added the hash of the issuer's public key to the decoded cert

2012-05-08 15:12:33 -07:00 · 2012-05-08 15:12:33 -07:00 · 81a6ed4577
parent 4d9fe4dafe
commit 81a6ed4577
2 changed files with 12 additions and 0 deletions
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@ -2183,6 +2183,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
        CYASSL_MSG("About to verify certificate signature");
 
        if (ca) {
+#ifdef HAVE_OCSP
+            /* Need the ca's public key hash for OCSP */
+            {
+                Sha sha;
+                InitSha(&sha);
+                ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
+                ShaFinal(&sha, cert->issuerKeyHash);
+            }
+#endif /* HAVE_OCSP */
            /* try to confirm/verify signature */
            if (!ConfirmSignature(cert, ca->publicKey,
                                  ca->pubKeySize, ca->keyOID)) {
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@ -207,6 +207,9 @@ struct DecodedCert {
    word32  keyOID;                  /* sum of key algo  object id       */
    byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
    byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
+#ifdef HAVE_OCSP
+    byte    issuerKeyHash[SHA_SIZE]; /* hash of the public Key           */
+#endif /* HAVE_OCSP */
    byte*   signature;               /* not owned, points into raw cert  */
    char*   subjectCN;               /* CommonName                       */
    int     subjectCNLen;