Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRL improvements and update callback #8006

Merged
merged 6 commits into from
Nov 19, 2024
Merged

CRL improvements and update callback #8006

merged 6 commits into from
Nov 19, 2024

Conversation

ColtonWilley
Copy link
Contributor

@ColtonWilley ColtonWilley commented Sep 23, 2024
edited
Loading

Description

CRL improvements, add parsing for CRL number, do not allow CRL duplicates, add callback for when CRL entry is updated.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

dgarske
dgarske requested changes Sep 23, 2024
View reviewed changes
src/ssl_certman.c Show resolved Hide resolved
src/crl.c Outdated Show resolved Hide resolved
wolfssl/ssl.h Show resolved Hide resolved
SparkiDev
SparkiDev requested changes Sep 25, 2024
View reviewed changes
Copy link
Contributor

@SparkiDev SparkiDev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy with the update code.

src/crl.c Show resolved Hide resolved
wolfcrypt/src/asn.c Outdated Show resolved Hide resolved
@dgarske dgarske assigned dgarske and wolfSSL-Bot and unassigned ColtonWilley Nov 15, 2024
@dgarske dgarske assigned ColtonWilley and unassigned dgarske Nov 15, 2024
@dgarske dgarske requested review from dgarske and removed request for dgarske November 15, 2024 19:33
SparkiDev
SparkiDev requested changes Nov 18, 2024
View reviewed changes
wolfcrypt/src/asn.c Outdated Show resolved Hide resolved
dgarske
dgarske requested changes Nov 18, 2024
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please resolve merge conflicts.

dgarske
dgarske requested changes Nov 18, 2024
View reviewed changes
src/crl.c Outdated
}

#ifdef WOLFSSL_SMALL_STACK
dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: This line is over 80 characters.

overlong lines added:
src/crl.c:794     dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);

wolfssl/ssl.h Outdated
sword32 crlNumber;
} CrlInfo;

typedef void (*CbUpdateCRL)(CrlInfo* old, CrlInfo* new);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You cannot use new as a variable name with g++ compiler...

configure:41488: g++-13 -c -DHAVE_CRL_UPDATE_CB   -Werror -g -ggdb -O0 -Wno-pragmas -Wall -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wnormalized=id -Wpointer-arith -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv -DHAVE_CONFIG_H -I. -I. -DNO_WOLFSSL_CIPHER_SUITE_TEST -DWOLFSSL_OLD_PRIME_CHECK conftest.c >&5
In file included from ./wolfssl/openssl/ssl.h:37,
                 from ./wolfssl/openssl/aes.h:44,
                 from conftest.c:70:
./wolfssl/ssl.h:3507:52: error: expected ',' or '...' before 'new'
 3507 | typedef void (*CbUpdateCRL)(CrlInfo* old, CrlInfo* new);
      |                                                    ^~~
configure:41488: $? = 1
configure: failed program was:

src/crl.c Outdated
CRL_Entry* prev = NULL;
#ifdef HAVE_CRL_UPDATE_CB
CrlInfo old;
CrlInfo new;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here with g++:

[quantum-safe-wolfssl-all-g++-latest-debug] [6 of 36] [55be5035a0-dirty]
    autogen.sh 55be5035a0-dirty...   real 0m10.586s  user 0m8.680s  sys 0m1.088s
    configure...   real 0m25.038s  user 0m13.907s  sys 0m13.286s
    build...src/crl.c: In function ‘int AddCRL(WOLFSSL_CRL*, DecodedCRL*, const byte*, int)’:
src/crl.c:599:13: error: expected unqualified-id before ‘new’
  599 |     CrlInfo new;

tests/api.c Show resolved Hide resolved
wolfssl/ssl.h
@@ -3953,6 +3969,12 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm,
CbCrlIO cb);
#endif
#ifdef HAVE_CRL_UPDATE_CB
WOLFSSL_API int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional fix. Note lots of other occurrences in this file, please don't worry about those.

overlong lines added:
wolfssl/ssl.h:3973     WOLFSSL_API int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info,

@dgarske dgarske merged commit 261ddc1 into wolfSSL:master Nov 19, 2024
143 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SparkiDev SparkiDev SparkiDev approved these changes

@dgarske dgarske dgarske approved these changes

Assignees

@ColtonWilley ColtonWilley

@wolfSSL-Bot wolfSSL-Bot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ColtonWilley @dgarske @SparkiDev @wolfSSL-Bot