TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / dd0aae92e0c46fbd04d70577dddbbea79ff39574 / . / library / x509_crl.c
blob: e3ebbff1ac5573b49689fa113709a960ea86612f [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
2 * X.509 certificate and private key decoding
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The ITU-T X.509 standard defines a certificate format for PKI.
27 *
28 * http://www.ietf.org/rfc/rfc3279.txt
29 * http://www.ietf.org/rfc/rfc3280.txt
30 *
31 * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
32 *
33 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
34 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
35 */
36
37#include "polarssl/config.h"
38
39#if defined(POLARSSL_X509_CRL_PARSE_C)
40
41#include "polarssl/x509_crl.h"
42#include "polarssl/oid.h"
43#if defined(POLARSSL_PEM_PARSE_C)
44#include "polarssl/pem.h"
45#endif
46
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]47#if defined(POLARSSL_PLATFORM_C)
48#include "polarssl/platform.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]49#else
50#define polarssl_malloc malloc
51#define polarssl_free free
52#endif
53
54#include <string.h>
55#include <stdlib.h>
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]56#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
57
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]58#include <windows.h>
59#else
60#include <time.h>
61#endif
62
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]63#if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]64#include <stdio.h>
65#endif
66
67/*
68 * Version ::= INTEGER { v1(0), v2(1) }
69 */
70static int x509_crl_get_version( unsigned char **p,
71 const unsigned char *end,
72 int *ver )
73{
74 int ret;
75
76 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
77 {
78 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
79 {
80 *ver = 0;
81 return( 0 );
82 }
83
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]84 return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]85 }
86
87 return( 0 );
88}
89
90/*
91 * X.509 CRL v2 extensions (no extensions parsed yet.)
92 */
93static int x509_get_crl_ext( unsigned char **p,
94 const unsigned char *end,
95 x509_buf *ext )
96{
97 int ret;
98 size_t len = 0;
99
100 /* Get explicit tag */
101 if( ( ret = x509_get_ext( p, end, ext, 0) ) != 0 )
102 {
103 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
104 return( 0 );
105
106 return( ret );
107 }
108
109 while( *p < end )
110 {
111 if( ( ret = asn1_get_tag( p, end, &len,
112 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]113 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]114
115 *p += len;
116 }
117
118 if( *p != end )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]119 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]120 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
121
122 return( 0 );
123}
124
125/*
126 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
127 */
128static int x509_get_crl_entry_ext( unsigned char **p,
129 const unsigned char *end,
130 x509_buf *ext )
131{
132 int ret;
133 size_t len = 0;
134
135 /* OPTIONAL */
136 if (end <= *p)
137 return( 0 );
138
139 ext->tag = **p;
140 ext->p = *p;
141
142 /*
143 * Get CRL-entry extension sequence header
144 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
145 */
146 if( ( ret = asn1_get_tag( p, end, &ext->len,
147 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
148 {
149 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
150 {
151 ext->p = NULL;
152 return( 0 );
153 }
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]154 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]155 }
156
157 end = *p + ext->len;
158
159 if( end != *p + ext->len )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]160 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]161 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
162
163 while( *p < end )
164 {
165 if( ( ret = asn1_get_tag( p, end, &len,
166 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]167 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]168
169 *p += len;
170 }
171
172 if( *p != end )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]173 return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]174 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
175
176 return( 0 );
177}
178
179/*
180 * X.509 CRL Entries
181 */
182static int x509_get_entries( unsigned char **p,
183 const unsigned char *end,
184 x509_crl_entry *entry )
185{
186 int ret;
187 size_t entry_len;
188 x509_crl_entry *cur_entry = entry;
189
190 if( *p == end )
191 return( 0 );
192
193 if( ( ret = asn1_get_tag( p, end, &entry_len,
194 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
195 {
196 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
197 return( 0 );
198
199 return( ret );
200 }
201
202 end = *p + entry_len;
203
204 while( *p < end )
205 {
206 size_t len2;
207 const unsigned char *end2;
208
209 if( ( ret = asn1_get_tag( p, end, &len2,
210 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
211 {
212 return( ret );
213 }
214
215 cur_entry->raw.tag = **p;
216 cur_entry->raw.p = *p;
217 cur_entry->raw.len = len2;
218 end2 = *p + len2;
219
220 if( ( ret = x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
221 return( ret );
222
223 if( ( ret = x509_get_time( p, end2, &cur_entry->revocation_date ) ) != 0 )
224 return( ret );
225
226 if( ( ret = x509_get_crl_entry_ext( p, end2, &cur_entry->entry_ext ) ) != 0 )
227 return( ret );
228
229 if ( *p < end )
230 {
231 cur_entry->next = polarssl_malloc( sizeof( x509_crl_entry ) );
232
233 if( cur_entry->next == NULL )
234 return( POLARSSL_ERR_X509_MALLOC_FAILED );
235
236 cur_entry = cur_entry->next;
237 memset( cur_entry, 0, sizeof( x509_crl_entry ) );
238 }
239 }
240
241 return( 0 );
242}
243
244/*
245 * Parse one or more CRLs and add them to the chained list
246 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]247int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]248{
249 int ret;
250 size_t len;
251 unsigned char *p, *end;
252 x509_crl *crl;
253#if defined(POLARSSL_PEM_PARSE_C)
254 size_t use_len;
255 pem_context pem;
256#endif
257
258 crl = chain;
259
260 /*
261 * Check for valid input
262 */
263 if( crl == NULL || buf == NULL )
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]264 return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]265
266 while( crl->version != 0 && crl->next != NULL )
267 crl = crl->next;
268
269 /*
270 * Add new CRL on the end of the chain if needed.
271 */
272 if ( crl->version != 0 && crl->next == NULL)
273 {
274 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
275
276 if( crl->next == NULL )
277 {
278 x509_crl_free( crl );
279 return( POLARSSL_ERR_X509_MALLOC_FAILED );
280 }
281
282 crl = crl->next;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]283 x509_crl_init( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]284 }
285
286#if defined(POLARSSL_PEM_PARSE_C)
287 pem_init( &pem );
288 ret = pem_read_buffer( &pem,
289 "-----BEGIN X509 CRL-----",
290 "-----END X509 CRL-----",
291 buf, NULL, 0, &use_len );
292
293 if( ret == 0 )
294 {
295 /*
296 * Was PEM encoded
297 */
298 buflen -= use_len;
299 buf += use_len;
300
301 /*
302 * Steal PEM buffer
303 */
304 p = pem.buf;
305 pem.buf = NULL;
306 len = pem.buflen;
307 pem_free( &pem );
308 }
309 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
310 {
311 pem_free( &pem );
312 return( ret );
313 }
314 else
315#endif
316 {
317 /*
318 * nope, copy the raw DER data
319 */
320 p = (unsigned char *) polarssl_malloc( len = buflen );
321
322 if( p == NULL )
323 return( POLARSSL_ERR_X509_MALLOC_FAILED );
324
325 memcpy( p, buf, buflen );
326
327 buflen = 0;
328 }
329
330 crl->raw.p = p;
331 crl->raw.len = len;
332 end = p + len;
333
334 /*
335 * CertificateList ::= SEQUENCE {
336 * tbsCertList TBSCertList,
337 * signatureAlgorithm AlgorithmIdentifier,
338 * signatureValue BIT STRING }
339 */
340 if( ( ret = asn1_get_tag( &p, end, &len,
341 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
342 {
343 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]344 return( POLARSSL_ERR_X509_INVALID_FORMAT );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]345 }
346
347 if( len != (size_t) ( end - p ) )
348 {
349 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]350 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]351 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
352 }
353
354 /*
355 * TBSCertList ::= SEQUENCE {
356 */
357 crl->tbs.p = p;
358
359 if( ( ret = asn1_get_tag( &p, end, &len,
360 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
361 {
362 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]363 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]364 }
365
366 end = p + len;
367 crl->tbs.len = end - crl->tbs.p;
368
369 /*
370 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
371 * -- if present, MUST be v2
372 *
373 * signature AlgorithmIdentifier
374 */
375 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]376 ( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]377 {
378 x509_crl_free( crl );
379 return( ret );
380 }
381
382 crl->version++;
383
384 if( crl->version > 2 )
385 {
386 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]387 return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]388 }
389
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]390 if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
391 &crl->sig_pk ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]392 {
393 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]394 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]395 }
396
397 /*
398 * issuer Name
399 */
400 crl->issuer_raw.p = p;
401
402 if( ( ret = asn1_get_tag( &p, end, &len,
403 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
404 {
405 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]406 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]407 }
408
409 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
410 {
411 x509_crl_free( crl );
412 return( ret );
413 }
414
415 crl->issuer_raw.len = p - crl->issuer_raw.p;
416
417 /*
418 * thisUpdate Time
419 * nextUpdate Time OPTIONAL
420 */
421 if( ( ret = x509_get_time( &p, end, &crl->this_update ) ) != 0 )
422 {
423 x509_crl_free( crl );
424 return( ret );
425 }
426
427 if( ( ret = x509_get_time( &p, end, &crl->next_update ) ) != 0 )
428 {
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]429 if ( ret != ( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]430 POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]431 ret != ( POLARSSL_ERR_X509_INVALID_DATE +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]432 POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
433 {
434 x509_crl_free( crl );
435 return( ret );
436 }
437 }
438
439 /*
440 * revokedCertificates SEQUENCE OF SEQUENCE {
441 * userCertificate CertificateSerialNumber,
442 * revocationDate Time,
443 * crlEntryExtensions Extensions OPTIONAL
444 * -- if present, MUST be v2
445 * } OPTIONAL
446 */
447 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
448 {
449 x509_crl_free( crl );
450 return( ret );
451 }
452
453 /*
454 * crlExtensions EXPLICIT Extensions OPTIONAL
455 * -- if present, MUST be v2
456 */
457 if( crl->version == 2 )
458 {
459 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
460
461 if( ret != 0 )
462 {
463 x509_crl_free( crl );
464 return( ret );
465 }
466 }
467
468 if( p != end )
469 {
470 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]471 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]472 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
473 }
474
475 end = crl->raw.p + crl->raw.len;
476
477 /*
478 * signatureAlgorithm AlgorithmIdentifier,
479 * signatureValue BIT STRING
480 */
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]481 if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]482 {
483 x509_crl_free( crl );
484 return( ret );
485 }
486
487 if( crl->sig_oid1.len != crl->sig_oid2.len ||
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]488 memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]489 {
490 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]491 return( POLARSSL_ERR_X509_SIG_MISMATCH );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]492 }
493
494 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
495 {
496 x509_crl_free( crl );
497 return( ret );
498 }
499
500 if( p != end )
501 {
502 x509_crl_free( crl );
Paul Bakker51876562013-09-17 14:36:05 +0200[diff] [blame]503 return( POLARSSL_ERR_X509_INVALID_FORMAT +
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]504 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
505 }
506
507 if( buflen > 0 )
508 {
509 crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
510
511 if( crl->next == NULL )
512 {
513 x509_crl_free( crl );
514 return( POLARSSL_ERR_X509_MALLOC_FAILED );
515 }
516
517 crl = crl->next;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]518 x509_crl_init( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]519
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]520 return( x509_crl_parse( crl, buf, buflen ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]521 }
522
523 return( 0 );
524}
525
526#if defined(POLARSSL_FS_IO)
527/*
528 * Load one or more CRLs and add them to the chained list
529 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]530int x509_crl_parse_file( x509_crl *chain, const char *path )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]531{
532 int ret;
533 size_t n;
534 unsigned char *buf;
535
536 if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
537 return( ret );
538
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]539 ret = x509_crl_parse( chain, buf, n );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]540
541 memset( buf, 0, n + 1 );
542 polarssl_free( buf );
543
544 return( ret );
545}
546#endif /* POLARSSL_FS_IO */
547
Paul Bakker6edcd412013-10-29 15:22:54 +0100[diff] [blame]548#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
549 !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]550#include <stdarg.h>
551
552#if !defined vsnprintf
553#define vsnprintf _vsnprintf
554#endif // vsnprintf
555
556/*
557 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
558 * Result value is not size of buffer needed, but -1 if no fit is possible.
559 *
560 * This fuction tries to 'fix' this by at least suggesting enlarging the
561 * size by 20.
562 */
563static int compat_snprintf(char *str, size_t size, const char *format, ...)
564{
565 va_list ap;
566 int res = -1;
567
568 va_start( ap, format );
569
570 res = vsnprintf( str, size, format, ap );
571
572 va_end( ap );
573
574 // No quick fix possible
575 if ( res < 0 )
576 return( (int) size + 20 );
577
578 return res;
579}
580
581#define snprintf compat_snprintf
582#endif
583
584#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
585
586#define SAFE_SNPRINTF() \
587{ \
588 if( ret == -1 ) \
589 return( -1 ); \
590 \
591 if ( (unsigned int) ret > n ) { \
592 p[n - 1] = '\0'; \
593 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
594 } \
595 \
596 n -= (unsigned int) ret; \
597 p += (unsigned int) ret; \
598}
599
600/*
601 * Return an informational string about the certificate.
602 */
603#define BEFORE_COLON 14
604#define BC "14"
605/*
606 * Return an informational string about the CRL.
607 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]608int x509_crl_info( char *buf, size_t size, const char *prefix,
609 const x509_crl *crl )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]610{
611 int ret;
612 size_t n;
613 char *p;
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]614 const char *desc;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]615 const x509_crl_entry *entry;
616
617 p = buf;
618 n = size;
619
620 ret = snprintf( p, n, "%sCRL version : %d",
621 prefix, crl->version );
622 SAFE_SNPRINTF();
623
624 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
625 SAFE_SNPRINTF();
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]626 ret = x509_dn_gets( p, n, &crl->issuer );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]627 SAFE_SNPRINTF();
628
629 ret = snprintf( p, n, "\n%sthis update : " \
630 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
631 crl->this_update.year, crl->this_update.mon,
632 crl->this_update.day, crl->this_update.hour,
633 crl->this_update.min, crl->this_update.sec );
634 SAFE_SNPRINTF();
635
636 ret = snprintf( p, n, "\n%snext update : " \
637 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
638 crl->next_update.year, crl->next_update.mon,
639 crl->next_update.day, crl->next_update.hour,
640 crl->next_update.min, crl->next_update.sec );
641 SAFE_SNPRINTF();
642
643 entry = &crl->entry;
644
645 ret = snprintf( p, n, "\n%sRevoked certificates:",
646 prefix );
647 SAFE_SNPRINTF();
648
649 while( entry != NULL && entry->raw.len != 0 )
650 {
651 ret = snprintf( p, n, "\n%sserial number: ",
652 prefix );
653 SAFE_SNPRINTF();
654
Paul Bakker86d0c192013-09-18 11:11:02 +0200[diff] [blame]655 ret = x509_serial_gets( p, n, &entry->serial);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]656 SAFE_SNPRINTF();
657
658 ret = snprintf( p, n, " revocation date: " \
659 "%04d-%02d-%02d %02d:%02d:%02d",
660 entry->revocation_date.year, entry->revocation_date.mon,
661 entry->revocation_date.day, entry->revocation_date.hour,
662 entry->revocation_date.min, entry->revocation_date.sec );
663 SAFE_SNPRINTF();
664
665 entry = entry->next;
666 }
667
668 ret = snprintf( p, n, "\n%ssigned using : ", prefix );
669 SAFE_SNPRINTF();
670
Manuel Pégourié-Gonnardc9093082014-02-12 09:39:59 +0100[diff] [blame]671 ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc );
672 if( ret != 0 )
673 ret = snprintf( p, n, "???" );
674 else
675 ret = snprintf( p, n, "%s", desc );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]676 SAFE_SNPRINTF();
677
678 ret = snprintf( p, n, "\n" );
679 SAFE_SNPRINTF();
680
681 return( (int) ( size - n ) );
682}
683
684/*
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]685 * Initialize a CRL chain
686 */
687void x509_crl_init( x509_crl *crl )
688{
689 memset( crl, 0, sizeof(x509_crl) );
690}
691
692/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]693 * Unallocate all CRL data
694 */
695void x509_crl_free( x509_crl *crl )
696{
697 x509_crl *crl_cur = crl;
698 x509_crl *crl_prv;
699 x509_name *name_cur;
700 x509_name *name_prv;
701 x509_crl_entry *entry_cur;
702 x509_crl_entry *entry_prv;
703
704 if( crl == NULL )
705 return;
706
707 do
708 {
709 name_cur = crl_cur->issuer.next;
710 while( name_cur != NULL )
711 {
712 name_prv = name_cur;
713 name_cur = name_cur->next;
714 memset( name_prv, 0, sizeof( x509_name ) );
715 polarssl_free( name_prv );
716 }
717
718 entry_cur = crl_cur->entry.next;
719 while( entry_cur != NULL )
720 {
721 entry_prv = entry_cur;
722 entry_cur = entry_cur->next;
723 memset( entry_prv, 0, sizeof( x509_crl_entry ) );
724 polarssl_free( entry_prv );
725 }
726
727 if( crl_cur->raw.p != NULL )
728 {
729 memset( crl_cur->raw.p, 0, crl_cur->raw.len );
730 polarssl_free( crl_cur->raw.p );
731 }
732
733 crl_cur = crl_cur->next;
734 }
735 while( crl_cur != NULL );
736
737 crl_cur = crl;
738 do
739 {
740 crl_prv = crl_cur;
741 crl_cur = crl_cur->next;
742
743 memset( crl_prv, 0, sizeof( x509_crl ) );
744 if( crl_prv != crl )
745 polarssl_free( crl_prv );
746 }
747 while( crl_cur != NULL );
748}
749
750#endif