From f75f2f7c46fcc63cc9de9ed03a247a40875c58ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 5 Jun 2014 15:14:28 +0200 Subject: [PATCH] Add sig_opts member to X509 structures --- include/polarssl/x509.h | 3 ++- include/polarssl/x509_crl.h | 3 ++- include/polarssl/x509_crt.h | 3 ++- include/polarssl/x509_csr.h | 3 ++- library/x509.c | 22 +++++++++++++++++----- library/x509_crl.c | 7 ++++++- library/x509_crt.c | 7 ++++++- library/x509_csr.c | 7 ++++++- 8 files changed, 43 insertions(+), 12 deletions(-) diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index e11bd90e1..452ea31f6 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -285,7 +285,8 @@ int x509_get_rsassa_pss_params( const x509_buf *params, #endif int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ); int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, - md_type_t *md_alg, pk_type_t *pk_alg ); + md_type_t *md_alg, pk_type_t *pk_alg, + void **sig_opts ); int x509_get_time( unsigned char **p, const unsigned char *end, x509_time *time ); int x509_get_serial( unsigned char **p, const unsigned char *end, diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h index 81d4734a4..5c4564a45 100644 --- a/include/polarssl/x509_crl.h +++ b/include/polarssl/x509_crl.h @@ -92,8 +92,9 @@ typedef struct _x509_crl x509_buf sig_oid2; x509_buf sig; md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ - pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */; + pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) + void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ x509_buf sig_params; /**< Parameters for the signature algorithm */ #endif diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h index 09cc9829b..86686316c 100644 --- a/include/polarssl/x509_crt.h +++ b/include/polarssl/x509_crt.h @@ -92,8 +92,9 @@ typedef struct _x509_crt x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */ x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ - pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */; + pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) + void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ x509_buf sig_params; /**< Parameters for the signature algorithm */ #endif diff --git a/include/polarssl/x509_csr.h b/include/polarssl/x509_csr.h index af3f226c8..28ddedaae 100644 --- a/include/polarssl/x509_csr.h +++ b/include/polarssl/x509_csr.h @@ -66,8 +66,9 @@ typedef struct _x509_csr x509_buf sig_oid; x509_buf sig; md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ - pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */; + pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) + void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ x509_buf sig_params; /**< Parameters for the signature algorithm */ #endif } diff --git a/library/x509.c b/library/x509.c index 8e53eb798..ffa798052 100644 --- a/library/x509.c +++ b/library/x509.c @@ -559,25 +559,37 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ) * Get signature algorithm from alg OID and optional parameters */ int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, - md_type_t *md_alg, pk_type_t *pk_alg ) + md_type_t *md_alg, pk_type_t *pk_alg, + void **sig_opts ) { int ret; + if( *sig_opts != NULL ) + return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); + if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret ); #if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) if( *pk_alg == POLARSSL_PK_RSASSA_PSS ) { - int salt_len; - md_type_t mgf_md; + pk_rsassa_pss_options *pss_opts; + + pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) ); + if( pss_opts == NULL ) + return( POLARSSL_ERR_X509_MALLOC_FAILED ); - /* Make sure params are valid */ ret = x509_get_rsassa_pss_params( sig_params, - md_alg, &mgf_md, &salt_len ); + md_alg, + &pss_opts->mgf1_hash_id, + &pss_opts->expected_salt_len ); if( ret != 0 ) + { + polarssl_free( pss_opts ); return( ret ); + } + *sig_opts = (void *) pss_opts; } else #endif diff --git a/library/x509_crl.c b/library/x509_crl.c index 986fc26d4..2d6b50d1d 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -398,7 +398,8 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen ) } if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params, - &crl->sig_md, &crl->sig_pk ) ) != 0 ) + &crl->sig_md, &crl->sig_pk, + &crl->sig_opts ) ) != 0 ) { x509_crl_free( crl ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); @@ -726,6 +727,10 @@ void x509_crl_free( x509_crl *crl ) do { +#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) + polarssl_free( crl_cur->sig_opts ); +#endif + name_cur = crl_cur->issuer.next; while( name_cur != NULL ) { diff --git a/library/x509_crt.c b/library/x509_crt.c index fbc3989c7..7e5de1d67 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -616,7 +616,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf, } if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params, - &crt->sig_md, &crt->sig_pk ) ) != 0 ) + &crt->sig_md, &crt->sig_pk, + &crt->sig_opts ) ) != 0 ) { x509_crt_free( crt ); return( ret ); @@ -1961,6 +1962,10 @@ void x509_crt_free( x509_crt *crt ) { pk_free( &cert_cur->pk ); +#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) + polarssl_free( cert_cur->sig_opts ); +#endif + name_cur = cert_cur->issuer.next; while( name_cur != NULL ) { diff --git a/library/x509_csr.c b/library/x509_csr.c index 082e46191..4dd623a6a 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -255,7 +255,8 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ) } if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params, - &csr->sig_md, &csr->sig_pk ) ) != 0 ) + &csr->sig_md, &csr->sig_pk, + &csr->sig_opts ) ) != 0 ) { x509_csr_free( csr ); return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG ); @@ -425,6 +426,10 @@ void x509_csr_free( x509_csr *csr ) pk_free( &csr->pk ); +#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) + polarssl_free( csr->sig_opts ); +#endif + name_cur = csr->subject.next; while( name_cur != NULL ) {