mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 19:55:45 +01:00
Add sig_opts member to X509 structures
This commit is contained in:
parent
20422e9a3a
commit
f75f2f7c46
@ -285,7 +285,8 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
|
||||
#endif
|
||||
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
|
||||
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
|
||||
md_type_t *md_alg, pk_type_t *pk_alg );
|
||||
md_type_t *md_alg, pk_type_t *pk_alg,
|
||||
void **sig_opts );
|
||||
int x509_get_time( unsigned char **p, const unsigned char *end,
|
||||
x509_time *time );
|
||||
int x509_get_serial( unsigned char **p, const unsigned char *end,
|
||||
|
@ -92,8 +92,9 @@ typedef struct _x509_crl
|
||||
x509_buf sig_oid2;
|
||||
x509_buf sig;
|
||||
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
|
||||
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
|
||||
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
|
||||
x509_buf sig_params; /**< Parameters for the signature algorithm */
|
||||
#endif
|
||||
|
||||
|
@ -92,8 +92,9 @@ typedef struct _x509_crt
|
||||
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
|
||||
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
|
||||
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
|
||||
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
|
||||
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
|
||||
x509_buf sig_params; /**< Parameters for the signature algorithm */
|
||||
#endif
|
||||
|
||||
|
@ -66,8 +66,9 @@ typedef struct _x509_csr
|
||||
x509_buf sig_oid;
|
||||
x509_buf sig;
|
||||
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
|
||||
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
|
||||
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
|
||||
x509_buf sig_params; /**< Parameters for the signature algorithm */
|
||||
#endif
|
||||
}
|
||||
|
@ -559,25 +559,37 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
|
||||
* Get signature algorithm from alg OID and optional parameters
|
||||
*/
|
||||
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
|
||||
md_type_t *md_alg, pk_type_t *pk_alg )
|
||||
md_type_t *md_alg, pk_type_t *pk_alg,
|
||||
void **sig_opts )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( *sig_opts != NULL )
|
||||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
|
||||
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
|
||||
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
|
||||
{
|
||||
int salt_len;
|
||||
md_type_t mgf_md;
|
||||
pk_rsassa_pss_options *pss_opts;
|
||||
|
||||
pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
|
||||
if( pss_opts == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
/* Make sure params are valid */
|
||||
ret = x509_get_rsassa_pss_params( sig_params,
|
||||
md_alg, &mgf_md, &salt_len );
|
||||
md_alg,
|
||||
&pss_opts->mgf1_hash_id,
|
||||
&pss_opts->expected_salt_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
polarssl_free( pss_opts );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
*sig_opts = (void *) pss_opts;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
@ -398,7 +398,8 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
}
|
||||
|
||||
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params,
|
||||
&crl->sig_md, &crl->sig_pk ) ) != 0 )
|
||||
&crl->sig_md, &crl->sig_pk,
|
||||
&crl->sig_opts ) ) != 0 )
|
||||
{
|
||||
x509_crl_free( crl );
|
||||
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
|
||||
@ -726,6 +727,10 @@ void x509_crl_free( x509_crl *crl )
|
||||
|
||||
do
|
||||
{
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
polarssl_free( crl_cur->sig_opts );
|
||||
#endif
|
||||
|
||||
name_cur = crl_cur->issuer.next;
|
||||
while( name_cur != NULL )
|
||||
{
|
||||
|
@ -616,7 +616,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
|
||||
}
|
||||
|
||||
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params,
|
||||
&crt->sig_md, &crt->sig_pk ) ) != 0 )
|
||||
&crt->sig_md, &crt->sig_pk,
|
||||
&crt->sig_opts ) ) != 0 )
|
||||
{
|
||||
x509_crt_free( crt );
|
||||
return( ret );
|
||||
@ -1961,6 +1962,10 @@ void x509_crt_free( x509_crt *crt )
|
||||
{
|
||||
pk_free( &cert_cur->pk );
|
||||
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
polarssl_free( cert_cur->sig_opts );
|
||||
#endif
|
||||
|
||||
name_cur = cert_cur->issuer.next;
|
||||
while( name_cur != NULL )
|
||||
{
|
||||
|
@ -255,7 +255,8 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
|
||||
}
|
||||
|
||||
if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params,
|
||||
&csr->sig_md, &csr->sig_pk ) ) != 0 )
|
||||
&csr->sig_md, &csr->sig_pk,
|
||||
&csr->sig_opts ) ) != 0 )
|
||||
{
|
||||
x509_csr_free( csr );
|
||||
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
|
||||
@ -425,6 +426,10 @@ void x509_csr_free( x509_csr *csr )
|
||||
|
||||
pk_free( &csr->pk );
|
||||
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
polarssl_free( csr->sig_opts );
|
||||
#endif
|
||||
|
||||
name_cur = csr->subject.next;
|
||||
while( name_cur != NULL )
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user