From: Denis Kenzior <denkenz@gmail.com>
To: ell@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH v2 04/10] tls: Support peer certificates that use ECDSA
Date: Mon, 18 Jul 2022 13:00:39 -0500 [thread overview]
Message-ID: <20220718180045.5845-4-denkenz@gmail.com> (raw)
In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com>
---
v2 - Rework slightly to fix (false-positive) compiler warnings
ell/tls.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/ell/tls.c b/ell/tls.c
index b2f7411f3b36..136aa8660c2a 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -2028,12 +2028,22 @@ static void tls_handle_certificate(struct l_tls *tls,
return;
}
- if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5,
- L_CHECKSUM_NONE, &tls->peer_pubkey_size,
- &dummy)) {
+ switch (l_cert_get_pubkey_type(tls->peer_cert)) {
+ case L_CERT_KEY_RSA:
+ if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5,
+ L_CHECKSUM_NONE,
+ &tls->peer_pubkey_size, &dummy))
+ goto pubkey_unsupported;
+ break;
+ case L_CERT_KEY_ECC:
+ if (!l_key_get_info(tls->peer_pubkey, L_KEY_ECDSA_X962,
+ L_CHECKSUM_SHA1,
+ &tls->peer_pubkey_size, &dummy))
+ goto pubkey_unsupported;
+ break;
+ case L_CERT_KEY_UNKNOWN:
TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0,
- "Can't l_key_get_info for peer public key");
-
+ "Unknown public key type");
return;
}
@@ -2047,6 +2057,10 @@ static void tls_handle_certificate(struct l_tls *tls,
return;
+pubkey_unsupported:
+ TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0,
+ "Can't l_key_get_info for peer public key");
+ return;
decode_error:
TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0,
"TLS_CERTIFICATE decode error");
--
2.35.1
next prev parent reply other threads:[~2022-07-18 18:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-18 18:00 [PATCH v2 01/10] cert/key: Add support for EC based certificates Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 02/10] unit: Add basic EC-DSA verification test Denis Kenzior
2022-07-18 19:07 ` Mat Martineau
2022-07-18 20:21 ` Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 03/10] key: ECDSA data is given in x962 format Denis Kenzior
2022-07-18 18:00 ` Denis Kenzior [this message]
2022-07-18 18:00 ` [PATCH v2 05/10] tls: Add helper for DigitallySigned validation Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 06/10] tls: Add helper to find hash function by id Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 07/10] tls-suites: Add ECDSA suites from RFC 8422 Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 08/10] unit: Skip ECDSA cipher suite tests Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 09/10] useful: Add maxsize() Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 10/10] tls: Do not set verify_data_length unless needed Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220718180045.5845-4-denkenz@gmail.com \
--to=denkenz@gmail.com \
--cc=ell@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox