wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
src/crl.c@4:1b0d80432c79, 2016-04-28 (annotated)
- Committer:
- wolfSSL
- Date:
- Thu Apr 28 00:57:21 2016 +0000
- Revision:
- 4:1b0d80432c79
wolfSSL 3.9.0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wolfSSL | 4:1b0d80432c79 | 1 | /* crl.c |
| wolfSSL | 4:1b0d80432c79 | 2 | * |
| wolfSSL | 4:1b0d80432c79 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
| wolfSSL | 4:1b0d80432c79 | 4 | * |
| wolfSSL | 4:1b0d80432c79 | 5 | * This file is part of wolfSSL. |
| wolfSSL | 4:1b0d80432c79 | 6 | * |
| wolfSSL | 4:1b0d80432c79 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| wolfSSL | 4:1b0d80432c79 | 8 | * it under the terms of the GNU General Public License as published by |
| wolfSSL | 4:1b0d80432c79 | 9 | * the Free Software Foundation; either version 2 of the License, or |
| wolfSSL | 4:1b0d80432c79 | 10 | * (at your option) any later version. |
| wolfSSL | 4:1b0d80432c79 | 11 | * |
| wolfSSL | 4:1b0d80432c79 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| wolfSSL | 4:1b0d80432c79 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| wolfSSL | 4:1b0d80432c79 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| wolfSSL | 4:1b0d80432c79 | 15 | * GNU General Public License for more details. |
| wolfSSL | 4:1b0d80432c79 | 16 | * |
| wolfSSL | 4:1b0d80432c79 | 17 | * You should have received a copy of the GNU General Public License |
| wolfSSL | 4:1b0d80432c79 | 18 | * along with this program; if not, write to the Free Software |
| wolfSSL | 4:1b0d80432c79 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| wolfSSL | 4:1b0d80432c79 | 20 | */ |
| wolfSSL | 4:1b0d80432c79 | 21 | |
| wolfSSL | 4:1b0d80432c79 | 22 | |
| wolfSSL | 4:1b0d80432c79 | 23 | /* Name change compatibility layer no longer needs included here */ |
| wolfSSL | 4:1b0d80432c79 | 24 | |
| wolfSSL | 4:1b0d80432c79 | 25 | #ifdef HAVE_CONFIG_H |
| wolfSSL | 4:1b0d80432c79 | 26 | #include <config.h> |
| wolfSSL | 4:1b0d80432c79 | 27 | #endif |
| wolfSSL | 4:1b0d80432c79 | 28 | |
| wolfSSL | 4:1b0d80432c79 | 29 | #include <wolfssl/wolfcrypt/settings.h> |
| wolfSSL | 4:1b0d80432c79 | 30 | |
| wolfSSL | 4:1b0d80432c79 | 31 | #ifndef WOLFCRYPT_ONLY |
| wolfSSL | 4:1b0d80432c79 | 32 | #ifdef HAVE_CRL |
| wolfSSL | 4:1b0d80432c79 | 33 | |
| wolfSSL | 4:1b0d80432c79 | 34 | #include <wolfssl/internal.h> |
| wolfSSL | 4:1b0d80432c79 | 35 | #include <wolfssl/error-ssl.h> |
| wolfSSL | 4:1b0d80432c79 | 36 | |
| wolfSSL | 4:1b0d80432c79 | 37 | #ifndef NO_FILESYSTEM |
| wolfSSL | 4:1b0d80432c79 | 38 | #include <dirent.h> |
| wolfSSL | 4:1b0d80432c79 | 39 | #include <sys/stat.h> |
| wolfSSL | 4:1b0d80432c79 | 40 | #endif |
| wolfSSL | 4:1b0d80432c79 | 41 | |
| wolfSSL | 4:1b0d80432c79 | 42 | #include <string.h> |
| wolfSSL | 4:1b0d80432c79 | 43 | |
| wolfSSL | 4:1b0d80432c79 | 44 | #ifdef HAVE_CRL_MONITOR |
| wolfSSL | 4:1b0d80432c79 | 45 | static int StopMonitor(int mfd); |
| wolfSSL | 4:1b0d80432c79 | 46 | #endif |
| wolfSSL | 4:1b0d80432c79 | 47 | |
| wolfSSL | 4:1b0d80432c79 | 48 | |
| wolfSSL | 4:1b0d80432c79 | 49 | /* Initialize CRL members */ |
| wolfSSL | 4:1b0d80432c79 | 50 | int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) |
| wolfSSL | 4:1b0d80432c79 | 51 | { |
| wolfSSL | 4:1b0d80432c79 | 52 | WOLFSSL_ENTER("InitCRL"); |
| wolfSSL | 4:1b0d80432c79 | 53 | |
| wolfSSL | 4:1b0d80432c79 | 54 | crl->cm = cm; |
| wolfSSL | 4:1b0d80432c79 | 55 | crl->crlList = NULL; |
| wolfSSL | 4:1b0d80432c79 | 56 | crl->monitors[0].path = NULL; |
| wolfSSL | 4:1b0d80432c79 | 57 | crl->monitors[1].path = NULL; |
| wolfSSL | 4:1b0d80432c79 | 58 | #ifdef HAVE_CRL_MONITOR |
| wolfSSL | 4:1b0d80432c79 | 59 | crl->tid = 0; |
| wolfSSL | 4:1b0d80432c79 | 60 | crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */ |
| wolfSSL | 4:1b0d80432c79 | 61 | crl->setup = 0; /* thread setup done predicate */ |
| wolfSSL | 4:1b0d80432c79 | 62 | if (pthread_cond_init(&crl->cond, 0) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 63 | WOLFSSL_MSG("Pthread condition init failed"); |
| wolfSSL | 4:1b0d80432c79 | 64 | return BAD_COND_E; |
| wolfSSL | 4:1b0d80432c79 | 65 | } |
| wolfSSL | 4:1b0d80432c79 | 66 | #endif |
| wolfSSL | 4:1b0d80432c79 | 67 | if (InitMutex(&crl->crlLock) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 68 | WOLFSSL_MSG("Init Mutex failed"); |
| wolfSSL | 4:1b0d80432c79 | 69 | return BAD_MUTEX_E; |
| wolfSSL | 4:1b0d80432c79 | 70 | } |
| wolfSSL | 4:1b0d80432c79 | 71 | |
| wolfSSL | 4:1b0d80432c79 | 72 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 73 | } |
| wolfSSL | 4:1b0d80432c79 | 74 | |
| wolfSSL | 4:1b0d80432c79 | 75 | |
| wolfSSL | 4:1b0d80432c79 | 76 | /* Initialize CRL Entry */ |
| wolfSSL | 4:1b0d80432c79 | 77 | static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl) |
| wolfSSL | 4:1b0d80432c79 | 78 | { |
| wolfSSL | 4:1b0d80432c79 | 79 | WOLFSSL_ENTER("InitCRL_Entry"); |
| wolfSSL | 4:1b0d80432c79 | 80 | |
| wolfSSL | 4:1b0d80432c79 | 81 | XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 82 | /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 83 | * copy the hash here if needed for optimized comparisons */ |
| wolfSSL | 4:1b0d80432c79 | 84 | XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 85 | XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE); |
| wolfSSL | 4:1b0d80432c79 | 86 | crle->lastDateFormat = dcrl->lastDateFormat; |
| wolfSSL | 4:1b0d80432c79 | 87 | crle->nextDateFormat = dcrl->nextDateFormat; |
| wolfSSL | 4:1b0d80432c79 | 88 | |
| wolfSSL | 4:1b0d80432c79 | 89 | crle->certs = dcrl->certs; /* take ownsership */ |
| wolfSSL | 4:1b0d80432c79 | 90 | dcrl->certs = NULL; |
| wolfSSL | 4:1b0d80432c79 | 91 | crle->totalCerts = dcrl->totalCerts; |
| wolfSSL | 4:1b0d80432c79 | 92 | |
| wolfSSL | 4:1b0d80432c79 | 93 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 94 | } |
| wolfSSL | 4:1b0d80432c79 | 95 | |
| wolfSSL | 4:1b0d80432c79 | 96 | |
| wolfSSL | 4:1b0d80432c79 | 97 | /* Free all CRL Entry resources */ |
| wolfSSL | 4:1b0d80432c79 | 98 | static void FreeCRL_Entry(CRL_Entry* crle) |
| wolfSSL | 4:1b0d80432c79 | 99 | { |
| wolfSSL | 4:1b0d80432c79 | 100 | RevokedCert* tmp = crle->certs; |
| wolfSSL | 4:1b0d80432c79 | 101 | |
| wolfSSL | 4:1b0d80432c79 | 102 | WOLFSSL_ENTER("FreeCRL_Entry"); |
| wolfSSL | 4:1b0d80432c79 | 103 | |
| wolfSSL | 4:1b0d80432c79 | 104 | while(tmp) { |
| wolfSSL | 4:1b0d80432c79 | 105 | RevokedCert* next = tmp->next; |
| wolfSSL | 4:1b0d80432c79 | 106 | XFREE(tmp, NULL, DYNAMIC_TYPE_REVOKED); |
| wolfSSL | 4:1b0d80432c79 | 107 | tmp = next; |
| wolfSSL | 4:1b0d80432c79 | 108 | } |
| wolfSSL | 4:1b0d80432c79 | 109 | } |
| wolfSSL | 4:1b0d80432c79 | 110 | |
| wolfSSL | 4:1b0d80432c79 | 111 | |
| wolfSSL | 4:1b0d80432c79 | 112 | |
| wolfSSL | 4:1b0d80432c79 | 113 | /* Free all CRL resources */ |
| wolfSSL | 4:1b0d80432c79 | 114 | void FreeCRL(WOLFSSL_CRL* crl, int dynamic) |
| wolfSSL | 4:1b0d80432c79 | 115 | { |
| wolfSSL | 4:1b0d80432c79 | 116 | CRL_Entry* tmp = crl->crlList; |
| wolfSSL | 4:1b0d80432c79 | 117 | |
| wolfSSL | 4:1b0d80432c79 | 118 | WOLFSSL_ENTER("FreeCRL"); |
| wolfSSL | 4:1b0d80432c79 | 119 | |
| wolfSSL | 4:1b0d80432c79 | 120 | if (crl->monitors[0].path) |
| wolfSSL | 4:1b0d80432c79 | 121 | XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR); |
| wolfSSL | 4:1b0d80432c79 | 122 | |
| wolfSSL | 4:1b0d80432c79 | 123 | if (crl->monitors[1].path) |
| wolfSSL | 4:1b0d80432c79 | 124 | XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR); |
| wolfSSL | 4:1b0d80432c79 | 125 | |
| wolfSSL | 4:1b0d80432c79 | 126 | while(tmp) { |
| wolfSSL | 4:1b0d80432c79 | 127 | CRL_Entry* next = tmp->next; |
| wolfSSL | 4:1b0d80432c79 | 128 | FreeCRL_Entry(tmp); |
| wolfSSL | 4:1b0d80432c79 | 129 | XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY); |
| wolfSSL | 4:1b0d80432c79 | 130 | tmp = next; |
| wolfSSL | 4:1b0d80432c79 | 131 | } |
| wolfSSL | 4:1b0d80432c79 | 132 | |
| wolfSSL | 4:1b0d80432c79 | 133 | #ifdef HAVE_CRL_MONITOR |
| wolfSSL | 4:1b0d80432c79 | 134 | if (crl->tid != 0) { |
| wolfSSL | 4:1b0d80432c79 | 135 | WOLFSSL_MSG("stopping monitor thread"); |
| wolfSSL | 4:1b0d80432c79 | 136 | if (StopMonitor(crl->mfd) == 0) |
| wolfSSL | 4:1b0d80432c79 | 137 | pthread_join(crl->tid, NULL); |
| wolfSSL | 4:1b0d80432c79 | 138 | else { |
| wolfSSL | 4:1b0d80432c79 | 139 | WOLFSSL_MSG("stop monitor failed"); |
| wolfSSL | 4:1b0d80432c79 | 140 | } |
| wolfSSL | 4:1b0d80432c79 | 141 | } |
| wolfSSL | 4:1b0d80432c79 | 142 | pthread_cond_destroy(&crl->cond); |
| wolfSSL | 4:1b0d80432c79 | 143 | #endif |
| wolfSSL | 4:1b0d80432c79 | 144 | FreeMutex(&crl->crlLock); |
| wolfSSL | 4:1b0d80432c79 | 145 | if (dynamic) /* free self */ |
| wolfSSL | 4:1b0d80432c79 | 146 | XFREE(crl, NULL, DYNAMIC_TYPE_CRL); |
| wolfSSL | 4:1b0d80432c79 | 147 | } |
| wolfSSL | 4:1b0d80432c79 | 148 | |
| wolfSSL | 4:1b0d80432c79 | 149 | |
| wolfSSL | 4:1b0d80432c79 | 150 | /* Is the cert ok with CRL, return 0 on success */ |
| wolfSSL | 4:1b0d80432c79 | 151 | int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) |
| wolfSSL | 4:1b0d80432c79 | 152 | { |
| wolfSSL | 4:1b0d80432c79 | 153 | CRL_Entry* crle; |
| wolfSSL | 4:1b0d80432c79 | 154 | int foundEntry = 0; |
| wolfSSL | 4:1b0d80432c79 | 155 | int ret = 0; |
| wolfSSL | 4:1b0d80432c79 | 156 | |
| wolfSSL | 4:1b0d80432c79 | 157 | WOLFSSL_ENTER("CheckCertCRL"); |
| wolfSSL | 4:1b0d80432c79 | 158 | |
| wolfSSL | 4:1b0d80432c79 | 159 | if (LockMutex(&crl->crlLock) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 160 | WOLFSSL_MSG("LockMutex failed"); |
| wolfSSL | 4:1b0d80432c79 | 161 | return BAD_MUTEX_E; |
| wolfSSL | 4:1b0d80432c79 | 162 | } |
| wolfSSL | 4:1b0d80432c79 | 163 | |
| wolfSSL | 4:1b0d80432c79 | 164 | crle = crl->crlList; |
| wolfSSL | 4:1b0d80432c79 | 165 | |
| wolfSSL | 4:1b0d80432c79 | 166 | while (crle) { |
| wolfSSL | 4:1b0d80432c79 | 167 | if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) { |
| wolfSSL | 4:1b0d80432c79 | 168 | int doNextDate = 1; |
| wolfSSL | 4:1b0d80432c79 | 169 | |
| wolfSSL | 4:1b0d80432c79 | 170 | WOLFSSL_MSG("Found CRL Entry on list"); |
| wolfSSL | 4:1b0d80432c79 | 171 | WOLFSSL_MSG("Checking next date validity"); |
| wolfSSL | 4:1b0d80432c79 | 172 | |
| wolfSSL | 4:1b0d80432c79 | 173 | #ifdef WOLFSSL_NO_CRL_NEXT_DATE |
| wolfSSL | 4:1b0d80432c79 | 174 | if (crle->nextDateFormat == ASN_OTHER_TYPE) |
| wolfSSL | 4:1b0d80432c79 | 175 | doNextDate = 0; /* skip */ |
| wolfSSL | 4:1b0d80432c79 | 176 | #endif |
| wolfSSL | 4:1b0d80432c79 | 177 | |
| wolfSSL | 4:1b0d80432c79 | 178 | if (doNextDate && !ValidateDate(crle->nextDate, |
| wolfSSL | 4:1b0d80432c79 | 179 | crle->nextDateFormat, AFTER)) { |
| wolfSSL | 4:1b0d80432c79 | 180 | WOLFSSL_MSG("CRL next date is no longer valid"); |
| wolfSSL | 4:1b0d80432c79 | 181 | ret = ASN_AFTER_DATE_E; |
| wolfSSL | 4:1b0d80432c79 | 182 | } |
| wolfSSL | 4:1b0d80432c79 | 183 | else |
| wolfSSL | 4:1b0d80432c79 | 184 | foundEntry = 1; |
| wolfSSL | 4:1b0d80432c79 | 185 | break; |
| wolfSSL | 4:1b0d80432c79 | 186 | } |
| wolfSSL | 4:1b0d80432c79 | 187 | crle = crle->next; |
| wolfSSL | 4:1b0d80432c79 | 188 | } |
| wolfSSL | 4:1b0d80432c79 | 189 | |
| wolfSSL | 4:1b0d80432c79 | 190 | if (foundEntry) { |
| wolfSSL | 4:1b0d80432c79 | 191 | RevokedCert* rc = crle->certs; |
| wolfSSL | 4:1b0d80432c79 | 192 | |
| wolfSSL | 4:1b0d80432c79 | 193 | while (rc) { |
| wolfSSL | 4:1b0d80432c79 | 194 | if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { |
| wolfSSL | 4:1b0d80432c79 | 195 | WOLFSSL_MSG("Cert revoked"); |
| wolfSSL | 4:1b0d80432c79 | 196 | ret = CRL_CERT_REVOKED; |
| wolfSSL | 4:1b0d80432c79 | 197 | break; |
| wolfSSL | 4:1b0d80432c79 | 198 | } |
| wolfSSL | 4:1b0d80432c79 | 199 | rc = rc->next; |
| wolfSSL | 4:1b0d80432c79 | 200 | } |
| wolfSSL | 4:1b0d80432c79 | 201 | } |
| wolfSSL | 4:1b0d80432c79 | 202 | |
| wolfSSL | 4:1b0d80432c79 | 203 | UnLockMutex(&crl->crlLock); |
| wolfSSL | 4:1b0d80432c79 | 204 | |
| wolfSSL | 4:1b0d80432c79 | 205 | if (foundEntry == 0) { |
| wolfSSL | 4:1b0d80432c79 | 206 | WOLFSSL_MSG("Couldn't find CRL for status check"); |
| wolfSSL | 4:1b0d80432c79 | 207 | ret = CRL_MISSING; |
| wolfSSL | 4:1b0d80432c79 | 208 | if (crl->cm->cbMissingCRL) { |
| wolfSSL | 4:1b0d80432c79 | 209 | char url[256]; |
| wolfSSL | 4:1b0d80432c79 | 210 | |
| wolfSSL | 4:1b0d80432c79 | 211 | WOLFSSL_MSG("Issuing missing CRL callback"); |
| wolfSSL | 4:1b0d80432c79 | 212 | url[0] = '\0'; |
| wolfSSL | 4:1b0d80432c79 | 213 | if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) { |
| wolfSSL | 4:1b0d80432c79 | 214 | XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz); |
| wolfSSL | 4:1b0d80432c79 | 215 | url[cert->extCrlInfoSz] = '\0'; |
| wolfSSL | 4:1b0d80432c79 | 216 | } |
| wolfSSL | 4:1b0d80432c79 | 217 | else { |
| wolfSSL | 4:1b0d80432c79 | 218 | WOLFSSL_MSG("CRL url too long"); |
| wolfSSL | 4:1b0d80432c79 | 219 | } |
| wolfSSL | 4:1b0d80432c79 | 220 | crl->cm->cbMissingCRL(url); |
| wolfSSL | 4:1b0d80432c79 | 221 | } |
| wolfSSL | 4:1b0d80432c79 | 222 | } |
| wolfSSL | 4:1b0d80432c79 | 223 | |
| wolfSSL | 4:1b0d80432c79 | 224 | |
| wolfSSL | 4:1b0d80432c79 | 225 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 226 | } |
| wolfSSL | 4:1b0d80432c79 | 227 | |
| wolfSSL | 4:1b0d80432c79 | 228 | |
| wolfSSL | 4:1b0d80432c79 | 229 | /* Add Decoded CRL, 0 on success */ |
| wolfSSL | 4:1b0d80432c79 | 230 | static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl) |
| wolfSSL | 4:1b0d80432c79 | 231 | { |
| wolfSSL | 4:1b0d80432c79 | 232 | CRL_Entry* crle; |
| wolfSSL | 4:1b0d80432c79 | 233 | |
| wolfSSL | 4:1b0d80432c79 | 234 | WOLFSSL_ENTER("AddCRL"); |
| wolfSSL | 4:1b0d80432c79 | 235 | |
| wolfSSL | 4:1b0d80432c79 | 236 | crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, DYNAMIC_TYPE_CRL_ENTRY); |
| wolfSSL | 4:1b0d80432c79 | 237 | if (crle == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 238 | WOLFSSL_MSG("alloc CRL Entry failed"); |
| wolfSSL | 4:1b0d80432c79 | 239 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 240 | } |
| wolfSSL | 4:1b0d80432c79 | 241 | |
| wolfSSL | 4:1b0d80432c79 | 242 | if (InitCRL_Entry(crle, dcrl) < 0) { |
| wolfSSL | 4:1b0d80432c79 | 243 | WOLFSSL_MSG("Init CRL Entry failed"); |
| wolfSSL | 4:1b0d80432c79 | 244 | XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY); |
| wolfSSL | 4:1b0d80432c79 | 245 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 246 | } |
| wolfSSL | 4:1b0d80432c79 | 247 | |
| wolfSSL | 4:1b0d80432c79 | 248 | if (LockMutex(&crl->crlLock) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 249 | WOLFSSL_MSG("LockMutex failed"); |
| wolfSSL | 4:1b0d80432c79 | 250 | FreeCRL_Entry(crle); |
| wolfSSL | 4:1b0d80432c79 | 251 | XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY); |
| wolfSSL | 4:1b0d80432c79 | 252 | return BAD_MUTEX_E; |
| wolfSSL | 4:1b0d80432c79 | 253 | } |
| wolfSSL | 4:1b0d80432c79 | 254 | crle->next = crl->crlList; |
| wolfSSL | 4:1b0d80432c79 | 255 | crl->crlList = crle; |
| wolfSSL | 4:1b0d80432c79 | 256 | UnLockMutex(&crl->crlLock); |
| wolfSSL | 4:1b0d80432c79 | 257 | |
| wolfSSL | 4:1b0d80432c79 | 258 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 259 | } |
| wolfSSL | 4:1b0d80432c79 | 260 | |
| wolfSSL | 4:1b0d80432c79 | 261 | |
| wolfSSL | 4:1b0d80432c79 | 262 | /* Load CRL File of type, SSL_SUCCESS on ok */ |
| wolfSSL | 4:1b0d80432c79 | 263 | int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type) |
| wolfSSL | 4:1b0d80432c79 | 264 | { |
| wolfSSL | 4:1b0d80432c79 | 265 | int ret = SSL_SUCCESS; |
| wolfSSL | 4:1b0d80432c79 | 266 | const byte* myBuffer = buff; /* if DER ok, otherwise switch */ |
| wolfSSL | 4:1b0d80432c79 | 267 | DerBuffer* der = NULL; |
| wolfSSL | 4:1b0d80432c79 | 268 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 269 | DecodedCRL* dcrl; |
| wolfSSL | 4:1b0d80432c79 | 270 | #else |
| wolfSSL | 4:1b0d80432c79 | 271 | DecodedCRL dcrl[1]; |
| wolfSSL | 4:1b0d80432c79 | 272 | #endif |
| wolfSSL | 4:1b0d80432c79 | 273 | |
| wolfSSL | 4:1b0d80432c79 | 274 | WOLFSSL_ENTER("BufferLoadCRL"); |
| wolfSSL | 4:1b0d80432c79 | 275 | |
| wolfSSL | 4:1b0d80432c79 | 276 | if (crl == NULL || buff == NULL || sz == 0) |
| wolfSSL | 4:1b0d80432c79 | 277 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 278 | |
| wolfSSL | 4:1b0d80432c79 | 279 | if (type == SSL_FILETYPE_PEM) { |
| wolfSSL | 4:1b0d80432c79 | 280 | int eccKey = 0; /* not used */ |
| wolfSSL | 4:1b0d80432c79 | 281 | EncryptedInfo info; |
| wolfSSL | 4:1b0d80432c79 | 282 | info.ctx = NULL; |
| wolfSSL | 4:1b0d80432c79 | 283 | |
| wolfSSL | 4:1b0d80432c79 | 284 | ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, &eccKey); |
| wolfSSL | 4:1b0d80432c79 | 285 | if (ret == 0) { |
| wolfSSL | 4:1b0d80432c79 | 286 | myBuffer = der->buffer; |
| wolfSSL | 4:1b0d80432c79 | 287 | sz = der->length; |
| wolfSSL | 4:1b0d80432c79 | 288 | } |
| wolfSSL | 4:1b0d80432c79 | 289 | else { |
| wolfSSL | 4:1b0d80432c79 | 290 | WOLFSSL_MSG("Pem to Der failed"); |
| wolfSSL | 4:1b0d80432c79 | 291 | FreeDer(&der); |
| wolfSSL | 4:1b0d80432c79 | 292 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 293 | } |
| wolfSSL | 4:1b0d80432c79 | 294 | } |
| wolfSSL | 4:1b0d80432c79 | 295 | |
| wolfSSL | 4:1b0d80432c79 | 296 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 297 | dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 298 | if (dcrl == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 299 | FreeDer(&der); |
| wolfSSL | 4:1b0d80432c79 | 300 | return MEMORY_E; |
| wolfSSL | 4:1b0d80432c79 | 301 | } |
| wolfSSL | 4:1b0d80432c79 | 302 | #endif |
| wolfSSL | 4:1b0d80432c79 | 303 | |
| wolfSSL | 4:1b0d80432c79 | 304 | InitDecodedCRL(dcrl); |
| wolfSSL | 4:1b0d80432c79 | 305 | ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm); |
| wolfSSL | 4:1b0d80432c79 | 306 | if (ret != 0) { |
| wolfSSL | 4:1b0d80432c79 | 307 | WOLFSSL_MSG("ParseCRL error"); |
| wolfSSL | 4:1b0d80432c79 | 308 | } |
| wolfSSL | 4:1b0d80432c79 | 309 | else { |
| wolfSSL | 4:1b0d80432c79 | 310 | ret = AddCRL(crl, dcrl); |
| wolfSSL | 4:1b0d80432c79 | 311 | if (ret != 0) { |
| wolfSSL | 4:1b0d80432c79 | 312 | WOLFSSL_MSG("AddCRL error"); |
| wolfSSL | 4:1b0d80432c79 | 313 | } |
| wolfSSL | 4:1b0d80432c79 | 314 | } |
| wolfSSL | 4:1b0d80432c79 | 315 | |
| wolfSSL | 4:1b0d80432c79 | 316 | FreeDecodedCRL(dcrl); |
| wolfSSL | 4:1b0d80432c79 | 317 | |
| wolfSSL | 4:1b0d80432c79 | 318 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 319 | XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 320 | #endif |
| wolfSSL | 4:1b0d80432c79 | 321 | |
| wolfSSL | 4:1b0d80432c79 | 322 | FreeDer(&der); |
| wolfSSL | 4:1b0d80432c79 | 323 | |
| wolfSSL | 4:1b0d80432c79 | 324 | return ret ? ret : SSL_SUCCESS; /* convert 0 to SSL_SUCCESS */ |
| wolfSSL | 4:1b0d80432c79 | 325 | } |
| wolfSSL | 4:1b0d80432c79 | 326 | |
| wolfSSL | 4:1b0d80432c79 | 327 | |
| wolfSSL | 4:1b0d80432c79 | 328 | #ifdef HAVE_CRL_MONITOR |
| wolfSSL | 4:1b0d80432c79 | 329 | |
| wolfSSL | 4:1b0d80432c79 | 330 | |
| wolfSSL | 4:1b0d80432c79 | 331 | /* Signal Monitor thread is setup, save status to setup flag, 0 on success */ |
| wolfSSL | 4:1b0d80432c79 | 332 | static int SignalSetup(WOLFSSL_CRL* crl, int status) |
| wolfSSL | 4:1b0d80432c79 | 333 | { |
| wolfSSL | 4:1b0d80432c79 | 334 | int ret; |
| wolfSSL | 4:1b0d80432c79 | 335 | |
| wolfSSL | 4:1b0d80432c79 | 336 | /* signal to calling thread we're setup */ |
| wolfSSL | 4:1b0d80432c79 | 337 | if (LockMutex(&crl->crlLock) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 338 | WOLFSSL_MSG("LockMutex crlLock failed"); |
| wolfSSL | 4:1b0d80432c79 | 339 | return BAD_MUTEX_E; |
| wolfSSL | 4:1b0d80432c79 | 340 | } |
| wolfSSL | 4:1b0d80432c79 | 341 | |
| wolfSSL | 4:1b0d80432c79 | 342 | crl->setup = status; |
| wolfSSL | 4:1b0d80432c79 | 343 | ret = pthread_cond_signal(&crl->cond); |
| wolfSSL | 4:1b0d80432c79 | 344 | |
| wolfSSL | 4:1b0d80432c79 | 345 | UnLockMutex(&crl->crlLock); |
| wolfSSL | 4:1b0d80432c79 | 346 | |
| wolfSSL | 4:1b0d80432c79 | 347 | if (ret != 0) |
| wolfSSL | 4:1b0d80432c79 | 348 | return BAD_COND_E; |
| wolfSSL | 4:1b0d80432c79 | 349 | |
| wolfSSL | 4:1b0d80432c79 | 350 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 351 | } |
| wolfSSL | 4:1b0d80432c79 | 352 | |
| wolfSSL | 4:1b0d80432c79 | 353 | |
| wolfSSL | 4:1b0d80432c79 | 354 | /* read in new CRL entries and save new list */ |
| wolfSSL | 4:1b0d80432c79 | 355 | static int SwapLists(WOLFSSL_CRL* crl) |
| wolfSSL | 4:1b0d80432c79 | 356 | { |
| wolfSSL | 4:1b0d80432c79 | 357 | int ret; |
| wolfSSL | 4:1b0d80432c79 | 358 | CRL_Entry* newList; |
| wolfSSL | 4:1b0d80432c79 | 359 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 360 | WOLFSSL_CRL* tmp; |
| wolfSSL | 4:1b0d80432c79 | 361 | #else |
| wolfSSL | 4:1b0d80432c79 | 362 | WOLFSSL_CRL tmp[1]; |
| wolfSSL | 4:1b0d80432c79 | 363 | #endif |
| wolfSSL | 4:1b0d80432c79 | 364 | |
| wolfSSL | 4:1b0d80432c79 | 365 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 366 | tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 367 | if (tmp == NULL) |
| wolfSSL | 4:1b0d80432c79 | 368 | return MEMORY_E; |
| wolfSSL | 4:1b0d80432c79 | 369 | #endif |
| wolfSSL | 4:1b0d80432c79 | 370 | |
| wolfSSL | 4:1b0d80432c79 | 371 | if (InitCRL(tmp, crl->cm) < 0) { |
| wolfSSL | 4:1b0d80432c79 | 372 | WOLFSSL_MSG("Init tmp CRL failed"); |
| wolfSSL | 4:1b0d80432c79 | 373 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 374 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 375 | #endif |
| wolfSSL | 4:1b0d80432c79 | 376 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 377 | } |
| wolfSSL | 4:1b0d80432c79 | 378 | |
| wolfSSL | 4:1b0d80432c79 | 379 | if (crl->monitors[0].path) { |
| wolfSSL | 4:1b0d80432c79 | 380 | ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0); |
| wolfSSL | 4:1b0d80432c79 | 381 | if (ret != SSL_SUCCESS) { |
| wolfSSL | 4:1b0d80432c79 | 382 | WOLFSSL_MSG("PEM LoadCRL on dir change failed"); |
| wolfSSL | 4:1b0d80432c79 | 383 | FreeCRL(tmp, 0); |
| wolfSSL | 4:1b0d80432c79 | 384 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 385 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 386 | #endif |
| wolfSSL | 4:1b0d80432c79 | 387 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 388 | } |
| wolfSSL | 4:1b0d80432c79 | 389 | } |
| wolfSSL | 4:1b0d80432c79 | 390 | |
| wolfSSL | 4:1b0d80432c79 | 391 | if (crl->monitors[1].path) { |
| wolfSSL | 4:1b0d80432c79 | 392 | ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0); |
| wolfSSL | 4:1b0d80432c79 | 393 | if (ret != SSL_SUCCESS) { |
| wolfSSL | 4:1b0d80432c79 | 394 | WOLFSSL_MSG("DER LoadCRL on dir change failed"); |
| wolfSSL | 4:1b0d80432c79 | 395 | FreeCRL(tmp, 0); |
| wolfSSL | 4:1b0d80432c79 | 396 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 397 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 398 | #endif |
| wolfSSL | 4:1b0d80432c79 | 399 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 400 | } |
| wolfSSL | 4:1b0d80432c79 | 401 | } |
| wolfSSL | 4:1b0d80432c79 | 402 | |
| wolfSSL | 4:1b0d80432c79 | 403 | if (LockMutex(&crl->crlLock) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 404 | WOLFSSL_MSG("LockMutex failed"); |
| wolfSSL | 4:1b0d80432c79 | 405 | FreeCRL(tmp, 0); |
| wolfSSL | 4:1b0d80432c79 | 406 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 407 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 408 | #endif |
| wolfSSL | 4:1b0d80432c79 | 409 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 410 | } |
| wolfSSL | 4:1b0d80432c79 | 411 | |
| wolfSSL | 4:1b0d80432c79 | 412 | newList = tmp->crlList; |
| wolfSSL | 4:1b0d80432c79 | 413 | |
| wolfSSL | 4:1b0d80432c79 | 414 | /* swap lists */ |
| wolfSSL | 4:1b0d80432c79 | 415 | tmp->crlList = crl->crlList; |
| wolfSSL | 4:1b0d80432c79 | 416 | crl->crlList = newList; |
| wolfSSL | 4:1b0d80432c79 | 417 | |
| wolfSSL | 4:1b0d80432c79 | 418 | UnLockMutex(&crl->crlLock); |
| wolfSSL | 4:1b0d80432c79 | 419 | |
| wolfSSL | 4:1b0d80432c79 | 420 | FreeCRL(tmp, 0); |
| wolfSSL | 4:1b0d80432c79 | 421 | |
| wolfSSL | 4:1b0d80432c79 | 422 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 423 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 424 | #endif |
| wolfSSL | 4:1b0d80432c79 | 425 | |
| wolfSSL | 4:1b0d80432c79 | 426 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 427 | } |
| wolfSSL | 4:1b0d80432c79 | 428 | |
| wolfSSL | 4:1b0d80432c79 | 429 | |
| wolfSSL | 4:1b0d80432c79 | 430 | #if (defined(__MACH__) || defined(__FreeBSD__)) |
| wolfSSL | 4:1b0d80432c79 | 431 | |
| wolfSSL | 4:1b0d80432c79 | 432 | #include <sys/types.h> |
| wolfSSL | 4:1b0d80432c79 | 433 | #include <sys/event.h> |
| wolfSSL | 4:1b0d80432c79 | 434 | #include <sys/time.h> |
| wolfSSL | 4:1b0d80432c79 | 435 | #include <fcntl.h> |
| wolfSSL | 4:1b0d80432c79 | 436 | #include <unistd.h> |
| wolfSSL | 4:1b0d80432c79 | 437 | |
| wolfSSL | 4:1b0d80432c79 | 438 | #ifdef __MACH__ |
| wolfSSL | 4:1b0d80432c79 | 439 | #define XEVENT_MODE O_EVTONLY |
| wolfSSL | 4:1b0d80432c79 | 440 | #elif defined(__FreeBSD__) |
| wolfSSL | 4:1b0d80432c79 | 441 | #define XEVENT_MODE EVFILT_VNODE |
| wolfSSL | 4:1b0d80432c79 | 442 | #endif |
| wolfSSL | 4:1b0d80432c79 | 443 | |
| wolfSSL | 4:1b0d80432c79 | 444 | |
| wolfSSL | 4:1b0d80432c79 | 445 | /* we need a unique kqueue user filter fd for crl in case user is doing custom |
| wolfSSL | 4:1b0d80432c79 | 446 | * events too */ |
| wolfSSL | 4:1b0d80432c79 | 447 | #ifndef CRL_CUSTOM_FD |
| wolfSSL | 4:1b0d80432c79 | 448 | #define CRL_CUSTOM_FD 123456 |
| wolfSSL | 4:1b0d80432c79 | 449 | #endif |
| wolfSSL | 4:1b0d80432c79 | 450 | |
| wolfSSL | 4:1b0d80432c79 | 451 | |
| wolfSSL | 4:1b0d80432c79 | 452 | /* shutdown monitor thread, 0 on success */ |
| wolfSSL | 4:1b0d80432c79 | 453 | static int StopMonitor(int mfd) |
| wolfSSL | 4:1b0d80432c79 | 454 | { |
| wolfSSL | 4:1b0d80432c79 | 455 | struct kevent change; |
| wolfSSL | 4:1b0d80432c79 | 456 | |
| wolfSSL | 4:1b0d80432c79 | 457 | /* trigger custom shutdown */ |
| wolfSSL | 4:1b0d80432c79 | 458 | EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL); |
| wolfSSL | 4:1b0d80432c79 | 459 | if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) { |
| wolfSSL | 4:1b0d80432c79 | 460 | WOLFSSL_MSG("kevent trigger customer event failed"); |
| wolfSSL | 4:1b0d80432c79 | 461 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 462 | } |
| wolfSSL | 4:1b0d80432c79 | 463 | |
| wolfSSL | 4:1b0d80432c79 | 464 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 465 | } |
| wolfSSL | 4:1b0d80432c79 | 466 | |
| wolfSSL | 4:1b0d80432c79 | 467 | |
| wolfSSL | 4:1b0d80432c79 | 468 | /* OS X monitoring */ |
| wolfSSL | 4:1b0d80432c79 | 469 | static void* DoMonitor(void* arg) |
| wolfSSL | 4:1b0d80432c79 | 470 | { |
| wolfSSL | 4:1b0d80432c79 | 471 | int fPEM, fDER; |
| wolfSSL | 4:1b0d80432c79 | 472 | struct kevent change; |
| wolfSSL | 4:1b0d80432c79 | 473 | |
| wolfSSL | 4:1b0d80432c79 | 474 | WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg; |
| wolfSSL | 4:1b0d80432c79 | 475 | |
| wolfSSL | 4:1b0d80432c79 | 476 | WOLFSSL_ENTER("DoMonitor"); |
| wolfSSL | 4:1b0d80432c79 | 477 | |
| wolfSSL | 4:1b0d80432c79 | 478 | crl->mfd = kqueue(); |
| wolfSSL | 4:1b0d80432c79 | 479 | if (crl->mfd == -1) { |
| wolfSSL | 4:1b0d80432c79 | 480 | WOLFSSL_MSG("kqueue failed"); |
| wolfSSL | 4:1b0d80432c79 | 481 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 482 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 483 | } |
| wolfSSL | 4:1b0d80432c79 | 484 | |
| wolfSSL | 4:1b0d80432c79 | 485 | /* listen for custom shutdown event */ |
| wolfSSL | 4:1b0d80432c79 | 486 | EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL); |
| wolfSSL | 4:1b0d80432c79 | 487 | if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) { |
| wolfSSL | 4:1b0d80432c79 | 488 | WOLFSSL_MSG("kevent monitor customer event failed"); |
| wolfSSL | 4:1b0d80432c79 | 489 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 490 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 491 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 492 | } |
| wolfSSL | 4:1b0d80432c79 | 493 | |
| wolfSSL | 4:1b0d80432c79 | 494 | fPEM = -1; |
| wolfSSL | 4:1b0d80432c79 | 495 | fDER = -1; |
| wolfSSL | 4:1b0d80432c79 | 496 | |
| wolfSSL | 4:1b0d80432c79 | 497 | if (crl->monitors[0].path) { |
| wolfSSL | 4:1b0d80432c79 | 498 | fPEM = open(crl->monitors[0].path, XEVENT_MODE); |
| wolfSSL | 4:1b0d80432c79 | 499 | if (fPEM == -1) { |
| wolfSSL | 4:1b0d80432c79 | 500 | WOLFSSL_MSG("PEM event dir open failed"); |
| wolfSSL | 4:1b0d80432c79 | 501 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 502 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 503 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 504 | } |
| wolfSSL | 4:1b0d80432c79 | 505 | } |
| wolfSSL | 4:1b0d80432c79 | 506 | |
| wolfSSL | 4:1b0d80432c79 | 507 | if (crl->monitors[1].path) { |
| wolfSSL | 4:1b0d80432c79 | 508 | fDER = open(crl->monitors[1].path, XEVENT_MODE); |
| wolfSSL | 4:1b0d80432c79 | 509 | if (fDER == -1) { |
| wolfSSL | 4:1b0d80432c79 | 510 | WOLFSSL_MSG("DER event dir open failed"); |
| wolfSSL | 4:1b0d80432c79 | 511 | if (fPEM != -1) |
| wolfSSL | 4:1b0d80432c79 | 512 | close(fPEM); |
| wolfSSL | 4:1b0d80432c79 | 513 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 514 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 515 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 516 | } |
| wolfSSL | 4:1b0d80432c79 | 517 | } |
| wolfSSL | 4:1b0d80432c79 | 518 | |
| wolfSSL | 4:1b0d80432c79 | 519 | if (fPEM != -1) |
| wolfSSL | 4:1b0d80432c79 | 520 | EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT, |
| wolfSSL | 4:1b0d80432c79 | 521 | NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0); |
| wolfSSL | 4:1b0d80432c79 | 522 | |
| wolfSSL | 4:1b0d80432c79 | 523 | if (fDER != -1) |
| wolfSSL | 4:1b0d80432c79 | 524 | EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT, |
| wolfSSL | 4:1b0d80432c79 | 525 | NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0); |
| wolfSSL | 4:1b0d80432c79 | 526 | |
| wolfSSL | 4:1b0d80432c79 | 527 | /* signal to calling thread we're setup */ |
| wolfSSL | 4:1b0d80432c79 | 528 | if (SignalSetup(crl, 1) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 529 | if (fPEM != -1) |
| wolfSSL | 4:1b0d80432c79 | 530 | close(fPEM); |
| wolfSSL | 4:1b0d80432c79 | 531 | if (fDER != -1) |
| wolfSSL | 4:1b0d80432c79 | 532 | close(fDER); |
| wolfSSL | 4:1b0d80432c79 | 533 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 534 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 535 | } |
| wolfSSL | 4:1b0d80432c79 | 536 | |
| wolfSSL | 4:1b0d80432c79 | 537 | for (;;) { |
| wolfSSL | 4:1b0d80432c79 | 538 | struct kevent event; |
| wolfSSL | 4:1b0d80432c79 | 539 | int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL); |
| wolfSSL | 4:1b0d80432c79 | 540 | |
| wolfSSL | 4:1b0d80432c79 | 541 | WOLFSSL_MSG("Got kevent"); |
| wolfSSL | 4:1b0d80432c79 | 542 | |
| wolfSSL | 4:1b0d80432c79 | 543 | if (numEvents == -1) { |
| wolfSSL | 4:1b0d80432c79 | 544 | WOLFSSL_MSG("kevent problem, continue"); |
| wolfSSL | 4:1b0d80432c79 | 545 | continue; |
| wolfSSL | 4:1b0d80432c79 | 546 | } |
| wolfSSL | 4:1b0d80432c79 | 547 | |
| wolfSSL | 4:1b0d80432c79 | 548 | if (event.filter == EVFILT_USER) { |
| wolfSSL | 4:1b0d80432c79 | 549 | WOLFSSL_MSG("Got user shutdown event, breaking out"); |
| wolfSSL | 4:1b0d80432c79 | 550 | break; |
| wolfSSL | 4:1b0d80432c79 | 551 | } |
| wolfSSL | 4:1b0d80432c79 | 552 | |
| wolfSSL | 4:1b0d80432c79 | 553 | if (SwapLists(crl) < 0) { |
| wolfSSL | 4:1b0d80432c79 | 554 | WOLFSSL_MSG("SwapLists problem, continue"); |
| wolfSSL | 4:1b0d80432c79 | 555 | } |
| wolfSSL | 4:1b0d80432c79 | 556 | } |
| wolfSSL | 4:1b0d80432c79 | 557 | |
| wolfSSL | 4:1b0d80432c79 | 558 | if (fPEM != -1) |
| wolfSSL | 4:1b0d80432c79 | 559 | close(fPEM); |
| wolfSSL | 4:1b0d80432c79 | 560 | if (fDER != -1) |
| wolfSSL | 4:1b0d80432c79 | 561 | close(fDER); |
| wolfSSL | 4:1b0d80432c79 | 562 | |
| wolfSSL | 4:1b0d80432c79 | 563 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 564 | |
| wolfSSL | 4:1b0d80432c79 | 565 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 566 | } |
| wolfSSL | 4:1b0d80432c79 | 567 | |
| wolfSSL | 4:1b0d80432c79 | 568 | |
| wolfSSL | 4:1b0d80432c79 | 569 | #elif defined(__linux__) |
| wolfSSL | 4:1b0d80432c79 | 570 | |
| wolfSSL | 4:1b0d80432c79 | 571 | #include <sys/types.h> |
| wolfSSL | 4:1b0d80432c79 | 572 | #include <sys/inotify.h> |
| wolfSSL | 4:1b0d80432c79 | 573 | #include <sys/eventfd.h> |
| wolfSSL | 4:1b0d80432c79 | 574 | #include <unistd.h> |
| wolfSSL | 4:1b0d80432c79 | 575 | |
| wolfSSL | 4:1b0d80432c79 | 576 | |
| wolfSSL | 4:1b0d80432c79 | 577 | #ifndef max |
| wolfSSL | 4:1b0d80432c79 | 578 | static INLINE int max(int a, int b) |
| wolfSSL | 4:1b0d80432c79 | 579 | { |
| wolfSSL | 4:1b0d80432c79 | 580 | return a > b ? a : b; |
| wolfSSL | 4:1b0d80432c79 | 581 | } |
| wolfSSL | 4:1b0d80432c79 | 582 | #endif /* max */ |
| wolfSSL | 4:1b0d80432c79 | 583 | |
| wolfSSL | 4:1b0d80432c79 | 584 | |
| wolfSSL | 4:1b0d80432c79 | 585 | /* shutdown monitor thread, 0 on success */ |
| wolfSSL | 4:1b0d80432c79 | 586 | static int StopMonitor(int mfd) |
| wolfSSL | 4:1b0d80432c79 | 587 | { |
| wolfSSL | 4:1b0d80432c79 | 588 | word64 w64 = 1; |
| wolfSSL | 4:1b0d80432c79 | 589 | |
| wolfSSL | 4:1b0d80432c79 | 590 | /* write to our custom event */ |
| wolfSSL | 4:1b0d80432c79 | 591 | if (write(mfd, &w64, sizeof(w64)) < 0) { |
| wolfSSL | 4:1b0d80432c79 | 592 | WOLFSSL_MSG("StopMonitor write failed"); |
| wolfSSL | 4:1b0d80432c79 | 593 | return -1; |
| wolfSSL | 4:1b0d80432c79 | 594 | } |
| wolfSSL | 4:1b0d80432c79 | 595 | |
| wolfSSL | 4:1b0d80432c79 | 596 | return 0; |
| wolfSSL | 4:1b0d80432c79 | 597 | } |
| wolfSSL | 4:1b0d80432c79 | 598 | |
| wolfSSL | 4:1b0d80432c79 | 599 | |
| wolfSSL | 4:1b0d80432c79 | 600 | /* linux monitoring */ |
| wolfSSL | 4:1b0d80432c79 | 601 | static void* DoMonitor(void* arg) |
| wolfSSL | 4:1b0d80432c79 | 602 | { |
| wolfSSL | 4:1b0d80432c79 | 603 | int notifyFd; |
| wolfSSL | 4:1b0d80432c79 | 604 | int wd = -1; |
| wolfSSL | 4:1b0d80432c79 | 605 | WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg; |
| wolfSSL | 4:1b0d80432c79 | 606 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 607 | char* buff; |
| wolfSSL | 4:1b0d80432c79 | 608 | #else |
| wolfSSL | 4:1b0d80432c79 | 609 | char buff[8192]; |
| wolfSSL | 4:1b0d80432c79 | 610 | #endif |
| wolfSSL | 4:1b0d80432c79 | 611 | |
| wolfSSL | 4:1b0d80432c79 | 612 | WOLFSSL_ENTER("DoMonitor"); |
| wolfSSL | 4:1b0d80432c79 | 613 | |
| wolfSSL | 4:1b0d80432c79 | 614 | crl->mfd = eventfd(0, 0); /* our custom shutdown event */ |
| wolfSSL | 4:1b0d80432c79 | 615 | if (crl->mfd < 0) { |
| wolfSSL | 4:1b0d80432c79 | 616 | WOLFSSL_MSG("eventfd failed"); |
| wolfSSL | 4:1b0d80432c79 | 617 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 618 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 619 | } |
| wolfSSL | 4:1b0d80432c79 | 620 | |
| wolfSSL | 4:1b0d80432c79 | 621 | notifyFd = inotify_init(); |
| wolfSSL | 4:1b0d80432c79 | 622 | if (notifyFd < 0) { |
| wolfSSL | 4:1b0d80432c79 | 623 | WOLFSSL_MSG("inotify failed"); |
| wolfSSL | 4:1b0d80432c79 | 624 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 625 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 626 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 627 | } |
| wolfSSL | 4:1b0d80432c79 | 628 | |
| wolfSSL | 4:1b0d80432c79 | 629 | if (crl->monitors[0].path) { |
| wolfSSL | 4:1b0d80432c79 | 630 | wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE | |
| wolfSSL | 4:1b0d80432c79 | 631 | IN_DELETE); |
| wolfSSL | 4:1b0d80432c79 | 632 | if (wd < 0) { |
| wolfSSL | 4:1b0d80432c79 | 633 | WOLFSSL_MSG("PEM notify add watch failed"); |
| wolfSSL | 4:1b0d80432c79 | 634 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 635 | close(notifyFd); |
| wolfSSL | 4:1b0d80432c79 | 636 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 637 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 638 | } |
| wolfSSL | 4:1b0d80432c79 | 639 | } |
| wolfSSL | 4:1b0d80432c79 | 640 | |
| wolfSSL | 4:1b0d80432c79 | 641 | if (crl->monitors[1].path) { |
| wolfSSL | 4:1b0d80432c79 | 642 | wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE | |
| wolfSSL | 4:1b0d80432c79 | 643 | IN_DELETE); |
| wolfSSL | 4:1b0d80432c79 | 644 | if (wd < 0) { |
| wolfSSL | 4:1b0d80432c79 | 645 | WOLFSSL_MSG("DER notify add watch failed"); |
| wolfSSL | 4:1b0d80432c79 | 646 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 647 | close(notifyFd); |
| wolfSSL | 4:1b0d80432c79 | 648 | SignalSetup(crl, MONITOR_SETUP_E); |
| wolfSSL | 4:1b0d80432c79 | 649 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 650 | } |
| wolfSSL | 4:1b0d80432c79 | 651 | } |
| wolfSSL | 4:1b0d80432c79 | 652 | |
| wolfSSL | 4:1b0d80432c79 | 653 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 654 | buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 655 | if (buff == NULL) |
| wolfSSL | 4:1b0d80432c79 | 656 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 657 | #endif |
| wolfSSL | 4:1b0d80432c79 | 658 | |
| wolfSSL | 4:1b0d80432c79 | 659 | /* signal to calling thread we're setup */ |
| wolfSSL | 4:1b0d80432c79 | 660 | if (SignalSetup(crl, 1) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 661 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 662 | XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 663 | #endif |
| wolfSSL | 4:1b0d80432c79 | 664 | |
| wolfSSL | 4:1b0d80432c79 | 665 | if (wd > 0) |
| wolfSSL | 4:1b0d80432c79 | 666 | inotify_rm_watch(notifyFd, wd); |
| wolfSSL | 4:1b0d80432c79 | 667 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 668 | close(notifyFd); |
| wolfSSL | 4:1b0d80432c79 | 669 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 670 | } |
| wolfSSL | 4:1b0d80432c79 | 671 | |
| wolfSSL | 4:1b0d80432c79 | 672 | for (;;) { |
| wolfSSL | 4:1b0d80432c79 | 673 | fd_set readfds; |
| wolfSSL | 4:1b0d80432c79 | 674 | int result; |
| wolfSSL | 4:1b0d80432c79 | 675 | int length; |
| wolfSSL | 4:1b0d80432c79 | 676 | |
| wolfSSL | 4:1b0d80432c79 | 677 | FD_ZERO(&readfds); |
| wolfSSL | 4:1b0d80432c79 | 678 | FD_SET(notifyFd, &readfds); |
| wolfSSL | 4:1b0d80432c79 | 679 | FD_SET(crl->mfd, &readfds); |
| wolfSSL | 4:1b0d80432c79 | 680 | |
| wolfSSL | 4:1b0d80432c79 | 681 | result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL); |
| wolfSSL | 4:1b0d80432c79 | 682 | |
| wolfSSL | 4:1b0d80432c79 | 683 | WOLFSSL_MSG("Got notify event"); |
| wolfSSL | 4:1b0d80432c79 | 684 | |
| wolfSSL | 4:1b0d80432c79 | 685 | if (result < 0) { |
| wolfSSL | 4:1b0d80432c79 | 686 | WOLFSSL_MSG("select problem, continue"); |
| wolfSSL | 4:1b0d80432c79 | 687 | continue; |
| wolfSSL | 4:1b0d80432c79 | 688 | } |
| wolfSSL | 4:1b0d80432c79 | 689 | |
| wolfSSL | 4:1b0d80432c79 | 690 | if (FD_ISSET(crl->mfd, &readfds)) { |
| wolfSSL | 4:1b0d80432c79 | 691 | WOLFSSL_MSG("got custom shutdown event, breaking out"); |
| wolfSSL | 4:1b0d80432c79 | 692 | break; |
| wolfSSL | 4:1b0d80432c79 | 693 | } |
| wolfSSL | 4:1b0d80432c79 | 694 | |
| wolfSSL | 4:1b0d80432c79 | 695 | length = (int) read(notifyFd, buff, 8192); |
| wolfSSL | 4:1b0d80432c79 | 696 | if (length < 0) { |
| wolfSSL | 4:1b0d80432c79 | 697 | WOLFSSL_MSG("notify read problem, continue"); |
| wolfSSL | 4:1b0d80432c79 | 698 | continue; |
| wolfSSL | 4:1b0d80432c79 | 699 | } |
| wolfSSL | 4:1b0d80432c79 | 700 | |
| wolfSSL | 4:1b0d80432c79 | 701 | if (SwapLists(crl) < 0) { |
| wolfSSL | 4:1b0d80432c79 | 702 | WOLFSSL_MSG("SwapLists problem, continue"); |
| wolfSSL | 4:1b0d80432c79 | 703 | } |
| wolfSSL | 4:1b0d80432c79 | 704 | } |
| wolfSSL | 4:1b0d80432c79 | 705 | |
| wolfSSL | 4:1b0d80432c79 | 706 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 707 | XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 708 | #endif |
| wolfSSL | 4:1b0d80432c79 | 709 | |
| wolfSSL | 4:1b0d80432c79 | 710 | if (wd > 0) |
| wolfSSL | 4:1b0d80432c79 | 711 | inotify_rm_watch(notifyFd, wd); |
| wolfSSL | 4:1b0d80432c79 | 712 | close(crl->mfd); |
| wolfSSL | 4:1b0d80432c79 | 713 | close(notifyFd); |
| wolfSSL | 4:1b0d80432c79 | 714 | |
| wolfSSL | 4:1b0d80432c79 | 715 | return NULL; |
| wolfSSL | 4:1b0d80432c79 | 716 | } |
| wolfSSL | 4:1b0d80432c79 | 717 | |
| wolfSSL | 4:1b0d80432c79 | 718 | |
| wolfSSL | 4:1b0d80432c79 | 719 | #else |
| wolfSSL | 4:1b0d80432c79 | 720 | |
| wolfSSL | 4:1b0d80432c79 | 721 | #error "CRL monitor only currently supported on linux or mach" |
| wolfSSL | 4:1b0d80432c79 | 722 | |
| wolfSSL | 4:1b0d80432c79 | 723 | #endif /* MACH or linux */ |
| wolfSSL | 4:1b0d80432c79 | 724 | |
| wolfSSL | 4:1b0d80432c79 | 725 | |
| wolfSSL | 4:1b0d80432c79 | 726 | /* Start Monitoring the CRL path(s) in a thread */ |
| wolfSSL | 4:1b0d80432c79 | 727 | static int StartMonitorCRL(WOLFSSL_CRL* crl) |
| wolfSSL | 4:1b0d80432c79 | 728 | { |
| wolfSSL | 4:1b0d80432c79 | 729 | int ret = SSL_SUCCESS; |
| wolfSSL | 4:1b0d80432c79 | 730 | |
| wolfSSL | 4:1b0d80432c79 | 731 | WOLFSSL_ENTER("StartMonitorCRL"); |
| wolfSSL | 4:1b0d80432c79 | 732 | |
| wolfSSL | 4:1b0d80432c79 | 733 | if (crl == NULL) |
| wolfSSL | 4:1b0d80432c79 | 734 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 735 | |
| wolfSSL | 4:1b0d80432c79 | 736 | if (crl->tid != 0) { |
| wolfSSL | 4:1b0d80432c79 | 737 | WOLFSSL_MSG("Monitor thread already running"); |
| wolfSSL | 4:1b0d80432c79 | 738 | return ret; /* that's ok, someone already started */ |
| wolfSSL | 4:1b0d80432c79 | 739 | } |
| wolfSSL | 4:1b0d80432c79 | 740 | |
| wolfSSL | 4:1b0d80432c79 | 741 | if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 742 | WOLFSSL_MSG("Thread creation error"); |
| wolfSSL | 4:1b0d80432c79 | 743 | return THREAD_CREATE_E; |
| wolfSSL | 4:1b0d80432c79 | 744 | } |
| wolfSSL | 4:1b0d80432c79 | 745 | |
| wolfSSL | 4:1b0d80432c79 | 746 | /* wait for setup to complete */ |
| wolfSSL | 4:1b0d80432c79 | 747 | if (LockMutex(&crl->crlLock) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 748 | WOLFSSL_MSG("LockMutex crlLock error"); |
| wolfSSL | 4:1b0d80432c79 | 749 | return BAD_MUTEX_E; |
| wolfSSL | 4:1b0d80432c79 | 750 | } |
| wolfSSL | 4:1b0d80432c79 | 751 | |
| wolfSSL | 4:1b0d80432c79 | 752 | while (crl->setup == 0) { |
| wolfSSL | 4:1b0d80432c79 | 753 | if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 754 | ret = BAD_COND_E; |
| wolfSSL | 4:1b0d80432c79 | 755 | break; |
| wolfSSL | 4:1b0d80432c79 | 756 | } |
| wolfSSL | 4:1b0d80432c79 | 757 | } |
| wolfSSL | 4:1b0d80432c79 | 758 | |
| wolfSSL | 4:1b0d80432c79 | 759 | if (crl->setup < 0) |
| wolfSSL | 4:1b0d80432c79 | 760 | ret = crl->setup; /* store setup error */ |
| wolfSSL | 4:1b0d80432c79 | 761 | |
| wolfSSL | 4:1b0d80432c79 | 762 | UnLockMutex(&crl->crlLock); |
| wolfSSL | 4:1b0d80432c79 | 763 | |
| wolfSSL | 4:1b0d80432c79 | 764 | if (ret < 0) { |
| wolfSSL | 4:1b0d80432c79 | 765 | WOLFSSL_MSG("DoMonitor setup failure"); |
| wolfSSL | 4:1b0d80432c79 | 766 | crl->tid = 0; /* thread already done */ |
| wolfSSL | 4:1b0d80432c79 | 767 | } |
| wolfSSL | 4:1b0d80432c79 | 768 | |
| wolfSSL | 4:1b0d80432c79 | 769 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 770 | } |
| wolfSSL | 4:1b0d80432c79 | 771 | |
| wolfSSL | 4:1b0d80432c79 | 772 | |
| wolfSSL | 4:1b0d80432c79 | 773 | #else /* HAVE_CRL_MONITOR */ |
| wolfSSL | 4:1b0d80432c79 | 774 | |
| wolfSSL | 4:1b0d80432c79 | 775 | #ifndef NO_FILESYSTEM |
| wolfSSL | 4:1b0d80432c79 | 776 | |
| wolfSSL | 4:1b0d80432c79 | 777 | static int StartMonitorCRL(WOLFSSL_CRL* crl) |
| wolfSSL | 4:1b0d80432c79 | 778 | { |
| wolfSSL | 4:1b0d80432c79 | 779 | (void)crl; |
| wolfSSL | 4:1b0d80432c79 | 780 | |
| wolfSSL | 4:1b0d80432c79 | 781 | WOLFSSL_ENTER("StartMonitorCRL"); |
| wolfSSL | 4:1b0d80432c79 | 782 | WOLFSSL_MSG("Not compiled in"); |
| wolfSSL | 4:1b0d80432c79 | 783 | |
| wolfSSL | 4:1b0d80432c79 | 784 | return NOT_COMPILED_IN; |
| wolfSSL | 4:1b0d80432c79 | 785 | } |
| wolfSSL | 4:1b0d80432c79 | 786 | |
| wolfSSL | 4:1b0d80432c79 | 787 | #endif /* NO_FILESYSTEM */ |
| wolfSSL | 4:1b0d80432c79 | 788 | |
| wolfSSL | 4:1b0d80432c79 | 789 | #endif /* HAVE_CRL_MONITOR */ |
| wolfSSL | 4:1b0d80432c79 | 790 | |
| wolfSSL | 4:1b0d80432c79 | 791 | #ifndef NO_FILESYSTEM |
| wolfSSL | 4:1b0d80432c79 | 792 | |
| wolfSSL | 4:1b0d80432c79 | 793 | /* Load CRL path files of type, SSL_SUCCESS on ok */ |
| wolfSSL | 4:1b0d80432c79 | 794 | int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) |
| wolfSSL | 4:1b0d80432c79 | 795 | { |
| wolfSSL | 4:1b0d80432c79 | 796 | struct dirent* entry; |
| wolfSSL | 4:1b0d80432c79 | 797 | DIR* dir; |
| wolfSSL | 4:1b0d80432c79 | 798 | int ret = SSL_SUCCESS; |
| wolfSSL | 4:1b0d80432c79 | 799 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 800 | char* name; |
| wolfSSL | 4:1b0d80432c79 | 801 | #else |
| wolfSSL | 4:1b0d80432c79 | 802 | char name[MAX_FILENAME_SZ]; |
| wolfSSL | 4:1b0d80432c79 | 803 | #endif |
| wolfSSL | 4:1b0d80432c79 | 804 | |
| wolfSSL | 4:1b0d80432c79 | 805 | WOLFSSL_ENTER("LoadCRL"); |
| wolfSSL | 4:1b0d80432c79 | 806 | if (crl == NULL) |
| wolfSSL | 4:1b0d80432c79 | 807 | return BAD_FUNC_ARG; |
| wolfSSL | 4:1b0d80432c79 | 808 | |
| wolfSSL | 4:1b0d80432c79 | 809 | dir = opendir(path); |
| wolfSSL | 4:1b0d80432c79 | 810 | if (dir == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 811 | WOLFSSL_MSG("opendir path crl load failed"); |
| wolfSSL | 4:1b0d80432c79 | 812 | return BAD_PATH_ERROR; |
| wolfSSL | 4:1b0d80432c79 | 813 | } |
| wolfSSL | 4:1b0d80432c79 | 814 | |
| wolfSSL | 4:1b0d80432c79 | 815 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 816 | name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 817 | if (name == NULL) |
| wolfSSL | 4:1b0d80432c79 | 818 | return MEMORY_E; |
| wolfSSL | 4:1b0d80432c79 | 819 | #endif |
| wolfSSL | 4:1b0d80432c79 | 820 | |
| wolfSSL | 4:1b0d80432c79 | 821 | while ( (entry = readdir(dir)) != NULL) { |
| wolfSSL | 4:1b0d80432c79 | 822 | struct stat s; |
| wolfSSL | 4:1b0d80432c79 | 823 | |
| wolfSSL | 4:1b0d80432c79 | 824 | XMEMSET(name, 0, MAX_FILENAME_SZ); |
| wolfSSL | 4:1b0d80432c79 | 825 | XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2); |
| wolfSSL | 4:1b0d80432c79 | 826 | XSTRNCAT(name, "/", 1); |
| wolfSSL | 4:1b0d80432c79 | 827 | XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2); |
| wolfSSL | 4:1b0d80432c79 | 828 | |
| wolfSSL | 4:1b0d80432c79 | 829 | if (stat(name, &s) != 0) { |
| wolfSSL | 4:1b0d80432c79 | 830 | WOLFSSL_MSG("stat on name failed"); |
| wolfSSL | 4:1b0d80432c79 | 831 | continue; |
| wolfSSL | 4:1b0d80432c79 | 832 | } |
| wolfSSL | 4:1b0d80432c79 | 833 | if (s.st_mode & S_IFREG) { |
| wolfSSL | 4:1b0d80432c79 | 834 | |
| wolfSSL | 4:1b0d80432c79 | 835 | if (type == SSL_FILETYPE_PEM) { |
| wolfSSL | 4:1b0d80432c79 | 836 | if (XSTRSTR(entry->d_name, ".pem") == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 837 | WOLFSSL_MSG("not .pem file, skipping"); |
| wolfSSL | 4:1b0d80432c79 | 838 | continue; |
| wolfSSL | 4:1b0d80432c79 | 839 | } |
| wolfSSL | 4:1b0d80432c79 | 840 | } |
| wolfSSL | 4:1b0d80432c79 | 841 | else { |
| wolfSSL | 4:1b0d80432c79 | 842 | if (XSTRSTR(entry->d_name, ".der") == NULL && |
| wolfSSL | 4:1b0d80432c79 | 843 | XSTRSTR(entry->d_name, ".crl") == NULL) { |
| wolfSSL | 4:1b0d80432c79 | 844 | |
| wolfSSL | 4:1b0d80432c79 | 845 | WOLFSSL_MSG("not .der or .crl file, skipping"); |
| wolfSSL | 4:1b0d80432c79 | 846 | continue; |
| wolfSSL | 4:1b0d80432c79 | 847 | } |
| wolfSSL | 4:1b0d80432c79 | 848 | } |
| wolfSSL | 4:1b0d80432c79 | 849 | |
| wolfSSL | 4:1b0d80432c79 | 850 | if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl) |
| wolfSSL | 4:1b0d80432c79 | 851 | != SSL_SUCCESS) { |
| wolfSSL | 4:1b0d80432c79 | 852 | WOLFSSL_MSG("CRL file load failed, continuing"); |
| wolfSSL | 4:1b0d80432c79 | 853 | } |
| wolfSSL | 4:1b0d80432c79 | 854 | } |
| wolfSSL | 4:1b0d80432c79 | 855 | } |
| wolfSSL | 4:1b0d80432c79 | 856 | |
| wolfSSL | 4:1b0d80432c79 | 857 | #ifdef WOLFSSL_SMALL_STACK |
| wolfSSL | 4:1b0d80432c79 | 858 | XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 4:1b0d80432c79 | 859 | #endif |
| wolfSSL | 4:1b0d80432c79 | 860 | |
| wolfSSL | 4:1b0d80432c79 | 861 | if (monitor & WOLFSSL_CRL_MONITOR) { |
| wolfSSL | 4:1b0d80432c79 | 862 | word32 pathLen; |
| wolfSSL | 4:1b0d80432c79 | 863 | char* pathBuf; |
| wolfSSL | 4:1b0d80432c79 | 864 | |
| wolfSSL | 4:1b0d80432c79 | 865 | WOLFSSL_MSG("monitor path requested"); |
| wolfSSL | 4:1b0d80432c79 | 866 | |
| wolfSSL | 4:1b0d80432c79 | 867 | pathLen = (word32)XSTRLEN(path); |
| wolfSSL | 4:1b0d80432c79 | 868 | pathBuf = (char*)XMALLOC(pathLen+1, NULL, DYNAMIC_TYPE_CRL_MONITOR); |
| wolfSSL | 4:1b0d80432c79 | 869 | if (pathBuf) { |
| wolfSSL | 4:1b0d80432c79 | 870 | XSTRNCPY(pathBuf, path, pathLen); |
| wolfSSL | 4:1b0d80432c79 | 871 | pathBuf[pathLen] = '\0'; /* Null Terminate */ |
| wolfSSL | 4:1b0d80432c79 | 872 | |
| wolfSSL | 4:1b0d80432c79 | 873 | if (type == SSL_FILETYPE_PEM) { |
| wolfSSL | 4:1b0d80432c79 | 874 | crl->monitors[0].path = pathBuf; |
| wolfSSL | 4:1b0d80432c79 | 875 | crl->monitors[0].type = SSL_FILETYPE_PEM; |
| wolfSSL | 4:1b0d80432c79 | 876 | } else { |
| wolfSSL | 4:1b0d80432c79 | 877 | crl->monitors[1].path = pathBuf; |
| wolfSSL | 4:1b0d80432c79 | 878 | crl->monitors[1].type = SSL_FILETYPE_ASN1; |
| wolfSSL | 4:1b0d80432c79 | 879 | } |
| wolfSSL | 4:1b0d80432c79 | 880 | |
| wolfSSL | 4:1b0d80432c79 | 881 | if (monitor & WOLFSSL_CRL_START_MON) { |
| wolfSSL | 4:1b0d80432c79 | 882 | WOLFSSL_MSG("start monitoring requested"); |
| wolfSSL | 4:1b0d80432c79 | 883 | |
| wolfSSL | 4:1b0d80432c79 | 884 | ret = StartMonitorCRL(crl); |
| wolfSSL | 4:1b0d80432c79 | 885 | } |
| wolfSSL | 4:1b0d80432c79 | 886 | } |
| wolfSSL | 4:1b0d80432c79 | 887 | else { |
| wolfSSL | 4:1b0d80432c79 | 888 | ret = MEMORY_E; |
| wolfSSL | 4:1b0d80432c79 | 889 | } |
| wolfSSL | 4:1b0d80432c79 | 890 | } |
| wolfSSL | 4:1b0d80432c79 | 891 | |
| wolfSSL | 4:1b0d80432c79 | 892 | closedir(dir); |
| wolfSSL | 4:1b0d80432c79 | 893 | |
| wolfSSL | 4:1b0d80432c79 | 894 | return ret; |
| wolfSSL | 4:1b0d80432c79 | 895 | } |
| wolfSSL | 4:1b0d80432c79 | 896 | |
| wolfSSL | 4:1b0d80432c79 | 897 | #endif /* NO_FILESYSTEM */ |
| wolfSSL | 4:1b0d80432c79 | 898 | |
| wolfSSL | 4:1b0d80432c79 | 899 | #endif /* HAVE_CRL */ |
| wolfSSL | 4:1b0d80432c79 | 900 | #endif /* !WOLFCRYPT_ONLY */ |
| wolfSSL | 4:1b0d80432c79 | 901 |