forked from wolfSSL/wolfssl
Merge pull request #5388 from lealem47/crlPrint
Adding X509_CRL_print() function
This commit is contained in:
David Garske
GitHub
21
src/crl.c
21
src/crl.c
@ -90,10 +90,19 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
|
|||||||
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
|
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
|
||||||
crle->lastDateFormat = dcrl->lastDateFormat;
|
crle->lastDateFormat = dcrl->lastDateFormat;
|
||||||
crle->nextDateFormat = dcrl->nextDateFormat;
|
crle->nextDateFormat = dcrl->nextDateFormat;
|
||||||
|
crle->version = dcrl->version;
|
||||||
|
#if defined(OPENSSL_EXTRA)
|
||||||
|
crle->issuer = NULL;
|
||||||
|
wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer,
|
||||||
|
dcrl->issuerSz);
|
||||||
|
if (crle->issuer == NULL) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
crle->certs = dcrl->certs; /* take ownsership */
|
crle->certs = dcrl->certs; /* take ownsership */
|
||||||
dcrl->certs = NULL;
|
dcrl->certs = NULL;
|
||||||
crle->totalCerts = dcrl->totalCerts;
|
crle->totalCerts = dcrl->totalCerts;
|
||||||
|
crle->crlNumber = dcrl->crlNumber;
|
||||||
crle->verified = verified;
|
crle->verified = verified;
|
||||||
if (!verified) {
|
if (!verified) {
|
||||||
crle->tbsSz = dcrl->sigIndex - dcrl->certBegin;
|
crle->tbsSz = dcrl->sigIndex - dcrl->certBegin;
|
||||||
@ -146,7 +155,12 @@ static void FreeCRL_Entry(CRL_Entry* crle, void* heap)
|
|||||||
XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
||||||
if (crle->toBeSigned != NULL)
|
if (crle->toBeSigned != NULL)
|
||||||
XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY);
|
||||||
|
#if defined(OPENSSL_EXTRA)
|
||||||
|
if (crle->issuer != NULL) {
|
||||||
|
FreeX509Name(crle->issuer);
|
||||||
|
XFREE(crle->issuer, heap, DYNAMIC_TYPE_X509);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
(void)heap;
|
(void)heap;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -558,6 +572,9 @@ static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap)
|
|||||||
XMEMCPY(tmp->serialNumber, current->serialNumber,
|
XMEMCPY(tmp->serialNumber, current->serialNumber,
|
||||||
EXTERNAL_SERIAL_SIZE);
|
EXTERNAL_SERIAL_SIZE);
|
||||||
tmp->serialSz = current->serialSz;
|
tmp->serialSz = current->serialSz;
|
||||||
|
XMEMCPY(tmp->revDate, current->revDate,
|
||||||
|
MAX_DATE_SIZE);
|
||||||
|
tmp->revDateFormat = current->revDateFormat;
|
||||||
tmp->next = NULL;
|
tmp->next = NULL;
|
||||||
if (prev != NULL)
|
if (prev != NULL)
|
||||||
prev->next = tmp;
|
prev->next = tmp;
|
||||||
|
|||||||
676
src/x509.c
676
src/x509.c
@ -5504,69 +5504,77 @@ static int X509PrintExtendedKeyUsage(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
|||||||
/* print serial number out
|
/* print serial number out
|
||||||
* return WOLFSSL_SUCCESS on success
|
* return WOLFSSL_SUCCESS on success
|
||||||
*/
|
*/
|
||||||
static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
static int X509PrintSerial_ex(WOLFSSL_BIO* bio, byte* serial, int sz,
|
||||||
|
int delimiter, int indent)
|
||||||
{
|
{
|
||||||
unsigned char serial[32];
|
|
||||||
int sz = sizeof(serial);
|
|
||||||
char scratch[MAX_WIDTH];
|
char scratch[MAX_WIDTH];
|
||||||
const int scratchSz = sizeof(scratch);
|
const int scratchSz = sizeof(scratch);
|
||||||
int scratchLen;
|
int scratchLen;
|
||||||
|
|
||||||
XMEMSET(serial, 0, sz);
|
if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*sSerial Number:",
|
||||||
if (wolfSSL_X509_get_serial_number(x509, serial, &sz) == WOLFSSL_SUCCESS) {
|
indent, "")) >= MAX_WIDTH) {
|
||||||
if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*sSerial Number:",
|
WOLFSSL_MSG("buffer overrun");
|
||||||
indent, "")) >= MAX_WIDTH) {
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sz > (int)sizeof(byte)) {
|
||||||
|
int i;
|
||||||
|
int valLen;
|
||||||
|
|
||||||
|
/* serial is larger than int size so print off hex values */
|
||||||
|
if ((scratchLen = XSNPRINTF(
|
||||||
|
scratch, MAX_WIDTH, "\n%*s", indent, ""))
|
||||||
|
>= MAX_WIDTH) {
|
||||||
|
WOLFSSL_MSG("buffer overrun");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
for (i = 0; i < sz; i++) {
|
||||||
|
if ((valLen = XSNPRINTF(
|
||||||
|
scratch + scratchLen, scratchSz - scratchLen,
|
||||||
|
"%02x%s", serial[i], (i < sz - 1) ?
|
||||||
|
(delimiter ? ":" : "") : "\n"))
|
||||||
|
>= scratchSz - scratchLen)
|
||||||
|
{
|
||||||
|
WOLFSSL_MSG("buffer overrun");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
scratchLen += valLen;
|
||||||
|
}
|
||||||
|
if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* if serial can fit into byte then print on the same line */
|
||||||
|
else {
|
||||||
|
if ((scratchLen = XSNPRINTF(
|
||||||
|
scratch, MAX_WIDTH, " %d (0x%x)\n", serial[0], serial[0]))
|
||||||
|
>= MAX_WIDTH)
|
||||||
|
{
|
||||||
WOLFSSL_MSG("buffer overrun");
|
WOLFSSL_MSG("buffer overrun");
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) {
|
if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) {
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sz > (int)sizeof(byte)) {
|
|
||||||
int i;
|
|
||||||
int valLen;
|
|
||||||
|
|
||||||
/* serial is larger than int size so print off hex values */
|
|
||||||
if ((scratchLen = XSNPRINTF(
|
|
||||||
scratch, MAX_WIDTH, "\n%*s", indent, ""))
|
|
||||||
>= MAX_WIDTH) {
|
|
||||||
WOLFSSL_MSG("buffer overrun");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
for (i = 0; i < sz; i++) {
|
|
||||||
if ((valLen = XSNPRINTF(
|
|
||||||
scratch + scratchLen, scratchSz - scratchLen,
|
|
||||||
"%02x%s", serial[i], (i < sz - 1) ? ":" : "\n"))
|
|
||||||
>= scratchSz - scratchLen)
|
|
||||||
{
|
|
||||||
WOLFSSL_MSG("buffer overrun");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
scratchLen += valLen;
|
|
||||||
}
|
|
||||||
if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) {
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* if serial can fit into byte then print on the same line */
|
|
||||||
else {
|
|
||||||
if ((scratchLen = XSNPRINTF(
|
|
||||||
scratch, MAX_WIDTH, " %d (0x%x)\n", serial[0], serial[0]))
|
|
||||||
>= MAX_WIDTH)
|
|
||||||
{
|
|
||||||
WOLFSSL_MSG("buffer overrun");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) {
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
||||||
|
{
|
||||||
|
unsigned char serial[32];
|
||||||
|
int sz = sizeof(serial);
|
||||||
|
|
||||||
|
XMEMSET(serial, 0, sz);
|
||||||
|
if (wolfSSL_X509_get_serial_number(x509, serial, &sz) == WOLFSSL_SUCCESS) {
|
||||||
|
X509PrintSerial_ex(bio, serial, sz, 1, indent);
|
||||||
|
}
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
/* iterate through certificate extensions printing them out in human readable
|
/* iterate through certificate extensions printing them out in human readable
|
||||||
* form
|
* form
|
||||||
@ -5804,26 +5812,21 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
|||||||
* wolfSSL_X509_print()
|
* wolfSSL_X509_print()
|
||||||
* return WOLFSSL_SUCCESS on success
|
* return WOLFSSL_SUCCESS on success
|
||||||
*/
|
*/
|
||||||
static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig,
|
||||||
|
int sigSz, int sigNid, int algOnly, int indent)
|
||||||
{
|
{
|
||||||
char scratch[MAX_WIDTH];
|
char scratch[MAX_WIDTH];
|
||||||
int scratchLen;
|
int scratchLen;
|
||||||
unsigned char* sig = NULL;
|
|
||||||
int sigSz = 0;
|
|
||||||
WOLFSSL_ASN1_OBJECT* obj = NULL;
|
WOLFSSL_ASN1_OBJECT* obj = NULL;
|
||||||
int ret = WOLFSSL_SUCCESS;
|
int ret = WOLFSSL_SUCCESS;
|
||||||
int i;
|
int i;
|
||||||
char tmp[100];
|
char tmp[100];
|
||||||
int tmpLen = 0;
|
int tmpLen = 0;
|
||||||
int sigNid;
|
|
||||||
|
|
||||||
wolfSSL_X509_get_signature(x509, NULL, &sigSz);
|
|
||||||
if (sigSz <= 0) {
|
if (sigSz <= 0) {
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
sigNid = wolfSSL_X509_get_signature_nid(x509);
|
|
||||||
|
|
||||||
if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "",
|
if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "",
|
||||||
"Signature Algorithm: ")) >= MAX_WIDTH) {
|
"Signature Algorithm: ")) >= MAX_WIDTH) {
|
||||||
ret = WOLFSSL_FAILURE;
|
ret = WOLFSSL_FAILURE;
|
||||||
@ -5859,19 +5862,17 @@ static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
|||||||
ret = WOLFSSL_FAILURE;
|
ret = WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == WOLFSSL_SUCCESS) {
|
/* Leave function if the desired content to print
|
||||||
sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
* is only the signature algorithm */
|
||||||
if (sig == NULL)
|
if (algOnly) {
|
||||||
ret = WOLFSSL_FAILURE;
|
if (obj != NULL)
|
||||||
|
wolfSSL_ASN1_OBJECT_free(obj);
|
||||||
|
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ret == WOLFSSL_SUCCESS) {
|
if (ret == WOLFSSL_SUCCESS) {
|
||||||
if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0)
|
if ((tmpLen = XSNPRINTF(tmp, sizeof(tmp), "%*s", indent + 5, ""))
|
||||||
ret = WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret == WOLFSSL_SUCCESS) {
|
|
||||||
if ((tmpLen = XSNPRINTF(tmp, sizeof(tmp), "%*s", indent + 4, ""))
|
|
||||||
>= (int)sizeof(tmp))
|
>= (int)sizeof(tmp))
|
||||||
{
|
{
|
||||||
ret = WOLFSSL_FAILURE;
|
ret = WOLFSSL_FAILURE;
|
||||||
@ -5898,7 +5899,7 @@ static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if ((tmpLen = XSNPRINTF(tmp, sizeof(tmp), ":\n%*s",
|
if ((tmpLen = XSNPRINTF(tmp, sizeof(tmp), ":\n%*s",
|
||||||
indent + 4, ""))
|
indent + 5, ""))
|
||||||
>= (int)sizeof(tmp))
|
>= (int)sizeof(tmp))
|
||||||
{
|
{
|
||||||
ret = WOLFSSL_FAILURE;
|
ret = WOLFSSL_FAILURE;
|
||||||
@ -5943,12 +5944,51 @@ static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent)
|
|||||||
if (obj != NULL)
|
if (obj != NULL)
|
||||||
wolfSSL_ASN1_OBJECT_free(obj);
|
wolfSSL_ASN1_OBJECT_free(obj);
|
||||||
|
|
||||||
if (sig != NULL)
|
|
||||||
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
||||||
|
int algOnly, int indent)
|
||||||
|
{
|
||||||
|
int sigSz = 0;
|
||||||
|
if (wolfSSL_X509_get_signature(x509, NULL, &sigSz) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sigSz > 0) {
|
||||||
|
unsigned char* sig;
|
||||||
|
int sigNid;
|
||||||
|
|
||||||
|
sigNid = wolfSSL_X509_get_signature_nid(x509);
|
||||||
|
if (sigNid <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (sig == NULL) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0) {
|
||||||
|
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (X509PrintSignature_ex(bio, sig, sigSz, sigNid, algOnly, indent)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sig != NULL) {
|
||||||
|
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* print out the public key in human readable format for use with
|
/* print out the public key in human readable format for use with
|
||||||
* wolfSSL_X509_print()
|
* wolfSSL_X509_print()
|
||||||
@ -6012,17 +6052,11 @@ static int X509PrintName(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
|
|||||||
/* human readable print out of x509 version
|
/* human readable print out of x509 version
|
||||||
* return WOLFSSL_SUCCESS on success
|
* return WOLFSSL_SUCCESS on success
|
||||||
*/
|
*/
|
||||||
static int _wolfSSL_X509_version_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
static int X509PrintVersion(WOLFSSL_BIO* bio, int version, int indent)
|
||||||
int indent)
|
|
||||||
{
|
{
|
||||||
int version;
|
|
||||||
char scratch[MAX_WIDTH];
|
char scratch[MAX_WIDTH];
|
||||||
int scratchLen;
|
int scratchLen;
|
||||||
|
|
||||||
if ((version = wolfSSL_X509_version(x509)) < 0) {
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH,
|
if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH,
|
||||||
"%*s%s", indent, "", "Version:"))
|
"%*s%s", indent, "", "Version:"))
|
||||||
>= MAX_WIDTH)
|
>= MAX_WIDTH)
|
||||||
@ -6045,7 +6079,6 @@ static int _wolfSSL_X509_version_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
|||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef WOLFSSL_CERT_REQ
|
#ifdef WOLFSSL_CERT_REQ
|
||||||
/* Print out of REQ attributes
|
/* Print out of REQ attributes
|
||||||
* return WOLFSSL_SUCCESS on success
|
* return WOLFSSL_SUCCESS on success
|
||||||
@ -6127,7 +6160,8 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* print version of cert */
|
/* print version of cert */
|
||||||
if (_wolfSSL_X509_version_print(bio, x509, 8) != WOLFSSL_SUCCESS) {
|
if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6157,7 +6191,7 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* print out signature */
|
/* print out signature */
|
||||||
if (X509PrintSignature(bio, x509, 4) != WOLFSSL_SUCCESS) {
|
if (X509PrintSignature(bio, x509, 0, 4) != WOLFSSL_SUCCESS) {
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6205,7 +6239,8 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* print version of cert */
|
/* print version of cert */
|
||||||
if (_wolfSSL_X509_version_print(bio, x509, 8) != WOLFSSL_SUCCESS) {
|
if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6214,26 +6249,9 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* print signature algo */
|
/* print out signature algo*/
|
||||||
{
|
if (X509PrintSignature(bio, x509, 1, 8) != WOLFSSL_SUCCESS) {
|
||||||
int oid;
|
return WOLFSSL_FAILURE;
|
||||||
const char* sig;
|
|
||||||
|
|
||||||
if ((oid = wolfSSL_X509_get_signature_type(x509)) <= 0) {
|
|
||||||
WOLFSSL_MSG("Error getting x509 signature type");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
if (wolfSSL_BIO_write(bio, " Signature Algorithm: ",
|
|
||||||
(int)XSTRLEN(" Signature Algorithm: ")) <= 0) {
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
sig = GetSigName(oid);
|
|
||||||
if (wolfSSL_BIO_write(bio, sig, (int)XSTRLEN(sig)) <= 0) {
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) {
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* print issuer */
|
/* print issuer */
|
||||||
@ -6319,7 +6337,7 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* print out signature */
|
/* print out signature */
|
||||||
if (X509PrintSignature(bio, x509, 8) != WOLFSSL_SUCCESS) {
|
if (X509PrintSignature(bio, x509, 0, 8) != WOLFSSL_SUCCESS) {
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -7457,6 +7475,462 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
|
|||||||
|
|
||||||
return newcrl;
|
return newcrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Retrieve issuer X509_NAME from CRL
|
||||||
|
* return X509_NAME* on success
|
||||||
|
* return NULL on failure
|
||||||
|
*/
|
||||||
|
WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name(WOLFSSL_X509_CRL* crl)
|
||||||
|
{
|
||||||
|
if (crl == NULL || crl->crlList == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
return crl->crlList->issuer;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Retrieve version from CRL
|
||||||
|
* return version on success
|
||||||
|
* return 0 on failure
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL* crl)
|
||||||
|
{
|
||||||
|
if (crl == NULL || crl->crlList == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return crl->crlList->version;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Retrieve sig OID from CRL
|
||||||
|
* return OID on success
|
||||||
|
* return 0 on failure
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl)
|
||||||
|
{
|
||||||
|
if (crl == NULL || crl->crlList == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return crl->crlList->signatureOID;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Retrieve sig NID from CRL
|
||||||
|
* return NID on success
|
||||||
|
* return 0 on failure
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_CRL_get_signature_nid(const WOLFSSL_X509_CRL* crl)
|
||||||
|
{
|
||||||
|
if (crl == NULL || crl->crlList == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return oid2nid(crl->crlList->signatureOID, oidSigType);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Retrieve signature from CRL
|
||||||
|
* return WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
|
||||||
|
unsigned char* buf, int* bufSz)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_CRL_get_signature");
|
||||||
|
|
||||||
|
if (crl == NULL || crl->crlList == NULL || bufSz == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (buf != NULL)
|
||||||
|
XMEMCPY(buf, crl->crlList->signature, *bufSz);
|
||||||
|
*bufSz = (int)crl->crlList->signatureSz;
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Retrieve serial number from RevokedCert
|
||||||
|
* return WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev,
|
||||||
|
byte* in, int* inOutSz)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_REVOKED_get_serial_number");
|
||||||
|
if (rev == NULL || inOutSz == NULL) {
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (in != NULL) {
|
||||||
|
if (*inOutSz < rev->serialSz) {
|
||||||
|
WOLFSSL_MSG("Serial buffer too small");
|
||||||
|
return BUFFER_E;
|
||||||
|
}
|
||||||
|
XMEMCPY(in, rev->serialNumber, rev->serialSz);
|
||||||
|
}
|
||||||
|
*inOutSz = rev->serialSz;
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* print serial number out
|
||||||
|
* return WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
static int X509RevokedPrintSerial(WOLFSSL_BIO* bio, RevokedCert* rev,
|
||||||
|
int indent)
|
||||||
|
{
|
||||||
|
unsigned char serial[32];
|
||||||
|
int sz = sizeof(serial);
|
||||||
|
|
||||||
|
XMEMSET(serial, 0, sz);
|
||||||
|
if (wolfSSL_X509_REVOKED_get_serial_number(rev, serial, &sz)
|
||||||
|
== WOLFSSL_SUCCESS) {
|
||||||
|
X509PrintSerial_ex(bio, serial, sz, 0, indent);
|
||||||
|
}
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* print out the signature in human readable format for use with
|
||||||
|
* wolfSSL_X509_CRL_print()
|
||||||
|
* return WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||||
|
int algOnly, int indent)
|
||||||
|
{
|
||||||
|
int sigSz = 0;
|
||||||
|
|
||||||
|
if (wolfSSL_X509_CRL_get_signature(crl, NULL, &sigSz) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sigSz > 0) {
|
||||||
|
unsigned char* sig;
|
||||||
|
int sigNid = wolfSSL_X509_CRL_get_signature_nid(crl);
|
||||||
|
|
||||||
|
sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
if (sig == NULL) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_X509_CRL_get_signature(crl, sig, &sigSz) <= 0) {
|
||||||
|
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (X509PrintSignature_ex(bio, sig, sigSz, sigNid, algOnly, indent)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sig != NULL) {
|
||||||
|
XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* print out the extensions in human readable format for use with
|
||||||
|
* wolfSSL_X509_CRL_print()
|
||||||
|
* return WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||||
|
int indent)
|
||||||
|
{
|
||||||
|
char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */
|
||||||
|
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent, "",
|
||||||
|
"CRL extensions:") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (crl->crlList->crlNumber) {
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent + 4, "",
|
||||||
|
"X509v3 CRL Number:") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%d\n", indent + 8, "",
|
||||||
|
crl->crlList->crlNumber) >= MAX_WIDTH)
|
||||||
|
{
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
XMEMSET(tmp, 0, sizeof(tmp));
|
||||||
|
}
|
||||||
|
|
||||||
|
#if !defined(NO_SKID)
|
||||||
|
if (crl->crlList->extAuthKeyIdSet && crl->crlList->extAuthKeyId[0] != 0) {
|
||||||
|
word32 i;
|
||||||
|
char val[5];
|
||||||
|
int valSz = 5;
|
||||||
|
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s", indent + 4, "",
|
||||||
|
"X509v3 Authority Key Identifier:") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
XSTRNCAT(tmp, "\n", MAX_WIDTH - XSTRLEN(tmp) - 1);
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
XMEMSET(tmp, 0, MAX_WIDTH);
|
||||||
|
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH - 1, "%*s%s",
|
||||||
|
indent + 8, "", "keyid") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
for (i = 0; i < XSTRLEN((char*)crl->crlList->extAuthKeyId); i++) {
|
||||||
|
/* check if buffer is almost full */
|
||||||
|
if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) {
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
tmp[0] = '\0';
|
||||||
|
}
|
||||||
|
if (XSNPRINTF(val, valSz, ":%02X", crl->crlList->extAuthKeyId[i])
|
||||||
|
>= valSz)
|
||||||
|
{
|
||||||
|
WOLFSSL_MSG("buffer overrun");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
XSTRNCAT(tmp, val, valSz);
|
||||||
|
}
|
||||||
|
XSTRNCAT(tmp, "\n", XSTRLEN("\n") + 1);
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* iterate through a CRL's Revoked Certs and print out in human
|
||||||
|
* readable format for use with wolfSSL_X509_CRL_print()
|
||||||
|
* return WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
static int X509CRLPrintRevoked(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||||
|
int indent)
|
||||||
|
{
|
||||||
|
char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if (crl->crlList->totalCerts > 0) {
|
||||||
|
RevokedCert* revoked = crl->crlList->certs;
|
||||||
|
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent, "",
|
||||||
|
"Revoked Certificates:") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
XMEMSET(tmp, 0, MAX_WIDTH);
|
||||||
|
|
||||||
|
for (i = 0; i < crl->crlList->totalCerts; i++) {
|
||||||
|
if (revoked->serialSz > 0) {
|
||||||
|
if (X509RevokedPrintSerial(bio, revoked, indent + 4)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#ifndef NO_ASN_TIME
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s", indent + 8, "",
|
||||||
|
"Revocation Date: ") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (revoked->revDate[0] != 0) {
|
||||||
|
if (GetTimeString(revoked->revDate, ASN_UTC_TIME,
|
||||||
|
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||||
|
if (GetTimeString(revoked->revDate, ASN_GENERALIZED_TIME,
|
||||||
|
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||||
|
WOLFSSL_MSG("Error getting revocation date");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XSTRNCPY(tmp, "Not Set", MAX_WIDTH-1);
|
||||||
|
}
|
||||||
|
tmp[MAX_WIDTH - 1] = '\0'; /* make sure null terminated */
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
revoked = revoked->next;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (wolfSSL_BIO_write(bio, "No Revoked Certificates.\n",
|
||||||
|
(int)XSTRLEN("No Revoked Certificates.\n")) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifndef NO_ASN_TIME
|
||||||
|
/* print out the last/next update times in human readable
|
||||||
|
* format for use with wolfSSL_X509_CRL_print()
|
||||||
|
* return WOLFSSL_SUCCESS on success
|
||||||
|
*/
|
||||||
|
static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||||
|
int indent)
|
||||||
|
{
|
||||||
|
char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */
|
||||||
|
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s", indent, "",
|
||||||
|
"Last Update: ") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (crl->crlList->lastDate[0] != 0) {
|
||||||
|
if (GetTimeString(crl->crlList->lastDate, ASN_UTC_TIME,
|
||||||
|
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||||
|
if (GetTimeString(crl->crlList->lastDate, ASN_GENERALIZED_TIME,
|
||||||
|
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||||
|
WOLFSSL_MSG("Error getting last update date");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
|
||||||
|
}
|
||||||
|
tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s", indent, "",
|
||||||
|
"Next Update: ") >= MAX_WIDTH) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (crl->crlList->nextDate[0] != 0) {
|
||||||
|
if (GetTimeString(crl->crlList->nextDate, ASN_UTC_TIME,
|
||||||
|
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||||
|
if (GetTimeString(crl->crlList->nextDate, ASN_GENERALIZED_TIME,
|
||||||
|
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||||
|
WOLFSSL_MSG("Error getting next update date");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
|
||||||
|
}
|
||||||
|
tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
|
||||||
|
if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if !defined(NO_BIO) && defined(XSNPRINTF)
|
||||||
|
/* Writes the human readable form of x509 to bio.
|
||||||
|
*
|
||||||
|
* bio WOLFSSL_BIO to write to.
|
||||||
|
* crl Certificate revocation list to write.
|
||||||
|
*
|
||||||
|
* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
|
||||||
|
*/
|
||||||
|
int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl)
|
||||||
|
{
|
||||||
|
char issuType[] = "Issuer: ";
|
||||||
|
|
||||||
|
if (bio == NULL || crl == NULL || crl->crlList == NULL) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, "Certificate Revocation List (CRL):\n",
|
||||||
|
(int)XSTRLEN("Certificate Revocation List (CRL):\n")) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* print version */
|
||||||
|
if (X509PrintVersion(bio, wolfSSL_X509_CRL_version(crl), 8)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* print signature algo */
|
||||||
|
if (X509CRLPrintSignature(bio, crl, 1, 8) != WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* print issuer name */
|
||||||
|
if (X509PrintName(bio, wolfSSL_X509_CRL_get_issuer_name(crl), issuType, 8)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifndef NO_ASN_TIME
|
||||||
|
/* print last and next update times */
|
||||||
|
if (X509CRLPrintDates(bio, crl, 8) != WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* print CRL extensions */
|
||||||
|
if (X509CRLPrintExtensions(bio, crl, 8) != WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* print CRL Revoked Certs */
|
||||||
|
if (X509CRLPrintRevoked(bio, crl, 0) != WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (X509CRLPrintSignature(bio, crl, 0, 4) != WOLFSSL_SUCCESS) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
#endif /* !NO_BIO && XSNPRINTF */
|
||||||
#endif /* HAVE_CRL */
|
#endif /* HAVE_CRL */
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
|
|||||||
32
tests/api.c
32
tests/api.c
@ -52702,9 +52702,9 @@ static int test_wolfSSL_X509_print(void)
|
|||||||
|
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||||
/* Will print IP address subject alt name. */
|
/* Will print IP address subject alt name. */
|
||||||
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3240);
|
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3255);
|
||||||
#else
|
#else
|
||||||
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3218);
|
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3233);
|
||||||
#endif
|
#endif
|
||||||
BIO_free(bio);
|
BIO_free(bio);
|
||||||
|
|
||||||
@ -52731,6 +52731,33 @@ static int test_wolfSSL_X509_print(void)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int test_wolfSSL_X509_CRL_print(void)
|
||||||
|
{
|
||||||
|
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL)\
|
||||||
|
&& !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
|
||||||
|
X509_CRL* crl;
|
||||||
|
BIO *bio;
|
||||||
|
XFILE fp;
|
||||||
|
|
||||||
|
printf(testingFmt, "test_X509_CRL_print");
|
||||||
|
|
||||||
|
fp = XFOPEN("./certs/crl/crl.pem", "rb");
|
||||||
|
AssertTrue((fp != XBADFILE));
|
||||||
|
AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
|
||||||
|
NULL, NULL));
|
||||||
|
XFCLOSE(fp);
|
||||||
|
|
||||||
|
AssertNotNull(bio = BIO_new(BIO_s_mem()));
|
||||||
|
AssertIntEQ(X509_CRL_print(bio, crl), SSL_SUCCESS);
|
||||||
|
|
||||||
|
X509_CRL_free(crl);
|
||||||
|
BIO_free(bio);
|
||||||
|
printf(resultFmt, passed);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int test_wolfSSL_BIO_get_len(void)
|
static int test_wolfSSL_BIO_get_len(void)
|
||||||
{
|
{
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
|
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
|
||||||
@ -57602,6 +57629,7 @@ TEST_CASE testCases[] = {
|
|||||||
TEST_DECL(test_wolfSSL_X509_get_version),
|
TEST_DECL(test_wolfSSL_X509_get_version),
|
||||||
#ifndef NO_BIO
|
#ifndef NO_BIO
|
||||||
TEST_DECL(test_wolfSSL_X509_print),
|
TEST_DECL(test_wolfSSL_X509_print),
|
||||||
|
TEST_DECL(test_wolfSSL_X509_CRL_print),
|
||||||
TEST_DECL(test_wolfSSL_BIO_get_len),
|
TEST_DECL(test_wolfSSL_BIO_get_len),
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -34452,9 +34452,25 @@ int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx)
|
|||||||
#endif /* WOLFSSL_ASN_TEMPLATE */
|
#endif /* WOLFSSL_ASN_TEMPLATE */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef HAVE_CRL
|
#ifdef HAVE_CRL
|
||||||
|
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
static char* GetNameFromDer(const byte* source, int sz)
|
||||||
|
{
|
||||||
|
char* out;
|
||||||
|
|
||||||
|
out = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
if (out == NULL) {
|
||||||
|
WOLFSSL_MSG("Name malloc failed");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
XMEMCPY(out, source, sz);
|
||||||
|
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* initialize decoded CRL */
|
/* initialize decoded CRL */
|
||||||
void InitDecodedCRL(DecodedCRL* dcrl, void* heap)
|
void InitDecodedCRL(DecodedCRL* dcrl, void* heap)
|
||||||
{
|
{
|
||||||
@ -34480,6 +34496,10 @@ void FreeDecodedCRL(DecodedCRL* dcrl)
|
|||||||
XFREE(tmp, dcrl->heap, DYNAMIC_TYPE_REVOKED);
|
XFREE(tmp, dcrl->heap, DYNAMIC_TYPE_REVOKED);
|
||||||
tmp = next;
|
tmp = next;
|
||||||
}
|
}
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
if (dcrl->issuer != NULL)
|
||||||
|
XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -34514,9 +34534,11 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
|
|||||||
int maxIdx)
|
int maxIdx)
|
||||||
{
|
{
|
||||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||||
int ret, len;
|
#ifndef NO_ASN_TIME
|
||||||
|
int ret;
|
||||||
|
#endif
|
||||||
|
int len;
|
||||||
word32 end;
|
word32 end;
|
||||||
byte b;
|
|
||||||
RevokedCert* rc;
|
RevokedCert* rc;
|
||||||
|
|
||||||
WOLFSSL_ENTER("GetRevoked");
|
WOLFSSL_ENTER("GetRevoked");
|
||||||
@ -34545,12 +34567,13 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
|
|||||||
dcrl->totalCerts++;
|
dcrl->totalCerts++;
|
||||||
|
|
||||||
/* get date */
|
/* get date */
|
||||||
ret = GetDateInfo(buff, idx, NULL, &b, NULL, maxIdx);
|
#ifndef NO_ASN_TIME
|
||||||
|
ret = GetBasicDate(buff, idx, rc->revDate, &rc->revDateFormat, maxIdx);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
WOLFSSL_MSG("Expecting Date");
|
WOLFSSL_MSG("Expecting Date");
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
/* skip extensions */
|
/* skip extensions */
|
||||||
*idx = end;
|
*idx = end;
|
||||||
|
|
||||||
@ -34559,6 +34582,7 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
|
|||||||
DECL_ASNGETDATA(dataASN, revokedASN_Length);
|
DECL_ASNGETDATA(dataASN, revokedASN_Length);
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
word32 serialSz = EXTERNAL_SERIAL_SIZE;
|
word32 serialSz = EXTERNAL_SERIAL_SIZE;
|
||||||
|
word32 revDateSz = MAX_DATE_SIZE;
|
||||||
RevokedCert* rc;
|
RevokedCert* rc;
|
||||||
|
|
||||||
/* Allocate a new revoked certificate object. */
|
/* Allocate a new revoked certificate object. */
|
||||||
@ -34574,6 +34598,11 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
|
|||||||
/* Set buffer to place serial number into. */
|
/* Set buffer to place serial number into. */
|
||||||
GetASN_Buffer(&dataASN[REVOKEDASN_IDX_CERT], rc->serialNumber,
|
GetASN_Buffer(&dataASN[REVOKEDASN_IDX_CERT], rc->serialNumber,
|
||||||
&serialSz);
|
&serialSz);
|
||||||
|
/* Set buffer to store revocation date. */
|
||||||
|
GetASN_Buffer(&dataASN[REVOKEDASN_IDX_TIME_UTC], rc->revDate,
|
||||||
|
&revDateSz);
|
||||||
|
GetASN_Buffer(&dataASN[REVOKEDASN_IDX_TIME_GT], rc->revDate,
|
||||||
|
&revDateSz);
|
||||||
/* Decode the Revoked */
|
/* Decode the Revoked */
|
||||||
ret = GetASN_Items(revokedASN, dataASN, revokedASN_Length, 1, buff, idx,
|
ret = GetASN_Items(revokedASN, dataASN, revokedASN_Length, 1, buff, idx,
|
||||||
maxIdx);
|
maxIdx);
|
||||||
@ -34581,7 +34610,10 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
|
|||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
/* Store size of serial number. */
|
/* Store size of serial number. */
|
||||||
rc->serialSz = serialSz;
|
rc->serialSz = serialSz;
|
||||||
/* TODO: use revocation date */
|
rc->revDateFormat = (dataASN[REVOKEDASN_IDX_TIME_UTC].tag != 0)
|
||||||
|
? dataASN[REVOKEDASN_IDX_TIME_UTC].tag
|
||||||
|
: dataASN[REVOKEDASN_IDX_TIME_GT].tag;
|
||||||
|
|
||||||
/* TODO: use extensions, only v2 */
|
/* TODO: use extensions, only v2 */
|
||||||
/* Add revoked certificate to chain. */
|
/* Add revoked certificate to chain. */
|
||||||
rc->next = dcrl->certs;
|
rc->next = dcrl->certs;
|
||||||
@ -34737,7 +34769,7 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
|
|||||||
word32* inOutIdx, int sz, int verify)
|
word32* inOutIdx, int sz, int verify)
|
||||||
{
|
{
|
||||||
word32 oid, dateIdx, idx, checkIdx;
|
word32 oid, dateIdx, idx, checkIdx;
|
||||||
int version;
|
int length;
|
||||||
#ifdef WOLFSSL_NO_CRL_NEXT_DATE
|
#ifdef WOLFSSL_NO_CRL_NEXT_DATE
|
||||||
int doNextDate = 1;
|
int doNextDate = 1;
|
||||||
#endif
|
#endif
|
||||||
@ -34752,13 +34784,23 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
|
|||||||
|
|
||||||
checkIdx = idx;
|
checkIdx = idx;
|
||||||
if (GetASNTag(buf, &checkIdx, &tag, sz) == 0 && tag == ASN_INTEGER) {
|
if (GetASNTag(buf, &checkIdx, &tag, sz) == 0 && tag == ASN_INTEGER) {
|
||||||
if (GetMyVersion(buf, &idx, &version, sz) < 0)
|
if (GetMyVersion(buf, &idx, &dcrl->version, sz) < 0)
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
dcrl->version++;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0)
|
if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0)
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
|
||||||
|
checkIdx = idx;
|
||||||
|
if (GetSequence(buf, &checkIdx, &length, sz) < 0) {
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
dcrl->issuerSz = length + (checkIdx - idx);
|
||||||
|
dcrl->issuer = (byte*)GetNameFromDer(buf + idx, (int)dcrl->issuerSz);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0)
|
if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0)
|
||||||
return ASN_PARSE_E;
|
return ASN_PARSE_E;
|
||||||
|
|
||||||
@ -34790,6 +34832,8 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
|
|||||||
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
|
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
|
||||||
return CRL_CERT_DATE_ERR;
|
return CRL_CERT_DATE_ERR;
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
(void)verify;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -34964,6 +35008,64 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
else if (oid == CRL_NUMBER_OID) {
|
||||||
|
localIdx = idx;
|
||||||
|
if (GetASNTag(buf, &localIdx, &tag, sz) == 0 &&
|
||||||
|
tag == ASN_INTEGER) {
|
||||||
|
ret = GetASNInt(buf, &idx, &length, sz);
|
||||||
|
if (ret < 0) {
|
||||||
|
WOLFSSL_MSG("\tcouldn't parse CRL number extension");
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (length > 1) {
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
mp_int* m;
|
||||||
|
#else
|
||||||
|
mp_int m[1];
|
||||||
|
#endif
|
||||||
|
int i;
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
m = (mp_int*)XMALLOC(sizeof(*m), NULL,
|
||||||
|
DYNAMIC_TYPE_BIGINT);
|
||||||
|
if (m == NULL) {
|
||||||
|
return MEMORY_E;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
if (mp_init(m) != MP_OKAY) {
|
||||||
|
return MP_INIT_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = mp_read_unsigned_bin(m, buf + idx, length);
|
||||||
|
if (ret != MP_OKAY) {
|
||||||
|
mp_free(m);
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
|
||||||
|
#endif
|
||||||
|
return BUFFER_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
dcrl->crlNumber = 0;
|
||||||
|
for (i = 0; i < (*m).used; ++i) {
|
||||||
|
if (i > (int)sizeof(word32)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
dcrl->crlNumber |= ((word32)(*m).dp[i]) <<
|
||||||
|
(DIGIT_BIT * i);
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(m, NULL, DYNAMIC_TYPE_BIGINT);
|
||||||
|
#endif
|
||||||
|
mp_free(m);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
dcrl->crlNumber = buf[idx];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
idx += length;
|
idx += length;
|
||||||
}
|
}
|
||||||
@ -35232,6 +35334,8 @@ end:
|
|||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
|
/* Store version */
|
||||||
|
dcrl->version = ++version;
|
||||||
/* Store offset of to be signed part. */
|
/* Store offset of to be signed part. */
|
||||||
dcrl->certBegin = dataASN[CRLASN_IDX_TBS].offset;
|
dcrl->certBegin = dataASN[CRLASN_IDX_TBS].offset;
|
||||||
/* Store index of signature. */
|
/* Store index of signature. */
|
||||||
@ -35261,10 +35365,15 @@ end:
|
|||||||
}
|
}
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
#endif
|
#endif
|
||||||
|
/* Parse and store the issuer name. */
|
||||||
|
dcrl->issuerSz = GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER],
|
||||||
|
buff);
|
||||||
|
dcrl->issuer = (byte*)GetNameFromDer((byte*)GetASNItem_Addr(
|
||||||
|
dataASN[CRLASN_IDX_TBS_ISSUER], buff),
|
||||||
|
(int)dcrl->issuerSz);
|
||||||
/* Calculate the Hash id from the issuer name. */
|
/* Calculate the Hash id from the issuer name. */
|
||||||
ret = CalcHashId(GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_ISSUER], buff),
|
ret = CalcHashId(GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_ISSUER], buff),
|
||||||
GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER], buff),
|
dcrl->issuerSz, dcrl->issuerHash);
|
||||||
dcrl->issuerHash);
|
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
ret = ASN_PARSE_E;
|
ret = ASN_PARSE_E;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2123,6 +2123,7 @@ struct CRL_Entry {
|
|||||||
byte nextDateFormat; /* next date format */
|
byte nextDateFormat; /* next date format */
|
||||||
RevokedCert* certs; /* revoked cert list */
|
RevokedCert* certs; /* revoked cert list */
|
||||||
int totalCerts; /* number on list */
|
int totalCerts; /* number on list */
|
||||||
|
int version; /* version of certficate */
|
||||||
int verified;
|
int verified;
|
||||||
byte* toBeSigned;
|
byte* toBeSigned;
|
||||||
word32 tbsSz;
|
word32 tbsSz;
|
||||||
@ -2132,6 +2133,10 @@ struct CRL_Entry {
|
|||||||
#if !defined(NO_SKID) && !defined(NO_ASN)
|
#if !defined(NO_SKID) && !defined(NO_ASN)
|
||||||
byte extAuthKeyIdSet;
|
byte extAuthKeyIdSet;
|
||||||
byte extAuthKeyId[KEYID_SIZE];
|
byte extAuthKeyId[KEYID_SIZE];
|
||||||
|
#endif
|
||||||
|
int crlNumber; /* CRL number extension */
|
||||||
|
#if defined(OPENSSL_EXTRA)
|
||||||
|
WOLFSSL_X509_NAME* issuer; /* X509_NAME type issuer */
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -496,6 +496,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||||||
#define X509_REQ_print wolfSSL_X509_print
|
#define X509_REQ_print wolfSSL_X509_print
|
||||||
#define X509_print_ex wolfSSL_X509_print_ex
|
#define X509_print_ex wolfSSL_X509_print_ex
|
||||||
#define X509_print_fp wolfSSL_X509_print_fp
|
#define X509_print_fp wolfSSL_X509_print_fp
|
||||||
|
#define X509_CRL_print wolfSSL_X509_CRL_print
|
||||||
#define X509_REQ_print_fp wolfSSL_X509_print_fp
|
#define X509_REQ_print_fp wolfSSL_X509_print_fp
|
||||||
#define X509_signature_print wolfSSL_X509_signature_print
|
#define X509_signature_print wolfSSL_X509_signature_print
|
||||||
#define X509_get0_signature wolfSSL_X509_get0_signature
|
#define X509_get0_signature wolfSSL_X509_get0_signature
|
||||||
|
|||||||
@ -1496,7 +1496,7 @@ WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in);
|
|||||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
|
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
|
||||||
WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
|
WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
|
||||||
|
|
||||||
#ifdef HAVE_OCSP
|
#if defined(HAVE_OCSP) || defined(HAVE_CRL)
|
||||||
#include "wolfssl/wolfcrypt/asn.h"
|
#include "wolfssl/wolfcrypt/asn.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -2865,7 +2865,21 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
|
|||||||
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
|
||||||
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
|
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(HAVE_CRL) && defined(OPENSSL_EXTRA)
|
||||||
|
WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid(
|
||||||
|
const WOLFSSL_X509_CRL* crl);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
|
||||||
|
unsigned char* buf, int* bufSz);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio,
|
||||||
|
WOLFSSL_X509_CRL* crl);
|
||||||
|
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name(
|
||||||
|
WOLFSSL_X509_CRL *crl);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev,
|
||||||
|
byte* in, int* inOutSz);
|
||||||
WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
|
WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef NO_FILESYSTEM
|
||||||
#ifndef NO_STDIO_FILESYSTEM
|
#ifndef NO_STDIO_FILESYSTEM
|
||||||
|
|||||||
@ -2414,6 +2414,8 @@ struct RevokedCert {
|
|||||||
byte serialNumber[EXTERNAL_SERIAL_SIZE];
|
byte serialNumber[EXTERNAL_SERIAL_SIZE];
|
||||||
int serialSz;
|
int serialSz;
|
||||||
RevokedCert* next;
|
RevokedCert* next;
|
||||||
|
byte revDate[MAX_DATE_SIZE];
|
||||||
|
byte revDateFormat;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct DecodedCRL DecodedCRL;
|
typedef struct DecodedCRL DecodedCRL;
|
||||||
@ -2431,12 +2433,18 @@ struct DecodedCRL {
|
|||||||
byte lastDateFormat; /* format of last date */
|
byte lastDateFormat; /* format of last date */
|
||||||
byte nextDateFormat; /* format of next date */
|
byte nextDateFormat; /* format of next date */
|
||||||
RevokedCert* certs; /* revoked cert list */
|
RevokedCert* certs; /* revoked cert list */
|
||||||
|
#if defined(OPENSSL_EXTRA)
|
||||||
|
byte* issuer; /* full name including common name */
|
||||||
|
word32 issuerSz; /* length of the issuer */
|
||||||
|
#endif
|
||||||
int totalCerts; /* number on list */
|
int totalCerts; /* number on list */
|
||||||
|
int version; /* version of cert */
|
||||||
void* heap;
|
void* heap;
|
||||||
#ifndef NO_SKID
|
#ifndef NO_SKID
|
||||||
byte extAuthKeyIdSet;
|
byte extAuthKeyIdSet;
|
||||||
byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */
|
byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */
|
||||||
#endif
|
#endif
|
||||||
|
int crlNumber; /* CRL number extension */
|
||||||
};
|
};
|
||||||
|
|
||||||
WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap);
|
WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap);
|
||||||
|
|||||||
Reference in New Issue
Block a user