oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Handle that _hx509_verify_signature takes a context.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19113 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-25 23:53:05 +00:00
parent 647a299beb
commit 2c0f78e9c0
2 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/hx509/cert.c
View File

@@ -1662,12 +1662,13 @@ hx509_verify_path(hx509_context context,
} }
/* verify signatureValue */ /* verify signatureValue */
ret = _hx509_verify_signature_bitstring(signer, ret = _hx509_verify_signature_bitstring(context,
signer,
&c->signatureAlgorithm, &c->signatureAlgorithm,
&c->tbsCertificate._save, &c->tbsCertificate._save,
&c->signatureValue); &c->signatureValue);
if (ret) { if (ret) {
hx509_set_error_string(context, 0, ret, hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"Failed to verify signature of certificate"); "Failed to verify signature of certificate");
goto out; goto out;
} }
@@ -1688,8 +1689,7 @@ hx509_verify_signature(hx509_context context,
const heim_octet_string *data, const heim_octet_string *data,
const heim_octet_string *sig) const heim_octet_string *sig)
{ {
hx509_clear_error_string(context); return _hx509_verify_signature(context, signer->data, alg, data, sig);
return _hx509_verify_signature(signer->data, alg, data, sig);
} }
int int
@@ -1980,7 +1980,8 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert
os.length = os.length =
c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
ret = _hx509_verify_signature(NULL, ret = _hx509_verify_signature(context,
NULL,
hx509_signature_sha1(), hx509_signature_sha1(),
&os, &os,
q->keyhash_sha1); q->keyhash_sha1);

30
lib/hx509/revoke.c
View File

@@ -165,12 +165,13 @@ verify_ocsp(hx509_context context,
goto out; goto out;
} }
ret = _hx509_verify_signature_bitstring(p, ret = _hx509_verify_signature_bitstring(context,
p,
&s->signatureAlgorithm, &s->signatureAlgorithm,
&s->tbsCertificate._save, &s->tbsCertificate._save,
&s->signatureValue); &s->signatureValue);
if (ret) { if (ret) {
hx509_set_error_string(context, 0, ret, hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"OSCP signer signature invalid"); "OSCP signer signature invalid");
goto out; goto out;
} }
@@ -181,12 +182,14 @@ verify_ocsp(hx509_context context,
goto out; goto out;
} }
ret = _hx509_verify_signature_bitstring(_hx509_get_cert(signer), ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer),
&ocsp->ocsp.signatureAlgorithm, &ocsp->ocsp.signatureAlgorithm,
&ocsp->ocsp.tbsResponseData._save, &ocsp->ocsp.tbsResponseData._save,
&ocsp->ocsp.signature); &ocsp->ocsp.signature);
if (ret) { if (ret) {
hx509_set_error_string(context, 0, ret, "OSCP signature invalid"); hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"OSCP signature invalid");
goto out; goto out;
} }
@@ -417,12 +420,13 @@ verify_crl(hx509_context context,
goto out; goto out;
} }
ret = _hx509_verify_signature_bitstring(p, ret = _hx509_verify_signature_bitstring(context,
p,
&s->signatureAlgorithm, &s->signatureAlgorithm,
&s->tbsCertificate._save, &s->tbsCertificate._save,
&s->signatureValue); &s->signatureValue);
if (ret) { if (ret) {
hx509_set_error_string(context, 0, ret, hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"CRL signer signature invalid"); "CRL signer signature invalid");
goto out; goto out;
} }
@@ -432,12 +436,13 @@ verify_crl(hx509_context context,
goto out; goto out;
} }
ret = _hx509_verify_signature_bitstring(_hx509_get_cert(signer), ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer),
&crl->signatureAlgorithm, &crl->signatureAlgorithm,
&crl->tbsCertList._save, &crl->tbsCertList._save,
&crl->signatureValue); &crl->signatureValue);
if (ret) { if (ret) {
hx509_set_error_string(context, 0, ret, "CRL signature invalid"); hx509_set_error_string(context, HX509_ERROR_APPEND, ret, "CRL signature invalid");
goto out; goto out;
} }
@@ -572,7 +577,8 @@ hx509_revoke_verify(hx509_context context,
continue; continue;
/* verify issuer hashes hash */ /* verify issuer hashes hash */
ret = _hx509_verify_signature(NULL, ret = _hx509_verify_signature(context,
NULL,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm, &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
&c->tbsCertificate.issuer._save, &c->tbsCertificate.issuer._save,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash); &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash);
@@ -582,7 +588,8 @@ hx509_revoke_verify(hx509_context context,
os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
ret = _hx509_verify_signature(NULL, ret = _hx509_verify_signature(context,
NULL,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm, &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
&os, &os,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerKeyHash); &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerKeyHash);
@@ -975,7 +982,8 @@ hx509_ocsp_verify(hx509_context context,
continue; continue;
/* verify issuer hashes hash */ /* verify issuer hashes hash */
ret = _hx509_verify_signature(NULL, ret = _hx509_verify_signature(context,
NULL,
&basic.tbsResponseData.responses.val[i].certID.hashAlgorithm, &basic.tbsResponseData.responses.val[i].certID.hashAlgorithm,
&c->tbsCertificate.issuer._save, &c->tbsCertificate.issuer._save,
&basic.tbsResponseData.responses.val[i].certID.issuerNameHash); &basic.tbsResponseData.responses.val[i].certID.issuerNameHash);