oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Handle that _hx509_verify_signature takes a context.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19113 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-25 23:53:05 +00:00
parent 647a299beb
commit 2c0f78e9c0
2 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/hx509/cert.c
View File

@@ -1662,12 +1662,13 @@ hx509_verify_path(hx509_context context,
}
/* verify signatureValue */
ret = _hx509_verify_signature_bitstring(signer,
ret = _hx509_verify_signature_bitstring(context,
signer,
&c->signatureAlgorithm,
&c->tbsCertificate._save,
&c->signatureValue);
if (ret) {
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"Failed to verify signature of certificate");
goto out;
}
@@ -1688,8 +1689,7 @@ hx509_verify_signature(hx509_context context,
const heim_octet_string *data,
const heim_octet_string *sig)
{
hx509_clear_error_string(context);
return _hx509_verify_signature(signer->data, alg, data, sig);
return _hx509_verify_signature(context, signer->data, alg, data, sig);
}
int
@@ -1980,7 +1980,8 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert
os.length =
c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
ret = _hx509_verify_signature(NULL,
ret = _hx509_verify_signature(context,
NULL,
hx509_signature_sha1(),
&os,
q->keyhash_sha1);

30
lib/hx509/revoke.c
View File

@@ -165,12 +165,13 @@ verify_ocsp(hx509_context context,
goto out;
}
ret = _hx509_verify_signature_bitstring(p,
ret = _hx509_verify_signature_bitstring(context,
p,
&s->signatureAlgorithm,
&s->tbsCertificate._save,
&s->signatureValue);
if (ret) {
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"OSCP signer signature invalid");
goto out;
}
@@ -181,12 +182,14 @@ verify_ocsp(hx509_context context,
goto out;
}
ret = _hx509_verify_signature_bitstring(_hx509_get_cert(signer),
ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer),
&ocsp->ocsp.signatureAlgorithm,
&ocsp->ocsp.tbsResponseData._save,
&ocsp->ocsp.signature);
if (ret) {
hx509_set_error_string(context, 0, ret, "OSCP signature invalid");
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"OSCP signature invalid");
goto out;
}
@@ -417,12 +420,13 @@ verify_crl(hx509_context context,
goto out;
}
ret = _hx509_verify_signature_bitstring(p,
ret = _hx509_verify_signature_bitstring(context,
p,
&s->signatureAlgorithm,
&s->tbsCertificate._save,
&s->signatureValue);
if (ret) {
hx509_set_error_string(context, 0, ret,
hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
"CRL signer signature invalid");
goto out;
}
@@ -432,12 +436,13 @@ verify_crl(hx509_context context,
goto out;
}
ret = _hx509_verify_signature_bitstring(_hx509_get_cert(signer),
ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer),
&crl->signatureAlgorithm,
&crl->tbsCertList._save,
&crl->signatureValue);
if (ret) {
hx509_set_error_string(context, 0, ret, "CRL signature invalid");
hx509_set_error_string(context, HX509_ERROR_APPEND, ret, "CRL signature invalid");
goto out;
}
@@ -572,7 +577,8 @@ hx509_revoke_verify(hx509_context context,
continue;
/* verify issuer hashes hash */
ret = _hx509_verify_signature(NULL,
ret = _hx509_verify_signature(context,
NULL,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
&c->tbsCertificate.issuer._save,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash);
@@ -582,7 +588,8 @@ hx509_revoke_verify(hx509_context context,
os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data;
os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8;
ret = _hx509_verify_signature(NULL,
ret = _hx509_verify_signature(context,
NULL,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm,
&os,
&ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerKeyHash);
@@ -975,7 +982,8 @@ hx509_ocsp_verify(hx509_context context,
continue;
/* verify issuer hashes hash */
ret = _hx509_verify_signature(NULL,
ret = _hx509_verify_signature(context,
NULL,
&basic.tbsResponseData.responses.val[i].certID.hashAlgorithm,
&c->tbsCertificate.issuer._save,
&basic.tbsResponseData.responses.val[i].certID.issuerNameHash);