pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:132:    Sequence rsa_sha256_algorithm = Sequence( ({ Identifiers.rsa_sha256_id,    Null() }) );       Sequence rsa_sha384_algorithm = Sequence( ({ Identifiers.rsa_sha384_id,    Null() }) );       Sequence rsa_sha512_algorithm = Sequence( ({ Identifiers.rsa_sha512_id,    Null() }) );       Sequence dsa_sha1_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) ); +  Sequence dsa_sha224_algorithm = Sequence( ({ Identifiers.dsa_sha224_id }) ); +  Sequence dsa_sha256_algorithm = Sequence( ({ Identifiers.dsa_sha256_id }) );       mapping algorithms = ([   #if constant(Crypto.MD2)    rsa_md2_algorithm->get_der() : Crypto.MD2,   #endif    rsa_md5_algorithm->get_der() : Crypto.MD5,    rsa_sha1_algorithm->get_der() : Crypto.SHA1,    rsa_sha256_algorithm->get_der() : Crypto.SHA256,   #if constant(Crypto.SHA384)    rsa_sha384_algorithm->get_der() : Crypto.SHA384,   #endif   #if constant(Crypto.SHA512)    rsa_sha512_algorithm->get_der() : Crypto.SHA512,   #endif -  +  +  dsa_sha1_algorithm->get_der() : Crypto.SHA1, +  dsa_sha224_algorithm->get_der() : Crypto.SHA224, +  dsa_sha256_algorithm->get_der() : Crypto.SHA256,    ]);   }      //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and   //! @[extensions] is optionally added to the sequence. issuerUniqueID   //! and subjectUniqueID are not supported.   Sequence make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,
pike.git/lib/modules/Standards.pmod/X509.pmod:301:    dsa = DSA.parse_public_key(key, p, q, g);    }       //! Verifies the @[signature] of the certificate @[msg] using the    //! indicated hash @[algorithm]. The signature is the DER-encoded    //! ASN.1 sequence Dss-Sig-Value with the two integers r and s. See    //! RFC 3279 section 2.2.2.    int(0..1) verify(Sequence algorithm, string msg, string signature)    {    if (!dsa) return 0; -  if (algorithm->get_der() == dsa_sha1_algorithm->get_der()) -  return dsa->pkcs_verify(msg, Crypto.SHA1, signature); -  -  return 0; +  Crypto.Hash hash = algorithms[algorithm->get_der()]; +  if (!hash) return 0; +  return dsa->pkcs_verify(msg, hash, signature);    }   }      protected Verifier make_verifier(Object _keyinfo)   {    if( _keyinfo->type_name != "SEQUENCE" )    return 0;    Sequence keyinfo = [object(Sequence)]_keyinfo;       if ( (keyinfo->type_name != "SEQUENCE")