1 /***************************************************************************
2 * Copyright (c) 2024 Microsoft Corporation
3 *
4 * This program and the accompanying materials are made available under the
5 * terms of the MIT License which is available at
6 * https://opensource.org/licenses/MIT.
7 *
8 * SPDX-License-Identifier: MIT
9 **************************************************************************/
10
11
12 /**************************************************************************/
13 /**************************************************************************/
14 /** */
15 /** NetX Secure Component */
16 /** */
17 /** Transport Layer Security (TLS) */
18 /** */
19 /**************************************************************************/
20 /**************************************************************************/
21
22 #define NX_SECURE_SOURCE_CODE
23
24 /* Include necessary system files. */
25
26 #include "nx_secure_tls.h"
27
28 /**************************************************************************/
29 /* */
30 /* FUNCTION RELEASE */
31 /* */
32 /* _nx_secure_tls_remote_certificate_free PORTABLE C */
33 /* 6.2.1 */
34 /* AUTHOR */
35 /* */
36 /* Timothy Stapko, Microsoft Corporation */
37 /* */
38 /* DESCRIPTION */
39 /* */
40 /* This function moves a remote certificate buffer back into the free */
41 /* store. It is used when the remote certificate is no longer needed, */
42 /* such as when a TLS session is ended. */
43 /* */
44 /* INPUT */
45 /* */
46 /* tls_session Pointer to TLS Session */
47 /* name Certificate distinguished name*/
48 /* */
49 /* OUTPUT */
50 /* */
51 /* status Completion status */
52 /* */
53 /* CALLS */
54 /* */
55 /* _nx_secure_x509_certificate_list_find */
56 /* Find certificate by name */
57 /* _nx_secure_x509_store_certificate_remove */
58 /* Remove certificate from store */
59 /* _nx_secure_x509_store_certificate_add */
60 /* Add certificate to store */
61 /* */
62 /* CALLED BY */
63 /* */
64 /* _nx_secure_tls_remote_certificate_free_all */
65 /* Free all remote certificates */
66 /* */
67 /* RELEASE HISTORY */
68 /* */
69 /* DATE NAME DESCRIPTION */
70 /* */
71 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
72 /* 09-30-2020 Timothy Stapko Modified comment(s), fixed */
73 /* certificate allocation bug, */
74 /* resulting in version 6.1 */
75 /* 04-02-2021 Timothy Stapko Modified comment(s), */
76 /* updated X.509 return value, */
77 /* resulting in version 6.1.6 */
78 /* 01-31-2022 Timothy Stapko Modified comment(s), and */
79 /* improved code coverage */
80 /* results, */
81 /* resulting in version 6.1.10 */
82 /* 03-08-2023 Yanwu Cai Modified comment(s), */
83 /* fixed compiler errors when */
84 /* x509 is disabled, */
85 /* resulting in version 6.2.1 */
86 /* */
87 /**************************************************************************/
_nx_secure_tls_remote_certificate_free(NX_SECURE_TLS_SESSION * tls_session,NX_SECURE_X509_DISTINGUISHED_NAME * name)88 UINT _nx_secure_tls_remote_certificate_free(NX_SECURE_TLS_SESSION *tls_session,
89 NX_SECURE_X509_DISTINGUISHED_NAME *name)
90 {
91 #ifndef NX_SECURE_DISABLE_X509
92 UINT status;
93 NX_SECURE_X509_CERT *list_head;
94 NX_SECURE_X509_CERTIFICATE_STORE *store;
95 NX_SECURE_X509_CERT *certificate;
96
97 /* Get the remote certificate store from our TLS session. */
98 store = &tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store;
99
100 /* Get the first certificate in the remote store. */
101 list_head = store -> nx_secure_x509_remote_certificates;
102
103 /* Find the certificate using it's name. */
104 status = _nx_secure_x509_certificate_list_find(&list_head, name, 0, &certificate);
105
106 /* Now status can only be NX_SECURE_X509_CERTIFICATE_NOT_FOUND or NX_SECURE_X509_SUCCESS as
107 "&list_head" and "&certificate" are not NULL.
108 Translate X.509 return values into TLS return values. */
109 if (status == NX_SECURE_X509_CERTIFICATE_NOT_FOUND)
110 {
111 return(NX_SECURE_TLS_CERTIFICATE_NOT_FOUND);
112 }
113
114 /* Make sure status is NX_SECURE_X509_SUCCESS here. */
115 NX_ASSERT(status == NX_SECURE_X509_SUCCESS);
116
117 /* Remove the certificate from the remote store. */
118 _nx_secure_x509_store_certificate_remove(store, name, NX_SECURE_X509_CERT_LOCATION_REMOTE, 0);
119
120 /* Only user allocated certificate is added back to the free store. */
121 if (certificate -> nx_secure_x509_user_allocated_cert)
122 {
123
124 /* Add the certificate back to the free store. */
125 status = _nx_secure_x509_store_certificate_add(certificate, store, NX_SECURE_X509_CERT_LOCATION_FREE);
126
127 if (status != NX_SUCCESS)
128 {
129
130 /* Translate some X.509 return values into TLS return values. */
131 if (status == NX_SECURE_X509_CERT_ID_DUPLICATE)
132 {
133 return(NX_SECURE_TLS_CERT_ID_DUPLICATE);
134 }
135
136 return(status);
137 }
138 }
139
140 /* Return completion status. */
141 return(status);
142 #else
143 NX_PARAMETER_NOT_USED(tls_session);
144 NX_PARAMETER_NOT_USED(name);
145
146 return(NX_NOT_SUPPORTED);
147 #endif
148 }
149
150
