ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

compare certificates against full encoding to allow equality check of untrusted certs

This commit is contained in:
Martin Willi 2008-04-07 08:28:35 +00:00
parent 9caadea8c8
commit b5dbcc6270
5 changed files with 50 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/libstrongswan/plugins/x509/x509_ac.c
View File

@ -858,17 +858,21 @@ static chunk_t get_encoding(private_x509_ac_t *this)
*/
static bool equals(private_x509_ac_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
if ((certificate_t*)this == other)
{
return TRUE;
}
if (other->equals == (void*)equals)
{ /* same implementation */
return chunk_equals(this->signature,
((private_x509_ac_t*)other)->signature);
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding);
}
/* TODO: compare against other implementations */
return FALSE;
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
}
/**

18
src/libstrongswan/plugins/x509/x509_cert.c
View File

@ -1075,6 +1075,9 @@ static chunk_t get_encoding(private_x509_cert_t *this)
*/
static bool equals(private_x509_cert_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
if (this == (private_x509_cert_t*)other)
{
return TRUE;
@ -1083,17 +1086,14 @@ static bool equals(private_x509_cert_t *this, certificate_t *other)
{
return FALSE;
}
/* check if we have the same X509 implementation */
if (other->equals == (void*)equals)
{
if (this->signature.len == 0)
{
return FALSE;
}
return chunk_equals(this->signature, ((private_x509_cert_t*)other)->signature);
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding);
}
/* TODO: compare against other implementation */
return FALSE;
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
}
/**

14
src/libstrongswan/plugins/x509/x509_crl.c
View File

@ -555,17 +555,21 @@ static chunk_t get_encoding(private_x509_crl_t *this)
*/
static bool equals(private_x509_crl_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
if ((certificate_t*)this == other)
{
return TRUE;
}
if (other->equals == (void*)equals)
{ /* same implementation */
return chunk_equals(this->signature,
((private_x509_crl_t*)other)->signature);
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding);
}
/* TODO: compare against other implementations */
return FALSE;
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
}
/**

15
src/libstrongswan/plugins/x509/x509_ocsp_request.c
View File

@ -424,6 +424,9 @@ static chunk_t get_encoding(private_x509_ocsp_request_t *this)
*/
static bool equals(private_x509_ocsp_request_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
if (this == (private_x509_ocsp_request_t*)other)
{
return TRUE;
@ -432,14 +435,14 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other)
{
return FALSE;
}
/* check if we have the same X509 implementation */
if (other->equals == (void*)equals)
{
return chunk_equals(this->encoding,
((private_x509_ocsp_request_t*)other)->encoding);
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding);
}
/* TODO: compare against other implementation */
return FALSE;
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
}
/**

25
src/libstrongswan/plugins/x509/x509_ocsp_response.c
View File

@ -50,7 +50,7 @@ struct private_x509_ocsp_response_t {
/**
* complete encoded OCSP response
*/
chunk_t data;
chunk_t encoding;
/**
* data for signature verficiation
@ -591,7 +591,7 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this)
int responseType = OID_UNKNOWN;
ocsp_status_t status;
asn1_init(&ctx, this->data, 0, FALSE, FALSE);
asn1_init(&ctx, this->encoding, 0, FALSE, FALSE);
while (objectID < OCSP_RESPONSE_ROOF)
{
if (!extract_object(ocspResponseObjects, &objectID, &object, &level, &ctx))
@ -788,7 +788,7 @@ static bool is_newer(certificate_t *this, certificate_t *that)
*/
static chunk_t get_encoding(private_x509_ocsp_response_t *this)
{
return chunk_clone(this->data);
return chunk_clone(this->encoding);
}
/**
@ -796,6 +796,9 @@ static chunk_t get_encoding(private_x509_ocsp_response_t *this)
*/
static bool equals(private_x509_ocsp_response_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
if (this == (private_x509_ocsp_response_t*)other)
{
return TRUE;
@ -804,14 +807,14 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other)
{
return FALSE;
}
/* check if we have the same X509 implementation */
if (other->equals == (void*)equals)
{
return chunk_equals(this->data,
((private_x509_ocsp_response_t*)other)->data);
{ /* skip allocation if we have the same implementation */
return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding);
}
/* TODO: compare against other implementation */
return FALSE;
encoding = other->get_encoding(other);
equal = chunk_equals(this->encoding, encoding);
free(encoding.ptr);
return equal;
}
/**
@ -833,7 +836,7 @@ static void destroy(private_x509_ocsp_response_t *this)
this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy));
this->responses->destroy_function(this->responses, free);
DESTROY_IF(this->responderId);
free(this->data.ptr);
free(this->encoding.ptr);
free(this);
}
}
@ -864,7 +867,7 @@ static x509_ocsp_response_t *load(chunk_t data)
this->public.interface.create_cert_enumerator = (enumerator_t*(*)(ocsp_response_t*))create_cert_enumerator;
this->ref = 1;
this->data = data;
this->encoding = data;
this->tbsResponseData = chunk_empty;
this->responderId = NULL;
this->producedAt = UNDEFINED_TIME;