diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-10-13 14:33:43 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:48:10 +0100 |
commit | 024b979522fa8cad18bef96208064db5e68e228e (patch) | |
tree | 50541da15f4bca39dfb2945f8a876802cdedaff5 /src/libstrongswan | |
parent | c2935b03c4477a333e0ccb5d9811af7a89a6fa52 (diff) | |
download | strongswan-024b979522fa8cad18bef96208064db5e68e228e.tar.bz2 strongswan-024b979522fa8cad18bef96208064db5e68e228e.tar.xz |
certificate: Return signature scheme and parameters from issued_by() method
This also required some include restructuring (avoid including library.h
in headers) to avoid unresolvable circular dependencies.
Diffstat (limited to 'src/libstrongswan')
25 files changed, 119 insertions, 72 deletions
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h index d59126bd5..6dc5c7694 100644 --- a/src/libstrongswan/credentials/certificates/certificate.h +++ b/src/libstrongswan/credentials/certificates/certificate.h @@ -25,9 +25,9 @@ typedef struct certificate_t certificate_t; typedef enum certificate_type_t certificate_type_t; typedef enum cert_validation_t cert_validation_t; -#include <library.h> #include <utils/identification.h> #include <credentials/keys/public_key.h> +#include <credentials/keys/signature_params.h> #include <credentials/cred_encoding.h> /** @@ -139,11 +139,12 @@ struct certificate_t { * Check if this certificate is issued and signed by a specific issuer. * * @param issuer issuer's certificate - * @param scheme receives signature scheme used during verification + * @param scheme receives used signature scheme and parameters, if + * given (allocated) * @return TRUE if certificate issued by issuer and trusted */ bool (*issued_by)(certificate_t *this, certificate_t *issuer, - signature_scheme_t *scheme); + signature_params_t **scheme); /** * Get the public key associated to this certificate. diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c index 9e7815d04..8cc6a6c63 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.c +++ b/src/libstrongswan/credentials/containers/pkcs12.c @@ -15,6 +15,7 @@ #include "pkcs12.h" +#include <library.h> #include <utils/debug.h> /** diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h index 0b6536430..1129357ba 100644 --- a/src/libstrongswan/credentials/cred_encoding.h +++ b/src/libstrongswan/credentials/cred_encoding.h @@ -25,7 +25,7 @@ typedef struct cred_encoding_t cred_encoding_t; typedef enum cred_encoding_type_t cred_encoding_type_t; typedef enum cred_encoding_part_t cred_encoding_part_t; -#include <library.h> +#include <utils/chunk.h> /** * Credential encoder function implementing encoding/fingerprinting. diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 9be7407ef..a4a092e36 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -488,7 +488,7 @@ METHOD(credential_manager_t, remove_local_set, void, METHOD(credential_manager_t, issued_by, bool, private_credential_manager_t *this, certificate_t *subject, - certificate_t *issuer, signature_scheme_t *scheme) + certificate_t *issuer, signature_params_t **scheme) { if (this->cache) { @@ -661,7 +661,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this, */ static certificate_t *get_issuer_cert(private_credential_manager_t *this, certificate_t *subject, bool trusted, - signature_scheme_t *scheme) + signature_params_t **scheme) { enumerator_t *enumerator; certificate_t *issuer = NULL, *candidate; @@ -723,7 +723,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, { certificate_t *current, *issuer; auth_cfg_t *auth; - signature_scheme_t scheme; + signature_params_t *scheme; int pathlen; auth = auth_cfg_create(); @@ -750,7 +750,8 @@ static bool verify_trust_chain(private_credential_manager_t *this, DBG1(DBG_CFG, " using trusted intermediate ca certificate " "\"%Y\"", issuer->get_subject(issuer)); } - auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme); + auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme->scheme); + signature_params_destroy(scheme); } else { @@ -768,7 +769,8 @@ static bool verify_trust_chain(private_credential_manager_t *this, auth->add(auth, AUTH_RULE_IM_CERT, issuer->get_ref(issuer)); DBG1(DBG_CFG, " using untrusted intermediate certificate " "\"%Y\"", issuer->get_subject(issuer)); - auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme); + auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, scheme->scheme); + signature_params_destroy(scheme); } else { diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h index 022ca566c..d99f29b85 100644 --- a/src/libstrongswan/credentials/credential_manager.h +++ b/src/libstrongswan/credentials/credential_manager.h @@ -241,12 +241,13 @@ struct credential_manager_t { * * @param subject subject certificate to check * @param issuer issuer certificate that potentially has signed subject - * @param scheme receives used signature scheme, if given + * @param scheme receives used signature scheme and parameters, if + * given (allocated) * @return TRUE if issuer signed subject */ bool (*issued_by)(credential_manager_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t *scheme); + signature_params_t **scheme); /** * Register a credential set to the manager. diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 186530ff6..d6a0a7bc9 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -28,7 +28,6 @@ typedef enum key_type_t key_type_t; typedef enum signature_scheme_t signature_scheme_t; typedef enum encryption_scheme_t encryption_scheme_t; -#include <library.h> #include <utils/identification.h> #include <credentials/cred_encoding.h> diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 92d5efdc6..0e64f0350 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -48,9 +48,9 @@ struct relation_t { certificate_t *issuer; /** - * Signature scheme used to sign this relation + * Signature scheme and parameters used to sign this relation */ - signature_scheme_t scheme; + signature_params_t *scheme; /** * Cache hits @@ -84,7 +84,7 @@ struct private_cert_cache_t { */ static void cache(private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t scheme) + signature_params_t *scheme) { relation_t *rel; int i, offset, try; @@ -118,7 +118,8 @@ static void cache(private_cert_cache_t *this, { rel->subject->destroy(rel->subject); rel->subject = subject->get_ref(subject); - rel->scheme = scheme; + signature_params_destroy(rel->scheme); + rel->scheme = signature_params_clone(scheme); return rel->lock->unlock(rel->lock); } } @@ -139,7 +140,7 @@ static void cache(private_cert_cache_t *this, { rel->subject = subject->get_ref(subject); rel->issuer = issuer->get_ref(issuer); - rel->scheme = scheme; + rel->scheme = signature_params_clone(scheme); return rel->lock->unlock(rel->lock); } rel->lock->unlock(rel->lock); @@ -165,10 +166,11 @@ static void cache(private_cert_cache_t *this, { rel->subject->destroy(rel->subject); rel->issuer->destroy(rel->issuer); + signature_params_destroy(rel->scheme); } rel->subject = subject->get_ref(subject); rel->issuer = issuer->get_ref(issuer); - rel->scheme = scheme; + rel->scheme = signature_params_clone(scheme); rel->hits = 0; return rel->lock->unlock(rel->lock); } @@ -180,11 +182,11 @@ static void cache(private_cert_cache_t *this, METHOD(cert_cache_t, issued_by, bool, private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **schemep) { certificate_t *cached_issuer = NULL; relation_t *found = NULL, *current; - signature_scheme_t scheme; + signature_params_t *scheme; int i; for (i = 0; i < CACHE_SIZE; i++) @@ -202,7 +204,7 @@ METHOD(cert_cache_t, issued_by, bool, found = current; if (schemep) { - *schemep = current->scheme; + *schemep = signature_params_clone(current->scheme); } } else if (!cached_issuer) @@ -225,6 +227,10 @@ METHOD(cert_cache_t, issued_by, bool, { *schemep = scheme; } + else + { + signature_params_destroy(scheme); + } DESTROY_IF(cached_issuer); return TRUE; } @@ -383,8 +389,10 @@ METHOD(cert_cache_t, flush, void, { rel->subject->destroy(rel->subject); rel->issuer->destroy(rel->issuer); + signature_params_destroy(rel->scheme); rel->subject = NULL; rel->issuer = NULL; + rel->scheme = NULL; rel->hits = 0; } } @@ -405,6 +413,7 @@ METHOD(cert_cache_t, destroy, void, { rel->subject->destroy(rel->subject); rel->issuer->destroy(rel->issuer); + signature_params_destroy(rel->scheme); } rel->lock->destroy(rel->lock); } @@ -438,6 +447,7 @@ cert_cache_t *cert_cache_create() { this->relations[i].subject = NULL; this->relations[i].issuer = NULL; + this->relations[i].scheme = NULL; this->relations[i].hits = 0; this->relations[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); } diff --git a/src/libstrongswan/credentials/sets/cert_cache.h b/src/libstrongswan/credentials/sets/cert_cache.h index 2bcdbe464..2235bc30d 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.h +++ b/src/libstrongswan/credentials/sets/cert_cache.h @@ -45,12 +45,13 @@ struct cert_cache_t { * * @param subject certificate to verify * @param issuer issuing certificate to verify subject - * @param scheme receives used signature scheme, if given + * @param scheme receives used signature scheme and parameters, if + * given (allocated) * @return TRUE if subject issued by issuer */ bool (*issued_by)(cert_cache_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t *scheme); + signature_params_t **scheme); /** * Flush the certificate cache. diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 9d2df1d4b..96de7e258 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -27,7 +27,6 @@ typedef enum hash_algorithm_t hash_algorithm_t; typedef struct hasher_t hasher_t; -#include <library.h> #include <crypto/prfs/prf.h> #include <crypto/signers/signer.h> #include <credentials/keys/public_key.h> diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index bf443e5f4..fe9ffc2dd 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -25,7 +25,8 @@ typedef enum pseudo_random_function_t pseudo_random_function_t; typedef struct prf_t prf_t; -#include <library.h> +#include <utils/utils.h> +#include <utils/chunk.h> /** * Pseudo random function, as in IKEv2 RFC 3.3.2. diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 01b702da1..8958e66e9 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -25,7 +25,8 @@ typedef enum integrity_algorithm_t integrity_algorithm_t; typedef struct signer_t signer_t; -#include <library.h> +#include <utils/utils.h> +#include <utils/chunk.h> /** * Integrity algorithm, as in IKEv2 RFC 3.3.2. diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 663f0915d..171b7d684 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -284,7 +284,7 @@ METHOD(certificate_t, has_subject_or_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_openssl_crl_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { chunk_t fingerprint, tbs; public_key_t *key; @@ -338,7 +338,9 @@ METHOD(certificate_t, issued_by, bool, key->destroy(key); if (valid && scheme) { - *scheme = this->scheme; + INIT(*scheme, + .scheme = this->scheme, + ); } return valid; } diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c index f6df03f12..3a6d2f193 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -20,6 +20,7 @@ #include "openssl_sha1_prf.h" #include <openssl/sha.h> +#include <crypto/hashers/hasher.h> typedef struct private_openssl_sha1_prf_t private_openssl_sha1_prf_t; diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 7e077e74d..d2773e3f8 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -384,7 +384,7 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_openssl_x509_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { public_key_t *key; bool valid; @@ -392,11 +392,16 @@ METHOD(certificate_t, issued_by, bool, ASN1_BIT_STRING *sig; chunk_t tbs; + if (this->scheme == SIGN_UNKNOWN) + { + return FALSE; + } if (&this->public.x509.interface == issuer) { if (this->flags & X509_SELF_SIGNED) { - return TRUE; + valid = TRUE; + goto out; } } else @@ -414,10 +419,6 @@ METHOD(certificate_t, issued_by, bool, return FALSE; } } - if (this->scheme == SIGN_UNKNOWN) - { - return FALSE; - } key = issuer->get_public_key(issuer); if (!key) { @@ -434,9 +435,13 @@ METHOD(certificate_t, issued_by, bool, openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); + +out: if (valid && scheme) { - *scheme = this->scheme; + INIT(*scheme, + .scheme = this->scheme, + ); } return valid; } diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c index 76b0b7b40..8c6c5dae7 100644 --- a/src/libstrongswan/plugins/pem/pem_encoder.c +++ b/src/libstrongswan/plugins/pem/pem_encoder.c @@ -15,6 +15,8 @@ #include "pem_encoder.h" +#include <library.h> + #define BYTES_PER_LINE 48 /** diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index 0ffce4cfc..392ef5440 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -114,7 +114,7 @@ METHOD(certificate_t, has_issuer, id_match_t, } METHOD(certificate_t, issued_by,bool, - private_pgp_cert_t *this, certificate_t *issuer, signature_scheme_t *scheme) + private_pgp_cert_t *this, certificate_t *issuer, signature_params_t **scheme) { /* TODO: check signature blobs for a valid signature */ return FALSE; diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c index 100f3ef33..eba936b83 100644 --- a/src/libstrongswan/plugins/pgp/pgp_encoder.c +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c @@ -15,6 +15,7 @@ #include "pgp_encoder.h" +#include <library.h> #include <utils/debug.h> /** diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c index 0631a6857..81dad65b7 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c @@ -137,13 +137,16 @@ METHOD(certificate_t, equals, bool, METHOD(certificate_t, issued_by, bool, private_pubkey_cert_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { - if (scheme) + bool valid = equals(this, issuer); + if (valid && scheme) { - *scheme = SIGN_UNKNOWN; + INIT(*scheme, + .scheme = SIGN_UNKNOWN, + ); } - return equals(this, issuer); + return valid; } METHOD(certificate_t, get_public_key, public_key_t*, diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 2a1ef638b..c0a64fc5d 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -886,7 +886,8 @@ METHOD(certificate_t, has_issuer, id_match_t, } METHOD(certificate_t, issued_by, bool, - private_x509_ac_t *this, certificate_t *issuer, signature_scheme_t *schemep) + private_x509_ac_t *this, certificate_t *issuer, + signature_params_t **schemep) { public_key_t *key; signature_scheme_t scheme; @@ -938,7 +939,9 @@ METHOD(certificate_t, issued_by, bool, key->destroy(key); if (valid && schemep) { - *schemep = scheme; + INIT(*schemep, + .scheme = scheme, + ); } return valid; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 6d2fb9de7..9bb272a4f 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1677,18 +1677,26 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_cert_t *this, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **schemep) { public_key_t *key; signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; + /* determine signature scheme */ + scheme = signature_scheme_from_oid(this->algorithm); + if (scheme == SIGN_UNKNOWN) + { + return FALSE; + } + if (&this->public.interface.interface == issuer) { if (this->flags & X509_SELF_SIGNED) { - return TRUE; + valid = TRUE; + goto out; } } else @@ -1707,12 +1715,6 @@ METHOD(certificate_t, issued_by, bool, return FALSE; } - /* determine signature scheme */ - scheme = signature_scheme_from_oid(this->algorithm); - if (scheme == SIGN_UNKNOWN) - { - return FALSE; - } /* get the public key of the issuer */ key = issuer->get_public_key(issuer); if (!key) @@ -1722,9 +1724,13 @@ METHOD(certificate_t, issued_by, bool, valid = key->verify(key, scheme, NULL, this->tbsCertificate, this->signature); key->destroy(key); + +out: if (valid && schemep) { - *schemep = scheme; + INIT(*schemep, + .scheme = scheme, + ); } return valid; } diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 8ea70252f..2712ad83e 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -457,7 +457,8 @@ METHOD(certificate_t, has_issuer, id_match_t, } METHOD(certificate_t, issued_by, bool, - private_x509_crl_t *this, certificate_t *issuer, signature_scheme_t *schemep) + private_x509_crl_t *this, certificate_t *issuer, + signature_params_t **schemep) { public_key_t *key; signature_scheme_t scheme; @@ -506,7 +507,9 @@ METHOD(certificate_t, issued_by, bool, key->destroy(key); if (valid && schemep) { - *schemep = scheme; + INIT(*schemep, + .scheme = scheme, + ); } return valid; } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index de2ad9878..de22ab6be 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -372,7 +372,7 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_ocsp_request_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { DBG1(DBG_LIB, "OCSP request validation not implemented!"); return FALSE; diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index fd0d84e48..e803c185c 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -703,7 +703,7 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_ocsp_response_t *this, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **schemep) { public_key_t *key; signature_scheme_t scheme; @@ -758,7 +758,9 @@ METHOD(certificate_t, issued_by, bool, key->destroy(key); if (valid && schemep) { - *schemep = scheme; + INIT(*schemep, + .scheme = scheme, + ); } return valid; } diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c index beeb436ab..019ccf7c1 100644 --- a/src/libstrongswan/plugins/x509/x509_pkcs10.c +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -124,7 +124,7 @@ METHOD(certificate_t, has_subject, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_pkcs10_t *this, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **schemep) { public_key_t *key; signature_scheme_t scheme; @@ -134,29 +134,32 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } - if (this->self_signed) - { - return TRUE; - } - /* determine signature scheme */ scheme = signature_scheme_from_oid(this->algorithm); if (scheme == SIGN_UNKNOWN) { return FALSE; } - - /* get the public key contained in the certificate request */ - key = this->public_key; - if (!key) + if (this->self_signed) { - return FALSE; + valid = TRUE; + } + else + { + /* get the public key contained in the certificate request */ + key = this->public_key; + if (!key) + { + return FALSE; + } + valid = key->verify(key, scheme, NULL, this->certificationRequestInfo, + this->signature); } - valid = key->verify(key, scheme, NULL, this->certificationRequestInfo, - this->signature); if (valid && schemep) { - *schemep = scheme; + INIT(*schemep, + .scheme = scheme, + ); } return valid; } diff --git a/src/libstrongswan/utils/debug.h b/src/libstrongswan/utils/debug.h index f1c8c70ab..3b554487c 100644 --- a/src/libstrongswan/utils/debug.h +++ b/src/libstrongswan/utils/debug.h @@ -24,9 +24,9 @@ typedef enum debug_t debug_t; typedef enum level_t level_t; -#include <stdio.h> - +#include <utils/printf_hook/printf_hook.h> #include <utils/utils.h> +#include <stdio.h> /** * Debug message group. |