From 83cd8676faa81d1a4e5e66e2877a0d1322b653f7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 21 Feb 2019 17:13:46 +0000
Subject: [PATCH] Remove `sig_oid` parameter from mbedtls_x509_sig_alg_gets()

The function `mbedtls_x509_sig_alg_gets()` previously needed the
raw ASN.1 OID string even though it is implicit in the PK and MD
parameters.

This commit modifies `mbedtls_x509_sig_alg_gets()` to infer the OID
and remove it from the parameters.

This will be needed for the new X.509 CRT structure which will
likely not store the signature OID.

Care has to be taken to handle the case of RSASSA-PSS correctly,
where the hash algorithm in the OID list is set to MBEDTLS_MD_NONE
because it's only determined by the algorithm parameters.
---
 include/mbedtls/x509.h |  3 ++-
 library/x509.c         | 28 +++++++++++++++++++++-------
 library/x509_crl.c     |  4 ++--
 library/x509_crt.c     |  4 ++--
 library/x509_csr.c     |  4 ++--
 5 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index ff06d13b3..6a6fd028b 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -305,8 +305,9 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
                      mbedtls_x509_buf *serial );
 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
                   mbedtls_x509_buf *ext, int tag );
+
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+int mbedtls_x509_sig_alg_gets( char *buf, size_t size,
                        mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
                        const void *sig_opts );
 #endif
diff --git a/library/x509.c b/library/x509.c
index aeabdd3fa..58cd871be 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -841,20 +841,34 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
 /*
  * Helper for writing signature algorithms
  */
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                       const void *sig_opts )
+int mbedtls_x509_sig_alg_gets( char *buf, size_t size, mbedtls_pk_type_t pk_alg,
+                               mbedtls_md_type_t md_alg, const void *sig_opts )
 {
     int ret;
     char *p = buf;
     size_t n = size;
     const char *desc = NULL;
+    mbedtls_x509_buf sig_oid;
+    mbedtls_md_type_t tmp_md_alg = md_alg;
 
-    ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
-    if( ret != 0 )
-        ret = mbedtls_snprintf( p, n, "???"  );
-    else
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    /* The hash for RSASSA is determined by the algorithm parameters;
+     * in the OID list, the hash is set to MBEDTLS_MD_NONE. */
+    if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
+        tmp_md_alg = MBEDTLS_MD_NONE;
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+    sig_oid.tag = MBEDTLS_ASN1_OID;
+    ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, tmp_md_alg,
+                                          (const char**) &sig_oid.p,
+                                          &sig_oid.len );
+    if( ret == 0 &&
+        mbedtls_oid_get_sig_alg_desc( &sig_oid, &desc ) == 0 )
+    {
         ret = mbedtls_snprintf( p, n, "%s", desc );
+    }
+    else
+        ret = mbedtls_snprintf( p, n, "???" );
     MBEDTLS_X509_SAFE_SNPRINTF;
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 4f5507f0e..a56d5e3e8 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -690,8 +690,8 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
     ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
-                             crl->sig_opts );
+    ret = mbedtls_x509_sig_alg_gets( p, n, crl->sig_pk,
+                                     crl->sig_md, crl->sig_opts );
     MBEDTLS_X509_SAFE_SNPRINTF;
 
     ret = mbedtls_snprintf( p, n, "\n" );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 93729986f..f1f5473ff 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1606,8 +1606,8 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
     ret = mbedtls_snprintf( p, n, "\n%ssigned using      : ", prefix );
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
-                             crt->sig_md, crt->sig_opts );
+    ret = mbedtls_x509_sig_alg_gets( p, n, sig_info.sig_pk,
+                                     sig_info.sig_md, sig_info.sig_opts );
     MBEDTLS_X509_SAFE_SNPRINTF;
 
     /* Key size */
diff --git a/library/x509_csr.c b/library/x509_csr.c
index aa519fb93..d1a276041 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -357,8 +357,8 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
     ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
     MBEDTLS_X509_SAFE_SNPRINTF;
 
-    ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
-                             csr->sig_opts );
+    ret = mbedtls_x509_sig_alg_gets( p, n, csr->sig_pk,
+                                     csr->sig_md, csr->sig_opts );
     MBEDTLS_X509_SAFE_SNPRINTF;
 
     if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,