1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Secure Component */
17 /** */
18 /** Transport Layer Security (TLS) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SECURE_SOURCE_CODE
24
25 /* Include necessary system files. */
26
27 #include "nx_secure_tls.h"
28
29 /**************************************************************************/
30 /* */
31 /* FUNCTION RELEASE */
32 /* */
33 /* _nx_secure_tls_remote_certificate_free PORTABLE C */
34 /* 6.2.1 */
35 /* AUTHOR */
36 /* */
37 /* Timothy Stapko, Microsoft Corporation */
38 /* */
39 /* DESCRIPTION */
40 /* */
41 /* This function moves a remote certificate buffer back into the free */
42 /* store. It is used when the remote certificate is no longer needed, */
43 /* such as when a TLS session is ended. */
44 /* */
45 /* INPUT */
46 /* */
47 /* tls_session Pointer to TLS Session */
48 /* name Certificate distinguished name*/
49 /* */
50 /* OUTPUT */
51 /* */
52 /* status Completion status */
53 /* */
54 /* CALLS */
55 /* */
56 /* _nx_secure_x509_certificate_list_find */
57 /* Find certificate by name */
58 /* _nx_secure_x509_store_certificate_remove */
59 /* Remove certificate from store */
60 /* _nx_secure_x509_store_certificate_add */
61 /* Add certificate to store */
62 /* */
63 /* CALLED BY */
64 /* */
65 /* _nx_secure_tls_remote_certificate_free_all */
66 /* Free all remote certificates */
67 /* */
68 /* RELEASE HISTORY */
69 /* */
70 /* DATE NAME DESCRIPTION */
71 /* */
72 /* 05-19-2020 Timothy Stapko Initial Version 6.0 */
73 /* 09-30-2020 Timothy Stapko Modified comment(s), fixed */
74 /* certificate allocation bug, */
75 /* resulting in version 6.1 */
76 /* 04-02-2021 Timothy Stapko Modified comment(s), */
77 /* updated X.509 return value, */
78 /* resulting in version 6.1.6 */
79 /* 01-31-2022 Timothy Stapko Modified comment(s), and */
80 /* improved code coverage */
81 /* results, */
82 /* resulting in version 6.1.10 */
83 /* 03-08-2023 Yanwu Cai Modified comment(s), */
84 /* fixed compiler errors when */
85 /* x509 is disabled, */
86 /* resulting in version 6.2.1 */
87 /* */
88 /**************************************************************************/
_nx_secure_tls_remote_certificate_free(NX_SECURE_TLS_SESSION * tls_session,NX_SECURE_X509_DISTINGUISHED_NAME * name)89 UINT _nx_secure_tls_remote_certificate_free(NX_SECURE_TLS_SESSION *tls_session,
90 NX_SECURE_X509_DISTINGUISHED_NAME *name)
91 {
92 #ifndef NX_SECURE_DISABLE_X509
93 UINT status;
94 NX_SECURE_X509_CERT *list_head;
95 NX_SECURE_X509_CERTIFICATE_STORE *store;
96 NX_SECURE_X509_CERT *certificate;
97
98 /* Get the remote certificate store from our TLS session. */
99 store = &tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store;
100
101 /* Get the first certificate in the remote store. */
102 list_head = store -> nx_secure_x509_remote_certificates;
103
104 /* Find the certificate using it's name. */
105 status = _nx_secure_x509_certificate_list_find(&list_head, name, 0, &certificate);
106
107 /* Now status can only be NX_SECURE_X509_CERTIFICATE_NOT_FOUND or NX_SECURE_X509_SUCCESS as
108 "&list_head" and "&certificate" are not NULL.
109 Translate X.509 return values into TLS return values. */
110 if (status == NX_SECURE_X509_CERTIFICATE_NOT_FOUND)
111 {
112 return(NX_SECURE_TLS_CERTIFICATE_NOT_FOUND);
113 }
114
115 /* Make sure status is NX_SECURE_X509_SUCCESS here. */
116 NX_ASSERT(status == NX_SECURE_X509_SUCCESS);
117
118 /* Remove the certificate from the remote store. */
119 _nx_secure_x509_store_certificate_remove(store, name, NX_SECURE_X509_CERT_LOCATION_REMOTE, 0);
120
121 /* Only user allocated certificate is added back to the free store. */
122 if (certificate -> nx_secure_x509_user_allocated_cert)
123 {
124
125 /* Add the certificate back to the free store. */
126 status = _nx_secure_x509_store_certificate_add(certificate, store, NX_SECURE_X509_CERT_LOCATION_FREE);
127
128 if (status != NX_SUCCESS)
129 {
130
131 /* Translate some X.509 return values into TLS return values. */
132 if (status == NX_SECURE_X509_CERT_ID_DUPLICATE)
133 {
134 return(NX_SECURE_TLS_CERT_ID_DUPLICATE);
135 }
136
137 return(status);
138 }
139 }
140
141 /* Return completion status. */
142 return(status);
143 #else
144 NX_PARAMETER_NOT_USED(tls_session);
145 NX_PARAMETER_NOT_USED(name);
146
147 return(NX_NOT_SUPPORTED);
148 #endif
149 }
150
151
