Commit f75f2f7c authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Add sig_opts member to X509 structures

parent 20422e9a
......@@ -285,7 +285,8 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
#endif
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg );
md_type_t *md_alg, pk_type_t *pk_alg,
void **sig_opts );
int x509_get_time( unsigned char **p, const unsigned char *end,
x509_time *time );
int x509_get_serial( unsigned char **p, const unsigned char *end,
......
......@@ -92,8 +92,9 @@ typedef struct _x509_crl
x509_buf sig_oid2;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif
......
......@@ -92,8 +92,9 @@ typedef struct _x509_crt
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif
......
......@@ -66,8 +66,9 @@ typedef struct _x509_csr
x509_buf sig_oid;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif
}
......
......@@ -559,25 +559,37 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
* Get signature algorithm from alg OID and optional parameters
*/
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg )
md_type_t *md_alg, pk_type_t *pk_alg,
void **sig_opts )
{
int ret;
if( *sig_opts != NULL )
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
{
int salt_len;
md_type_t mgf_md;
pk_rsassa_pss_options *pss_opts;
pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
if( pss_opts == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
/* Make sure params are valid */
ret = x509_get_rsassa_pss_params( sig_params,
md_alg, &mgf_md, &salt_len );
md_alg,
&pss_opts->mgf1_hash_id,
&pss_opts->expected_salt_len );
if( ret != 0 )
{
polarssl_free( pss_opts );
return( ret );
}
*sig_opts = (void *) pss_opts;
}
else
#endif
......
......@@ -398,7 +398,8 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
}
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params,
&crl->sig_md, &crl->sig_pk ) ) != 0 )
&crl->sig_md, &crl->sig_pk,
&crl->sig_opts ) ) != 0 )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
......@@ -726,6 +727,10 @@ void x509_crl_free( x509_crl *crl )
do
{
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
polarssl_free( crl_cur->sig_opts );
#endif
name_cur = crl_cur->issuer.next;
while( name_cur != NULL )
{
......
......@@ -616,7 +616,8 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
}
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params,
&crt->sig_md, &crt->sig_pk ) ) != 0 )
&crt->sig_md, &crt->sig_pk,
&crt->sig_opts ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
......@@ -1961,6 +1962,10 @@ void x509_crt_free( x509_crt *crt )
{
pk_free( &cert_cur->pk );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
polarssl_free( cert_cur->sig_opts );
#endif
name_cur = cert_cur->issuer.next;
while( name_cur != NULL )
{
......
......@@ -255,7 +255,8 @@ int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
}
if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params,
&csr->sig_md, &csr->sig_pk ) ) != 0 )
&csr->sig_md, &csr->sig_pk,
&csr->sig_opts ) ) != 0 )
{
x509_csr_free( csr );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
......@@ -425,6 +426,10 @@ void x509_csr_free( x509_csr *csr )
pk_free( &csr->pk );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
polarssl_free( csr->sig_opts );
#endif
name_cur = csr->subject.next;
while( name_cur != NULL )
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment