From a788cab46d267d53f5c76bf867f85a19848b8e82 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 24 Feb 2019 17:47:46 +0000
Subject: [PATCH] Check validity of potential parent before checking signature

The function `x509_crt_find_parent_in()` traverses a list of CRTs
to find a potential parent to a given CRT. So far, the logic was
the following: For each candidate,
- check basic parenting skills (mostly name match)
- verify signature
- verify validity
This order is insuitable for the new acquire/release layer of
indirection when dealing with CRTs, because we either have to
query the candidate's CRT frame twice, or query frame and PK
simultaneously.

This commit moves the validity check to the beginning of the
routine to allow querying for the frame and then for the PK.

The entry point for restartable ECC needs to be moved for that
to not forget the validity-flag while pausing ECC computations.
---
 library/x509_crt.c | 39 ++++++++++++++++++++++++++-------------
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 29938c232..efacf9ba9 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2346,21 +2346,35 @@ static int x509_crt_find_parent_in(
 
     for( parent = candidates; parent != NULL; parent = parent->next )
     {
-        /* basic parenting skills (name, CA bit, key usage) */
-        if( x509_crt_check_parent( child, parent, top ) != 0 )
-            continue;
+        int parent_valid, parent_match, path_len_ok;
 
-        /* +1 because stored max_pathlen is 1 higher that the actual value */
-        if( parent->max_pathlen > 0 &&
-            (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt )
-        {
-            continue;
-        }
-
-        /* Signature */
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 check_signature:
 #endif
+
+        parent_valid = parent_match = path_len_ok = 0;
+
+        if( mbedtls_x509_time_is_past( &parent->valid_from ) &&
+            mbedtls_x509_time_is_future( &parent->valid_to ) )
+        {
+            parent_valid = 1;
+        }
+
+        /* basic parenting skills (name, CA bit, key usage) */
+        if( x509_crt_check_parent( child, parent, top ) == 0 )
+            parent_match = 1;
+
+        /* +1 because stored max_pathlen is 1 higher that the actual value */
+        if( !( parent->max_pathlen > 0 &&
+               (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) )
+        {
+            path_len_ok = 1;
+        }
+
+        if( parent_match == 0 || path_len_ok == 0 )
+            continue;
+
+        /* Signature */
         ret = x509_crt_check_signature( child, parent, rs_ctx );
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -2382,8 +2396,7 @@ check_signature:
             continue;
 
         /* optional time check */
-        if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
-            mbedtls_x509_time_is_future( &parent->valid_from ) )
+        if( !parent_valid )
         {
             if( fallback_parent == NULL )
             {