mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
certificate: Return signature scheme and parameters from issued_by() method
This also required some include restructuring (avoid including library.h in headers) to avoid unresolvable circular dependencies.
This commit is contained in:
Tobias Brunner
parent
c2935b03c4
commit
024b979522
@ -14,6 +14,7 @@
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/debug.h>
|
||||
#include <tkm/constants.h>
|
||||
#include <tkm/client.h>
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/debug.h>
|
||||
|
||||
#include "tkm_public_key.h"
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
|
||||
#include "iv_manager.h"
|
||||
|
||||
#include <library.h>
|
||||
#include <collections/linked_list.h>
|
||||
|
||||
/**
|
||||
|
||||
@ -25,9 +25,9 @@ typedef struct certificate_t certificate_t;
|
||||
typedef enum certificate_type_t certificate_type_t;
|
||||
typedef enum cert_validation_t cert_validation_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/identification.h>
|
||||
#include <credentials/keys/public_key.h>
|
||||
#include <credentials/keys/signature_params.h>
|
||||
#include <credentials/cred_encoding.h>
|
||||
|
||||
/**
|
||||
@ -139,11 +139,12 @@ struct certificate_t {
|
||||
* Check if this certificate is issued and signed by a specific issuer.
|
||||
*
|
||||
* @param issuer issuer's certificate
|
||||
* @param scheme receives signature scheme used during verification
|
||||
* @param scheme receives used signature scheme and parameters, if
|
||||
* given (allocated)
|
||||
* @return TRUE if certificate issued by issuer and trusted
|
||||
*/
|
||||
bool (*issued_by)(certificate_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme);
|
||||
signature_params_t **scheme);
|
||||
|
||||
/**
|
||||
* Get the public key associated to this certificate.
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
|
||||
#include "pkcs12.h"
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/debug.h>
|
||||
|
||||
/**
|
||||
|
||||
@ -25,7 +25,7 @@ typedef struct cred_encoding_t cred_encoding_t;
|
||||
typedef enum cred_encoding_type_t cred_encoding_type_t;
|
||||
typedef enum cred_encoding_part_t cred_encoding_part_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/chunk.h>
|
||||
|
||||
/**
|
||||
* Credential encoder function implementing encoding/fingerprinting.
|
||||
|
||||
@ -488,7 +488,7 @@ METHOD(credential_manager_t, remove_local_set, void,
|
||||
|
||||
METHOD(credential_manager_t, issued_by, bool,
|
||||
private_credential_manager_t *this, certificate_t *subject,
|
||||
certificate_t *issuer, signature_scheme_t *scheme)
|
||||
certificate_t *issuer, signature_params_t **scheme)
|
||||
{
|
||||
if (this->cache)
|
||||
{
|
||||
@ -661,7 +661,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this,
|
||||
*/
|
||||
static certificate_t *get_issuer_cert(private_credential_manager_t *this,
|
||||
certificate_t *subject, bool trusted,
|
||||
signature_scheme_t *scheme)
|
||||
signature_params_t **scheme)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
certificate_t *issuer = NULL, *candidate;
|
||||
@ -723,7 +723,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
|
||||
{
|
||||
certificate_t *current, *issuer;
|
||||
auth_cfg_t *auth;
|
||||
signature_scheme_t scheme;
|
||||
signature_params_t *scheme;
|
||||
int pathlen;
|
||||
|
||||
auth = auth_cfg_create();
|
||||
@ -750,7 +750,8 @@ static bool verify_trust_chain(private_credential_manager_t *this,
|
||||
DBG1(DBG_CFG, " using trusted intermediate ca certificate "
|
||||
"\"%Y\"", issuer->get_subject(issuer));
|
||||
}
|
||||
auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme);
|
||||
auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme->scheme);
|
||||
signature_params_destroy(scheme);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -768,7 +769,8 @@ static bool verify_trust_chain(private_credential_manager_t *this,
|
||||
auth->add(auth, AUTH_RULE_IM_CERT, issuer->get_ref(issuer));
|
||||
DBG1(DBG_CFG, " using untrusted intermediate certificate "
|
||||
"\"%Y\"", issuer->get_subject(issuer));
|
||||
auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme);
|
||||
auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme->scheme);
|
||||
signature_params_destroy(scheme);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -241,12 +241,13 @@ struct credential_manager_t {
|
||||
*
|
||||
* @param subject subject certificate to check
|
||||
* @param issuer issuer certificate that potentially has signed subject
|
||||
* @param scheme receives used signature scheme, if given
|
||||
* @param scheme receives used signature scheme and parameters, if
|
||||
* given (allocated)
|
||||
* @return TRUE if issuer signed subject
|
||||
*/
|
||||
bool (*issued_by)(credential_manager_t *this,
|
||||
certificate_t *subject, certificate_t *issuer,
|
||||
signature_scheme_t *scheme);
|
||||
signature_params_t **scheme);
|
||||
|
||||
/**
|
||||
* Register a credential set to the manager.
|
||||
|
||||
@ -28,7 +28,6 @@ typedef enum key_type_t key_type_t;
|
||||
typedef enum signature_scheme_t signature_scheme_t;
|
||||
typedef enum encryption_scheme_t encryption_scheme_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/identification.h>
|
||||
#include <credentials/cred_encoding.h>
|
||||
|
||||
|
||||
@ -48,9 +48,9 @@ struct relation_t {
|
||||
certificate_t *issuer;
|
||||
|
||||
/**
|
||||
* Signature scheme used to sign this relation
|
||||
* Signature scheme and parameters used to sign this relation
|
||||
*/
|
||||
signature_scheme_t scheme;
|
||||
signature_params_t *scheme;
|
||||
|
||||
/**
|
||||
* Cache hits
|
||||
@ -84,7 +84,7 @@ struct private_cert_cache_t {
|
||||
*/
|
||||
static void cache(private_cert_cache_t *this,
|
||||
certificate_t *subject, certificate_t *issuer,
|
||||
signature_scheme_t scheme)
|
||||
signature_params_t *scheme)
|
||||
{
|
||||
relation_t *rel;
|
||||
int i, offset, try;
|
||||
@ -118,7 +118,8 @@ static void cache(private_cert_cache_t *this,
|
||||
{
|
||||
rel->subject->destroy(rel->subject);
|
||||
rel->subject = subject->get_ref(subject);
|
||||
rel->scheme = scheme;
|
||||
signature_params_destroy(rel->scheme);
|
||||
rel->scheme = signature_params_clone(scheme);
|
||||
return rel->lock->unlock(rel->lock);
|
||||
}
|
||||
}
|
||||
@ -139,7 +140,7 @@ static void cache(private_cert_cache_t *this,
|
||||
{
|
||||
rel->subject = subject->get_ref(subject);
|
||||
rel->issuer = issuer->get_ref(issuer);
|
||||
rel->scheme = scheme;
|
||||
rel->scheme = signature_params_clone(scheme);
|
||||
return rel->lock->unlock(rel->lock);
|
||||
}
|
||||
rel->lock->unlock(rel->lock);
|
||||
@ -165,10 +166,11 @@ static void cache(private_cert_cache_t *this,
|
||||
{
|
||||
rel->subject->destroy(rel->subject);
|
||||
rel->issuer->destroy(rel->issuer);
|
||||
signature_params_destroy(rel->scheme);
|
||||
}
|
||||
rel->subject = subject->get_ref(subject);
|
||||
rel->issuer = issuer->get_ref(issuer);
|
||||
rel->scheme = scheme;
|
||||
rel->scheme = signature_params_clone(scheme);
|
||||
rel->hits = 0;
|
||||
return rel->lock->unlock(rel->lock);
|
||||
}
|
||||
@ -180,11 +182,11 @@ static void cache(private_cert_cache_t *this,
|
||||
|
||||
METHOD(cert_cache_t, issued_by, bool,
|
||||
private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer,
|
||||
signature_scheme_t *schemep)
|
||||
signature_params_t **schemep)
|
||||
{
|
||||
certificate_t *cached_issuer = NULL;
|
||||
relation_t *found = NULL, *current;
|
||||
signature_scheme_t scheme;
|
||||
signature_params_t *scheme;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < CACHE_SIZE; i++)
|
||||
@ -202,7 +204,7 @@ METHOD(cert_cache_t, issued_by, bool,
|
||||
found = current;
|
||||
if (schemep)
|
||||
{
|
||||
*schemep = current->scheme;
|
||||
*schemep = signature_params_clone(current->scheme);
|
||||
}
|
||||
}
|
||||
else if (!cached_issuer)
|
||||
@ -225,6 +227,10 @@ METHOD(cert_cache_t, issued_by, bool,
|
||||
{
|
||||
*schemep = scheme;
|
||||
}
|
||||
else
|
||||
{
|
||||
signature_params_destroy(scheme);
|
||||
}
|
||||
DESTROY_IF(cached_issuer);
|
||||
return TRUE;
|
||||
}
|
||||
@ -383,8 +389,10 @@ METHOD(cert_cache_t, flush, void,
|
||||
{
|
||||
rel->subject->destroy(rel->subject);
|
||||
rel->issuer->destroy(rel->issuer);
|
||||
signature_params_destroy(rel->scheme);
|
||||
rel->subject = NULL;
|
||||
rel->issuer = NULL;
|
||||
rel->scheme = NULL;
|
||||
rel->hits = 0;
|
||||
}
|
||||
}
|
||||
@ -405,6 +413,7 @@ METHOD(cert_cache_t, destroy, void,
|
||||
{
|
||||
rel->subject->destroy(rel->subject);
|
||||
rel->issuer->destroy(rel->issuer);
|
||||
signature_params_destroy(rel->scheme);
|
||||
}
|
||||
rel->lock->destroy(rel->lock);
|
||||
}
|
||||
@ -438,6 +447,7 @@ cert_cache_t *cert_cache_create()
|
||||
{
|
||||
this->relations[i].subject = NULL;
|
||||
this->relations[i].issuer = NULL;
|
||||
this->relations[i].scheme = NULL;
|
||||
this->relations[i].hits = 0;
|
||||
this->relations[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
|
||||
}
|
||||
|
||||
@ -45,12 +45,13 @@ struct cert_cache_t {
|
||||
*
|
||||
* @param subject certificate to verify
|
||||
* @param issuer issuing certificate to verify subject
|
||||
* @param scheme receives used signature scheme, if given
|
||||
* @param scheme receives used signature scheme and parameters, if
|
||||
* given (allocated)
|
||||
* @return TRUE if subject issued by issuer
|
||||
*/
|
||||
bool (*issued_by)(cert_cache_t *this,
|
||||
certificate_t *subject, certificate_t *issuer,
|
||||
signature_scheme_t *scheme);
|
||||
signature_params_t **scheme);
|
||||
|
||||
/**
|
||||
* Flush the certificate cache.
|
||||
|
||||
@ -27,7 +27,6 @@
|
||||
typedef enum hash_algorithm_t hash_algorithm_t;
|
||||
typedef struct hasher_t hasher_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <crypto/prfs/prf.h>
|
||||
#include <crypto/signers/signer.h>
|
||||
#include <credentials/keys/public_key.h>
|
||||
|
||||
@ -25,7 +25,8 @@
|
||||
typedef enum pseudo_random_function_t pseudo_random_function_t;
|
||||
typedef struct prf_t prf_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/utils.h>
|
||||
#include <utils/chunk.h>
|
||||
|
||||
/**
|
||||
* Pseudo random function, as in IKEv2 RFC 3.3.2.
|
||||
|
||||
@ -25,7 +25,8 @@
|
||||
typedef enum integrity_algorithm_t integrity_algorithm_t;
|
||||
typedef struct signer_t signer_t;
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/utils.h>
|
||||
#include <utils/chunk.h>
|
||||
|
||||
/**
|
||||
* Integrity algorithm, as in IKEv2 RFC 3.3.2.
|
||||
|
||||
@ -284,7 +284,7 @@ METHOD(certificate_t, has_subject_or_issuer, id_match_t,
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_openssl_crl_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
signature_params_t **scheme)
|
||||
{
|
||||
chunk_t fingerprint, tbs;
|
||||
public_key_t *key;
|
||||
@ -338,7 +338,9 @@ METHOD(certificate_t, issued_by, bool,
|
||||
key->destroy(key);
|
||||
if (valid && scheme)
|
||||
{
|
||||
*scheme = this->scheme;
|
||||
INIT(*scheme,
|
||||
.scheme = this->scheme,
|
||||
);
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
#include "openssl_sha1_prf.h"
|
||||
|
||||
#include <openssl/sha.h>
|
||||
#include <crypto/hashers/hasher.h>
|
||||
|
||||
typedef struct private_openssl_sha1_prf_t private_openssl_sha1_prf_t;
|
||||
|
||||
|
||||
@ -384,7 +384,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_openssl_x509_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
signature_params_t **scheme)
|
||||
{
|
||||
public_key_t *key;
|
||||
bool valid;
|
||||
@ -392,11 +392,16 @@ METHOD(certificate_t, issued_by, bool,
|
||||
ASN1_BIT_STRING *sig;
|
||||
chunk_t tbs;
|
||||
|
||||
if (this->scheme == SIGN_UNKNOWN)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (&this->public.x509.interface == issuer)
|
||||
{
|
||||
if (this->flags & X509_SELF_SIGNED)
|
||||
{
|
||||
return TRUE;
|
||||
valid = TRUE;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -414,10 +419,6 @@ METHOD(certificate_t, issued_by, bool,
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
if (this->scheme == SIGN_UNKNOWN)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
key = issuer->get_public_key(issuer);
|
||||
if (!key)
|
||||
{
|
||||
@ -434,9 +435,13 @@ METHOD(certificate_t, issued_by, bool,
|
||||
openssl_asn1_str2chunk(sig));
|
||||
free(tbs.ptr);
|
||||
key->destroy(key);
|
||||
|
||||
out:
|
||||
if (valid && scheme)
|
||||
{
|
||||
*scheme = this->scheme;
|
||||
INIT(*scheme,
|
||||
.scheme = this->scheme,
|
||||
);
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -15,6 +15,8 @@
|
||||
|
||||
#include "pem_encoder.h"
|
||||
|
||||
#include <library.h>
|
||||
|
||||
#define BYTES_PER_LINE 48
|
||||
|
||||
/**
|
||||
|
||||
@ -114,7 +114,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
||||
}
|
||||
|
||||
METHOD(certificate_t, issued_by,bool,
|
||||
private_pgp_cert_t *this, certificate_t *issuer, signature_scheme_t *scheme)
|
||||
private_pgp_cert_t *this, certificate_t *issuer, signature_params_t **scheme)
|
||||
{
|
||||
/* TODO: check signature blobs for a valid signature */
|
||||
return FALSE;
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
|
||||
#include "pgp_encoder.h"
|
||||
|
||||
#include <library.h>
|
||||
#include <utils/debug.h>
|
||||
|
||||
/**
|
||||
|
||||
@ -137,13 +137,16 @@ METHOD(certificate_t, equals, bool,
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_pubkey_cert_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
signature_params_t **scheme)
|
||||
{
|
||||
if (scheme)
|
||||
bool valid = equals(this, issuer);
|
||||
if (valid && scheme)
|
||||
{
|
||||
*scheme = SIGN_UNKNOWN;
|
||||
INIT(*scheme,
|
||||
.scheme = SIGN_UNKNOWN,
|
||||
);
|
||||
}
|
||||
return equals(this, issuer);
|
||||
return valid;
|
||||
}
|
||||
|
||||
METHOD(certificate_t, get_public_key, public_key_t*,
|
||||
|
||||
@ -886,7 +886,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
||||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_ac_t *this, certificate_t *issuer, signature_scheme_t *schemep)
|
||||
private_x509_ac_t *this, certificate_t *issuer,
|
||||
signature_params_t **schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
@ -938,7 +939,9 @@ METHOD(certificate_t, issued_by, bool,
|
||||
key->destroy(key);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
INIT(*schemep,
|
||||
.scheme = scheme,
|
||||
);
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -1677,18 +1677,26 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_cert_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *schemep)
|
||||
signature_params_t **schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
bool valid;
|
||||
x509_t *x509 = (x509_t*)issuer;
|
||||
|
||||
/* determine signature scheme */
|
||||
scheme = signature_scheme_from_oid(this->algorithm);
|
||||
if (scheme == SIGN_UNKNOWN)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (&this->public.interface.interface == issuer)
|
||||
{
|
||||
if (this->flags & X509_SELF_SIGNED)
|
||||
{
|
||||
return TRUE;
|
||||
valid = TRUE;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1707,12 +1715,6 @@ METHOD(certificate_t, issued_by, bool,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* determine signature scheme */
|
||||
scheme = signature_scheme_from_oid(this->algorithm);
|
||||
if (scheme == SIGN_UNKNOWN)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
/* get the public key of the issuer */
|
||||
key = issuer->get_public_key(issuer);
|
||||
if (!key)
|
||||
@ -1722,9 +1724,13 @@ METHOD(certificate_t, issued_by, bool,
|
||||
valid = key->verify(key, scheme, NULL, this->tbsCertificate,
|
||||
this->signature);
|
||||
key->destroy(key);
|
||||
|
||||
out:
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
INIT(*schemep,
|
||||
.scheme = scheme,
|
||||
);
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -457,7 +457,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
||||
}
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_crl_t *this, certificate_t *issuer, signature_scheme_t *schemep)
|
||||
private_x509_crl_t *this, certificate_t *issuer,
|
||||
signature_params_t **schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
@ -506,7 +507,9 @@ METHOD(certificate_t, issued_by, bool,
|
||||
key->destroy(key);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
INIT(*schemep,
|
||||
.scheme = scheme,
|
||||
);
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -372,7 +372,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_ocsp_request_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *scheme)
|
||||
signature_params_t **scheme)
|
||||
{
|
||||
DBG1(DBG_LIB, "OCSP request validation not implemented!");
|
||||
return FALSE;
|
||||
|
||||
@ -703,7 +703,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_ocsp_response_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *schemep)
|
||||
signature_params_t **schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
@ -758,7 +758,9 @@ METHOD(certificate_t, issued_by, bool,
|
||||
key->destroy(key);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
INIT(*schemep,
|
||||
.scheme = scheme,
|
||||
);
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -124,7 +124,7 @@ METHOD(certificate_t, has_subject, id_match_t,
|
||||
|
||||
METHOD(certificate_t, issued_by, bool,
|
||||
private_x509_pkcs10_t *this, certificate_t *issuer,
|
||||
signature_scheme_t *schemep)
|
||||
signature_params_t **schemep)
|
||||
{
|
||||
public_key_t *key;
|
||||
signature_scheme_t scheme;
|
||||
@ -134,29 +134,32 @@ METHOD(certificate_t, issued_by, bool,
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
if (this->self_signed)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/* determine signature scheme */
|
||||
scheme = signature_scheme_from_oid(this->algorithm);
|
||||
if (scheme == SIGN_UNKNOWN)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* get the public key contained in the certificate request */
|
||||
key = this->public_key;
|
||||
if (!key)
|
||||
if (this->self_signed)
|
||||
{
|
||||
return FALSE;
|
||||
valid = TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* get the public key contained in the certificate request */
|
||||
key = this->public_key;
|
||||
if (!key)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
valid = key->verify(key, scheme, NULL, this->certificationRequestInfo,
|
||||
this->signature);
|
||||
}
|
||||
valid = key->verify(key, scheme, NULL, this->certificationRequestInfo,
|
||||
this->signature);
|
||||
if (valid && schemep)
|
||||
{
|
||||
*schemep = scheme;
|
||||
INIT(*schemep,
|
||||
.scheme = scheme,
|
||||
);
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -24,9 +24,9 @@
|
||||
typedef enum debug_t debug_t;
|
||||
typedef enum level_t level_t;
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#include <utils/printf_hook/printf_hook.h>
|
||||
#include <utils/utils.h>
|
||||
#include <stdio.h>
|
||||
|
||||
/**
|
||||
* Debug message group.
|
||||
|
||||
@ -17,6 +17,8 @@
|
||||
|
||||
typedef struct private_tls_prf12_t private_tls_prf12_t;
|
||||
|
||||
#include <library.h>
|
||||
|
||||
/**
|
||||
* Private data of an tls_prf_t object.
|
||||
*/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user