1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "x509_crl_openssl.h"
17
18 #include <openssl/evp.h>
19 #include <openssl/pem.h>
20 #include <openssl/pkcs7.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23
24 #include "certificate_openssl_class.h"
25 #include "certificate_openssl_common.h"
26 #include "cf_log.h"
27 #include "cf_memory.h"
28 #include "config.h"
29 #include "fwk_class.h"
30 #include "securec.h"
31 #include "utils.h"
32 #include "x509_crl.h"
33 #include "x509_crl_entry_openssl.h"
34 #include "x509_crl_spi.h"
35
36 typedef struct {
37 HcfX509CrlSpi base;
38 X509_CRL *crl;
39 CfBlob *certIssuer;
40 } HcfX509CRLOpensslImpl;
41
42 typedef enum {
43 CRL_MAX,
44 CRL_MIN,
45 } X509CRLType;
46
47 #define OPENSSL_INVALID_VERSION (-1)
48 #define OPENSSL_ERROR 0
49 #define TYPE_NAME "X509"
50 #define OID_LENGTH 128
51 #define MAX_REV_NUM 256
52 #define MAX_SIGNATURE_LEN 8192
53
GetClass(void)54 static const char *GetClass(void)
55 {
56 return X509_CRL_OPENSSL_CLASS;
57 }
58
GetType(HcfX509CrlSpi * self)59 static const char *GetType(HcfX509CrlSpi *self)
60 {
61 if (self == NULL) {
62 LOGE("Invalid params!");
63 return NULL;
64 }
65 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
66 LOGE("Input wrong class type!");
67 return NULL;
68 }
69 return TYPE_NAME;
70 }
71
GetCrl(HcfX509CrlSpi * self)72 static X509_CRL *GetCrl(HcfX509CrlSpi *self)
73 {
74 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
75 LOGE("Input wrong class type!");
76 return NULL;
77 }
78 return ((HcfX509CRLOpensslImpl *)self)->crl;
79 }
80
GetX509FromCertificate(const HcfCertificate * cert)81 static X509 *GetX509FromCertificate(const HcfCertificate *cert)
82 {
83 if (!CfIsClassMatch((CfObjectBase *)cert, HCF_X509_CERTIFICATE_CLASS)) {
84 LOGE("Input wrong openssl class type!");
85 return NULL;
86 }
87 HcfX509CertificateImpl *impl = (HcfX509CertificateImpl *)cert;
88 if (!CfIsClassMatch((CfObjectBase *)(impl->spiObj), X509_CERT_OPENSSL_CLASS)) {
89 LOGE("Input wrong openssl class type!");
90 return NULL;
91 }
92 HcfOpensslX509Cert *realCert = (HcfOpensslX509Cert *)(impl->spiObj);
93 return realCert->x509;
94 }
95
IsRevoked(HcfX509CrlSpi * self,const HcfCertificate * cert)96 static bool IsRevoked(HcfX509CrlSpi *self, const HcfCertificate *cert)
97 {
98 if ((self == NULL) || (cert == NULL)) {
99 LOGE("Invalid params!");
100 return false;
101 }
102 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
103 LOGE("Input wrong class type!");
104 return false;
105 }
106 X509 *certOpenssl = GetX509FromCertificate(cert);
107 if (certOpenssl == NULL) {
108 LOGE("Input Cert is wrong!");
109 return false;
110 }
111 X509_CRL *crl = ((HcfX509CRLOpensslImpl *)self)->crl;
112 if (crl == NULL) {
113 LOGE("crl is null!");
114 return false;
115 }
116 X509_REVOKED *rev = NULL;
117 int32_t res = X509_CRL_get0_by_cert(crl, &rev, certOpenssl);
118 return (res != 0);
119 }
120
GetEncoded(HcfX509CrlSpi * self,CfEncodingBlob * encodedOut)121 static CfResult GetEncoded(HcfX509CrlSpi *self, CfEncodingBlob *encodedOut)
122 {
123 if ((self == NULL) || (encodedOut == NULL)) {
124 LOGE("Invalid params!");
125 return CF_INVALID_PARAMS;
126 }
127 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
128 LOGE("Input wrong class type!");
129 return CF_INVALID_PARAMS;
130 }
131 unsigned char *out = NULL;
132 X509_CRL *crl = ((HcfX509CRLOpensslImpl *)self)->crl;
133 if (crl == NULL) {
134 LOGE("crl is null!");
135 return CF_INVALID_PARAMS;
136 }
137 int32_t length = i2d_X509_CRL(crl, &out);
138 if (length <= 0) {
139 LOGE("Do i2d_X509_CRL fail!");
140 CfPrintOpensslError();
141 return CF_ERR_CRYPTO_OPERATION;
142 }
143 encodedOut->data = (uint8_t *)CfMalloc(length, 0);
144 if (encodedOut->data == NULL) {
145 LOGE("Failed to malloc for crl encoded data!");
146 OPENSSL_free(out);
147 return CF_ERR_MALLOC;
148 }
149 (void)memcpy_s(encodedOut->data, length, out, length);
150 OPENSSL_free(out);
151 encodedOut->len = length;
152 encodedOut->encodingFormat = CF_FORMAT_DER;
153 return CF_SUCCESS;
154 }
155
Verify(HcfX509CrlSpi * self,HcfPubKey * key)156 static CfResult Verify(HcfX509CrlSpi *self, HcfPubKey *key)
157 {
158 if ((self == NULL) || (key == NULL)) {
159 LOGE("Invalid params!");
160 return CF_INVALID_PARAMS;
161 }
162 if (!CfIsClassMatch((CfObjectBase *)self, GetClass()) ||
163 (!CfIsPubKeyClassMatch((HcfObjectBase *)key, OPENSSL_RSA_PUBKEY_CLASS))) {
164 LOGE("Input wrong class type!");
165 return CF_INVALID_PARAMS;
166 }
167 RSA *rsaPubkey = ((HcfOpensslRsaPubKey *)key)->pk;
168 if (rsaPubkey == NULL) {
169 LOGE("rsaPubkey is null!");
170 return CF_INVALID_PARAMS;
171 }
172 EVP_PKEY *pubKey = EVP_PKEY_new();
173 if (pubKey == NULL) {
174 LOGE("pubKey is null!");
175 CfPrintOpensslError();
176 return CF_ERR_CRYPTO_OPERATION;
177 }
178
179 CfResult ret = CF_SUCCESS;
180 do {
181 if (EVP_PKEY_set1_RSA(pubKey, rsaPubkey) <= 0) {
182 LOGE("Do EVP_PKEY_assign_RSA fail!");
183 CfPrintOpensslError();
184 ret = CF_ERR_CRYPTO_OPERATION;
185 break;
186 }
187
188 X509_CRL *crl = ((HcfX509CRLOpensslImpl *)self)->crl;
189 if (crl == NULL) {
190 LOGE("crl is null!");
191 ret = CF_INVALID_PARAMS;
192 break;
193 }
194
195 int32_t res = X509_CRL_verify(crl, pubKey);
196 if (res != CF_OPENSSL_SUCCESS) {
197 LOGE("Verify fail!");
198 CfPrintOpensslError();
199 ret = CF_ERR_CRYPTO_OPERATION;
200 break;
201 }
202 } while (0);
203
204 EVP_PKEY_free(pubKey);
205 return ret;
206 }
207
GetVersion(HcfX509CrlSpi * self)208 static long GetVersion(HcfX509CrlSpi *self)
209 {
210 if (self == NULL) {
211 LOGE("Invalid params!");
212 return OPENSSL_INVALID_VERSION;
213 }
214 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
215 LOGE("Input wrong class type!");
216 return OPENSSL_INVALID_VERSION;
217 }
218 X509_CRL *crl = ((HcfX509CRLOpensslImpl *)self)->crl;
219 if (crl == NULL) {
220 LOGE("crl is null!");
221 return OPENSSL_INVALID_VERSION;
222 }
223 return X509_CRL_get_version(crl) + 1;
224 }
225
GetIssuerName(HcfX509CrlSpi * self,CfBlob * out)226 static CfResult GetIssuerName(HcfX509CrlSpi *self, CfBlob *out)
227 {
228 if ((self == NULL) || (out == NULL)) {
229 LOGE("Invalid params for calling GetIssuerName!");
230 return CF_INVALID_PARAMS;
231 }
232 X509_CRL *crl = GetCrl(self);
233 if (crl == NULL) {
234 LOGE("crl is null!");
235 return CF_INVALID_PARAMS;
236 }
237 X509_NAME *x509Name = X509_CRL_get_issuer(crl);
238 if (x509Name == NULL) {
239 LOGE("Get Issuer DN fail!");
240 CfPrintOpensslError();
241 return CF_ERR_CRYPTO_OPERATION;
242 }
243 char *issuer = X509_NAME_oneline(x509Name, NULL, 0);
244 if (issuer == NULL) {
245 LOGE("X509Name convert char fail!");
246 CfPrintOpensslError();
247 return CF_ERR_CRYPTO_OPERATION;
248 }
249 if (strlen(issuer) > HCF_MAX_STR_LEN) {
250 LOGE("issuer name is too long!");
251 CfPrintOpensslError();
252 OPENSSL_free(issuer);
253 return CF_ERR_CRYPTO_OPERATION;
254 }
255 uint32_t length = strlen(issuer) + 1;
256 out->data = (uint8_t *)CfMalloc(length, 0);
257 if (out->data == NULL) {
258 LOGE("Failed to malloc for crl issuer data!");
259 OPENSSL_free(issuer);
260 return CF_ERR_MALLOC;
261 }
262 (void)memcpy_s(out->data, length, issuer, length);
263 out->size = length;
264 OPENSSL_free(issuer);
265 return CF_SUCCESS;
266 }
267
SetCertIssuer(HcfX509CrlSpi * self)268 static CfResult SetCertIssuer(HcfX509CrlSpi *self)
269 {
270 ((HcfX509CRLOpensslImpl *)self)->certIssuer = (CfBlob *)CfMalloc(sizeof(CfBlob), 0);
271 if (((HcfX509CRLOpensslImpl *)self)->certIssuer == NULL) {
272 LOGE("Failed to malloc for certIssuer!");
273 return CF_ERR_MALLOC;
274 }
275 CfResult res = GetIssuerName(self, ((HcfX509CRLOpensslImpl *)self)->certIssuer);
276 if (res != CF_SUCCESS) {
277 CfFree(((HcfX509CRLOpensslImpl *)self)->certIssuer);
278 ((HcfX509CRLOpensslImpl *)self)->certIssuer = NULL;
279 }
280 return res;
281 }
282
GetLastUpdate(HcfX509CrlSpi * self,CfBlob * out)283 static CfResult GetLastUpdate(HcfX509CrlSpi *self, CfBlob *out)
284 {
285 if ((self == NULL) || (out == NULL)) {
286 LOGE("Invalid params for calling GetLastUpdate!");
287 return CF_INVALID_PARAMS;
288 }
289 X509_CRL *crl = GetCrl(self);
290 if (crl == NULL) {
291 LOGE("crl is null!");
292 return CF_INVALID_PARAMS;
293 }
294 const ASN1_TIME *time = X509_CRL_get0_lastUpdate(crl);
295 if (time == NULL) {
296 LOGE("Get this update time fail!");
297 CfPrintOpensslError();
298 return CF_ERR_CRYPTO_OPERATION;
299 }
300 const char *thisUpdate = (const char *)(time->data);
301 if (thisUpdate == NULL || strlen(thisUpdate) > HCF_MAX_STR_LEN) {
302 LOGE("ThisUpdate convert String fail, or thisUpdate is too long!");
303 return CF_ERR_CRYPTO_OPERATION;
304 }
305 uint32_t length = strlen(thisUpdate) + 1;
306 out->data = (uint8_t *)CfMalloc(length, 0);
307 if (out->data == NULL) {
308 LOGE("Failed to malloc for thisUpdate!");
309 return CF_ERR_MALLOC;
310 }
311 (void)memcpy_s(out->data, length, thisUpdate, length);
312 out->size = length;
313 return CF_SUCCESS;
314 }
315
GetNextUpdate(HcfX509CrlSpi * self,CfBlob * out)316 static CfResult GetNextUpdate(HcfX509CrlSpi *self, CfBlob *out)
317 {
318 if ((self == NULL) || (out == NULL)) {
319 LOGE("Invalid params for calling GetNextUpdate!");
320 return CF_INVALID_PARAMS;
321 }
322 X509_CRL *crl = GetCrl(self);
323 if (crl == NULL) {
324 LOGE("crl is null!");
325 return CF_INVALID_PARAMS;
326 }
327 const ASN1_TIME *time = X509_CRL_get0_nextUpdate(crl);
328 if (time == NULL) {
329 LOGE("Get next update time fail!");
330 CfPrintOpensslError();
331 return CF_ERR_CRYPTO_OPERATION;
332 }
333 const char *nextUpdate = (const char *)(time->data);
334 if ((nextUpdate == NULL) || (strlen(nextUpdate) > HCF_MAX_STR_LEN)) {
335 LOGE("Get next update time is null, or nextUpdate is too long!");
336 return CF_ERR_CRYPTO_OPERATION;
337 }
338 uint32_t length = strlen(nextUpdate) + 1;
339 out->data = (uint8_t *)CfMalloc(length, 0);
340 if (out->data == NULL) {
341 LOGE("Failed to malloc for nextUpdate!");
342 return CF_ERR_MALLOC;
343 }
344 (void)memcpy_s(out->data, length, nextUpdate, length);
345 out->size = length;
346 return CF_SUCCESS;
347 }
348
GetRevokedCert(HcfX509CrlSpi * self,const CfBlob * serialNumber,HcfX509CrlEntry ** entryOut)349 static CfResult GetRevokedCert(HcfX509CrlSpi *self, const CfBlob *serialNumber, HcfX509CrlEntry **entryOut)
350 {
351 if ((self == NULL) || (serialNumber == NULL) || (serialNumber->data == NULL) || (serialNumber->size == 0) ||
352 (serialNumber->size > MAX_SN_BYTE_CNT) || (entryOut == NULL)) {
353 LOGE("Invalid params!");
354 return CF_INVALID_PARAMS;
355 }
356 X509_CRL *crl = GetCrl(self);
357 if (crl == NULL) {
358 LOGE("crl is null!");
359 return CF_INVALID_PARAMS;
360 }
361
362 BIGNUM *bigNum = BN_bin2bn(serialNumber->data, serialNumber->size, NULL);
363 if (bigNum == NULL) {
364 LOGE("bin to big number fail!");
365 return CF_INVALID_PARAMS;
366 }
367 ASN1_INTEGER *serial = BN_to_ASN1_INTEGER(bigNum, NULL);
368
369 if (serial == NULL) {
370 LOGE("Serial init fail!");
371 CfPrintOpensslError();
372 BN_free(bigNum);
373 return CF_ERR_CRYPTO_OPERATION;
374 }
375
376 X509_REVOKED *rev = NULL;
377 int32_t opensslRes = X509_CRL_get0_by_serial(crl, &rev, serial);
378 BN_free(bigNum);
379 ASN1_INTEGER_free(serial);
380 if (opensslRes != CF_OPENSSL_SUCCESS) {
381 LOGE("Get revoked certificate fail, res : %d!", opensslRes);
382 CfPrintOpensslError();
383 return CF_ERR_CRYPTO_OPERATION;
384 }
385 CfResult res = HcfCX509CRLEntryCreate(rev, entryOut, ((HcfX509CRLOpensslImpl *)self)->certIssuer);
386 if (res != CF_SUCCESS) {
387 LOGE("X509 CRL entry create fail, res : %d!", res);
388 return res;
389 }
390 return CF_SUCCESS;
391 }
392
GetRevokedCertWithCert(HcfX509CrlSpi * self,HcfX509Certificate * cert,HcfX509CrlEntry ** entryOut)393 static CfResult GetRevokedCertWithCert(HcfX509CrlSpi *self, HcfX509Certificate *cert, HcfX509CrlEntry **entryOut)
394 {
395 if ((self == NULL) || (cert == NULL) || (entryOut == NULL)) {
396 LOGE("Invalid params!");
397 return CF_INVALID_PARAMS;
398 }
399 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
400 LOGE("Input wrong class type!");
401 return CF_INVALID_PARAMS;
402 }
403 X509 *certOpenssl = GetX509FromCertificate((HcfCertificate *)cert);
404 if (certOpenssl == NULL) {
405 LOGE("Input Cert is wrong!");
406 return CF_INVALID_PARAMS;
407 }
408 X509_CRL *crl = ((HcfX509CRLOpensslImpl *)self)->crl;
409 if (crl == NULL) {
410 LOGE("crl is null!");
411 return CF_INVALID_PARAMS;
412 }
413 X509_REVOKED *revokedRet = NULL;
414 int32_t opensslRes = X509_CRL_get0_by_cert(crl, &revokedRet, certOpenssl);
415 if (opensslRes != CF_OPENSSL_SUCCESS) {
416 LOGE("Get revoked certificate with cert fail, res : %d!", opensslRes);
417 CfPrintOpensslError();
418 return CF_ERR_CRYPTO_OPERATION;
419 }
420 CfResult res = HcfCX509CRLEntryCreate(revokedRet, entryOut, ((HcfX509CRLOpensslImpl *)self)->certIssuer);
421 if (res != CF_SUCCESS) {
422 LOGE("X509 CRL entry create fail, res : %d!", res);
423 return res;
424 }
425 return CF_SUCCESS;
426 }
427
DeepCopyRevokedCertificates(HcfX509CrlSpi * self,const STACK_OF (X509_REVOKED)* entrys,int32_t i,CfArray * entrysOut)428 static CfResult DeepCopyRevokedCertificates(
429 HcfX509CrlSpi *self, const STACK_OF(X509_REVOKED) * entrys, int32_t i, CfArray *entrysOut)
430 {
431 X509_REVOKED *rev = sk_X509_REVOKED_value(entrys, i);
432 if (rev == NULL) {
433 LOGE("sk_X509_REVOKED_value fail!");
434 CfPrintOpensslError();
435 return CF_ERR_CRYPTO_OPERATION;
436 }
437 HcfX509CrlEntry *crlEntry = NULL;
438 CfResult res = HcfCX509CRLEntryCreate(rev, &crlEntry, ((HcfX509CRLOpensslImpl *)self)->certIssuer);
439 if (res != CF_SUCCESS || crlEntry == NULL) {
440 LOGE("X509 CRL entry create fail, res : %d!", res);
441 return res;
442 }
443 entrysOut->data[i].data = (uint8_t *)crlEntry;
444 entrysOut->data[i].size = sizeof(HcfX509CrlEntry);
445 return CF_SUCCESS;
446 }
447
DestroyCRLEntryArray(CfArray * arr)448 static void DestroyCRLEntryArray(CfArray *arr)
449 {
450 if (arr == NULL) {
451 LOGD("The input array is null, no need to free.");
452 return;
453 }
454 for (uint32_t i = 0; i < arr->count; ++i) {
455 if (arr->data[i].data == NULL) {
456 continue;
457 }
458 HcfX509CrlEntry *crlEntry = (HcfX509CrlEntry *)(arr->data[i].data);
459 crlEntry->base.destroy((CfObjectBase *)crlEntry);
460 arr->data[i].data = NULL;
461 arr->data[i].size = 0;
462 }
463 CfFree(arr->data);
464 arr->data = NULL;
465 }
466
GetRevokedCerts(HcfX509CrlSpi * self,CfArray * entrysOut)467 static CfResult GetRevokedCerts(HcfX509CrlSpi *self, CfArray *entrysOut)
468 {
469 if ((self == NULL) || (entrysOut == NULL)) {
470 LOGE("Invalid params!");
471 return CF_INVALID_PARAMS;
472 }
473 X509_CRL *crl = GetCrl(self);
474 if (crl == NULL) {
475 LOGE("crl is null!");
476 return CF_INVALID_PARAMS;
477 }
478 STACK_OF(X509_REVOKED) *entrys = X509_CRL_get_REVOKED(crl);
479 if (entrys == NULL) {
480 LOGE("Get revoked certificates fail!");
481 CfPrintOpensslError();
482 return CF_ERR_CRYPTO_OPERATION;
483 }
484 int32_t revokedNum = sk_X509_REVOKED_num(entrys);
485 if ((revokedNum <= 0) || (revokedNum > MAX_REV_NUM)) {
486 LOGE("Get revoked invalid number!");
487 CfPrintOpensslError();
488 return CF_ERR_CRYPTO_OPERATION;
489 }
490 uint32_t blobSize = sizeof(CfBlob) * revokedNum;
491 entrysOut->data = (CfBlob *)CfMalloc(blobSize, 0);
492 if (entrysOut->data == NULL) {
493 LOGE("Failed to malloc for entrysOut array!");
494 return CF_ERR_MALLOC;
495 }
496 entrysOut->count = revokedNum;
497 for (int32_t i = 0; i < revokedNum; i++) {
498 if (DeepCopyRevokedCertificates(self, entrys, i, entrysOut) != CF_SUCCESS) {
499 LOGE("Falied to copy revoked certificates!");
500 DestroyCRLEntryArray(entrysOut);
501 return CF_ERR_MALLOC;
502 }
503 }
504 return CF_SUCCESS;
505 }
506
GetTbsList(HcfX509CrlSpi * self,CfBlob * tbsCertListOut)507 static CfResult GetTbsList(HcfX509CrlSpi *self, CfBlob *tbsCertListOut)
508 {
509 if ((self == NULL) || (tbsCertListOut == NULL)) {
510 LOGE("Invalid params!");
511 return CF_INVALID_PARAMS;
512 }
513 X509_CRL *crl = GetCrl(self);
514 if (crl == NULL) {
515 LOGE("crl is null!");
516 return CF_INVALID_PARAMS;
517 }
518 unsigned char *tbs = NULL;
519 int32_t length = i2d_re_X509_CRL_tbs(crl, &tbs);
520 if ((length <= 0) || (tbs == NULL)) {
521 LOGE("Get TBS certList fail!");
522 CfPrintOpensslError();
523 return CF_ERR_CRYPTO_OPERATION;
524 }
525 tbsCertListOut->data = (uint8_t *)CfMalloc(length, 0);
526 if (tbsCertListOut->data == NULL) {
527 LOGE("Failed to malloc for tbs!");
528 OPENSSL_free(tbs);
529 return CF_ERR_MALLOC;
530 }
531 (void)memcpy_s(tbsCertListOut->data, length, tbs, length);
532 OPENSSL_free(tbs);
533 tbsCertListOut->size = length;
534 return CF_SUCCESS;
535 }
536
GetSignature(HcfX509CrlSpi * self,CfBlob * signature)537 static CfResult GetSignature(HcfX509CrlSpi *self, CfBlob *signature)
538 {
539 if ((self == NULL) || (signature == NULL)) {
540 LOGE("Invalid params!");
541 return CF_INVALID_PARAMS;
542 }
543 X509_CRL *crl = GetCrl(self);
544 if (crl == NULL) {
545 LOGE("crl is null!");
546 return CF_INVALID_PARAMS;
547 }
548 const ASN1_BIT_STRING *asn1Signature = NULL;
549 X509_CRL_get0_signature(((HcfX509CRLOpensslImpl *)self)->crl, &asn1Signature, NULL);
550 if (asn1Signature == NULL) {
551 LOGE("Get signature is null!");
552 CfPrintOpensslError();
553 return CF_ERR_CRYPTO_OPERATION;
554 }
555 int32_t signatureLen = ASN1_STRING_length(asn1Signature);
556 if (signatureLen <= 0) {
557 LOGE("Get signature length is invalid!");
558 CfPrintOpensslError();
559 return CF_ERR_CRYPTO_OPERATION;
560 }
561 const unsigned char *signatureStr = ASN1_STRING_get0_data(asn1Signature);
562 if ((signatureStr == NULL) || (signatureLen > MAX_SIGNATURE_LEN)) {
563 LOGE("ASN1 get string fail, or signature length is too long!");
564 CfPrintOpensslError();
565 return CF_ERR_CRYPTO_OPERATION;
566 }
567 signature->data = (uint8_t *)CfMalloc(signatureLen, 0);
568 if (signature->data == NULL) {
569 LOGE("Failed to malloc for signature!");
570 return CF_ERR_MALLOC;
571 }
572 (void)memcpy_s(signature->data, signatureLen, signatureStr, signatureLen);
573 signature->size = signatureLen;
574 return CF_SUCCESS;
575 }
576
GetSignatureAlgOidInner(X509_CRL * crl,CfBlob * oidOut)577 static CfResult GetSignatureAlgOidInner(X509_CRL *crl, CfBlob *oidOut)
578 {
579 const X509_ALGOR *palg = NULL;
580 X509_CRL_get0_signature(crl, NULL, &palg);
581 if (palg == NULL) {
582 LOGE("alg is null!");
583 CfPrintOpensslError();
584 return CF_ERR_CRYPTO_OPERATION;
585 }
586 const ASN1_OBJECT *oid = NULL;
587 X509_ALGOR_get0(&oid, NULL, NULL, palg);
588 if (oid == NULL) {
589 LOGE("oid is null!");
590 CfPrintOpensslError();
591 return CF_ERR_CRYPTO_OPERATION;
592 }
593 char *output = (char *)CfMalloc(OID_LENGTH, 0);
594 if (output == NULL) {
595 LOGE("Failed to malloc the output!");
596 return CF_ERR_MALLOC;
597 }
598 int32_t resLen = OBJ_obj2txt(output, OID_LENGTH, oid, 1);
599 if (resLen <= 0) {
600 LOGE("Failed to do OBJ_obj2txt!");
601 CfPrintOpensslError();
602 CfFree(output);
603 return CF_ERR_CRYPTO_OPERATION;
604 }
605 uint32_t length = strlen(output) + 1;
606 oidOut->data = (uint8_t *)CfMalloc(length, 0);
607 if (oidOut->data == NULL) {
608 LOGE("Failed to malloc for oidOut!");
609 CfFree(output);
610 return CF_ERR_MALLOC;
611 }
612 (void)memcpy_s(oidOut->data, length, output, length);
613 CfFree(output);
614 oidOut->size = length;
615 return CF_SUCCESS;
616 }
617
GetSignatureAlgOid(HcfX509CrlSpi * self,CfBlob * oidOut)618 static CfResult GetSignatureAlgOid(HcfX509CrlSpi *self, CfBlob *oidOut)
619 {
620 if ((self == NULL) || (oidOut == NULL)) {
621 LOGE("Invalid params!");
622 return CF_INVALID_PARAMS;
623 }
624 X509_CRL *crl = GetCrl(self);
625 if (crl == NULL) {
626 LOGE("crl is null!");
627 return CF_INVALID_PARAMS;
628 }
629 return GetSignatureAlgOidInner(crl, oidOut);
630 }
631
GetSignatureAlgName(HcfX509CrlSpi * self,CfBlob * algNameOut)632 static CfResult GetSignatureAlgName(HcfX509CrlSpi *self, CfBlob *algNameOut)
633 {
634 if ((self == NULL) || (algNameOut == NULL)) {
635 LOGE("Invalid params!");
636 return CF_INVALID_PARAMS;
637 }
638 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
639 LOGE("Input wrong class type!");
640 return CF_INVALID_PARAMS;
641 }
642 CfBlob *oidOut = (CfBlob *)CfMalloc(sizeof(CfBlob), 0);
643 if (oidOut == NULL) {
644 LOGE("Failed to malloc for oidOut!");
645 return CF_ERR_MALLOC;
646 }
647 CfResult res = GetSignatureAlgOid(self, oidOut);
648 if (res != CF_SUCCESS) {
649 LOGE("Get signature algor oid failed!");
650 CfFree(oidOut);
651 return res;
652 }
653 const char *algName = GetAlgorithmName((const char *)(oidOut->data));
654 CfFree(oidOut->data);
655 CfFree(oidOut);
656 if (algName == NULL) {
657 LOGE("Can not find algorithmName!");
658 return CF_ERR_CRYPTO_OPERATION;
659 }
660 uint32_t length = strlen(algName) + 1;
661 algNameOut->data = (uint8_t *)CfMalloc(length, 0);
662 if (algNameOut->data == NULL) {
663 LOGE("Failed to malloc for algName!");
664 return CF_ERR_MALLOC;
665 }
666 (void)memcpy_s(algNameOut->data, length, algName, length);
667 algNameOut->size = length;
668 return CF_SUCCESS;
669 }
670
GetSignatureAlgParamsInner(X509_CRL * crl,CfBlob * sigAlgParamOut)671 static CfResult GetSignatureAlgParamsInner(X509_CRL *crl, CfBlob *sigAlgParamOut)
672 {
673 const X509_ALGOR *palg = NULL;
674 X509_CRL_get0_signature(crl, NULL, &palg);
675 if (palg == NULL) {
676 LOGE("Get alg is null!");
677 CfPrintOpensslError();
678 return CF_ERR_CRYPTO_OPERATION;
679 }
680 int32_t paramType = 0;
681 const void *paramValue = NULL;
682 X509_ALGOR_get0(NULL, ¶mType, ¶mValue, palg);
683 if (paramType == V_ASN1_UNDEF) {
684 LOGE("get_X509_ALGOR_parameter, no parameters!");
685 CfPrintOpensslError();
686 return CF_NOT_SUPPORT;
687 }
688 ASN1_TYPE *param = ASN1_TYPE_new();
689 if (param == NULL) {
690 LOGE("create param fail!");
691 CfPrintOpensslError();
692 return CF_ERR_MALLOC;
693 }
694 if (ASN1_TYPE_set1(param, paramType, paramValue) != CF_OPENSSL_SUCCESS) {
695 LOGE("Set type fail!");
696 ASN1_TYPE_free(param);
697 CfPrintOpensslError();
698 return CF_ERR_CRYPTO_OPERATION;
699 }
700 unsigned char *outParams = NULL;
701 int32_t length = i2d_ASN1_TYPE(param, &outParams);
702 ASN1_TYPE_free(param);
703 if (length <= 0) {
704 LOGE("Do i2d_ASN1_TYPE fail!");
705 CfPrintOpensslError();
706 return CF_ERR_CRYPTO_OPERATION;
707 }
708 sigAlgParamOut->data = (uint8_t *)CfMalloc(length, 0);
709 if (sigAlgParamOut->data == NULL) {
710 LOGE("Failed to malloc for sigAlgParam!");
711 OPENSSL_free(outParams);
712 return CF_ERR_MALLOC;
713 }
714 (void)memcpy_s(sigAlgParamOut->data, length, outParams, length);
715 sigAlgParamOut->size = length;
716 OPENSSL_free(outParams);
717 return CF_SUCCESS;
718 }
719
GetSignatureAlgParams(HcfX509CrlSpi * self,CfBlob * sigAlgParamOut)720 static CfResult GetSignatureAlgParams(HcfX509CrlSpi *self, CfBlob *sigAlgParamOut)
721 {
722 if ((self == NULL) || (sigAlgParamOut == NULL)) {
723 LOGE("Invalid params!");
724 return CF_INVALID_PARAMS;
725 }
726 X509_CRL *crl = GetCrl(self);
727 if (crl == NULL) {
728 LOGE("crl is null!");
729 return CF_INVALID_PARAMS;
730 }
731 return GetSignatureAlgParamsInner(crl, sigAlgParamOut);
732 }
733
GetExtensions(HcfX509CrlSpi * self,CfBlob * outBlob)734 static CfResult GetExtensions(HcfX509CrlSpi *self, CfBlob *outBlob)
735 {
736 if ((self == NULL) || (outBlob == NULL)) {
737 LOGE("Invalid params!");
738 return CF_INVALID_PARAMS;
739 }
740
741 X509_CRL *crl = GetCrl(self);
742 if (crl == NULL) {
743 LOGE("crl is null!");
744 return CF_INVALID_PARAMS;
745 }
746
747 X509_EXTENSIONS *exts = (X509_EXTENSIONS *)X509_CRL_get0_extensions(crl);
748 CfResult ret = CopyExtensionsToBlob(exts, outBlob);
749 if (ret != CF_SUCCESS) {
750 CfPrintOpensslError();
751 }
752 return ret;
753 }
754
ToString(HcfX509CrlSpi * self,CfBlob * out)755 static CfResult ToString(HcfX509CrlSpi *self, CfBlob *out)
756 {
757 if ((self == NULL) || (out == NULL)) {
758 LOGE("The input data is null!");
759 return CF_INVALID_PARAMS;
760 }
761 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
762 LOGE("Input wrong class type!");
763 return CF_INVALID_PARAMS;
764 }
765 X509_CRL *crl = GetCrl(self);
766 if (crl == NULL) {
767 LOGE("crl is null!");
768 return CF_INVALID_PARAMS;
769 }
770 BIO *bio = BIO_new(BIO_s_mem());
771 if (bio == NULL) {
772 LOGE("BIO_new error");
773 return CF_ERR_MALLOC;
774 }
775
776 int len = X509_CRL_print(bio, crl);
777 if (len <= 0) {
778 LOGE("X509_CRL_print error");
779 BIO_free(bio);
780 return CF_ERR_CRYPTO_OPERATION;
781 }
782 BUF_MEM *bufMem = NULL;
783 if (BIO_get_mem_ptr(bio, &bufMem) > 0 && bufMem != NULL) {
784 CfResult res = DeepCopyDataToOut(bufMem->data, bufMem->length, out);
785 BIO_free(bio);
786 return res;
787 }
788 BIO_free(bio);
789 LOGE("BIO_get_mem_ptr error");
790 return CF_ERR_CRYPTO_OPERATION;
791 }
792
HashCode(HcfX509CrlSpi * self,CfBlob * out)793 static CfResult HashCode(HcfX509CrlSpi *self, CfBlob *out)
794 {
795 if ((self == NULL) || (out == NULL)) {
796 LOGE("The input data is null!");
797 return CF_INVALID_PARAMS;
798 }
799 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
800 LOGE("Input wrong class type!");
801 return CF_INVALID_PARAMS;
802 }
803 X509_CRL *crl = GetCrl(self);
804 if (crl == NULL) {
805 LOGE("crl is null!");
806 return CF_INVALID_PARAMS;
807 }
808 unsigned char *buf = NULL;
809 int len = i2d_X509_CRL(crl, &buf);
810 if (len < 0 || buf == NULL) {
811 LOGE("i2d_X509_CRL error");
812 return CF_ERR_CRYPTO_OPERATION;
813 }
814
815 out->data = (uint8_t *)CfMalloc(SHA256_DIGEST_LENGTH, 0);
816 if (out->data == NULL) {
817 LOGE("CfMalloc error");
818 OPENSSL_free(buf);
819 return CF_ERR_MALLOC;
820 }
821 if (SHA256(buf, len, out->data) == NULL) {
822 LOGE("Compute sha256 error");
823 OPENSSL_free(buf);
824 CfFree(out->data);
825 return CF_ERR_CRYPTO_OPERATION;
826 }
827 out->size = SHA256_DIGEST_LENGTH;
828 OPENSSL_free(buf);
829 return CF_SUCCESS;
830 }
831
GetExtensionsObject(HcfX509CrlSpi * self,CfBlob * out)832 static CfResult GetExtensionsObject(HcfX509CrlSpi *self, CfBlob *out)
833 {
834 if ((self == NULL) || (out == NULL)) {
835 LOGE("The input data is null!");
836 return CF_INVALID_PARAMS;
837 }
838 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
839 LOGE("Input wrong class type!");
840 return CF_INVALID_PARAMS;
841 }
842 X509_CRL *crl = GetCrl(self);
843 if (crl == NULL) {
844 LOGE("crl is null!");
845 return CF_INVALID_PARAMS;
846 }
847
848 unsigned char *tmp = NULL;
849 int len = i2d_X509_EXTENSIONS(X509_CRL_get0_extensions(crl), &tmp);
850 if (len <= 0) {
851 LOGE("i2d_X509_EXTENSIONS error");
852 return CF_ERR_CRYPTO_OPERATION;
853 }
854
855 out->data = (uint8_t *)CfMalloc(len, 0);
856 if (out->data == NULL) {
857 LOGE("Failed to malloc for extensions data!");
858 OPENSSL_free(tmp);
859 return CF_ERR_MALLOC;
860 }
861 (void)memcpy_s(out->data, len, tmp, len);
862 OPENSSL_free(tmp);
863 out->size = len;
864 return CF_SUCCESS;
865 }
866
GetNumOfCRL(HcfX509CrlSpi * self,CfBlob * outBlob)867 static CfResult GetNumOfCRL(HcfX509CrlSpi *self, CfBlob *outBlob)
868 {
869 X509_CRL *crl = GetCrl(self);
870 if (crl == NULL) {
871 LOGE("Crl is null!");
872 return CF_INVALID_PARAMS;
873 }
874
875 ASN1_INTEGER *crlNumber = X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL);
876 if (crlNumber == NULL) {
877 LOGE("Crl number is null!");
878 return CF_INVALID_PARAMS;
879 }
880 outBlob->data = (uint8_t *)CfMalloc(crlNumber->length, 0);
881 if (!outBlob->data) {
882 ASN1_INTEGER_free(crlNumber);
883 LOGE("Malloc failed!");
884 return CF_ERR_MALLOC;
885 }
886 (void)memcpy_s(outBlob->data, crlNumber->length, crlNumber->data, crlNumber->length);
887 outBlob->size = (uint32_t)crlNumber->length;
888 ASN1_INTEGER_free(crlNumber);
889 return CF_SUCCESS;
890 }
891
Comparex509CertX509Openssl(HcfX509CrlSpi * self,const HcfCertificate * x509Cert,bool * out)892 static CfResult Comparex509CertX509Openssl(HcfX509CrlSpi *self, const HcfCertificate *x509Cert, bool *out)
893 {
894 bool bRet = IsRevoked(self, x509Cert);
895 if (!bRet) {
896 *out = false;
897 LOGI("Crl revoked is false!");
898 }
899 return CF_SUCCESS;
900 }
901
CompareIssuerX509Openssl(HcfX509CrlSpi * self,const CfBlobArray * issuer,bool * out)902 static CfResult CompareIssuerX509Openssl(HcfX509CrlSpi *self, const CfBlobArray *issuer, bool *out)
903 {
904 if (issuer == NULL || issuer->data == NULL || issuer->count == 0) {
905 LOGE("The input data is null!");
906 return CF_INVALID_PARAMS;
907 }
908 CfBlob outTmpSelf = { 0 };
909 CfBlob cfBlobDataParam = { 0 };
910 CfResult ret = GetIssuerName(self, &outTmpSelf);
911 if (ret != CF_SUCCESS) {
912 *out = false;
913 LOGE("x509Crl GetIssuerName failed!");
914 return ret;
915 }
916
917 *out = false;
918 for (uint32_t i = 0; i < issuer->count; ++i) {
919 ret = ConvertNameDerDataToString(issuer->data[i].data, issuer->data[i].size, &cfBlobDataParam);
920 if (ret != CF_SUCCESS) {
921 LOGE("ConvertNameDerDataToString failed!");
922 CfFree(outTmpSelf.data);
923 return ret;
924 }
925 if (outTmpSelf.size != cfBlobDataParam.size) {
926 CfFree(cfBlobDataParam.data);
927 continue;
928 }
929 if (strncmp((const char *)outTmpSelf.data, (const char *)cfBlobDataParam.data, outTmpSelf.size) == 0) {
930 *out = true;
931 CfFree(cfBlobDataParam.data);
932 break;
933 }
934 CfFree(cfBlobDataParam.data);
935 }
936 CfFree(outTmpSelf.data);
937 return CF_SUCCESS;
938 }
939
CompareUpdateDateTimeX509Openssl(HcfX509CrlSpi * self,const CfBlob * updateDateTime,bool * out)940 static CfResult CompareUpdateDateTimeX509Openssl(HcfX509CrlSpi *self, const CfBlob *updateDateTime, bool *out)
941 {
942 *out = false;
943 CfBlob outNextUpdate = { 0 };
944 CfBlob outThisUpdate = { 0 };
945 CfResult res = GetNextUpdate(self, &outNextUpdate);
946 if (res != CF_SUCCESS) {
947 LOGE("X509Crl getNextUpdate failed!");
948 return res;
949 }
950 res = GetLastUpdate(self, &outThisUpdate);
951 if (res != CF_SUCCESS) {
952 LOGE("X509Crl getLastUpdate failed!");
953 CfFree(outNextUpdate.data);
954 return res;
955 }
956
957 int ret = 0;
958 res = CompareBigNum(updateDateTime, &outNextUpdate, &ret);
959 if (res != CF_SUCCESS || ret > 0) {
960 LOGE("updateDateTime should <= outNextUpdate!");
961 CfFree(outNextUpdate.data);
962 CfFree(outThisUpdate.data);
963 return res;
964 }
965 res = CompareBigNum(updateDateTime, &outThisUpdate, &ret);
966 if (res != CF_SUCCESS || ret < 0) {
967 LOGE("updateDateTime should >= outThisUpdate!");
968 CfFree(outNextUpdate.data);
969 CfFree(outThisUpdate.data);
970 return res;
971 }
972 *out = true;
973 CfFree(outNextUpdate.data);
974 CfFree(outThisUpdate.data);
975 return CF_SUCCESS;
976 }
977
CompareCRLX509Openssl(HcfX509CrlSpi * self,const CfBlob * crlBlob,X509CRLType type,bool * out)978 static CfResult CompareCRLX509Openssl(HcfX509CrlSpi *self, const CfBlob *crlBlob, X509CRLType type, bool *out)
979 {
980 *out = false;
981 CfBlob outNum = { 0, NULL };
982 CfResult res = GetNumOfCRL(self, &outNum);
983 if (res != CF_SUCCESS) {
984 LOGE("X509Crl get num of CRL failed!");
985 return res;
986 }
987
988 int ret = 0;
989 res = CompareBigNum(crlBlob, &outNum, &ret);
990 switch (type) {
991 case CRL_MAX:
992 if (res == CF_SUCCESS && ret > 0) {
993 *out = true;
994 }
995 break;
996 case CRL_MIN:
997 if (res == CF_SUCCESS && ret < 0) {
998 *out = true;
999 }
1000 break;
1001 default:
1002 LOGE("Unknown type!");
1003 break;
1004 }
1005 CfFree(outNum.data);
1006 return CF_SUCCESS;
1007 }
1008
MatchX509CRLOpensslPart2(HcfX509CrlSpi * self,const HcfX509CrlMatchParams * matchParams,bool * out)1009 static CfResult MatchX509CRLOpensslPart2(HcfX509CrlSpi *self, const HcfX509CrlMatchParams *matchParams, bool *out)
1010 {
1011 CfResult res = CF_SUCCESS;
1012 // updateDateTime
1013 if (matchParams->updateDateTime != NULL) {
1014 res = CompareUpdateDateTimeX509Openssl(self, matchParams->updateDateTime, out);
1015 if (res != CF_SUCCESS || (*out == false)) {
1016 LOGE("X509Crl match updateDateTime failed!");
1017 return res;
1018 }
1019 }
1020
1021 // maxCRL & minCRL
1022 if ((matchParams->maxCRL != NULL) && (matchParams->minCRL != NULL)) {
1023 int ret = 0;
1024 res = CompareBigNum(matchParams->maxCRL, matchParams->minCRL, &ret);
1025 if (res != CF_SUCCESS || ret < 0) {
1026 LOGE("X509Crl minCRL should be smaller than maxCRL!");
1027 return CF_INVALID_PARAMS;
1028 }
1029 }
1030
1031 // maxCRL
1032 if (matchParams->maxCRL != NULL) {
1033 res = CompareCRLX509Openssl(self, matchParams->maxCRL, CRL_MAX, out);
1034 if (res != CF_SUCCESS || (*out == false)) {
1035 LOGE("X509Crl match maxCRL failed!");
1036 return res;
1037 }
1038 }
1039
1040 // minCRL
1041 if (matchParams->minCRL != NULL) {
1042 res = CompareCRLX509Openssl(self, matchParams->minCRL, CRL_MIN, out);
1043 if (res != CF_SUCCESS || (*out == false)) {
1044 LOGE("X509Crl match minCRL failed!");
1045 return res;
1046 }
1047 }
1048 return res;
1049 }
1050
MatchX509CRLOpenssl(HcfX509CrlSpi * self,const HcfX509CrlMatchParams * matchParams,bool * out)1051 static CfResult MatchX509CRLOpenssl(HcfX509CrlSpi *self, const HcfX509CrlMatchParams *matchParams, bool *out)
1052 {
1053 if ((self == NULL) || (matchParams == NULL) || (out == NULL)) {
1054 LOGE("The input data is null!");
1055 return CF_INVALID_PARAMS;
1056 }
1057 if (!CfIsClassMatch((CfObjectBase *)self, GetClass())) {
1058 LOGE("Input wrong class type!");
1059 return CF_INVALID_PARAMS;
1060 }
1061
1062 *out = true;
1063
1064 // x509Cert
1065 if (matchParams->x509Cert != NULL) {
1066 CfResult res = Comparex509CertX509Openssl(self, matchParams->x509Cert, out);
1067 if (res != CF_SUCCESS || (*out == false)) {
1068 LOGE("X509Crl match x509Cert failed!");
1069 return res;
1070 }
1071 }
1072
1073 // issuer
1074 if (matchParams->issuer != NULL) {
1075 CfResult res = CompareIssuerX509Openssl(self, matchParams->issuer, out);
1076 if (res != CF_SUCCESS || (*out == false)) {
1077 LOGE("X509Crl match issuer failed!");
1078 return res;
1079 }
1080 }
1081
1082 // updateDateTime、maxCRL、minCRL
1083 return MatchX509CRLOpensslPart2(self, matchParams, out);
1084 }
1085
Destroy(CfObjectBase * self)1086 static void Destroy(CfObjectBase *self)
1087 {
1088 if (self == NULL) {
1089 return;
1090 }
1091 if (!CfIsClassMatch(self, GetClass())) {
1092 LOGE("Input wrong class type!");
1093 return;
1094 }
1095 HcfX509CRLOpensslImpl *realCrl = (HcfX509CRLOpensslImpl *)self;
1096 X509_CRL_free(realCrl->crl);
1097 realCrl->crl = NULL;
1098 if (realCrl->certIssuer != NULL) {
1099 CfFree(realCrl->certIssuer->data);
1100 realCrl->certIssuer->data = NULL;
1101 CfFree(realCrl->certIssuer);
1102 realCrl->certIssuer = NULL;
1103 }
1104 CfFree(realCrl);
1105 }
1106
ParseX509CRL(const CfEncodingBlob * inStream)1107 static X509_CRL *ParseX509CRL(const CfEncodingBlob *inStream)
1108 {
1109 if ((inStream->data == NULL) || (inStream->len <= 0)) {
1110 LOGE("Invalid params!");
1111 return NULL;
1112 }
1113 BIO *bio = BIO_new_mem_buf(inStream->data, inStream->len);
1114 if (bio == NULL) {
1115 LOGE("bio get null!");
1116 CfPrintOpensslError();
1117 return NULL;
1118 }
1119 X509_CRL *crlOut = NULL;
1120 switch (inStream->encodingFormat) {
1121 case CF_FORMAT_DER:
1122 crlOut = d2i_X509_CRL_bio(bio, NULL);
1123 break;
1124 case CF_FORMAT_PEM:
1125 crlOut = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
1126 break;
1127 default:
1128 LOGE("Not support format!");
1129 break;
1130 }
1131 BIO_free_all(bio);
1132 if (crlOut == NULL) {
1133 LOGE("Parse X509 CRL fail!");
1134 CfPrintOpensslError();
1135 return NULL;
1136 }
1137 return crlOut;
1138 }
1139
HcfCX509CrlSpiCreate(const CfEncodingBlob * inStream,HcfX509CrlSpi ** spi)1140 CfResult HcfCX509CrlSpiCreate(const CfEncodingBlob *inStream, HcfX509CrlSpi **spi)
1141 {
1142 if ((inStream == NULL) || (inStream->data == NULL) || (spi == NULL)) {
1143 LOGE("Invalid params!");
1144 return CF_INVALID_PARAMS;
1145 }
1146 HcfX509CRLOpensslImpl *returnCRL = (HcfX509CRLOpensslImpl *)CfMalloc(sizeof(HcfX509CRLOpensslImpl), 0);
1147 if (returnCRL == NULL) {
1148 LOGE("Failed to malloc for x509 instance!");
1149 return CF_ERR_MALLOC;
1150 }
1151 X509_CRL *crl = ParseX509CRL(inStream);
1152 if (crl == NULL) {
1153 LOGE("Failed to Parse x509 CRL!");
1154 CfFree(returnCRL);
1155 return CF_INVALID_PARAMS;
1156 }
1157 returnCRL->crl = crl;
1158 returnCRL->certIssuer = NULL;
1159 returnCRL->base.base.getClass = GetClass;
1160 returnCRL->base.base.destroy = Destroy;
1161 returnCRL->base.engineIsRevoked = IsRevoked;
1162 returnCRL->base.engineGetType = GetType;
1163 returnCRL->base.engineGetEncoded = GetEncoded;
1164 returnCRL->base.engineVerify = Verify;
1165 returnCRL->base.engineGetVersion = GetVersion;
1166 returnCRL->base.engineGetIssuerName = GetIssuerName;
1167 returnCRL->base.engineGetLastUpdate = GetLastUpdate;
1168 returnCRL->base.engineGetNextUpdate = GetNextUpdate;
1169 returnCRL->base.engineGetRevokedCert = GetRevokedCert;
1170 returnCRL->base.engineGetRevokedCertWithCert = GetRevokedCertWithCert;
1171 returnCRL->base.engineGetRevokedCerts = GetRevokedCerts;
1172 returnCRL->base.engineGetTbsInfo = GetTbsList;
1173 returnCRL->base.engineGetSignature = GetSignature;
1174 returnCRL->base.engineGetSignatureAlgName = GetSignatureAlgName;
1175 returnCRL->base.engineGetSignatureAlgOid = GetSignatureAlgOid;
1176 returnCRL->base.engineGetSignatureAlgParams = GetSignatureAlgParams;
1177 returnCRL->base.engineGetExtensions = GetExtensions;
1178 returnCRL->base.engineMatch = MatchX509CRLOpenssl;
1179 returnCRL->base.engineToString = ToString;
1180 returnCRL->base.engineHashCode = HashCode;
1181 returnCRL->base.engineGetExtensionsObject = GetExtensionsObject;
1182 if (SetCertIssuer((HcfX509CrlSpi *)returnCRL) != CF_SUCCESS) {
1183 LOGI("No cert issuer find or set cert issuer fail!");
1184 }
1185 *spi = (HcfX509CrlSpi *)returnCRL;
1186 return CF_SUCCESS;
1187 }
1188