TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/mbedtls-3.6.2-ci-testing / . / library / x509_crl.c
blob: 7901992e20d8dd9eb86cd8dc89cbb9839ff9f498 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/*
Tom Cosgrove1797b052022-12-04 17:19:59 +0000[diff] [blame]2 * X.509 Certificate Revocation List (CRL) parsing
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]6 */
7/*
8 * The ITU-T X.509 standard defines a certificate format for PKI.
9 *
Manuel Pégourié-Gonnard1c082f32014-06-12 22:34:55 +0200[diff] [blame]10 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
11 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
12 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]13 *
14 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
15 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
16 */
17
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]18#include "common.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]19
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]20#if defined(MBEDTLS_X509_CRL_PARSE_C)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]21
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]22#include "mbedtls/x509_crl.h"
Valerio Setti25b282e2024-01-17 10:55:32 +0100[diff] [blame]23#include "x509_internal.h"
Janos Follath73c616b2019-12-18 15:07:04 +0000[diff] [blame]24#include "mbedtls/error.h"
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]25#include "mbedtls/oid.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]26#include "mbedtls/platform_util.h"
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]27
28#include <string.h>
29
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#if defined(MBEDTLS_PEM_PARSE_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]31#include "mbedtls/pem.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]32#endif
33
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]34#include "mbedtls/platform.h"
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]35
Daniel Axtensf0710242020-05-28 11:43:41 +1000[diff] [blame]36#if defined(MBEDTLS_HAVE_TIME)
Paul Bakkerfa6a6202013-10-28 18:48:30 +0100[diff] [blame]37#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]38#include <windows.h>
39#else
40#include <time.h>
41#endif
Daniel Axtensf0710242020-05-28 11:43:41 +1000[diff] [blame]42#endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]43
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]44#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]45#include <stdio.h>
46#endif
47
48/*
49 * Version ::= INTEGER { v1(0), v2(1) }
50 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]51static int x509_crl_get_version(unsigned char **p,
52 const unsigned char *end,
53 int *ver)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]54{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]55 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]56
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]57 if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
58 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]59 *ver = 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]60 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]61 }
62
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]63 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]64 }
65
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]66 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]67}
68
69/*
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]70 * X.509 CRL v2 extensions
71 *
72 * We currently don't parse any extension's content, but we do check that the
73 * list of extensions is well-formed and abort on critical extensions (that
74 * are unsupported as we don't support any extension so far)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]75 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]76static int x509_get_crl_ext(unsigned char **p,
77 const unsigned char *end,
78 mbedtls_x509_buf *ext)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]79{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]80 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]81
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]82 if (*p == end) {
83 return 0;
84 }
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]85
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]86 /*
87 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
88 * -- if present, version MUST be v2
89 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]90 if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) {
91 return ret;
92 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]93
Hanno Becker12f62fb2019-02-12 17:22:36 +0000[diff] [blame]94 end = ext->p + ext->len;
95
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]96 while (*p < end) {
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]97 /*
98 * Extension ::= SEQUENCE {
99 * extnID OBJECT IDENTIFIER,
100 * critical BOOLEAN DEFAULT FALSE,
101 * extnValue OCTET STRING }
102 */
103 int is_critical = 0;
104 const unsigned char *end_ext_data;
105 size_t len;
106
107 /* Get enclosing sequence tag */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]108 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
109 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
110 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
111 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]112
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]113 end_ext_data = *p + len;
114
115 /* Get OID (currently ignored) */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]116 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
117 MBEDTLS_ASN1_OID)) != 0) {
118 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]119 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]120 *p += len;
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]121
122 /* Get optional critical */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]123 if ((ret = mbedtls_asn1_get_bool(p, end_ext_data,
124 &is_critical)) != 0 &&
125 (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
126 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]127 }
128
129 /* Data should be octet string type */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]130 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
131 MBEDTLS_ASN1_OCTET_STRING)) != 0) {
132 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
133 }
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]134
135 /* Ignore data so far and just check its length */
136 *p += len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]137 if (*p != end_ext_data) {
138 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
139 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
140 }
Manuel Pégourié-Gonnardfd3e4fb2018-03-13 11:53:30 +0100[diff] [blame]141
142 /* Abort on (unsupported) critical extensions */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]143 if (is_critical) {
144 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
145 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
146 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]147 }
148
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]149 if (*p != end) {
150 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
151 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
152 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]153
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]154 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]155}
156
157/*
158 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
159 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]160static int x509_get_crl_entry_ext(unsigned char **p,
161 const unsigned char *end,
162 mbedtls_x509_buf *ext)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]163{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]164 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]165 size_t len = 0;
166
167 /* OPTIONAL */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]168 if (end <= *p) {
169 return 0;
170 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]171
172 ext->tag = **p;
173 ext->p = *p;
174
175 /*
176 * Get CRL-entry extension sequence header
177 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
178 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]179 if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len,
180 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
181 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]182 ext->p = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]183 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]184 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]185 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]186 }
187
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]188 end = *p + ext->len;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]189
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]190 if (end != *p + ext->len) {
191 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
192 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
193 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]194
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]195 while (*p < end) {
196 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
197 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
198 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
199 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]200
201 *p += len;
202 }
203
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]204 if (*p != end) {
205 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
206 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
207 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]208
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]209 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]210}
211
212/*
213 * X.509 CRL Entries
214 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]215static int x509_get_entries(unsigned char **p,
216 const unsigned char *end,
217 mbedtls_x509_crl_entry *entry)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]218{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]219 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]220 size_t entry_len;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]221 mbedtls_x509_crl_entry *cur_entry = entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]222
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]223 if (*p == end) {
224 return 0;
225 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]226
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]227 if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len,
228 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
229 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
230 return 0;
231 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]232
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]233 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]234 }
235
236 end = *p + entry_len;
237
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]238 while (*p < end) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]239 size_t len2;
240 const unsigned char *end2;
241
Gilles Peskine5dd5a492020-07-16 18:26:29 +0200[diff] [blame]242 cur_entry->raw.tag = **p;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]243 if ((ret = mbedtls_asn1_get_tag(p, end, &len2,
244 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
245 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]246 }
247
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]248 cur_entry->raw.p = *p;
249 cur_entry->raw.len = len2;
250 end2 = *p + len2;
251
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]252 if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) {
253 return ret;
254 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]255
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]256 if ((ret = mbedtls_x509_get_time(p, end2,
257 &cur_entry->revocation_date)) != 0) {
258 return ret;
259 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]260
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]261 if ((ret = x509_get_crl_entry_ext(p, end2,
262 &cur_entry->entry_ext)) != 0) {
263 return ret;
264 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]265
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]266 if (*p < end) {
267 cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]268
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]269 if (cur_entry->next == NULL) {
270 return MBEDTLS_ERR_X509_ALLOC_FAILED;
271 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]272
273 cur_entry = cur_entry->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]274 }
275 }
276
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]277 return 0;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]278}
279
280/*
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]281 * Parse one CRLs in DER format and append it to the chained list
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]282 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]283int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
284 const unsigned char *buf, size_t buflen)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]285{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]286 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]287 size_t len;
Andres Amaya Garciaf1ee6352017-07-06 10:06:58 +0100[diff] [blame]288 unsigned char *p = NULL, *end = NULL;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
290 mbedtls_x509_crl *crl = chain;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]291
292 /*
293 * Check for valid input
294 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]295 if (crl == NULL || buf == NULL) {
296 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
297 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]298
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]299 memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
300 memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
301 memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]302
303 /*
304 * Add new CRL on the end of the chain if needed.
305 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]306 while (crl->version != 0 && crl->next != NULL) {
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]307 crl = crl->next;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]308 }
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]309
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]310 if (crl->version != 0 && crl->next == NULL) {
311 crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]312
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]313 if (crl->next == NULL) {
314 mbedtls_x509_crl_free(crl);
315 return MBEDTLS_ERR_X509_ALLOC_FAILED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]316 }
317
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]318 mbedtls_x509_crl_init(crl->next);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]319 crl = crl->next;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]320 }
321
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]322 /*
323 * Copy raw DER-encoded CRL
324 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]325 if (buflen == 0) {
326 return MBEDTLS_ERR_X509_INVALID_FORMAT;
327 }
Andres Amaya Garciac9d62262017-12-12 20:15:03 +0000[diff] [blame]328
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]329 p = mbedtls_calloc(1, buflen);
330 if (p == NULL) {
331 return MBEDTLS_ERR_X509_ALLOC_FAILED;
332 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]333
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]334 memcpy(p, buf, buflen);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]335
336 crl->raw.p = p;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]337 crl->raw.len = buflen;
338
339 end = p + buflen;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]340
341 /*
342 * CertificateList ::= SEQUENCE {
343 * tbsCertList TBSCertList,
344 * signatureAlgorithm AlgorithmIdentifier,
345 * signatureValue BIT STRING }
346 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]347 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
348 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
349 mbedtls_x509_crl_free(crl);
350 return MBEDTLS_ERR_X509_INVALID_FORMAT;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]351 }
352
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]353 if (len != (size_t) (end - p)) {
354 mbedtls_x509_crl_free(crl);
355 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
356 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]357 }
358
359 /*
360 * TBSCertList ::= SEQUENCE {
361 */
362 crl->tbs.p = p;
363
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]364 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
365 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
366 mbedtls_x509_crl_free(crl);
367 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]368 }
369
370 end = p + len;
Dave Rodgmane4a6f5a2023-11-04 12:20:09 +0000[diff] [blame]371 crl->tbs.len = (size_t) (end - crl->tbs.p);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]372
373 /*
374 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
375 * -- if present, MUST be v2
376 *
377 * signature AlgorithmIdentifier
378 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]379 if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 ||
380 (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) {
381 mbedtls_x509_crl_free(crl);
382 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]383 }
384
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]385 if (crl->version < 0 || crl->version > 1) {
386 mbedtls_x509_crl_free(crl);
387 return MBEDTLS_ERR_X509_UNKNOWN_VERSION;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]388 }
389
Andres AG4f753c12017-02-10 14:39:58 +0000[diff] [blame]390 crl->version++;
391
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]392 if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
393 &crl->sig_md, &crl->sig_pk,
394 &crl->sig_opts)) != 0) {
395 mbedtls_x509_crl_free(crl);
396 return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]397 }
398
399 /*
400 * issuer Name
401 */
402 crl->issuer_raw.p = p;
403
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]404 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
405 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
406 mbedtls_x509_crl_free(crl);
407 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]408 }
409
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]410 if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) {
411 mbedtls_x509_crl_free(crl);
412 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]413 }
414
Dave Rodgmane4a6f5a2023-11-04 12:20:09 +0000[diff] [blame]415 crl->issuer_raw.len = (size_t) (p - crl->issuer_raw.p);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]416
417 /*
418 * thisUpdate Time
419 * nextUpdate Time OPTIONAL
420 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]421 if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) {
422 mbedtls_x509_crl_free(crl);
423 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]424 }
425
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]426 if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) {
427 if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
428 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) &&
429 ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE,
430 MBEDTLS_ERR_ASN1_OUT_OF_DATA))) {
431 mbedtls_x509_crl_free(crl);
432 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]433 }
434 }
435
436 /*
437 * revokedCertificates SEQUENCE OF SEQUENCE {
438 * userCertificate CertificateSerialNumber,
439 * revocationDate Time,
440 * crlEntryExtensions Extensions OPTIONAL
441 * -- if present, MUST be v2
442 * } OPTIONAL
443 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]444 if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) {
445 mbedtls_x509_crl_free(crl);
446 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]447 }
448
449 /*
450 * crlExtensions EXPLICIT Extensions OPTIONAL
451 * -- if present, MUST be v2
452 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]453 if (crl->version == 2) {
454 ret = x509_get_crl_ext(&p, end, &crl->crl_ext);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]455
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]456 if (ret != 0) {
457 mbedtls_x509_crl_free(crl);
458 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]459 }
460 }
461
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]462 if (p != end) {
463 mbedtls_x509_crl_free(crl);
464 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
465 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]466 }
467
468 end = crl->raw.p + crl->raw.len;
469
470 /*
471 * signatureAlgorithm AlgorithmIdentifier,
472 * signatureValue BIT STRING
473 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]474 if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
475 mbedtls_x509_crl_free(crl);
476 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]477 }
478
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]479 if (crl->sig_oid.len != sig_oid2.len ||
480 memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 ||
Manuel Pégourié-Gonnarddddbb1d2014-06-05 17:02:24 +0200[diff] [blame]481 sig_params1.len != sig_params2.len ||
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]482 (sig_params1.len != 0 &&
483 memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
484 mbedtls_x509_crl_free(crl);
485 return MBEDTLS_ERR_X509_SIG_MISMATCH;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]486 }
487
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]488 if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) {
489 mbedtls_x509_crl_free(crl);
490 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]491 }
492
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]493 if (p != end) {
494 mbedtls_x509_crl_free(crl);
495 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT,
496 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]497 }
498
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]499 return 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]500}
501
502/*
503 * Parse one or more CRLs and add them to the chained list
504 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]505int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen)
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]506{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]507#if defined(MBEDTLS_PEM_PARSE_C)
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]508 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Benjamin Kier36050732019-05-30 14:49:17 -0400[diff] [blame]509 size_t use_len = 0;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]510 mbedtls_pem_context pem;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]511 int is_pem = 0;
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]512
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]513 if (chain == NULL || buf == NULL) {
514 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
515 }
Manuel Pégourié-Gonnard426d4ae2014-11-19 16:58:28 +0100[diff] [blame]516
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]517 do {
518 mbedtls_pem_init(&pem);
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]519
Simon Butcher97e82902016-05-19 00:22:37 +0100[diff] [blame]520 // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
521 // string
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]522 if (buflen == 0 || buf[buflen - 1] != '\0') {
Simon Butcher97e82902016-05-19 00:22:37 +0100[diff] [blame]523 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]524 } else {
525 ret = mbedtls_pem_read_buffer(&pem,
526 "-----BEGIN X509 CRL-----",
527 "-----END X509 CRL-----",
528 buf, NULL, 0, &use_len);
529 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]530
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]531 if (ret == 0) {
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]532 /*
533 * Was PEM encoded
534 */
535 is_pem = 1;
536
537 buflen -= use_len;
538 buf += use_len;
539
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]540 if ((ret = mbedtls_x509_crl_parse_der(chain,
541 pem.buf, pem.buflen)) != 0) {
542 mbedtls_pem_free(&pem);
543 return ret;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]544 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]545 } else if (is_pem) {
546 mbedtls_pem_free(&pem);
547 return ret;
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]548 }
Andres AG5708dcb2016-12-08 17:19:21 +0000[diff] [blame]549
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]550 mbedtls_pem_free(&pem);
Manuel Pégourié-Gonnard6ed2d922014-11-19 19:05:03 +0100[diff] [blame]551 }
Manuel Pégourié-Gonnard43b37cb2015-05-12 11:20:10 +0200[diff] [blame]552 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
553 * And a valid CRL cannot be less than 1 byte anyway. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]554 while (is_pem && buflen > 1);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]555
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]556 if (is_pem) {
557 return 0;
558 } else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]559#endif /* MBEDTLS_PEM_PARSE_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]560 return mbedtls_x509_crl_parse_der(chain, buf, buflen);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]561}
562
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]563#if defined(MBEDTLS_FS_IO)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]564/*
565 * Load one or more CRLs and add them to the chained list
566 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]567int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]568{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]569 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]570 size_t n;
571 unsigned char *buf;
572
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]573 if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) {
574 return ret;
575 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]576
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]577 ret = mbedtls_x509_crl_parse(chain, buf, n);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]578
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]579 mbedtls_zeroize_and_free(buf, n);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]580
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]581 return ret;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]582}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]583#endif /* MBEDTLS_FS_IO */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]584
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]585#if !defined(MBEDTLS_X509_REMOVE_INFO)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]586/*
587 * Return an informational string about the certificate.
588 */
589#define BEFORE_COLON 14
590#define BC "14"
591/*
592 * Return an informational string about the CRL.
593 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]594int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix,
595 const mbedtls_x509_crl *crl)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]596{
Janos Follath865b3eb2019-12-16 11:46:15 +0000[diff] [blame]597 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]598 size_t n;
599 char *p;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]600 const mbedtls_x509_crl_entry *entry;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]601
602 p = buf;
603 n = size;
604
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]605 ret = mbedtls_snprintf(p, n, "%sCRL version : %d",
606 prefix, crl->version);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]607 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]608
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]609 ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]610 MBEDTLS_X509_SAFE_SNPRINTF;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]611 ret = mbedtls_x509_dn_gets(p, n, &crl->issuer);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]612 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]613
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]614 ret = mbedtls_snprintf(p, n, "\n%sthis update : " \
615 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
616 crl->this_update.year, crl->this_update.mon,
617 crl->this_update.day, crl->this_update.hour,
618 crl->this_update.min, crl->this_update.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]619 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]620
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]621 ret = mbedtls_snprintf(p, n, "\n%snext update : " \
622 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
623 crl->next_update.year, crl->next_update.mon,
624 crl->next_update.day, crl->next_update.hour,
625 crl->next_update.min, crl->next_update.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]626 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]627
628 entry = &crl->entry;
629
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]630 ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:",
631 prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]632 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]633
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]634 while (entry != NULL && entry->raw.len != 0) {
635 ret = mbedtls_snprintf(p, n, "\n%sserial number: ",
636 prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]637 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]638
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]639 ret = mbedtls_x509_serial_gets(p, n, &entry->serial);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]640 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]641
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]642 ret = mbedtls_snprintf(p, n, " revocation date: " \
643 "%04d-%02d-%02d %02d:%02d:%02d",
644 entry->revocation_date.year, entry->revocation_date.mon,
645 entry->revocation_date.day, entry->revocation_date.hour,
646 entry->revocation_date.min, entry->revocation_date.sec);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]647 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]648
649 entry = entry->next;
650 }
651
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]652 ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]653 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]654
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]655 ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
656 crl->sig_opts);
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]657 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]658
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]659 ret = mbedtls_snprintf(p, n, "\n");
Manuel Pégourié-Gonnard16853682015-06-22 11:12:02 +0200[diff] [blame]660 MBEDTLS_X509_SAFE_SNPRINTF;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]661
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]662 return (int) (size - n);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]663}
Hanno Becker612a2f12020-10-09 09:19:39 +0100[diff] [blame]664#endif /* MBEDTLS_X509_REMOVE_INFO */
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]665
666/*
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]667 * Initialize a CRL chain
668 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]669void mbedtls_x509_crl_init(mbedtls_x509_crl *crl)
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]670{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]671 memset(crl, 0, sizeof(mbedtls_x509_crl));
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]672}
673
674/*
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]675 * Unallocate all CRL data
676 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]677void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]678{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]679 mbedtls_x509_crl *crl_cur = crl;
680 mbedtls_x509_crl *crl_prv;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]681 mbedtls_x509_crl_entry *entry_cur;
682 mbedtls_x509_crl_entry *entry_prv;
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]683
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]684 while (crl_cur != NULL) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]685#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]686 mbedtls_free(crl_cur->sig_opts);
Manuel Pégourié-Gonnardf75f2f72014-06-05 15:14:28 +0200[diff] [blame]687#endif
688
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]689 mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]690
691 entry_cur = crl_cur->entry.next;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]692 while (entry_cur != NULL) {
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]693 entry_prv = entry_cur;
694 entry_cur = entry_cur->next;
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]695 mbedtls_zeroize_and_free(entry_prv,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]696 sizeof(mbedtls_x509_crl_entry));
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]697 }
698
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]699 if (crl_cur->raw.p != NULL) {
Tom Cosgroveca8c61b2023-07-17 15:17:40 +0100[diff] [blame]700 mbedtls_zeroize_and_free(crl_cur->raw.p, crl_cur->raw.len);
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]701 }
702
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]703 crl_prv = crl_cur;
704 crl_cur = crl_cur->next;
705
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]706 mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl));
707 if (crl_prv != crl) {
708 mbedtls_free(crl_prv);
709 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]710 }
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]711}
712
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]713#endif /* MBEDTLS_X509_CRL_PARSE_C */