mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 02:37:28 +02:00
Changed some WOLFSSL_ASN1_TIME handling and other fixes.
This commit is contained in:
Uriah Pollock
22
src/crl.c
22
src/crl.c
@ -94,12 +94,10 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
|
||||
XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
|
||||
/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
|
||||
* copy the hash here if needed for optimized comparisons */
|
||||
crle->lastDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(crle->lastDate.data, dcrl->lastDate.data, crle->lastDate.length);
|
||||
crle->nextDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(crle->nextDate.data, dcrl->nextDate.data, crle->nextDate.length);
|
||||
crle->lastDate.type = dcrl->lastDate.type;
|
||||
crle->nextDate.type = dcrl->nextDate.type;
|
||||
XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
|
||||
XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
|
||||
crle->lastDateFormat = dcrl->lastDateFormat;
|
||||
crle->nextDateFormat = dcrl->nextDateFormat;
|
||||
crle->version = dcrl->version;
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
crle->issuer = NULL;
|
||||
@ -387,7 +385,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
|
||||
#endif
|
||||
{
|
||||
#ifndef NO_ASN_TIME
|
||||
if (!XVALIDATE_DATE(crle->nextDate.data, crle->nextDate.type, AFTER)) {
|
||||
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
|
||||
WOLFSSL_MSG("CRL next date is no longer valid");
|
||||
ret = ASN_AFTER_DATE_E;
|
||||
}
|
||||
@ -693,12 +691,10 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
|
||||
XMEMSET(dupl, 0, sizeof(CRL_Entry));
|
||||
|
||||
XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE);
|
||||
dupl->lastDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(dupl->lastDate.data, ent->lastDate.data, dupl->lastDate.length);
|
||||
dupl->nextDate.length = MAX_DATE_SIZE;
|
||||
XMEMCPY(dupl->nextDate.data, ent->nextDate.data, dupl->nextDate.length);
|
||||
dupl->lastDate.type = ent->lastDate.type;
|
||||
dupl->nextDate.type = ent->nextDate.type;
|
||||
XMEMCPY(dupl->lastDate, ent->lastDate, MAX_DATE_SIZE);
|
||||
XMEMCPY(dupl->nextDate, ent->nextDate, MAX_DATE_SIZE);
|
||||
dupl->lastDateFormat = ent->lastDateFormat;
|
||||
dupl->nextDateFormat = ent->nextDateFormat;
|
||||
|
||||
#ifdef CRL_STATIC_REVOKED_LIST
|
||||
XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert));
|
||||
|
||||
32
src/ocsp.c
32
src/ocsp.c
@ -1072,25 +1072,37 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
|
||||
const unsigned char** derIn,
|
||||
int length)
|
||||
{
|
||||
WOLFSSL_OCSP_CERTID *cid = NULL;
|
||||
|
||||
if ((cidOut == NULL) || (derIn == NULL) || (length == 0))
|
||||
return NULL;
|
||||
goto err;
|
||||
|
||||
cid = *cidOut;
|
||||
/* If a NULL is passed we allocate the memory for the caller. */
|
||||
if (*cidOut == NULL) {
|
||||
*cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
|
||||
if (*cidOut == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
if (!cid) {
|
||||
cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*cid), NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
if (!cid) goto err;
|
||||
}
|
||||
else if (cid->rawCertId) {
|
||||
XFREE(cid->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
cid->rawCertId = NULL;
|
||||
cid->rawCertIdSize = 0;
|
||||
}
|
||||
|
||||
XMEMCPY ((*cidOut)->rawCertId, *derIn, length);
|
||||
(*cidOut)->rawCertIdSize = length;
|
||||
cid->rawCertId = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
if (!cid->rawCertId) goto err;
|
||||
XMEMCPY (cid->rawCertId, *derIn, length);
|
||||
cid->rawCertIdSize = length;
|
||||
|
||||
/* Per spec. advance past the data that is being returned to the caller. */
|
||||
*cidOut = cid;
|
||||
*derIn = *derIn + length;
|
||||
return cid;
|
||||
|
||||
return *cidOut;
|
||||
err:
|
||||
if (cid && (!cidOut || cid != *cidOut))
|
||||
XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
|
||||
|
||||
34
src/x509.c
34
src/x509.c
@ -7900,10 +7900,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (crl->crlList->lastDate.data[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->lastDate.data, ASN_UTC_TIME,
|
||||
if (crl->crlList->lastDate[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->lastDate, ASN_UTC_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
if (GetTimeString(crl->crlList->lastDate.data, ASN_GENERALIZED_TIME,
|
||||
if (GetTimeString(crl->crlList->lastDate, ASN_GENERALIZED_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("Error getting last update date");
|
||||
return WOLFSSL_FAILURE;
|
||||
@ -7931,10 +7931,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (crl->crlList->nextDate.data[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->nextDate.data, ASN_UTC_TIME,
|
||||
if (crl->crlList->nextDate[0] != 0) {
|
||||
if (GetTimeString(crl->crlList->nextDate, ASN_UTC_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
if (GetTimeString(crl->crlList->nextDate.data, ASN_GENERALIZED_TIME,
|
||||
if (GetTimeString(crl->crlList->nextDate, ASN_GENERALIZED_TIME,
|
||||
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
|
||||
WOLFSSL_MSG("Error getting next update date");
|
||||
return WOLFSSL_FAILURE;
|
||||
@ -8040,8 +8040,15 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
|
||||
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
|
||||
{
|
||||
if ((crl != NULL) && (crl->crlList != NULL) &&
|
||||
(crl->crlList->lastDate.data[0] != 0)) {
|
||||
return &crl->crlList->lastDate;
|
||||
(crl->crlList->lastDate[0] != 0)) {
|
||||
|
||||
/* Copy date to an ASN1_TIME struct for returning to the caller. */
|
||||
crl->crlList->lastDateAsn1.length = MAX_DATE_SIZE;
|
||||
XMEMCPY (crl->crlList->lastDateAsn1.data, crl->crlList->lastDate,
|
||||
crl->crlList->lastDateAsn1.length);
|
||||
crl->crlList->lastDateAsn1.type = crl->crlList->lastDateFormat;
|
||||
|
||||
return &crl->crlList->lastDateAsn1;
|
||||
}
|
||||
else
|
||||
return NULL;
|
||||
@ -8050,8 +8057,15 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
|
||||
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
|
||||
{
|
||||
if ((crl != NULL) && (crl->crlList != NULL) &&
|
||||
(crl->crlList->nextDate.data[0] != 0)) {
|
||||
return &crl->crlList->nextDate;
|
||||
(crl->crlList->nextDate[0] != 0)) {
|
||||
|
||||
/* Copy date to an ASN1_TIME struct for returning to the caller. */
|
||||
crl->crlList->nextDateAsn1.length = MAX_DATE_SIZE;
|
||||
XMEMCPY (crl->crlList->nextDateAsn1.data, crl->crlList->nextDate,
|
||||
crl->crlList->nextDateAsn1.length);
|
||||
crl->crlList->nextDateAsn1.type = crl->crlList->nextDateFormat;
|
||||
|
||||
return &crl->crlList->nextDateAsn1;
|
||||
}
|
||||
else
|
||||
return NULL;
|
||||
|
||||
@ -35775,14 +35775,12 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
|
||||
if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
if (GetBasicDate(buf, &idx, dcrl->lastDate.data,
|
||||
(byte*) &dcrl->lastDate.type, sz) < 0)
|
||||
if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
|
||||
return ASN_PARSE_E;
|
||||
|
||||
dateIdx = idx;
|
||||
|
||||
if (GetBasicDate(buf, &idx, dcrl->nextDate.data,
|
||||
(byte*) &dcrl->nextDate.type, sz) < 0)
|
||||
if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
|
||||
{
|
||||
#ifndef WOLFSSL_NO_CRL_NEXT_DATE
|
||||
(void)dateIdx;
|
||||
@ -35799,8 +35797,8 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
|
||||
#endif
|
||||
{
|
||||
#ifndef NO_ASN_TIME
|
||||
if (verify != NO_VERIFY && !XVALIDATE_DATE(dcrl->nextDate.data,
|
||||
dcrl->nextDate.type, AFTER)) {
|
||||
if (verify != NO_VERIFY &&
|
||||
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
|
||||
WOLFSSL_MSG("CRL after date is no longer valid");
|
||||
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
|
||||
return CRL_CERT_DATE_ERR;
|
||||
|
||||
@ -2211,8 +2211,14 @@ struct CRL_Entry {
|
||||
byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
|
||||
/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
|
||||
/* restore the hash here if needed for optimized comparisons */
|
||||
WOLFSSL_ASN1_TIME lastDate; /* last date updated */
|
||||
WOLFSSL_ASN1_TIME nextDate; /* next update date */
|
||||
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
|
||||
byte nextDate[MAX_DATE_SIZE]; /* next update date */
|
||||
byte lastDateFormat; /* last date format */
|
||||
byte nextDateFormat; /* next date format */
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_ASN1_TIME lastDateAsn1; /* last date updated */
|
||||
WOLFSSL_ASN1_TIME nextDateAsn1; /* next update date */
|
||||
#endif
|
||||
#ifdef CRL_STATIC_REVOKED_LIST
|
||||
RevokedCert certs[CRL_MAX_REVOKED_CERTS];
|
||||
#else
|
||||
|
||||
@ -2447,8 +2447,10 @@ struct DecodedCRL {
|
||||
byte* signature; /* pointer into raw source, not owned */
|
||||
byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
|
||||
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
|
||||
WOLFSSL_ASN1_TIME lastDate; /* last date updated */
|
||||
WOLFSSL_ASN1_TIME nextDate; /* next update date */
|
||||
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
|
||||
byte nextDate[MAX_DATE_SIZE]; /* next update date */
|
||||
byte lastDateFormat; /* format of last date */
|
||||
byte nextDateFormat; /* format of next date */
|
||||
RevokedCert* certs; /* revoked cert list */
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
byte* issuer; /* full name including common name */
|
||||
|
||||
Reference in New Issue
Block a user