feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

check Root CA by TSIP before adding it to ca-table

Browse Source
This commit is contained in:
Hideki Miyazaki
2024-10-23 18:02:56 +09:00
parent 846ef1570d
commit ba1cd85934
3 changed files with 45 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
View File

@ -21,15 +21,32 @@
#include <wolfssl/wolfcrypt/wc_port.h>
#define YEAR 2024
#define MON 7
static int tick = 0;
#define YEAR ( \
((__DATE__)[7] - '0') * 1000 + \
((__DATE__)[8] - '0') * 100 + \
((__DATE__)[9] - '0') * 10 + \
((__DATE__)[10] - '0') * 1 \
)
#define MONTH ( \
__DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
: __DATE__[2] == 'b' ? 2 \
: __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
: __DATE__[2] == 'y' ? 5 \
: __DATE__[2] == 'l' ? 7 \
: __DATE__[2] == 'g' ? 8 \
: __DATE__[2] == 'p' ? 9 \
: __DATE__[2] == 't' ? 10 \
: __DATE__[2] == 'v' ? 11 \
: 12 \
)
time_t time(time_t *t)
{
(void)t;
return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
}
#include <ctype.h>

1
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
View File

@ -65,6 +65,7 @@ extern "C" {
static long tick;
static void timeTick(void *pdata)
{
(void)pdata;
tick++;
}

45
src/ssl.c
View File

@ -5567,6 +5567,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
row = HashSigner(signer->subjectNameHash);
#endif
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* Verify CA by TSIP so that generated tsip key is going to */
/* be able to be used for peer's cert verification */
/* TSIP is only able to handle USER CA, and only one CA. */
/* Therefore, it doesn't need to call TSIP again if there is already */
/* verified CA. */
if ( ret == 0 && signer != NULL ) {
signer->cm_idx = row;
if (type == WOLFSSL_USER_CA) {
if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
cert->maxIdx,
cert->sigCtx.CertAtt.pubkey_n_start,
cert->sigCtx.CertAtt.pubkey_n_len - 1,
cert->sigCtx.CertAtt.pubkey_e_start,
cert->sigCtx.CertAtt.pubkey_e_len - 1,
row/* cm index */))
< 0)
WOLFSSL_MSG("Renesas_RootCertVerify() failed");
else
WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
}
}
#endif /* TSIP or SCE */
if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
signer->next = cm->caTable[row];
@ -5580,28 +5603,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
ret = BAD_MUTEX_E;
}
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* Verify CA by TSIP so that generated tsip key is going to be able to */
/* be used for peer's cert verification */
/* TSIP is only able to handle USER CA, and only one CA. */
/* Therefore, it doesn't need to call TSIP again if there is already */
/* verified CA. */
if ( ret == 0 && signer != NULL ) {
signer->cm_idx = row;
if (type == WOLFSSL_USER_CA) {
if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx,
cert->sigCtx.CertAtt.pubkey_n_start,
cert->sigCtx.CertAtt.pubkey_n_len - 1,
cert->sigCtx.CertAtt.pubkey_e_start,
cert->sigCtx.CertAtt.pubkey_e_len - 1,
row/* cm index */))
< 0)
WOLFSSL_MSG("Renesas_RootCertVerify() failed");
else
WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
}
}
#endif /* TSIP or SCE */
WOLFSSL_MSG("\tFreeing Parsed CA");
FreeDecodedCert(cert);