yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 09:45:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement EC cert and crl verification

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-09 15:12:46 +02:00
parent 211a64c79f
commit 96d5912088
1 changed files with 36 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
library/x509parse.c
View File

@ -3305,6 +3305,7 @@ int x509parse_revoked( const x509_cert *crt, const x509_crl *crl )
static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca, static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
x509_crl *crl_list) x509_crl *crl_list)
{ {
int ret;
int flags = 0; int flags = 0;
unsigned char hash[POLARSSL_MD_MAX_SIZE]; unsigned char hash[POLARSSL_MD_MAX_SIZE];
const md_info_t *md_info; const md_info_t *md_info;
@ -3360,9 +3361,20 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
else else
#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
if( ca->pk.type == POLARSSL_PK_ECKEY ) { if( pk_can_ecdsa( ca->pk ) ) {
/* EC NOT IMPLEMENTED YET */ if( ( ret = pk_ec_to_ecdsa( &ca->pk ) ) != 0 )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); return( ret );
if( ecdsa_read_signature( (ecdsa_context *) ca->pk.data,
hash, md_info->size,
crl_list->sig.p, crl_list->sig.len ) != 0 )
{
/*
* CRL is not trusted
*/
flags |= BADCRL_NOT_TRUSTED;
break;
}
} }
else else
#endif /* POLARSSL_ECDSA_C */ #endif /* POLARSSL_ECDSA_C */
@ -3490,9 +3502,17 @@ static int x509parse_verify_top(
else else
#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
if( trust_ca->pk.type == POLARSSL_PK_ECKEY ) { if( pk_can_ecdsa( trust_ca->pk ) ) {
/* EC NOT IMPLEMENTED YET */ if( ( ret = pk_ec_to_ecdsa( &trust_ca->pk ) ) != 0 )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); return( ret );
if( ecdsa_read_signature( (ecdsa_context *) trust_ca->pk.data,
hash, md_info->size,
child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
}
} }
else else
#endif /* POLARSSL_ECDSA_C */ #endif /* POLARSSL_ECDSA_C */
@ -3579,9 +3599,16 @@ static int x509parse_verify_child(
else else
#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
if( parent->pk.type == POLARSSL_PK_ECKEY ) { if( pk_can_ecdsa( parent->pk ) ) {
/* EC NOT IMPLEMENTED YET */ if( ( ret = pk_ec_to_ecdsa( &parent->pk ) ) != 0 )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); return( ret );
if( ecdsa_read_signature( (ecdsa_context *) parent->pk.data,
hash, md_info->size,
child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
} }
else else
#endif /* POLARSSL_ECDSA_C */ #endif /* POLARSSL_ECDSA_C */