Address reviewed items

src/crl.c

@@ -82,7 +82,8 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
     WOLFSSL_ENTER("InitCRL_Entry");
 
     XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
-    XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
+    /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
+     * copy the hash here if needed for optimized comparisons */
     XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
     XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
     crle->lastDateFormat = dcrl->lastDateFormat;

src/ssl.c

@@ -4583,10 +4583,6 @@ Signer* GetCAByName(void* vp, byte* hash)
             if (XMEMCMP(hash, signers->subjectNameHash,
                         SIGNER_DIGEST_SIZE) == 0) {
                 ret = signers;
-            } else if (cm->crl != NULL && cm->crl->crlList != NULL &&
-                       XMEMCMP(hash, cm->crl->crlList->crlHash,
-                             SIGNER_DIGEST_SIZE) == 0) {
-                ret = signers;
             }
             signers = signers->next;
         }

wolfcrypt/src/asn.c

@@ -15798,7 +15798,8 @@ void InitDecodedCRL(DecodedCRL* dcrl, void* heap)
     dcrl->signatureOID = 0;
     dcrl->signature    = NULL;
     XMEMSET(dcrl->issuerHash, 0, SIGNER_DIGEST_SIZE);
-    XMEMSET(dcrl->crlHash, 0, SIGNER_DIGEST_SIZE);
+    /* XMEMSET(dcrl->crlHash, 0, SIGNER_DIGEST_SIZE);
+     * initialize the hash here if needed for optimized comparisons */
     XMEMSET(dcrl->lastDate, 0, MAX_DATE_SIZE);
     XMEMSET(dcrl->nextDate, 0, MAX_DATE_SIZE);
     XMEMSET(dcrl->extAuthKeyId, 0, KEYID_SIZE);
@@ -16006,10 +16007,11 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
     WOLFSSL_MSG("ParseCRL");
 
     /* raw crl hash */
-    wc_Sha sha;
+    /* hash here if needed for optimized comparisons
-    wc_InitSha(&sha);
+     * wc_Sha sha;
-    wc_ShaUpdate(&sha, buff, sz);
+     * wc_InitSha(&sha);
-    wc_ShaFinal(&sha, dcrl->crlHash);
+     * wc_ShaUpdate(&sha, buff, sz);
+     * wc_ShaFinal(&sha, dcrl->crlHash); */
 
     if (GetSequence(buff, &idx, &len, sz) < 0)
         return ASN_PARSE_E;
@@ -16037,8 +16039,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
        if experiencing issues uncomment NO_SKID define in CRL section of
        wolfssl/wolfcrypt/settings.h */
 #ifndef NO_SKID
-    ca = GetCAByName(cm, dcrl->crlHash); /* most unique */
+    if (dcrl->extAuthKeyIdSet)
-    if (ca == NULL && dcrl->extAuthKeyIdSet)
         ca = GetCA(cm, dcrl->extAuthKeyId); /* more unique than issuerHash */
     if (ca == NULL)
         ca = GetCAByName(cm, dcrl->issuerHash); /* last resort */

wolfssl/internal.h

@@ -1856,7 +1856,8 @@ typedef struct CRL_Entry CRL_Entry;
 struct CRL_Entry {
     CRL_Entry* next;                      /* next entry */
     byte    issuerHash[CRL_DIGEST_SIZE];  /* issuer hash                 */
-    byte    crlHash[CRL_DIGEST_SIZE];     /* raw crl data hash           */
+    /* byte    crlHash[CRL_DIGEST_SIZE];      raw crl data hash           */
+    /* restore the hash here if needed for optimized comparisons */
     byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
     byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
     byte    lastDateFormat;          /* last date format */

wolfssl/wolfcrypt/settings.h

@@ -1619,8 +1619,8 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 #ifdef HAVE_CRL
-    /* not widely supported yet */
+    /* may not be widely supported */
-    #undef NO_SKID
+    /* #undef NO_SKID */
     /* #define NO_SKID */
 #endif