From 36d90c324b54711bbcfb9cd8e15563ea9ee58669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Mon, 25 Jul 2005 11:44:35 +0000 Subject: [PATCH] add checks for KeyUsage git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15727 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/cms.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index 10e0a10b6..c105a3c4e 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -166,7 +166,8 @@ hx509_cms_unenvelope(hx509_certs certs, */ ret = find_CMSIdentifier(&ri->rid, certs, &cert, - HX509_QUERY_PRIVATE_KEY); + HX509_QUERY_PRIVATE_KEY| + HX509_QUERY_KU_ENCIPHERMENT); if (ret) { ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE; continue; @@ -245,11 +246,12 @@ hx509_cms_envelope_1(hx509_cert cert, heim_octet_string *content) { KeyTransRecipientInfo *ri; - EnvelopedData ed; heim_octet_string ivec; heim_octet_string key; - int ret; + hx509_crypto crypto; + EnvelopedData ed; size_t size; + int ret; memset(&ivec, 0, sizeof(ivec)); memset(&key, 0, sizeof(key)); @@ -259,7 +261,9 @@ hx509_cms_envelope_1(hx509_cert cert, if (encryption_type == NULL) encryption_type = oid_id_aes_256_cbc(); - hx509_crypto crypto; + ret = _hx509_check_key_usage(cert, 1 << 2, TRUE); + if (ret) + goto out; ret = hx509_crypto_init(NULL, encryption_type, &crypto); if (ret) @@ -454,7 +458,8 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx, continue; } - ret = find_CMSIdentifier(&signer_info->sid, certs, &cert, 0); + ret = find_CMSIdentifier(&signer_info->sid, certs, &cert, + HX509_QUERY_KU_DIGITALSIGNATURE); if (ret) continue; @@ -519,7 +524,7 @@ hx509_cms_verify_signed(hx509_verify_ctx ctx, match_oid = &decode_oid; } - signed_data = calloc(1, sizeof(*signed_data)); + ALLOC(signed_data, 1); if (signed_data == NULL) { if (match_oid == &decode_oid) free_oid(&decode_oid);