mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 15:05:41 +00:00
Check sig_pk for signature verification
This commit is contained in:
parent
b4e9ca9650
commit
f84b4d6498
|
@ -3305,7 +3305,6 @@ int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
|
||||||
static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
||||||
x509_crl *crl_list)
|
x509_crl *crl_list)
|
||||||
{
|
{
|
||||||
int ret;
|
|
||||||
int flags = 0;
|
int flags = 0;
|
||||||
unsigned char hash[POLARSSL_MD_MAX_SIZE];
|
unsigned char hash[POLARSSL_MD_MAX_SIZE];
|
||||||
const md_info_t *md_info;
|
const md_info_t *md_info;
|
||||||
|
@ -3346,14 +3345,12 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
||||||
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
|
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
if( ca->pk.type == POLARSSL_PK_RSA )
|
if( crl_list->sig_pk == POLARSSL_PK_RSA )
|
||||||
{
|
{
|
||||||
if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC,
|
if( ca->pk.type != POLARSSL_PK_RSA ||
|
||||||
crl_list->sig_md, 0, hash, crl_list->sig.p ) == 0 )
|
rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC,
|
||||||
|
crl_list->sig_md, 0, hash, crl_list->sig.p ) != 0 )
|
||||||
{
|
{
|
||||||
/*
|
|
||||||
* CRL is not trusted
|
|
||||||
*/
|
|
||||||
flags |= BADCRL_NOT_TRUSTED;
|
flags |= BADCRL_NOT_TRUSTED;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -3361,17 +3358,14 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_RSA_C */
|
#endif /* POLARSSL_RSA_C */
|
||||||
#if defined(POLARSSL_ECDSA_C)
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
if( pk_can_ecdsa( ca->pk ) ) {
|
if( crl_list->sig_pk == POLARSSL_PK_ECDSA )
|
||||||
if( ( ret = pk_ec_to_ecdsa( &ca->pk ) ) != 0 )
|
{
|
||||||
return( ret );
|
if( ! pk_can_ecdsa( ca->pk ) ||
|
||||||
|
pk_ec_to_ecdsa( &ca->pk ) != 0 ||
|
||||||
if( ecdsa_read_signature( (ecdsa_context *) ca->pk.data,
|
ecdsa_read_signature( (ecdsa_context *) ca->pk.data,
|
||||||
hash, md_info->size,
|
hash, md_info->size,
|
||||||
crl_list->sig.p, crl_list->sig.len ) != 0 )
|
crl_list->sig.p, crl_list->sig.len ) != 0 )
|
||||||
{
|
{
|
||||||
/*
|
|
||||||
* CRL is not trusted
|
|
||||||
*/
|
|
||||||
flags |= BADCRL_NOT_TRUSTED;
|
flags |= BADCRL_NOT_TRUSTED;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -3490,9 +3484,10 @@ static int x509parse_verify_top(
|
||||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
if( trust_ca->pk.type == POLARSSL_PK_RSA )
|
if( child->sig_pk == POLARSSL_PK_RSA )
|
||||||
{
|
{
|
||||||
if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC,
|
if( trust_ca->pk.type != POLARSSL_PK_RSA ||
|
||||||
|
rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC,
|
||||||
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
||||||
{
|
{
|
||||||
trust_ca = trust_ca->next;
|
trust_ca = trust_ca->next;
|
||||||
|
@ -3502,11 +3497,11 @@ static int x509parse_verify_top(
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_RSA_C */
|
#endif /* POLARSSL_RSA_C */
|
||||||
#if defined(POLARSSL_ECDSA_C)
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
if( pk_can_ecdsa( trust_ca->pk ) ) {
|
if( child->sig_pk == POLARSSL_PK_ECDSA )
|
||||||
if( ( ret = pk_ec_to_ecdsa( &trust_ca->pk ) ) != 0 )
|
{
|
||||||
return( ret );
|
if( ! pk_can_ecdsa( trust_ca->pk ) ||
|
||||||
|
pk_ec_to_ecdsa( &trust_ca->pk ) != 0 ||
|
||||||
if( ecdsa_read_signature( (ecdsa_context *) trust_ca->pk.data,
|
ecdsa_read_signature( (ecdsa_context *) trust_ca->pk.data,
|
||||||
hash, md_info->size,
|
hash, md_info->size,
|
||||||
child->sig.p, child->sig.len ) != 0 )
|
child->sig.p, child->sig.len ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -3588,9 +3583,10 @@ static int x509parse_verify_child(
|
||||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
if( parent->pk.type == POLARSSL_PK_RSA )
|
if( child->sig_pk == POLARSSL_PK_RSA )
|
||||||
{
|
{
|
||||||
if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC,
|
if( parent->pk.type != POLARSSL_PK_RSA ||
|
||||||
|
rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC,
|
||||||
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
||||||
{
|
{
|
||||||
*flags |= BADCERT_NOT_TRUSTED;
|
*flags |= BADCERT_NOT_TRUSTED;
|
||||||
|
@ -3599,11 +3595,11 @@ static int x509parse_verify_child(
|
||||||
else
|
else
|
||||||
#endif /* POLARSSL_RSA_C */
|
#endif /* POLARSSL_RSA_C */
|
||||||
#if defined(POLARSSL_ECDSA_C)
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
if( pk_can_ecdsa( parent->pk ) ) {
|
if( child->sig_pk == POLARSSL_PK_ECDSA )
|
||||||
if( ( ret = pk_ec_to_ecdsa( &parent->pk ) ) != 0 )
|
{
|
||||||
return( ret );
|
if( ! pk_can_ecdsa( parent->pk ) ||
|
||||||
|
pk_ec_to_ecdsa( &parent->pk ) != 0 ||
|
||||||
if( ecdsa_read_signature( (ecdsa_context *) parent->pk.data,
|
ecdsa_read_signature( (ecdsa_context *) parent->pk.data,
|
||||||
hash, md_info->size,
|
hash, md_info->size,
|
||||||
child->sig.p, child->sig.len ) != 0 )
|
child->sig.p, child->sig.len ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue