TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 49f99bc3db75afed7454ab881a754e5e852b0674 / . / library / x509_crl.c
blob: b943a8d6da658693f3b7ff9c14c0aca274a92f29 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
Tom Cosgrove49f99bc2022-12-04 16:44:21 +0000[diff] [blame^]2 * X.509 Certificate Revocation List (CRL) parsing
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]18 */
19/*
20 * The ITU-T X.509 standard defines a certificate format for PKI.
21 *
Manuel Pégourié-Gonnard1c082f32014-06-12 22:34:55 +0200[diff] [blame]22 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
23 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
24 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]25 *
26 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
27 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
28 */
29
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]30#include "common.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]31
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]32#if defined(MBEDTLS_X509_CRL_PARSE_C)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]33
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]34#include "mbedtls/x509_crl.h"
Janos Follath73c616b2019-12-18 15:07:04 +0000[diff] [blame]35#include "mbedtls/error.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/oid.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]37#include "mbedtls/platform_util.h"
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38
39#include <string.h>
40
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]41#if defined(MBEDTLS_PEM_PARSE_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]42#include "mbedtls/pem.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]43#endif
44
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]45#include "mbedtls/platform.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]46
Daniel Axtens301db662020-05-28 11:43:41 +1000[diff] [blame]47#if defined(MBEDTLS_HAVE_TIME)
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]48#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]49#include <windows.h>
50#else
51#include <time.h>
52#endif
Daniel Axtens301db662020-05-28 11:43:41 +1000[diff] [blame]53#endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]54
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]55#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]56#include <stdio.h>
57#endif
58
59/*
60 * Version ::= INTEGER { v1(0), v2(1) }
61 */
62static int x509_crl_get_version( unsigned char **p,
63 const unsigned char *end,
64 int *ver )
65{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]66 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]67
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]68 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]69 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]70 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]71 {
72 *ver = 0;
73 return( 0 );
74 }
75
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]76 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]77 }
78
79 return( 0 );
80}
81
82/*
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]83 * X.509 CRL v2 extensions
84 *
85 * We currently don't parse any extension's content, but we do check that the
86 * list of extensions is well-formed and abort on critical extensions (that
87 * are unsupported as we don't support any extension so far)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]88 */
89static int x509_get_crl_ext( unsigned char **p,
90 const unsigned char *end,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]91 mbedtls_x509_buf *ext )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]92{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]93 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]94
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]95 if( *p == end )
96 return( 0 );
97
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]98 /*
99 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
100 * -- if present, version MUST be v2
101 */
102 if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]103 return( ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]104
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]105 end = ext->p + ext->len;
106
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]107 while( *p < end )
108 {
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]109 /*
110 * Extension ::= SEQUENCE {
111 * extnID OBJECT IDENTIFIER,
112 * critical BOOLEAN DEFAULT FALSE,
113 * extnValue OCTET STRING }
114 */
115 int is_critical = 0;
116 const unsigned char *end_ext_data;
117 size_t len;
118
119 /* Get enclosing sequence tag */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]120 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
121 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]122 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]123
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]124 end_ext_data = *p + len;
125
126 /* Get OID (currently ignored) */
127 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
128 MBEDTLS_ASN1_OID ) ) != 0 )
129 {
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]130 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]131 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]132 *p += len;
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]133
134 /* Get optional critical */
135 if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
136 &is_critical ) ) != 0 &&
137 ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
138 {
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]139 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]140 }
141
142 /* Data should be octet string type */
143 if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
144 MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]145 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]146
147 /* Ignore data so far and just check its length */
148 *p += len;
149 if( *p != end_ext_data )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]150 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
151 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]152
153 /* Abort on (unsupported) critical extensions */
154 if( is_critical )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]155 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
156 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]157 }
158
159 if( *p != end )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]160 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
161 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]162
163 return( 0 );
164}
165
166/*
167 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
168 */
169static int x509_get_crl_entry_ext( unsigned char **p,
170 const unsigned char *end,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]171 mbedtls_x509_buf *ext )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]172{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]173 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]174 size_t len = 0;
175
176 /* OPTIONAL */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]177 if( end <= *p )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]178 return( 0 );
179
180 ext->tag = **p;
181 ext->p = *p;
182
183 /*
184 * Get CRL-entry extension sequence header
185 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
186 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]187 if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
188 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]189 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]190 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]191 {
192 ext->p = NULL;
193 return( 0 );
194 }
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]195 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]196 }
197
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]198 end = *p + ext->len;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]199
200 if( end != *p + ext->len )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]201 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
202 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]203
204 while( *p < end )
205 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]206 if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
207 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]208 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]209
210 *p += len;
211 }
212
213 if( *p != end )
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]214 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
215 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]216
217 return( 0 );
218}
219
220/*
221 * X.509 CRL Entries
222 */
223static int x509_get_entries( unsigned char **p,
224 const unsigned char *end,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]225 mbedtls_x509_crl_entry *entry )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]226{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]227 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]228 size_t entry_len;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]229 mbedtls_x509_crl_entry *cur_entry = entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]230
231 if( *p == end )
232 return( 0 );
233
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]234 if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len,
235 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]236 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]237 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]238 return( 0 );
239
240 return( ret );
241 }
242
243 end = *p + entry_len;
244
245 while( *p < end )
246 {
247 size_t len2;
248 const unsigned char *end2;
249
Gilles Peskine5dd5a492020-07-16 18:26:29 +0200[diff] [blame]250 cur_entry->raw.tag = **p;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]251 if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
252 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]253 {
254 return( ret );
255 }
256
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]257 cur_entry->raw.p = *p;
258 cur_entry->raw.len = len2;
259 end2 = *p + len2;
260
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]261 if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]262 return( ret );
263
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]264 if( ( ret = mbedtls_x509_get_time( p, end2,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]265 &cur_entry->revocation_date ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]266 return( ret );
267
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]268 if( ( ret = x509_get_crl_entry_ext( p, end2,
269 &cur_entry->entry_ext ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]270 return( ret );
271
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]272 if( *p < end )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]273 {
Manuel Pégourié-Gonnard7551cb92015-05-26 16:04:06 +0200[diff] [blame]274 cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]275
276 if( cur_entry->next == NULL )
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]277 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]278
279 cur_entry = cur_entry->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]280 }
281 }
282
283 return( 0 );
284}
285
286/*
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]287 * Parse one CRLs in DER format and append it to the chained list
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]288 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]290 const unsigned char *buf, size_t buflen )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]291{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]292 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]293 size_t len;
Andres Amaya Garciaf1ee6352017-07-06 10:06:58 +0100[diff] [blame]294 unsigned char *p = NULL, *end = NULL;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]295 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
296 mbedtls_x509_crl *crl = chain;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]297
298 /*
299 * Check for valid input
300 */
301 if( crl == NULL || buf == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]302 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]303
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]304 memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
305 memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
306 memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]307
308 /*
309 * Add new CRL on the end of the chain if needed.
310 */
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]311 while( crl->version != 0 && crl->next != NULL )
312 crl = crl->next;
313
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]314 if( crl->version != 0 && crl->next == NULL )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]315 {
Manuel Pégourié-Gonnard7551cb92015-05-26 16:04:06 +0200[diff] [blame]316 crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]317
318 if( crl->next == NULL )
319 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]320 mbedtls_x509_crl_free( crl );
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]321 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]322 }
323
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]324 mbedtls_x509_crl_init( crl->next );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]325 crl = crl->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]326 }
327
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]328 /*
329 * Copy raw DER-encoded CRL
330 */
Andres Amaya Garciacb5123f2017-12-06 09:39:23 +0000[diff] [blame]331 if( buflen == 0 )
332 return( MBEDTLS_ERR_X509_INVALID_FORMAT );
Andres Amaya Garciac9d62262017-12-12 20:15:03 +0000[diff] [blame]333
334 p = mbedtls_calloc( 1, buflen );
335 if( p == NULL )
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]336 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]337
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]338 memcpy( p, buf, buflen );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]339
340 crl->raw.p = p;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]341 crl->raw.len = buflen;
342
343 end = p + buflen;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]344
345 /*
346 * CertificateList ::= SEQUENCE {
347 * tbsCertList TBSCertList,
348 * signatureAlgorithm AlgorithmIdentifier,
349 * signatureValue BIT STRING }
350 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]351 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
352 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]353 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]354 mbedtls_x509_crl_free( crl );
355 return( MBEDTLS_ERR_X509_INVALID_FORMAT );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]356 }
357
358 if( len != (size_t) ( end - p ) )
359 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]360 mbedtls_x509_crl_free( crl );
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]361 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
362 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]363 }
364
365 /*
366 * TBSCertList ::= SEQUENCE {
367 */
368 crl->tbs.p = p;
369
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]370 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
371 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]372 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]373 mbedtls_x509_crl_free( crl );
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]374 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]375 }
376
377 end = p + len;
378 crl->tbs.len = end - crl->tbs.p;
379
380 /*
381 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
382 * -- if present, MUST be v2
383 *
384 * signature AlgorithmIdentifier
385 */
386 if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]387 ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]388 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]389 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]390 return( ret );
391 }
392
Andres AG4f753c12017-02-10 14:39:58 +0000[diff] [blame]393 if( crl->version < 0 || crl->version > 1 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]394 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]395 mbedtls_x509_crl_free( crl );
396 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]397 }
398
Andres AG4f753c12017-02-10 14:39:58 +0000[diff] [blame]399 crl->version++;
400
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]401 if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame]402 &crl->sig_md, &crl->sig_pk,
403 &crl->sig_opts ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]404 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]405 mbedtls_x509_crl_free( crl );
406 return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]407 }
408
409 /*
410 * issuer Name
411 */
412 crl->issuer_raw.p = p;
413
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
415 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]416 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]417 mbedtls_x509_crl_free( crl );
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]418 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]419 }
420
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]421 if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]422 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]423 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]424 return( ret );
425 }
426
427 crl->issuer_raw.len = p - crl->issuer_raw.p;
428
429 /*
430 * thisUpdate Time
431 * nextUpdate Time OPTIONAL
432 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]433 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]434 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]435 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]436 return( ret );
437 }
438
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]439 if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]440 {
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]441 if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
442 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) &&
443 ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
444 MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]445 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]446 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]447 return( ret );
448 }
449 }
450
451 /*
452 * revokedCertificates SEQUENCE OF SEQUENCE {
453 * userCertificate CertificateSerialNumber,
454 * revocationDate Time,
455 * crlEntryExtensions Extensions OPTIONAL
456 * -- if present, MUST be v2
457 * } OPTIONAL
458 */
459 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
460 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]461 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]462 return( ret );
463 }
464
465 /*
466 * crlExtensions EXPLICIT Extensions OPTIONAL
467 * -- if present, MUST be v2
468 */
469 if( crl->version == 2 )
470 {
471 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
472
473 if( ret != 0 )
474 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]475 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]476 return( ret );
477 }
478 }
479
480 if( p != end )
481 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]482 mbedtls_x509_crl_free( crl );
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]483 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
484 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]485 }
486
487 end = crl->raw.p + crl->raw.len;
488
489 /*
490 * signatureAlgorithm AlgorithmIdentifier,
491 * signatureValue BIT STRING
492 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]493 if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]494 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]495 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]496 return( ret );
497 }
498
Manuel Pégourié-Gonnard1022fed2015-03-27 16:30:47 +0100[diff] [blame]499 if( crl->sig_oid.len != sig_oid2.len ||
500 memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
Manuel Pégourié-Gonnarddddbb1d2014-06-05 17:02:24 +0200[diff] [blame]501 sig_params1.len != sig_params2.len ||
Manuel Pégourié-Gonnard159c5242015-04-30 11:15:22 +0200[diff] [blame]502 ( sig_params1.len != 0 &&
503 memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]504 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]505 mbedtls_x509_crl_free( crl );
506 return( MBEDTLS_ERR_X509_SIG_MISMATCH );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]507 }
508
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]509 if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]510 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]511 mbedtls_x509_crl_free( crl );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]512 return( ret );
513 }
514
515 if( p != end )
516 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]517 mbedtls_x509_crl_free( crl );
Chris Jones9f7a6932021-04-14 12:12:09 +0100[diff] [blame]518 return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
519 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]520 }
521
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]522 return( 0 );
523}
524
525/*
526 * Parse one or more CRLs and add them to the chained list
527 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]528int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen )
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]529{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]530#if defined(MBEDTLS_PEM_PARSE_C)
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]531 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Benjamin Kier36050732019-05-30 14:49:17 -0400[diff] [blame]532 size_t use_len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]533 mbedtls_pem_context pem;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]534 int is_pem = 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]535
536 if( chain == NULL || buf == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]537 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]538
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]539 do
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]540 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]541 mbedtls_pem_init( &pem );
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]542
Simon Butcher97e82902016-05-19 00:22:37 +0100[diff] [blame]543 // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
544 // string
545 if( buflen == 0 || buf[buflen - 1] != '\0' )
546 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
547 else
548 ret = mbedtls_pem_read_buffer( &pem,
549 "-----BEGIN X509 CRL-----",
550 "-----END X509 CRL-----",
551 buf, NULL, 0, &use_len );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]552
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]553 if( ret == 0 )
554 {
555 /*
556 * Was PEM encoded
557 */
558 is_pem = 1;
559
560 buflen -= use_len;
561 buf += use_len;
562
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]563 if( ( ret = mbedtls_x509_crl_parse_der( chain,
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]564 pem.buf, pem.buflen ) ) != 0 )
565 {
Andres AG5708dcb2016-12-08 17:19:21 +0000[diff] [blame]566 mbedtls_pem_free( &pem );
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]567 return( ret );
568 }
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]569 }
Andres AG939954c2016-12-08 17:08:44 +0000[diff] [blame]570 else if( is_pem )
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]571 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]572 mbedtls_pem_free( &pem );
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]573 return( ret );
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]574 }
Andres AG5708dcb2016-12-08 17:19:21 +0000[diff] [blame]575
576 mbedtls_pem_free( &pem );
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]577 }
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]578 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
579 * And a valid CRL cannot be less than 1 byte anyway. */
580 while( is_pem && buflen > 1 );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]581
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]582 if( is_pem )
583 return( 0 );
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]584 else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]585#endif /* MBEDTLS_PEM_PARSE_C */
586 return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]587}
588
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]589#if defined(MBEDTLS_FS_IO)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]590/*
591 * Load one or more CRLs and add them to the chained list
592 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]593int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]594{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]595 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]596 size_t n;
597 unsigned char *buf;
598
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]599 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]600 return( ret );
601
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]602 ret = mbedtls_x509_crl_parse( chain, buf, n );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]603
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]604 mbedtls_platform_zeroize( buf, n );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]605 mbedtls_free( buf );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]606
607 return( ret );
608}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]609#endif /* MBEDTLS_FS_IO */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]610
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]611/*
612 * Return an informational string about the certificate.
613 */
614#define BEFORE_COLON 14
615#define BC "14"
616/*
617 * Return an informational string about the CRL.
618 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]619int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
620 const mbedtls_x509_crl *crl )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]621{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]622 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]623 size_t n;
624 char *p;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]625 const mbedtls_x509_crl_entry *entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]626
627 p = buf;
628 n = size;
629
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]630 ret = mbedtls_snprintf( p, n, "%sCRL version : %d",
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]631 prefix, crl->version );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]632 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]633
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]634 ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]635 MBEDTLS_X509_SAFE_SNPRINTF;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]636 ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]637 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]638
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]639 ret = mbedtls_snprintf( p, n, "\n%sthis update : " \
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]640 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
641 crl->this_update.year, crl->this_update.mon,
642 crl->this_update.day, crl->this_update.hour,
643 crl->this_update.min, crl->this_update.sec );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]644 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]645
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]646 ret = mbedtls_snprintf( p, n, "\n%snext update : " \
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]647 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
648 crl->next_update.year, crl->next_update.mon,
649 crl->next_update.day, crl->next_update.hour,
650 crl->next_update.min, crl->next_update.sec );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]651 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]652
653 entry = &crl->entry;
654
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]655 ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]656 prefix );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]657 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]658
659 while( entry != NULL && entry->raw.len != 0 )
660 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]661 ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]662 prefix );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]663 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]664
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]665 ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]666 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]667
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]668 ret = mbedtls_snprintf( p, n, " revocation date: " \
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]669 "%04d-%02d-%02d %02d:%02d:%02d",
670 entry->revocation_date.year, entry->revocation_date.mon,
671 entry->revocation_date.day, entry->revocation_date.hour,
672 entry->revocation_date.min, entry->revocation_date.sec );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]673 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]674
675 entry = entry->next;
676 }
677
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]678 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]679 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]680
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]681 ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
Manuel Pégourié-Gonnardbf696d02014-06-05 17:07:30 +0200[diff] [blame]682 crl->sig_opts );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]683 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]684
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]685 ret = mbedtls_snprintf( p, n, "\n" );
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]686 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]687
688 return( (int) ( size - n ) );
689}
690
691/*
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]692 * Initialize a CRL chain
693 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]694void mbedtls_x509_crl_init( mbedtls_x509_crl *crl )
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]695{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]696 memset( crl, 0, sizeof(mbedtls_x509_crl) );
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]697}
698
699/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]700 * Unallocate all CRL data
701 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]702void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]703{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]704 mbedtls_x509_crl *crl_cur = crl;
705 mbedtls_x509_crl *crl_prv;
706 mbedtls_x509_name *name_cur;
707 mbedtls_x509_name *name_prv;
708 mbedtls_x509_crl_entry *entry_cur;
709 mbedtls_x509_crl_entry *entry_prv;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]710
711 if( crl == NULL )
712 return;
713
714 do
715 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]716#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
717 mbedtls_free( crl_cur->sig_opts );
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame]718#endif
719
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]720 name_cur = crl_cur->issuer.next;
721 while( name_cur != NULL )
722 {
723 name_prv = name_cur;
724 name_cur = name_cur->next;
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]725 mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]726 mbedtls_free( name_prv );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]727 }
728
729 entry_cur = crl_cur->entry.next;
730 while( entry_cur != NULL )
731 {
732 entry_prv = entry_cur;
733 entry_cur = entry_cur->next;
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]734 mbedtls_platform_zeroize( entry_prv,
735 sizeof( mbedtls_x509_crl_entry ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]736 mbedtls_free( entry_prv );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]737 }
738
739 if( crl_cur->raw.p != NULL )
740 {
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]741 mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]742 mbedtls_free( crl_cur->raw.p );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]743 }
744
745 crl_cur = crl_cur->next;
746 }
747 while( crl_cur != NULL );
748
749 crl_cur = crl;
750 do
751 {
752 crl_prv = crl_cur;
753 crl_cur = crl_cur->next;
754
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]755 mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]756 if( crl_prv != crl )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]757 mbedtls_free( crl_prv );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]758 }
759 while( crl_cur != NULL );
760}
761
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]762#endif /* MBEDTLS_X509_CRL_PARSE_C */