	if (InitCRL(tmp, crl->cm) < 0) {
wolfSSL	0:d92f9d21154c	333	WOLFSSL_MSG("Init tmp CRL failed");
wolfSSL	0:d92f9d21154c	334	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	335	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	336	#endif
wolfSSL	0:d92f9d21154c	337	return -1;
wolfSSL	0:d92f9d21154c	338	}
wolfSSL	0:d92f9d21154c	339
wolfSSL	0:d92f9d21154c	340	if (crl->monitors[0].path) {
wolfSSL	0:d92f9d21154c	341	ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
wolfSSL	0:d92f9d21154c	342	if (ret != SSL_SUCCESS) {
wolfSSL	0:d92f9d21154c	343	WOLFSSL_MSG("PEM LoadCRL on dir change failed");
wolfSSL	0:d92f9d21154c	344	FreeCRL(tmp, 0);
wolfSSL	0:d92f9d21154c	345	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	346	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	347	#endif
wolfSSL	0:d92f9d21154c	348	return -1;
wolfSSL	0:d92f9d21154c	349	}
wolfSSL	0:d92f9d21154c	350	}
wolfSSL	0:d92f9d21154c	351
wolfSSL	0:d92f9d21154c	352	if (crl->monitors[1].path) {
wolfSSL	0:d92f9d21154c	353	ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
wolfSSL	0:d92f9d21154c	354	if (ret != SSL_SUCCESS) {
wolfSSL	0:d92f9d21154c	355	WOLFSSL_MSG("DER LoadCRL on dir change failed");
wolfSSL	0:d92f9d21154c	356	FreeCRL(tmp, 0);
wolfSSL	0:d92f9d21154c	357	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	358	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	359	#endif
wolfSSL	0:d92f9d21154c	360	return -1;
wolfSSL	0:d92f9d21154c	361	}
wolfSSL	0:d92f9d21154c	362	}
wolfSSL	0:d92f9d21154c	363
wolfSSL	0:d92f9d21154c	364	if (LockMutex(&crl->crlLock) != 0) {
wolfSSL	0:d92f9d21154c	365	WOLFSSL_MSG("LockMutex failed");
wolfSSL	0:d92f9d21154c	366	FreeCRL(tmp, 0);
wolfSSL	0:d92f9d21154c	367	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	368	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	369	#endif
wolfSSL	0:d92f9d21154c	370	return -1;
wolfSSL	0:d92f9d21154c	371	}
wolfSSL	0:d92f9d21154c	372
wolfSSL	0:d92f9d21154c	373	newList = tmp->crlList;
wolfSSL	0:d92f9d21154c	374
wolfSSL	0:d92f9d21154c	375	/* swap lists */
wolfSSL	0:d92f9d21154c	376	tmp->crlList = crl->crlList;
wolfSSL	0:d92f9d21154c	377	crl->crlList = newList;
wolfSSL	0:d92f9d21154c	378
wolfSSL	0:d92f9d21154c	379	UnLockMutex(&crl->crlLock);
wolfSSL	0:d92f9d21154c	380
wolfSSL	0:d92f9d21154c	381	FreeCRL(tmp, 0);
wolfSSL	0:d92f9d21154c	382
wolfSSL	0:d92f9d21154c	383	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	384	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	385	#endif
wolfSSL	0:d92f9d21154c	386
wolfSSL	0:d92f9d21154c	387	return 0;
wolfSSL	0:d92f9d21154c	388	}
wolfSSL	0:d92f9d21154c	389
wolfSSL	0:d92f9d21154c	390
wolfSSL	0:d92f9d21154c	391	#if (defined(__MACH__) \|\| defined(__FreeBSD__))
wolfSSL	0:d92f9d21154c	392
wolfSSL	0:d92f9d21154c	393	#include <sys/types.h>
wolfSSL	0:d92f9d21154c	394	#include <sys/event.h>
wolfSSL	0:d92f9d21154c	395	#include <sys/time.h>
wolfSSL	0:d92f9d21154c	396	#include <fcntl.h>
wolfSSL	0:d92f9d21154c	397	#include <unistd.h>
wolfSSL	0:d92f9d21154c	398
wolfSSL	0:d92f9d21154c	399	#ifdef __MACH__
wolfSSL	0:d92f9d21154c	400	#define XEVENT_MODE O_EVTONLY
wolfSSL	0:d92f9d21154c	401	#elif defined(__FreeBSD__)
wolfSSL	0:d92f9d21154c	402	#define XEVENT_MODE EVFILT_VNODE
wolfSSL	0:d92f9d21154c	403	#endif
wolfSSL	0:d92f9d21154c	404
wolfSSL	0:d92f9d21154c	405
wolfSSL	0:d92f9d21154c	406	/* we need a unique kqueue user filter fd for crl in case user is doing custom
wolfSSL	0:d92f9d21154c	407	* events too */
wolfSSL	0:d92f9d21154c	408	#ifndef CRL_CUSTOM_FD
wolfSSL	0:d92f9d21154c	409	#define CRL_CUSTOM_FD 123456
wolfSSL	0:d92f9d21154c	410	#endif
wolfSSL	0:d92f9d21154c	411
wolfSSL	0:d92f9d21154c	412
wolfSSL	0:d92f9d21154c	413	/* shutdown monitor thread, 0 on success */
wolfSSL	0:d92f9d21154c	414	static int StopMonitor(int mfd)
wolfSSL	0:d92f9d21154c	415	{
wolfSSL	0:d92f9d21154c	416	struct kevent change;
wolfSSL	0:d92f9d21154c	417
wolfSSL	0:d92f9d21154c	418	/* trigger custom shutdown */
wolfSSL	0:d92f9d21154c	419	EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
wolfSSL	0:d92f9d21154c	420	if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
wolfSSL	0:d92f9d21154c	421	WOLFSSL_MSG("kevent trigger customer event failed");
wolfSSL	0:d92f9d21154c	422	return -1;
wolfSSL	0:d92f9d21154c	423	}
wolfSSL	0:d92f9d21154c	424
wolfSSL	0:d92f9d21154c	425	return 0;
wolfSSL	0:d92f9d21154c	426	}
wolfSSL	0:d92f9d21154c	427
wolfSSL	0:d92f9d21154c	428
wolfSSL	0:d92f9d21154c	429	/* OS X monitoring */
wolfSSL	0:d92f9d21154c	430	static void* DoMonitor(void* arg)
wolfSSL	0:d92f9d21154c	431	{
wolfSSL	0:d92f9d21154c	432	int fPEM, fDER;
wolfSSL	0:d92f9d21154c	433	struct kevent change;
wolfSSL	0:d92f9d21154c	434
wolfSSL	0:d92f9d21154c	435	WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
wolfSSL	0:d92f9d21154c	436
wolfSSL	0:d92f9d21154c	437	WOLFSSL_ENTER("DoMonitor");
wolfSSL	0:d92f9d21154c	438
wolfSSL	0:d92f9d21154c	439	crl->mfd = kqueue();
wolfSSL	0:d92f9d21154c	440	if (crl->mfd == -1) {
wolfSSL	0:d92f9d21154c	441	WOLFSSL_MSG("kqueue failed");
wolfSSL	0:d92f9d21154c	442	return NULL;
wolfSSL	0:d92f9d21154c	443	}
wolfSSL	0:d92f9d21154c	444
wolfSSL	0:d92f9d21154c	445	/* listen for custom shutdown event */
wolfSSL	0:d92f9d21154c	446	EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
wolfSSL	0:d92f9d21154c	447	if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
wolfSSL	0:d92f9d21154c	448	WOLFSSL_MSG("kevent monitor customer event failed");
wolfSSL	0:d92f9d21154c	449	close(crl->mfd);
wolfSSL	0:d92f9d21154c	450	return NULL;
wolfSSL	0:d92f9d21154c	451	}
wolfSSL	0:d92f9d21154c	452
wolfSSL	0:d92f9d21154c	453	fPEM = -1;
wolfSSL	0:d92f9d21154c	454	fDER = -1;
wolfSSL	0:d92f9d21154c	455
wolfSSL	0:d92f9d21154c	456	if (crl->monitors[0].path) {
wolfSSL	0:d92f9d21154c	457	fPEM = open(crl->monitors[0].path, XEVENT_MODE);
wolfSSL	0:d92f9d21154c	458	if (fPEM == -1) {
wolfSSL	0:d92f9d21154c	459	WOLFSSL_MSG("PEM event dir open failed");
wolfSSL	0:d92f9d21154c	460	close(crl->mfd);
wolfSSL	0:d92f9d21154c	461	return NULL;
wolfSSL	0:d92f9d21154c	462	}
wolfSSL	0:d92f9d21154c	463	}
wolfSSL	0:d92f9d21154c	464
wolfSSL	0:d92f9d21154c	465	if (crl->monitors[1].path) {
wolfSSL	0:d92f9d21154c	466	fDER = open(crl->monitors[1].path, XEVENT_MODE);
wolfSSL	0:d92f9d21154c	467	if (fDER == -1) {
wolfSSL	0:d92f9d21154c	468	WOLFSSL_MSG("DER event dir open failed");
wolfSSL	0:d92f9d21154c	469	close(crl->mfd);
wolfSSL	0:d92f9d21154c	470	return NULL;
wolfSSL	0:d92f9d21154c	471	}
wolfSSL	0:d92f9d21154c	472	}
wolfSSL	0:d92f9d21154c	473
wolfSSL	0:d92f9d21154c	474	if (fPEM != -1)
wolfSSL	0:d92f9d21154c	475	EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD \| EV_ENABLE \| EV_ONESHOT,
wolfSSL	0:d92f9d21154c	476	NOTE_DELETE \| NOTE_EXTEND \| NOTE_WRITE \| NOTE_ATTRIB, 0, 0);
wolfSSL	0:d92f9d21154c	477
wolfSSL	0:d92f9d21154c	478	if (fDER != -1)
wolfSSL	0:d92f9d21154c	479	EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD \| EV_ENABLE \| EV_ONESHOT,
wolfSSL	0:d92f9d21154c	480	NOTE_DELETE \| NOTE_EXTEND \| NOTE_WRITE \| NOTE_ATTRIB, 0, 0);
wolfSSL	0:d92f9d21154c	481
wolfSSL	0:d92f9d21154c	482	for (;;) {
wolfSSL	0:d92f9d21154c	483	struct kevent event;
wolfSSL	0:d92f9d21154c	484	int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
wolfSSL	0:d92f9d21154c	485
wolfSSL	0:d92f9d21154c	486	WOLFSSL_MSG("Got kevent");
wolfSSL	0:d92f9d21154c	487
wolfSSL	0:d92f9d21154c	488	if (numEvents == -1) {
wolfSSL	0:d92f9d21154c	489	WOLFSSL_MSG("kevent problem, continue");
wolfSSL	0:d92f9d21154c	490	continue;
wolfSSL	0:d92f9d21154c	491	}
wolfSSL	0:d92f9d21154c	492
wolfSSL	0:d92f9d21154c	493	if (event.filter == EVFILT_USER) {
wolfSSL	0:d92f9d21154c	494	WOLFSSL_MSG("Got user shutdown event, breaking out");
wolfSSL	0:d92f9d21154c	495	break;
wolfSSL	0:d92f9d21154c	496	}
wolfSSL	0:d92f9d21154c	497
wolfSSL	0:d92f9d21154c	498	if (SwapLists(crl) < 0) {
wolfSSL	0:d92f9d21154c	499	WOLFSSL_MSG("SwapLists problem, continue");
wolfSSL	0:d92f9d21154c	500	}
wolfSSL	0:d92f9d21154c	501	}
wolfSSL	0:d92f9d21154c	502
wolfSSL	0:d92f9d21154c	503	if (fPEM != -1)
wolfSSL	0:d92f9d21154c	504	close(fPEM);
wolfSSL	0:d92f9d21154c	505	if (fDER != -1)
wolfSSL	0:d92f9d21154c	506	close(fDER);
wolfSSL	0:d92f9d21154c	507
wolfSSL	0:d92f9d21154c	508	close(crl->mfd);
wolfSSL	0:d92f9d21154c	509
wolfSSL	0:d92f9d21154c	510	return NULL;
wolfSSL	0:d92f9d21154c	511	}
wolfSSL	0:d92f9d21154c	512
wolfSSL	0:d92f9d21154c	513
wolfSSL	0:d92f9d21154c	514	#elif defined(__linux__)
wolfSSL	0:d92f9d21154c	515
wolfSSL	0:d92f9d21154c	516	#include <sys/types.h>
wolfSSL	0:d92f9d21154c	517	#include <sys/inotify.h>
wolfSSL	0:d92f9d21154c	518	#include <sys/eventfd.h>
wolfSSL	0:d92f9d21154c	519	#include <unistd.h>
wolfSSL	0:d92f9d21154c	520
wolfSSL	0:d92f9d21154c	521
wolfSSL	0:d92f9d21154c	522	#ifndef max
wolfSSL	0:d92f9d21154c	523	static INLINE int max(int a, int b)
wolfSSL	0:d92f9d21154c	524	{
wolfSSL	0:d92f9d21154c	525	return a > b ? a : b;
wolfSSL	0:d92f9d21154c	526	}
wolfSSL	0:d92f9d21154c	527	#endif /* max */
wolfSSL	0:d92f9d21154c	528
wolfSSL	0:d92f9d21154c	529
wolfSSL	0:d92f9d21154c	530	/* shutdown monitor thread, 0 on success */
wolfSSL	0:d92f9d21154c	531	static int StopMonitor(int mfd)
wolfSSL	0:d92f9d21154c	532	{
wolfSSL	0:d92f9d21154c	533	word64 w64 = 1;
wolfSSL	0:d92f9d21154c	534
wolfSSL	0:d92f9d21154c	535	/* write to our custom event */
wolfSSL	0:d92f9d21154c	536	if (write(mfd, &w64, sizeof(w64)) < 0) {
wolfSSL	0:d92f9d21154c	537	WOLFSSL_MSG("StopMonitor write failed");
wolfSSL	0:d92f9d21154c	538	return -1;
wolfSSL	0:d92f9d21154c	539	}
wolfSSL	0:d92f9d21154c	540
wolfSSL	0:d92f9d21154c	541	return 0;
wolfSSL	0:d92f9d21154c	542	}
wolfSSL	0:d92f9d21154c	543
wolfSSL	0:d92f9d21154c	544
wolfSSL	0:d92f9d21154c	545	/* linux monitoring */
wolfSSL	0:d92f9d21154c	546	static void* DoMonitor(void* arg)
wolfSSL	0:d92f9d21154c	547	{
wolfSSL	0:d92f9d21154c	548	int notifyFd;
wolfSSL	0:d92f9d21154c	549	int wd = -1;
wolfSSL	0:d92f9d21154c	550	WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
wolfSSL	0:d92f9d21154c	551	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	552	char* buff;
wolfSSL	0:d92f9d21154c	553	#else
wolfSSL	0:d92f9d21154c	554	char buff[8192];
wolfSSL	0:d92f9d21154c	555	#endif
wolfSSL	0:d92f9d21154c	556
wolfSSL	0:d92f9d21154c	557	WOLFSSL_ENTER("DoMonitor");
wolfSSL	0:d92f9d21154c	558
wolfSSL	0:d92f9d21154c	559	crl->mfd = eventfd(0, 0); /* our custom shutdown event */
wolfSSL	0:d92f9d21154c	560	if (crl->mfd < 0) {
wolfSSL	0:d92f9d21154c	561	WOLFSSL_MSG("eventfd failed");
wolfSSL	0:d92f9d21154c	562	return NULL;
wolfSSL	0:d92f9d21154c	563	}
wolfSSL	0:d92f9d21154c	564
wolfSSL	0:d92f9d21154c	565	notifyFd = inotify_init();
wolfSSL	0:d92f9d21154c	566	if (notifyFd < 0) {
wolfSSL	0:d92f9d21154c	567	WOLFSSL_MSG("inotify failed");
wolfSSL	0:d92f9d21154c	568	close(crl->mfd);
wolfSSL	0:d92f9d21154c	569	return NULL;
wolfSSL	0:d92f9d21154c	570	}
wolfSSL	0:d92f9d21154c	571
wolfSSL	0:d92f9d21154c	572	if (crl->monitors[0].path) {
wolfSSL	0:d92f9d21154c	573	wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE \|
wolfSSL	0:d92f9d21154c	574	IN_DELETE);
wolfSSL	0:d92f9d21154c	575	if (wd < 0) {
wolfSSL	0:d92f9d21154c	576	WOLFSSL_MSG("PEM notify add watch failed");
wolfSSL	0:d92f9d21154c	577	close(crl->mfd);
wolfSSL	0:d92f9d21154c	578	close(notifyFd);
wolfSSL	0:d92f9d21154c	579	return NULL;
wolfSSL	0:d92f9d21154c	580	}
wolfSSL	0:d92f9d21154c	581	}
wolfSSL	0:d92f9d21154c	582
wolfSSL	0:d92f9d21154c	583	if (crl->monitors[1].path) {
wolfSSL	0:d92f9d21154c	584	wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE \|
wolfSSL	0:d92f9d21154c	585	IN_DELETE);
wolfSSL	0:d92f9d21154c	586	if (wd < 0) {
wolfSSL	0:d92f9d21154c	587	WOLFSSL_MSG("DER notify add watch failed");
wolfSSL	0:d92f9d21154c	588	close(crl->mfd);
wolfSSL	0:d92f9d21154c	589	close(notifyFd);
wolfSSL	0:d92f9d21154c	590	return NULL;
wolfSSL	0:d92f9d21154c	591	}
wolfSSL	0:d92f9d21154c	592	}
wolfSSL	0:d92f9d21154c	593
wolfSSL	0:d92f9d21154c	594	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	595	buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	596	if (buff == NULL)
wolfSSL	0:d92f9d21154c	597	return NULL;
wolfSSL	0:d92f9d21154c	598	#endif
wolfSSL	0:d92f9d21154c	599
wolfSSL	0:d92f9d21154c	600	for (;;) {
wolfSSL	0:d92f9d21154c	601	fd_set readfds;
wolfSSL	0:d92f9d21154c	602	int result;
wolfSSL	0:d92f9d21154c	603	int length;
wolfSSL	0:d92f9d21154c	604
wolfSSL	0:d92f9d21154c	605	FD_ZERO(&readfds);
wolfSSL	0:d92f9d21154c	606	FD_SET(notifyFd, &readfds);
wolfSSL	0:d92f9d21154c	607	FD_SET(crl->mfd, &readfds);
wolfSSL	0:d92f9d21154c	608
wolfSSL	0:d92f9d21154c	609	result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
wolfSSL	0:d92f9d21154c	610
wolfSSL	0:d92f9d21154c	611	WOLFSSL_MSG("Got notify event");
wolfSSL	0:d92f9d21154c	612
wolfSSL	0:d92f9d21154c	613	if (result < 0) {
wolfSSL	0:d92f9d21154c	614	WOLFSSL_MSG("select problem, continue");
wolfSSL	0:d92f9d21154c	615	continue;
wolfSSL	0:d92f9d21154c	616	}
wolfSSL	0:d92f9d21154c	617
wolfSSL	0:d92f9d21154c	618	if (FD_ISSET(crl->mfd, &readfds)) {
wolfSSL	0:d92f9d21154c	619	WOLFSSL_MSG("got custom shutdown event, breaking out");
wolfSSL	0:d92f9d21154c	620	break;
wolfSSL	0:d92f9d21154c	621	}
wolfSSL	0:d92f9d21154c	622
wolfSSL	0:d92f9d21154c	623	length = read(notifyFd, buff, 8192);
wolfSSL	0:d92f9d21154c	624	if (length < 0) {
wolfSSL	0:d92f9d21154c	625	WOLFSSL_MSG("notify read problem, continue");
wolfSSL	0:d92f9d21154c	626	continue;
wolfSSL	0:d92f9d21154c	627	}
wolfSSL	0:d92f9d21154c	628
wolfSSL	0:d92f9d21154c	629	if (SwapLists(crl) < 0) {
wolfSSL	0:d92f9d21154c	630	WOLFSSL_MSG("SwapLists problem, continue");
wolfSSL	0:d92f9d21154c	631	}
wolfSSL	0:d92f9d21154c	632	}
wolfSSL	0:d92f9d21154c	633
wolfSSL	0:d92f9d21154c	634	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	635	XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	636	#endif
wolfSSL	0:d92f9d21154c	637
wolfSSL	0:d92f9d21154c	638	if (wd > 0)
wolfSSL	0:d92f9d21154c	639	inotify_rm_watch(notifyFd, wd);
wolfSSL	0:d92f9d21154c	640	close(crl->mfd);
wolfSSL	0:d92f9d21154c	641	close(notifyFd);
wolfSSL	0:d92f9d21154c	642
wolfSSL	0:d92f9d21154c	643	return NULL;
wolfSSL	0:d92f9d21154c	644	}
wolfSSL	0:d92f9d21154c	645
wolfSSL	0:d92f9d21154c	646
wolfSSL	0:d92f9d21154c	647	#else
wolfSSL	0:d92f9d21154c	648
wolfSSL	0:d92f9d21154c	649	#error "CRL monitor only currently supported on linux or mach"
wolfSSL	0:d92f9d21154c	650
wolfSSL	0:d92f9d21154c	651	#endif /* MACH or linux */
wolfSSL	0:d92f9d21154c	652
wolfSSL	0:d92f9d21154c	653
wolfSSL	0:d92f9d21154c	654	/* Start Monitoring the CRL path(s) in a thread */
wolfSSL	0:d92f9d21154c	655	static int StartMonitorCRL(WOLFSSL_CRL* crl)
wolfSSL	0:d92f9d21154c	656	{
wolfSSL	0:d92f9d21154c	657	pthread_attr_t attr;
wolfSSL	0:d92f9d21154c	658
wolfSSL	0:d92f9d21154c	659	WOLFSSL_ENTER("StartMonitorCRL");
wolfSSL	0:d92f9d21154c	660
wolfSSL	0:d92f9d21154c	661	if (crl == NULL)
wolfSSL	0:d92f9d21154c	662	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	663
wolfSSL	0:d92f9d21154c	664	if (crl->tid != 0) {
wolfSSL	0:d92f9d21154c	665	WOLFSSL_MSG("Monitor thread already running");
wolfSSL	0:d92f9d21154c	666	return MONITOR_RUNNING_E;
wolfSSL	0:d92f9d21154c	667	}
wolfSSL	0:d92f9d21154c	668
wolfSSL	0:d92f9d21154c	669	pthread_attr_init(&attr);
wolfSSL	0:d92f9d21154c	670
wolfSSL	0:d92f9d21154c	671	if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
wolfSSL	0:d92f9d21154c	672	WOLFSSL_MSG("Thread creation error");
wolfSSL	0:d92f9d21154c	673	return THREAD_CREATE_E;
wolfSSL	0:d92f9d21154c	674	}
wolfSSL	0:d92f9d21154c	675
wolfSSL	0:d92f9d21154c	676	return SSL_SUCCESS;
wolfSSL	0:d92f9d21154c	677	}
wolfSSL	0:d92f9d21154c	678
wolfSSL	0:d92f9d21154c	679
wolfSSL	0:d92f9d21154c	680	#else /* HAVE_CRL_MONITOR */
wolfSSL	0:d92f9d21154c	681
wolfSSL	0:d92f9d21154c	682	static int StartMonitorCRL(WOLFSSL_CRL* crl)
wolfSSL	0:d92f9d21154c	683	{
wolfSSL	0:d92f9d21154c	684	(void)crl;
wolfSSL	0:d92f9d21154c	685
wolfSSL	0:d92f9d21154c	686	WOLFSSL_ENTER("StartMonitorCRL");
wolfSSL	0:d92f9d21154c	687	WOLFSSL_MSG("Not compiled in");
wolfSSL	0:d92f9d21154c	688
wolfSSL	0:d92f9d21154c	689	return NOT_COMPILED_IN;
wolfSSL	0:d92f9d21154c	690	}
wolfSSL	0:d92f9d21154c	691
wolfSSL	0:d92f9d21154c	692	#endif /* HAVE_CRL_MONITOR */
wolfSSL	0:d92f9d21154c	693
wolfSSL	0:d92f9d21154c	694
wolfSSL	0:d92f9d21154c	695	/* Load CRL path files of type, SSL_SUCCESS on ok */
wolfSSL	0:d92f9d21154c	696	int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
wolfSSL	0:d92f9d21154c	697	{
wolfSSL	0:d92f9d21154c	698	struct dirent* entry;
wolfSSL	0:d92f9d21154c	699	DIR* dir;
wolfSSL	0:d92f9d21154c	700	int ret = SSL_SUCCESS;
wolfSSL	0:d92f9d21154c	701	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	702	char* name;
wolfSSL	0:d92f9d21154c	703	#else
wolfSSL	0:d92f9d21154c	704	char name[MAX_FILENAME_SZ];
wolfSSL	0:d92f9d21154c	705	#endif
wolfSSL	0:d92f9d21154c	706
wolfSSL	0:d92f9d21154c	707	WOLFSSL_ENTER("LoadCRL");
wolfSSL	0:d92f9d21154c	708	if (crl == NULL)
wolfSSL	0:d92f9d21154c	709	return BAD_FUNC_ARG;
wolfSSL	0:d92f9d21154c	710
wolfSSL	0:d92f9d21154c	711	dir = opendir(path);
wolfSSL	0:d92f9d21154c	712	if (dir == NULL) {
wolfSSL	0:d92f9d21154c	713	WOLFSSL_MSG("opendir path crl load failed");
wolfSSL	0:d92f9d21154c	714	return BAD_PATH_ERROR;
wolfSSL	0:d92f9d21154c	715	}
wolfSSL	0:d92f9d21154c	716
wolfSSL	0:d92f9d21154c	717	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	718	name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	719	if (name == NULL)
wolfSSL	0:d92f9d21154c	720	return MEMORY_E;
wolfSSL	0:d92f9d21154c	721	#endif
wolfSSL	0:d92f9d21154c	722
wolfSSL	0:d92f9d21154c	723	while ( (entry = readdir(dir)) != NULL) {
wolfSSL	0:d92f9d21154c	724	struct stat s;
wolfSSL	0:d92f9d21154c	725
wolfSSL	0:d92f9d21154c	726	XMEMSET(name, 0, MAX_FILENAME_SZ);
wolfSSL	0:d92f9d21154c	727	XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
wolfSSL	0:d92f9d21154c	728	XSTRNCAT(name, "/", 1);
wolfSSL	0:d92f9d21154c	729	XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
wolfSSL	0:d92f9d21154c	730
wolfSSL	0:d92f9d21154c	731	if (stat(name, &s) != 0) {
wolfSSL	0:d92f9d21154c	732	WOLFSSL_MSG("stat on name failed");
wolfSSL	0:d92f9d21154c	733	continue;
wolfSSL	0:d92f9d21154c	734	}
wolfSSL	0:d92f9d21154c	735	if (s.st_mode & S_IFREG) {
wolfSSL	0:d92f9d21154c	736
wolfSSL	0:d92f9d21154c	737	if (type == SSL_FILETYPE_PEM) {
wolfSSL	0:d92f9d21154c	738	if (strstr(entry->d_name, ".pem") == NULL) {
wolfSSL	0:d92f9d21154c	739	WOLFSSL_MSG("not .pem file, skipping");
wolfSSL	0:d92f9d21154c	740	continue;
wolfSSL	0:d92f9d21154c	741	}
wolfSSL	0:d92f9d21154c	742	}
wolfSSL	0:d92f9d21154c	743	else {
wolfSSL	0:d92f9d21154c	744	if (strstr(entry->d_name, ".der") == NULL &&
wolfSSL	0:d92f9d21154c	745	strstr(entry->d_name, ".crl") == NULL) {
wolfSSL	0:d92f9d21154c	746
wolfSSL	0:d92f9d21154c	747	WOLFSSL_MSG("not .der or .crl file, skipping");
wolfSSL	0:d92f9d21154c	748	continue;
wolfSSL	0:d92f9d21154c	749	}
wolfSSL	0:d92f9d21154c	750	}
wolfSSL	0:d92f9d21154c	751
wolfSSL	0:d92f9d21154c	752	if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
wolfSSL	0:d92f9d21154c	753	!= SSL_SUCCESS) {
wolfSSL	0:d92f9d21154c	754	WOLFSSL_MSG("CRL file load failed, continuing");
wolfSSL	0:d92f9d21154c	755	}
wolfSSL	0:d92f9d21154c	756	}
wolfSSL	0:d92f9d21154c	757	}
wolfSSL	0:d92f9d21154c	758
wolfSSL	0:d92f9d21154c	759	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	0:d92f9d21154c	760	XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:d92f9d21154c	761	#endif
wolfSSL	0:d92f9d21154c	762
wolfSSL	0:d92f9d21154c	763	if (monitor & WOLFSSL_CRL_MONITOR) {
wolfSSL	0:d92f9d21154c	764	WOLFSSL_MSG("monitor path requested");
wolfSSL	0:d92f9d21154c	765
wolfSSL	0:d92f9d21154c	766	if (type == SSL_FILETYPE_PEM) {
wolfSSL	0:d92f9d21154c	767	crl->monitors[0].path = strdup(path);
wolfSSL	0:d92f9d21154c	768	crl->monitors[0].type = SSL_FILETYPE_PEM;
wolfSSL	0:d92f9d21154c	769	if (crl->monitors[0].path == NULL)
wolfSSL	0:d92f9d21154c	770	ret = MEMORY_E;
wolfSSL	0:d92f9d21154c	771	} else {
wolfSSL	0:d92f9d21154c	772	crl->monitors[1].path = strdup(path);
wolfSSL	0:d92f9d21154c	773	crl->monitors[1].type = SSL_FILETYPE_ASN1;
wolfSSL	0:d92f9d21154c	774	if (crl->monitors[1].path == NULL)
wolfSSL	0:d92f9d21154c	775	ret = MEMORY_E;
wolfSSL	0:d92f9d21154c	776	}
wolfSSL	0:d92f9d21154c	777
wolfSSL	0:d92f9d21154c	778	if (monitor & WOLFSSL_CRL_START_MON) {
wolfSSL	0:d92f9d21154c	779	WOLFSSL_MSG("start monitoring requested");
wolfSSL	0:d92f9d21154c	780
wolfSSL	0:d92f9d21154c	781	ret = StartMonitorCRL(crl);
wolfSSL	0:d92f9d21154c	782	}
wolfSSL	0:d92f9d21154c	783	}
wolfSSL	0:d92f9d21154c	784
wolfSSL	0:d92f9d21154c	785	closedir(dir);
wolfSSL	0:d92f9d21154c	786
wolfSSL	0:d92f9d21154c	787	return ret;
wolfSSL	0:d92f9d21154c	788	}
wolfSSL	0:d92f9d21154c	789
wolfSSL	0:d92f9d21154c	790	#endif /* HAVE_CRL */
wolfSSL	0:d92f9d21154c	791

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	30 May 2017
Imports:	0
Forks:	0
Commits:	14
Dependents:	0
Dependencies:	0
Followers:	1

This repository is Public (Unlisted).

src/crl.c@0:d92f9d21154c, 2015-06-26 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning