Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 03:45:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add new function CERT_VerifySignedDataWithPublicKey containing common code

Browse Source 
factored from existing functions CERT_VerifySignedDataWithPubKeyInfo and
CERT_VerifySignedData.  Bug 174193.
This commit is contained in:
nelsonb%netscape.com 2002-10-25 03:21:24 +00:00
parent eeb40eac51
commit 4554b52c1c
3 changed files with 41 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
security/nss/lib/certdb/cert.h
View File

@ -34,7 +34,7 @@
/*
* cert.h - public data structures and prototypes for the certificate library
*
* $Id: cert.h,v 1.27 2002/10/23 20:50:51 nelsonb%netscape.com Exp $
* $Id: cert.h,v 1.28 2002/10/25 03:21:19 nelsonb%netscape.com Exp $
*/
#ifndef _CERT_H_
@ -569,6 +569,13 @@ CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd,
CERTSubjectPublicKeyInfo *pubKeyInfo,
void *wincx);
/*
** verify the signature of a signed data object with a SECKEYPublicKey.
*/
extern SECStatus
CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
SECKEYPublicKey *pubKey, void *wincx);
/*
** NEW FUNCTIONS with new bit-field-FIELD SECCertificateUsage - please use
** verify a certificate by checking validity times against a certain time,

63
security/nss/lib/certhigh/certvfy.c
View File

@ -93,19 +93,18 @@ CERT_CertTimesValid(CERTCertificate *c)
* verify the signature of a signed data object with the given DER publickey
*/
SECStatus
CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd,
CERTSubjectPublicKeyInfo *pubKeyInfo,
void *wincx)
CERT_VerifySignedDataWithPublicKey(CERTSignedData *sd,
SECKEYPublicKey *pubKey,
void *wincx)
{
SECKEYPublicKey *pubKey;
SECStatus rv;
SECOidTag algid;
SECItem sig;
/* get cert's public key */
pubKey = SECKEY_ExtractPublicKey(pubKeyInfo);
if ( !pubKey )
if ( !pubKey || !sd ) {
PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
return SECFailure;
}
/* check the signature */
sig = sd->signature;
@ -116,11 +115,29 @@ CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd,
rv = VFY_VerifyData(sd->data.data, sd->data.len, pubKey, &sig,
algid, wincx);
SECKEY_DestroyPublicKey(pubKey);
return rv ? SECFailure : SECSuccess;
}
/*
* verify the signature of a signed data object with the given DER publickey
*/
SECStatus
CERT_VerifySignedDataWithPubKeyInfo(CERTSignedData *sd,
CERTSubjectPublicKeyInfo *pubKeyInfo,
void *wincx)
{
SECKEYPublicKey *pubKey;
SECStatus rv = SECFailure;
/* get cert's public key */
pubKey = SECKEY_ExtractPublicKey(pubKeyInfo);
if (pubKey) {
rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
SECKEY_DestroyPublicKey(pubKey);
}
return rv;
}
/*
* verify the signature of a signed data object with the given certificate
*/
@ -128,39 +145,23 @@ SECStatus
CERT_VerifySignedData(CERTSignedData *sd, CERTCertificate *cert,
int64 t, void *wincx)
{
SECItem sig;
SECKEYPublicKey *pubKey = 0;
SECStatus rv;
SECStatus rv = SECFailure;
SECCertTimeValidity validity;
SECOidTag algid;
/* check the certificate's validity */
validity = CERT_CheckCertValidTimes(cert, t, PR_FALSE);
if ( validity != secCertTimeValid ) {
return(SECFailure);
return rv;
}
/* get cert's public key */
pubKey = CERT_ExtractPublicKey(cert);
if ( !pubKey ) {
return(SECFailure);
if (pubKey) {
rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
SECKEY_DestroyPublicKey(pubKey);
}
/* check the signature */
sig = sd->signature;
DER_ConvertBitString(&sig);
algid = SECOID_GetAlgorithmTag(&sd->signatureAlgorithm);
rv = VFY_VerifyData(sd->data.data, sd->data.len, pubKey, &sig,
algid, wincx);
SECKEY_DestroyPublicKey(pubKey);
if ( rv ) {
return(SECFailure);
}
return(SECSuccess);
return rv;
}

1
security/nss/lib/nss/nss.def
View File

@ -719,6 +719,7 @@ SECKEY_CopyPublicKey;
CERT_GetFirstEmailAddress;
CERT_GetNextEmailAddress;
CERT_VerifySignedDataWithPubKeyInfo;
CERT_VerifySignedDataWithPublicKey;
;+ local:
;+ *;
;+};