TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f73da02962b2ca1e75c3355cd3c1eebc0943b8d6^! / . / library
commitf73da02962b2ca1e75c3355cd3c1eebc0943b8d6[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Sat Aug 17 14:36:32 2013 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Tue Aug 20 20:46:04 2013 +0200
tree26b6b989674437cf89cbcd7bbcd857916917fd94
parentab46694558faec41599e8469e5e0b0900af0e365 [diff]
PK: change pk_verify arguments (md_info "optional")

diff --git a/library/pk.c b/library/pk.c
index 4c16de8..62302b0 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -110,7 +110,7 @@
  */
 int pk_can_do( pk_context *ctx, pk_type_t type )
 {
-    /* null of NONE context can't do anything */
+    /* null or NONE context can't do anything */
     if( ctx == NULL || ctx->pk_info == NULL )
         return( 0 );
 
@@ -120,14 +120,16 @@
 /*
  * Verify a signature
  */
-int pk_verify( pk_context *ctx,
-               const unsigned char *hash, const md_info_t *md_info,
+int pk_verify( pk_context *ctx, md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
                const unsigned char *sig, size_t sig_len )
 {
     if( ctx == NULL || ctx->pk_info == NULL )
         return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
 
-    return( ctx->pk_info->verify_func( ctx->pk_ctx, hash, md_info, sig, sig_len ) );
+    return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg,
+                                       hash, hash_len,
+                                       sig, sig_len ) );
 }
 
 /*

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 8f61500..beaa3fd 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c

@@ -58,15 +58,15 @@
     return( 8 * ((rsa_context *) ctx)->len );
 }
 
-static int rsa_verify_wrap( void *ctx,
-                   const unsigned char *hash, const md_info_t *md_info,
+static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
                    const unsigned char *sig, size_t sig_len )
 {
     if( sig_len != ((rsa_context *) ctx)->len )
         return( POLARSSL_ERR_RSA_VERIFY_FAILED );
 
     return( rsa_pkcs1_verify( (rsa_context *) ctx,
-                RSA_PUBLIC, md_info->type, 0, hash, sig ) );
+                RSA_PUBLIC, md_alg, hash_len, hash, sig ) );
 }
 
 static void *rsa_alloc_wrap( void )
@@ -128,19 +128,20 @@
 
 #if defined(POLARSSL_ECDSA_C)
 /* Forward declaration */
-static int ecdsa_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                        const unsigned char *sig, size_t sig_len );
 #endif
 
-static int eckey_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                        const unsigned char *sig, size_t sig_len )
 {
 #if !defined(POLARSSL_ECDSA_C)
     ((void) ctx);
+    ((void) md_alg);
     ((void) hash);
-    ((void) md_info);
+    ((void) hash_len);
     ((void) sig);
     ((void) sig_len);
 
@@ -152,7 +153,7 @@
     ecdsa_init( &ecdsa );
 
     ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
-          ecdsa_verify_wrap( &ecdsa, hash, md_info, sig, sig_len );
+          ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
 
     ecdsa_free( &ecdsa );
 
@@ -203,13 +204,14 @@
             type == POLARSSL_PK_ECKEY_DH );
 }
 
-static int eckeydh_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int eckeydh_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                        const unsigned char *sig, size_t sig_len )
 {
     ((void) ctx);
+    ((void) md_alg);
     ((void) hash);
-    ((void) md_info);
+    ((void) hash_len);
     ((void) sig);
     ((void) sig_len);
 
@@ -234,12 +236,14 @@
     return( type == POLARSSL_PK_ECDSA );
 }
 
-static int ecdsa_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                        const unsigned char *sig, size_t sig_len )
 {
+    ((void) md_alg);
+
     return( ecdsa_read_signature( (ecdsa_context *) ctx,
-                hash, md_info->size, sig, sig_len ) );
+                hash, hash_len, sig, sig_len ) );
 }
 
 static void *ecdsa_alloc_wrap( void )

diff --git a/library/x509parse.c b/library/x509parse.c
index 4da4e75..bbaca8e 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c

@@ -3429,7 +3429,7 @@
         md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
 
         if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 ||
-            pk_verify( &ca->pk, hash, md_info,
+            pk_verify( &ca->pk, crl_list->sig_md, hash, md_info->size,
                        crl_list->sig.p, crl_list->sig.len ) != 0 )
         {
             flags |= BADCRL_NOT_TRUSTED;
@@ -3546,7 +3546,7 @@
         md( md_info, child->tbs.p, child->tbs.len, hash );
 
         if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 ||
-            pk_verify( &trust_ca->pk, hash, md_info,
+            pk_verify( &trust_ca->pk, child->sig_md, hash, md_info->size,
                        child->sig.p, child->sig.len ) != 0 )
         {
             trust_ca = trust_ca->next;
@@ -3623,7 +3623,7 @@
         md( md_info, child->tbs.p, child->tbs.len, hash );
 
         if( pk_can_do( &parent->pk, child->sig_pk ) == 0 ||
-            pk_verify( &parent->pk, hash, md_info,
+            pk_verify( &parent->pk, child->sig_md, hash, md_info->size,
                        child->sig.p, child->sig.len ) != 0 )
         {
             *flags |= BADCERT_NOT_TRUSTED;