commit f1358acdc7747e95b7fba86c0ad19558fb03d518
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jul 30 16:03:06 2019 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jul 30 16:56:58 2019 +0200
tree 9bd865db82f6feefe14c965461550819eadbbdeb
parent 80eaddfc36444ccc8fff73b98e6a7f9a86dceafd

Fix bug in MBEDTLS_X509_CRT_REMOVE_TIME

When looking for a parent, all candidates were considered time-invalid due to
the #ifdef incorrectly including the `parent_valid = 1` line.

When MBEDTLS_HAVE_TIME_DATE is unset the time-validity of certificates is
never checked and always treated as valid. This is usually achieved by proper
usage of mbedtls_x509_time_is_past() and mbedtls_x509_time_is_future() (and
their definition when we don't HAVE_TIME_DATE).

Here the calls to these functions needs to be guarded by
MBEDTLS_X509_CRT_REMOVE_TIME as they access struct members whose presence is
controlled by this option. But the "valid" branch should still always be taken.

(Note: MBEDTLS_X509_CRT_REMOVE_TIME being set forces MBEDTLS_HAVE_TIME_DATE to
be unset, as enforce by check_config.h.)

This bug was found by `all.sh test_baremetal` - no need for a new test.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 7a667cd..0c158f8 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2972,10 +2972,10 @@
 #if !defined(MBEDTLS_X509_CRT_REMOVE_TIME)
             if( !mbedtls_x509_time_is_past( &parent->valid_to ) &&
                 !mbedtls_x509_time_is_future( &parent->valid_from ) )
+#endif /* !MBEDTLS_X509_CRT_REMOVE_TIME */
             {
                 parent_valid = 1;
             }
-#endif /* !MBEDTLS_X509_CRT_REMOVE_TIME */
 
             /* basic parenting skills (name, CA bit, key usage) */
             if( x509_crt_check_parent( child_sig, parent, top ) == 0 )