diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-10-07 15:14:34 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-10-07 15:14:36 +0200 |
commit | 22bf04879b7031e8f2ca3c02a605e200d8f48403 (patch) | |
tree | 2e897741a4e6f10425e2bb484c8ec27d2aa522c5 /lib/x509 | |
parent | f5b8d2258bab7e7d2852ffd3d647d397c8e867c7 (diff) | |
download | gnutls-22bf04879b7031e8f2ca3c02a605e200d8f48403.tar.gz |
pkcs11: when no CKA_ID can be relied on fallback on checking the SubjectKeyIdentifier
Patch by David Woodhouse.
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/common.c | 32 | ||||
-rw-r--r-- | lib/x509/common.h | 4 |
2 files changed, 36 insertions, 0 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index 3087183a58..a86bbe1292 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1950,3 +1950,35 @@ int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, return ret; } + +bool +_gnutls_check_subject_key_id2(gnutls_datum_t *key_id, + gnutls_datum_t *certbin) +{ + uint8_t id[MAX_KEY_ID_SIZE]; + size_t id_size; + gnutls_x509_crt_t cert; + bool result = 0; + + if (gnutls_x509_crt_init(&cert) < 0) { + gnutls_assert(); + return 0; + } + + if (gnutls_x509_crt_import(cert, certbin, GNUTLS_X509_FMT_DER) < 0) { + gnutls_assert(); + goto out; + } + + if (gnutls_x509_crt_get_subject_key_id(cert, id, &id_size, NULL) < 0) { + gnutls_assert(); + goto out; + } + + if (id_size == key_id->size && !memcmp(id, key_id->data, id_size)) + result = 1; + + out: + gnutls_x509_crt_deinit(cert); + return result; +} diff --git a/lib/x509/common.h b/lib/x509/common.h index 01f5852736..6af4c410b1 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -192,6 +192,10 @@ _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, gnutls_datum_t *cert2bin); bool +_gnutls_check_subject_key_id2(gnutls_datum_t *key_id, + gnutls_datum_t *certbin); + +bool _gnutls_check_if_same_cert(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2); |