commit ff56da3a26cd7f5bfac1610413f0982a6233ba12
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Jul 11 10:46:21 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Jul 17 15:59:42 2013 +0200
tree 750ac9b3fc053cc7227fe3a1f3d8b2d7d38c6f36
parent 893879adbd7d00939b2dbb7d31060d9196aab821

Fix direct uses of x509_cert.rsa, now use pk_rsa()

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 66ebcef..aeba799 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1072,8 +1072,12 @@
             return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
         }
 
+        /* EC NOT IMPLEMENTED YET */
+        if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
+            return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+
         if( (unsigned int)( end - p ) !=
-            ssl->session_negotiate->peer_cert->rsa.len )
+            pk_rsa( ssl->session_negotiate->peer_cert->pk )->len )
         {
             SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
             return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
@@ -1139,9 +1143,9 @@
 
         SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
 
-        if( ( ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa,
-                                      RSA_PUBLIC,
-                                      md_alg, hashlen, hash, p ) ) != 0 )
+        if( ( ret = rsa_pkcs1_verify(
+                        pk_rsa( ssl->session_negotiate->peer_cert->pk ),
+                        RSA_PUBLIC, md_alg, hashlen, hash, p ) ) != 0 )
         {
             SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
             return( ret );
@@ -1516,8 +1520,12 @@
         if( ret != 0 )
             return( ret );
 
+        /* EC NOT IMPLEMENTED YET */
+        if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
+            return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+
         i = 4;
-        n = ssl->session_negotiate->peer_cert->rsa.len;
+        n = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
 
         if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
         {
@@ -1526,12 +1534,11 @@
             ssl->out_msg[5] = (unsigned char)( n      );
         }
 
-        ret = rsa_pkcs1_encrypt( &ssl->session_negotiate->peer_cert->rsa,
-                                  ssl->f_rng, ssl->p_rng,
-                                  RSA_PUBLIC,
-                                  ssl->handshake->pmslen,
-                                  ssl->handshake->premaster,
-                                  ssl->out_msg + i );
+        ret = rsa_pkcs1_encrypt(
+                pk_rsa( ssl->session_negotiate->peer_cert->pk ),
+                ssl->f_rng, ssl->p_rng, RSA_PUBLIC,
+                ssl->handshake->pmslen, ssl->handshake->premaster,
+                ssl->out_msg + i );
         if( ret != 0 )
         {
             SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret );

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index c6a8273..2aef9c4 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1968,7 +1968,11 @@
         md_alg = POLARSSL_MD_NONE;
     }
 
-    n1 = ssl->session_negotiate->peer_cert->rsa.len;
+    /* EC NOT IMPLEMENTED YET */
+    if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
+        return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+
+    n1 = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
     n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
 
     if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )
@@ -1977,8 +1981,9 @@
         return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
     }
 
-    ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa, RSA_PUBLIC,
-                            md_alg, hashlen, hash, ssl->in_msg + 6 + n );
+    ret = rsa_pkcs1_verify( pk_rsa( ssl->session_negotiate->peer_cert->pk ),
+                            RSA_PUBLIC, md_alg, hashlen, hash,
+                            ssl->in_msg + 6 + n );
     if( ret != 0 )
     {
         SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index ab33c31..6c848b7 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3625,7 +3625,11 @@
 
         md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
 
-        if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, crl_list->sig_md,
+        /* EC NOT IMPLEMENTED YET */
+        if( ca->pk.type != POLARSSL_PK_RSA )
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+
+        if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC, crl_list->sig_md,
                               0, hash, crl_list->sig.p ) == 0 )
         {
             /*
@@ -3743,7 +3747,11 @@
 
         md( md_info, child->tbs.p, child->tbs.len, hash );
 
-        if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, child->sig_md,
+        /* EC NOT IMPLEMENTED YET */
+        if( trust_ca->pk.type != POLARSSL_PK_RSA )
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+
+        if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC, child->sig_md,
                     0, hash, child->sig.p ) != 0 )
         {
             trust_ca = trust_ca->next;
@@ -3819,9 +3827,15 @@
     {
         md( md_info, child->tbs.p, child->tbs.len, hash );
 
-        if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, child->sig_md, 0, hash,
-                               child->sig.p ) != 0 )
+        /* EC NOT IMPLEMENTED YET */
+        if( parent->pk.type != POLARSSL_PK_RSA )
+            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+
+        if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC, child->sig_md,
+                              0, hash, child->sig.p ) != 0 )
+        {
             *flags |= BADCERT_NOT_TRUSTED;
+        }
     }
 
     /* Check trusted CA's CRL for the given crt */