commit 6f61b7bb5c26b91d175edaf6e6378210bc10bb5d
author Hanno Becker <hanno.becker@arm.com> Mon Jun 10 11:12:33 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Thu Jul 04 14:03:26 2019 +0100
tree e7931ebc46044c8d993ac4f2cf65b575458d19a8
parent c00cceaa3f4cb953ab6fb73ed5a5f5e3cedabe85

Remove 'CRT fallback' during X.509 CRT verification if !TIME_DATE

include/mbedtls/x509_crt.h

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 3eee460..5212e67 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -235,8 +235,11 @@
 
     /* for find_parent_in() */
     mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
     mbedtls_x509_crt *fallback_parent;
     int fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
     /* for find_parent() */
     int parent_is_trusted; /* -1 if find_parent is not in progress */

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index eb3ee99..24ef0e6 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2844,8 +2844,13 @@
                         mbedtls_x509_crt_restart_ctx *rs_ctx )
 {
     int ret;
-    mbedtls_x509_crt *parent_crt, *fallback_parent;
-    int signature_is_good, fallback_signature_is_good;
+    mbedtls_x509_crt *parent_crt;
+    int signature_is_good;
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+    mbedtls_x509_crt *fallback_parent;
+    int fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
     /* did we have something in progress? */
@@ -2853,21 +2858,27 @@
     {
         /* restore saved state */
         parent_crt = rs_ctx->parent;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
         fallback_parent = rs_ctx->fallback_parent;
         fallback_signature_is_good = rs_ctx->fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
         /* clear saved state */
         rs_ctx->parent = NULL;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
         rs_ctx->fallback_parent = NULL;
         rs_ctx->fallback_signature_is_good = 0;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
         /* resume where we left */
         goto check_signature;
     }
 #endif
 
+#if defined(MBEDTLS_HAVE_TIME_DATE)
     fallback_parent = NULL;
     fallback_signature_is_good = 0;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
     for( parent_crt = candidates; parent_crt != NULL;
          parent_crt = parent_crt->next )
@@ -2918,8 +2929,10 @@
         {
             /* save state */
             rs_ctx->parent = parent_crt;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
             rs_ctx->fallback_parent = fallback_parent;
             rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
             return( ret );
         }
@@ -2934,11 +2947,13 @@
         /* optional time check */
         if( !parent_valid )
         {
+#if defined(MBEDTLS_HAVE_TIME_DATE)
             if( fallback_parent == NULL )
             {
                 fallback_parent = parent_crt;
                 fallback_signature_is_good = signature_is_good;
             }
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
             continue;
         }
@@ -2953,8 +2968,12 @@
     }
     else
     {
+#if defined(MBEDTLS_HAVE_TIME_DATE)
         *r_parent = fallback_parent;
         *r_signature_is_good = fallback_signature_is_good;
+#else /* MBEDTLS_HAVE_TIME_DATE */
+        *r_parent = NULL;
+#endif /* !MBEDTLS_HAVE_TIME_DATE */
     }
 
     return( 0 );
@@ -3643,8 +3662,10 @@
     mbedtls_pk_restart_init( &ctx->pk );
 
     ctx->parent = NULL;
+#if defined(MBEDTLS_HAVE_TIME_DATE)
     ctx->fallback_parent = NULL;
     ctx->fallback_signature_is_good = 0;
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
     ctx->parent_is_trusted = -1;