Skip to content

Commit

Permalink
Merge pull request wolfSSL#8101 from miyazakh/tsip_ca_add
Browse files Browse the repository at this point in the history 
Check Root CA by TSIP before adding it to ca-table
  • Loading branch information
@dgarske
dgarske authored Oct 29, 2024
2 parents 2b8d43c + a14d7db commit b982314
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 26 deletions.
25 changes: 21 additions & 4 deletions IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,32 @@

#include <wolfssl/wolfcrypt/wc_port.h>

#define YEAR 2024
#define MON 7

static int tick = 0;

#define YEAR ( \
((__DATE__)[7] - '0') * 1000 + \
((__DATE__)[8] - '0') * 100 + \
((__DATE__)[9] - '0') * 10 + \
((__DATE__)[10] - '0') * 1 \
)

#define MONTH ( \
__DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
: __DATE__[2] == 'b' ? 2 \
: __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
: __DATE__[2] == 'y' ? 5 \
: __DATE__[2] == 'l' ? 7 \
: __DATE__[2] == 'g' ? 8 \
: __DATE__[2] == 'p' ? 9 \
: __DATE__[2] == 't' ? 10 \
: __DATE__[2] == 'v' ? 11 \
: 12 \
)

time_t time(time_t *t)
{
(void)t;
return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
}

#include <ctype.h>
Expand Down
1 change: 1 addition & 0 deletions IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ extern "C" {
static long tick;
static void timeTick(void *pdata)
{
(void)pdata;
tick++;
}

Expand Down
45 changes: 23 additions & 22 deletions src/ssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5569,6 +5569,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
row = HashSigner(signer->subjectNameHash);
#endif

#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* Verify CA by TSIP so that generated tsip key is going to */
/* be able to be used for peer's cert verification */
/* TSIP is only able to handle USER CA, and only one CA. */
/* Therefore, it doesn't need to call TSIP again if there is already */
/* verified CA. */
if ( ret == 0 && signer != NULL ) {
signer->cm_idx = row;
if (type == WOLFSSL_USER_CA) {
if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source,
cert->maxIdx,
cert->sigCtx.CertAtt.pubkey_n_start,
cert->sigCtx.CertAtt.pubkey_n_len - 1,
cert->sigCtx.CertAtt.pubkey_e_start,
cert->sigCtx.CertAtt.pubkey_e_len - 1,
row/* cm index */))
< 0)
WOLFSSL_MSG("Renesas_RootCertVerify() failed");
else
WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
}
}
#endif /* TSIP or SCE */

if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) {
signer->next = cm->caTable[row];
Expand All @@ -5582,28 +5605,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
ret = BAD_MUTEX_E;
}
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
/* Verify CA by TSIP so that generated tsip key is going to be able to */
/* be used for peer's cert verification */
/* TSIP is only able to handle USER CA, and only one CA. */
/* Therefore, it doesn't need to call TSIP again if there is already */
/* verified CA. */
if ( ret == 0 && signer != NULL ) {
signer->cm_idx = row;
if (type == WOLFSSL_USER_CA) {
if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx,
cert->sigCtx.CertAtt.pubkey_n_start,
cert->sigCtx.CertAtt.pubkey_n_len - 1,
cert->sigCtx.CertAtt.pubkey_e_start,
cert->sigCtx.CertAtt.pubkey_e_len - 1,
row/* cm index */))
< 0)
WOLFSSL_MSG("Renesas_RootCertVerify() failed");
else
WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped");
}
}
#endif /* TSIP or SCE */

WOLFSSL_MSG("\tFreeing Parsed CA");
FreeDecodedCert(cert);
Expand Down

0 comments on commit b982314

Please sign in to comment.