AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove redundant sig_oid2 in x509 structures

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-03-27 16:30:47 +01:00
parent a252af760f
commit 1022fed36e
5 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -10,11 +10,8 @@ API Changes
available if POLARSSL_PEM_PARSE_C is defined (it never worked without).
* Test certificates in certs.c are no longer guaranteed to be nul-terminated
strings; use the new *_len variables instead of strlen().
* md_init_ctx() is deprecated in favour of md_setup(), that adds a third
argument (allowing memory savings if HMAC is not used)
* Removed individual mdX_hmac and shaX_hmac functions (use generic
md_hmac functions from md.h)
* Change md_info_t into an opaque structure (use md_get_xxx() accessors).
* Some constness fixes
* Signature of mpi_mul_mpi() changed to make the last argument unsigned
* Remove the PBKDF2 module (use PKCS5).
@ -27,8 +24,16 @@ API Changes
* net_connect() and net_bind() have a new 'proto' argument to choose
between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP.
* ssl_set_bio() now requires that p_send == p_recv.
New deprecations
* md_init_ctx() is deprecated in favour of md_setup(), that adds a third
argument (allowing memory savings if HMAC is not used)
* ssl_set_bio() is deprecated in favor of ssl_set_bio_timeout().
Semi-API changes (technically public, morally private)
* Change md_info_t into an opaque structure (use md_get_xxx() accessors).
* Remove sig_oid2 and rename sig_oid1 to sig_oid in x509_crt and x509_crl.
Changes
* Support for receiving SSLv2 ClientHello is now disabled by default at
compile time.

2
include/mbedtls/x509_crl.h
View File

@ -73,7 +73,7 @@ typedef struct _x509_crl
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< CRL version (1=v1, 2=v2) */
x509_buf sig_oid1;
x509_buf sig_oid; /**< CRL signature type identifier */
x509_buf issuer_raw; /**< The raw issuer data (DER). */

3
include/mbedtls/x509_crt.h
View File

@ -57,7 +57,7 @@ typedef struct _x509_crt
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
@ -85,7 +85,6 @@ typedef struct _x509_crt
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */

15
library/x509_crl.c
View File

@ -260,7 +260,7 @@ int x509_crl_parse_der( x509_crl *chain,
int ret;
size_t len;
unsigned char *p, *end;
x509_buf sig_params1, sig_params2;
x509_buf sig_params1, sig_params2, sig_oid2;
x509_crl *crl = chain;
/*
@ -271,6 +271,7 @@ int x509_crl_parse_der( x509_crl *chain,
memset( &sig_params1, 0, sizeof( x509_buf ) );
memset( &sig_params2, 0, sizeof( x509_buf ) );
memset( &sig_oid2, 0, sizeof( x509_buf ) );
/*
* Add new CRL on the end of the chain if needed.
@ -347,7 +348,7 @@ int x509_crl_parse_der( x509_crl *chain,
* signature AlgorithmIdentifier
*/
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params1 ) ) != 0 )
( ret = x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
@ -361,7 +362,7 @@ int x509_crl_parse_der( x509_crl *chain,
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params1,
if( ( ret = x509_get_sig_alg( &crl->sig_oid, &sig_params1,
&crl->sig_md, &crl->sig_pk,
&crl->sig_opts ) ) != 0 )
{
@ -453,14 +454,14 @@ int x509_crl_parse_der( x509_crl *chain,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params2 ) ) != 0 )
if( ( ret = x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
}
if( crl->sig_oid1.len != crl->sig_oid2.len ||
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 ||
if( crl->sig_oid.len != sig_oid2.len ||
memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
sig_params1.len != sig_params2.len ||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
{
@ -683,7 +684,7 @@ int x509_crl_info( char *buf, size_t size, const char *prefix,
ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md,
ret = x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
crl->sig_opts );
SAFE_SNPRINTF();

16
library/x509_crt.c
View File

@ -541,10 +541,11 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
int ret;
size_t len;
unsigned char *p, *end, *crt_end;
x509_buf sig_params1, sig_params2;
x509_buf sig_params1, sig_params2, sig_oid2;
memset( &sig_params1, 0, sizeof( x509_buf ) );
memset( &sig_params2, 0, sizeof( x509_buf ) );
memset( &sig_oid2, 0, sizeof( x509_buf ) );
/*
* Check for valid input
@ -553,7 +554,6 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
p = polarssl_malloc( len = buflen );
if( p == NULL )
return( POLARSSL_ERR_X509_MALLOC_FAILED );
@ -608,7 +608,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
*/
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crt->sig_oid1,
( ret = x509_get_alg( &p, end, &crt->sig_oid,
&sig_params1 ) ) != 0 )
{
x509_crt_free( crt );
@ -623,7 +623,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params1,
if( ( ret = x509_get_sig_alg( &crt->sig_oid, &sig_params1,
&crt->sig_md, &crt->sig_pk,
&crt->sig_opts ) ) != 0 )
{
@ -749,14 +749,14 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params2 ) ) != 0 )
if( ( ret = x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
}
if( crt->sig_oid1.len != crt->sig_oid2.len ||
memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
if( crt->sig_oid.len != sig_oid2.len ||
memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
sig_params1.len != sig_params2.len ||
memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 )
{
@ -1304,7 +1304,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
ret = polarssl_snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk,
ret = x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
crt->sig_md, crt->sig_opts );
SAFE_SNPRINTF();