yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 20:11:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prepare for EC cert & crl validation

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-09 12:30:45 +02:00
parent 6009c3ae5e
commit b4d69c41f8
1 changed files with 56 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
library/x509parse.c
View file

@ -3344,19 +3344,29 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ); md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
/* EC NOT IMPLEMENTED YET */ #if defined(POLARSSL_RSA_C)
if( ca->pk.type != POLARSSL_PK_RSA ) if( ca->pk.type == POLARSSL_PK_RSA )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC, crl_list->sig_md,
0, hash, crl_list->sig.p ) == 0 )
{ {
/* if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC,
* CRL is not trusted crl_list->sig_md, 0, hash, crl_list->sig.p ) == 0 )
*/ {
flags |= BADCRL_NOT_TRUSTED; /*
break; * CRL is not trusted
*/
flags |= BADCRL_NOT_TRUSTED;
break;
}
} }
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( ca->pk.type == POLARSSL_PK_ECKEY ) {
/* EC NOT IMPLEMENTED YET */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/* /*
* Check for validity of CRL (Do not drop out) * Check for validity of CRL (Do not drop out)
@ -3467,16 +3477,26 @@ static int x509parse_verify_top(
md( md_info, child->tbs.p, child->tbs.len, hash ); md( md_info, child->tbs.p, child->tbs.len, hash );
/* EC NOT IMPLEMENTED YET */ #if defined(POLARSSL_RSA_C)
if( trust_ca->pk.type != POLARSSL_PK_RSA ) if( trust_ca->pk.type == POLARSSL_PK_RSA )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC, child->sig_md,
0, hash, child->sig.p ) != 0 )
{ {
trust_ca = trust_ca->next; if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC,
continue; child->sig_md, 0, hash, child->sig.p ) != 0 )
{
trust_ca = trust_ca->next;
continue;
}
} }
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( trust_ca->pk.type == POLARSSL_PK_ECKEY ) {
/* EC NOT IMPLEMENTED YET */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/* /*
* Top of chain is signed by a trusted CA * Top of chain is signed by a trusted CA
@ -3547,15 +3567,25 @@ static int x509parse_verify_child(
{ {
md( md_info, child->tbs.p, child->tbs.len, hash ); md( md_info, child->tbs.p, child->tbs.len, hash );
/* EC NOT IMPLEMENTED YET */ #if defined(POLARSSL_RSA_C)
if( parent->pk.type != POLARSSL_PK_RSA ) if( parent->pk.type == POLARSSL_PK_RSA )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC, child->sig_md,
0, hash, child->sig.p ) != 0 )
{ {
*flags |= BADCERT_NOT_TRUSTED; if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC,
child->sig_md, 0, hash, child->sig.p ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
} }
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( parent->pk.type == POLARSSL_PK_ECKEY ) {
/* EC NOT IMPLEMENTED YET */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
} }
/* Check trusted CA's CRL for the given crt */ /* Check trusted CA's CRL for the given crt */