Fix CRL_STATIC_REVOKED_LIST binary search bugs in FindRevokedSerial

The CRL_STATIC_REVOKED_LIST code path stored revoked certificates in a
fixed array but never sorted it after parsing, causing binary search to
silently miss revoked serials when entries arrived in non-sorted wire
order. Additionally, comparisons used rc[0].serialSz instead of
rc[mid].serialSz, omitted the length-equality check before XMEMCMP,
and ignored the serialHash lookup path entirely (causing a NULL
dereference when hash-based lookup was used).

Fixes:
- Sort the revoked cert array in InitCRL_Entry after populating it
- Use rc[mid].serialSz instead of rc->serialSz in binary search
- Add serialSz equality check before XMEMCMP, matching linked-list path
- Implement serialHash-based linear scan for hash lookup callers

Add unit test that loads a CRL with serials in unsorted wire order and
verifies that a revoked certificate is correctly detected.

Author: LinuxJedi

src/crl.c

@@ -98,6 +98,35 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
 }
 
 
+#ifdef CRL_STATIC_REVOKED_LIST
+/* Compare two RevokedCert entries by (serialSz, serialNumber) for sorting.
+ * Returns < 0, 0, or > 0 like memcmp. */
+static int CompareRevokedCert(const RevokedCert* a, const RevokedCert* b)
+{
+    if (a->serialSz != b->serialSz)
+        return a->serialSz - b->serialSz;
+    return XMEMCMP(a->serialNumber, b->serialNumber, (size_t)a->serialSz);
+}
+
+/* Sort revoked cert array in-place using insertion sort. The array is bounded
+ * by CRL_MAX_REVOKED_CERTS so O(n^2) is fine. */
+static void SortCRL_CertList(RevokedCert* certs, int totalCerts)
+{
+    int i, j;
+    RevokedCert tmp;
+
+    for (i = 1; i < totalCerts; i++) {
+        XMEMCPY(&tmp, &certs[i], sizeof(RevokedCert));
+        j = i - 1;
+        while (j >= 0 && CompareRevokedCert(&certs[j], &tmp) > 0) {
+            XMEMCPY(&certs[j + 1], &certs[j], sizeof(RevokedCert));
+            j--;
+        }
+        XMEMCPY(&certs[j + 1], &tmp, sizeof(RevokedCert));
+    }
+}
+#endif /* CRL_STATIC_REVOKED_LIST */
+
 /* Initialize CRL Entry */
 static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
                          int verified, void* heap)
@@ -132,12 +161,15 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff,
 #endif
 #ifdef CRL_STATIC_REVOKED_LIST
     /* ParseCRL_CertList() has already cached the Revoked certs into
-       the crle->certs array */
+       the crle->certs array. Sort it so binary search in
+       FindRevokedSerial works correctly. */
+    crle->totalCerts = dcrl->totalCerts;
+    SortCRL_CertList(crle->certs, crle->totalCerts);
 #else
     crle->certs = dcrl->certs;   /* take ownership */
+    crle->totalCerts = dcrl->totalCerts;
 #endif
     dcrl->certs = NULL;
-    crle->totalCerts = dcrl->totalCerts;
     crle->crlNumberSet = dcrl->crlNumberSet;
     if (crle->crlNumberSet) {
         XMEMCPY(crle->crlNumber, dcrl->crlNumber, sizeof(crle->crlNumber));
@@ -313,25 +345,52 @@ static int FindRevokedSerial(RevokedCert* rc, byte* serial, int serialSz,
     int ret = 0;
     byte hash[SIGNER_DIGEST_SIZE];
 #ifdef CRL_STATIC_REVOKED_LIST
-    /* do binary search */
-    int low, high, mid;
+    if (serialHash == NULL) {
+        /* Binary search by (serialSz, serialNumber). The array was sorted in
+         * InitCRL_Entry by the same comparison key. */
+        int low = 0;
+        int high = totalCerts - 1;
 
-    low = 0;
-    high = totalCerts - 1;
+        while (low <= high) {
+            int mid = (low + high) / 2;
+            int cmp;
 
-    while (low <= high) {
-        mid = (low + high) / 2;
+            /* Compare by serial size first, then by serial content. Shorter
+             * serials sort before longer ones. */
+            if (rc[mid].serialSz != serialSz) {
+                cmp = rc[mid].serialSz - serialSz;
+            }
+            else {
+                cmp = XMEMCMP(rc[mid].serialNumber, serial,
+                              (size_t)rc[mid].serialSz);
+            }
 
-        if (XMEMCMP(rc[mid].serialNumber, serial, rc->serialSz) < 0) {
-            low = mid + 1;
-        }
-        else if (XMEMCMP(rc[mid].serialNumber, serial, rc->serialSz) > 0) {
-            high = mid - 1;
+            if (cmp < 0) {
+                low = mid + 1;
+            }
+            else if (cmp > 0) {
+                high = mid - 1;
+            }
+            else {
+                WOLFSSL_MSG("Cert revoked");
+                ret = CRL_CERT_REVOKED;
+                break;
+            }
         }
-        else {
-            WOLFSSL_MSG("Cert revoked");
-            ret = CRL_CERT_REVOKED;
-            break;
+    }
+    else {
+        /* Hash-based lookup -- linear scan required since the array is sorted
+         * by serial number, not by hash. */
+        int i;
+        for (i = 0; i < totalCerts; i++) {
+            ret = CalcHashId(rc[i].serialNumber, (word32)rc[i].serialSz, hash);
+            if (ret != 0)
+                break;
+            if (XMEMCMP(hash, serialHash, SIGNER_DIGEST_SIZE) == 0) {
+                WOLFSSL_MSG("Cert revoked");
+                ret = CRL_CERT_REVOKED;
+                break;
+            }
         }
     }
 #else

tests/api/test_certman.c

@@ -1781,6 +1781,118 @@ int test_wolfSSL_CertManagerCRL(void)
     return EXPECT_RESULT();
 }
 
+int test_wolfSSL_CRL_static_revoked_list(void)
+{
+    EXPECT_DECLS;
+#if defined(CRL_STATIC_REVOKED_LIST) && defined(HAVE_CRL) && \
+    !defined(NO_RSA) && !defined(NO_CERTS)
+    /* CRL signed by certs/ca-cert.pem that revokes serials 05, 02, 01 in that
+     * (unsorted) wire order. The unsorted order exposes a binary search bug in
+     * FindRevokedSerial when CRL_STATIC_REVOKED_LIST is enabled: the revoked
+     * cert array is never sorted after parsing, so binary search misses entries
+     * that are out of order.
+     *
+     * Generated with Python cryptography library:
+     *   builder.add_revoked_certificate(serial=5)
+     *   builder.add_revoked_certificate(serial=2)
+     *   builder.add_revoked_certificate(serial=1)
+     *   crl = builder.sign(ca_key, hashes.SHA256())
+     */
+    static const unsigned char crl_multi_revoked[] = {
+        0x30, 0x82, 0x02, 0x1D, 0x30, 0x82, 0x01, 0x05,
+        0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A,
+        0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
+        0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30,
+        0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+        0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
+        0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
+        0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11,
+        0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+        0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74,
+        0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+        0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73,
+        0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18,
+        0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+        0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86,
+        0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16,
+        0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x31, 0x30,
+        0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A,
+        0x17, 0x0D, 0x33, 0x36, 0x30, 0x31, 0x30, 0x31,
+        0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x30,
+        0x3C, 0x30, 0x12, 0x02, 0x01, 0x05, 0x17, 0x0D,
+        0x32, 0x33, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30,
+        0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x12, 0x02,
+        0x01, 0x02, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x32,
+        0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+        0x5A, 0x30, 0x12, 0x02, 0x01, 0x01, 0x17, 0x0D,
+        0x32, 0x33, 0x30, 0x33, 0x30, 0x31, 0x30, 0x30,
+        0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x0D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
+        0x00, 0x15, 0x9F, 0xC1, 0x9E, 0x17, 0xB3, 0x5A,
+        0xF1, 0x48, 0xA5, 0x87, 0x2A, 0x84, 0xD1, 0x93,
+        0x8D, 0x19, 0x24, 0xCB, 0xC5, 0x32, 0x56, 0x10,
+        0x6C, 0x4D, 0xF5, 0xD1, 0x9A, 0xC0, 0x1A, 0x8B,
+        0x1C, 0x84, 0x6B, 0x4B, 0x20, 0xA7, 0xA4, 0x2C,
+        0x11, 0x5C, 0x23, 0xBD, 0x0C, 0xB1, 0x33, 0xBE,
+        0x38, 0x1B, 0xCB, 0xDB, 0x8E, 0xD4, 0x0F, 0x62,
+        0x0D, 0xB5, 0x18, 0x21, 0x28, 0x0B, 0x77, 0xB9,
+        0xB4, 0xA8, 0xE9, 0xA0, 0x25, 0x00, 0x83, 0xED,
+        0x64, 0x49, 0x8E, 0x52, 0xD9, 0x8D, 0xAF, 0xC2,
+        0x16, 0x3E, 0xD3, 0x93, 0x09, 0xB9, 0x18, 0xBB,
+        0x6C, 0x41, 0xDF, 0x59, 0x59, 0x53, 0x8C, 0x64,
+        0x8B, 0xD1, 0x9D, 0xBB, 0x92, 0x8F, 0xB2, 0x26,
+        0x27, 0x78, 0x41, 0xFB, 0xF8, 0xB1, 0x2F, 0x8F,
+        0xA1, 0x85, 0xB6, 0xC7, 0x8E, 0x42, 0x72, 0xEF,
+        0xF4, 0x3F, 0xC4, 0xAF, 0x40, 0x95, 0xCA, 0x94,
+        0xE5, 0x88, 0x89, 0x18, 0x32, 0x54, 0xC3, 0xC4,
+        0xBE, 0x7E, 0x48, 0x1B, 0x3D, 0xB3, 0x6C, 0x11,
+        0x54, 0x6F, 0x9E, 0xFE, 0x09, 0x5B, 0x72, 0x3F,
+        0xD7, 0xA0, 0x02, 0xFF, 0x43, 0x01, 0xFE, 0x23,
+        0xF8, 0x72, 0xCD, 0xA9, 0x76, 0x36, 0x31, 0x78,
+        0x21, 0xCB, 0x0E, 0xC2, 0x25, 0x8D, 0x0B, 0x4C,
+        0x2C, 0xAA, 0x6A, 0x80, 0x6E, 0xE2, 0x1E, 0xAC,
+        0x70, 0x5D, 0x4A, 0xAA, 0x56, 0x17, 0xF0, 0x2D,
+        0xA2, 0x2A, 0x4E, 0x2B, 0xC8, 0xC9, 0x87, 0x8E,
+        0x07, 0xEB, 0xD8, 0x36, 0x42, 0x39, 0xA0, 0xA4,
+        0xF6, 0x34, 0xC2, 0x5F, 0xE1, 0x21, 0x07, 0x50,
+        0x4B, 0x37, 0x15, 0x7D, 0xF9, 0x18, 0x54, 0x13,
+        0xC0, 0x1D, 0x0A, 0x27, 0x3A, 0x63, 0xD2, 0xC3,
+        0xD5, 0x57, 0x5E, 0x67, 0x56, 0x65, 0x9E, 0x2E,
+        0x4D, 0xB4, 0x96, 0x54, 0x7A, 0x3D, 0xFD, 0xF9,
+        0xCF, 0xCD, 0x10, 0x65, 0x05, 0x97, 0x53, 0x72,
+        0x12
+    };
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+
+    /* Set up CertManager with the CA and CRL checking enabled */
+    ExpectNotNull(cm = wolfSSL_CertManagerNew());
+    ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL),
+        WOLFSSL_SUCCESS);
+
+    /* Load the CRL that revokes serials {05, 02, 01} in unsorted wire order */
+    ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_multi_revoked,
+        sizeof(crl_multi_revoked), WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+
+    /* server-cert.pem has serial 01, which is in the CRL but at the last
+     * position in the unsorted array. Binary search on unsorted data misses
+     * it, so this assertion fails before the bug fix. */
+    ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048,
+        sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
+
+    wolfSSL_CertManagerFree(cm);
+#endif
+    return EXPECT_RESULT();
+}
+
 int test_wolfSSL_CRL_duplicate_extensions(void)
 {
     EXPECT_DECLS;

tests/api/test_certman.h

@@ -36,6 +36,7 @@ int test_wolfSSL_CertManagerNameConstraint3(void);
 int test_wolfSSL_CertManagerNameConstraint4(void);
 int test_wolfSSL_CertManagerNameConstraint5(void);
 int test_wolfSSL_CertManagerCRL(void);
+int test_wolfSSL_CRL_static_revoked_list(void);
 int test_wolfSSL_CRL_duplicate_extensions(void);
 int test_wolfSSL_CertManagerCheckOCSPResponse(void);
 int test_various_pathlen_chains(void);
@@ -53,6 +54,7 @@ int test_various_pathlen_chains(void);
     TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerNameConstraint4),    \
     TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerNameConstraint5),    \
     TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerCRL),                \
+    TEST_DECL_GROUP("certman", test_wolfSSL_CRL_static_revoked_list),      \
     TEST_DECL_GROUP("certman", test_wolfSSL_CRL_duplicate_extensions),      \
     TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerCheckOCSPResponse),  \
     TEST_DECL_GROUP("certman", test_various_pathlen_chains)