TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1439b09049800c40186d73867cda3624215fe1a8^! / .
commit1439b09049800c40186d73867cda3624215fe1a8[log] [tgz]
authorJaeden Amero <jaeden.amero@arm.com>Wed Apr 24 11:20:31 2019 +0100
committerJaeden Amero <jaeden.amero@arm.com>Wed Apr 24 11:20:31 2019 +0100
tree3e9ef6b4421a3e5ade3017fa98df866c22529758
parent2c8d9498339e97264c792f4d3da6549b6cba8191 [diff]
parent80d0419189af17557771477dbec1c8dc24b5ad04 [diff]
Merge remote-tracking branch 'origin/pr/2540' into development

* origin/pr/2540:
  Add guards for MBEDTLS_X509_CRL_PARSE_C in sample

diff --git a/ChangeLog b/ChangeLog
index c6feb63..58ff147 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -31,6 +31,8 @@
      public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation
      in case operators binding less strongly than subtraction were used
      for the parameter.
+   * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
+     sni entry parameter. Reported by inestlerode in #560.
 
 Changes
    * Server's RSA certificate in certs.c was SHA-1 signed. In the default

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 9fe797e..5ee90ac 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -290,8 +290,14 @@
 #endif /* MBEDTLS_SSL_CACHE_C */
 
 #if defined(SNI_OPTION)
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+#define SNI_CRL              ",crl"
+#else
+#define SNI_CRL              ""
+#endif
+
 #define USAGE_SNI                                                           \
-    "    sni=%%s              name1,cert1,key1,ca1,crl1,auth1[,...]\n"  \
+    "    sni=%%s              name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n"  \
     "                        default: disabled\n"
 #else
 #define USAGE_SNI ""
@@ -725,10 +731,10 @@
 
         mbedtls_x509_crt_free( cur->ca );
         mbedtls_free( cur->ca );
-
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
         mbedtls_x509_crl_free( cur->crl );
         mbedtls_free( cur->crl );
-
+#endif
         next = cur->next;
         mbedtls_free( cur );
         cur = next;
@@ -747,7 +753,10 @@
     sni_entry *cur = NULL, *new = NULL;
     char *p = sni_string;
     char *end = p;
-    char *crt_file, *key_file, *ca_file, *crl_file, *auth_str;
+    char *crt_file, *key_file, *ca_file, *auth_str;
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+    char *crl_file;
+#endif
 
     while( *end != '\0' )
         ++end;
@@ -765,7 +774,9 @@
         GET_ITEM( crt_file );
         GET_ITEM( key_file );
         GET_ITEM( ca_file );
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
         GET_ITEM( crl_file );
+#endif
         GET_ITEM( auth_str );
 
         if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
@@ -790,6 +801,7 @@
                 goto error;
         }
 
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
         if( strcmp( crl_file, "-" ) != 0 )
         {
             if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
@@ -800,6 +812,7 @@
             if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
                 goto error;
         }
+#endif
 
         if( strcmp( auth_str, "-" ) != 0 )
         {