diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h index 5c4564a45..886a536fd 100644 --- a/include/polarssl/x509_crl.h +++ b/include/polarssl/x509_crl.h @@ -95,7 +95,6 @@ typedef struct _x509_crl pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ - x509_buf sig_params; /**< Parameters for the signature algorithm */ #endif struct _x509_crl *next; diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h index 86686316c..8877e694a 100644 --- a/include/polarssl/x509_crt.h +++ b/include/polarssl/x509_crt.h @@ -95,7 +95,6 @@ typedef struct _x509_crt pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ - x509_buf sig_params; /**< Parameters for the signature algorithm */ #endif struct _x509_crt *next; /**< Next certificate in the CA-chain. */ diff --git a/include/polarssl/x509_csr.h b/include/polarssl/x509_csr.h index 28ddedaae..531fa0912 100644 --- a/include/polarssl/x509_csr.h +++ b/include/polarssl/x509_csr.h @@ -69,7 +69,6 @@ typedef struct _x509_csr pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ - x509_buf sig_params; /**< Parameters for the signature algorithm */ #endif } x509_csr; diff --git a/library/x509_crl.c b/library/x509_crl.c index f532c0cbe..26d351ae3 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -256,14 +256,15 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) size_t len; unsigned char *p, *end; x509_crl *crl; - x509_buf sig_params; + x509_buf sig_params1, sig_params2; #if defined(POLARSSL_PEM_PARSE_C) size_t use_len; pem_context pem; #endif - memset( &sig_params, 0, sizeof( x509_buf ) ); + memset( &sig_params1, 0, sizeof( x509_buf ) ); + memset( &sig_params2, 0, sizeof( x509_buf ) ); crl = chain; @@ -383,7 +384,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) * signature AlgorithmIdentifier */ if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || - ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params ) ) != 0 ) + ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params1 ) ) != 0 ) { x509_crl_free( crl ); return( ret ); @@ -397,7 +398,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); } - if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params, + if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) { @@ -405,10 +406,6 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); } -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - memcpy( &crl->sig_params, &sig_params, sizeof( x509_buf ) ); -#endif - /* * issuer Name */ @@ -493,20 +490,16 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING */ - if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params ) ) != 0 ) + if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params2 ) ) != 0 ) { x509_crl_free( crl ); return( ret ); } if( crl->sig_oid1.len != crl->sig_oid2.len || - memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - || - crl->sig_params.len != sig_params.len || - memcmp( crl->sig_params.p, sig_params.p, sig_params.len ) != 0 -#endif - ) + memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 || + sig_params1.len != sig_params2.len || + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0) { x509_crl_free( crl ); return( POLARSSL_ERR_X509_SIG_MISMATCH ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 617b733af..6e01db827 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -534,9 +534,10 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, int ret; size_t len; unsigned char *p, *end, *crt_end; - x509_buf sig_params; + x509_buf sig_params1, sig_params2; - memset( &sig_params, 0, sizeof( x509_buf ) ); + memset( &sig_params1, 0, sizeof( x509_buf ) ); + memset( &sig_params2, 0, sizeof( x509_buf ) ); /* * Check for valid input @@ -601,7 +602,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 || ( ret = x509_get_alg( &p, end, &crt->sig_oid1, - &sig_params ) ) != 0 ) + &sig_params1 ) ) != 0 ) { x509_crt_free( crt ); return( ret ); @@ -615,7 +616,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, return( POLARSSL_ERR_X509_UNKNOWN_VERSION ); } - if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params, + if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) { @@ -623,10 +624,6 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, return( ret ); } -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) ); -#endif - /* * issuer Name */ @@ -747,20 +744,16 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING */ - if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params ) ) != 0 ) + if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params2 ) ) != 0 ) { x509_crt_free( crt ); return( ret ); } if( crt->sig_oid1.len != crt->sig_oid2.len || - memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - || - crt->sig_params.len != sig_params.len || - memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0 -#endif - ) + memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 || + sig_params1.len != sig_params2.len || + memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0) { x509_crt_free( crt ); return( POLARSSL_ERR_X509_SIG_MISMATCH ); diff --git a/library/x509_csr.c b/library/x509_csr.c index b71bc0b9d..81043469d 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -99,6 +99,8 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ) pem_context pem; #endif + memset( &sig_params, 0, sizeof( x509_buf ) ); + /* * Check for valid input */ @@ -262,10 +264,6 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ) return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); } -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - memcpy( &csr->sig_params, &sig_params, sizeof( x509_buf ) ); -#endif - if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 ) { x509_csr_free( csr );