diff options
-rw-r--r-- | lib/includes/gnutls/x509.h | 4 | ||||
-rw-r--r-- | lib/libgnutls.map | 2 | ||||
-rw-r--r-- | lib/pkcs11.c | 2 | ||||
-rw-r--r-- | lib/x509/common.h | 8 | ||||
-rw-r--r-- | lib/x509/ocsp.c | 2 | ||||
-rw-r--r-- | lib/x509/verify-high.c | 12 | ||||
-rw-r--r-- | lib/x509/verify.c | 38 | ||||
-rw-r--r-- | lib/x509/x509.c | 57 |
8 files changed, 73 insertions, 52 deletions
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 521289b4af..4c3d5b25a9 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -127,6 +127,10 @@ typedef enum gnutls_certificate_import_flags { int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); + +unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2); +unsigned gnutls_x509_crt_equals2(gnutls_x509_crt_t cert1, gnutls_datum_t * der); + int gnutls_x509_crt_import(gnutls_x509_crt_t cert, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 84c9faf591..8340933e97 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1084,6 +1084,8 @@ GNUTLS_3_4 gnutls_x509_crq_get_pk_oid; gnutls_x509_crl_get_signature_oid; gnutls_ecc_curve_get_pk; + gnutls_x509_crt_equals; + gnutls_x509_crt_equals2; local: *; }; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 8916624807..750e1d19bc 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3417,7 +3417,7 @@ int check_found_cert(struct find_cert_st *priv, gnutls_datum_t *data, time_t now goto cleanup; } - if (_gnutls_check_if_same_cert(priv->crt, tcrt) == 0) { + if (gnutls_x509_crt_equals(priv->crt, tcrt) == 0) { /* doesn't match */ ret = -1; goto cleanup; diff --git a/lib/x509/common.h b/lib/x509/common.h index dc6dccec83..17a19569bc 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -217,14 +217,6 @@ bool _gnutls_check_valid_key_id(gnutls_datum_t *key_id, gnutls_x509_crt_t cert, time_t now); -bool -_gnutls_check_if_same_cert(gnutls_x509_crt_t cert1, - gnutls_x509_crt_t cert2); - -bool -_gnutls_check_if_same_cert2(gnutls_x509_crt_t cert1, - gnutls_datum_t * cert2bin); - bool _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any); time_t _gnutls_x509_generalTime2gtime(const char *ttime); diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 0e419ac7f3..92db9b6aad 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -2088,7 +2088,7 @@ gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp, signercert = find_signercert(resp); if (!signercert) { signercert = issuer; - } else if (!_gnutls_check_if_same_cert(signercert, issuer)) { + } else if (!gnutls_x509_crt_equals(signercert, issuer)) { /* response contains a signer. Verify him */ diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index a9799b23a8..21f4b42a34 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -289,7 +289,7 @@ gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, if (flags & GNUTLS_TL_NO_DUPLICATES || flags & GNUTLS_TL_NO_DUPLICATE_KEY) { for (j=0;j<list->node[hash].trusted_ca_size;j++) { if (flags & GNUTLS_TL_NO_DUPLICATES) - ret = _gnutls_check_if_same_cert(list->node[hash].trusted_cas[j], clist[i]); + ret = gnutls_x509_crt_equals(list->node[hash].trusted_cas[j], clist[i]); else ret = _gnutls_check_if_same_key(list->node[hash].trusted_cas[j], clist[i], 1); if (ret != 0) { @@ -573,7 +573,7 @@ gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list, hash %= list->size; for (j = 0; j < list->node[hash].trusted_ca_size; j++) { - if (_gnutls_check_if_same_cert + if (gnutls_x509_crt_equals (clist[i], list->node[hash].trusted_cas[j]) != 0) { @@ -820,7 +820,7 @@ static int shorten_clist(gnutls_x509_trust_list_t list, hash %= list->size; for (j = 0; j < list->node[hash].trusted_ca_size; j++) { - if (_gnutls_check_if_same_cert + if (gnutls_x509_crt_equals (certificate_list[i], list->node[hash].trusted_cas[j]) != 0) { /* cut the list at the point of first the trusted certificate */ @@ -1130,7 +1130,7 @@ unsigned i, j; for (i=0;i<cert_list_size;i++) { for (j=0;j<blacklist_size;j++) { - if (_gnutls_check_if_same_cert(cert_list[i], blacklist[j]) != 0) { + if (gnutls_x509_crt_equals(cert_list[i], blacklist[j]) != 0) { return 1; } } @@ -1453,7 +1453,7 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, *voutput = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND; for (i = 0; i < list->node[hash].named_cert_size; i++) { - if (_gnutls_check_if_same_cert(cert, list->node[hash].named_certs[i].cert) != 0) { /* check if name matches */ + if (gnutls_x509_crt_equals(cert, list->node[hash].named_certs[i].cert) != 0) { /* check if name matches */ if (list->node[hash].named_certs[i].name_size == name_size && memcmp(list->node[hash].named_certs[i].name, @@ -1497,7 +1497,7 @@ _gnutls_trustlist_inlist(gnutls_x509_trust_list_t list, for (i = 0; i < list->node[hash].trusted_ca_size; i++) { ret = - _gnutls_check_if_same_cert(cert, + gnutls_x509_crt_equals(cert, list->node[hash]. trusted_cas[i]); if (ret != 0) diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 6941b1051b..7ccf370f99 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -40,7 +40,7 @@ #include <stdbool.h> /* Checks if two certs have the same name and the same key. Return 1 on match. - * If @is_ca is zero then this function is identical to _gnutls_check_if_same_cert() + * If @is_ca is zero then this function is identical to gnutls_x509_crt_equals() */ bool _gnutls_check_if_same_key(gnutls_x509_crt_t cert1, @@ -51,7 +51,7 @@ _gnutls_check_if_same_key(gnutls_x509_crt_t cert1, bool result; if (is_ca == 0) - return _gnutls_check_if_same_cert(cert1, cert2); + return gnutls_x509_crt_equals(cert1, cert2); ret = _gnutls_is_same_dn(cert1, cert2); if (ret == 0) @@ -89,40 +89,6 @@ _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, return ret; } -bool -_gnutls_check_if_same_cert(gnutls_x509_crt_t cert1, - gnutls_x509_crt_t cert2) -{ - int ret; - bool result; - - ret = _gnutls_is_same_dn(cert1, cert2); - if (ret == 0) - return 0; - - if ((cert1->der.size == cert2->der.size) && - (memcmp(cert1->der.data, cert2->der.data, cert1->der.size) == 0)) - result = 1; - else - result = 0; - - return result; -} - -bool -_gnutls_check_if_same_cert2(gnutls_x509_crt_t cert1, - gnutls_datum_t * cert2bin) -{ - bool result; - - if ((cert1->der.size == cert2bin->size) && - (memcmp(cert1->der.data, cert2bin->data, cert1->der.size) == 0)) - result = 1; - else - result = 0; - - return result; -} /* Checks if the issuer of a certificate is a * Certificate Authority, or if the certificate is the same diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 3cccc9ec12..22206ffc8d 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -59,6 +59,63 @@ static int crt_reinit(gnutls_x509_crt_t crt) } /** + * gnutls_x509_crt_equals - This function compares two gnutls_x509_crt_t certificates + * @cert1: The first certificate + * @cert2: The second certificate + * + * This function will compare two X.509 certificate structures. + * + * Returns: On equality non-zero is returned, otherwise zero. + * + * Since: 3.5.0 + **/ +unsigned gnutls_x509_crt_equals(gnutls_x509_crt_t cert1, + gnutls_x509_crt_t cert2) +{ + int ret; + bool result; + + ret = _gnutls_is_same_dn(cert1, cert2); + if (ret == 0) + return 0; + + if ((cert1->der.size == cert2->der.size) && + (memcmp(cert1->der.data, cert2->der.data, cert1->der.size) == 0)) + result = 1; + else + result = 0; + + return result; +} + +/** + * gnutls_x509_crt_equals2 - This function compares a gnutls_x509_crt_t cert with DER data + * @cert1: The first certificate + * @der: A DER encoded certificate + * + * This function will compare an X.509 certificate structures, with DER + * encoded certificate data. + * + * Returns: On equality non-zero is returned, otherwise zero. + * + * Since: 3.5.0 + **/ +unsigned +gnutls_x509_crt_equals2(gnutls_x509_crt_t cert1, + gnutls_datum_t * der) +{ + bool result; + + if ((cert1->der.size == der->size) && + (memcmp(cert1->der.data, der->data, cert1->der.size) == 0)) + result = 1; + else + result = 0; + + return result; +} + +/** * gnutls_x509_crt_init: * @cert: A pointer to the type to be initialized * |