diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-09-20 23:18:34 -0700 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-11-13 23:19:05 +1100 |
commit | 5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094 (patch) | |
tree | 82c3416f2211df07d5fe1e58ee6639f09e465a60 /source4/heimdal/lib/hx509/cert.c | |
parent | 12205347163b55e79651921c6858c4d04e1faa51 (diff) | |
download | samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.tar.gz samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.tar.bz2 samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.zip |
s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
Diffstat (limited to 'source4/heimdal/lib/hx509/cert.c')
-rw-r--r-- | source4/heimdal/lib/hx509/cert.c | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index 7eda0eba48..7eaf6eb3c8 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -2243,7 +2243,8 @@ hx509_verify_path(hx509_context context, */ for (i = path.len - 1; i >= 0; i--) { - Certificate *signer, *c; + hx509_cert signer; + Certificate *c; c = _hx509_get_cert(path.val[i]); @@ -2251,9 +2252,9 @@ hx509_verify_path(hx509_context context, if (i + 1 == path.len) { int selfsigned; - signer = path.val[i]->data; + signer = path.val[i]; - ret = certificate_is_self_signed(context, signer, &selfsigned); + ret = certificate_is_self_signed(context, signer->data, &selfsigned); if (ret) goto out; @@ -2262,7 +2263,7 @@ hx509_verify_path(hx509_context context, continue; } else { /* take next certificate in chain */ - signer = path.val[i + 1]->data; + signer = path.val[i + 1]; } /* verify signatureValue */ @@ -2326,10 +2327,32 @@ hx509_verify_signature(hx509_context context, const heim_octet_string *data, const heim_octet_string *sig) { - return _hx509_verify_signature(context, signer->data, alg, data, sig); + return _hx509_verify_signature(context, signer, alg, data, sig); +} + +int +_hx509_verify_signature_bitstring(hx509_context context, + const hx509_cert signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_bit_string *sig) +{ + heim_octet_string os; + + if (sig->length & 7) { + hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, + "signature not multiple of 8 bits"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + os.data = sig->data; + os.length = sig->length / 8; + + return _hx509_verify_signature(context, signer, alg, data, &os); } + /** * Verify that the certificate is allowed to be used for the hostname * and address. |