wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changed some WOLFSSL_ASN1_TIME handling and other fixes.

Browse Source
This commit is contained in:
Uriah Pollock
2022-10-14 17:09:35 -05:00
parent dc8997d4b6
commit f48b736ec3
6 changed files with 71 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/crl.c
View File

@ -94,12 +94,10 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE); XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
/* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE); /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
* copy the hash here if needed for optimized comparisons */ * copy the hash here if needed for optimized comparisons */
crle->lastDate.length = MAX_DATE_SIZE; XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
XMEMCPY(crle->lastDate.data, dcrl->lastDate.data, crle->lastDate.length); XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
crle->nextDate.length = MAX_DATE_SIZE; crle->lastDateFormat = dcrl->lastDateFormat;
XMEMCPY(crle->nextDate.data, dcrl->nextDate.data, crle->nextDate.length); crle->nextDateFormat = dcrl->nextDateFormat;
crle->lastDate.type = dcrl->lastDate.type;
crle->nextDate.type = dcrl->nextDate.type;
crle->version = dcrl->version; crle->version = dcrl->version;
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
crle->issuer = NULL; crle->issuer = NULL;
@ -387,7 +385,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr
#endif #endif
{ {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (!XVALIDATE_DATE(crle->nextDate.data, crle->nextDate.type, AFTER)) { if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL next date is no longer valid"); WOLFSSL_MSG("CRL next date is no longer valid");
ret = ASN_AFTER_DATE_E; ret = ASN_AFTER_DATE_E;
} }
@ -693,12 +691,10 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)
XMEMSET(dupl, 0, sizeof(CRL_Entry)); XMEMSET(dupl, 0, sizeof(CRL_Entry));
XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE); XMEMCPY(dupl->issuerHash, ent->issuerHash, CRL_DIGEST_SIZE);
dupl->lastDate.length = MAX_DATE_SIZE; XMEMCPY(dupl->lastDate, ent->lastDate, MAX_DATE_SIZE);
XMEMCPY(dupl->lastDate.data, ent->lastDate.data, dupl->lastDate.length); XMEMCPY(dupl->nextDate, ent->nextDate, MAX_DATE_SIZE);
dupl->nextDate.length = MAX_DATE_SIZE; dupl->lastDateFormat = ent->lastDateFormat;
XMEMCPY(dupl->nextDate.data, ent->nextDate.data, dupl->nextDate.length); dupl->nextDateFormat = ent->nextDateFormat;
dupl->lastDate.type = ent->lastDate.type;
dupl->nextDate.type = ent->nextDate.type;
#ifdef CRL_STATIC_REVOKED_LIST #ifdef CRL_STATIC_REVOKED_LIST
XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert)); XMEMCPY(dupl->certs, ent->certs, ent->totalCerts*sizeof(RevokedCert));

32
src/ocsp.c
View File

@ -1072,25 +1072,37 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
const unsigned char** derIn, const unsigned char** derIn,
int length) int length)
{ {
WOLFSSL_OCSP_CERTID *cid = NULL;
if ((cidOut == NULL) || (derIn == NULL) || (length == 0)) if ((cidOut == NULL) || (derIn == NULL) || (length == 0))
return NULL; goto err;
cid = *cidOut;
/* If a NULL is passed we allocate the memory for the caller. */ /* If a NULL is passed we allocate the memory for the caller. */
if (*cidOut == NULL) { if (!cid) {
*cidOut = (WOLFSSL_OCSP_CERTID*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL); cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*cid), NULL, DYNAMIC_TYPE_OPENSSL);
if (!cid) goto err;
if (*cidOut == NULL) { }
return NULL; else if (cid->rawCertId) {
} XFREE(cid->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL);
cid->rawCertId = NULL;
cid->rawCertIdSize = 0;
} }
XMEMCPY ((*cidOut)->rawCertId, *derIn, length); cid->rawCertId = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_OPENSSL);
(*cidOut)->rawCertIdSize = length; if (!cid->rawCertId) goto err;
XMEMCPY (cid->rawCertId, *derIn, length);
cid->rawCertIdSize = length;
/* Per spec. advance past the data that is being returned to the caller. */ /* Per spec. advance past the data that is being returned to the caller. */
*cidOut = cid;
*derIn = *derIn + length; *derIn = *derIn + length;
return cid;
return *cidOut; err:
if (cid && (!cidOut || cid != *cidOut))
XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL);
return NULL;
} }
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single) const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)

34
src/x509.c
View File

@ -7900,10 +7900,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (crl->crlList->lastDate.data[0] != 0) { if (crl->crlList->lastDate[0] != 0) {
if (GetTimeString(crl->crlList->lastDate.data, ASN_UTC_TIME, if (GetTimeString(crl->crlList->lastDate, ASN_UTC_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
if (GetTimeString(crl->crlList->lastDate.data, ASN_GENERALIZED_TIME, if (GetTimeString(crl->crlList->lastDate, ASN_GENERALIZED_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error getting last update date"); WOLFSSL_MSG("Error getting last update date");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@ -7931,10 +7931,10 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (crl->crlList->nextDate.data[0] != 0) { if (crl->crlList->nextDate[0] != 0) {
if (GetTimeString(crl->crlList->nextDate.data, ASN_UTC_TIME, if (GetTimeString(crl->crlList->nextDate, ASN_UTC_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
if (GetTimeString(crl->crlList->nextDate.data, ASN_GENERALIZED_TIME, if (GetTimeString(crl->crlList->nextDate, ASN_GENERALIZED_TIME,
tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error getting next update date"); WOLFSSL_MSG("Error getting next update date");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@ -8040,8 +8040,15 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
{ {
if ((crl != NULL) && (crl->crlList != NULL) && if ((crl != NULL) && (crl->crlList != NULL) &&
(crl->crlList->lastDate.data[0] != 0)) { (crl->crlList->lastDate[0] != 0)) {
return &crl->crlList->lastDate;
/* Copy date to an ASN1_TIME struct for returning to the caller. */
crl->crlList->lastDateAsn1.length = MAX_DATE_SIZE;
XMEMCPY (crl->crlList->lastDateAsn1.data, crl->crlList->lastDate,
crl->crlList->lastDateAsn1.length);
crl->crlList->lastDateAsn1.type = crl->crlList->lastDateFormat;
return &crl->crlList->lastDateAsn1;
} }
else else
return NULL; return NULL;
@ -8050,8 +8057,15 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl) WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
{ {
if ((crl != NULL) && (crl->crlList != NULL) && if ((crl != NULL) && (crl->crlList != NULL) &&
(crl->crlList->nextDate.data[0] != 0)) { (crl->crlList->nextDate[0] != 0)) {
return &crl->crlList->nextDate;
/* Copy date to an ASN1_TIME struct for returning to the caller. */
crl->crlList->nextDateAsn1.length = MAX_DATE_SIZE;
XMEMCPY (crl->crlList->nextDateAsn1.data, crl->crlList->nextDate,
crl->crlList->nextDateAsn1.length);
crl->crlList->nextDateAsn1.type = crl->crlList->nextDateFormat;
return &crl->crlList->nextDateAsn1;
} }
else else
return NULL; return NULL;

10
wolfcrypt/src/asn.c
View File

@ -35775,14 +35775,12 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0) if (GetNameHash(buf, &idx, dcrl->issuerHash, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (GetBasicDate(buf, &idx, dcrl->lastDate.data, if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0)
(byte*) &dcrl->lastDate.type, sz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
dateIdx = idx; dateIdx = idx;
if (GetBasicDate(buf, &idx, dcrl->nextDate.data, if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0)
(byte*) &dcrl->nextDate.type, sz) < 0)
{ {
#ifndef WOLFSSL_NO_CRL_NEXT_DATE #ifndef WOLFSSL_NO_CRL_NEXT_DATE
(void)dateIdx; (void)dateIdx;
@ -35799,8 +35797,8 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl,
#endif #endif
{ {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (verify != NO_VERIFY && !XVALIDATE_DATE(dcrl->nextDate.data, if (verify != NO_VERIFY &&
dcrl->nextDate.type, AFTER)) { !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR);
return CRL_CERT_DATE_ERR; return CRL_CERT_DATE_ERR;

10
wolfssl/internal.h
View File

@ -2211,8 +2211,14 @@ struct CRL_Entry {
byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
/* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
/* restore the hash here if needed for optimized comparisons */ /* restore the hash here if needed for optimized comparisons */
WOLFSSL_ASN1_TIME lastDate; /* last date updated */ byte lastDate[MAX_DATE_SIZE]; /* last date updated */
WOLFSSL_ASN1_TIME nextDate; /* next update date */ byte nextDate[MAX_DATE_SIZE]; /* next update date */
byte lastDateFormat; /* last date format */
byte nextDateFormat; /* next date format */
#if defined(OPENSSL_EXTRA)
WOLFSSL_ASN1_TIME lastDateAsn1; /* last date updated */
WOLFSSL_ASN1_TIME nextDateAsn1; /* next update date */
#endif
#ifdef CRL_STATIC_REVOKED_LIST #ifdef CRL_STATIC_REVOKED_LIST
RevokedCert certs[CRL_MAX_REVOKED_CERTS]; RevokedCert certs[CRL_MAX_REVOKED_CERTS];
#else #else

6
wolfssl/wolfcrypt/asn.h
View File

@ -2447,8 +2447,10 @@ struct DecodedCRL {
byte* signature; /* pointer into raw source, not owned */ byte* signature; /* pointer into raw source, not owned */
byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
WOLFSSL_ASN1_TIME lastDate; /* last date updated */ byte lastDate[MAX_DATE_SIZE]; /* last date updated */
WOLFSSL_ASN1_TIME nextDate; /* next update date */ byte nextDate[MAX_DATE_SIZE]; /* next update date */
byte lastDateFormat; /* format of last date */
byte nextDateFormat; /* format of next date */
RevokedCert* certs; /* revoked cert list */ RevokedCert* certs; /* revoked cert list */
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
byte* issuer; /* full name including common name */ byte* issuer; /* full name including common name */