abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix CRL parse error

Browse Source
This commit is contained in:
Zhi Guan
2023-02-05 23:42:42 +08:00
parent 58c0bca3a2
commit 5271f84df1
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/x509_crl.c
View File

@@ -1336,8 +1336,8 @@ int x509_tbs_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint
if ((ret = asn1_int_from_der(&val, &d, &dlen)) < 0) goto err;
if (ret) format_print(fp, fmt, ind, "version: %s (%d)\n", x509_version_name(val), val);
if (x509_signature_algor_from_der(&val, &d, &dlen) != 1) goto err;
format_print(fp, fmt, ind, "signature: %s\n", x509_signature_algor_name(val));
if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
x509_signature_algor_print(fp, fmt, ind, "signature", p, len);
if (x509_name_from_der(&p, &len, &d, &dlen) != 1) goto err;
x509_name_print(fp, fmt, ind, "issuer", p, len);
if (x509_time_from_der(&tv, &d, &dlen) != 1) goto err;
@@ -1537,9 +1537,12 @@ int x509_crl_get_details(const uint8_t *a, size_t alen,
const uint8_t **exts, size_t *exts_len,
int *sig_alg, const uint8_t **sig, size_t *siglen)
{
const uint8_t *crl_tbs;
size_t crl_tbslen;
int crl_sig_alg;
const uint8_t *crl_sig;
size_t crl_siglen;
struct {
int version;
int sig_alg;
@@ -1549,13 +1552,18 @@ int x509_crl_get_details(const uint8_t *a, size_t alen,
const uint8_t *exts; size_t exts_len;
} tbs;
if (x509_signed_from_der(&crl_tbs, &crl_tbslen, &crl_sig_alg, &crl_sig, &crl_siglen, &a, &alen) != 1
|| asn1_length_is_zero(alen) != 1) {
error_print();
return -1;
}
if (x509_tbs_crl_from_der(
&tbs.version, &tbs.sig_alg,
&tbs.issuer, &tbs.issuer_len,
&tbs.this_update, &tbs.next_update,
&tbs.revoked_certs, &tbs.revoked_certs_len,
&tbs.exts, &tbs.exts_len, &a, &alen) != 1
|| asn1_length_is_zero(alen) != 1) {
&tbs.exts, &tbs.exts_len, &crl_tbs, &crl_tbslen) != 1
|| asn1_length_is_zero(crl_tbslen) != 1) {
error_print();
return -1;
}

1
tests/http_crltest.c
View File

@@ -38,6 +38,7 @@ static int test_x509_crl_new_from_uri(void)
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
if (x509_crl_new_from_uri(&crl, &crl_len, tests[i], strlen(tests[i])) != 1) {
error_print();
fprintf(stderr, "test %zu: %s\n", i, tests[i]);
return -1;
}
x509_crl_print(stderr, 0, 0, "CRL", crl, crl_len);