Pass in time_now to unevelope, us verify context time in verify_signed.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23268 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -260,6 +260,7 @@ static int
|
|||||||
find_CMSIdentifier(hx509_context context,
|
find_CMSIdentifier(hx509_context context,
|
||||||
CMSIdentifier *client,
|
CMSIdentifier *client,
|
||||||
hx509_certs certs,
|
hx509_certs certs,
|
||||||
|
time_t time_now,
|
||||||
hx509_cert *signer_cert,
|
hx509_cert *signer_cert,
|
||||||
int match)
|
int match)
|
||||||
{
|
{
|
||||||
@@ -292,7 +293,10 @@ find_CMSIdentifier(hx509_context context,
|
|||||||
q.match |= match;
|
q.match |= match;
|
||||||
|
|
||||||
q.match |= HX509_QUERY_MATCH_TIME;
|
q.match |= HX509_QUERY_MATCH_TIME;
|
||||||
q.timenow = time(NULL);
|
if (time_now)
|
||||||
|
q.timenow = time_now;
|
||||||
|
else
|
||||||
|
q.timenow = time(NULL);
|
||||||
|
|
||||||
ret = hx509_certs_find(context, certs, &q, &cert);
|
ret = hx509_certs_find(context, certs, &q, &cert);
|
||||||
if (ret == HX509_CERT_NOT_FOUND) {
|
if (ret == HX509_CERT_NOT_FOUND) {
|
||||||
@@ -333,6 +337,7 @@ find_CMSIdentifier(hx509_context context,
|
|||||||
* @param length length of the data that data point to.
|
* @param length length of the data that data point to.
|
||||||
* @param encryptedContent in case of detached signature, this
|
* @param encryptedContent in case of detached signature, this
|
||||||
* contains the actual encrypted data, othersize its should be NULL.
|
* contains the actual encrypted data, othersize its should be NULL.
|
||||||
|
* @param time_now set the current time, if zero the library uses now as the date.
|
||||||
* @param contentType output type oid, should be freed with der_free_oid().
|
* @param contentType output type oid, should be freed with der_free_oid().
|
||||||
* @param content the data, free with der_free_octet_string().
|
* @param content the data, free with der_free_octet_string().
|
||||||
*
|
*
|
||||||
@@ -346,6 +351,7 @@ hx509_cms_unenvelope(hx509_context context,
|
|||||||
const void *data,
|
const void *data,
|
||||||
size_t length,
|
size_t length,
|
||||||
const heim_octet_string *encryptedContent,
|
const heim_octet_string *encryptedContent,
|
||||||
|
time_t time_now,
|
||||||
heim_oid *contentType,
|
heim_oid *contentType,
|
||||||
heim_octet_string *content)
|
heim_octet_string *content)
|
||||||
{
|
{
|
||||||
@@ -407,7 +413,8 @@ hx509_cms_unenvelope(hx509_context context,
|
|||||||
|
|
||||||
ri = &ed.recipientInfos.val[i];
|
ri = &ed.recipientInfos.val[i];
|
||||||
|
|
||||||
ret = find_CMSIdentifier(context, &ri->rid, certs, &cert,
|
ret = find_CMSIdentifier(context, &ri->rid, certs,
|
||||||
|
time_now, &cert,
|
||||||
HX509_QUERY_PRIVATE_KEY|findflags);
|
HX509_QUERY_PRIVATE_KEY|findflags);
|
||||||
if (ret)
|
if (ret)
|
||||||
continue;
|
continue;
|
||||||
@@ -831,7 +838,8 @@ hx509_cms_verify_signed(hx509_context context,
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert,
|
ret = find_CMSIdentifier(context, &signer_info->sid, certs,
|
||||||
|
_hx509_verify_get_time(ctx), &cert,
|
||||||
HX509_QUERY_KU_DIGITALSIGNATURE);
|
HX509_QUERY_KU_DIGITALSIGNATURE);
|
||||||
if (ret)
|
if (ret)
|
||||||
continue;
|
continue;
|
||||||
|
|||||||
Reference in New Issue
Block a user