feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Implemented suggested changes

Browse Source
This commit is contained in:
Tesfa Mael
2022-10-07 10:26:52 -07:00
parent a738927846
commit e4da4f60d9
2 changed files with 60 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
src/crl.c
View File

@ -197,10 +197,8 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
if (crl->monitors[1].path) if (crl->monitors[1].path)
XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
if (crl->currentEntry != NULL ) { XFREE(crl->currentEntry, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
XFREE(crl->currentEntry, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); crl->currentEntry = NULL;
crl->currentEntry = NULL;
}
while(tmp) { while(tmp) {
CRL_Entry* next = tmp->next; CRL_Entry* next = tmp->next;
FreeCRL_Entry(tmp, crl->heap); FreeCRL_Entry(tmp, crl->heap);
@ -231,7 +229,47 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
XFREE(crl, crl->heap, DYNAMIC_TYPE_CRL); XFREE(crl, crl->heap, DYNAMIC_TYPE_CRL);
} }
static int FindRevokedSerial(DecodedCert* cert, CRL_Entry* crle, RevokedCert* rc)
{
int ret = 0;
#ifdef CRL_STATIC_REVOKED_LIST
/* do binary search */
int low, high, mid;
low = 0;
high = crle->totalCerts - 1;
while (low <= high) {
mid = (low + high) / 2;
if (XMEMCMP(rc[mid].serialNumber, cert->serial, rc->serialSz) < 0) {
low = mid + 1;
}
else if (XMEMCMP(rc[mid].serialNumber, cert->serial,
rc->serialSz) > 0) {
high = mid - 1;
}
else {
WOLFSSL_MSG("Cert revoked");
ret = CRL_CERT_REVOKED;
break;
}
}
#else
/* search in the linked list*/
while (rc) {
if (rc->serialSz == cert->serialSz &&
XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
WOLFSSL_MSG("Cert revoked");
ret = CRL_CERT_REVOKED;
break;
}
rc = rc->next;
}
#endif
return ret;
}
static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry) static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry)
{ {
CRL_Entry* crle; CRL_Entry* crle;
@ -361,42 +399,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
} }
if (foundEntry) { if (foundEntry) {
RevokedCert* rc = crle->certs; ret = FindRevokedSerial(cert, crle, crle->certs);
#ifdef CRL_STATIC_REVOKED_LIST
int low, high, mid;
low = 0;
high = crle->totalCerts - 1;
while (low <= high) {
mid = (low + high) / 2;
if (XMEMCMP(rc[mid].serialNumber, cert->serial, rc->serialSz) < 0) {
low = mid + 1;
}
else if (XMEMCMP(rc[mid].serialNumber, cert->serial,
rc->serialSz) > 0) {
high = mid - 1;
}
else {
WOLFSSL_MSG("Cert revoked");
ret = CRL_CERT_REVOKED;
break;
}
}
#else
while (rc) {
if (rc->serialSz == cert->serialSz &&
XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
WOLFSSL_MSG("Cert revoked");
ret = CRL_CERT_REVOKED;
break;
}
rc = rc->next;
}
#endif
} }
wc_UnLockMutex(&crl->crlLock); wc_UnLockMutex(&crl->crlLock);
@ -506,7 +509,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
DYNAMIC_TYPE_CRL_ENTRY); DYNAMIC_TYPE_CRL_ENTRY);
if (crle == NULL) { if (crle == NULL) {
WOLFSSL_MSG("alloc CRL Entry failed"); WOLFSSL_MSG("alloc CRL Entry failed");
return -1; return MEMORY_E;
} }
} }
@ -589,10 +592,8 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
verify, crl->cm); verify, crl->cm);
if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) { if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) {
WOLFSSL_MSG("ParseCRL error"); WOLFSSL_MSG("ParseCRL error");
if (crl->currentEntry != NULL ) { XFREE(crl->currentEntry, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
XFREE(crl->currentEntry, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); crl->currentEntry = NULL;
crl->currentEntry = NULL;
}
} }
else { else {
ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E); ret = AddCRL(crl, dcrl, myBuffer, ret != ASN_CRL_NO_SIGNER_E);
@ -676,7 +677,11 @@ static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap)
static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
{ {
CRL_Entry *dupl; CRL_Entry *dupl;
#ifdef CRL_STATIC_REVOKED_LIST
if (ent->totalCerts > CRL_MAX_REVOKED_CERTS) {
return NULL;
}
#endif
dupl = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), heap, DYNAMIC_TYPE_CRL_ENTRY); dupl = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), heap, DYNAMIC_TYPE_CRL_ENTRY);
if (dupl == NULL) { if (dupl == NULL) {
WOLFSSL_MSG("alloc CRL Entry failed"); WOLFSSL_MSG("alloc CRL Entry failed");
@ -691,14 +696,7 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
dupl->nextDateFormat = ent->nextDateFormat; dupl->nextDateFormat = ent->nextDateFormat;
#ifdef CRL_STATIC_REVOKED_LIST #ifdef CRL_STATIC_REVOKED_LIST
if (ent->totalCerts > CRL_MAX_REVOKED_CERTS) { XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert));
FreeCRL_Entry(dupl, heap);
XFREE(dupl, heap, DYNAMIC_TYPE_CRL_ENTRY);
return NULL;
}
else
XMEMCPY(dupl->certs, ent->certs,
ent->totalCerts*sizeof(RevokedCert));
#else #else
dupl->certs = DupRevokedCertList(ent->certs, heap); dupl->certs = DupRevokedCertList(ent->certs, heap);
#endif #endif

18
wolfcrypt/src/asn.c
View File

@ -35497,10 +35497,10 @@ static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx,
} }
rc = &rcert[totalCerts]; rc = &rcert[totalCerts];
ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx);
if (wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz, if (ret < 0) {
maxIdx) < 0) { WOLFSSL_MSG("wc_GetSerialNumber error");
return ASN_PARSE_E; return ret;
} }
#else #else
@ -35510,13 +35510,11 @@ static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx,
WOLFSSL_MSG("Alloc Revoked Cert failed"); WOLFSSL_MSG("Alloc Revoked Cert failed");
return MEMORY_E; return MEMORY_E;
} }
ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx);
if (wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz, if (ret < 0) {
maxIdx) < 0) { WOLFSSL_MSG("wc_GetSerialNumber error");
XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED); return ret;
return ASN_PARSE_E;
} }
/* add to list */ /* add to list */
rc->next = dcrl->certs; rc->next = dcrl->certs;
dcrl->certs = rc; dcrl->certs = rc;