[457] | 1 | /* crl.c
|
---|
| 2 | *
|
---|
| 3 | * Copyright (C) 2006-2020 wolfSSL Inc.
|
---|
| 4 | *
|
---|
| 5 | * This file is part of wolfSSL.
|
---|
| 6 | *
|
---|
| 7 | * wolfSSL is free software; you can redistribute it and/or modify
|
---|
| 8 | * it under the terms of the GNU General Public License as published by
|
---|
| 9 | * the Free Software Foundation; either version 2 of the License, or
|
---|
| 10 | * (at your option) any later version.
|
---|
| 11 | *
|
---|
| 12 | * wolfSSL is distributed in the hope that it will be useful,
|
---|
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
| 15 | * GNU General Public License for more details.
|
---|
| 16 | *
|
---|
| 17 | * You should have received a copy of the GNU General Public License
|
---|
| 18 | * along with this program; if not, write to the Free Software
|
---|
| 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
---|
| 20 | */
|
---|
| 21 |
|
---|
| 22 |
|
---|
| 23 | /* Name change compatibility layer no longer needs included here */
|
---|
| 24 |
|
---|
| 25 | #ifdef HAVE_CONFIG_H
|
---|
| 26 | #include <config.h>
|
---|
| 27 | #endif
|
---|
| 28 |
|
---|
| 29 | #include <wolfssl/wolfcrypt/settings.h>
|
---|
| 30 |
|
---|
| 31 | #ifndef WOLFCRYPT_ONLY
|
---|
| 32 | #ifdef HAVE_CRL
|
---|
| 33 |
|
---|
| 34 | #include <wolfssl/internal.h>
|
---|
| 35 | #include <wolfssl/error-ssl.h>
|
---|
| 36 |
|
---|
[464] | 37 | #ifndef WOLFSSL_LINUXKM
|
---|
| 38 | #include <string.h>
|
---|
| 39 | #endif
|
---|
[457] | 40 |
|
---|
| 41 | #ifdef HAVE_CRL_MONITOR
|
---|
| 42 | #if (defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__))
|
---|
| 43 | static int StopMonitor(int mfd);
|
---|
| 44 | #else
|
---|
| 45 | #error "CRL monitor only currently supported on linux or mach"
|
---|
| 46 | #endif
|
---|
| 47 | #endif /* HAVE_CRL_MONITOR */
|
---|
| 48 |
|
---|
| 49 |
|
---|
| 50 | /* Initialize CRL members */
|
---|
| 51 | int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
|
---|
| 52 | {
|
---|
| 53 | WOLFSSL_ENTER("InitCRL");
|
---|
| 54 | if(cm != NULL)
|
---|
| 55 | crl->heap = cm->heap;
|
---|
| 56 | else
|
---|
| 57 | crl->heap = NULL;
|
---|
| 58 | crl->cm = cm;
|
---|
| 59 | crl->crlList = NULL;
|
---|
| 60 | crl->monitors[0].path = NULL;
|
---|
| 61 | crl->monitors[1].path = NULL;
|
---|
| 62 | #ifdef HAVE_CRL_MONITOR
|
---|
| 63 | crl->tid = 0;
|
---|
| 64 | crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
|
---|
| 65 | crl->setup = 0; /* thread setup done predicate */
|
---|
| 66 | if (pthread_cond_init(&crl->cond, 0) != 0) {
|
---|
| 67 | WOLFSSL_MSG("Pthread condition init failed");
|
---|
| 68 | return BAD_COND_E;
|
---|
| 69 | }
|
---|
| 70 | #endif
|
---|
| 71 | if (wc_InitMutex(&crl->crlLock) != 0) {
|
---|
| 72 | WOLFSSL_MSG("Init Mutex failed");
|
---|
| 73 | return BAD_MUTEX_E;
|
---|
| 74 | }
|
---|
| 75 |
|
---|
| 76 | return 0;
|
---|
| 77 | }
|
---|
| 78 |
|
---|
| 79 |
|
---|
| 80 | /* Initialize CRL Entry */
|
---|
| 81 | static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
|
---|
| 82 | int verified, void* heap)
|
---|
| 83 | {
|
---|
| 84 | WOLFSSL_ENTER("InitCRL_Entry");
|
---|
| 85 |
|
---|
| 86 | XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
|
---|
| 87 | /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
|
---|
| 88 | * copy the hash here if needed for optimized comparisons */
|
---|
| 89 | XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
|
---|
| 90 | XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
|
---|
| 91 | crle->lastDateFormat = dcrl->lastDateFormat;
|
---|
| 92 | crle->nextDateFormat = dcrl->nextDateFormat;
|
---|
| 93 |
|
---|
| 94 | crle->certs = dcrl->certs; /* take ownsership */
|
---|
| 95 | dcrl->certs = NULL;
|
---|
| 96 | crle->totalCerts = dcrl->totalCerts;
|
---|
| 97 | crle->verified = verified;
|
---|
| 98 | if (!verified) {
|
---|
| 99 | crle->tbsSz = dcrl->sigIndex - dcrl->certBegin;
|
---|
| 100 | crle->signatureSz = dcrl->sigLength;
|
---|
| 101 | crle->signatureOID = dcrl->signatureOID;
|
---|
| 102 | crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap,
|
---|
| 103 | DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 104 | if (crle->toBeSigned == NULL)
|
---|
| 105 | return -1;
|
---|
| 106 | crle->signature = (byte*)XMALLOC(crle->signatureSz, heap,
|
---|
| 107 | DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 108 | if (crle->signature == NULL) {
|
---|
| 109 | XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 110 | return -1;
|
---|
| 111 | }
|
---|
| 112 | XMEMCPY(crle->toBeSigned, buff + dcrl->certBegin, crle->tbsSz);
|
---|
| 113 | XMEMCPY(crle->signature, dcrl->signature, crle->signatureSz);
|
---|
| 114 | #ifndef NO_SKID
|
---|
| 115 | crle->extAuthKeyIdSet = dcrl->extAuthKeyIdSet;
|
---|
| 116 | if (crle->extAuthKeyIdSet)
|
---|
| 117 | XMEMCPY(crle->extAuthKeyId, dcrl->extAuthKeyId, KEYID_SIZE);
|
---|
| 118 | #endif
|
---|
| 119 | }
|
---|
| 120 | else {
|
---|
| 121 | crle->toBeSigned = NULL;
|
---|
| 122 | crle->signature = NULL;
|
---|
| 123 | }
|
---|
| 124 |
|
---|
| 125 | (void)verified;
|
---|
| 126 | (void)heap;
|
---|
| 127 |
|
---|
| 128 | return 0;
|
---|
| 129 | }
|
---|
| 130 |
|
---|
| 131 |
|
---|
| 132 | /* Free all CRL Entry resources */
|
---|
| 133 | static void FreeCRL_Entry(CRL_Entry* crle, void* heap)
|
---|
| 134 | {
|
---|
| 135 | RevokedCert* tmp = crle->certs;
|
---|
| 136 | RevokedCert* next;
|
---|
| 137 |
|
---|
| 138 | WOLFSSL_ENTER("FreeCRL_Entry");
|
---|
| 139 |
|
---|
| 140 | while (tmp) {
|
---|
| 141 | next = tmp->next;
|
---|
| 142 | XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
|
---|
| 143 | tmp = next;
|
---|
| 144 | }
|
---|
| 145 | if (crle->signature != NULL)
|
---|
| 146 | XFREE(crle->signature, heap, DYNAMIC_TYPE_REVOKED);
|
---|
| 147 | if (crle->toBeSigned != NULL)
|
---|
| 148 | XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_REVOKED);
|
---|
| 149 |
|
---|
| 150 | (void)heap;
|
---|
| 151 | }
|
---|
| 152 |
|
---|
| 153 |
|
---|
| 154 |
|
---|
| 155 | /* Free all CRL resources */
|
---|
| 156 | void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
|
---|
| 157 | {
|
---|
| 158 | CRL_Entry* tmp = crl->crlList;
|
---|
| 159 |
|
---|
| 160 | WOLFSSL_ENTER("FreeCRL");
|
---|
| 161 | if (crl->monitors[0].path)
|
---|
| 162 | XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 163 |
|
---|
| 164 | if (crl->monitors[1].path)
|
---|
| 165 | XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 166 |
|
---|
| 167 | while(tmp) {
|
---|
| 168 | CRL_Entry* next = tmp->next;
|
---|
| 169 | FreeCRL_Entry(tmp, crl->heap);
|
---|
| 170 | XFREE(tmp, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 171 | tmp = next;
|
---|
| 172 | }
|
---|
| 173 |
|
---|
| 174 | #ifdef HAVE_CRL_MONITOR
|
---|
| 175 | if (crl->tid != 0) {
|
---|
| 176 | WOLFSSL_MSG("stopping monitor thread");
|
---|
| 177 | if (StopMonitor(crl->mfd) == 0)
|
---|
| 178 | pthread_join(crl->tid, NULL);
|
---|
| 179 | else {
|
---|
| 180 | WOLFSSL_MSG("stop monitor failed");
|
---|
| 181 | }
|
---|
| 182 | }
|
---|
| 183 | pthread_cond_destroy(&crl->cond);
|
---|
| 184 | #endif
|
---|
| 185 | wc_FreeMutex(&crl->crlLock);
|
---|
| 186 | if (dynamic) /* free self */
|
---|
| 187 | XFREE(crl, crl->heap, DYNAMIC_TYPE_CRL);
|
---|
| 188 | }
|
---|
| 189 |
|
---|
| 190 |
|
---|
| 191 | static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry)
|
---|
| 192 | {
|
---|
| 193 | CRL_Entry* crle;
|
---|
| 194 | int foundEntry = 0;
|
---|
| 195 | int ret = 0;
|
---|
| 196 |
|
---|
| 197 | if (wc_LockMutex(&crl->crlLock) != 0) {
|
---|
| 198 | WOLFSSL_MSG("wc_LockMutex failed");
|
---|
| 199 | return BAD_MUTEX_E;
|
---|
| 200 | }
|
---|
| 201 |
|
---|
| 202 | crle = crl->crlList;
|
---|
| 203 |
|
---|
| 204 | while (crle) {
|
---|
| 205 | if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
|
---|
| 206 | WOLFSSL_MSG("Found CRL Entry on list");
|
---|
| 207 |
|
---|
| 208 | if (crle->verified == 0) {
|
---|
| 209 | Signer* ca = NULL;
|
---|
| 210 | #ifndef NO_SKID
|
---|
| 211 | byte extAuthKeyId[KEYID_SIZE];
|
---|
| 212 | #endif
|
---|
| 213 | byte issuerHash[CRL_DIGEST_SIZE];
|
---|
| 214 | byte* tbs;
|
---|
| 215 | word32 tbsSz = crle->tbsSz;
|
---|
| 216 | byte* sig = NULL;
|
---|
| 217 | word32 sigSz = crle->signatureSz;
|
---|
| 218 | word32 sigOID = crle->signatureOID;
|
---|
| 219 | SignatureCtx sigCtx;
|
---|
| 220 |
|
---|
| 221 | tbs = (byte*)XMALLOC(tbsSz, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 222 | if (tbs == NULL) {
|
---|
| 223 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 224 | return MEMORY_E;
|
---|
| 225 | }
|
---|
| 226 | sig = (byte*)XMALLOC(sigSz, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 227 | if (sig == NULL) {
|
---|
| 228 | XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 229 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 230 | return MEMORY_E;
|
---|
| 231 | }
|
---|
| 232 |
|
---|
| 233 | XMEMCPY(tbs, crle->toBeSigned, tbsSz);
|
---|
| 234 | XMEMCPY(sig, crle->signature, sigSz);
|
---|
| 235 | #ifndef NO_SKID
|
---|
| 236 | XMEMCPY(extAuthKeyId, crle->extAuthKeyId,
|
---|
| 237 | sizeof(extAuthKeyId));
|
---|
| 238 | #endif
|
---|
| 239 | XMEMCPY(issuerHash, crle->issuerHash, sizeof(issuerHash));
|
---|
| 240 |
|
---|
| 241 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 242 |
|
---|
| 243 | #ifndef NO_SKID
|
---|
| 244 | if (crle->extAuthKeyIdSet)
|
---|
| 245 | ca = GetCA(crl->cm, extAuthKeyId);
|
---|
| 246 | if (ca == NULL)
|
---|
| 247 | ca = GetCAByName(crl->cm, issuerHash);
|
---|
| 248 | #else /* NO_SKID */
|
---|
| 249 | ca = GetCA(crl->cm, issuerHash);
|
---|
| 250 | #endif /* NO_SKID */
|
---|
| 251 | if (ca == NULL) {
|
---|
| 252 | XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 253 | XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 254 | WOLFSSL_MSG("Did NOT find CRL issuer CA");
|
---|
| 255 | return ASN_CRL_NO_SIGNER_E;
|
---|
| 256 | }
|
---|
| 257 |
|
---|
| 258 | ret = VerifyCRL_Signature(&sigCtx, tbs, tbsSz, sig, sigSz,
|
---|
| 259 | sigOID, ca, crl->heap);
|
---|
| 260 |
|
---|
| 261 | XFREE(sig, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 262 | XFREE(tbs, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 263 |
|
---|
| 264 | if (wc_LockMutex(&crl->crlLock) != 0) {
|
---|
| 265 | WOLFSSL_MSG("wc_LockMutex failed");
|
---|
| 266 | return BAD_MUTEX_E;
|
---|
| 267 | }
|
---|
| 268 |
|
---|
| 269 | crle = crl->crlList;
|
---|
| 270 | while (crle) {
|
---|
| 271 | if (XMEMCMP(crle->issuerHash, cert->issuerHash,
|
---|
| 272 | CRL_DIGEST_SIZE) == 0) {
|
---|
| 273 |
|
---|
| 274 | if (ret == 0)
|
---|
| 275 | crle->verified = 1;
|
---|
| 276 | else
|
---|
| 277 | crle->verified = ret;
|
---|
| 278 |
|
---|
| 279 | XFREE(crle->toBeSigned, crl->heap,
|
---|
| 280 | DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 281 | crle->toBeSigned = NULL;
|
---|
| 282 | XFREE(crle->signature, crl->heap,
|
---|
| 283 | DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 284 | crle->signature = NULL;
|
---|
| 285 | break;
|
---|
| 286 | }
|
---|
| 287 | crle = crle->next;
|
---|
| 288 | }
|
---|
| 289 | if (crle == NULL || crle->verified < 0)
|
---|
| 290 | break;
|
---|
| 291 | }
|
---|
| 292 | else if (crle->verified < 0) {
|
---|
| 293 | WOLFSSL_MSG("Cannot use CRL as it didn't verify");
|
---|
| 294 | ret = crle->verified;
|
---|
| 295 | break;
|
---|
| 296 | }
|
---|
| 297 |
|
---|
| 298 | WOLFSSL_MSG("Checking next date validity");
|
---|
| 299 |
|
---|
| 300 | #ifdef WOLFSSL_NO_CRL_NEXT_DATE
|
---|
| 301 | if (crle->nextDateFormat != ASN_OTHER_TYPE)
|
---|
| 302 | #endif
|
---|
| 303 | {
|
---|
| 304 | #ifndef NO_ASN_TIME
|
---|
| 305 | if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
|
---|
| 306 | WOLFSSL_MSG("CRL next date is no longer valid");
|
---|
| 307 | ret = ASN_AFTER_DATE_E;
|
---|
| 308 | }
|
---|
| 309 | #endif
|
---|
| 310 | }
|
---|
| 311 | if (ret == 0) {
|
---|
| 312 | foundEntry = 1;
|
---|
| 313 | }
|
---|
| 314 | break;
|
---|
| 315 | }
|
---|
| 316 | crle = crle->next;
|
---|
| 317 | }
|
---|
| 318 |
|
---|
| 319 | if (foundEntry) {
|
---|
| 320 | RevokedCert* rc = crle->certs;
|
---|
| 321 |
|
---|
| 322 | while (rc) {
|
---|
| 323 | if (rc->serialSz == cert->serialSz &&
|
---|
| 324 | XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
|
---|
| 325 | WOLFSSL_MSG("Cert revoked");
|
---|
| 326 | ret = CRL_CERT_REVOKED;
|
---|
| 327 | break;
|
---|
| 328 | }
|
---|
| 329 | rc = rc->next;
|
---|
| 330 | }
|
---|
| 331 | }
|
---|
| 332 |
|
---|
| 333 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 334 |
|
---|
| 335 | *pFoundEntry = foundEntry;
|
---|
| 336 |
|
---|
| 337 | return ret;
|
---|
| 338 | }
|
---|
| 339 |
|
---|
| 340 | /* Is the cert ok with CRL, return 0 on success */
|
---|
| 341 | int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
|
---|
| 342 | {
|
---|
| 343 | int foundEntry = 0;
|
---|
| 344 | int ret = 0;
|
---|
| 345 |
|
---|
| 346 | WOLFSSL_ENTER("CheckCertCRL");
|
---|
| 347 |
|
---|
| 348 | ret = CheckCertCRLList(crl, cert, &foundEntry);
|
---|
| 349 |
|
---|
| 350 | #ifdef HAVE_CRL_IO
|
---|
| 351 | if (foundEntry == 0) {
|
---|
| 352 | /* perform embedded lookup */
|
---|
| 353 | if (crl->crlIOCb) {
|
---|
| 354 | ret = crl->crlIOCb(crl, (const char*)cert->extCrlInfo,
|
---|
| 355 | cert->extCrlInfoSz);
|
---|
| 356 | if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
|
---|
| 357 | ret = WANT_READ;
|
---|
| 358 | }
|
---|
| 359 | else if (ret >= 0) {
|
---|
| 360 | /* try again */
|
---|
| 361 | ret = CheckCertCRLList(crl, cert, &foundEntry);
|
---|
| 362 | }
|
---|
| 363 | }
|
---|
| 364 | }
|
---|
| 365 | #endif
|
---|
| 366 |
|
---|
| 367 | if (foundEntry == 0) {
|
---|
| 368 | WOLFSSL_MSG("Couldn't find CRL for status check");
|
---|
| 369 | ret = CRL_MISSING;
|
---|
| 370 |
|
---|
| 371 | if (crl->cm->cbMissingCRL) {
|
---|
| 372 | char url[256];
|
---|
| 373 |
|
---|
| 374 | WOLFSSL_MSG("Issuing missing CRL callback");
|
---|
| 375 | url[0] = '\0';
|
---|
| 376 | if (cert->extCrlInfo) {
|
---|
| 377 | if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
|
---|
| 378 | XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
|
---|
| 379 | url[cert->extCrlInfoSz] = '\0';
|
---|
| 380 | }
|
---|
| 381 | else {
|
---|
| 382 | WOLFSSL_MSG("CRL url too long");
|
---|
| 383 | }
|
---|
| 384 | }
|
---|
| 385 |
|
---|
| 386 | crl->cm->cbMissingCRL(url);
|
---|
| 387 | }
|
---|
| 388 | }
|
---|
| 389 |
|
---|
| 390 | return ret;
|
---|
| 391 | }
|
---|
| 392 |
|
---|
| 393 |
|
---|
| 394 | /* Add Decoded CRL, 0 on success */
|
---|
| 395 | static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
|
---|
| 396 | int verified)
|
---|
| 397 | {
|
---|
| 398 | CRL_Entry* crle;
|
---|
| 399 |
|
---|
| 400 | WOLFSSL_ENTER("AddCRL");
|
---|
| 401 |
|
---|
| 402 | crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 403 | if (crle == NULL) {
|
---|
| 404 | WOLFSSL_MSG("alloc CRL Entry failed");
|
---|
| 405 | return -1;
|
---|
| 406 | }
|
---|
| 407 |
|
---|
| 408 | if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) {
|
---|
| 409 | WOLFSSL_MSG("Init CRL Entry failed");
|
---|
| 410 | XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 411 | return -1;
|
---|
| 412 | }
|
---|
| 413 |
|
---|
| 414 | if (wc_LockMutex(&crl->crlLock) != 0) {
|
---|
| 415 | WOLFSSL_MSG("wc_LockMutex failed");
|
---|
| 416 | FreeCRL_Entry(crle, crl->heap);
|
---|
| 417 | XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 418 | return BAD_MUTEX_E;
|
---|
| 419 | }
|
---|
| 420 | crle->next = crl->crlList;
|
---|
| 421 | crl->crlList = crle;
|
---|
| 422 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 423 |
|
---|
| 424 | return 0;
|
---|
| 425 | }
|
---|
| 426 |
|
---|
| 427 |
|
---|
| 428 | /* Load CRL File of type, WOLFSSL_SUCCESS on ok */
|
---|
| 429 | int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
|
---|
| 430 | int verify)
|
---|
| 431 | {
|
---|
| 432 | int ret = WOLFSSL_SUCCESS;
|
---|
| 433 | const byte* myBuffer = buff; /* if DER ok, otherwise switch */
|
---|
| 434 | DerBuffer* der = NULL;
|
---|
| 435 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 436 | DecodedCRL* dcrl;
|
---|
| 437 | #else
|
---|
| 438 | DecodedCRL dcrl[1];
|
---|
| 439 | #endif
|
---|
| 440 |
|
---|
| 441 | WOLFSSL_ENTER("BufferLoadCRL");
|
---|
| 442 |
|
---|
| 443 | if (crl == NULL || buff == NULL || sz == 0)
|
---|
| 444 | return BAD_FUNC_ARG;
|
---|
| 445 |
|
---|
| 446 | if (type == WOLFSSL_FILETYPE_PEM) {
|
---|
| 447 | #ifdef WOLFSSL_PEM_TO_DER
|
---|
| 448 | ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
|
---|
| 449 | if (ret == 0) {
|
---|
| 450 | myBuffer = der->buffer;
|
---|
| 451 | sz = der->length;
|
---|
| 452 | }
|
---|
| 453 | else {
|
---|
| 454 | WOLFSSL_MSG("Pem to Der failed");
|
---|
| 455 | FreeDer(&der);
|
---|
| 456 | return -1;
|
---|
| 457 | }
|
---|
| 458 | #else
|
---|
| 459 | ret = NOT_COMPILED_IN;
|
---|
| 460 | #endif
|
---|
| 461 | }
|
---|
| 462 |
|
---|
| 463 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 464 | dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 465 | if (dcrl == NULL) {
|
---|
| 466 | FreeDer(&der);
|
---|
| 467 | return MEMORY_E;
|
---|
| 468 | }
|
---|
| 469 | #endif
|
---|
| 470 |
|
---|
| 471 | InitDecodedCRL(dcrl, crl->heap);
|
---|
| 472 | ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
|
---|
| 473 | if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) {
|
---|
| 474 | WOLFSSL_MSG("ParseCRL error");
|
---|
| 475 | }
|
---|
| 476 | else {
|
---|
| 477 | ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E);
|
---|
| 478 | if (ret != 0) {
|
---|
| 479 | WOLFSSL_MSG("AddCRL error");
|
---|
| 480 | }
|
---|
| 481 | }
|
---|
| 482 |
|
---|
| 483 | FreeDecodedCRL(dcrl);
|
---|
| 484 |
|
---|
| 485 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 486 | XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 487 | #endif
|
---|
| 488 |
|
---|
| 489 | FreeDer(&der);
|
---|
| 490 |
|
---|
| 491 | return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
|
---|
| 492 | }
|
---|
| 493 |
|
---|
| 494 | #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
|
---|
[464] | 495 | /* helper function to create a new dynamic WOLFSSL_X509_CRL structure */
|
---|
| 496 | static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm)
|
---|
| 497 | {
|
---|
| 498 | WOLFSSL_X509_CRL* ret;
|
---|
| 499 |
|
---|
| 500 | ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), cm->heap,
|
---|
| 501 | DYNAMIC_TYPE_CRL);
|
---|
| 502 | if (ret != NULL) {
|
---|
| 503 | if (InitCRL(ret, cm) < 0) {
|
---|
| 504 | WOLFSSL_MSG("Unable to initialize new CRL structure");
|
---|
| 505 | XFREE(ret, cm->heap, DYNAMIC_TYPE_CRL);
|
---|
| 506 | ret = NULL;
|
---|
| 507 | }
|
---|
| 508 | }
|
---|
| 509 | return ret;
|
---|
| 510 | }
|
---|
| 511 |
|
---|
| 512 |
|
---|
| 513 | /* returns head of copied list that was alloc'd */
|
---|
| 514 | static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap)
|
---|
| 515 | {
|
---|
| 516 | RevokedCert* head = NULL;
|
---|
| 517 | RevokedCert* current = in;
|
---|
| 518 | RevokedCert* prev = NULL;
|
---|
| 519 | while (current) {
|
---|
| 520 | RevokedCert* tmp = (RevokedCert*)XMALLOC(sizeof(RevokedCert), heap,
|
---|
| 521 | DYNAMIC_TYPE_REVOKED);
|
---|
| 522 | if (tmp != NULL) {
|
---|
| 523 | XMEMCPY(tmp->serialNumber, current->serialNumber,
|
---|
| 524 | EXTERNAL_SERIAL_SIZE);
|
---|
| 525 | tmp->serialSz = current->serialSz;
|
---|
| 526 | tmp->next = NULL;
|
---|
| 527 | if (prev != NULL)
|
---|
| 528 | prev->next = tmp;
|
---|
| 529 | if (head == NULL)
|
---|
| 530 | head = tmp;
|
---|
| 531 | prev = tmp;
|
---|
| 532 | }
|
---|
| 533 | else {
|
---|
| 534 | WOLFSSL_MSG("Failed to allocate new RevokedCert structure");
|
---|
| 535 | /* free up any existing list */
|
---|
| 536 | while (head != NULL) {
|
---|
| 537 | current = head;
|
---|
| 538 | head = head->next;
|
---|
| 539 | XFREE(current, heap, DYNAMIC_TYPE_REVOKED);
|
---|
| 540 | }
|
---|
| 541 | return NULL;
|
---|
| 542 | }
|
---|
| 543 | current = current->next;
|
---|
| 544 | }
|
---|
| 545 |
|
---|
| 546 | (void)heap;
|
---|
| 547 | return head;
|
---|
| 548 | }
|
---|
| 549 |
|
---|
| 550 |
|
---|
| 551 | /* returns a deep copy of ent on success and null on fail */
|
---|
| 552 | static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
|
---|
| 553 | {
|
---|
| 554 | CRL_Entry *dupl;
|
---|
| 555 |
|
---|
| 556 | dupl = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 557 | if (dupl == NULL) {
|
---|
| 558 | WOLFSSL_MSG("alloc CRL Entry failed");
|
---|
| 559 | return NULL;
|
---|
| 560 | }
|
---|
| 561 | XMEMSET(dupl, 0, sizeof(CRL_Entry));
|
---|
| 562 |
|
---|
| 563 | XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE);
|
---|
| 564 | XMEMCPY(dupl->lastDate, ent->lastDate, MAX_DATE_SIZE);
|
---|
| 565 | XMEMCPY(dupl->nextDate, ent->nextDate, MAX_DATE_SIZE);
|
---|
| 566 | dupl->lastDateFormat = ent->lastDateFormat;
|
---|
| 567 | dupl->nextDateFormat = ent->nextDateFormat;
|
---|
| 568 | dupl->certs = DupRevokedCertList(ent->certs, heap);
|
---|
| 569 |
|
---|
| 570 | dupl->totalCerts = ent->totalCerts;
|
---|
| 571 | dupl->verified = ent->verified;
|
---|
| 572 |
|
---|
| 573 | if (!ent->verified) {
|
---|
| 574 | dupl->tbsSz = ent->tbsSz;
|
---|
| 575 | dupl->signatureSz = ent->signatureSz;
|
---|
| 576 | dupl->signatureOID = ent->signatureOID;
|
---|
| 577 | dupl->toBeSigned = (byte*)XMALLOC(dupl->tbsSz, heap,
|
---|
| 578 | DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 579 | if (dupl->toBeSigned == NULL) {
|
---|
| 580 | FreeCRL_Entry(dupl, heap);
|
---|
| 581 | XFREE(dupl, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 582 | return NULL;
|
---|
| 583 | }
|
---|
| 584 |
|
---|
| 585 | dupl->signature = (byte*)XMALLOC(dupl->signatureSz, heap,
|
---|
| 586 | DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 587 | if (dupl->signature == NULL) {
|
---|
| 588 | FreeCRL_Entry(dupl, heap);
|
---|
| 589 | XFREE(dupl, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
---|
| 590 | return NULL;
|
---|
| 591 | }
|
---|
| 592 | XMEMCPY(dupl->toBeSigned, ent->toBeSigned, dupl->tbsSz);
|
---|
| 593 | XMEMCPY(dupl->signature, ent->signature, dupl->signatureSz);
|
---|
| 594 | #ifndef NO_SKID
|
---|
| 595 | dupl->extAuthKeyIdSet = ent->extAuthKeyIdSet;
|
---|
| 596 | if (dupl->extAuthKeyIdSet)
|
---|
| 597 | XMEMCPY(dupl->extAuthKeyId, ent->extAuthKeyId, KEYID_SIZE);
|
---|
| 598 | #endif
|
---|
| 599 | }
|
---|
| 600 | else {
|
---|
| 601 | dupl->toBeSigned = NULL;
|
---|
| 602 | dupl->tbsSz = 0;
|
---|
| 603 | dupl->signature = NULL;
|
---|
| 604 | dupl->signatureSz = 0;
|
---|
| 605 | }
|
---|
| 606 |
|
---|
| 607 | return dupl;
|
---|
| 608 | }
|
---|
| 609 |
|
---|
| 610 |
|
---|
| 611 | /* returns the head of a deep copy of the list on success and null on fail */
|
---|
| 612 | static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
|
---|
| 613 | {
|
---|
| 614 | CRL_Entry* current;
|
---|
| 615 | CRL_Entry* head = NULL;
|
---|
| 616 | CRL_Entry* prev = NULL;
|
---|
| 617 |
|
---|
| 618 | current = crl;
|
---|
| 619 | while (current != NULL) {
|
---|
| 620 | CRL_Entry* tmp = DupCRL_Entry(current, heap);
|
---|
| 621 | if (tmp != NULL) {
|
---|
| 622 | tmp->next = NULL;
|
---|
| 623 | if (head == NULL)
|
---|
| 624 | head = tmp;
|
---|
| 625 | if (prev != NULL)
|
---|
| 626 | prev->next = tmp;
|
---|
| 627 | prev = tmp;
|
---|
| 628 | }
|
---|
| 629 | else {
|
---|
| 630 | WOLFSSL_MSG("Failed to allocate new CRL_Entry structure");
|
---|
| 631 | /* free up any existing list */
|
---|
| 632 | while (head != NULL) {
|
---|
| 633 | current = head;
|
---|
| 634 | head = head->next;
|
---|
| 635 | FreeCRL_Entry(current, heap);
|
---|
| 636 | }
|
---|
| 637 |
|
---|
| 638 | return NULL;
|
---|
| 639 | }
|
---|
| 640 | current = current->next;
|
---|
| 641 | }
|
---|
| 642 | return head;
|
---|
| 643 | }
|
---|
| 644 |
|
---|
| 645 |
|
---|
| 646 | /* Duplicates everything except the parent cm pointed to.
|
---|
| 647 | * Expects that Init has already been done to 'dupl'
|
---|
| 648 | * return 0 on success */
|
---|
| 649 | static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
|
---|
| 650 | {
|
---|
| 651 | if (dupl == NULL || crl == NULL) {
|
---|
| 652 | return BAD_FUNC_ARG;
|
---|
| 653 | }
|
---|
| 654 |
|
---|
| 655 | if (crl->monitors[0].path) {
|
---|
| 656 | int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1;
|
---|
| 657 | dupl->monitors[0].path = (char*)XMALLOC(pathSz, dupl->heap,
|
---|
| 658 | DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 659 | if (dupl->monitors[0].path != NULL) {
|
---|
| 660 | XSTRNCPY(dupl->monitors[0].path, crl->monitors[0].path, pathSz);
|
---|
| 661 | }
|
---|
| 662 | else {
|
---|
| 663 | return MEMORY_E;
|
---|
| 664 | }
|
---|
| 665 | }
|
---|
| 666 |
|
---|
| 667 | if (crl->monitors[1].path) {
|
---|
| 668 | int pathSz = (int)XSTRLEN(crl->monitors[1].path) + 1;
|
---|
| 669 | dupl->monitors[1].path = (char*)XMALLOC(pathSz, dupl->heap,
|
---|
| 670 | DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 671 | if (dupl->monitors[1].path != NULL) {
|
---|
| 672 | XSTRNCPY(dupl->monitors[1].path, crl->monitors[1].path, pathSz);
|
---|
| 673 | }
|
---|
| 674 | else {
|
---|
| 675 | if (dupl->monitors[0].path != NULL) {
|
---|
| 676 | XFREE(dupl->monitors[0].path, dupl->heap,
|
---|
| 677 | DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 678 | }
|
---|
| 679 | return MEMORY_E;
|
---|
| 680 | }
|
---|
| 681 | }
|
---|
| 682 |
|
---|
| 683 | dupl->crlList = DupCRL_list(crl->crlList, dupl->heap);
|
---|
| 684 | #ifdef HAVE_CRL_IO
|
---|
| 685 | dupl->crlIOCb = crl->crlIOCb;
|
---|
| 686 | #endif
|
---|
| 687 |
|
---|
| 688 | return 0;
|
---|
| 689 | }
|
---|
| 690 |
|
---|
| 691 | /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */
|
---|
[457] | 692 | int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
|
---|
| 693 | {
|
---|
| 694 | CRL_Entry *crle;
|
---|
[464] | 695 | WOLFSSL_X509_CRL *crl;
|
---|
[457] | 696 |
|
---|
| 697 | WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl");
|
---|
[464] | 698 | if (store == NULL || newcrl == NULL || store->cm == NULL)
|
---|
[457] | 699 | return BAD_FUNC_ARG;
|
---|
| 700 |
|
---|
[464] | 701 | if (store->cm->crl == NULL) {
|
---|
| 702 | crl = wolfSSL_X509_crl_new(store->cm);
|
---|
| 703 | if (DupX509_CRL(crl, newcrl) != 0) {
|
---|
| 704 | FreeCRL(crl, 1);
|
---|
| 705 | return WOLFSSL_FAILURE;
|
---|
| 706 | }
|
---|
| 707 | store->crl = store->cm->crl = crl;
|
---|
| 708 | if (wolfSSL_CertManagerEnableCRL(store->cm, WOLFSSL_CRL_CHECKALL)
|
---|
| 709 | != WOLFSSL_SUCCESS) {
|
---|
| 710 | WOLFSSL_MSG("wolfSSL_CertManagerEnableCRL error");
|
---|
| 711 | return WOLFSSL_FAILURE;
|
---|
| 712 | }
|
---|
| 713 | return WOLFSSL_SUCCESS;
|
---|
| 714 | }
|
---|
[457] | 715 |
|
---|
[464] | 716 | /* find tail of current list and add new list */
|
---|
| 717 | crl = store->cm->crl;
|
---|
| 718 | crle = crl->crlList;
|
---|
| 719 | if (newcrl->crlList != NULL) {
|
---|
| 720 | CRL_Entry *tail = crle;
|
---|
| 721 | CRL_Entry *toAdd;
|
---|
| 722 |
|
---|
| 723 | if (wc_LockMutex(&crl->crlLock) != 0)
|
---|
| 724 | {
|
---|
| 725 | WOLFSSL_MSG("wc_LockMutex failed");
|
---|
| 726 | return BAD_MUTEX_E;
|
---|
| 727 | }
|
---|
| 728 |
|
---|
| 729 | toAdd = DupCRL_list(newcrl->crlList, crl->heap);
|
---|
| 730 | if (tail == NULL) {
|
---|
| 731 | crl->crlList = toAdd;
|
---|
| 732 | }
|
---|
| 733 | else {
|
---|
| 734 | while (tail->next != NULL) tail = tail->next;
|
---|
| 735 | tail->next = toAdd;
|
---|
| 736 | }
|
---|
| 737 | wc_UnLockMutex(&crl->crlLock);
|
---|
[457] | 738 | }
|
---|
| 739 |
|
---|
[464] | 740 | if (wolfSSL_CertManagerEnableCRL(store->cm, WOLFSSL_CRL_CHECKALL)
|
---|
| 741 | != WOLFSSL_SUCCESS) {
|
---|
| 742 | WOLFSSL_MSG("wolfSSL_CertManagerEnableCRL error");
|
---|
| 743 | return WOLFSSL_FAILURE;
|
---|
| 744 | }
|
---|
| 745 |
|
---|
[457] | 746 | WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS);
|
---|
| 747 |
|
---|
| 748 | return WOLFSSL_SUCCESS;
|
---|
| 749 | }
|
---|
| 750 | #endif
|
---|
| 751 |
|
---|
| 752 | #ifdef HAVE_CRL_MONITOR
|
---|
| 753 |
|
---|
| 754 |
|
---|
| 755 | /* Signal Monitor thread is setup, save status to setup flag, 0 on success */
|
---|
| 756 | static int SignalSetup(WOLFSSL_CRL* crl, int status)
|
---|
| 757 | {
|
---|
| 758 | int ret;
|
---|
| 759 |
|
---|
| 760 | /* signal to calling thread we're setup */
|
---|
| 761 | if (wc_LockMutex(&crl->crlLock) != 0) {
|
---|
| 762 | WOLFSSL_MSG("wc_LockMutex crlLock failed");
|
---|
| 763 | return BAD_MUTEX_E;
|
---|
| 764 | }
|
---|
| 765 |
|
---|
| 766 | crl->setup = status;
|
---|
| 767 | ret = pthread_cond_signal(&crl->cond);
|
---|
| 768 |
|
---|
| 769 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 770 |
|
---|
| 771 | if (ret != 0)
|
---|
| 772 | return BAD_COND_E;
|
---|
| 773 |
|
---|
| 774 | return 0;
|
---|
| 775 | }
|
---|
| 776 |
|
---|
| 777 |
|
---|
| 778 | /* read in new CRL entries and save new list */
|
---|
| 779 | static int SwapLists(WOLFSSL_CRL* crl)
|
---|
| 780 | {
|
---|
| 781 | int ret;
|
---|
| 782 | CRL_Entry* newList;
|
---|
| 783 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 784 | WOLFSSL_CRL* tmp;
|
---|
| 785 | #else
|
---|
| 786 | WOLFSSL_CRL tmp[1];
|
---|
| 787 | #endif
|
---|
| 788 |
|
---|
| 789 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 790 | tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 791 | if (tmp == NULL)
|
---|
| 792 | return MEMORY_E;
|
---|
| 793 | #endif
|
---|
| 794 |
|
---|
| 795 | if (InitCRL(tmp, crl->cm) < 0) {
|
---|
| 796 | WOLFSSL_MSG("Init tmp CRL failed");
|
---|
| 797 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 798 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 799 | #endif
|
---|
| 800 | return -1;
|
---|
| 801 | }
|
---|
| 802 |
|
---|
| 803 | if (crl->monitors[0].path) {
|
---|
| 804 | ret = LoadCRL(tmp, crl->monitors[0].path, WOLFSSL_FILETYPE_PEM, 0);
|
---|
| 805 | if (ret != WOLFSSL_SUCCESS) {
|
---|
| 806 | WOLFSSL_MSG("PEM LoadCRL on dir change failed");
|
---|
| 807 | FreeCRL(tmp, 0);
|
---|
| 808 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 809 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 810 | #endif
|
---|
| 811 | return -1;
|
---|
| 812 | }
|
---|
| 813 | }
|
---|
| 814 |
|
---|
| 815 | if (crl->monitors[1].path) {
|
---|
| 816 | ret = LoadCRL(tmp, crl->monitors[1].path, WOLFSSL_FILETYPE_ASN1, 0);
|
---|
| 817 | if (ret != WOLFSSL_SUCCESS) {
|
---|
| 818 | WOLFSSL_MSG("DER LoadCRL on dir change failed");
|
---|
| 819 | FreeCRL(tmp, 0);
|
---|
| 820 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 821 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 822 | #endif
|
---|
| 823 | return -1;
|
---|
| 824 | }
|
---|
| 825 | }
|
---|
| 826 |
|
---|
| 827 | if (wc_LockMutex(&crl->crlLock) != 0) {
|
---|
| 828 | WOLFSSL_MSG("wc_LockMutex failed");
|
---|
| 829 | FreeCRL(tmp, 0);
|
---|
| 830 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 831 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 832 | #endif
|
---|
| 833 | return -1;
|
---|
| 834 | }
|
---|
| 835 |
|
---|
| 836 | newList = tmp->crlList;
|
---|
| 837 |
|
---|
| 838 | /* swap lists */
|
---|
| 839 | tmp->crlList = crl->crlList;
|
---|
| 840 | crl->crlList = newList;
|
---|
| 841 |
|
---|
| 842 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 843 |
|
---|
| 844 | FreeCRL(tmp, 0);
|
---|
| 845 |
|
---|
| 846 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 847 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 848 | #endif
|
---|
| 849 |
|
---|
| 850 | return 0;
|
---|
| 851 | }
|
---|
| 852 |
|
---|
| 853 |
|
---|
| 854 | #if (defined(__MACH__) || defined(__FreeBSD__))
|
---|
| 855 |
|
---|
| 856 | #include <sys/types.h>
|
---|
| 857 | #include <sys/event.h>
|
---|
| 858 | #include <sys/time.h>
|
---|
| 859 | #include <fcntl.h>
|
---|
| 860 | #include <unistd.h>
|
---|
| 861 |
|
---|
| 862 | #ifdef __MACH__
|
---|
| 863 | #define XEVENT_MODE O_EVTONLY
|
---|
| 864 | #elif defined(__FreeBSD__)
|
---|
| 865 | #define XEVENT_MODE EVFILT_VNODE
|
---|
| 866 | #endif
|
---|
| 867 |
|
---|
| 868 |
|
---|
| 869 | /* we need a unique kqueue user filter fd for crl in case user is doing custom
|
---|
| 870 | * events too */
|
---|
| 871 | #ifndef CRL_CUSTOM_FD
|
---|
| 872 | #define CRL_CUSTOM_FD 123456
|
---|
| 873 | #endif
|
---|
| 874 |
|
---|
| 875 |
|
---|
| 876 | /* shutdown monitor thread, 0 on success */
|
---|
| 877 | static int StopMonitor(int mfd)
|
---|
| 878 | {
|
---|
| 879 | struct kevent change;
|
---|
| 880 |
|
---|
| 881 | /* trigger custom shutdown */
|
---|
| 882 | EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL);
|
---|
| 883 | if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) {
|
---|
| 884 | WOLFSSL_MSG("kevent trigger customer event failed");
|
---|
| 885 | return -1;
|
---|
| 886 | }
|
---|
| 887 |
|
---|
| 888 | return 0;
|
---|
| 889 | }
|
---|
| 890 |
|
---|
| 891 |
|
---|
| 892 | /* OS X monitoring */
|
---|
| 893 | static void* DoMonitor(void* arg)
|
---|
| 894 | {
|
---|
| 895 | int fPEM, fDER;
|
---|
| 896 | struct kevent change;
|
---|
| 897 |
|
---|
| 898 | WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
|
---|
| 899 |
|
---|
| 900 | WOLFSSL_ENTER("DoMonitor");
|
---|
| 901 |
|
---|
| 902 | crl->mfd = kqueue();
|
---|
| 903 | if (crl->mfd == -1) {
|
---|
| 904 | WOLFSSL_MSG("kqueue failed");
|
---|
| 905 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 906 | return NULL;
|
---|
| 907 | }
|
---|
| 908 |
|
---|
| 909 | /* listen for custom shutdown event */
|
---|
| 910 | EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
|
---|
| 911 | if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
|
---|
| 912 | WOLFSSL_MSG("kevent monitor customer event failed");
|
---|
| 913 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 914 | close(crl->mfd);
|
---|
| 915 | return NULL;
|
---|
| 916 | }
|
---|
| 917 |
|
---|
| 918 | fPEM = -1;
|
---|
| 919 | fDER = -1;
|
---|
| 920 |
|
---|
| 921 | if (crl->monitors[0].path) {
|
---|
| 922 | fPEM = open(crl->monitors[0].path, XEVENT_MODE);
|
---|
| 923 | if (fPEM == -1) {
|
---|
| 924 | WOLFSSL_MSG("PEM event dir open failed");
|
---|
| 925 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 926 | close(crl->mfd);
|
---|
| 927 | return NULL;
|
---|
| 928 | }
|
---|
| 929 | }
|
---|
| 930 |
|
---|
| 931 | if (crl->monitors[1].path) {
|
---|
| 932 | fDER = open(crl->monitors[1].path, XEVENT_MODE);
|
---|
| 933 | if (fDER == -1) {
|
---|
| 934 | WOLFSSL_MSG("DER event dir open failed");
|
---|
| 935 | if (fPEM != -1)
|
---|
| 936 | close(fPEM);
|
---|
| 937 | close(crl->mfd);
|
---|
| 938 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 939 | return NULL;
|
---|
| 940 | }
|
---|
| 941 | }
|
---|
| 942 |
|
---|
| 943 | if (fPEM != -1)
|
---|
| 944 | EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
|
---|
| 945 | NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
|
---|
| 946 |
|
---|
| 947 | if (fDER != -1)
|
---|
| 948 | EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
|
---|
| 949 | NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
|
---|
| 950 |
|
---|
| 951 | /* signal to calling thread we're setup */
|
---|
| 952 | if (SignalSetup(crl, 1) != 0) {
|
---|
| 953 | if (fPEM != -1)
|
---|
| 954 | close(fPEM);
|
---|
| 955 | if (fDER != -1)
|
---|
| 956 | close(fDER);
|
---|
| 957 | close(crl->mfd);
|
---|
| 958 | return NULL;
|
---|
| 959 | }
|
---|
| 960 |
|
---|
| 961 | for (;;) {
|
---|
| 962 | struct kevent event;
|
---|
| 963 | int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
|
---|
| 964 |
|
---|
| 965 | WOLFSSL_MSG("Got kevent");
|
---|
| 966 |
|
---|
| 967 | if (numEvents == -1) {
|
---|
| 968 | WOLFSSL_MSG("kevent problem, continue");
|
---|
| 969 | continue;
|
---|
| 970 | }
|
---|
| 971 |
|
---|
| 972 | if (event.filter == EVFILT_USER) {
|
---|
| 973 | WOLFSSL_MSG("Got user shutdown event, breaking out");
|
---|
| 974 | break;
|
---|
| 975 | }
|
---|
| 976 |
|
---|
| 977 | if (SwapLists(crl) < 0) {
|
---|
| 978 | WOLFSSL_MSG("SwapLists problem, continue");
|
---|
| 979 | }
|
---|
| 980 | }
|
---|
| 981 |
|
---|
| 982 | if (fPEM != -1)
|
---|
| 983 | close(fPEM);
|
---|
| 984 | if (fDER != -1)
|
---|
| 985 | close(fDER);
|
---|
| 986 |
|
---|
| 987 | close(crl->mfd);
|
---|
| 988 |
|
---|
| 989 | return NULL;
|
---|
| 990 | }
|
---|
| 991 |
|
---|
| 992 |
|
---|
| 993 | #elif defined(__linux__)
|
---|
| 994 |
|
---|
| 995 | #include <sys/types.h>
|
---|
| 996 | #include <sys/inotify.h>
|
---|
| 997 | #include <sys/eventfd.h>
|
---|
| 998 | #include <unistd.h>
|
---|
| 999 |
|
---|
| 1000 |
|
---|
| 1001 | #ifndef max
|
---|
| 1002 | static WC_INLINE int max(int a, int b)
|
---|
| 1003 | {
|
---|
| 1004 | return a > b ? a : b;
|
---|
| 1005 | }
|
---|
| 1006 | #endif /* max */
|
---|
| 1007 |
|
---|
| 1008 |
|
---|
| 1009 | /* shutdown monitor thread, 0 on success */
|
---|
| 1010 | static int StopMonitor(int mfd)
|
---|
| 1011 | {
|
---|
| 1012 | word64 w64 = 1;
|
---|
| 1013 |
|
---|
| 1014 | /* write to our custom event */
|
---|
| 1015 | if (write(mfd, &w64, sizeof(w64)) < 0) {
|
---|
| 1016 | WOLFSSL_MSG("StopMonitor write failed");
|
---|
| 1017 | return -1;
|
---|
| 1018 | }
|
---|
| 1019 |
|
---|
| 1020 | return 0;
|
---|
| 1021 | }
|
---|
| 1022 |
|
---|
| 1023 |
|
---|
| 1024 | /* linux monitoring */
|
---|
| 1025 | static void* DoMonitor(void* arg)
|
---|
| 1026 | {
|
---|
| 1027 | int notifyFd;
|
---|
| 1028 | int wd = -1;
|
---|
| 1029 | WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
|
---|
| 1030 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 1031 | char* buff;
|
---|
| 1032 | #else
|
---|
| 1033 | char buff[8192];
|
---|
| 1034 | #endif
|
---|
| 1035 |
|
---|
| 1036 | WOLFSSL_ENTER("DoMonitor");
|
---|
| 1037 |
|
---|
| 1038 | crl->mfd = eventfd(0, 0); /* our custom shutdown event */
|
---|
| 1039 | if (crl->mfd < 0) {
|
---|
| 1040 | WOLFSSL_MSG("eventfd failed");
|
---|
| 1041 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 1042 | return NULL;
|
---|
| 1043 | }
|
---|
| 1044 |
|
---|
| 1045 | notifyFd = inotify_init();
|
---|
| 1046 | if (notifyFd < 0) {
|
---|
| 1047 | WOLFSSL_MSG("inotify failed");
|
---|
| 1048 | close(crl->mfd);
|
---|
| 1049 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 1050 | return NULL;
|
---|
| 1051 | }
|
---|
| 1052 |
|
---|
| 1053 | if (crl->monitors[0].path) {
|
---|
| 1054 | wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE |
|
---|
| 1055 | IN_DELETE);
|
---|
| 1056 | if (wd < 0) {
|
---|
| 1057 | WOLFSSL_MSG("PEM notify add watch failed");
|
---|
| 1058 | close(crl->mfd);
|
---|
| 1059 | close(notifyFd);
|
---|
| 1060 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 1061 | return NULL;
|
---|
| 1062 | }
|
---|
| 1063 | }
|
---|
| 1064 |
|
---|
| 1065 | if (crl->monitors[1].path) {
|
---|
| 1066 | wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE |
|
---|
| 1067 | IN_DELETE);
|
---|
| 1068 | if (wd < 0) {
|
---|
| 1069 | WOLFSSL_MSG("DER notify add watch failed");
|
---|
| 1070 | close(crl->mfd);
|
---|
| 1071 | close(notifyFd);
|
---|
| 1072 | SignalSetup(crl, MONITOR_SETUP_E);
|
---|
| 1073 | return NULL;
|
---|
| 1074 | }
|
---|
| 1075 | }
|
---|
| 1076 |
|
---|
| 1077 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 1078 | buff = (char*)XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 1079 | if (buff == NULL)
|
---|
| 1080 | return NULL;
|
---|
| 1081 | #endif
|
---|
| 1082 |
|
---|
| 1083 | /* signal to calling thread we're setup */
|
---|
| 1084 | if (SignalSetup(crl, 1) != 0) {
|
---|
| 1085 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 1086 | XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 1087 | #endif
|
---|
| 1088 |
|
---|
| 1089 | if (wd > 0)
|
---|
| 1090 | inotify_rm_watch(notifyFd, wd);
|
---|
| 1091 | close(crl->mfd);
|
---|
| 1092 | close(notifyFd);
|
---|
| 1093 | return NULL;
|
---|
| 1094 | }
|
---|
| 1095 |
|
---|
| 1096 | for (;;) {
|
---|
| 1097 | fd_set readfds;
|
---|
| 1098 | int result;
|
---|
| 1099 | int length;
|
---|
| 1100 |
|
---|
| 1101 | FD_ZERO(&readfds);
|
---|
| 1102 | FD_SET(notifyFd, &readfds);
|
---|
| 1103 | FD_SET(crl->mfd, &readfds);
|
---|
| 1104 |
|
---|
| 1105 | result = select(max(notifyFd, crl->mfd) + 1, &readfds, NULL, NULL,NULL);
|
---|
| 1106 |
|
---|
| 1107 | WOLFSSL_MSG("Got notify event");
|
---|
| 1108 |
|
---|
| 1109 | if (result < 0) {
|
---|
| 1110 | WOLFSSL_MSG("select problem, continue");
|
---|
| 1111 | continue;
|
---|
| 1112 | }
|
---|
| 1113 |
|
---|
| 1114 | if (FD_ISSET(crl->mfd, &readfds)) {
|
---|
[464] | 1115 | word64 r64;
|
---|
| 1116 | int rlen;
|
---|
| 1117 |
|
---|
[457] | 1118 | WOLFSSL_MSG("got custom shutdown event, breaking out");
|
---|
[464] | 1119 |
|
---|
| 1120 | /* read out the bytes written to the event to clean up */
|
---|
| 1121 | rlen = (int) read(crl->mfd, &r64, sizeof(r64));
|
---|
| 1122 | if (rlen < 0) {
|
---|
| 1123 | WOLFSSL_MSG("read custom event failure");
|
---|
| 1124 | }
|
---|
| 1125 |
|
---|
[457] | 1126 | break;
|
---|
| 1127 | }
|
---|
| 1128 |
|
---|
| 1129 | length = (int) read(notifyFd, buff, 8192);
|
---|
| 1130 | if (length < 0) {
|
---|
| 1131 | WOLFSSL_MSG("notify read problem, continue");
|
---|
| 1132 | continue;
|
---|
| 1133 | }
|
---|
| 1134 |
|
---|
| 1135 | if (SwapLists(crl) < 0) {
|
---|
| 1136 | WOLFSSL_MSG("SwapLists problem, continue");
|
---|
| 1137 | }
|
---|
| 1138 | }
|
---|
| 1139 |
|
---|
| 1140 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 1141 | XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 1142 | #endif
|
---|
| 1143 |
|
---|
| 1144 | if (wd > 0)
|
---|
| 1145 | inotify_rm_watch(notifyFd, wd);
|
---|
| 1146 | close(crl->mfd);
|
---|
| 1147 | close(notifyFd);
|
---|
| 1148 |
|
---|
| 1149 | return NULL;
|
---|
| 1150 | }
|
---|
| 1151 |
|
---|
| 1152 | #endif /* MACH or linux */
|
---|
| 1153 |
|
---|
| 1154 |
|
---|
| 1155 | /* Start Monitoring the CRL path(s) in a thread */
|
---|
| 1156 | static int StartMonitorCRL(WOLFSSL_CRL* crl)
|
---|
| 1157 | {
|
---|
| 1158 | int ret = WOLFSSL_SUCCESS;
|
---|
| 1159 |
|
---|
| 1160 | WOLFSSL_ENTER("StartMonitorCRL");
|
---|
| 1161 |
|
---|
| 1162 | if (crl == NULL)
|
---|
| 1163 | return BAD_FUNC_ARG;
|
---|
| 1164 |
|
---|
| 1165 | if (crl->tid != 0) {
|
---|
| 1166 | WOLFSSL_MSG("Monitor thread already running");
|
---|
| 1167 | return ret; /* that's ok, someone already started */
|
---|
| 1168 | }
|
---|
| 1169 |
|
---|
| 1170 | if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) {
|
---|
| 1171 | WOLFSSL_MSG("Thread creation error");
|
---|
| 1172 | return THREAD_CREATE_E;
|
---|
| 1173 | }
|
---|
| 1174 |
|
---|
| 1175 | /* wait for setup to complete */
|
---|
| 1176 | if (wc_LockMutex(&crl->crlLock) != 0) {
|
---|
| 1177 | WOLFSSL_MSG("wc_LockMutex crlLock error");
|
---|
| 1178 | return BAD_MUTEX_E;
|
---|
| 1179 | }
|
---|
| 1180 |
|
---|
| 1181 | while (crl->setup == 0) {
|
---|
| 1182 | if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) {
|
---|
| 1183 | ret = BAD_COND_E;
|
---|
| 1184 | break;
|
---|
| 1185 | }
|
---|
| 1186 | }
|
---|
| 1187 |
|
---|
| 1188 | if (crl->setup < 0)
|
---|
| 1189 | ret = crl->setup; /* store setup error */
|
---|
| 1190 |
|
---|
| 1191 | wc_UnLockMutex(&crl->crlLock);
|
---|
| 1192 |
|
---|
| 1193 | if (ret < 0) {
|
---|
| 1194 | WOLFSSL_MSG("DoMonitor setup failure");
|
---|
| 1195 | crl->tid = 0; /* thread already done */
|
---|
| 1196 | }
|
---|
| 1197 |
|
---|
| 1198 | return ret;
|
---|
| 1199 | }
|
---|
| 1200 |
|
---|
| 1201 |
|
---|
| 1202 | #else /* HAVE_CRL_MONITOR */
|
---|
| 1203 |
|
---|
[464] | 1204 | #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
---|
[457] | 1205 |
|
---|
| 1206 | static int StartMonitorCRL(WOLFSSL_CRL* crl)
|
---|
| 1207 | {
|
---|
| 1208 | (void)crl;
|
---|
| 1209 |
|
---|
| 1210 | WOLFSSL_ENTER("StartMonitorCRL");
|
---|
| 1211 | WOLFSSL_MSG("Not compiled in");
|
---|
| 1212 |
|
---|
| 1213 | return NOT_COMPILED_IN;
|
---|
| 1214 | }
|
---|
| 1215 |
|
---|
[464] | 1216 | #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
|
---|
[457] | 1217 |
|
---|
| 1218 | #endif /* HAVE_CRL_MONITOR */
|
---|
| 1219 |
|
---|
| 1220 | #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
|
---|
| 1221 |
|
---|
| 1222 | /* Load CRL path files of type, WOLFSSL_SUCCESS on ok */
|
---|
| 1223 | int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
|
---|
| 1224 | {
|
---|
| 1225 | int ret = WOLFSSL_SUCCESS;
|
---|
| 1226 | char* name = NULL;
|
---|
| 1227 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 1228 | ReadDirCtx* readCtx = NULL;
|
---|
| 1229 | #else
|
---|
| 1230 | ReadDirCtx readCtx[1];
|
---|
| 1231 | #endif
|
---|
| 1232 |
|
---|
| 1233 | WOLFSSL_ENTER("LoadCRL");
|
---|
| 1234 | if (crl == NULL)
|
---|
| 1235 | return BAD_FUNC_ARG;
|
---|
| 1236 |
|
---|
| 1237 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 1238 | readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), crl->heap,
|
---|
| 1239 | DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 1240 | if (readCtx == NULL)
|
---|
| 1241 | return MEMORY_E;
|
---|
| 1242 | #endif
|
---|
| 1243 |
|
---|
| 1244 | /* try to load each regular file in path */
|
---|
| 1245 | ret = wc_ReadDirFirst(readCtx, path, &name);
|
---|
| 1246 | while (ret == 0 && name) {
|
---|
| 1247 | int skip = 0;
|
---|
| 1248 | if (type == WOLFSSL_FILETYPE_PEM) {
|
---|
| 1249 | if (XSTRSTR(name, ".pem") == NULL) {
|
---|
| 1250 | WOLFSSL_MSG("not .pem file, skipping");
|
---|
| 1251 | skip = 1;
|
---|
| 1252 | }
|
---|
| 1253 | }
|
---|
| 1254 | else {
|
---|
| 1255 | if (XSTRSTR(name, ".der") == NULL &&
|
---|
| 1256 | XSTRSTR(name, ".crl") == NULL)
|
---|
| 1257 | {
|
---|
| 1258 | WOLFSSL_MSG("not .der or .crl file, skipping");
|
---|
| 1259 | skip = 1;
|
---|
| 1260 | }
|
---|
| 1261 | }
|
---|
| 1262 |
|
---|
| 1263 | if (!skip && ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl,
|
---|
| 1264 | VERIFY) != WOLFSSL_SUCCESS) {
|
---|
| 1265 | WOLFSSL_MSG("CRL file load failed, continuing");
|
---|
| 1266 | }
|
---|
| 1267 |
|
---|
| 1268 | ret = wc_ReadDirNext(readCtx, path, &name);
|
---|
| 1269 | }
|
---|
| 1270 | wc_ReadDirClose(readCtx);
|
---|
| 1271 | ret = WOLFSSL_SUCCESS; /* load failures not reported, for backwards compat */
|
---|
| 1272 |
|
---|
| 1273 | #ifdef WOLFSSL_SMALL_STACK
|
---|
| 1274 | XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
---|
| 1275 | #endif
|
---|
| 1276 |
|
---|
| 1277 | if (monitor & WOLFSSL_CRL_MONITOR) {
|
---|
| 1278 | word32 pathLen;
|
---|
| 1279 | char* pathBuf;
|
---|
| 1280 |
|
---|
| 1281 | WOLFSSL_MSG("monitor path requested");
|
---|
| 1282 |
|
---|
| 1283 | pathLen = (word32)XSTRLEN(path);
|
---|
| 1284 | pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 1285 | if (pathBuf) {
|
---|
| 1286 | XSTRNCPY(pathBuf, path, pathLen+1);
|
---|
| 1287 |
|
---|
| 1288 | if (type == WOLFSSL_FILETYPE_PEM) {
|
---|
| 1289 | /* free old path before setting a new one */
|
---|
| 1290 | if (crl->monitors[0].path) {
|
---|
| 1291 | XFREE(crl->monitors[0].path, crl->heap,
|
---|
| 1292 | DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 1293 | }
|
---|
| 1294 | crl->monitors[0].path = pathBuf;
|
---|
| 1295 | crl->monitors[0].type = WOLFSSL_FILETYPE_PEM;
|
---|
| 1296 | } else {
|
---|
| 1297 | /* free old path before setting a new one */
|
---|
| 1298 | if (crl->monitors[1].path) {
|
---|
| 1299 | XFREE(crl->monitors[1].path, crl->heap,
|
---|
| 1300 | DYNAMIC_TYPE_CRL_MONITOR);
|
---|
| 1301 | }
|
---|
| 1302 | crl->monitors[1].path = pathBuf;
|
---|
| 1303 | crl->monitors[1].type = WOLFSSL_FILETYPE_ASN1;
|
---|
| 1304 | }
|
---|
| 1305 |
|
---|
| 1306 | if (monitor & WOLFSSL_CRL_START_MON) {
|
---|
| 1307 | WOLFSSL_MSG("start monitoring requested");
|
---|
| 1308 |
|
---|
| 1309 | ret = StartMonitorCRL(crl);
|
---|
| 1310 | }
|
---|
| 1311 | }
|
---|
| 1312 | else {
|
---|
| 1313 | ret = MEMORY_E;
|
---|
| 1314 | }
|
---|
| 1315 | }
|
---|
| 1316 |
|
---|
| 1317 | return ret;
|
---|
| 1318 | }
|
---|
| 1319 |
|
---|
| 1320 | #else
|
---|
| 1321 | int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
|
---|
| 1322 | {
|
---|
| 1323 | (void)crl;
|
---|
| 1324 | (void)path;
|
---|
| 1325 | (void)type;
|
---|
| 1326 | (void)monitor;
|
---|
| 1327 |
|
---|
| 1328 | /* stub for scenario where file system is not supported */
|
---|
| 1329 | return NOT_COMPILED_IN;
|
---|
| 1330 | }
|
---|
| 1331 | #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
|
---|
| 1332 |
|
---|
| 1333 | #endif /* HAVE_CRL */
|
---|
| 1334 | #endif /* !WOLFCRYPT_ONLY */
|
---|