aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crl.c7
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c9
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_cert.c2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.c7
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c6
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c10
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c6
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c3
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c7
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.c15
10 files changed, 57 insertions, 15 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 9a9efb2b6..e529ff8a5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -225,7 +225,8 @@ METHOD(certificate_t, has_subject_or_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_openssl_crl_t *this, certificate_t *issuer)
+ private_openssl_crl_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
chunk_t fingerprint, tbs;
public_key_t *key;
@@ -270,6 +271,10 @@ METHOD(certificate_t, issued_by, bool,
openssl_asn1_str2chunk(this->crl->signature));
free(tbs.ptr);
key->destroy(key);
+ if (valid && scheme)
+ {
+ *scheme = this->scheme;
+ }
return valid;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 5caf5182c..ee19c4179 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -350,7 +350,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_openssl_x509_t *this, certificate_t *issuer)
+ private_openssl_x509_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
public_key_t *key;
bool valid;
@@ -393,6 +394,10 @@ METHOD(certificate_t, issued_by, bool,
openssl_asn1_str2chunk(this->x509->signature));
free(tbs.ptr);
key->destroy(key);
+ if (valid && scheme)
+ {
+ *scheme = this->scheme;
+ }
return valid;
}
@@ -975,7 +980,7 @@ static bool parse_certificate(private_openssl_x509_t *this)
hasher->allocate_hash(hasher, this->encoding, &this->hash);
hasher->destroy(hasher);
- if (issued_by(this, &this->public.x509.interface))
+ if (issued_by(this, &this->public.x509.interface, NULL))
{
this->flags |= X509_SELF_SIGNED;
}
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index 70a236855..e6d13a243 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -114,7 +114,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by,bool,
- private_pgp_cert_t *this, certificate_t *issuer)
+ private_pgp_cert_t *this, certificate_t *issuer, signature_scheme_t *scheme)
{
/* TODO: check signature blobs for a valid signature */
return FALSE;
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
index 67240fe0c..0304ccb36 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@@ -126,8 +126,13 @@ METHOD(certificate_t, equals, bool,
}
METHOD(certificate_t, issued_by, bool,
- private_pubkey_cert_t *this, certificate_t *issuer)
+ private_pubkey_cert_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
+ if (scheme)
+ {
+ *scheme = SIGN_UNKNOWN;
+ }
return equals(this, issuer);
}
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index a2cb589e0..d6ca8c4fa 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -701,7 +701,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ac_t *this, certificate_t *issuer)
+ private_x509_ac_t *this, certificate_t *issuer, signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -750,6 +750,10 @@ METHOD(certificate_t, issued_by, bool,
}
valid = key->verify(key, scheme, this->certificateInfo, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 25d92d5cb..88101e805 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -1483,7 +1483,8 @@ end:
/* check if the certificate is self-signed */
if (this->public.interface.interface.issued_by(
&this->public.interface.interface,
- &this->public.interface.interface))
+ &this->public.interface.interface,
+ NULL))
{
this->flags |= X509_SELF_SIGNED;
}
@@ -1568,7 +1569,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_cert_t *this, certificate_t *issuer)
+ private_x509_cert_t *this, certificate_t *issuer,
+ signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -1612,6 +1614,10 @@ METHOD(certificate_t, issued_by, bool,
}
valid = key->verify(key, scheme, this->tbsCertificate, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 7bcca16a3..5b4ba92da 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -442,7 +442,7 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_crl_t *this, certificate_t *issuer)
+ private_x509_crl_t *this, certificate_t *issuer, signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -490,6 +490,10 @@ METHOD(certificate_t, issued_by, bool,
}
valid = key->verify(key, scheme, this->tbsCertList, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index 33d0aa792..debf49086 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -364,7 +364,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ocsp_request_t *this, certificate_t *issuer)
+ private_x509_ocsp_request_t *this, certificate_t *issuer,
+ signature_scheme_t *scheme)
{
DBG1(DBG_LIB, "OCSP request validation not implemented!");
return FALSE;
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 7dfef3993..dc3fc27ca 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -670,7 +670,8 @@ METHOD(certificate_t, has_issuer, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_ocsp_response_t *this, certificate_t *issuer)
+ private_x509_ocsp_response_t *this, certificate_t *issuer,
+ signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -722,6 +723,10 @@ METHOD(certificate_t, issued_by, bool,
}
valid = key->verify(key, scheme, this->tbsResponseData, this->signature);
key->destroy(key);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
return valid;
}
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index ca08db2c6..5a9b2d92e 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -123,10 +123,12 @@ METHOD(certificate_t, has_subject, id_match_t,
}
METHOD(certificate_t, issued_by, bool,
- private_x509_pkcs10_t *this, certificate_t *issuer)
+ private_x509_pkcs10_t *this, certificate_t *issuer,
+ signature_scheme_t *schemep)
{
public_key_t *key;
signature_scheme_t scheme;
+ bool valid;
if (&this->public.interface.interface != issuer)
{
@@ -150,8 +152,13 @@ METHOD(certificate_t, issued_by, bool,
{
return FALSE;
}
- return key->verify(key, scheme, this->certificationRequestInfo,
- this->signature);
+ valid = key->verify(key, scheme, this->certificationRequestInfo,
+ this->signature);
+ if (valid && schemep)
+ {
+ *schemep = scheme;
+ }
+ return valid;
}
METHOD(certificate_t, get_public_key, public_key_t*,
@@ -441,7 +448,7 @@ end:
if (success)
{
/* check if the certificate request is self-signed */
- if (issued_by(this, &this->public.interface.interface))
+ if (issued_by(this, &this->public.interface.interface, NULL))
{
this->self_signed = TRUE;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 16:14:33 +0000