diff --git a/ChangeLog b/ChangeLog index 96b93cc86..788eb1ddf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ PolarSSL ChangeLog (Sorted per branch, date) +TODO: bump SOVERSION +(internal-but-not-static function x509_get_sig_alg() changed prototype) + = PolarSSL 1.3 branch Features * Support for the Koblitz curves: secp192k1, secp224k1, secp256k1 diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 0ffaca145..22ba1563e 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -262,8 +262,8 @@ int x509_get_rsassa_pss_params( const x509_buf *params, int *salt_len, int *trailer_field ); #endif int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ); -int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg, - pk_type_t *pk_alg ); +int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, + md_type_t *md_alg, pk_type_t *pk_alg ); int x509_get_time( unsigned char **p, const unsigned char *end, x509_time *time ); int x509_get_serial( unsigned char **p, const unsigned char *end, diff --git a/library/x509.c b/library/x509.c index 1a5f98a1b..dbc2e0276 100644 --- a/library/x509.c +++ b/library/x509.c @@ -542,14 +542,39 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ) return( 0 ); } -int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg, - pk_type_t *pk_alg ) +/* + * Get signature algorithm from alg OID and optional parameters + */ +int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, + md_type_t *md_alg, pk_type_t *pk_alg ) { - int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ); + int ret; - if( ret != 0 ) + if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret ); +#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) + if( *pk_alg == POLARSSL_PK_RSASSA_PSS ) + { + int salt_len, trailer_field; + md_type_t mgf_md; + + /* Make sure params are valid */ + ret = x509_get_rsassa_pss_params( sig_params, + md_alg, &mgf_md, &salt_len, &trailer_field ); + if( ret != 0 ) + return( ret ); + + } + else +#endif + { + /* Make sure parameters are absent or NULL */ + if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) || + sig_params->len != 0 ) + return( POLARSSL_ERR_X509_INVALID_ALG ); + } + return( 0 ); } diff --git a/library/x509_crl.c b/library/x509_crl.c index c8c51fbcb..6cb3f5f72 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -391,35 +391,16 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); } - if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md, - &crl->sig_pk ) ) != 0 ) + if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params, + &crl->sig_md, &crl->sig_pk ) ) != 0 ) { x509_crl_free( crl ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); } #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - if( crl->sig_pk == POLARSSL_PK_RSASSA_PSS ) - { - int salt_len, trailer_field; - md_type_t mgf_md; - - /* Make sure params are valid */ - ret = x509_get_rsassa_pss_params( &sig_params, - &crl->sig_md, &mgf_md, &salt_len, &trailer_field ); - if( ret != 0 ) - return( ret ); - - memcpy( &crl->sig_params, &sig_params, sizeof( x509_buf ) ); - } - else + memcpy( &crl->sig_params, &sig_params, sizeof( x509_buf ) ); #endif - { - /* Make sure parameters are absent or NULL */ - if( ( sig_params.tag != ASN1_NULL && sig_params.tag != 0 ) || - sig_params.len != 0 ) - return( POLARSSL_ERR_X509_INVALID_ALG ); - } /* * issuer Name diff --git a/library/x509_crt.c b/library/x509_crt.c index dc71c1405..d222944bf 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -610,35 +610,16 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); } - if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_md, - &crt->sig_pk ) ) != 0 ) + if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params, + &crt->sig_md, &crt->sig_pk ) ) != 0 ) { x509_crt_free( crt ); return( ret ); } #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS ) - { - int salt_len, trailer_field; - md_type_t mgf_md; - - /* Make sure params are valid */ - ret = x509_get_rsassa_pss_params( &sig_params, - &crt->sig_md, &mgf_md, &salt_len, &trailer_field ); - if( ret != 0 ) - return( ret ); - - memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) ); - } - else + memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) ); #endif - { - /* Make sure parameters are absent or NULL */ - if( ( sig_params.tag != ASN1_NULL && sig_params.tag != 0 ) || - sig_params.len != 0 ) - return( POLARSSL_ERR_X509_INVALID_ALG ); - } /* * issuer Name diff --git a/library/x509_csr.c b/library/x509_csr.c index bb0441d13..acb16af76 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -250,35 +250,16 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ) return( ret ); } - if( ( ret = x509_get_sig_alg( &csr->sig_oid, &csr->sig_md, - &csr->sig_pk ) ) != 0 ) + if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params, + &csr->sig_md, &csr->sig_pk ) ) != 0 ) { x509_csr_free( csr ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); } #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - if( csr->sig_pk == POLARSSL_PK_RSASSA_PSS ) - { - int salt_len, trailer_field; - md_type_t mgf_md; - - /* Make sure params are valid */ - ret = x509_get_rsassa_pss_params( &sig_params, - &csr->sig_md, &mgf_md, &salt_len, &trailer_field ); - if( ret != 0 ) - return( ret ); - - memcpy( &csr->sig_params, &sig_params, sizeof( x509_buf ) ); - } - else + memcpy( &csr->sig_params, &sig_params, sizeof( x509_buf ) ); #endif - { - /* Make sure parameters are absent or NULL */ - if( ( sig_params.tag != ASN1_NULL && sig_params.tag != 0 ) || - sig_params.len != 0 ) - return( POLARSSL_ERR_X509_INVALID_ALG ); - } if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 ) {