Changeset 464 for azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/crl.c
- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/crl.c
r457 r464 35 35 #include <wolfssl/error-ssl.h> 36 36 37 #include <string.h> 37 #ifndef WOLFSSL_LINUXKM 38 #include <string.h> 39 #endif 38 40 39 41 #ifdef HAVE_CRL_MONITOR … … 491 493 492 494 #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) 495 /* helper function to create a new dynamic WOLFSSL_X509_CRL structure */ 496 static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm) 497 { 498 WOLFSSL_X509_CRL* ret; 499 500 ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), cm->heap, 501 DYNAMIC_TYPE_CRL); 502 if (ret != NULL) { 503 if (InitCRL(ret, cm) < 0) { 504 WOLFSSL_MSG("Unable to initialize new CRL structure"); 505 XFREE(ret, cm->heap, DYNAMIC_TYPE_CRL); 506 ret = NULL; 507 } 508 } 509 return ret; 510 } 511 512 513 /* returns head of copied list that was alloc'd */ 514 static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap) 515 { 516 RevokedCert* head = NULL; 517 RevokedCert* current = in; 518 RevokedCert* prev = NULL; 519 while (current) { 520 RevokedCert* tmp = (RevokedCert*)XMALLOC(sizeof(RevokedCert), heap, 521 DYNAMIC_TYPE_REVOKED); 522 if (tmp != NULL) { 523 XMEMCPY(tmp->serialNumber, current->serialNumber, 524 EXTERNAL_SERIAL_SIZE); 525 tmp->serialSz = current->serialSz; 526 tmp->next = NULL; 527 if (prev != NULL) 528 prev->next = tmp; 529 if (head == NULL) 530 head = tmp; 531 prev = tmp; 532 } 533 else { 534 WOLFSSL_MSG("Failed to allocate new RevokedCert structure"); 535 /* free up any existing list */ 536 while (head != NULL) { 537 current = head; 538 head = head->next; 539 XFREE(current, heap, DYNAMIC_TYPE_REVOKED); 540 } 541 return NULL; 542 } 543 current = current->next; 544 } 545 546 (void)heap; 547 return head; 548 } 549 550 551 /* returns a deep copy of ent on success and null on fail */ 552 static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) 553 { 554 CRL_Entry *dupl; 555 556 dupl = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), heap, DYNAMIC_TYPE_CRL_ENTRY); 557 if (dupl == NULL) { 558 WOLFSSL_MSG("alloc CRL Entry failed"); 559 return NULL; 560 } 561 XMEMSET(dupl, 0, sizeof(CRL_Entry)); 562 563 XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE); 564 XMEMCPY(dupl->lastDate, ent->lastDate, MAX_DATE_SIZE); 565 XMEMCPY(dupl->nextDate, ent->nextDate, MAX_DATE_SIZE); 566 dupl->lastDateFormat = ent->lastDateFormat; 567 dupl->nextDateFormat = ent->nextDateFormat; 568 dupl->certs = DupRevokedCertList(ent->certs, heap); 569 570 dupl->totalCerts = ent->totalCerts; 571 dupl->verified = ent->verified; 572 573 if (!ent->verified) { 574 dupl->tbsSz = ent->tbsSz; 575 dupl->signatureSz = ent->signatureSz; 576 dupl->signatureOID = ent->signatureOID; 577 dupl->toBeSigned = (byte*)XMALLOC(dupl->tbsSz, heap, 578 DYNAMIC_TYPE_CRL_ENTRY); 579 if (dupl->toBeSigned == NULL) { 580 FreeCRL_Entry(dupl, heap); 581 XFREE(dupl, heap, DYNAMIC_TYPE_CRL_ENTRY); 582 return NULL; 583 } 584 585 dupl->signature = (byte*)XMALLOC(dupl->signatureSz, heap, 586 DYNAMIC_TYPE_CRL_ENTRY); 587 if (dupl->signature == NULL) { 588 FreeCRL_Entry(dupl, heap); 589 XFREE(dupl, heap, DYNAMIC_TYPE_CRL_ENTRY); 590 return NULL; 591 } 592 XMEMCPY(dupl->toBeSigned, ent->toBeSigned, dupl->tbsSz); 593 XMEMCPY(dupl->signature, ent->signature, dupl->signatureSz); 594 #ifndef NO_SKID 595 dupl->extAuthKeyIdSet = ent->extAuthKeyIdSet; 596 if (dupl->extAuthKeyIdSet) 597 XMEMCPY(dupl->extAuthKeyId, ent->extAuthKeyId, KEYID_SIZE); 598 #endif 599 } 600 else { 601 dupl->toBeSigned = NULL; 602 dupl->tbsSz = 0; 603 dupl->signature = NULL; 604 dupl->signatureSz = 0; 605 } 606 607 return dupl; 608 } 609 610 611 /* returns the head of a deep copy of the list on success and null on fail */ 612 static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap) 613 { 614 CRL_Entry* current; 615 CRL_Entry* head = NULL; 616 CRL_Entry* prev = NULL; 617 618 current = crl; 619 while (current != NULL) { 620 CRL_Entry* tmp = DupCRL_Entry(current, heap); 621 if (tmp != NULL) { 622 tmp->next = NULL; 623 if (head == NULL) 624 head = tmp; 625 if (prev != NULL) 626 prev->next = tmp; 627 prev = tmp; 628 } 629 else { 630 WOLFSSL_MSG("Failed to allocate new CRL_Entry structure"); 631 /* free up any existing list */ 632 while (head != NULL) { 633 current = head; 634 head = head->next; 635 FreeCRL_Entry(current, heap); 636 } 637 638 return NULL; 639 } 640 current = current->next; 641 } 642 return head; 643 } 644 645 646 /* Duplicates everything except the parent cm pointed to. 647 * Expects that Init has already been done to 'dupl' 648 * return 0 on success */ 649 static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl) 650 { 651 if (dupl == NULL || crl == NULL) { 652 return BAD_FUNC_ARG; 653 } 654 655 if (crl->monitors[0].path) { 656 int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1; 657 dupl->monitors[0].path = (char*)XMALLOC(pathSz, dupl->heap, 658 DYNAMIC_TYPE_CRL_MONITOR); 659 if (dupl->monitors[0].path != NULL) { 660 XSTRNCPY(dupl->monitors[0].path, crl->monitors[0].path, pathSz); 661 } 662 else { 663 return MEMORY_E; 664 } 665 } 666 667 if (crl->monitors[1].path) { 668 int pathSz = (int)XSTRLEN(crl->monitors[1].path) + 1; 669 dupl->monitors[1].path = (char*)XMALLOC(pathSz, dupl->heap, 670 DYNAMIC_TYPE_CRL_MONITOR); 671 if (dupl->monitors[1].path != NULL) { 672 XSTRNCPY(dupl->monitors[1].path, crl->monitors[1].path, pathSz); 673 } 674 else { 675 if (dupl->monitors[0].path != NULL) { 676 XFREE(dupl->monitors[0].path, dupl->heap, 677 DYNAMIC_TYPE_CRL_MONITOR); 678 } 679 return MEMORY_E; 680 } 681 } 682 683 dupl->crlList = DupCRL_list(crl->crlList, dupl->heap); 684 #ifdef HAVE_CRL_IO 685 dupl->crlIOCb = crl->crlIOCb; 686 #endif 687 688 return 0; 689 } 690 691 /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */ 493 692 int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) 494 693 { 495 694 CRL_Entry *crle; 496 WOLFSSL_ CRL *crl;695 WOLFSSL_X509_CRL *crl; 497 696 498 697 WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl"); 499 if (store == NULL || newcrl == NULL )698 if (store == NULL || newcrl == NULL || store->cm == NULL) 500 699 return BAD_FUNC_ARG; 501 700 502 crl = store->crl; 503 crle = newcrl->crlList; 504 505 if (wc_LockMutex(&crl->crlLock) != 0) 506 { 507 WOLFSSL_MSG("wc_LockMutex failed"); 508 return BAD_MUTEX_E; 509 } 510 crle->next = crl->crlList; 511 crl->crlList = crle; 512 newcrl->crlList = NULL; 513 wc_UnLockMutex(&crl->crlLock); 701 if (store->cm->crl == NULL) { 702 crl = wolfSSL_X509_crl_new(store->cm); 703 if (DupX509_CRL(crl, newcrl) != 0) { 704 FreeCRL(crl, 1); 705 return WOLFSSL_FAILURE; 706 } 707 store->crl = store->cm->crl = crl; 708 if (wolfSSL_CertManagerEnableCRL(store->cm, WOLFSSL_CRL_CHECKALL) 709 != WOLFSSL_SUCCESS) { 710 WOLFSSL_MSG("wolfSSL_CertManagerEnableCRL error"); 711 return WOLFSSL_FAILURE; 712 } 713 return WOLFSSL_SUCCESS; 714 } 715 716 /* find tail of current list and add new list */ 717 crl = store->cm->crl; 718 crle = crl->crlList; 719 if (newcrl->crlList != NULL) { 720 CRL_Entry *tail = crle; 721 CRL_Entry *toAdd; 722 723 if (wc_LockMutex(&crl->crlLock) != 0) 724 { 725 WOLFSSL_MSG("wc_LockMutex failed"); 726 return BAD_MUTEX_E; 727 } 728 729 toAdd = DupCRL_list(newcrl->crlList, crl->heap); 730 if (tail == NULL) { 731 crl->crlList = toAdd; 732 } 733 else { 734 while (tail->next != NULL) tail = tail->next; 735 tail->next = toAdd; 736 } 737 wc_UnLockMutex(&crl->crlLock); 738 } 739 740 if (wolfSSL_CertManagerEnableCRL(store->cm, WOLFSSL_CRL_CHECKALL) 741 != WOLFSSL_SUCCESS) { 742 WOLFSSL_MSG("wolfSSL_CertManagerEnableCRL error"); 743 return WOLFSSL_FAILURE; 744 } 514 745 515 746 WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS); … … 882 1113 883 1114 if (FD_ISSET(crl->mfd, &readfds)) { 1115 word64 r64; 1116 int rlen; 1117 884 1118 WOLFSSL_MSG("got custom shutdown event, breaking out"); 1119 1120 /* read out the bytes written to the event to clean up */ 1121 rlen = (int) read(crl->mfd, &r64, sizeof(r64)); 1122 if (rlen < 0) { 1123 WOLFSSL_MSG("read custom event failure"); 1124 } 1125 885 1126 break; 886 1127 } … … 961 1202 #else /* HAVE_CRL_MONITOR */ 962 1203 963 #if ndef NO_FILESYSTEM1204 #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) 964 1205 965 1206 static int StartMonitorCRL(WOLFSSL_CRL* crl) … … 973 1214 } 974 1215 975 #endif /* NO_FILESYSTEM*/1216 #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ 976 1217 977 1218 #endif /* HAVE_CRL_MONITOR */
Note:
See TracChangeset
for help on using the changeset viewer.