From 544ed3289356e4fc6ef8711f70f937f0ae155f66 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 14 Jan 2021 17:52:12 +0900 Subject: [PATCH] implemented X509_load_crl_file --- src/ssl.c | 84 +++++++++++++++++++++++++++++++++++++++++++ tests/api.c | 33 +++++++++++++++++ wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 4 +++ 4 files changed, 122 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 1b9d6835c..d2533eed8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25980,12 +25980,96 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) #ifdef HAVE_CRL + +#ifndef NO_BIO +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, + WOLFSSL_X509_CRL **x) +{ + int derSz; + byte* der = NULL; + WOLFSSL_X509_CRL* crl = NULL; + + if ((derSz = wolfSSL_BIO_get_len(bp)) > 0) { + der = (byte*)XMALLOC(derSz, 0, DYNAMIC_TYPE_DER); + if (der != NULL) { + if (wolfSSL_BIO_read(bp, der, derSz) == derSz) { + crl = wolfSSL_d2i_X509_CRL(x, der, derSz); + } + } + } + + if (der != NULL) { + XFREE(der, 0, DYNAMIC_TYPE_DER); + } + + return crl; +} +#endif + #ifndef NO_FILESYSTEM WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) { WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); } + +WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, + const char *file, int type) +{ + int ret = WOLFSSL_FAILURE; + int count = 0; + WOLFSSL_BIO *bio = NULL; + WOLFSSL_X509_CRL *crl =NULL; + + WOLFSSL_ENTER("wolfSSL_X509_load_crl_file"); + + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + + if ((bio == NULL) || (wolfSSL_BIO_read_filename(bio, file) <= 0)) { + return ret; + } + + if (type == WOLFSSL_FILETYPE_PEM) { + do { + crl = wolfSSL_PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL); + if (crl == NULL) { + if (count <= 0) { + WOLFSSL_MSG("Load crl failed"); + } + break; + } + + ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); + if (ret == WOLFSSL_FAILURE) { + WOLFSSL_MSG("Adding crl failed"); + break; + } + count++; + wolfSSL_X509_CRL_free(crl); + crl = NULL; + } while(crl == NULL); + + ret = count; + } else if (type == WOLFSSL_FILETYPE_ASN1) { + crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL); + if (crl == NULL) { + WOLFSSL_MSG("Load crl failed"); + } else { + ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); + if (ret == WOLFSSL_FAILURE) { + WOLFSSL_MSG("Adding crl failed"); + } + } + } else { + WOLFSSL_MSG("Invaid file type"); + } + + wolfSSL_X509_CRL_free(crl); + wolfSSL_BIO_free(bio); + + WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret); + return ret; +} #endif /* !NO_FILESYSTEM */ diff --git a/tests/api.c b/tests/api.c index 759523728..f64ff3dd5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -38789,6 +38789,38 @@ static void test_wolfSSL_X509_CRL(void) return; } +static void test_wolfSSL_X509_load_crl_file(void) +{ +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + int i; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; + WOLFSSL_X509_STORE* store; + WOLFSSL_X509_LOOKUP* lookup; + + printf(testingFmt, "wolfSSL_X509_laod_crl_file"); + + AssertNotNull(store = wolfSSL_X509_STORE_new()); + AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + for (i = 0; pem[i][0] != '\0'; i++) + { + AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1); + } + + wolfSSL_X509_STORE_free(store); + + printf(resultFmt, passed); + +#endif +} + static void test_wolfSSL_d2i_X509_REQ(void) { #if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) @@ -40758,6 +40790,7 @@ void ApiTest(void) test_wolfSSL_X509_STORE_CTX_get0_store(); test_wolfSSL_X509_STORE(); test_wolfSSL_X509_STORE_load_locations(); + test_wolfSSL_X509_load_crl_file(); test_wolfSSL_BN(); test_wolfSSL_CTX_get0_set1_param(); #ifndef NO_BIO diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 1fd838bce..db4940107 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -629,6 +629,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate #define X509_CRL_verify wolfSSL_X509_CRL_verify #define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED +#define X509_load_crl_file wolfSSL_X509_load_crl_file #define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY #define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 69103607e..61adac213 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1556,6 +1556,8 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc( WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to, const WOLFSSL_X509_VERIFY_PARAM* from); +WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, + const char *file, int type); #endif WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*); WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( @@ -2266,6 +2268,8 @@ WOLFSSL_API WOLFSSL_X509* WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, + WOLFSSL_X509_CRL **crl); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); #endif