From c079c098c41b8dd2345ac1600770ce39ab6f91c0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 3 Apr 2014 15:44:02 +0200 Subject: [PATCH] x509: Check return value when signing attribute certificates In addition that this lets AC generation fail properly if private key signing fails, it also fixes an issue when compiling on Windows with MinGW 4.8.1, where for some reason the attributeCertificateInfo got encoded incorrectly. --- src/libstrongswan/plugins/x509/x509_ac.c | 25 +++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 30b871d428..ed58377a65 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -754,17 +754,22 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) /** * build an X.509 attribute certificate */ -static chunk_t build_ac(private_x509_ac_t *this) +static bool build_ac(private_x509_ac_t *this) { chunk_t signatureValue, attributeCertificateInfo; attributeCertificateInfo = build_attr_cert_info(this); - this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, - attributeCertificateInfo, &signatureValue); - return asn1_wrap(ASN1_SEQUENCE, "mmm", - attributeCertificateInfo, - asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), - asn1_bitstring("m", signatureValue)); + if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, + attributeCertificateInfo, &signatureValue)) + { + free(attributeCertificateInfo.ptr); + return FALSE; + } + this->encoding = asn1_wrap(ASN1_SEQUENCE, "mmm", + attributeCertificateInfo, + asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), + asn1_bitstring("m", signatureValue)); + return TRUE; } METHOD(ac_t, get_serial, chunk_t, @@ -1154,8 +1159,10 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) ac->holderCert->get_type(ac->holderCert) == CERT_X509 && ac->signerCert->get_type(ac->signerCert) == CERT_X509) { - ac->encoding = build_ac(ac); - return &ac->public; + if (build_ac(ac)) + { + return &ac->public; + } } destroy(ac); return NULL; -- 2.47.2