Prepare for EC cert & crl validation
This commit is contained in:
parent
6009c3ae5e
commit
b4d69c41f8
1 changed files with 56 additions and 26 deletions
|
@ -3344,12 +3344,11 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
|||
|
||||
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
|
||||
|
||||
/* EC NOT IMPLEMENTED YET */
|
||||
if( ca->pk.type != POLARSSL_PK_RSA )
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC, crl_list->sig_md,
|
||||
0, hash, crl_list->sig.p ) == 0 )
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( ca->pk.type == POLARSSL_PK_RSA )
|
||||
{
|
||||
if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC,
|
||||
crl_list->sig_md, 0, hash, crl_list->sig.p ) == 0 )
|
||||
{
|
||||
/*
|
||||
* CRL is not trusted
|
||||
|
@ -3357,6 +3356,17 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
|||
flags |= BADCRL_NOT_TRUSTED;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( ca->pk.type == POLARSSL_PK_ECKEY ) {
|
||||
/* EC NOT IMPLEMENTED YET */
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
/*
|
||||
* Check for validity of CRL (Do not drop out)
|
||||
|
@ -3467,16 +3477,26 @@ static int x509parse_verify_top(
|
|||
|
||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||
|
||||
/* EC NOT IMPLEMENTED YET */
|
||||
if( trust_ca->pk.type != POLARSSL_PK_RSA )
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC, child->sig_md,
|
||||
0, hash, child->sig.p ) != 0 )
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( trust_ca->pk.type == POLARSSL_PK_RSA )
|
||||
{
|
||||
if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC,
|
||||
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
||||
{
|
||||
trust_ca = trust_ca->next;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( trust_ca->pk.type == POLARSSL_PK_ECKEY ) {
|
||||
/* EC NOT IMPLEMENTED YET */
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
/*
|
||||
* Top of chain is signed by a trusted CA
|
||||
|
@ -3547,16 +3567,26 @@ static int x509parse_verify_child(
|
|||
{
|
||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||
|
||||
/* EC NOT IMPLEMENTED YET */
|
||||
if( parent->pk.type != POLARSSL_PK_RSA )
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC, child->sig_md,
|
||||
0, hash, child->sig.p ) != 0 )
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( parent->pk.type == POLARSSL_PK_RSA )
|
||||
{
|
||||
if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC,
|
||||
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
||||
{
|
||||
*flags |= BADCERT_NOT_TRUSTED;
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( parent->pk.type == POLARSSL_PK_ECKEY ) {
|
||||
/* EC NOT IMPLEMENTED YET */
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
/* Check trusted CA's CRL for the given crt */
|
||||
*flags |= x509parse_verifycrl(child, parent, ca_crl);
|
||||
|
|
Loading…
Reference in a new issue