Remove sig_oid parameter from mbedtls_x509_sig_alg_gets()

The function `mbedtls_x509_sig_alg_gets()` previously needed the
raw ASN.1 OID string even though it is implicit in the PK and MD
parameters.

This commit modifies `mbedtls_x509_sig_alg_gets()` to infer the OID
and remove it from the parameters.

This will be needed for the new X.509 CRT structure which will
likely not store the signature OID.

Care has to be taken to handle the case of RSASSA-PSS correctly,
where the hash algorithm in the OID list is set to MBEDTLS_MD_NONE
because it's only determined by the algorithm parameters.
This commit is contained in:
Hanno Becker 2019-02-21 17:13:46 +00:00
parent f226998fa2
commit 83cd8676fa
5 changed files with 29 additions and 14 deletions

View file

@ -305,8 +305,9 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial );
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag );
#if !defined(MBEDTLS_X509_REMOVE_INFO)
int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
int mbedtls_x509_sig_alg_gets( char *buf, size_t size,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const void *sig_opts );
#endif

View file

@ -841,20 +841,34 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
/*
* Helper for writing signature algorithms
*/
int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const void *sig_opts )
int mbedtls_x509_sig_alg_gets( char *buf, size_t size, mbedtls_pk_type_t pk_alg,
mbedtls_md_type_t md_alg, const void *sig_opts )
{
int ret;
char *p = buf;
size_t n = size;
const char *desc = NULL;
mbedtls_x509_buf sig_oid;
mbedtls_md_type_t tmp_md_alg = md_alg;
ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
if( ret != 0 )
ret = mbedtls_snprintf( p, n, "???" );
else
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
/* The hash for RSASSA is determined by the algorithm parameters;
* in the OID list, the hash is set to MBEDTLS_MD_NONE. */
if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
tmp_md_alg = MBEDTLS_MD_NONE;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
sig_oid.tag = MBEDTLS_ASN1_OID;
ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, tmp_md_alg,
(const char**) &sig_oid.p,
&sig_oid.len );
if( ret == 0 &&
mbedtls_oid_get_sig_alg_desc( &sig_oid, &desc ) == 0 )
{
ret = mbedtls_snprintf( p, n, "%s", desc );
}
else
ret = mbedtls_snprintf( p, n, "???" );
MBEDTLS_X509_SAFE_SNPRINTF;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)

View file

@ -690,8 +690,8 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
crl->sig_opts );
ret = mbedtls_x509_sig_alg_gets( p, n, crl->sig_pk,
crl->sig_md, crl->sig_opts );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, "\n" );

View file

@ -1606,8 +1606,8 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
crt->sig_md, crt->sig_opts );
ret = mbedtls_x509_sig_alg_gets( p, n, sig_info.sig_pk,
sig_info.sig_md, sig_info.sig_opts );
MBEDTLS_X509_SAFE_SNPRINTF;
/* Key size */

View file

@ -357,8 +357,8 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
csr->sig_opts );
ret = mbedtls_x509_sig_alg_gets( p, n, csr->sig_pk,
csr->sig_md, csr->sig_opts );
MBEDTLS_X509_SAFE_SNPRINTF;
if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,