diff options
author | René Korthaus <[email protected]> | 2017-12-20 10:57:15 +0100 |
---|---|---|
committer | René Korthaus <[email protected]> | 2017-12-20 10:57:15 +0100 |
commit | 55ba0cab3fa98516f63acf3a8579b2e2e2cf66a0 (patch) | |
tree | be8dd7100a616d315dfb72edcb680b7df8f86e12 /src/lib/x509/x509_ca.cpp | |
parent | 2918801d97ccdad5327320ee29bdc2cf666fb08a (diff) |
Don't encode AlgorithmIdentifier parameters for ECDSA in X.509 objects
RFC 5758 and 4491 mandate that for DSA, ECDSA and GOST, the algorithm
identifier "encoding MUST omit the parameters field".
Diffstat (limited to 'src/lib/x509/x509_ca.cpp')
-rw-r--r-- | src/lib/x509/x509_ca.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 0a470762f..f8daaf79a 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -252,9 +252,12 @@ PK_Signer* choose_sig_format(const Private_Key& key, std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_fn)); std::string padding; + std::vector<uint8_t> algo_params; if(algo_name == "RSA") { padding = "EMSA3"; + // for RSA PKCSv1.5 parameters "SHALL" be NULL + algo_params = key.algorithm_identifier().get_parameters(); } else if(algo_name == "DSA" || algo_name == "ECDSA" || @@ -262,6 +265,7 @@ PK_Signer* choose_sig_format(const Private_Key& key, algo_name == "ECKCDSA" || algo_name == "GOST-34.10") { + // for DSA, ECDSA, GOST parameters "SHALL" be empty padding = "EMSA1"; } else @@ -273,8 +277,7 @@ PK_Signer* choose_sig_format(const Private_Key& key, padding = padding + "(" + hash->name() + ")"; - sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding), - key.algorithm_identifier().get_parameters()); + sig_algo = AlgorithmIdentifier(OIDS::lookup(algo_name + "/" + padding), algo_params); return new PK_Signer(key, rng, padding, format); } |