yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 14:21:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add sig_opts member to X509 structures

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-05 15:14:28 +02:00
parent 20422e9a3a
commit f75f2f7c46
8 changed files with 43 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/polarssl/x509.h
View file

@ -285,7 +285,8 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
#endif #endif
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ); int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg ); md_type_t *md_alg, pk_type_t *pk_alg,
void **sig_opts );
int x509_get_time( unsigned char **p, const unsigned char *end, int x509_get_time( unsigned char **p, const unsigned char *end,
x509_time *time ); x509_time *time );
int x509_get_serial( unsigned char **p, const unsigned char *end, int x509_get_serial( unsigned char **p, const unsigned char *end,

3
include/polarssl/x509_crl.h
View file

@ -92,8 +92,9 @@ typedef struct _x509_crl
x509_buf sig_oid2; x509_buf sig_oid2;
x509_buf sig; x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */; pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */ x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif #endif

3
include/polarssl/x509_crt.h
View file

@ -92,8 +92,9 @@ typedef struct _x509_crt
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */ x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */; pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */ x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif #endif

3
include/polarssl/x509_csr.h
View file

@ -66,8 +66,9 @@ typedef struct _x509_csr
x509_buf sig_oid; x509_buf sig_oid;
x509_buf sig; x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */; pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */ x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif #endif
} }

22
library/x509.c
View file

@ -559,25 +559,37 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
* Get signature algorithm from alg OID and optional parameters * Get signature algorithm from alg OID and optional parameters
*/ */
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg ) md_type_t *md_alg, pk_type_t *pk_alg,
void **sig_opts )
{ {
int ret; int ret;
if( *sig_opts != NULL )
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
if( *pk_alg == POLARSSL_PK_RSASSA_PSS ) if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
{ {
int salt_len; pk_rsassa_pss_options *pss_opts;
md_type_t mgf_md;
pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
if( pss_opts == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
/* Make sure params are valid */
ret = x509_get_rsassa_pss_params( sig_params, ret = x509_get_rsassa_pss_params( sig_params,
md_alg, &mgf_md, &salt_len ); md_alg,
&pss_opts->mgf1_hash_id,
&pss_opts->expected_salt_len );
if( ret != 0 ) if( ret != 0 )
{
polarssl_free( pss_opts );
return( ret ); return( ret );
}
*sig_opts = (void *) pss_opts;
} }
else else
#endif #endif

7
library/x509_crl.c
View file

@ -398,7 +398,8 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
} }
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params, if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params,
&crl->sig_md, &crl->sig_pk ) ) != 0 ) &crl->sig_md, &crl->sig_pk,
&crl->sig_opts ) ) != 0 )
{ {
x509_crl_free( crl ); x509_crl_free( crl );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
@ -726,6 +727,10 @@ void x509_crl_free( x509_crl *crl )
do do
{ {
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
polarssl_free( crl_cur->sig_opts );
#endif
name_cur = crl_cur->issuer.next; name_cur = crl_cur->issuer.next;
while( name_cur != NULL ) while( name_cur != NULL )
{ {

7
library/x509_crt.c
View file

@ -616,7 +616,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
} }
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params, if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params,
&crt->sig_md, &crt->sig_pk ) ) != 0 ) &crt->sig_md, &crt->sig_pk,
&crt->sig_opts ) ) != 0 )
{ {
x509_crt_free( crt ); x509_crt_free( crt );
return( ret ); return( ret );
@ -1961,6 +1962,10 @@ void x509_crt_free( x509_crt *crt )
{ {
pk_free( &cert_cur->pk ); pk_free( &cert_cur->pk );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
polarssl_free( cert_cur->sig_opts );
#endif
name_cur = cert_cur->issuer.next; name_cur = cert_cur->issuer.next;
while( name_cur != NULL ) while( name_cur != NULL )
{ {

7
library/x509_csr.c
View file

@ -255,7 +255,8 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
} }
if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params, if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params,
&csr->sig_md, &csr->sig_pk ) ) != 0 ) &csr->sig_md, &csr->sig_pk,
&csr->sig_opts ) ) != 0 )
{ {
x509_csr_free( csr ); x509_csr_free( csr );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
@ -425,6 +426,10 @@ void x509_csr_free( x509_csr *csr )
pk_free( &csr->pk ); pk_free( &csr->pk );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
polarssl_free( csr->sig_opts );
#endif
name_cur = csr->subject.next; name_cur = csr->subject.next;
while( name_cur != NULL ) while( name_cur != NULL )
{ {