Add sig_opts member to X509 structures
diff --git a/library/x509.c b/library/x509.c
index 8e53eb7..ffa7980 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -559,25 +559,37 @@
* Get signature algorithm from alg OID and optional parameters
*/
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
- md_type_t *md_alg, pk_type_t *pk_alg )
+ md_type_t *md_alg, pk_type_t *pk_alg,
+ void **sig_opts )
{
int ret;
+ if( *sig_opts != NULL )
+ return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+
if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
{
- int salt_len;
- md_type_t mgf_md;
+ pk_rsassa_pss_options *pss_opts;
- /* Make sure params are valid */
+ pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
+ if( pss_opts == NULL )
+ return( POLARSSL_ERR_X509_MALLOC_FAILED );
+
ret = x509_get_rsassa_pss_params( sig_params,
- md_alg, &mgf_md, &salt_len );
+ md_alg,
+ &pss_opts->mgf1_hash_id,
+ &pss_opts->expected_salt_len );
if( ret != 0 )
+ {
+ polarssl_free( pss_opts );
return( ret );
+ }
+ *sig_opts = (void *) pss_opts;
}
else
#endif
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 986fc26..2d6b50d 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -398,7 +398,8 @@
}
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params,
- &crl->sig_md, &crl->sig_pk ) ) != 0 )
+ &crl->sig_md, &crl->sig_pk,
+ &crl->sig_opts ) ) != 0 )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
@@ -726,6 +727,10 @@
do
{
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+ polarssl_free( crl_cur->sig_opts );
+#endif
+
name_cur = crl_cur->issuer.next;
while( name_cur != NULL )
{
diff --git a/library/x509_crt.c b/library/x509_crt.c
index fbc3989..7e5de1d 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -616,7 +616,8 @@
}
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params,
- &crt->sig_md, &crt->sig_pk ) ) != 0 )
+ &crt->sig_md, &crt->sig_pk,
+ &crt->sig_opts ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
@@ -1961,6 +1962,10 @@
{
pk_free( &cert_cur->pk );
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+ polarssl_free( cert_cur->sig_opts );
+#endif
+
name_cur = cert_cur->issuer.next;
while( name_cur != NULL )
{
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 082e461..4dd623a 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -255,7 +255,8 @@
}
if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params,
- &csr->sig_md, &csr->sig_pk ) ) != 0 )
+ &csr->sig_md, &csr->sig_pk,
+ &csr->sig_opts ) ) != 0 )
{
x509_csr_free( csr );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
@@ -425,6 +426,10 @@
pk_free( &csr->pk );
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+ polarssl_free( csr->sig_opts );
+#endif
+
name_cur = csr->subject.next;
while( name_cur != NULL )
{
