TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 59a75d5b9d442a80f9f9c085f768a7b1c0b4ed61^! / . / library
commit59a75d5b9d442a80f9f9c085f768a7b1c0b4ed61[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Wed Jan 22 10:12:57 2014 +0100
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon Jun 02 16:10:29 2014 +0200
tree539f7208e058a4e4273b858dd64d24a6dc0792a5
parent1ebc0c592c835e32d51a2fab731342edd8257432 [diff]
Basic parsing of certs signed with RSASSA-PSS

diff --git a/library/oid.c b/library/oid.c
index a931887..9d50cf5 100644
--- a/library/oid.c
+++ b/library/oid.c

@@ -364,6 +364,10 @@
         POLARSSL_MD_SHA512,   POLARSSL_PK_ECDSA,
     },
     {
+        { ADD_LEN( OID_RSASSA_PSS ),        "RSASSA-PSS",           "RSASSA-PSS" },
+        POLARSSL_MD_NONE,     POLARSSL_PK_RSASSA_PSS,
+    },
+    {
         { NULL, 0, NULL, NULL },
         0, 0,
     },

diff --git a/library/x509.c b/library/x509.c
index 92e52c3..9915518 100644
--- a/library/x509.c
+++ b/library/x509.c

@@ -124,6 +124,20 @@
 }
 
 /*
+ * Parse an algorithm identifier with (optional) paramaters
+ */
+int x509_get_alg( unsigned char **p, const unsigned char *end,
+                  x509_buf *alg, x509_buf *params )
+{
+    int ret;
+
+    if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
+        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+
+    return( 0 );
+}
+
+/*
  *  AttributeTypeAndValue ::= SEQUENCE {
  *    type     AttributeType,
  *    value    AttributeValue }

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 7946068..b9f226b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -534,6 +534,9 @@
     int ret;
     size_t len;
     unsigned char *p, *end, *crt_end;
+    x509_buf sig_params;
+
+    memset( &sig_params, 0, sizeof( x509_buf ) );
 
     /*
      * Check for valid input
@@ -597,7 +600,8 @@
      */
     if( ( ret = x509_get_version(  &p, end, &crt->version  ) ) != 0 ||
         ( ret = x509_get_serial(   &p, end, &crt->serial   ) ) != 0 ||
-        ( ret = x509_get_alg_null( &p, end, &crt->sig_oid1 ) ) != 0 )
+        ( ret = x509_get_alg(      &p, end, &crt->sig_oid1,
+                                            &crt->sig_params ) ) != 0 )
     {
         x509_crt_free( crt );
         return( ret );
@@ -738,14 +742,16 @@
      *  signatureAlgorithm   AlgorithmIdentifier,
      *  signatureValue       BIT STRING
      */
-    if( ( ret = x509_get_alg_null( &p, end, &crt->sig_oid2 ) ) != 0 )
+    if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params ) ) != 0 )
     {
         x509_crt_free( crt );
         return( ret );
     }
 
     if( crt->sig_oid1.len != crt->sig_oid2.len ||
-        memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
+        memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
+        crt->sig_params.len != sig_params.len ||
+        memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0 )
     {
         x509_crt_free( crt );
         return( POLARSSL_ERR_X509_SIG_MISMATCH );