forked from wolfSSL/wolfssl
Added WOLFSSL_ASN1_TIME to CRL
This commit is contained in:
Uriah Pollock
22
src/crl.c
22
src/crl.c
@@ -94,10 +94,12 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
|
||||
XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
|
||||
/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
|
||||
* copy the hash here if needed for optimized comparisons */
|
||||
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
|
||||
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
|
||||
crle->lastDateFormat = dcrl->lastDateFormat;
|
||||
crle->nextDateFormat = dcrl->nextDateFormat;
|
||||
crle->lastDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(crle->lastDate.data, dcrl->lastDate.data, crle->lastDate.length);
|
||||
crle->nextDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(crle->nextDate.data, dcrl->nextDate.data, crle->nextDate.length);
|
||||
crle->lastDate.type = dcrl->lastDate.type;
|
||||
crle->nextDate.type = dcrl->nextDate.type;
|
||||
crle->version = dcrl->version;
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
crle->issuer = NULL;
|
||||
@@ -385,7 +387,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
|
||||
#endif
|
||||
{
|
||||
#ifndef NO_ASN_TIME
|
||||
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
|
||||
if (!XVALIDATE_DATE(crle->nextDate.data, crle->nextDate.type, AFTER)) {
|
||||
WOLFSSL_MSG("CRL next date is no longer valid");
|
||||
ret = ASN_AFTER_DATE_E;
|
||||
}
|
||||
@@ -691,10 +693,12 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
|
||||
XMEMSET(dupl, 0, sizeof(CRL_Entry));
|
||||
|
||||
XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE);
|
||||
XMEMCPY(dupl->lastDate, ent->lastDate, MAX_DATE_SIZE);
|
||||
XMEMCPY(dupl->nextDate, ent->nextDate, MAX_DATE_SIZE);
|
||||
dupl->lastDateFormat = ent->lastDateFormat;
|
||||
dupl->nextDateFormat = ent->nextDateFormat;
|
||||
dupl->lastDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(dupl->lastDate.data, ent->lastDate.data, dupl->lastDate.length);
|
||||
dupl->nextDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(dupl->nextDate.data, ent->nextDate.data, dupl->nextDate.length);
|
||||
dupl->lastDate.type = ent->lastDate.type;
|
||||
dupl->nextDate.type = ent->nextDate.type;
|
||||
|
||||
#ifdef CRL_STATIC_REVOKED_LIST
|
||||
XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert));
|
||||
|
||||
@@ -1073,14 +1073,14 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
|
||||
int length)
|
||||
{
|
||||
if ((cidOut == NULL) || (derIn == NULL) || (length == 0))
|
||||
return (NULL);
|
||||
return NULL;
|
||||
|
||||
/* If a NULL is passed we allocate the memory for the caller. */
|
||||
if (*cidOut == NULL) {
|
||||
*cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
|
||||
if (*cidOut == NULL) {
|
||||
return (NULL);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1090,7 +1090,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
|
||||
/* Per spec. advance past the data that is being returned to the caller. */
|
||||
*derIn = *derIn + length;
|
||||
|
||||
return (*cidOut);
|
||||
return *cidOut;
|
||||
}
|
||||
|
||||
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
|
||||
|
||||
24
src/x509.c
24
src/x509.c
@@ -7645,6 +7645,7 @@ const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_STUB
|
||||
const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
|
||||
WOLFSSL_X509_REVOKED *rev)
|
||||
{
|
||||
@@ -7653,6 +7654,7 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
|
||||
(void) rev;
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* print serial number out
|
||||
* return WOLFSSL_SUCCESS on success
|
||||
@@ -7897,10 +7899,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (crl->crlList->lastDate[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->lastDate, ASN_UTC_TIME,
|
||||
if (crl->crlList->lastDate.data[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->lastDate.data, ASN_UTC_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
if (GetTimeString(crl->crlList->lastDate, ASN_GENERALIZED_TIME,
|
||||
if (GetTimeString(crl->crlList->lastDate.data, ASN_GENERALIZED_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("Error getting last update date");
|
||||
return WOLFSSL_FAILURE;
|
||||
@@ -7928,10 +7930,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (crl->crlList->nextDate[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->nextDate, ASN_UTC_TIME,
|
||||
if (crl->crlList->nextDate.data[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->nextDate.data, ASN_UTC_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
if (GetTimeString(crl->crlList->nextDate, ASN_GENERALIZED_TIME,
|
||||
if (GetTimeString(crl->crlList->nextDate.data, ASN_GENERALIZED_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("Error getting next update date");
|
||||
return WOLFSSL_FAILURE;
|
||||
@@ -8036,8 +8038,9 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
|
||||
{
|
||||
if ((crl != NULL) && (crl->crlList->lastDate[0] != 0)) {
|
||||
return (WOLFSSL_ASN1_TIME*)crl->crlList->lastDate;
|
||||
if ((crl != NULL) && (crl->crlList != NULL) &&
|
||||
(crl->crlList->lastDate.data[0] != 0)) {
|
||||
return &crl->crlList->lastDate;
|
||||
}
|
||||
else
|
||||
return NULL;
|
||||
@@ -8045,8 +8048,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
|
||||
|
||||
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
|
||||
{
|
||||
if ((crl != NULL) && (crl->crlList->nextDate[0] != 0)) {
|
||||
return (WOLFSSL_ASN1_TIME*)crl->crlList->nextDate;
|
||||
if ((crl != NULL) && (crl->crlList != NULL) &&
|
||||
(crl->crlList->nextDate.data[0] != 0)) {
|
||||
return &crl->crlList->nextDate;
|
||||
}
|
||||
else
|
||||
return NULL;
|
||||
|
||||
@@ -35775,12 +35775,14 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
|
||||
if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
|
||||
if (GetBasicDate(buf, &idx, dcrl->lastDate.data,
|
||||
(byte*) &dcrl->lastDate.type, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
dateIdx = idx;
|
||||
|
||||
if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
|
||||
if (GetBasicDate(buf, &idx, dcrl->nextDate.data,
|
||||
(byte*) &dcrl->nextDate.type, sz) < 0)
|
||||
{
|
||||
#ifndef WOLFSSL_NO_CRL_NEXT_DATE
|
||||
(void)dateIdx;
|
||||
@@ -35797,8 +35799,8 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
|
||||
#endif
|
||||
{
|
||||
#ifndef NO_ASN_TIME
|
||||
if (verify != NO_VERIFY &&
|
||||
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
|
||||
if (verify != NO_VERIFY && !XVALIDATE_DATE(dcrl->nextDate.data,
|
||||
dcrl->nextDate.type, AFTER)) {
|
||||
WOLFSSL_MSG("CRL after date is no longer valid");
|
||||
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
|
||||
return CRL_CERT_DATE_ERR;
|
||||
|
||||
@@ -2211,17 +2211,15 @@ struct CRL_Entry {
|
||||
byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
|
||||
/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
|
||||
/* restore the hash here if needed for optimized comparisons */
|
||||
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
|
||||
byte nextDate[MAX_DATE_SIZE]; /* next update date */
|
||||
byte lastDateFormat; /* last date format */
|
||||
byte nextDateFormat; /* next date format */
|
||||
WOLFSSL_ASN1_TIME lastDate; /* last date updated */
|
||||
WOLFSSL_ASN1_TIME nextDate; /* next update date */
|
||||
#ifdef CRL_STATIC_REVOKED_LIST
|
||||
RevokedCert certs[CRL_MAX_REVOKED_CERTS];
|
||||
#else
|
||||
RevokedCert* certs; /* revoked cert list */
|
||||
RevokedCert* certs; /* revoked cert list */
|
||||
#endif
|
||||
int totalCerts; /* number on list */
|
||||
int version; /* version of certficate */
|
||||
int totalCerts; /* number on list */
|
||||
int version; /* version of certficate */
|
||||
int verified;
|
||||
byte* toBeSigned;
|
||||
word32 tbsSz;
|
||||
|
||||
@@ -732,7 +732,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define X509_OBJECT_get0_X509 wolfSSL_X509_OBJECT_get0_X509
|
||||
#define X509_OBJECT_get0_X509_CRL wolfSSL_X509_OBJECT_get0_X509_CRL
|
||||
|
||||
#define X509_REVOKED_get_serial_number wolfSSL_X509_REVOKED_get_serial_number
|
||||
#define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number
|
||||
#define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date
|
||||
|
||||
|
||||
@@ -2447,10 +2447,8 @@ struct DecodedCRL {
|
||||
byte* signature; /* pointer into raw source, not owned */
|
||||
byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
|
||||
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
|
||||
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
|
||||
byte nextDate[MAX_DATE_SIZE]; /* next update date */
|
||||
byte lastDateFormat; /* format of last date */
|
||||
byte nextDateFormat; /* format of next date */
|
||||
WOLFSSL_ASN1_TIME lastDate; /* last date updated */
|
||||
WOLFSSL_ASN1_TIME nextDate; /* next update date */
|
||||
RevokedCert* certs; /* revoked cert list */
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
byte* issuer; /* full name including common name */
|
||||
|
||||
Reference in New Issue
Block a user