TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c0eabdc63657f784dee45167b010534cd3924cfa / . / library / x509_crl.c
blob: 58889efbcba530ba8ae6c9d3a1c081719704745e [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
Manuel Pégourié-Gonnard1c082f32014-06-12 22:34:55 +0200[diff] [blame]2 * X.509 Certidicate Revocation List (CRL) parsing
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]18 */
19/*
20 * The ITU-T X.509 standard defines a certificate format for PKI.
21 *
Manuel Pégourié-Gonnard1c082f32014-06-12 22:34:55 +0200[diff] [blame]22 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
23 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
24 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]25 *
26 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
27 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
28 */
29
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]30#include "common.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]31
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]32#if defined(MBEDTLS_X509_CRL_PARSE_C)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]33
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]34# include "mbedtls/x509_crl.h"
35# include "mbedtls/error.h"
36# include "mbedtls/oid.h"
37# include "mbedtls/platform_util.h"
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]39# include <string.h>
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]40
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]41# if defined(MBEDTLS_PEM_PARSE_C)
42# include "mbedtls/pem.h"
43# endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]44
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]45# if defined(MBEDTLS_PLATFORM_C)
46# include "mbedtls/platform.h"
47# else
48# include <stdlib.h>
49# include <stdio.h>
50# define mbedtls_free free
51# define mbedtls_calloc calloc
52# define mbedtls_snprintf snprintf
53# endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]54
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]55# if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
56# include <windows.h>
57# else
58# include <time.h>
59# endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]60
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]61# if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
62# include <stdio.h>
63# endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]64
65/*
66 * Version ::= INTEGER { v1(0), v2(1) }
67 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]68static int
69x509_crl_get_version(unsigned char **p, const unsigned char *end, int *ver)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]70{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]71 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]72
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]73 if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
74 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]75 *ver = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]76 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]77 }
78
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]79 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]80 }
81
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]82 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]83}
84
85/*
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]86 * X.509 CRL v2 extensions
87 *
88 * We currently don't parse any extension's content, but we do check that the
89 * list of extensions is well-formed and abort on critical extensions (that
90 * are unsupported as we don't support any extension so far)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]91 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]92static int x509_get_crl_ext(unsigned char **p,
93 const unsigned char *end,
94 mbedtls_x509_buf *ext)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]95{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]96 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]97
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]98 if (*p == end)
99 return 0;
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]100
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]101 /*
102 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
103 * -- if present, version MUST be v2
104 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]105 if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0)
106 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]107
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]108 end = ext->p + ext->len;
109
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]110 while (*p < end) {
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]111 /*
112 * Extension ::= SEQUENCE {
113 * extnID OBJECT IDENTIFIER,
114 * critical BOOLEAN DEFAULT FALSE,
115 * extnValue OCTET STRING }
116 */
117 int is_critical = 0;
118 const unsigned char *end_ext_data;
119 size_t len;
120
121 /* Get enclosing sequence tag */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]122 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
123 MBEDTLS_ASN1_CONSTRUCTED |
124 MBEDTLS_ASN1_SEQUENCE)) != 0)
125 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]126
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]127 end_ext_data = *p + len;
128
129 /* Get OID (currently ignored) */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]130 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
131 MBEDTLS_ASN1_OID)) != 0) {
132 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]133 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]134 *p += len;
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]135
136 /* Get optional critical */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]137 if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 &&
138 (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
139 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]140 }
141
142 /* Data should be octet string type */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]143 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
144 MBEDTLS_ASN1_OCTET_STRING)) != 0)
145 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]146
147 /* Ignore data so far and just check its length */
148 *p += len;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]149 if (*p != end_ext_data)
150 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
151 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]152
153 /* Abort on (unsupported) critical extensions */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]154 if (is_critical)
155 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
156 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]157 }
158
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]159 if (*p != end)
160 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
161 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]162
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]163 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]164}
165
166/*
167 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
168 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]169static int x509_get_crl_entry_ext(unsigned char **p,
170 const unsigned char *end,
171 mbedtls_x509_buf *ext)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]172{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]173 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]174 size_t len = 0;
175
176 /* OPTIONAL */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]177 if (end <= *p)
178 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]179
180 ext->tag = **p;
181 ext->p = *p;
182
183 /*
184 * Get CRL-entry extension sequence header
185 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
186 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]187 if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len,
188 MBEDTLS_ASN1_CONSTRUCTED |
189 MBEDTLS_ASN1_SEQUENCE)) != 0) {
190 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]191 ext->p = NULL;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]192 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]193 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]194 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]195 }
196
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]197 end = *p + ext->len;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]198
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]199 if (end != *p + ext->len)
200 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
201 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]202
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]203 while (*p < end) {
204 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
205 MBEDTLS_ASN1_CONSTRUCTED |
206 MBEDTLS_ASN1_SEQUENCE)) != 0)
207 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]208
209 *p += len;
210 }
211
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]212 if (*p != end)
213 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
214 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]215
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]216 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]217}
218
219/*
220 * X.509 CRL Entries
221 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]222static int x509_get_entries(unsigned char **p,
223 const unsigned char *end,
224 mbedtls_x509_crl_entry *entry)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]225{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]226 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]227 size_t entry_len;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228 mbedtls_x509_crl_entry *cur_entry = entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]229
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]230 if (*p == end)
231 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]232
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]233 if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len,
234 MBEDTLS_ASN1_SEQUENCE |
235 MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
236 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
237 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]238
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]239 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]240 }
241
242 end = *p + entry_len;
243
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]244 while (*p < end) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]245 size_t len2;
246 const unsigned char *end2;
247
Gilles Peskine5dd5a492020-07-16 18:26:29 +0200[diff] [blame]248 cur_entry->raw.tag = **p;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]249 if ((ret = mbedtls_asn1_get_tag(p, end, &len2,
250 MBEDTLS_ASN1_SEQUENCE |
251 MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
252 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]253 }
254
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]255 cur_entry->raw.p = *p;
256 cur_entry->raw.len = len2;
257 end2 = *p + len2;
258
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]259 if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0)
260 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]261
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]262 if ((ret = mbedtls_x509_get_time(p, end2,
263 &cur_entry->revocation_date)) != 0)
264 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]265
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]266 if ((ret = x509_get_crl_entry_ext(p, end2, &cur_entry->entry_ext)) != 0)
267 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]268
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]269 if (*p < end) {
270 cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]271
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]272 if (cur_entry->next == NULL)
273 return MBEDTLS_ERR_X509_ALLOC_FAILED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]274
275 cur_entry = cur_entry->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]276 }
277 }
278
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]279 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]280}
281
282/*
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]283 * Parse one CRLs in DER format and append it to the chained list
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]284 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]285int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
286 const unsigned char *buf,
287 size_t buflen)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]288{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]289 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]290 size_t len;
Andres Amaya Garciaf1ee6352017-07-06 10:06:58 +0100[diff] [blame]291 unsigned char *p = NULL, *end = NULL;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]292 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
293 mbedtls_x509_crl *crl = chain;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]294
295 /*
296 * Check for valid input
297 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]298 if (crl == NULL || buf == NULL)
299 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]300
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]301 memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
302 memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
303 memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]304
305 /*
306 * Add new CRL on the end of the chain if needed.
307 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]308 while (crl->version != 0 && crl->next != NULL)
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]309 crl = crl->next;
310
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]311 if (crl->version != 0 && crl->next == NULL) {
312 crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]313
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]314 if (crl->next == NULL) {
315 mbedtls_x509_crl_free(crl);
316 return MBEDTLS_ERR_X509_ALLOC_FAILED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]317 }
318
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]319 mbedtls_x509_crl_init(crl->next);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]320 crl = crl->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]321 }
322
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]323 /*
324 * Copy raw DER-encoded CRL
325 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]326 if (buflen == 0)
327 return MBEDTLS_ERR_X509_INVALID_FORMAT;
Andres Amaya Garciac9d62262017-12-12 20:15:03 +0000[diff] [blame]328
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]329 p = mbedtls_calloc(1, buflen);
330 if (p == NULL)
331 return MBEDTLS_ERR_X509_ALLOC_FAILED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]332
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]333 memcpy(p, buf, buflen);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]334
335 crl->raw.p = p;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]336 crl->raw.len = buflen;
337
338 end = p + buflen;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]339
340 /*
341 * CertificateList ::= SEQUENCE {
342 * tbsCertList TBSCertList,
343 * signatureAlgorithm AlgorithmIdentifier,
344 * signatureValue BIT STRING }
345 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]346 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
347 MBEDTLS_ASN1_CONSTRUCTED |
348 MBEDTLS_ASN1_SEQUENCE)) != 0) {
349 mbedtls_x509_crl_free(crl);
350 return MBEDTLS_ERR_X509_INVALID_FORMAT;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]351 }
352
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]353 if (len != (size_t)(end - p)) {
354 mbedtls_x509_crl_free(crl);
355 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
356 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]357 }
358
359 /*
360 * TBSCertList ::= SEQUENCE {
361 */
362 crl->tbs.p = p;
363
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]364 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
365 MBEDTLS_ASN1_CONSTRUCTED |
366 MBEDTLS_ASN1_SEQUENCE)) != 0) {
367 mbedtls_x509_crl_free(crl);
368 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]369 }
370
371 end = p + len;
372 crl->tbs.len = end - crl->tbs.p;
373
374 /*
375 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
376 * -- if present, MUST be v2
377 *
378 * signature AlgorithmIdentifier
379 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]380 if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 ||
381 (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) !=
382 0) {
383 mbedtls_x509_crl_free(crl);
384 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]385 }
386
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]387 if (crl->version < 0 || crl->version > 1) {
388 mbedtls_x509_crl_free(crl);
389 return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]390 }
391
Andres AG4f753c12017-02-10 14:39:58 +0000[diff] [blame]392 crl->version++;
393
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]394 if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
395 &crl->sig_md, &crl->sig_pk,
396 &crl->sig_opts)) != 0) {
397 mbedtls_x509_crl_free(crl);
398 return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]399 }
400
401 /*
402 * issuer Name
403 */
404 crl->issuer_raw.p = p;
405
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]406 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
407 MBEDTLS_ASN1_CONSTRUCTED |
408 MBEDTLS_ASN1_SEQUENCE)) != 0) {
409 mbedtls_x509_crl_free(crl);
410 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]411 }
412
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]413 if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) {
414 mbedtls_x509_crl_free(crl);
415 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]416 }
417
418 crl->issuer_raw.len = p - crl->issuer_raw.p;
419
420 /*
421 * thisUpdate Time
422 * nextUpdate Time OPTIONAL
423 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]424 if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) {
425 mbedtls_x509_crl_free(crl);
426 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]427 }
428
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]429 if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) {
430 if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
431 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) &&
432 ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
433 MBEDTLS_ERR_ASN1_OUT_OF_DATA))) {
434 mbedtls_x509_crl_free(crl);
435 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]436 }
437 }
438
439 /*
440 * revokedCertificates SEQUENCE OF SEQUENCE {
441 * userCertificate CertificateSerialNumber,
442 * revocationDate Time,
443 * crlEntryExtensions Extensions OPTIONAL
444 * -- if present, MUST be v2
445 * } OPTIONAL
446 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]447 if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) {
448 mbedtls_x509_crl_free(crl);
449 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]450 }
451
452 /*
453 * crlExtensions EXPLICIT Extensions OPTIONAL
454 * -- if present, MUST be v2
455 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]456 if (crl->version == 2) {
457 ret = x509_get_crl_ext(&p, end, &crl->crl_ext);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]458
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]459 if (ret != 0) {
460 mbedtls_x509_crl_free(crl);
461 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]462 }
463 }
464
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]465 if (p != end) {
466 mbedtls_x509_crl_free(crl);
467 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
468 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]469 }
470
471 end = crl->raw.p + crl->raw.len;
472
473 /*
474 * signatureAlgorithm AlgorithmIdentifier,
475 * signatureValue BIT STRING
476 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]477 if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
478 mbedtls_x509_crl_free(crl);
479 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]480 }
481
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]482 if (crl->sig_oid.len != sig_oid2.len ||
483 memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 ||
Manuel Pégourié-Gonnarddddbb1d2014-06-05 17:02:24 +0200[diff] [blame]484 sig_params1.len != sig_params2.len ||
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]485 (sig_params1.len != 0 &&
486 memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
487 mbedtls_x509_crl_free(crl);
488 return MBEDTLS_ERR_X509_SIG_MISMATCH;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]489 }
490
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]491 if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) {
492 mbedtls_x509_crl_free(crl);
493 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]494 }
495
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]496 if (p != end) {
497 mbedtls_x509_crl_free(crl);
498 return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
499 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]500 }
501
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]502 return 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]503}
504
505/*
506 * Parse one or more CRLs and add them to the chained list
507 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]508int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain,
509 const unsigned char *buf,
510 size_t buflen)
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]511{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]512# if defined(MBEDTLS_PEM_PARSE_C)
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]513 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Benjamin Kier36050732019-05-30 14:49:17 -0400[diff] [blame]514 size_t use_len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]515 mbedtls_pem_context pem;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]516 int is_pem = 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]517
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]518 if (chain == NULL || buf == NULL)
519 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]520
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]521 do {
522 mbedtls_pem_init(&pem);
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]523
Simon Butcher97e82902016-05-19 00:22:37 +0100[diff] [blame]524 // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
525 // string
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]526 if (buflen == 0 || buf[buflen - 1] != '\0')
Simon Butcher97e82902016-05-19 00:22:37 +0100[diff] [blame]527 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
528 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]529 ret = mbedtls_pem_read_buffer(&pem, "-----BEGIN X509 CRL-----",
530 "-----END X509 CRL-----", buf, NULL,
531 0, &use_len);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]532
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]533 if (ret == 0) {
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]534 /*
535 * Was PEM encoded
536 */
537 is_pem = 1;
538
539 buflen -= use_len;
540 buf += use_len;
541
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]542 if ((ret = mbedtls_x509_crl_parse_der(chain, pem.buf,
543 pem.buflen)) != 0) {
544 mbedtls_pem_free(&pem);
545 return ret;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]546 }
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]547 } else if (is_pem) {
548 mbedtls_pem_free(&pem);
549 return ret;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]550 }
Andres AG5708dcb2016-12-08 17:19:21 +0000[diff] [blame]551
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]552 mbedtls_pem_free(&pem);
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]553 }
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]554 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
555 * And a valid CRL cannot be less than 1 byte anyway. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]556 while (is_pem && buflen > 1);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]557
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]558 if (is_pem)
559 return 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]560 else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]561# endif /* MBEDTLS_PEM_PARSE_C */
562 return mbedtls_x509_crl_parse_der(chain, buf, buflen);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]563}
564
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]565# if defined(MBEDTLS_FS_IO)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]566/*
567 * Load one or more CRLs and add them to the chained list
568 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]569int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]570{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]571 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]572 size_t n;
573 unsigned char *buf;
574
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]575 if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0)
576 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]577
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]578 ret = mbedtls_x509_crl_parse(chain, buf, n);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]579
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]580 mbedtls_platform_zeroize(buf, n);
581 mbedtls_free(buf);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]582
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]583 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]584}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]585# endif /* MBEDTLS_FS_IO */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]586
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]587# if !defined(MBEDTLS_X509_REMOVE_INFO)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]588/*
589 * Return an informational string about the certificate.
590 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]591# define BEFORE_COLON 14
592# define BC "14"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]593/*
594 * Return an informational string about the CRL.
595 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]596int mbedtls_x509_crl_info(char *buf,
597 size_t size,
598 const char *prefix,
599 const mbedtls_x509_crl *crl)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]600{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]601 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]602 size_t n;
603 char *p;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]604 const mbedtls_x509_crl_entry *entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]605
606 p = buf;
607 n = size;
608
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]609 ret = mbedtls_snprintf(p, n, "%sCRL version : %d", prefix, crl->version);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]610 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]611
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]612 ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]613 MBEDTLS_X509_SAFE_SNPRINTF;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]614 ret = mbedtls_x509_dn_gets(p, n, &crl->issuer);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]615 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]616
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]617 ret = mbedtls_snprintf(p, n,
618 "\n%sthis update : "
619 "%04d-%02d-%02d %02d:%02d:%02d",
620 prefix, crl->this_update.year, crl->this_update.mon,
621 crl->this_update.day, crl->this_update.hour,
622 crl->this_update.min, crl->this_update.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]623 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]624
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]625 ret = mbedtls_snprintf(p, n,
626 "\n%snext update : "
627 "%04d-%02d-%02d %02d:%02d:%02d",
628 prefix, crl->next_update.year, crl->next_update.mon,
629 crl->next_update.day, crl->next_update.hour,
630 crl->next_update.min, crl->next_update.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]631 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]632
633 entry = &crl->entry;
634
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]635 ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]636 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]637
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]638 while (entry != NULL && entry->raw.len != 0) {
639 ret = mbedtls_snprintf(p, n, "\n%sserial number: ", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]640 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]641
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]642 ret = mbedtls_x509_serial_gets(p, n, &entry->serial);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]643 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]644
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]645 ret = mbedtls_snprintf(
646 p, n,
647 " revocation date: "
648 "%04d-%02d-%02d %02d:%02d:%02d",
649 entry->revocation_date.year, entry->revocation_date.mon,
650 entry->revocation_date.day, entry->revocation_date.hour,
651 entry->revocation_date.min, entry->revocation_date.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]652 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]653
654 entry = entry->next;
655 }
656
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]657 ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]658 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]659
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]660 ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk,
661 crl->sig_md, crl->sig_opts);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]662 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]663
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]664 ret = mbedtls_snprintf(p, n, "\n");
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]665 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]666
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]667 return ((int)(size - n));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]668}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]669# endif /* MBEDTLS_X509_REMOVE_INFO */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]670
671/*
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]672 * Initialize a CRL chain
673 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]674void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]675{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]676 memset(crl, 0, sizeof(mbedtls_x509_crl));
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]677}
678
679/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]680 * Unallocate all CRL data
681 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]682void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]683{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]684 mbedtls_x509_crl *crl_cur = crl;
685 mbedtls_x509_crl *crl_prv;
686 mbedtls_x509_name *name_cur;
687 mbedtls_x509_name *name_prv;
688 mbedtls_x509_crl_entry *entry_cur;
689 mbedtls_x509_crl_entry *entry_prv;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]690
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]691 if (crl == NULL)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]692 return;
693
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]694 do {
695# if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
696 mbedtls_free(crl_cur->sig_opts);
697# endif
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame]698
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]699 name_cur = crl_cur->issuer.next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]700 while (name_cur != NULL) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]701 name_prv = name_cur;
702 name_cur = name_cur->next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]703 mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
704 mbedtls_free(name_prv);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]705 }
706
707 entry_cur = crl_cur->entry.next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]708 while (entry_cur != NULL) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]709 entry_prv = entry_cur;
710 entry_cur = entry_cur->next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]711 mbedtls_platform_zeroize(entry_prv, sizeof(mbedtls_x509_crl_entry));
712 mbedtls_free(entry_prv);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]713 }
714
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]715 if (crl_cur->raw.p != NULL) {
716 mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len);
717 mbedtls_free(crl_cur->raw.p);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]718 }
719
720 crl_cur = crl_cur->next;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]721 } while (crl_cur != NULL);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]722
723 crl_cur = crl;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]724 do {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]725 crl_prv = crl_cur;
726 crl_cur = crl_cur->next;
727
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]728 mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl));
729 if (crl_prv != crl)
730 mbedtls_free(crl_prv);
731 } while (crl_cur != NULL);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]732}
733
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]734#endif /* MBEDTLS_X509_CRL_PARSE_C */