yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-23 02:55:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make use of CRT acquire/release for X.509 CRT signature checking

Browse source
This commit is contained in:
Hanno Becker 2019-02-25 14:45:31 +00:00
parent 5299cf87d4
commit e449e2d846
1 changed files with 31 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
library/x509_crt.c
View file

@ -2175,29 +2175,45 @@ static int x509_crt_check_signature( const mbedtls_x509_crt_sig_info *sig_info,
mbedtls_x509_crt *parent,
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
/* Skip expensive computation on obvious mismatch */
if( ! mbedtls_pk_can_do( &parent->pk, sig_info->sig_pk ) )
return( -1 );
int ret;
mbedtls_pk_context *pk;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA )
ret = x509_crt_pk_acquire( parent, &pk );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
/* Skip expensive computation on obvious mismatch */
if( ! mbedtls_pk_can_do( pk, sig_info->sig_pk ) )
{
return( mbedtls_pk_verify_restartable( &parent->pk,
ret = -1;
goto exit;
}
#if !( defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) )
((void) rs_ctx);
#else
if( rs_ctx != NULL && sig_info->sig_pk == MBEDTLS_PK_ECDSA )
{
ret = mbedtls_pk_verify_restartable( pk,
sig_info->sig_md,
sig_info->crt_hash, sig_info->crt_hash_len,
sig_info->sig.p, sig_info->sig.len,
&rs_ctx->pk ) );
&rs_ctx->pk );
}
#else
(void) rs_ctx;
else
#endif
{
ret = mbedtls_pk_verify_ext( sig_info->sig_pk,
sig_info->sig_opts,
pk,
sig_info->sig_md,
sig_info->crt_hash, sig_info->crt_hash_len,
sig_info->sig.p, sig_info->sig.len );
}
return( mbedtls_pk_verify_ext( sig_info->sig_pk,
sig_info->sig_opts,
&parent->pk,
sig_info->sig_md,
sig_info->crt_hash, sig_info->crt_hash_len,
sig_info->sig.p, sig_info->sig.len ) );
exit:
x509_crt_pk_release( parent, pk );
return( ret );
}
/*