search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
text
[RRG-proxmark3.git] / common / mbedtls / x509_crl.c
blob595ba95fe6faaa6d0fc32e829795efeeba0d867d
1 /*
2 * X.509 Certidicate Revocation List (CRL) parsing
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19 /*
20 * The ITU-T X.509 standard defines a certificate format for PKI.
21 *
22 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
23 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
24 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
25 *
26 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
27 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
28 */
29
30 #include "common.h"
31
32 #if defined(MBEDTLS_X509_CRL_PARSE_C)
33
34 #include "mbedtls/x509_crl.h"
35 #include "mbedtls/error.h"
36 #include "mbedtls/oid.h"
37 #include "mbedtls/platform_util.h"
38
39 #include <string.h>
40
41 #if defined(MBEDTLS_PEM_PARSE_C)
42 #include "mbedtls/pem.h"
43 #endif
44
45 #if defined(MBEDTLS_PLATFORM_C)
46 #include "mbedtls/platform.h"
47 #else
48 #include <stdlib.h>
49 #include <stdio.h>
50 #define mbedtls_free free
51 #define mbedtls_calloc calloc
52 #define mbedtls_snprintf snprintf
53 #endif
54
55 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
56 #include <windows.h>
57 #else
58 #include <time.h>
59 #endif
60
61 #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
62 #include <stdio.h>
63 #endif
64
65 /*
66 * Version ::= INTEGER { v1(0), v2(1) }
67 */
68 static int x509_crl_get_version(unsigned char **p,
69 const unsigned char *end,
70 int *ver) {
71 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
72
73 if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) {
74 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
75 *ver = 0;
76 return (0);
77 }
78
79 return (MBEDTLS_ERR_X509_INVALID_VERSION + ret);
80 }
81
82 return (0);
83 }
84
85 /*
86 * X.509 CRL v2 extensions
87 *
88 * We currently don't parse any extension's content, but we do check that the
89 * list of extensions is well-formed and abort on critical extensions (that
90 * are unsupported as we don't support any extension so far)
91 */
92 static int x509_get_crl_ext(unsigned char **p,
93 const unsigned char *end,
94 mbedtls_x509_buf *ext) {
95 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
96
97 if (*p == end)
98 return (0);
99
100 /*
101 * crlExtensions [0] EXPLICIT Extensions OPTIONAL
102 * -- if present, version MUST be v2
103 */
104 if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0)
105 return (ret);
106
107 end = ext->p + ext->len;
108
109 while (*p < end) {
110 /*
111 * Extension ::= SEQUENCE {
112 * extnID OBJECT IDENTIFIER,
113 * critical BOOLEAN DEFAULT FALSE,
114 * extnValue OCTET STRING }
115 */
116 int is_critical = 0;
117 const unsigned char *end_ext_data;
118 size_t len;
119
120 /* Get enclosing sequence tag */
121 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
122 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0)
123 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret);
124
125 end_ext_data = *p + len;
126
127 /* Get OID (currently ignored) */
128 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
129 MBEDTLS_ASN1_OID)) != 0) {
130 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret);
131 }
132 *p += len;
133
134 /* Get optional critical */
135 if ((ret = mbedtls_asn1_get_bool(p, end_ext_data,
136 &is_critical)) != 0 &&
137 (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) {
138 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret);
139 }
140
141 /* Data should be octet string type */
142 if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
143 MBEDTLS_ASN1_OCTET_STRING)) != 0)
144 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret);
145
146 /* Ignore data so far and just check its length */
147 *p += len;
148 if (*p != end_ext_data)
149 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
150 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
151
152 /* Abort on (unsupported) critical extensions */
153 if (is_critical)
154 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
155 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
156 }
157
158 if (*p != end)
159 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
160 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
161
162 return (0);
163 }
164
165 /*
166 * X.509 CRL v2 entry extensions (no extensions parsed yet.)
167 */
168 static int x509_get_crl_entry_ext(unsigned char **p,
169 const unsigned char *end,
170 mbedtls_x509_buf *ext) {
171 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
172 size_t len = 0;
173
174 /* OPTIONAL */
175 if (end <= *p)
176 return (0);
177
178 ext->tag = **p;
179 ext->p = *p;
180
181 /*
182 * Get CRL-entry extension sequence header
183 * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2
184 */
185 if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len,
186 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
187 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
188 ext->p = NULL;
189 return (0);
190 }
191 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret);
192 }
193
194 end = *p + ext->len;
195
196 if (end != *p + ext->len)
197 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
198 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
199
200 while (*p < end) {
201 if ((ret = mbedtls_asn1_get_tag(p, end, &len,
202 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0)
203 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret);
204
205 *p += len;
206 }
207
208 if (*p != end)
209 return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
210 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
211
212 return (0);
213 }
214
215 /*
216 * X.509 CRL Entries
217 */
218 static int x509_get_entries(unsigned char **p,
219 const unsigned char *end,
220 mbedtls_x509_crl_entry *entry) {
221 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
222 size_t entry_len;
223 mbedtls_x509_crl_entry *cur_entry = entry;
224
225 if (*p == end)
226 return (0);
227
228 if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len,
229 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
230 if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
231 return (0);
232
233 return (ret);
234 }
235
236 end = *p + entry_len;
237
238 while (*p < end) {
239 size_t len2;
240 const unsigned char *end2;
241
242 cur_entry->raw.tag = **p;
243 if ((ret = mbedtls_asn1_get_tag(p, end, &len2,
244 MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) {
245 return (ret);
246 }
247
248 cur_entry->raw.p = *p;
249 cur_entry->raw.len = len2;
250 end2 = *p + len2;
251
252 if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0)
253 return (ret);
254
255 if ((ret = mbedtls_x509_get_time(p, end2,
256 &cur_entry->revocation_date)) != 0)
257 return (ret);
258
259 if ((ret = x509_get_crl_entry_ext(p, end2,
260 &cur_entry->entry_ext)) != 0)
261 return (ret);
262
263 if (*p < end) {
264 cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry));
265
266 if (cur_entry->next == NULL)
267 return (MBEDTLS_ERR_X509_ALLOC_FAILED);
268
269 cur_entry = cur_entry->next;
270 }
271 }
272
273 return (0);
274 }
275
276 /*
277 * Parse one CRLs in DER format and append it to the chained list
278 */
279 int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
280 const unsigned char *buf, size_t buflen) {
281 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
282 size_t len;
283 unsigned char *p = NULL, *end = NULL;
284 mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
285 mbedtls_x509_crl *crl = chain;
286
287 /*
288 * Check for valid input
289 */
290 if (crl == NULL || buf == NULL)
291 return (MBEDTLS_ERR_X509_BAD_INPUT_DATA);
292
293 memset(&sig_params1, 0, sizeof(mbedtls_x509_buf));
294 memset(&sig_params2, 0, sizeof(mbedtls_x509_buf));
295 memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf));
296
297 /*
298 * Add new CRL on the end of the chain if needed.
299 */
300 while (crl->version != 0 && crl->next != NULL)
301 crl = crl->next;
302
303 if (crl->version != 0 && crl->next == NULL) {
304 crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl));
305
306 if (crl->next == NULL) {
307 mbedtls_x509_crl_free(crl);
308 return (MBEDTLS_ERR_X509_ALLOC_FAILED);
309 }
310
311 mbedtls_x509_crl_init(crl->next);
312 crl = crl->next;
313 }
314
315 /*
316 * Copy raw DER-encoded CRL
317 */
318 if (buflen == 0)
319 return (MBEDTLS_ERR_X509_INVALID_FORMAT);
320
321 p = mbedtls_calloc(1, buflen);
322 if (p == NULL)
323 return (MBEDTLS_ERR_X509_ALLOC_FAILED);
324
325 memcpy(p, buf, buflen);
326
327 crl->raw.p = p;
328 crl->raw.len = buflen;
329
330 end = p + buflen;
331
332 /*
333 * CertificateList ::= SEQUENCE {
334 * tbsCertList TBSCertList,
335 * signatureAlgorithm AlgorithmIdentifier,
336 * signatureValue BIT STRING }
337 */
338 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
339 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
340 mbedtls_x509_crl_free(crl);
341 return (MBEDTLS_ERR_X509_INVALID_FORMAT);
342 }
343
344 if (len != (size_t)(end - p)) {
345 mbedtls_x509_crl_free(crl);
346 return (MBEDTLS_ERR_X509_INVALID_FORMAT +
347 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
348 }
349
350 /*
351 * TBSCertList ::= SEQUENCE {
352 */
353 crl->tbs.p = p;
354
355 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
356 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
357 mbedtls_x509_crl_free(crl);
358 return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret);
359 }
360
361 end = p + len;
362 crl->tbs.len = end - crl->tbs.p;
363
364 /*
365 * Version ::= INTEGER OPTIONAL { v1(0), v2(1) }
366 * -- if present, MUST be v2
367 *
368 * signature AlgorithmIdentifier
369 */
370 if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 ||
371 (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) {
372 mbedtls_x509_crl_free(crl);
373 return (ret);
374 }
375
376 if (crl->version < 0 || crl->version > 1) {
377 mbedtls_x509_crl_free(crl);
378 return (MBEDTLS_ERR_X509_UNKNOWN_VERSION);
379 }
380
381 crl->version++;
382
383 if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
384 &crl->sig_md, &crl->sig_pk,
385 &crl->sig_opts)) != 0) {
386 mbedtls_x509_crl_free(crl);
387 return (MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG);
388 }
389
390 /*
391 * issuer Name
392 */
393 crl->issuer_raw.p = p;
394
395 if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
396 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
397 mbedtls_x509_crl_free(crl);
398 return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret);
399 }
400
401 if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) {
402 mbedtls_x509_crl_free(crl);
403 return (ret);
404 }
405
406 crl->issuer_raw.len = p - crl->issuer_raw.p;
407
408 /*
409 * thisUpdate Time
410 * nextUpdate Time OPTIONAL
411 */
412 if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) {
413 mbedtls_x509_crl_free(crl);
414 return (ret);
415 }
416
417 if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) {
418 if (ret != (MBEDTLS_ERR_X509_INVALID_DATE +
419 MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) &&
420 ret != (MBEDTLS_ERR_X509_INVALID_DATE +
421 MBEDTLS_ERR_ASN1_OUT_OF_DATA)) {
422 mbedtls_x509_crl_free(crl);
423 return (ret);
424 }
425 }
426
427 /*
428 * revokedCertificates SEQUENCE OF SEQUENCE {
429 * userCertificate CertificateSerialNumber,
430 * revocationDate Time,
431 * crlEntryExtensions Extensions OPTIONAL
432 * -- if present, MUST be v2
433 * } OPTIONAL
434 */
435 if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) {
436 mbedtls_x509_crl_free(crl);
437 return (ret);
438 }
439
440 /*
441 * crlExtensions EXPLICIT Extensions OPTIONAL
442 * -- if present, MUST be v2
443 */
444 if (crl->version == 2) {
445 ret = x509_get_crl_ext(&p, end, &crl->crl_ext);
446
447 if (ret != 0) {
448 mbedtls_x509_crl_free(crl);
449 return (ret);
450 }
451 }
452
453 if (p != end) {
454 mbedtls_x509_crl_free(crl);
455 return (MBEDTLS_ERR_X509_INVALID_FORMAT +
456 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
457 }
458
459 end = crl->raw.p + crl->raw.len;
460
461 /*
462 * signatureAlgorithm AlgorithmIdentifier,
463 * signatureValue BIT STRING
464 */
465 if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) {
466 mbedtls_x509_crl_free(crl);
467 return (ret);
468 }
469
470 if (crl->sig_oid.len != sig_oid2.len ||
471 memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 ||
472 sig_params1.len != sig_params2.len ||
473 (sig_params1.len != 0 &&
474 memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) {
475 mbedtls_x509_crl_free(crl);
476 return (MBEDTLS_ERR_X509_SIG_MISMATCH);
477 }
478
479 if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) {
480 mbedtls_x509_crl_free(crl);
481 return (ret);
482 }
483
484 if (p != end) {
485 mbedtls_x509_crl_free(crl);
486 return (MBEDTLS_ERR_X509_INVALID_FORMAT +
487 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
488 }
489
490 return (0);
491 }
492
493 /*
494 * Parse one or more CRLs and add them to the chained list
495 */
496 int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) {
497 #if defined(MBEDTLS_PEM_PARSE_C)
498 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
499 size_t use_len = 0;
500 mbedtls_pem_context pem;
501 int is_pem = 0;
502
503 if (chain == NULL || buf == NULL)
504 return (MBEDTLS_ERR_X509_BAD_INPUT_DATA);
505
506 do {
507 mbedtls_pem_init(&pem);
508
509 // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
510 // string
511 if (buflen == 0 || buf[buflen - 1] != '\0')
512 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
513 else
514 ret = mbedtls_pem_read_buffer(&pem,
515 "-----BEGIN X509 CRL-----",
516 "-----END X509 CRL-----",
517 buf, NULL, 0, &use_len);
518
519 if (ret == 0) {
520 /*
521 * Was PEM encoded
522 */
523 is_pem = 1;
524
525 buflen -= use_len;
526 buf += use_len;
527
528 if ((ret = mbedtls_x509_crl_parse_der(chain,
529 pem.buf, pem.buflen)) != 0) {
530 mbedtls_pem_free(&pem);
531 return (ret);
532 }
533 } else if (is_pem) {
534 mbedtls_pem_free(&pem);
535 return (ret);
536 }
537
538 mbedtls_pem_free(&pem);
539 }
540 /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
541 * And a valid CRL cannot be less than 1 byte anyway. */
542 while (is_pem && buflen > 1);
543
544 if (is_pem)
545 return (0);
546 else
547 #endif /* MBEDTLS_PEM_PARSE_C */
548 return (mbedtls_x509_crl_parse_der(chain, buf, buflen));
549 }
550
551 #if defined(MBEDTLS_FS_IO)
552 /*
553 * Load one or more CRLs and add them to the chained list
554 */
555 int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) {
556 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
557 size_t n;
558 unsigned char *buf;
559
560 if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0)
561 return (ret);
562
563 ret = mbedtls_x509_crl_parse(chain, buf, n);
564
565 mbedtls_platform_zeroize(buf, n);
566 mbedtls_free(buf);
567
568 return (ret);
569 }
570 #endif /* MBEDTLS_FS_IO */
571
572 /*
573 * Return an informational string about the certificate.
574 */
575 #define BEFORE_COLON 14
576 #define BC "14"
577 /*
578 * Return an informational string about the CRL.
579 */
580 int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix,
581 const mbedtls_x509_crl *crl) {
582 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
583 size_t n;
584 char *p;
585 const mbedtls_x509_crl_entry *entry;
586
587 p = buf;
588 n = size;
589
590 ret = mbedtls_snprintf(p, n, "%sCRL version : %d",
591 prefix, crl->version);
592 MBEDTLS_X509_SAFE_SNPRINTF;
593
594 ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix);
595 MBEDTLS_X509_SAFE_SNPRINTF;
596 ret = mbedtls_x509_dn_gets(p, n, &crl->issuer);
597 MBEDTLS_X509_SAFE_SNPRINTF;
598
599 ret = mbedtls_snprintf(p, n, "\n%sthis update : " \
600 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
601 crl->this_update.year, crl->this_update.mon,
602 crl->this_update.day, crl->this_update.hour,
603 crl->this_update.min, crl->this_update.sec);
604 MBEDTLS_X509_SAFE_SNPRINTF;
605
606 ret = mbedtls_snprintf(p, n, "\n%snext update : " \
607 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
608 crl->next_update.year, crl->next_update.mon,
609 crl->next_update.day, crl->next_update.hour,
610 crl->next_update.min, crl->next_update.sec);
611 MBEDTLS_X509_SAFE_SNPRINTF;
612
613 entry = &crl->entry;
614
615 ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:",
616 prefix);
617 MBEDTLS_X509_SAFE_SNPRINTF;
618
619 while (entry != NULL && entry->raw.len != 0) {
620 ret = mbedtls_snprintf(p, n, "\n%sserial number: ",
621 prefix);
622 MBEDTLS_X509_SAFE_SNPRINTF;
623
624 ret = mbedtls_x509_serial_gets(p, n, &entry->serial);
625 MBEDTLS_X509_SAFE_SNPRINTF;
626
627 ret = mbedtls_snprintf(p, n, " revocation date: " \
628 "%04d-%02d-%02d %02d:%02d:%02d",
629 entry->revocation_date.year, entry->revocation_date.mon,
630 entry->revocation_date.day, entry->revocation_date.hour,
631 entry->revocation_date.min, entry->revocation_date.sec);
632 MBEDTLS_X509_SAFE_SNPRINTF;
633
634 entry = entry->next;
635 }
636
637 ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix);
638 MBEDTLS_X509_SAFE_SNPRINTF;
639
640 ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
641 crl->sig_opts);
642 MBEDTLS_X509_SAFE_SNPRINTF;
643
644 ret = mbedtls_snprintf(p, n, "\n");
645 MBEDTLS_X509_SAFE_SNPRINTF;
646
647 return ((int)(size - n));
648 }
649
650 /*
651 * Initialize a CRL chain
652 */
653 void mbedtls_x509_crl_init(mbedtls_x509_crl *crl) {
654 memset(crl, 0, sizeof(mbedtls_x509_crl));
655 }
656
657 /*
658 * Unallocate all CRL data
659 */
660 void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) {
661 mbedtls_x509_crl *crl_cur = crl;
662 mbedtls_x509_crl *crl_prv;
663 mbedtls_x509_name *name_cur;
664 mbedtls_x509_name *name_prv;
665 mbedtls_x509_crl_entry *entry_cur;
666 mbedtls_x509_crl_entry *entry_prv;
667
668 if (crl == NULL)
669 return;
670
671 do {
672 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
673 mbedtls_free(crl_cur->sig_opts);
674 #endif
675
676 name_cur = crl_cur->issuer.next;
677 while (name_cur != NULL) {
678 name_prv = name_cur;
679 name_cur = name_cur->next;
680 mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name));
681 mbedtls_free(name_prv);
682 }
683
684 entry_cur = crl_cur->entry.next;
685 while (entry_cur != NULL) {
686 entry_prv = entry_cur;
687 entry_cur = entry_cur->next;
688 mbedtls_platform_zeroize(entry_prv,
689 sizeof(mbedtls_x509_crl_entry));
690 mbedtls_free(entry_prv);
691 }
692
693 if (crl_cur->raw.p != NULL) {
694 mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len);
695 mbedtls_free(crl_cur->raw.p);
696 }
697
698 crl_cur = crl_cur->next;
699 } while (crl_cur != NULL);
700
701 crl_cur = crl;
702 do {
703 crl_prv = crl_cur;
704 crl_cur = crl_cur->next;
705
706 mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl));
707 if (crl_prv != crl)
708 mbedtls_free(crl_prv);
709 } while (crl_cur != NULL);
710 }
711
712 #endif /* MBEDTLS_X509_CRL_PARSE_C */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware