Rm sig_params from various X509 structures

This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-05 17:02:24 +02:00
parent 9113603b6b
commit dddbb1d1eb
6 changed files with 20 additions and 39 deletions

View file

@ -95,7 +95,6 @@ typedef struct _x509_crl
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif #endif
struct _x509_crl *next; struct _x509_crl *next;

View file

@ -95,7 +95,6 @@ typedef struct _x509_crt
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif #endif
struct _x509_crt *next; /**< Next certificate in the CA-chain. */ struct _x509_crt *next; /**< Next certificate in the CA-chain. */

View file

@ -69,7 +69,6 @@ typedef struct _x509_csr
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif #endif
} }
x509_csr; x509_csr;

View file

@ -256,14 +256,15 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
size_t len; size_t len;
unsigned char *p, *end; unsigned char *p, *end;
x509_crl *crl; x509_crl *crl;
x509_buf sig_params; x509_buf sig_params1, sig_params2;
#if defined(POLARSSL_PEM_PARSE_C) #if defined(POLARSSL_PEM_PARSE_C)
size_t use_len; size_t use_len;
pem_context pem; pem_context pem;
#endif #endif
memset( &sig_params, 0, sizeof( x509_buf ) ); memset( &sig_params1, 0, sizeof( x509_buf ) );
memset( &sig_params2, 0, sizeof( x509_buf ) );
crl = chain; crl = chain;
@ -383,7 +384,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
* signature AlgorithmIdentifier * signature AlgorithmIdentifier
*/ */
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params ) ) != 0 ) ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params1 ) ) != 0 )
{ {
x509_crl_free( crl ); x509_crl_free( crl );
return( ret ); return( ret );
@ -397,7 +398,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
} }
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params, if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1,
&crl->sig_md, &crl->sig_pk, &crl->sig_md, &crl->sig_pk,
&crl->sig_opts ) ) != 0 ) &crl->sig_opts ) ) != 0 )
{ {
@ -405,10 +406,6 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
} }
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
memcpy( &crl->sig_params, &sig_params, sizeof( x509_buf ) );
#endif
/* /*
* issuer Name * issuer Name
*/ */
@ -493,20 +490,16 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
* signatureAlgorithm AlgorithmIdentifier, * signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING * signatureValue BIT STRING
*/ */
if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params ) ) != 0 ) if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params2 ) ) != 0 )
{ {
x509_crl_free( crl ); x509_crl_free( crl );
return( ret ); return( ret );
} }
if( crl->sig_oid1.len != crl->sig_oid2.len || if( crl->sig_oid1.len != crl->sig_oid2.len ||
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) sig_params1.len != sig_params2.len ||
|| memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0)
crl->sig_params.len != sig_params.len ||
memcmp( crl->sig_params.p, sig_params.p, sig_params.len ) != 0
#endif
)
{ {
x509_crl_free( crl ); x509_crl_free( crl );
return( POLARSSL_ERR_X509_SIG_MISMATCH ); return( POLARSSL_ERR_X509_SIG_MISMATCH );

View file

@ -534,9 +534,10 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
int ret; int ret;
size_t len; size_t len;
unsigned char *p, *end, *crt_end; unsigned char *p, *end, *crt_end;
x509_buf sig_params; x509_buf sig_params1, sig_params2;
memset( &sig_params, 0, sizeof( x509_buf ) ); memset( &sig_params1, 0, sizeof( x509_buf ) );
memset( &sig_params2, 0, sizeof( x509_buf ) );
/* /*
* Check for valid input * Check for valid input
@ -601,7 +602,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 || ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crt->sig_oid1, ( ret = x509_get_alg( &p, end, &crt->sig_oid1,
&sig_params ) ) != 0 ) &sig_params1 ) ) != 0 )
{ {
x509_crt_free( crt ); x509_crt_free( crt );
return( ret ); return( ret );
@ -615,7 +616,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
} }
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params, if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1,
&crt->sig_md, &crt->sig_pk, &crt->sig_md, &crt->sig_pk,
&crt->sig_opts ) ) != 0 ) &crt->sig_opts ) ) != 0 )
{ {
@ -623,10 +624,6 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
return( ret ); return( ret );
} }
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) );
#endif
/* /*
* issuer Name * issuer Name
*/ */
@ -747,20 +744,16 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
* signatureAlgorithm AlgorithmIdentifier, * signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING * signatureValue BIT STRING
*/ */
if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params ) ) != 0 ) if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params2 ) ) != 0 )
{ {
x509_crt_free( crt ); x509_crt_free( crt );
return( ret ); return( ret );
} }
if( crt->sig_oid1.len != crt->sig_oid2.len || if( crt->sig_oid1.len != crt->sig_oid2.len ||
memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) sig_params1.len != sig_params2.len ||
|| memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0)
crt->sig_params.len != sig_params.len ||
memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0
#endif
)
{ {
x509_crt_free( crt ); x509_crt_free( crt );
return( POLARSSL_ERR_X509_SIG_MISMATCH ); return( POLARSSL_ERR_X509_SIG_MISMATCH );

View file

@ -99,6 +99,8 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
pem_context pem; pem_context pem;
#endif #endif
memset( &sig_params, 0, sizeof( x509_buf ) );
/* /*
* Check for valid input * Check for valid input
*/ */
@ -262,10 +264,6 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
} }
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
memcpy( &csr->sig_params, &sig_params, sizeof( x509_buf ) );
#endif
if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 ) if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 )
{ {
x509_csr_free( csr ); x509_csr_free( csr );