Add REQUIRE_SIGNER

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16837 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-03-27 21:34:58 +00:00
parent e3ef13ddb4
commit 381c1b5a04

View File

@@ -100,6 +100,7 @@ struct signature_alg {
heim_oid *digest_oid;
int flags;
#define PROVIDE_CONF 1
#define REQUIRE_SIGNER 2
int (*verify_signature)(const struct signature_alg *,
const Certificate *,
const AlgorithmIdentifier *,
@@ -197,8 +198,8 @@ rsa_verify_signature(const struct signature_alg *sig_alg,
heim_oid_cmp(&di.digestAlgorithm.algorithm,
sig_alg->digest_oid) != 0)
{
ret = HX509_CRYPTO_OID_MISMATCH;
goto out;
ret = HX509_CRYPTO_OID_MISMATCH;
goto out;
}
ret = _hx509_verify_signature(NULL,
@@ -563,7 +564,7 @@ static struct signature_alg pkcs1_rsa_sha1_alg = {
&rsaEncryption_oid,
&rsaEncryption_oid,
NULL,
PROVIDE_CONF,
PROVIDE_CONF|REQUIRE_SIGNER,
rsa_verify_signature,
rsa_create_signature,
rsa_parse_private_key
@@ -574,7 +575,7 @@ static struct signature_alg rsa_with_sha1_alg = {
&sha1WithRSAEncryption_oid,
&rsaEncryption_oid,
&id_sha1_oid,
PROVIDE_CONF,
PROVIDE_CONF|REQUIRE_SIGNER,
rsa_verify_signature,
rsa_create_signature,
rsa_parse_private_key
@@ -585,7 +586,7 @@ static struct signature_alg rsa_with_md5_alg = {
&md5WithRSAEncryption_oid,
&rsaEncryption_oid,
&id_md5_oid,
PROVIDE_CONF,
PROVIDE_CONF|REQUIRE_SIGNER,
rsa_verify_signature,
rsa_create_signature,
rsa_parse_private_key
@@ -596,7 +597,7 @@ static struct signature_alg rsa_with_md2_alg = {
&md2WithRSAEncryption_oid,
&rsaEncryption_oid,
&id_md2_oid,
PROVIDE_CONF,
PROVIDE_CONF|REQUIRE_SIGNER,
rsa_verify_signature,
rsa_create_signature,
rsa_parse_private_key
@@ -607,7 +608,7 @@ static struct signature_alg dsa_sha1_alg = {
&id_dsa_with_sha1_oid,
&id_dsa_oid,
&id_sha1_oid,
PROVIDE_CONF,
PROVIDE_CONF|REQUIRE_SIGNER,
dsa_verify_signature,
/* create_signature */ NULL,
dsa_parse_private_key
@@ -688,7 +689,9 @@ _hx509_verify_signature(const Certificate *signer,
}
if (signer && (md->flags & PROVIDE_CONF) == 0)
return HX509_CRYPTO_SIG_NO_CONF;
if (md->key_oid) {
if (signer == NULL && (md->flags & REQUIRE_SIGNER))
return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
if (md->key_oid && signer) {
const SubjectPublicKeyInfo *spi;
spi = &signer->tbsCertificate.subjectPublicKeyInfo;