mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 18:04:21 +01:00
Rationalize use of x509_get_alg variants
This commit is contained in:
parent
7a287c409e
commit
a155513e7b
@ -160,7 +160,7 @@ static int x509_get_serial( unsigned char **p,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get an algorithm identifier and its parameters
|
/* Get a PK algorithm identifier
|
||||||
*
|
*
|
||||||
* AlgorithmIdentifier ::= SEQUENCE {
|
* AlgorithmIdentifier ::= SEQUENCE {
|
||||||
* algorithm OBJECT IDENTIFIER,
|
* algorithm OBJECT IDENTIFIER,
|
||||||
@ -194,45 +194,21 @@ static int x509_get_pk_alg( unsigned char **p,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/* Get an algorithm identifier without parameters (eg for signatures)
|
||||||
|
*
|
||||||
* AlgorithmIdentifier ::= SEQUENCE {
|
* AlgorithmIdentifier ::= SEQUENCE {
|
||||||
* algorithm OBJECT IDENTIFIER,
|
* algorithm OBJECT IDENTIFIER,
|
||||||
* parameters ANY DEFINED BY algorithm OPTIONAL }
|
* parameters ANY DEFINED BY algorithm OPTIONAL }
|
||||||
*
|
|
||||||
* If params_end is NULL, then parameters must be absent or ANS.1 NULL
|
|
||||||
*/
|
*/
|
||||||
static int x509_get_alg( unsigned char **p,
|
static int x509_get_alg_null( unsigned char **p, const unsigned char *end,
|
||||||
const unsigned char *end,
|
x509_buf *alg )
|
||||||
x509_buf *alg, const unsigned char **params_end )
|
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
|
||||||
|
|
||||||
if( params_end == NULL ) {
|
|
||||||
if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
|
if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
|
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
|
||||||
|
|
||||||
/* TODO: use asn1_get_alg */
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
|
||||||
{
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
end = *p + len;
|
|
||||||
alg->tag = **p;
|
|
||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
|
|
||||||
|
|
||||||
alg->p = *p;
|
|
||||||
*p += alg->len;
|
|
||||||
|
|
||||||
*params_end = end;
|
|
||||||
return( 0 );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get an EC group id from an ECParameters buffer
|
/* Get an EC group id from an ECParameters buffer
|
||||||
@ -1363,7 +1339,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
*/
|
*/
|
||||||
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
|
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
|
||||||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
|
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
|
||||||
( ret = x509_get_alg( &p, end, &crt->sig_oid1, NULL ) ) != 0 )
|
( ret = x509_get_alg_null( &p, end, &crt->sig_oid1 ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_free( crt );
|
x509_free( crt );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -1500,7 +1476,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf,
|
|||||||
* signatureAlgorithm AlgorithmIdentifier,
|
* signatureAlgorithm AlgorithmIdentifier,
|
||||||
* signatureValue BIT STRING
|
* signatureValue BIT STRING
|
||||||
*/
|
*/
|
||||||
if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, NULL ) ) != 0 )
|
if( ( ret = x509_get_alg_null( &p, end, &crt->sig_oid2 ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_free( crt );
|
x509_free( crt );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -1823,7 +1799,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
* signature AlgorithmIdentifier
|
* signature AlgorithmIdentifier
|
||||||
*/
|
*/
|
||||||
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
|
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
|
||||||
( ret = x509_get_alg( &p, end, &crl->sig_oid1, NULL ) ) != 0 )
|
( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -1928,7 +1904,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||||||
* signatureAlgorithm AlgorithmIdentifier,
|
* signatureAlgorithm AlgorithmIdentifier,
|
||||||
* signatureValue BIT STRING
|
* signatureValue BIT STRING
|
||||||
*/
|
*/
|
||||||
if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, NULL ) ) != 0 )
|
if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 )
|
||||||
{
|
{
|
||||||
x509_crl_free( crl );
|
x509_crl_free( crl );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -2323,7 +2299,7 @@ static int x509parse_key_pkcs8_unencrypted_der(
|
|||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
x509_buf pk_alg_oid;
|
x509_buf alg_params;
|
||||||
pk_type_t pk_alg = POLARSSL_PK_NONE;
|
pk_type_t pk_alg = POLARSSL_PK_NONE;
|
||||||
|
|
||||||
p = (unsigned char *) key;
|
p = (unsigned char *) key;
|
||||||
@ -2359,17 +2335,12 @@ static int x509parse_key_pkcs8_unencrypted_der(
|
|||||||
if( rsa->ver != 0 )
|
if( rsa->ver != 0 )
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret );
|
||||||
|
|
||||||
if( ( ret = asn1_get_alg_null( &p, end, &pk_alg_oid ) ) != 0 )
|
if( ( ret = x509_get_pk_alg( &p, end, &pk_alg, &alg_params ) ) != 0 )
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* only RSA keys handled at this time
|
* We explicitly want RSA keys only
|
||||||
*/
|
*/
|
||||||
if( oid_get_pk_alg( &pk_alg_oid, &pk_alg ) != 0 )
|
|
||||||
{
|
|
||||||
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pk_alg != POLARSSL_PK_RSA )
|
if (pk_alg != POLARSSL_PK_RSA )
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG );
|
return( POLARSSL_ERR_X509_CERT_INVALID_ALG );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user