TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e4a6f5a7ecceb603cfdc7a2be99693f0bd0aa1eb / . / library / x509_crl.c
blob: fdbad238a6dd75c1587e48b161ecb916952db5d1 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
Tom Cosgrove1797b052022-12-04 17:19:59 +0000[diff] [blame]2 * X.509 Certificate Revocation List (CRL) parsing
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]6 */
7/*
8 * The ITU-T X.509 standard defines a certificate format for PKI.
9 *
Manuel Pégourié-Gonnard1c082f32014-06-12 22:34:55 +0200[diff] [blame]10 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
11 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
12 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]13 *
14 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
15 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
16 */
17
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]18#include "common.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]19
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]20#if defined(MBEDTLS_X509_CRL_PARSE_C)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]21
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]22#include "mbedtls/x509_crl.h"
Janos Follath73c616b2019-12-18 15:07:04 +0000[diff] [blame]23#include "mbedtls/error.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]24#include "mbedtls/oid.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]25#include "mbedtls/platform_util.h"
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]26
27#include <string.h>
28
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]29#if defined(MBEDTLS_PEM_PARSE_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]30#include "mbedtls/pem.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]31#endif
32
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]33#include "mbedtls/platform.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]34
Daniel Axtensf0710242020-05-28 11:43:41 +1000[diff] [blame]35#if defined(MBEDTLS_HAVE_TIME)
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]36#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]37#include <windows.h>
38#else
39#include <time.h>
40#endif
Daniel Axtensf0710242020-05-28 11:43:41 +1000[diff] [blame]41#endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]42
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]43#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]44#include <stdio.h>
45#endif
46
47/*
48 * Version ::= INTEGER { v1(0), v2(1) }
49 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]50static int x509_crl_get_version(unsigned char **p,
51 const unsigned char *end,
52 int *ver)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]53{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]54 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]55
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]56 if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
57 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]58 *ver = 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]60 }
61
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]62 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]63 }
64
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]65 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]66}
67
68/*
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]69 * X.509 CRL v2 extensions
70 *
71 * We currently don't parse any extension's content, but we do check that the
72 * list of extensions is well-formed and abort on critical extensions (that
73 * are unsupported as we don't support any extension so far)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]74 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]75static int x509_get_crl_ext(unsigned char **p,
76 const unsigned char *end,
77 mbedtls_x509_buf *ext)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]78{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]79 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]80
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]81 if (*p == end) {
82 return 0;
83 }
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]84
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]85 /*
86 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
87 * -- if present, version MUST be v2
88 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]89 if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) {
90 return ret;
91 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]92
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]93 end = ext->p + ext->len;
94
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]95 while (*p < end) {
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]96 /*
97 * Extension ::= SEQUENCE {
98 * extnID OBJECT IDENTIFIER,
99 * critical BOOLEAN DEFAULT FALSE,
100 * extnValue OCTET STRING }
101 */
102 int is_critical = 0;
103 const unsigned char *end_ext_data;
104 size_t len;
105
106 /* Get enclosing sequence tag */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]107 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
108 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
109 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
110 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]111
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]112 end_ext_data = *p + len;
113
114 /* Get OID (currently ignored) */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]115 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
116 MBEDTLS_ASN1_OID)) != 0) {
117 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]118 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]119 *p += len;
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]120
121 /* Get optional critical */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]122 if ((ret = mbedtls_asn1_get_bool(p, end_ext_data,
123 &is_critical)) != 0 &&
124 (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
125 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]126 }
127
128 /* Data should be octet string type */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]129 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
130 MBEDTLS_ASN1_OCTET_STRING)) != 0) {
131 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
132 }
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]133
134 /* Ignore data so far and just check its length */
135 *p += len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]136 if (*p != end_ext_data) {
137 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
138 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
139 }
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]140
141 /* Abort on (unsupported) critical extensions */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]142 if (is_critical) {
143 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
144 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
145 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]146 }
147
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]148 if (*p != end) {
149 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
150 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
151 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]152
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]153 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]154}
155
156/*
157 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
158 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]159static int x509_get_crl_entry_ext(unsigned char **p,
160 const unsigned char *end,
161 mbedtls_x509_buf *ext)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]162{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]163 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]164 size_t len = 0;
165
166 /* OPTIONAL */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]167 if (end <= *p) {
168 return 0;
169 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]170
171 ext->tag = **p;
172 ext->p = *p;
173
174 /*
175 * Get CRL-entry extension sequence header
176 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
177 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]178 if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len,
179 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
180 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]181 ext->p = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]182 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]183 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]184 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]185 }
186
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]187 end = *p + ext->len;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]188
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]189 if (end != *p + ext->len) {
190 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
191 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
192 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]193
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]194 while (*p < end) {
195 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
196 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
197 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
198 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]199
200 *p += len;
201 }
202
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]203 if (*p != end) {
204 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
205 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
206 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]207
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]208 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]209}
210
211/*
212 * X.509 CRL Entries
213 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]214static int x509_get_entries(unsigned char **p,
215 const unsigned char *end,
216 mbedtls_x509_crl_entry *entry)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]217{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]218 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]219 size_t entry_len;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]220 mbedtls_x509_crl_entry *cur_entry = entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]221
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]222 if (*p == end) {
223 return 0;
224 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]225
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]226 if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len,
227 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
228 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
229 return 0;
230 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]231
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]232 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]233 }
234
235 end = *p + entry_len;
236
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]237 while (*p < end) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]238 size_t len2;
239 const unsigned char *end2;
240
Gilles Peskine5dd5a492020-07-16 18:26:29 +0200[diff] [blame]241 cur_entry->raw.tag = **p;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]242 if ((ret = mbedtls_asn1_get_tag(p, end, &len2,
243 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
244 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]245 }
246
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]247 cur_entry->raw.p = *p;
248 cur_entry->raw.len = len2;
249 end2 = *p + len2;
250
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]251 if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) {
252 return ret;
253 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]254
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]255 if ((ret = mbedtls_x509_get_time(p, end2,
256 &cur_entry->revocation_date)) != 0) {
257 return ret;
258 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]259
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]260 if ((ret = x509_get_crl_entry_ext(p, end2,
261 &cur_entry->entry_ext)) != 0) {
262 return ret;
263 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]264
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]265 if (*p < end) {
266 cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]267
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]268 if (cur_entry->next == NULL) {
269 return MBEDTLS_ERR_X509_ALLOC_FAILED;
270 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]271
272 cur_entry = cur_entry->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]273 }
274 }
275
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]276 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]277}
278
279/*
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]280 * Parse one CRLs in DER format and append it to the chained list
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]281 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]282int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
283 const unsigned char *buf, size_t buflen)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]284{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]285 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]286 size_t len;
Andres Amaya Garciaf1ee6352017-07-06 10:06:58 +0100[diff] [blame]287 unsigned char *p = NULL, *end = NULL;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]288 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
289 mbedtls_x509_crl *crl = chain;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]290
291 /*
292 * Check for valid input
293 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]294 if (crl == NULL || buf == NULL) {
295 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
296 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]297
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]298 memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
299 memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
300 memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]301
302 /*
303 * Add new CRL on the end of the chain if needed.
304 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]305 while (crl->version != 0 && crl->next != NULL) {
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]306 crl = crl->next;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]307 }
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]308
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]309 if (crl->version != 0 && crl->next == NULL) {
310 crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]311
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]312 if (crl->next == NULL) {
313 mbedtls_x509_crl_free(crl);
314 return MBEDTLS_ERR_X509_ALLOC_FAILED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]315 }
316
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]317 mbedtls_x509_crl_init(crl->next);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]318 crl = crl->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]319 }
320
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]321 /*
322 * Copy raw DER-encoded CRL
323 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]324 if (buflen == 0) {
325 return MBEDTLS_ERR_X509_INVALID_FORMAT;
326 }
Andres Amaya Garciac9d62262017-12-12 20:15:03 +0000[diff] [blame]327
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]328 p = mbedtls_calloc(1, buflen);
329 if (p == NULL) {
330 return MBEDTLS_ERR_X509_ALLOC_FAILED;
331 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]332
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]333 memcpy(p, buf, buflen);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]334
335 crl->raw.p = p;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]336 crl->raw.len = buflen;
337
338 end = p + buflen;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]339
340 /*
341 * CertificateList ::= SEQUENCE {
342 * tbsCertList TBSCertList,
343 * signatureAlgorithm AlgorithmIdentifier,
344 * signatureValue BIT STRING }
345 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]346 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
347 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
348 mbedtls_x509_crl_free(crl);
349 return MBEDTLS_ERR_X509_INVALID_FORMAT;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]350 }
351
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]352 if (len != (size_t) (end - p)) {
353 mbedtls_x509_crl_free(crl);
354 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
355 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]356 }
357
358 /*
359 * TBSCertList ::= SEQUENCE {
360 */
361 crl->tbs.p = p;
362
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]363 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
364 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
365 mbedtls_x509_crl_free(crl);
366 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]367 }
368
369 end = p + len;
Dave Rodgmane4a6f5a2023-11-04 12:20:09 +0000[diff] [blame^]370 crl->tbs.len = (size_t) (end - crl->tbs.p);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]371
372 /*
373 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
374 * -- if present, MUST be v2
375 *
376 * signature AlgorithmIdentifier
377 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]378 if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 ||
379 (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) {
380 mbedtls_x509_crl_free(crl);
381 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]382 }
383
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]384 if (crl->version < 0 || crl->version > 1) {
385 mbedtls_x509_crl_free(crl);
386 return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]387 }
388
Andres AG4f753c12017-02-10 14:39:58 +0000[diff] [blame]389 crl->version++;
390
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]391 if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
392 &crl->sig_md, &crl->sig_pk,
393 &crl->sig_opts)) != 0) {
394 mbedtls_x509_crl_free(crl);
395 return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]396 }
397
398 /*
399 * issuer Name
400 */
401 crl->issuer_raw.p = p;
402
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]403 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
404 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
405 mbedtls_x509_crl_free(crl);
406 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]407 }
408
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]409 if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) {
410 mbedtls_x509_crl_free(crl);
411 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]412 }
413
Dave Rodgmane4a6f5a2023-11-04 12:20:09 +0000[diff] [blame^]414 crl->issuer_raw.len = (size_t) (p - crl->issuer_raw.p);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]415
416 /*
417 * thisUpdate Time
418 * nextUpdate Time OPTIONAL
419 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]420 if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) {
421 mbedtls_x509_crl_free(crl);
422 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]423 }
424
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]425 if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) {
426 if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
427 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) &&
428 ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
429 MBEDTLS_ERR_ASN1_OUT_OF_DATA))) {
430 mbedtls_x509_crl_free(crl);
431 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]432 }
433 }
434
435 /*
436 * revokedCertificates SEQUENCE OF SEQUENCE {
437 * userCertificate CertificateSerialNumber,
438 * revocationDate Time,
439 * crlEntryExtensions Extensions OPTIONAL
440 * -- if present, MUST be v2
441 * } OPTIONAL
442 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]443 if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) {
444 mbedtls_x509_crl_free(crl);
445 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]446 }
447
448 /*
449 * crlExtensions EXPLICIT Extensions OPTIONAL
450 * -- if present, MUST be v2
451 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]452 if (crl->version == 2) {
453 ret = x509_get_crl_ext(&p, end, &crl->crl_ext);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]454
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]455 if (ret != 0) {
456 mbedtls_x509_crl_free(crl);
457 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]458 }
459 }
460
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]461 if (p != end) {
462 mbedtls_x509_crl_free(crl);
463 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
464 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]465 }
466
467 end = crl->raw.p + crl->raw.len;
468
469 /*
470 * signatureAlgorithm AlgorithmIdentifier,
471 * signatureValue BIT STRING
472 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]473 if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
474 mbedtls_x509_crl_free(crl);
475 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]476 }
477
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]478 if (crl->sig_oid.len != sig_oid2.len ||
479 memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 ||
Manuel Pégourié-Gonnarddddbb1d2014-06-05 17:02:24 +0200[diff] [blame]480 sig_params1.len != sig_params2.len ||
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]481 (sig_params1.len != 0 &&
482 memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
483 mbedtls_x509_crl_free(crl);
484 return MBEDTLS_ERR_X509_SIG_MISMATCH;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]485 }
486
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]487 if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) {
488 mbedtls_x509_crl_free(crl);
489 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]490 }
491
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]492 if (p != end) {
493 mbedtls_x509_crl_free(crl);
494 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
495 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]496 }
497
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]498 return 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]499}
500
501/*
502 * Parse one or more CRLs and add them to the chained list
503 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]504int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]505{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]506#if defined(MBEDTLS_PEM_PARSE_C)
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]507 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Benjamin Kier36050732019-05-30 14:49:17 -0400[diff] [blame]508 size_t use_len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]509 mbedtls_pem_context pem;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]510 int is_pem = 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]511
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]512 if (chain == NULL || buf == NULL) {
513 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
514 }
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]515
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]516 do {
517 mbedtls_pem_init(&pem);
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]518
Simon Butcher97e82902016-05-19 00:22:37 +0100[diff] [blame]519 // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
520 // string
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]521 if (buflen == 0 || buf[buflen - 1] != '\0') {
Simon Butcher97e82902016-05-19 00:22:37 +0100[diff] [blame]522 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]523 } else {
524 ret = mbedtls_pem_read_buffer(&pem,
525 "-----BEGIN X509 CRL-----",
526 "-----END X509 CRL-----",
527 buf, NULL, 0, &use_len);
528 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]529
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]530 if (ret == 0) {
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]531 /*
532 * Was PEM encoded
533 */
534 is_pem = 1;
535
536 buflen -= use_len;
537 buf += use_len;
538
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]539 if ((ret = mbedtls_x509_crl_parse_der(chain,
540 pem.buf, pem.buflen)) != 0) {
541 mbedtls_pem_free(&pem);
542 return ret;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]543 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]544 } else if (is_pem) {
545 mbedtls_pem_free(&pem);
546 return ret;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]547 }
Andres AG5708dcb2016-12-08 17:19:21 +0000[diff] [blame]548
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]549 mbedtls_pem_free(&pem);
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]550 }
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]551 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
552 * And a valid CRL cannot be less than 1 byte anyway. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]553 while (is_pem && buflen > 1);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]554
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]555 if (is_pem) {
556 return 0;
557 } else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558#endif /* MBEDTLS_PEM_PARSE_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]559 return mbedtls_x509_crl_parse_der(chain, buf, buflen);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]560}
561
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]562#if defined(MBEDTLS_FS_IO)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]563/*
564 * Load one or more CRLs and add them to the chained list
565 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]566int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]567{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]568 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]569 size_t n;
570 unsigned char *buf;
571
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]572 if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
573 return ret;
574 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]575
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]576 ret = mbedtls_x509_crl_parse(chain, buf, n);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]577
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]578 mbedtls_zeroize_and_free(buf, n);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]579
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]580 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]581}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]582#endif /* MBEDTLS_FS_IO */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]583
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]584#if !defined(MBEDTLS_X509_REMOVE_INFO)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]585/*
586 * Return an informational string about the certificate.
587 */
588#define BEFORE_COLON 14
589#define BC "14"
590/*
591 * Return an informational string about the CRL.
592 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]593int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix,
594 const mbedtls_x509_crl *crl)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]595{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]596 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]597 size_t n;
598 char *p;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]599 const mbedtls_x509_crl_entry *entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]600
601 p = buf;
602 n = size;
603
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]604 ret = mbedtls_snprintf(p, n, "%sCRL version : %d",
605 prefix, crl->version);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]606 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]607
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]608 ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]609 MBEDTLS_X509_SAFE_SNPRINTF;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]610 ret = mbedtls_x509_dn_gets(p, n, &crl->issuer);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]611 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]612
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]613 ret = mbedtls_snprintf(p, n, "\n%sthis update : " \
614 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
615 crl->this_update.year, crl->this_update.mon,
616 crl->this_update.day, crl->this_update.hour,
617 crl->this_update.min, crl->this_update.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]618 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]619
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]620 ret = mbedtls_snprintf(p, n, "\n%snext update : " \
621 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
622 crl->next_update.year, crl->next_update.mon,
623 crl->next_update.day, crl->next_update.hour,
624 crl->next_update.min, crl->next_update.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]625 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]626
627 entry = &crl->entry;
628
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]629 ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:",
630 prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]631 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]632
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]633 while (entry != NULL && entry->raw.len != 0) {
634 ret = mbedtls_snprintf(p, n, "\n%sserial number: ",
635 prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]636 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]637
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]638 ret = mbedtls_x509_serial_gets(p, n, &entry->serial);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]639 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]640
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]641 ret = mbedtls_snprintf(p, n, " revocation date: " \
642 "%04d-%02d-%02d %02d:%02d:%02d",
643 entry->revocation_date.year, entry->revocation_date.mon,
644 entry->revocation_date.day, entry->revocation_date.hour,
645 entry->revocation_date.min, entry->revocation_date.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]646 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]647
648 entry = entry->next;
649 }
650
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]651 ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]652 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]653
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]654 ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
655 crl->sig_opts);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]656 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]657
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]658 ret = mbedtls_snprintf(p, n, "\n");
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]659 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]660
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]661 return (int) (size - n);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]662}
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]663#endif /* MBEDTLS_X509_REMOVE_INFO */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]664
665/*
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]666 * Initialize a CRL chain
667 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]668void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]669{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]670 memset(crl, 0, sizeof(mbedtls_x509_crl));
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]671}
672
673/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]674 * Unallocate all CRL data
675 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]676void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]677{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]678 mbedtls_x509_crl *crl_cur = crl;
679 mbedtls_x509_crl *crl_prv;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]680 mbedtls_x509_crl_entry *entry_cur;
681 mbedtls_x509_crl_entry *entry_prv;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]682
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]683 while (crl_cur != NULL) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]684#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]685 mbedtls_free(crl_cur->sig_opts);
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame]686#endif
687
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]688 mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]689
690 entry_cur = crl_cur->entry.next;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]691 while (entry_cur != NULL) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]692 entry_prv = entry_cur;
693 entry_cur = entry_cur->next;
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]694 mbedtls_zeroize_and_free(entry_prv,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]695 sizeof(mbedtls_x509_crl_entry));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]696 }
697
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]698 if (crl_cur->raw.p != NULL) {
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]699 mbedtls_zeroize_and_free(crl_cur->raw.p, crl_cur->raw.len);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]700 }
701
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]702 crl_prv = crl_cur;
703 crl_cur = crl_cur->next;
704
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]705 mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl));
706 if (crl_prv != crl) {
707 mbedtls_free(crl_prv);
708 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]709 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]710}
711
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]712#endif /* MBEDTLS_X509_CRL_PARSE_C */