TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-06 12:35:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Factor OCSP code to parse hashes in response

Browse Source 
Factor common code into a new function x509_ocsp_get_md(). The function
takes in a pointer to the DER-encoded buffer, parses the octet string
containing some hash value and then checks that the length corresponds
to the expected length for each md algorithm.
This commit is contained in:
Andres Amaya Garcia
2017-09-01 14:59:51 +01:00
committed by Andres Amaya Garcia
parent 4098d859fc
commit 7bb5a85276
1 changed files with 43 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
library/x509_ocsp.c
View File

@@ -224,6 +224,38 @@ static int x509_ocsp_get_response_version( unsigned char **p,
return( 0 );
}
static int x509_ocsp_get_md( unsigned char **p, const unsigned char *end,
mbedtls_md_type_t md_alg, mbedtls_x509_buf *buf )
{
int ret;
size_t len;
const mbedtls_md_info_t *md_info;
size_t md_len;
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
md_len = mbedtls_md_get_size( md_info );
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
{
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
buf->len = len;
buf->tag = MBEDTLS_ASN1_OCTET_STRING;
buf->p = *p;
/* Check that the length matches the expected length of the md algorithm */
if( len != md_len )
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
*p = *p + len;
return( 0 );
}
static int x509_ocsp_get_responder_id( unsigned char **p,
const unsigned char *end,
mbedtls_x509_ocsp_responder_id *responder_id )
@@ -277,18 +309,15 @@ static int x509_ocsp_get_responder_id( unsigned char **p,
{
responder_id->type = MBEDTLS_X509_OCSP_RESPONDER_ID_TYPE_KEY_HASH;
/* KeyHash ::= OCTET STRING */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
/*
* KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
* (excluding the tag and length fields)
*/
if( ( ret = x509_ocsp_get_md( p, end, MBEDTLS_MD_SHA1,
&responder_id->id.key ) ) != 0 )
{
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
return( ret );
}
responder_id->id.key.len = len;
responder_id->id.key.p = *p;
responder_id->id.key.tag = MBEDTLS_ASN1_OCTET_STRING;
*p = *p + len;
}
else
return( MBEDTLS_ERR_X509_INVALID_FORMAT +
@@ -330,28 +359,6 @@ static int x509_ocsp_get_generalized_time( unsigned char **p,
return( 0 );
}
static int x509_ocsp_get_octet_string( unsigned char **p,
const unsigned char *end,
mbedtls_x509_buf *buf )
{
int ret;
size_t len;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
{
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
buf->len = len;
buf->tag = MBEDTLS_ASN1_OCTET_STRING;
buf->p = *p;
*p = *p + len;
return( 0 );
}
static int x509_ocsp_get_cert_id( unsigned char **p,
const unsigned char *end,
mbedtls_x509_ocsp_single_response *single_resp )
@@ -387,17 +394,17 @@ static int x509_ocsp_get_cert_id( unsigned char **p,
}
/* Parse issuerNameHash */
if( ( ret = x509_ocsp_get_octet_string( p, end,
if( ( ret = x509_ocsp_get_md( p, end, single_resp->md_alg,
&single_resp->issuer_name_hash ) ) != 0 )
{
return( 0 );
return( ret );
}
/* Parse issuerKeyHash */
if( ( ret = x509_ocsp_get_octet_string( p, end,
if( ( ret = x509_ocsp_get_md( p, end, single_resp->md_alg,
&single_resp->issues_key_hash ) ) != 0 )
{
return( 0 );
return( ret );
}
/* Parse serialNumber */