Consider trailerField a constant
This commit is contained in:
parent
cac31eed9e
commit
78117d57b0
@ -281,7 +281,7 @@ int x509_get_alg( unsigned char **p, const unsigned char *end,
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
int x509_get_rsassa_pss_params( const x509_buf *params,
|
||||
md_type_t *md_alg, md_type_t *mgf_md,
|
||||
int *salt_len, int *trailer_field );
|
||||
int *salt_len );
|
||||
#endif
|
||||
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
|
||||
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
|
||||
|
@ -201,10 +201,14 @@ static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
|
||||
* saltLength [2] INTEGER DEFAULT 20,
|
||||
* trailerField [3] INTEGER DEFAULT 1 }
|
||||
* -- Note that the tags in this Sequence are explicit.
|
||||
*
|
||||
* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
|
||||
* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
|
||||
* option. Enfore this at parsing time.
|
||||
*/
|
||||
int x509_get_rsassa_pss_params( const x509_buf *params,
|
||||
md_type_t *md_alg, md_type_t *mgf_md,
|
||||
int *salt_len, int *trailer_field )
|
||||
int *salt_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *p;
|
||||
@ -216,7 +220,6 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
|
||||
*md_alg = POLARSSL_MD_SHA1;
|
||||
*mgf_md = POLARSSL_MD_SHA1;
|
||||
*salt_len = 20;
|
||||
*trailer_field = 1;
|
||||
|
||||
/* Make sure params is a SEQUENCE and setup bounds */
|
||||
if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
|
||||
@ -307,19 +310,24 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
|
||||
return( 0 );
|
||||
|
||||
/*
|
||||
* trailer_field
|
||||
* trailer_field (if present, must be 1)
|
||||
*/
|
||||
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
|
||||
{
|
||||
int trailer_field;
|
||||
|
||||
end2 = p + len;
|
||||
|
||||
if( ( ret = asn1_get_int( &p, end2, trailer_field ) ) != 0 )
|
||||
if( ( ret = asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
|
||||
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||
|
||||
if( p != end2 )
|
||||
return( POLARSSL_ERR_X509_INVALID_ALG +
|
||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
||||
if( trailer_field != 1 )
|
||||
return( POLARSSL_ERR_X509_INVALID_ALG );
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
|
||||
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
|
||||
@ -561,12 +569,12 @@ int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
|
||||
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
|
||||
if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
|
||||
{
|
||||
int salt_len, trailer_field;
|
||||
int salt_len;
|
||||
md_type_t mgf_md;
|
||||
|
||||
/* Make sure params are valid */
|
||||
ret = x509_get_rsassa_pss_params( sig_params,
|
||||
md_alg, &mgf_md, &salt_len, &trailer_field );
|
||||
md_alg, &mgf_md, &salt_len );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
@ -838,19 +846,19 @@ int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
|
||||
{
|
||||
md_type_t md_alg, mgf_md;
|
||||
const md_info_t *md_info, *mgf_md_info;
|
||||
int salt_len, trailer_field;
|
||||
int salt_len;
|
||||
|
||||
if( ( ret = x509_get_rsassa_pss_params( sig_params,
|
||||
&md_alg, &mgf_md, &salt_len, &trailer_field ) ) != 0 )
|
||||
&md_alg, &mgf_md, &salt_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
md_info = md_info_from_type( md_alg );
|
||||
mgf_md_info = md_info_from_type( mgf_md );
|
||||
|
||||
ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X, %d)",
|
||||
ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
|
||||
md_info ? md_info->name : "???",
|
||||
mgf_md_info ? mgf_md_info->name : "???",
|
||||
salt_len, trailer_field );
|
||||
salt_len );
|
||||
SAFE_SNPRINTF();
|
||||
}
|
||||
#else
|
||||
|
@ -44,23 +44,23 @@ x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial numb
|
||||
|
||||
X509 Certificate information RSA-PSS, SHA1 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
|
||||
x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA, 1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 Certificate information RSA-PSS, SHA224 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
|
||||
x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2, 1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 Certificate information RSA-PSS, SHA256 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
|
||||
x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE, 1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 Certificate information RSA-PSS, SHA384 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
|
||||
x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE, 1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 Certificate information RSA-PSS, SHA512 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
|
||||
x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE, 1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
|
||||
|
||||
X509 Certificate information EC, SHA1 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
@ -152,23 +152,23 @@ x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \:
|
||||
|
||||
X509 CRL information RSA-PSS, SHA1 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA, 1)\n"
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
|
||||
|
||||
X509 CRL information RSA-PSS, SHA224 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2, 1)\n"
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
|
||||
|
||||
X509 CRL information RSA-PSS, SHA256 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE, 1)\n"
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
|
||||
|
||||
X509 CRL information RSA-PSS, SHA384 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE, 1)\n"
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
|
||||
|
||||
X509 CRL information RSA-PSS, SHA512 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE, 1)\n"
|
||||
x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
|
||||
|
||||
X509 CRL Information EC, SHA1 Digest
|
||||
depends_on:POLARSSL_PEM_PARSE_C
|
||||
@ -240,23 +240,23 @@ x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name
|
||||
|
||||
X509 CSR Information RSA-PSS with SHA1
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
|
||||
x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A, 1)\nRSA key size \: 1024 bits\n"
|
||||
x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n"
|
||||
|
||||
X509 CSR Information RSA-PSS with SHA224
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
|
||||
x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62, 1)\nRSA key size \: 1024 bits\n"
|
||||
x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n"
|
||||
|
||||
X509 CSR Information RSA-PSS with SHA256
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
|
||||
x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E, 1)\nRSA key size \: 1024 bits\n"
|
||||
x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n"
|
||||
|
||||
X509 CSR Information RSA-PSS with SHA384
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
|
||||
x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E, 1)\nRSA key size \: 1024 bits\n"
|
||||
x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n"
|
||||
|
||||
X509 CSR Information RSA-PSS with SHA512
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
|
||||
x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E, 1)\nRSA key size \: 1024 bits\n"
|
||||
x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
|
||||
|
||||
X509 Get Distinguished Name #1
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
|
||||
|
Loading…
Reference in New Issue
Block a user