feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

do not error out on CRL next date if using NO_VERIFY

Browse Source
This commit is contained in:
Jacob Barthelmeh
2022-05-10 14:00:21 -06:00
parent 0747a16893
commit 531120131a
3 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/crl.c
View File

@ -497,7 +497,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
#endif
InitDecodedCRL(dcrl, crl->heap);
ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm);
ret = ParseCRL(dcrl, myBuffer, (word32)sz, verify, crl->cm);
if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) {
WOLFSSL_MSG("ParseCRL error");
}

13
wolfcrypt/src/asn.c
View File

@ -31567,7 +31567,7 @@ static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm)
#ifndef WOLFSSL_ASN_TEMPLATE
static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
word32* inOutIdx, int sz)
word32* inOutIdx, int sz, int verify)
{
word32 oid, dateIdx, idx, checkIdx;
int version;
@ -31617,7 +31617,8 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
#endif
{
#ifndef NO_ASN_TIME
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid");
return CRL_CERT_DATE_ERR;
}
@ -31928,7 +31929,8 @@ enum {
#endif
/* parse crl buffer into decoded state, 0 on success */
int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, int verify,
void* cm)
{
#ifndef WOLFSSL_ASN_TEMPLATE
Signer* ca = NULL;
@ -31957,7 +31959,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
return ASN_PARSE_E;
dcrl->sigIndex = len + idx;
if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex) < 0)
if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex, verify) < 0)
return ASN_PARSE_E;
if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0)
@ -32080,7 +32082,8 @@ end:
#ifndef NO_ASN_TIME
if (dcrl->nextDateFormat != 0) {
/* Next date was set, so validate it. */
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid");
ret = CRL_CERT_DATE_ERR;
}

2
wolfssl/wolfcrypt/asn.h
View File

@ -2271,7 +2271,7 @@ WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
word32 signatureOID, Signer *ca,
void* heap);
WOLFSSL_LOCAL int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz,
void* cm);
int verify, void* cm);
WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);