aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509/x509_ca.cpp
diff options
context:
space:
mode:
authorRenĂ© Korthaus <[email protected]>2017-12-20 10:57:15 +0100
committerRenĂ© Korthaus <[email protected]>2017-12-20 10:57:15 +0100
commit55ba0cab3fa98516f63acf3a8579b2e2e2cf66a0 (patch)
treebe8dd7100a616d315dfb72edcb680b7df8f86e12 /src/lib/x509/x509_ca.cpp
parent2918801d97ccdad5327320ee29bdc2cf666fb08a (diff)
Don't encode AlgorithmIdentifier parameters for ECDSA in X.509 objects
RFC 5758 and 4491 mandate that for DSA, ECDSA and GOST, the algorithm identifier "encoding MUST omit the parameters field".
Diffstat (limited to 'src/lib/x509/x509_ca.cpp')
-rw-r--r--src/lib/x509/x509_ca.cpp7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp
index 0a470762f..f8daaf79a 100644
--- a/src/lib/x509/x509_ca.cpp
+++ b/src/lib/x509/x509_ca.cpp
@@ -252,9 +252,12 @@ PK_Signer* choose_sig_format(const Private_Key& key,
std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_fn));
std::string padding;
+ std::vector<uint8_t> algo_params;
if(algo_name == "RSA")
{
padding = "EMSA3";
+ // for RSA PKCSv1.5 parameters "SHALL" be NULL
+ algo_params = key.algorithm_identifier().get_parameters();
}
else if(algo_name == "DSA" ||
algo_name == "ECDSA" ||
@@ -262,6 +265,7 @@ PK_Signer* choose_sig_format(const Private_Key& key,
algo_name == "ECKCDSA" ||
algo_name == "GOST-34.10")
{
+ // for DSA, ECDSA, GOST parameters "SHALL" be empty
padding = "EMSA1";
}
else
@@ -273,8 +277,7 @@ PK_Signer* choose_sig_format(const Private_Key& key,
padding = padding + "(" + hash->name() + ")";
- sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding),
- key.algorithm_identifier().get_parameters());
+ sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding), algo_params);
return new PK_Signer(key, rng, padding, format);
}