diff --git a/src/crl.c b/src/crl.c index e9609b353..0c1352442 100644 --- a/src/crl.c +++ b/src/crl.c @@ -94,10 +94,12 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE); /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE); * copy the hash here if needed for optimized comparisons */ - XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE); - XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE); - crle->lastDateFormat = dcrl->lastDateFormat; - crle->nextDateFormat = dcrl->nextDateFormat; + crle->lastDate.length = MAX_DATE_SIZE; + XMEMCPY(crle->lastDate.data, dcrl->lastDate.data, crle->lastDate.length); + crle->nextDate.length = MAX_DATE_SIZE; + XMEMCPY(crle->nextDate.data, dcrl->nextDate.data, crle->nextDate.length); + crle->lastDate.type = dcrl->lastDate.type; + crle->nextDate.type = dcrl->nextDate.type; crle->version = dcrl->version; #if defined(OPENSSL_EXTRA) crle->issuer = NULL; @@ -385,7 +387,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr #endif { #ifndef NO_ASN_TIME - if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) { + if (!XVALIDATE_DATE(crle->nextDate.data, crle->nextDate.type, AFTER)) { WOLFSSL_MSG("CRL next date is no longer valid"); ret = ASN_AFTER_DATE_E; } @@ -691,10 +693,12 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) XMEMSET(dupl, 0, sizeof(CRL_Entry)); XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE); - XMEMCPY(dupl->lastDate, ent->lastDate, MAX_DATE_SIZE); - XMEMCPY(dupl->nextDate, ent->nextDate, MAX_DATE_SIZE); - dupl->lastDateFormat = ent->lastDateFormat; - dupl->nextDateFormat = ent->nextDateFormat; + dupl->lastDate.length = MAX_DATE_SIZE; + XMEMCPY(dupl->lastDate.data, ent->lastDate.data, dupl->lastDate.length); + dupl->nextDate.length = MAX_DATE_SIZE; + XMEMCPY(dupl->nextDate.data, ent->nextDate.data, dupl->nextDate.length); + dupl->lastDate.type = ent->lastDate.type; + dupl->nextDate.type = ent->nextDate.type; #ifdef CRL_STATIC_REVOKED_LIST XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert)); diff --git a/src/ocsp.c b/src/ocsp.c index b8f9aca64..090da0095 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1073,14 +1073,14 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, int length) { if ((cidOut == NULL) || (derIn == NULL) || (length == 0)) - return (NULL); + return NULL; /* If a NULL is passed we allocate the memory for the caller. */ if (*cidOut == NULL) { *cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL); if (*cidOut == NULL) { - return (NULL); + return NULL; } } @@ -1090,7 +1090,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, /* Per spec. advance past the data that is being returned to the caller. */ *derIn = *derIn + length; - return (*cidOut); + return *cidOut; } const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single) diff --git a/src/x509.c b/src/x509.c index 06fe70001..37eef4456 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7645,6 +7645,7 @@ const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const return NULL; } +#ifndef NO_WOLFSSL_STUB const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const WOLFSSL_X509_REVOKED *rev) { @@ -7653,6 +7654,7 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const (void) rev; return NULL; } +#endif /* print serial number out * return WOLFSSL_SUCCESS on success @@ -7897,10 +7899,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, return WOLFSSL_FAILURE; } - if (crl->crlList->lastDate[0] != 0) { - if (GetTimeString(crl->crlList->lastDate, ASN_UTC_TIME, + if (crl->crlList->lastDate.data[0] != 0) { + if (GetTimeString(crl->crlList->lastDate.data, ASN_UTC_TIME, tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { - if (GetTimeString(crl->crlList->lastDate, ASN_GENERALIZED_TIME, + if (GetTimeString(crl->crlList->lastDate.data, ASN_GENERALIZED_TIME, tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting last update date"); return WOLFSSL_FAILURE; @@ -7928,10 +7930,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, return WOLFSSL_FAILURE; } - if (crl->crlList->nextDate[0] != 0) { - if (GetTimeString(crl->crlList->nextDate, ASN_UTC_TIME, + if (crl->crlList->nextDate.data[0] != 0) { + if (GetTimeString(crl->crlList->nextDate.data, ASN_UTC_TIME, tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { - if (GetTimeString(crl->crlList->nextDate, ASN_GENERALIZED_TIME, + if (GetTimeString(crl->crlList->nextDate.data, ASN_GENERALIZED_TIME, tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting next update date"); return WOLFSSL_FAILURE; @@ -8036,8 +8038,9 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) #ifdef OPENSSL_EXTRA WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) { - if ((crl != NULL) && (crl->crlList->lastDate[0] != 0)) { - return (WOLFSSL_ASN1_TIME*)crl->crlList->lastDate; + if ((crl != NULL) && (crl->crlList != NULL) && + (crl->crlList->lastDate.data[0] != 0)) { + return &crl->crlList->lastDate; } else return NULL; @@ -8045,8 +8048,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl) { - if ((crl != NULL) && (crl->crlList->nextDate[0] != 0)) { - return (WOLFSSL_ASN1_TIME*)crl->crlList->nextDate; + if ((crl != NULL) && (crl->crlList != NULL) && + (crl->crlList->nextDate.data[0] != 0)) { + return &crl->crlList->nextDate; } else return NULL; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e8018ea0e..40d0a043e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -35775,12 +35775,14 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0) return ASN_PARSE_E; - if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0) + if (GetBasicDate(buf, &idx, dcrl->lastDate.data, + (byte*) &dcrl->lastDate.type, sz) < 0) return ASN_PARSE_E; dateIdx = idx; - if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0) + if (GetBasicDate(buf, &idx, dcrl->nextDate.data, + (byte*) &dcrl->nextDate.type, sz) < 0) { #ifndef WOLFSSL_NO_CRL_NEXT_DATE (void)dateIdx; @@ -35797,8 +35799,8 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, #endif { #ifndef NO_ASN_TIME - if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { + if (verify != NO_VERIFY && !XVALIDATE_DATE(dcrl->nextDate.data, + dcrl->nextDate.type, AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); return CRL_CERT_DATE_ERR; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 60a9dbd83..a15807c20 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2211,17 +2211,15 @@ struct CRL_Entry { byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ /* restore the hash here if needed for optimized comparisons */ - byte lastDate[MAX_DATE_SIZE]; /* last date updated */ - byte nextDate[MAX_DATE_SIZE]; /* next update date */ - byte lastDateFormat; /* last date format */ - byte nextDateFormat; /* next date format */ + WOLFSSL_ASN1_TIME lastDate; /* last date updated */ + WOLFSSL_ASN1_TIME nextDate; /* next update date */ #ifdef CRL_STATIC_REVOKED_LIST RevokedCert certs[CRL_MAX_REVOKED_CERTS]; #else - RevokedCert* certs; /* revoked cert list */ + RevokedCert* certs; /* revoked cert list */ #endif - int totalCerts; /* number on list */ - int version; /* version of certficate */ + int totalCerts; /* number on list */ + int version; /* version of certficate */ int verified; byte* toBeSigned; word32 tbsSz; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 090dd13f8..aa5f1e6da 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -732,7 +732,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_OBJECT_get0_X509 wolfSSL_X509_OBJECT_get0_X509 #define X509_OBJECT_get0_X509_CRL wolfSSL_X509_OBJECT_get0_X509_CRL -#define X509_REVOKED_get_serial_number wolfSSL_X509_REVOKED_get_serial_number #define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number #define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index b8baf24cc..ed7c41d5f 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2447,10 +2447,8 @@ struct DecodedCRL { byte* signature; /* pointer into raw source, not owned */ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ - byte lastDate[MAX_DATE_SIZE]; /* last date updated */ - byte nextDate[MAX_DATE_SIZE]; /* next update date */ - byte lastDateFormat; /* format of last date */ - byte nextDateFormat; /* format of next date */ + WOLFSSL_ASN1_TIME lastDate; /* last date updated */ + WOLFSSL_ASN1_TIME nextDate; /* next update date */ RevokedCert* certs; /* revoked cert list */ #if defined(OPENSSL_EXTRA) byte* issuer; /* full name including common name */