wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to ConfirmSignature with WC_PENDING_E response. Added log message when date failure is skipped.

Browse Source
This commit is contained in:
David Garske
2019-12-17 14:34:50 -08:00
parent e8594daab6
commit a176789f13
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
wolfcrypt/src/asn.c
View File

@@ -8584,8 +8584,6 @@ int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
{ {
int ret = 0; int ret = 0;
int badDate = 0;
int criticalExt = 0;
int checkPathLen = 0; int checkPathLen = 0;
int decrementMaxPathLen = 0; int decrementMaxPathLen = 0;
word32 confirmOID; word32 confirmOID;
@@ -8597,9 +8595,11 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
} }
if (cert->sigCtx.state == SIG_STATE_BEGIN) { if (cert->sigCtx.state == SIG_STATE_BEGIN) {
cert->badDate = 0;
cert->criticalExt = 0;
if ((ret = DecodeToKey(cert, verify)) < 0) { if ((ret = DecodeToKey(cert, verify)) < 0) {
if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E)
badDate = ret; cert->badDate = ret;
else else
return ret; return ret;
} }
@@ -8621,7 +8621,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
if ((ret = DecodeCertExtensions(cert)) < 0) { if ((ret = DecodeCertExtensions(cert)) < 0) {
if (ret == ASN_CRIT_EXT_E) if (ret == ASN_CRIT_EXT_E)
criticalExt = ret; cert->criticalExt = ret;
else else
return ret; return ret;
} }
@@ -8911,11 +8911,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
exit_pcr: exit_pcr:
#endif #endif
if (badDate != 0 && verify != VERIFY_SKIP_DATE) if (cert->badDate != 0) {
return badDate; if (verify != VERIFY_SKIP_DATE) {
return cert->badDate;
}
WOLFSSL_MSG("Date error: Verify option is skipping");
}
if (criticalExt != 0) if (cert->criticalExt != 0)
return criticalExt; return cert->criticalExt;
return ret; return ret;
} }

3
wolfssl/wolfcrypt/asn.h
View File

@@ -890,6 +890,9 @@ struct DecodedCert {
#endif #endif
byte* tsip_encRsaKeyIdx; byte* tsip_encRsaKeyIdx;
int badDate;
int criticalExt;
/* Option Bits */ /* Option Bits */
byte subjectCNStored : 1; /* have we saved a copy we own */ byte subjectCNStored : 1; /* have we saved a copy we own */
byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */