diff --git a/src/ocsp.c b/src/ocsp.c index da2973918..b8f9aca64 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1072,22 +1072,24 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, const unsigned char** derIn, int length) { - if ((derIn == NULL) || (length == 0)) + if ((cidOut == NULL) || (derIn == NULL) || (length == 0)) return (NULL); - if (*cidOut != NULL) { - XMEMCPY ((*cidOut)->rawCertId, *derIn, length); - (*cidOut)->rawCertIdSize = length; - } - else { + /* If a NULL is passed we allocate the memory for the caller. */ + if (*cidOut == NULL) { *cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL); + if (*cidOut == NULL) { return (NULL); } - XMEMCPY ((*cidOut)->rawCertId, *derIn, length); - (*cidOut)->rawCertIdSize = length; } + XMEMCPY ((*cidOut)->rawCertId, *derIn, length); + (*cidOut)->rawCertIdSize = length; + + /* Per spec. advance past the data that is being returned to the caller. */ + *derIn = *derIn + length; + return (*cidOut); } diff --git a/src/x509.c b/src/x509.c index 8bde060ee..06fe70001 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7611,7 +7611,7 @@ int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl, } /* Retrieve serial number from RevokedCert - * return WOLFSSL_SUCCESS on success + * return WOLFSSL_SUCCESS on success and negative values on failure */ int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, byte* in, int* inOutSz) @@ -7633,47 +7633,29 @@ int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, return WOLFSSL_SUCCESS; } -/* Retrieve the revocation date from RevokedCert - * return WOLFSSL_SUCCESS on success - */ -int wolfSSL_X509_REVOKED_get_revocationDate(RevokedCert* rev, - byte* in, int* inOutSz) +const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const + WOLFSSL_X509_REVOKED *rev) { - char tmp[MAX_DATE_SIZE]; + WOLFSSL_ENTER("wolfSSL_X509_REVOKED_get0_serial_number"); - WOLFSSL_ENTER("wolfSSL_X509_REVOKED_get_revocationDate"); - - if ((rev == NULL) || (in == NULL) || (inOutSz == NULL)) { - return (BAD_FUNC_ARG); + if (rev != NULL) { + return rev->serialNumber; } + else + return NULL; +} - if (*inOutSz < MAX_DATE_SIZE) { - return (BAD_FUNC_ARG); - } +const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const + WOLFSSL_X509_REVOKED *rev) +{ + WOLFSSL_STUB("wolfSSL_X509_REVOKED_get0_revocation_date"); - if (rev->revDate[0] != 0) { - if (GetTimeString(rev->revDate, ASN_UTC_TIME, - tmp, MAX_DATE_SIZE) != WOLFSSL_SUCCESS) { - if (GetTimeString(rev->revDate, ASN_GENERALIZED_TIME, - tmp, MAX_DATE_SIZE) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting revocation date"); - - return (WOLFSSL_FAILURE); - } - } - } - else { - XSTRNCPY(tmp, "Not Set", MAX_DATE_SIZE-1); - } - - *inOutSz = XSTRLEN (tmp); - XMEMCPY(in, tmp, *inOutSz); - - return (WOLFSSL_SUCCESS); + (void) rev; + return NULL; } /* print serial number out -* return WOLFSSL_SUCCESS on success +* return WOLFSSL_SUCCESS on success */ static int X509RevokedPrintSerial(WOLFSSL_BIO* bio, RevokedCert* rev, int indent) @@ -8054,7 +8036,7 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) #ifdef OPENSSL_EXTRA WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) { - if (crl->crlList->lastDate[0] != 0) { + if ((crl != NULL) && (crl->crlList->lastDate[0] != 0)) { return (WOLFSSL_ASN1_TIME*)crl->crlList->lastDate; } else @@ -8063,7 +8045,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl) { - if (crl->crlList->nextDate[0] != 0) { + if ((crl != NULL) && (crl->crlList->nextDate[0] != 0)) { return (WOLFSSL_ASN1_TIME*)crl->crlList->nextDate; } else diff --git a/tests/api.c b/tests/api.c index 0e487f9b6..23ee53f3b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -48125,6 +48125,7 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) WOLFSSL_OCSP_CERTID* certId; + WOLFSSL_OCSP_CERTID* certIdBad; const unsigned char* rawCertIdPtr; const unsigned char rawCertId[] = { @@ -48151,7 +48152,7 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void) XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); - /* If the cert ID is not NULL the fucntion will just copy the data to it. */ + /* If the cert ID is not NULL the function will just copy the data to it. */ certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL, DYNAMIC_TYPE_TMP_BUFFER); XMEMSET(certId, 0, sizeof(*certId)); @@ -48163,6 +48164,20 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void) XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER); + /* The below tests should fail when passed bad parameters. NULL should + * always be returned. */ + certIdBad = (WOLFSSL_OCSP_CERTID*) 1; + certIdBad = wolfSSL_d2i_OCSP_CERTID(NULL, &rawCertIdPtr, sizeof(rawCertId)); + AssertNull(certIdBad); + + certIdBad = (WOLFSSL_OCSP_CERTID*) 1; + certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL, sizeof(rawCertId)); + AssertNull(certIdBad); + + certIdBad = (WOLFSSL_OCSP_CERTID*) 1; + certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0); + AssertNull(certIdBad); + printf(resultFmt, passed); #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index b9b0bf9e0..090dd13f8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -700,9 +700,14 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_CRL_free wolfSSL_X509_CRL_free #define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate +#define X509_CRL_get0_lastUpdate wolfSSL_X509_CRL_get_lastUpdate #define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate +#define X509_CRL_get0_nextUpdate wolfSSL_X509_CRL_get_nextUpdate #define X509_CRL_verify wolfSSL_X509_CRL_verify #define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED +#define X509_CRL_get_issuer wolfSSL_X509_CRL_get_issuer_name +#define X509_CRL_get_signature_nid wolfSSL_X509_CRL_get_signature_nid +#define X509_CRL_get_version wolfSSL_X509_CRL_version #define X509_load_crl_file wolfSSL_X509_load_crl_file #define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY @@ -727,6 +732,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_OBJECT_get0_X509 wolfSSL_X509_OBJECT_get0_X509 #define X509_OBJECT_get0_X509_CRL wolfSSL_X509_OBJECT_get0_X509_CRL +#define X509_REVOKED_get_serial_number wolfSSL_X509_REVOKED_get_serial_number +#define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number +#define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date + #define X509_check_purpose(...) 0 #define OCSP_parse_url wolfSSL_OCSP_parse_url diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 061b4ae31..982099f85 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2897,11 +2897,16 @@ WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name( WOLFSSL_X509_CRL *crl); WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, byte* in, int* inOutSz); -WOLFSSL_API int wolfSSL_X509_REVOKED_get_revocationDate(RevokedCert* rev, - byte* in, int* inOutSz); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #endif +WOLFSSL_API +const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const + WOLFSSL_X509_REVOKED *rev); +WOLFSSL_API +const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const + WOLFSSL_X509_REVOKED *rev); + #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509*