mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 09:05:39 +01:00
Fix direct uses of x509_cert.rsa, now use pk_rsa()
This commit is contained in:
parent
893879adbd
commit
ff56da3a26
@ -1072,8 +1072,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
if( (unsigned int)( end - p ) !=
|
if( (unsigned int)( end - p ) !=
|
||||||
ssl->session_negotiate->peer_cert->rsa.len )
|
pk_rsa( ssl->session_negotiate->peer_cert->pk )->len )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
@ -1139,9 +1143,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
|
SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
|
||||||
|
|
||||||
if( ( ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa,
|
if( ( ret = rsa_pkcs1_verify(
|
||||||
RSA_PUBLIC,
|
pk_rsa( ssl->session_negotiate->peer_cert->pk ),
|
||||||
md_alg, hashlen, hash, p ) ) != 0 )
|
RSA_PUBLIC, md_alg, hashlen, hash, p ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -1516,8 +1520,12 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
i = 4;
|
i = 4;
|
||||||
n = ssl->session_negotiate->peer_cert->rsa.len;
|
n = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
|
||||||
|
|
||||||
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
||||||
{
|
{
|
||||||
@ -1526,11 +1534,10 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||||||
ssl->out_msg[5] = (unsigned char)( n );
|
ssl->out_msg[5] = (unsigned char)( n );
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = rsa_pkcs1_encrypt( &ssl->session_negotiate->peer_cert->rsa,
|
ret = rsa_pkcs1_encrypt(
|
||||||
ssl->f_rng, ssl->p_rng,
|
pk_rsa( ssl->session_negotiate->peer_cert->pk ),
|
||||||
RSA_PUBLIC,
|
ssl->f_rng, ssl->p_rng, RSA_PUBLIC,
|
||||||
ssl->handshake->pmslen,
|
ssl->handshake->pmslen, ssl->handshake->premaster,
|
||||||
ssl->handshake->premaster,
|
|
||||||
ssl->out_msg + i );
|
ssl->out_msg + i );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
|
@ -1968,7 +1968,11 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
|||||||
md_alg = POLARSSL_MD_NONE;
|
md_alg = POLARSSL_MD_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
n1 = ssl->session_negotiate->peer_cert->rsa.len;
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
n1 = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
|
||||||
n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
|
n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
|
||||||
|
|
||||||
if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )
|
if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )
|
||||||
@ -1977,8 +1981,9 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
|
|||||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa, RSA_PUBLIC,
|
ret = rsa_pkcs1_verify( pk_rsa( ssl->session_negotiate->peer_cert->pk ),
|
||||||
md_alg, hashlen, hash, ssl->in_msg + 6 + n );
|
RSA_PUBLIC, md_alg, hashlen, hash,
|
||||||
|
ssl->in_msg + 6 + n );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
|
||||||
|
@ -3625,7 +3625,11 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
|||||||
|
|
||||||
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
|
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
|
||||||
|
|
||||||
if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, crl_list->sig_md,
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( ca->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC, crl_list->sig_md,
|
||||||
0, hash, crl_list->sig.p ) == 0 )
|
0, hash, crl_list->sig.p ) == 0 )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
@ -3743,7 +3747,11 @@ static int x509parse_verify_top(
|
|||||||
|
|
||||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||||
|
|
||||||
if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, child->sig_md,
|
/* EC NOT IMPLEMENTED YET */
|
||||||
|
if( trust_ca->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC, child->sig_md,
|
||||||
0, hash, child->sig.p ) != 0 )
|
0, hash, child->sig.p ) != 0 )
|
||||||
{
|
{
|
||||||
trust_ca = trust_ca->next;
|
trust_ca = trust_ca->next;
|
||||||
@ -3819,10 +3827,16 @@ static int x509parse_verify_child(
|
|||||||
{
|
{
|
||||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||||
|
|
||||||
if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, child->sig_md, 0, hash,
|
/* EC NOT IMPLEMENTED YET */
|
||||||
child->sig.p ) != 0 )
|
if( parent->pk.type != POLARSSL_PK_RSA )
|
||||||
|
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||||
|
|
||||||
|
if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC, child->sig_md,
|
||||||
|
0, hash, child->sig.p ) != 0 )
|
||||||
|
{
|
||||||
*flags |= BADCERT_NOT_TRUSTED;
|
*flags |= BADCERT_NOT_TRUSTED;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Check trusted CA's CRL for the given crt */
|
/* Check trusted CA's CRL for the given crt */
|
||||||
*flags |= x509parse_verifycrl(child, parent, ca_crl);
|
*flags |= x509parse_verifycrl(child, parent, ca_crl);
|
||||||
|
Loading…
Reference in New Issue
Block a user