Remove redundant sig_oid2 in x509 structures
This commit is contained in:
parent
a252af760f
commit
1022fed36e
5 changed files with 26 additions and 21 deletions
11
ChangeLog
11
ChangeLog
|
@ -10,11 +10,8 @@ API Changes
|
|||
available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
|
||||
* Test certificates in certs.c are no longer guaranteed to be nul-terminated
|
||||
strings; use the new *_len variables instead of strlen().
|
||||
* md_init_ctx() is deprecated in favour of md_setup(), that adds a third
|
||||
argument (allowing memory savings if HMAC is not used)
|
||||
* Removed individual mdX_hmac and shaX_hmac functions (use generic
|
||||
md_hmac functions from md.h)
|
||||
* Change md_info_t into an opaque structure (use md_get_xxx() accessors).
|
||||
* Some constness fixes
|
||||
* Signature of mpi_mul_mpi() changed to make the last argument unsigned
|
||||
* Remove the PBKDF2 module (use PKCS5).
|
||||
|
@ -27,8 +24,16 @@ API Changes
|
|||
* net_connect() and net_bind() have a new 'proto' argument to choose
|
||||
between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP.
|
||||
* ssl_set_bio() now requires that p_send == p_recv.
|
||||
|
||||
New deprecations
|
||||
* md_init_ctx() is deprecated in favour of md_setup(), that adds a third
|
||||
argument (allowing memory savings if HMAC is not used)
|
||||
* ssl_set_bio() is deprecated in favor of ssl_set_bio_timeout().
|
||||
|
||||
Semi-API changes (technically public, morally private)
|
||||
* Change md_info_t into an opaque structure (use md_get_xxx() accessors).
|
||||
* Remove sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
|
||||
|
||||
Changes
|
||||
* Support for receiving SSLv2 ClientHello is now disabled by default at
|
||||
compile time.
|
||||
|
|
|
@ -73,7 +73,7 @@ typedef struct _x509_crl
|
|||
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
|
||||
int version; /**< CRL version (1=v1, 2=v2) */
|
||||
x509_buf sig_oid1;
|
||||
x509_buf sig_oid; /**< CRL signature type identifier */
|
||||
|
||||
x509_buf issuer_raw; /**< The raw issuer data (DER). */
|
||||
|
||||
|
|
|
@ -57,7 +57,7 @@ typedef struct _x509_crt
|
|||
|
||||
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
|
||||
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
|
||||
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
|
||||
x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
|
||||
|
||||
x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
|
||||
x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
|
||||
|
@ -85,7 +85,6 @@ typedef struct _x509_crt
|
|||
|
||||
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
|
||||
|
||||
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
|
||||
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
|
||||
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
|
||||
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
|
||||
|
|
|
@ -260,7 +260,7 @@ int x509_crl_parse_der( x509_crl *chain,
|
|||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
x509_buf sig_params1, sig_params2;
|
||||
x509_buf sig_params1, sig_params2, sig_oid2;
|
||||
x509_crl *crl = chain;
|
||||
|
||||
/*
|
||||
|
@ -271,6 +271,7 @@ int x509_crl_parse_der( x509_crl *chain,
|
|||
|
||||
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_oid2, 0, sizeof( x509_buf ) );
|
||||
|
||||
/*
|
||||
* Add new CRL on the end of the chain if needed.
|
||||
|
@ -347,7 +348,7 @@ int x509_crl_parse_der( x509_crl *chain,
|
|||
* signature AlgorithmIdentifier
|
||||
*/
|
||||
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
|
||||
( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params1 ) ) != 0 )
|
||||
( ret = x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
|
||||
{
|
||||
x509_crl_free( crl );
|
||||
return( ret );
|
||||
|
@ -361,7 +362,7 @@ int x509_crl_parse_der( x509_crl *chain,
|
|||
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
|
||||
}
|
||||
|
||||
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1,
|
||||
if( ( ret = x509_get_sig_alg( &crl->sig_oid, &sig_params1,
|
||||
&crl->sig_md, &crl->sig_pk,
|
||||
&crl->sig_opts ) ) != 0 )
|
||||
{
|
||||
|
@ -453,14 +454,14 @@ int x509_crl_parse_der( x509_crl *chain,
|
|||
* signatureAlgorithm AlgorithmIdentifier,
|
||||
* signatureValue BIT STRING
|
||||
*/
|
||||
if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params2 ) ) != 0 )
|
||||
if( ( ret = x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
|
||||
{
|
||||
x509_crl_free( crl );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( crl->sig_oid1.len != crl->sig_oid2.len ||
|
||||
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
|
||||
if( crl->sig_oid.len != sig_oid2.len ||
|
||||
memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
|
||||
sig_params1.len != sig_params2.len ||
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
|
||||
{
|
||||
|
@ -683,7 +684,7 @@ int x509_crl_info( char *buf, size_t size, const char *prefix,
|
|||
ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
|
||||
SAFE_SNPRINTF();
|
||||
|
||||
ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md,
|
||||
ret = x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
|
||||
crl->sig_opts );
|
||||
SAFE_SNPRINTF();
|
||||
|
||||
|
|
|
@ -541,10 +541,11 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
|
|||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end, *crt_end;
|
||||
x509_buf sig_params1, sig_params2;
|
||||
x509_buf sig_params1, sig_params2, sig_oid2;
|
||||
|
||||
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_oid2, 0, sizeof( x509_buf ) );
|
||||
|
||||
/*
|
||||
* Check for valid input
|
||||
|
@ -553,7 +554,6 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
|
|||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
p = polarssl_malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
|
@ -608,7 +608,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
|
|||
*/
|
||||
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
|
||||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
|
||||
( ret = x509_get_alg( &p, end, &crt->sig_oid1,
|
||||
( ret = x509_get_alg( &p, end, &crt->sig_oid,
|
||||
&sig_params1 ) ) != 0 )
|
||||
{
|
||||
x509_crt_free( crt );
|
||||
|
@ -623,7 +623,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
|
|||
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
|
||||
}
|
||||
|
||||
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1,
|
||||
if( ( ret = x509_get_sig_alg( &crt->sig_oid, &sig_params1,
|
||||
&crt->sig_md, &crt->sig_pk,
|
||||
&crt->sig_opts ) ) != 0 )
|
||||
{
|
||||
|
@ -749,14 +749,14 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
|
|||
* signatureAlgorithm AlgorithmIdentifier,
|
||||
* signatureValue BIT STRING
|
||||
*/
|
||||
if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params2 ) ) != 0 )
|
||||
if( ( ret = x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
|
||||
{
|
||||
x509_crt_free( crt );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( crt->sig_oid1.len != crt->sig_oid2.len ||
|
||||
memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
|
||||
if( crt->sig_oid.len != sig_oid2.len ||
|
||||
memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
|
||||
sig_params1.len != sig_params2.len ||
|
||||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
|
||||
{
|
||||
|
@ -1304,7 +1304,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
|
|||
ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
|
||||
SAFE_SNPRINTF();
|
||||
|
||||
ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk,
|
||||
ret = x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
|
||||
crt->sig_md, crt->sig_opts );
|
||||
SAFE_SNPRINTF();
|
||||
|
||||
|
|
Loading…
Reference in a new issue