mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 20:28:10 +00:00
Split x509_crl_parse_der() out of x509_crl_parse()
This commit is contained in:
parent
57a5d60abb
commit
426d4ae7ff
3 changed files with 86 additions and 76 deletions
|
@ -15,6 +15,7 @@ Security
|
||||||
|
|
||||||
Features
|
Features
|
||||||
* Add function pk_check_pair() to test if public and private keys match.
|
* Add function pk_check_pair() to test if public and private keys match.
|
||||||
|
* Add x509_crl_parse_der().
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
|
* User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
|
||||||
|
|
|
@ -100,11 +100,23 @@ typedef struct _x509_crl
|
||||||
x509_crl;
|
x509_crl;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Parse one or more CRLs and add them
|
* \brief Parse a DER-encoded CRL and append it to the chained list
|
||||||
* to the chained list
|
|
||||||
*
|
*
|
||||||
* \param chain points to the start of the chain
|
* \param chain points to the start of the chain
|
||||||
* \param buf buffer holding the CRL data
|
* \param buf buffer holding the CRL data in DER format
|
||||||
|
* \param buflen size of the buffer
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
|
*/
|
||||||
|
int x509_crl_parse_der( x509_crl *chain,
|
||||||
|
const unsigned char *buf, size_t buflen );
|
||||||
|
/**
|
||||||
|
* \brief Parse one or more CRLs and append them to the chained list
|
||||||
|
*
|
||||||
|
* \note Mutliple CRLs are accepted only if using PEM format
|
||||||
|
*
|
||||||
|
* \param chain points to the start of the chain
|
||||||
|
* \param buf buffer holding the CRL data in PEM or DER format
|
||||||
* \param buflen size of the buffer
|
* \param buflen size of the buffer
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 or PEM error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
|
@ -113,11 +125,12 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen );
|
||||||
|
|
||||||
#if defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_FS_IO)
|
||||||
/**
|
/**
|
||||||
* \brief Load one or more CRLs and add them
|
* \brief Load one or more CRLs and append them to the chained list
|
||||||
* to the chained list
|
*
|
||||||
|
* \note Mutliple CRLs are accepted only if using PEM format
|
||||||
*
|
*
|
||||||
* \param chain points to the start of the chain
|
* \param chain points to the start of the chain
|
||||||
* \param path filename to read the CRLs from
|
* \param path filename to read the CRLs from (in PEM or DER encoding)
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 or PEM error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -252,25 +252,16 @@ static int x509_get_entries( unsigned char **p,
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse one or more CRLs and add them to the chained list
|
* Parse one CRLs in DER format and append it to the chained list
|
||||||
*/
|
*/
|
||||||
int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
int x509_crl_parse_der( x509_crl *chain,
|
||||||
|
const unsigned char *buf, size_t buflen )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
x509_crl *crl;
|
|
||||||
x509_buf sig_params1, sig_params2;
|
x509_buf sig_params1, sig_params2;
|
||||||
|
x509_crl *crl = chain;
|
||||||
#if defined(POLARSSL_PEM_PARSE_C)
|
|
||||||
size_t use_len;
|
|
||||||
pem_context pem;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
|
||||||
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
|
||||||
|
|
||||||
crl = chain;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check for valid input
|
* Check for valid input
|
||||||
|
@ -278,12 +269,15 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||||
if( crl == NULL || buf == NULL )
|
if( crl == NULL || buf == NULL )
|
||||||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
while( crl->version != 0 && crl->next != NULL )
|
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
||||||
crl = crl->next;
|
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add new CRL on the end of the chain if needed.
|
* Add new CRL on the end of the chain if needed.
|
||||||
*/
|
*/
|
||||||
|
while( crl->version != 0 && crl->next != NULL )
|
||||||
|
crl = crl->next;
|
||||||
|
|
||||||
if( crl->version != 0 && crl->next == NULL )
|
if( crl->version != 0 && crl->next == NULL )
|
||||||
{
|
{
|
||||||
crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
|
crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
|
||||||
|
@ -298,53 +292,18 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||||
crl = crl->next;
|
crl = crl->next;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_PEM_PARSE_C)
|
|
||||||
pem_init( &pem );
|
|
||||||
ret = pem_read_buffer( &pem,
|
|
||||||
"-----BEGIN X509 CRL-----",
|
|
||||||
"-----END X509 CRL-----",
|
|
||||||
buf, NULL, 0, &use_len );
|
|
||||||
|
|
||||||
if( ret == 0 )
|
|
||||||
{
|
|
||||||
/*
|
/*
|
||||||
* Was PEM encoded
|
* Copy raw DER-encoded CRL
|
||||||
*/
|
*/
|
||||||
buflen -= use_len;
|
if( ( p = polarssl_malloc( buflen ) ) == NULL )
|
||||||
buf += use_len;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Steal PEM buffer
|
|
||||||
*/
|
|
||||||
p = pem.buf;
|
|
||||||
pem.buf = NULL;
|
|
||||||
len = pem.buflen;
|
|
||||||
pem_free( &pem );
|
|
||||||
}
|
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
|
||||||
{
|
|
||||||
pem_free( &pem );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* POLARSSL_PEM_PARSE_C */
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* nope, copy the raw DER data
|
|
||||||
*/
|
|
||||||
p = (unsigned char *) polarssl_malloc( len = buflen );
|
|
||||||
|
|
||||||
if( p == NULL )
|
|
||||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||||
|
|
||||||
memcpy( p, buf, buflen );
|
memcpy( p, buf, buflen );
|
||||||
|
|
||||||
buflen = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
crl->raw.p = p;
|
crl->raw.p = p;
|
||||||
crl->raw.len = len;
|
crl->raw.len = buflen;
|
||||||
end = p + len;
|
|
||||||
|
end = p + buflen;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* CertificateList ::= SEQUENCE {
|
* CertificateList ::= SEQUENCE {
|
||||||
|
@ -522,21 +481,58 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parse one or more CRLs and add them to the chained list
|
||||||
|
*/
|
||||||
|
int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if( chain == NULL || buf == NULL )
|
||||||
|
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PEM_PARSE_C)
|
||||||
|
size_t use_len;
|
||||||
|
pem_context pem;
|
||||||
|
|
||||||
|
pem_init( &pem );
|
||||||
|
ret = pem_read_buffer( &pem,
|
||||||
|
"-----BEGIN X509 CRL-----",
|
||||||
|
"-----END X509 CRL-----",
|
||||||
|
buf, NULL, 0, &use_len );
|
||||||
|
|
||||||
|
if( ret == 0 )
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Was PEM encoded
|
||||||
|
*/
|
||||||
|
buflen -= use_len;
|
||||||
|
buf += use_len;
|
||||||
|
|
||||||
|
if( ( ret = x509_crl_parse_der( chain, pem.buf, pem.buflen ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
pem_free( &pem );
|
||||||
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||||
|
{
|
||||||
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* POLARSSL_PEM_PARSE_C */
|
||||||
|
{
|
||||||
|
if( ( ret = x509_crl_parse_der( chain, buf, buflen ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
buflen = 0;
|
||||||
|
}
|
||||||
|
|
||||||
if( buflen > 0 )
|
if( buflen > 0 )
|
||||||
{
|
return( x509_crl_parse( chain, buf, buflen ) );
|
||||||
crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
|
|
||||||
|
|
||||||
if( crl->next == NULL )
|
|
||||||
{
|
|
||||||
x509_crl_free( crl );
|
|
||||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
|
||||||
}
|
|
||||||
|
|
||||||
x509_crl_init( crl->next );
|
|
||||||
crl = crl->next;
|
|
||||||
|
|
||||||
return( x509_crl_parse( crl, buf, buflen ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue