wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added WOLFSSL_ASN1_TIME to CRL

Browse Source
This commit is contained in:
Uriah Pollock
2022-10-12 05:27:59 -05:00
parent 5cbb099dc9
commit 0f0496ae8f
7 changed files with 43 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/crl.c
View File

@@ -94,10 +94,12 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE); XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE); /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
* copy the hash here if needed for optimized comparisons */ * copy the hash here if needed for optimized comparisons */
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE); crle->lastDate.length = MAX_DATE_SIZE;
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE); XMEMCPY(crle->lastDate.data, dcrl->lastDate.data, crle->lastDate.length);
crle->lastDateFormat = dcrl->lastDateFormat; crle->nextDate.length = MAX_DATE_SIZE;
crle->nextDateFormat = dcrl->nextDateFormat; XMEMCPY(crle->nextDate.data, dcrl->nextDate.data, crle->nextDate.length);
crle->lastDate.type = dcrl->lastDate.type;
crle->nextDate.type = dcrl->nextDate.type;
crle->version = dcrl->version; crle->version = dcrl->version;
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
crle->issuer = NULL; crle->issuer = NULL;
@@ -385,7 +387,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
#endif #endif
{ {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) { if (!XVALIDATE_DATE(crle->nextDate.data, crle->nextDate.type, AFTER)) {
WOLFSSL_MSG("CRL next date is no longer valid"); WOLFSSL_MSG("CRL next date is no longer valid");
ret = ASN_AFTER_DATE_E; ret = ASN_AFTER_DATE_E;
} }
@@ -691,10 +693,12 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
XMEMSET(dupl, 0, sizeof(CRL_Entry)); XMEMSET(dupl, 0, sizeof(CRL_Entry));
XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE); XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE);
XMEMCPY(dupl->lastDate, ent->lastDate, MAX_DATE_SIZE); dupl->lastDate.length = MAX_DATE_SIZE;
XMEMCPY(dupl->nextDate, ent->nextDate, MAX_DATE_SIZE); XMEMCPY(dupl->lastDate.data, ent->lastDate.data, dupl->lastDate.length);
dupl->lastDateFormat = ent->lastDateFormat; dupl->nextDate.length = MAX_DATE_SIZE;
dupl->nextDateFormat = ent->nextDateFormat; XMEMCPY(dupl->nextDate.data, ent->nextDate.data, dupl->nextDate.length);
dupl->lastDate.type = ent->lastDate.type;
dupl->nextDate.type = ent->nextDate.type;
#ifdef CRL_STATIC_REVOKED_LIST #ifdef CRL_STATIC_REVOKED_LIST
XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert)); XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert));

6
src/ocsp.c
View File

@@ -1073,14 +1073,14 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
int length) int length)
{ {
if ((cidOut == NULL) || (derIn == NULL) || (length == 0)) if ((cidOut == NULL) || (derIn == NULL) || (length == 0))
return (NULL); return NULL;
/* If a NULL is passed we allocate the memory for the caller. */ /* If a NULL is passed we allocate the memory for the caller. */
if (*cidOut == NULL) { if (*cidOut == NULL) {
*cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL); *cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL);
if (*cidOut == NULL) { if (*cidOut == NULL) {
return (NULL); return NULL;
} }
} }
@@ -1090,7 +1090,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
/* Per spec. advance past the data that is being returned to the caller. */ /* Per spec. advance past the data that is being returned to the caller. */
*derIn = *derIn + length; *derIn = *derIn + length;
return (*cidOut); return *cidOut;
} }
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single) const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)

24
src/x509.c
View File

@@ -7645,6 +7645,7 @@ const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
return NULL; return NULL;
} }
#ifndef NO_WOLFSSL_STUB
const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
WOLFSSL_X509_REVOKED *rev) WOLFSSL_X509_REVOKED *rev)
{ {
@@ -7653,6 +7654,7 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
(void) rev; (void) rev;
return NULL; return NULL;
} }
#endif
/* print serial number out /* print serial number out
* return WOLFSSL_SUCCESS on success * return WOLFSSL_SUCCESS on success
@@ -7897,10 +7899,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (crl->crlList->lastDate[0] != 0) { if (crl->crlList->lastDate.data[0] != 0) {
if (GetTimeString(crl->crlList->lastDate, ASN_UTC_TIME, if (GetTimeString(crl->crlList->lastDate.data, ASN_UTC_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
if (GetTimeString(crl->crlList->lastDate, ASN_GENERALIZED_TIME, if (GetTimeString(crl->crlList->lastDate.data, ASN_GENERALIZED_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error getting last update date"); WOLFSSL_MSG("Error getting last update date");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -7928,10 +7930,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (crl->crlList->nextDate[0] != 0) { if (crl->crlList->nextDate.data[0] != 0) {
if (GetTimeString(crl->crlList->nextDate, ASN_UTC_TIME, if (GetTimeString(crl->crlList->nextDate.data, ASN_UTC_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
if (GetTimeString(crl->crlList->nextDate, ASN_GENERALIZED_TIME, if (GetTimeString(crl->crlList->nextDate.data, ASN_GENERALIZED_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error getting next update date"); WOLFSSL_MSG("Error getting next update date");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -8036,8 +8038,9 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
{ {
if ((crl != NULL) && (crl->crlList->lastDate[0] != 0)) { if ((crl != NULL) && (crl->crlList != NULL) &&
return (WOLFSSL_ASN1_TIME*)crl->crlList->lastDate; (crl->crlList->lastDate.data[0] != 0)) {
return &crl->crlList->lastDate;
} }
else else
return NULL; return NULL;
@@ -8045,8 +8048,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl) WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
{ {
if ((crl != NULL) && (crl->crlList->nextDate[0] != 0)) { if ((crl != NULL) && (crl->crlList != NULL) &&
return (WOLFSSL_ASN1_TIME*)crl->crlList->nextDate; (crl->crlList->nextDate.data[0] != 0)) {
return &crl->crlList->nextDate;
} }
else else
return NULL; return NULL;

10
wolfcrypt/src/asn.c
View File

@@ -35775,12 +35775,14 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0) if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0) if (GetBasicDate(buf, &idx, dcrl->lastDate.data,
(byte*) &dcrl->lastDate.type, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
dateIdx = idx; dateIdx = idx;
if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0) if (GetBasicDate(buf, &idx, dcrl->nextDate.data,
(byte*) &dcrl->nextDate.type, sz) < 0)
{ {
#ifndef WOLFSSL_NO_CRL_NEXT_DATE #ifndef WOLFSSL_NO_CRL_NEXT_DATE
(void)dateIdx; (void)dateIdx;
@@ -35797,8 +35799,8 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
#endif #endif
{ {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (verify != NO_VERIFY && if (verify != NO_VERIFY && !XVALIDATE_DATE(dcrl->nextDate.data,
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { dcrl->nextDate.type, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
return CRL_CERT_DATE_ERR; return CRL_CERT_DATE_ERR;

12
wolfssl/internal.h
View File

@@ -2211,17 +2211,15 @@ struct CRL_Entry {
byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
/* restore the hash here if needed for optimized comparisons */ /* restore the hash here if needed for optimized comparisons */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */ WOLFSSL_ASN1_TIME lastDate; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */ WOLFSSL_ASN1_TIME nextDate; /* next update date */
byte lastDateFormat; /* last date format */
byte nextDateFormat; /* next date format */
#ifdef CRL_STATIC_REVOKED_LIST #ifdef CRL_STATIC_REVOKED_LIST
RevokedCert certs[CRL_MAX_REVOKED_CERTS]; RevokedCert certs[CRL_MAX_REVOKED_CERTS];
#else #else
RevokedCert* certs; /* revoked cert list */ RevokedCert* certs; /* revoked cert list */
#endif #endif
int totalCerts; /* number on list */ int totalCerts; /* number on list */
int version; /* version of certficate */ int version; /* version of certficate */
int verified; int verified;
byte* toBeSigned; byte* toBeSigned;
word32 tbsSz; word32 tbsSz;

1
wolfssl/openssl/ssl.h
View File

@@ -732,7 +732,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_OBJECT_get0_X509 wolfSSL_X509_OBJECT_get0_X509 #define X509_OBJECT_get0_X509 wolfSSL_X509_OBJECT_get0_X509
#define X509_OBJECT_get0_X509_CRL wolfSSL_X509_OBJECT_get0_X509_CRL #define X509_OBJECT_get0_X509_CRL wolfSSL_X509_OBJECT_get0_X509_CRL
#define X509_REVOKED_get_serial_number wolfSSL_X509_REVOKED_get_serial_number
#define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number #define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number
#define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date #define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date

6
wolfssl/wolfcrypt/asn.h
View File

@@ -2447,10 +2447,8 @@ struct DecodedCRL {
byte* signature; /* pointer into raw source, not owned */ byte* signature; /* pointer into raw source, not owned */
byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */ WOLFSSL_ASN1_TIME lastDate; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */ WOLFSSL_ASN1_TIME nextDate; /* next update date */
byte lastDateFormat; /* format of last date */
byte nextDateFormat; /* format of next date */
RevokedCert* certs; /* revoked cert list */ RevokedCert* certs; /* revoked cert list */
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
byte* issuer; /* full name including common name */ byte* issuer; /* full name including common name */