feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

do not error out on CRL next date if using NO_VERIFY

Browse Source
This commit is contained in:
Jacob Barthelmeh
2022-05-10 14:00:21 -06:00
parent 0747a16893
commit 531120131a
3 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/crl.c
View File

@ -497,7 +497,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
#endif #endif
InitDecodedCRL(dcrl, crl->heap); InitDecodedCRL(dcrl, crl->heap);
ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm); ret = ParseCRL(dcrl, myBuffer, (word32)sz, verify, crl->cm);
if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) { if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) {
WOLFSSL_MSG("ParseCRL error"); WOLFSSL_MSG("ParseCRL error");
} }

13
wolfcrypt/src/asn.c
View File

@ -31567,7 +31567,7 @@ static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm)
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf, static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
word32* inOutIdx, int sz) word32* inOutIdx, int sz, int verify)
{ {
word32 oid, dateIdx, idx, checkIdx; word32 oid, dateIdx, idx, checkIdx;
int version; int version;
@ -31617,7 +31617,8 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
#endif #endif
{ {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
return CRL_CERT_DATE_ERR; return CRL_CERT_DATE_ERR;
} }
@ -31928,7 +31929,8 @@ enum {
#endif #endif
/* parse crl buffer into decoded state, 0 on success */ /* parse crl buffer into decoded state, 0 on success */
int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, int verify,
void* cm)
{ {
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
Signer* ca = NULL; Signer* ca = NULL;
@ -31957,7 +31959,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
return ASN_PARSE_E; return ASN_PARSE_E;
dcrl->sigIndex = len + idx; dcrl->sigIndex = len + idx;
if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex) < 0) if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex, verify) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0) if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0)
@ -32080,7 +32082,8 @@ end:
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (dcrl->nextDateFormat != 0) { if (dcrl->nextDateFormat != 0) {
/* Next date was set, so validate it. */ /* Next date was set, so validate it. */
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
ret = CRL_CERT_DATE_ERR; ret = CRL_CERT_DATE_ERR;
} }

2
wolfssl/wolfcrypt/asn.h
View File

@ -2271,7 +2271,7 @@ WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
word32 signatureOID, Signer *ca, word32 signatureOID, Signer *ca,
void* heap); void* heap);
WOLFSSL_LOCAL int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, WOLFSSL_LOCAL int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz,
void* cm); int verify, void* cm);
WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl); WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);