oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Push cert down deaper into the stack

Browse Source
This commit is contained in:
Love Hornquist Astrand
2009-08-21 18:34:21 -07:00
parent aee7858b16
commit 72e306c7e3
5 changed files with 35 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
lib/hx509/cert.c
View File

@@ -2243,7 +2243,8 @@ hx509_verify_path(hx509_context context,
*/ */
for (i = path.len - 1; i >= 0; i--) { for (i = path.len - 1; i >= 0; i--) {
Certificate *signer, *c; hx509_cert signer;
Certificate *c;
c = _hx509_get_cert(path.val[i]); c = _hx509_get_cert(path.val[i]);
@@ -2251,9 +2252,9 @@ hx509_verify_path(hx509_context context,
if (i + 1 == path.len) { if (i + 1 == path.len) {
int selfsigned; int selfsigned;
signer = path.val[i]->data; signer = path.val[i];
ret = certificate_is_self_signed(context, signer, &selfsigned); ret = certificate_is_self_signed(context, signer->data, &selfsigned);
if (ret) if (ret)
goto out; goto out;
@@ -2262,7 +2263,7 @@ hx509_verify_path(hx509_context context,
continue; continue;
} else { } else {
/* take next certificate in chain */ /* take next certificate in chain */
signer = path.val[i + 1]->data; signer = path.val[i + 1];
} }
/* verify signatureValue */ /* verify signatureValue */
@@ -2326,9 +2327,31 @@ hx509_verify_signature(hx509_context context,
const heim_octet_string *data, const heim_octet_string *data,
const heim_octet_string *sig) const heim_octet_string *sig)
{ {
return _hx509_verify_signature(context, signer->data, alg, data, sig); return _hx509_verify_signature(context, signer, alg, data, sig);
} }
int
_hx509_verify_signature_bitstring(hx509_context context,
const hx509_cert signer,
const AlgorithmIdentifier *alg,
const heim_octet_string *data,
const heim_bit_string *sig)
{
heim_octet_string os;
if (sig->length & 7) {
hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
"signature not multiple of 8 bits");
return HX509_CRYPTO_SIG_INVALID_FORMAT;
}
os.data = sig->data;
os.length = sig->length / 8;
return _hx509_verify_signature(context, signer, alg, data, &os);
}
/** /**
* Verify that the certificate is allowed to be used for the hostname * Verify that the certificate is allowed to be used for the hostname

24
lib/hx509/crypto.c
View File

@@ -1495,12 +1495,13 @@ _hx509_signature_best_before(hx509_context context,
int int
_hx509_verify_signature(hx509_context context, _hx509_verify_signature(hx509_context context,
const Certificate *signer, const hx509_cert cert,
const AlgorithmIdentifier *alg, const AlgorithmIdentifier *alg,
const heim_octet_string *data, const heim_octet_string *data,
const heim_octet_string *sig) const heim_octet_string *sig)
{ {
const struct signature_alg *md; const struct signature_alg *md;
const Certificate *signer = _hx509_get_cert(cert);
md = find_sig_alg(&alg->algorithm); md = find_sig_alg(&alg->algorithm);
if (md == NULL) { if (md == NULL) {
@@ -1527,27 +1528,6 @@ _hx509_verify_signature(hx509_context context,
return (*md->verify_signature)(context, md, signer, alg, data, sig); return (*md->verify_signature)(context, md, signer, alg, data, sig);
} }
int
_hx509_verify_signature_bitstring(hx509_context context,
const Certificate *signer,
const AlgorithmIdentifier *alg,
const heim_octet_string *data,
const heim_bit_string *sig)
{
heim_octet_string os;
if (sig->length & 7) {
hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
"signature not multiple of 8 bits");
return HX509_CRYPTO_SIG_INVALID_FORMAT;
}
os.data = sig->data;
os.length = sig->length / 8;
return _hx509_verify_signature(context, signer, alg, data, &os);
}
int int
_hx509_create_signature(hx509_context context, _hx509_create_signature(hx509_context context,
const hx509_private_key signer, const hx509_private_key signer,

2
lib/hx509/print.c
View File

@@ -1017,7 +1017,7 @@ hx509_validate_cert(hx509_context context,
if (status.selfsigned) { if (status.selfsigned) {
ret = _hx509_verify_signature_bitstring(context, ret = _hx509_verify_signature_bitstring(context,
c, cert,
&c->signatureAlgorithm, &c->signatureAlgorithm,
&c->tbsCertificate._save, &c->tbsCertificate._save,
&c->signatureValue); &c->signatureValue);

6
lib/hx509/revoke.c
View File

@@ -223,7 +223,7 @@ verify_ocsp(hx509_context context,
} }
ret = _hx509_verify_signature_bitstring(context, ret = _hx509_verify_signature_bitstring(context,
p, parent,
&s->signatureAlgorithm, &s->signatureAlgorithm,
&s->tbsCertificate._save, &s->tbsCertificate._save,
&s->signatureValue); &s->signatureValue);
@@ -240,7 +240,7 @@ verify_ocsp(hx509_context context,
} }
ret = _hx509_verify_signature_bitstring(context, ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer), signer,
&ocsp->ocsp.signatureAlgorithm, &ocsp->ocsp.signatureAlgorithm,
&ocsp->ocsp.tbsResponseData._save, &ocsp->ocsp.tbsResponseData._save,
&ocsp->ocsp.signature); &ocsp->ocsp.signature);
@@ -506,7 +506,7 @@ verify_crl(hx509_context context,
} }
ret = _hx509_verify_signature_bitstring(context, ret = _hx509_verify_signature_bitstring(context,
_hx509_get_cert(signer), signer,
&crl->signatureAlgorithm, &crl->signatureAlgorithm,
&crl->tbsCertList._save, &crl->tbsCertList._save,
&crl->signatureValue); &crl->signatureValue);

2
lib/hx509/softp11.c
View File

@@ -1617,7 +1617,7 @@ C_Verify(CK_SESSION_HANDLE hSession,
data.length = ulSignatureLen; data.length = ulSignatureLen;
hret = _hx509_verify_signature(context, hret = _hx509_verify_signature(context,
_hx509_get_cert(o->cert), o->cert,
alg, alg,
&data, &data,
&sig); &sig);