Prepare for EC cert & crl validation

2024-11-22 23:35:49 +01:00 · 2013-08-09 12:30:45 +02:00 · 2013-08-09 12:30:45 +02:00 · b4d69c41f8
commit b4d69c41f8
parent 6009c3ae5e
1 changed files with 56 additions and 26 deletions
--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -3344,12 +3344,11 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,

        md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );

-        /* EC NOT IMPLEMENTED YET */
-        if( ca->pk.type != POLARSSL_PK_RSA )
-            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
-
-        if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC, crl_list->sig_md,
-                              0, hash, crl_list->sig.p ) == 0 )
+#if defined(POLARSSL_RSA_C)
+        if( ca->pk.type == POLARSSL_PK_RSA )
+        {
+            if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC,
+                        crl_list->sig_md, 0, hash, crl_list->sig.p ) == 0 )
            {
                /*
                 * CRL is not trusted
@ -3357,6 +3356,17 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
                flags |= BADCRL_NOT_TRUSTED;
                break;
            }
+        }
+        else
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+        if( ca->pk.type == POLARSSL_PK_ECKEY ) {
+            /* EC NOT IMPLEMENTED YET */
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+        }
+        else
+#endif /* POLARSSL_ECDSA_C */
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );

        /*
         * Check for validity of CRL (Do not drop out)
@ -3467,16 +3477,26 @@ static int x509parse_verify_top(

        md( md_info, child->tbs.p, child->tbs.len, hash );

-        /* EC NOT IMPLEMENTED YET */
-        if( trust_ca->pk.type != POLARSSL_PK_RSA )
-            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
-
-        if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC, child->sig_md,
-                    0, hash, child->sig.p ) != 0 )
+#if defined(POLARSSL_RSA_C)
+        if( trust_ca->pk.type == POLARSSL_PK_RSA )
+        {
+            if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC,
+                        child->sig_md, 0, hash, child->sig.p ) != 0 )
            {
                trust_ca = trust_ca->next;
                continue;
            }
+        }
+        else
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+        if( trust_ca->pk.type == POLARSSL_PK_ECKEY ) {
+            /* EC NOT IMPLEMENTED YET */
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+        }
+        else
+#endif /* POLARSSL_ECDSA_C */
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );

        /*
         * Top of chain is signed by a trusted CA
@ -3547,16 +3567,26 @@ static int x509parse_verify_child(
    {
        md( md_info, child->tbs.p, child->tbs.len, hash );

-        /* EC NOT IMPLEMENTED YET */
-        if( parent->pk.type != POLARSSL_PK_RSA )
-            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
-
-        if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC, child->sig_md,
-                              0, hash, child->sig.p ) != 0 )
+#if defined(POLARSSL_RSA_C)
+        if( parent->pk.type == POLARSSL_PK_RSA )
+        {
+            if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC,
+                        child->sig_md, 0, hash, child->sig.p ) != 0 )
            {
                *flags |= BADCERT_NOT_TRUSTED;
            }
        }
+        else
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+        if( parent->pk.type == POLARSSL_PK_ECKEY ) {
+            /* EC NOT IMPLEMENTED YET */
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+        }
+        else
+#endif /* POLARSSL_ECDSA_C */
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+    }

    /* Check trusted CA's CRL for the given crt */
    *flags |= x509parse_verifycrl(child, parent, ca_crl);