mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5126 from JacobBarthelmeh/crl

Browse Source 
do not error out on CRL next date if using NO_VERIFY
This commit is contained in:
David Garske 2022-05-12 08:44:29 -07:00 committed by GitHub
commit 7a95be1a97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/crl.c
View File

@ -497,7 +497,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
#endif #endif
InitDecodedCRL(dcrl, crl->heap); InitDecodedCRL(dcrl, crl->heap);
ret = ParseCRL(dcrl, myBuffer, (word32)sz, crl->cm); ret = ParseCRL(dcrl, myBuffer, (word32)sz, verify, crl->cm);
if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) { if (ret != 0 && !(ret == ASN_CRL_NO_SIGNER_E && verify == NO_VERIFY)) {
WOLFSSL_MSG("ParseCRL error"); WOLFSSL_MSG("ParseCRL error");
} }

13
wolfcrypt/src/asn.c
View File

@ -31566,7 +31566,7 @@ static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm)
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf, static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
word32* inOutIdx, int sz) word32* inOutIdx, int sz, int verify)
{ {
word32 oid, dateIdx, idx, checkIdx; word32 oid, dateIdx, idx, checkIdx;
int version; int version;
@ -31616,7 +31616,8 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf,
#endif #endif
{ {
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
return CRL_CERT_DATE_ERR; return CRL_CERT_DATE_ERR;
} }
@ -31927,7 +31928,8 @@ enum {
#endif #endif
/* parse crl buffer into decoded state, 0 on success */ /* parse crl buffer into decoded state, 0 on success */
int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, int verify,
void* cm)
{ {
#ifndef WOLFSSL_ASN_TEMPLATE #ifndef WOLFSSL_ASN_TEMPLATE
Signer* ca = NULL; Signer* ca = NULL;
@ -31956,7 +31958,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
return ASN_PARSE_E; return ASN_PARSE_E;
dcrl->sigIndex = len + idx; dcrl->sigIndex = len + idx;
if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex) < 0) if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex, verify) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0) if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0)
@ -32079,7 +32081,8 @@ end:
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
if (dcrl->nextDateFormat != 0) { if (dcrl->nextDateFormat != 0) {
/* Next date was set, so validate it. */ /* Next date was set, so validate it. */
if (!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { if (verify != NO_VERIFY &&
!XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_MSG("CRL after date is no longer valid");
ret = CRL_CERT_DATE_ERR; ret = CRL_CERT_DATE_ERR;
} }

2
wolfssl/wolfcrypt/asn.h
View File

@ -2271,7 +2271,7 @@ WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
word32 signatureOID, Signer *ca, word32 signatureOID, Signer *ca,
void* heap); void* heap);
WOLFSSL_LOCAL int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, WOLFSSL_LOCAL int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz,
void* cm); int verify, void* cm);
WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl); WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl);