feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2635 from dgarske/async_date

Browse Source 
Fix for async date check issue
This commit is contained in:
toddouska
2019-12-18 09:34:08 -08:00
committed by GitHub
parent 74a8fbcff4 a176789f13
commit b89121236f
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
wolfcrypt/src/asn.c
View File

@@ -8606,8 +8606,6 @@ int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
{ {
int ret = 0; int ret = 0;
int badDate = 0;
int criticalExt = 0;
int checkPathLen = 0; int checkPathLen = 0;
int decrementMaxPathLen = 0; int decrementMaxPathLen = 0;
word32 confirmOID; word32 confirmOID;
@@ -8619,9 +8617,11 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
} }
if (cert->sigCtx.state == SIG_STATE_BEGIN) { if (cert->sigCtx.state == SIG_STATE_BEGIN) {
cert->badDate = 0;
cert->criticalExt = 0;
if ((ret = DecodeToKey(cert, verify)) < 0) { if ((ret = DecodeToKey(cert, verify)) < 0) {
if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E)
badDate = ret; cert->badDate = ret;
else else
return ret; return ret;
} }
@@ -8643,7 +8643,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
if ((ret = DecodeCertExtensions(cert)) < 0) { if ((ret = DecodeCertExtensions(cert)) < 0) {
if (ret == ASN_CRIT_EXT_E) if (ret == ASN_CRIT_EXT_E)
criticalExt = ret; cert->criticalExt = ret;
else else
return ret; return ret;
} }
@@ -8933,11 +8933,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
exit_pcr: exit_pcr:
#endif #endif
if (badDate != 0 && verify != VERIFY_SKIP_DATE) if (cert->badDate != 0) {
return badDate; if (verify != VERIFY_SKIP_DATE) {
return cert->badDate;
}
WOLFSSL_MSG("Date error: Verify option is skipping");
}
if (criticalExt != 0) if (cert->criticalExt != 0)
return criticalExt; return cert->criticalExt;
return ret; return ret;
} }

3
wolfssl/wolfcrypt/asn.h
View File

@@ -892,6 +892,9 @@ struct DecodedCert {
#endif #endif
byte* tsip_encRsaKeyIdx; byte* tsip_encRsaKeyIdx;
int badDate;
int criticalExt;
/* Option Bits */ /* Option Bits */
byte subjectCNStored : 1; /* have we saved a copy we own */ byte subjectCNStored : 1; /* have we saved a copy we own */
byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */