From ba6e0c534cced7260b3e4fdcda9bd9bd81dc6767 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Fri, 25 Aug 2017 12:28:41 +0100
Subject: [PATCH] Parse RevokedInfo in OCSP response

Populate the function x509_ocsp_get_revoked_info() with code to parse the
following ASN.1 structure:

   RevokedInfo ::= SEQUENCE {
       revocationTime              GeneralizedTime,
       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }

x509_ocsp_get_revoked_info() parses the top level SEQUENCE and the EXPLICIT
OPTIONAL tag, but delegates the parsing of GeneralizedTime and
CRL reason (if present) to x509_ocsp_get_generalized_time() and
x509_ocsp_get_crl_reason() respectively.
---
 library/x509_ocsp.c | 57 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/library/x509_ocsp.c b/library/x509_ocsp.c
index 81418a91b4..8c554e57b9 100644
--- a/library/x509_ocsp.c
+++ b/library/x509_ocsp.c
@@ -335,10 +335,67 @@ static int x509_ocsp_get_cert_id( unsigned char **p,
     return( 0 );
 }
 
+static int x509_ocsp_get_crl_reason( unsigned char **p,
+                                     const unsigned char *end,
+                                     uint8_t *reason )
+{
+    return( 0 );
+}
+
 static int x509_ocsp_get_revoked_info( unsigned char **p,
                                        const unsigned char *end,
                             mbedtls_x509_ocsp_single_response *single_resp )
 {
+    int ret;
+    size_t len;
+
+    /*
+     * RevokedInfo :: SEQUENCE {
+     *  revocationTime          GeneralizedTime,
+     *  revocationReason        [0] EXPLICIT CRLReason OPTIONAL }
+     */
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    end = *p + len;
+
+    /* Parse revocationTime */
+    if( ( ret = x509_ocsp_get_generalized_time( p, end,
+                                    &single_resp->revocation_time ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    /* The revocationReason is optional, so return if there is no data */
+    if( *p == end )
+        return( 0 );
+
+    /* Parse revocationReason */
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+        MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
+    }
+
+    if( *p + len != end )
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+    single_resp->has_revocation_reason = 1;
+
+    if( ( ret = x509_ocsp_get_crl_reason( p, end,
+                                    &single_resp->revocation_reason ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    if( *p != end )
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
     return( 0 );
 }