diff options
| author | Daniel Neus <[email protected]> | 2017-10-21 19:13:14 +0200 |
|---|---|---|
| committer | Daniel Neus <[email protected]> | 2017-10-21 19:31:29 +0200 |
| commit | e2ef35fb9f340eff40fadd1e03cc1ab6ff494b86 (patch) | |
| tree | a84c09e9bc0065bf498a477895d849ae8a16905e /src/lib/x509 | |
| parent | efa5004354ead93d8c5a3b32f430ccfb1c46e072 (diff) | |
review changes
Diffstat (limited to 'src/lib/x509')
| -rw-r--r-- | src/lib/x509/x509_obj.cpp | 3 | ||||
| -rw-r--r-- | src/lib/x509/x509cert.cpp | 12 |
2 files changed, 7 insertions, 8 deletions
diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index dd097f123..f566be00e 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -246,8 +246,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const // For MGF1, it is strongly RECOMMENDED that the underlying hash function be the same as the one identified by hashAlgorithm // Must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - std::string mgf_hash_algo = OIDS::lookup(pss_parameter.mask_gen_hash.oid); - if(mgf_hash_algo != hash_algo) + if(pss_parameter.mask_gen_hash.oid != pss_parameter.hash_algo.oid) { return false; } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index c20224aba..5a6588ecc 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -115,15 +115,15 @@ void X509_Certificate::force_decode() AlgorithmIdentifier public_key_alg_id; BER_Decoder(public_key.value).decode(public_key_alg_id).discard_remaining(); - std::vector<std::string> sig_info = + std::vector<std::string> public_key_info = split_on(OIDS::lookup(public_key_alg_id.oid), '/'); - if(sig_info[0] == "RSA") + if(!public_key_info.empty() && public_key_info[0] == "RSA") { // RFC4055: If PublicKeyAlgo = PSS or OAEP: limit the use of the public key exclusively to either RSASSA - PSS or RSAES - OAEP - if(sig_info.size() >= 2) + if(public_key_info.size() >= 2) { - if(sig_info[1] == "EMSA4") + if(public_key_info[1] == "EMSA4") { /* When the RSA private key owner wishes to limit the use of the public @@ -144,9 +144,9 @@ void X509_Certificate::force_decode() throw Decoding_Error("Algorithm identifier mismatch"); } } - if(sig_info[1] == "OAEP") + if(public_key_info[1] == "OAEP") { - throw Decoding_Error("Currently unsupported"); + throw Decoding_Error("Decoding subject public keys of type RSAES-OAEP is currently not supported"); } } else |