aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2019-05-09 10:49:38 -0400
committerJack Lloyd <[email protected]>2019-05-09 10:49:38 -0400
commitb26b472e0b90e83d565c9c8d64d6fc2591c286c5 (patch)
treed831bf9fb4abbd082482e30bace67a37f06e138d /src
parent87172d3bf58b2b3b6575087c42e05f801789e025 (diff)
Fix decoding of RSA-OAEP certs
GH #1943
Diffstat (limited to 'src')
-rw-r--r--src/lib/x509/x509cert.cpp6
-rw-r--r--src/tests/data/x509/misc/rsa_oaep.pem29
-rw-r--r--src/tests/unit_x509.cpp18
3 files changed, 48 insertions, 5 deletions
diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp
index de4b0ed7a..0212267ec 100644
--- a/src/lib/x509/x509cert.cpp
+++ b/src/lib/x509/x509cert.cpp
@@ -176,17 +176,13 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o
throw Decoding_Error("Algorithm identifier mismatch");
}
}
- if(public_key_info[1] == "OAEP")
- {
- throw Decoding_Error("Decoding subject public keys of type RSAES-OAEP is currently not supported");
- }
}
else
{
// oid = rsaEncryption -> parameters field MUST contain NULL
if(public_key_alg_id != AlgorithmIdentifier(public_key_alg_id.get_oid(), AlgorithmIdentifier::USE_NULL_PARAM))
{
- throw Decoding_Error("Parameters field MUST contain NULL");
+ throw Decoding_Error("RSA algorithm parameters field MUST contain NULL");
}
}
}
diff --git a/src/tests/data/x509/misc/rsa_oaep.pem b/src/tests/data/x509/misc/rsa_oaep.pem
new file mode 100644
index 000000000..d41247b44
--- /dev/null
+++ b/src/tests/data/x509/misc/rsa_oaep.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5zCCA8+gAwIBAgIED7qWsDANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGU2F4b255MSEwHwYDVQQKExhJbmZpbmVvbiBUZWNobm9sb2dp
+ZXMgQUcxDDAKBgNVBAsTA0FJTTEmMCQGA1UEAxMdSUZYIFRQTSBFSyBJbnRlcm1l
+ZGlhdGUgQ0EgNTMwHhcNMTcxMjAxMTMzMDE2WhcNMjcxMjAxMTMzMDE2WjAAMIIB
+NzAiBgkqhkiG9w0BAQcwFaITMBEGCSqGSIb3DQEBCQQEVENQQQOCAQ8AMIIBCgKC
+AQEAvOAaP0aHfViksZjaNBKAj5hgahNl5di3uWyVo3NPeJmsFHalWWsSf/+VX5Hs
+HScUD5Ow2zFL0G54VfJ0dw/RfJ/XZOWmcO7C3Bp+Qpph6N4Fgfw6FxKAIAe9ZUIi
+borYEOVGLwXd0IQf4MRznOKQE0niAKWFQ9QYi5M4qPdT6BOUM6cWPK/nautnh9l6
+uFrpxJs4E+309G2MZaM1nApYLe5ZdzrViz2X7sTTlFrULT7EFf3ow9QQVpn4nEZn
+O+uNDQQzOhqIFf2iniGLf8Q+dhtq6ll1aEbeCtqgFiMPPyPXhk/fE9dCMTa7UxIF
+GOmDyW+1hEws9k0qVK35q0vl3QIDAQABo4IB2zCCAdcwUQYDVR0RAQH/BEcwRaRD
+MEExFjAUBgVngQUCAQwLaWQ6NDk0NjU4MDAxEzARBgVngQUCAgwIU0xCIDk2NjAx
+EjAQBgVngQUCAwwHaWQ6MDQyQjAMBgNVHRMBAf8EAjAAMIG8BgNVHSABAf8EgbEw
+ga4wgasGC2CGSAGG+EUBBy8BMIGbMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LnZl
+cmlzaWduLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwwXgYIKwYBBQUHAgIwUh5Q
+AFQAQwBQAEEAIABUAHIAdQBzAHQAZQBkACAAUABsAGEAdABmAG8AcgBtACAATQBv
+AGQAdQBsAGUAIABFAG4AZABvAHIAcwBlAG0AZQBuAHQwHwYDVR0jBBgwFoAUKneg
+40LLxscu4/r8Owp7zqfJzk4wgZMGA1UdCQSBizCBiDA6BgNVBDQxMzALMAkGBSsO
+AwIaBQAwJDAiBgkqhkiG9w0BAQcwFaITMBEGCSqGSIb3DQEBCQQEVENQQTAWBgVn
+gQUCEDENMAsMAzEuMgIBAgIBAzAyBgVngQUCEjEpMCcBAf+gAwoBAaEDCgEAogMK
+AQCjEDAOFgMzLjEKAQQKAQIBAf8BAf8wDQYJKoZIhvcNAQEFBQADggEBAFs7LBVG
+F5GTjNTlug4aXwFfddchI75jPt9oHNfYyxo2CnPUBWeF2XauJtmNp8uMl5vxPMqf
+Wbon4cTIajWR370U89N3cxSKMqNPsI8Kc9nY8uLw4VxMntArCzCg6P0dtE7qlzy9
+MV+2eo8cLlhRUVic6xCrbfqq/+8Yq/q8uVK8yaf+v04fZ7btKKn5C45tjHV7DNI6
+anBnclfL5tV02uit7XMKGEmfnMLkx+vZHJRoVu9f9/R2XWNWyZPGY3noICmMCqh/
+mVxVsiqEi6SrGphSUd/TaQDlfHXu0UOaKTH0xZti50dOqW0mBk0Jfqio7fRYFOlk
+dFIrr2o7AWuAYg4=
+-----END CERTIFICATE-----
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp
index 63310b7a7..29739eb85 100644
--- a/src/tests/unit_x509.cpp
+++ b/src/tests/unit_x509.cpp
@@ -418,6 +418,23 @@ Test::Result test_crl_dn_name()
return result;
}
+Test::Result test_rsa_oaep()
+ {
+ Test::Result result("RSA OAEP decoding");
+
+#if defined(BOTAN_HAS_RSA)
+ Botan::X509_Certificate cert(Test::data_file("x509/misc/rsa_oaep.pem"));
+
+ auto public_key = cert.load_subject_public_key();
+ result.test_not_null("Decoding RSA-OAEP worked", public_key.get());
+ auto pk_info = cert.subject_public_key_algo();
+
+ result.test_eq("RSA-OAEP OID", pk_info.get_oid().to_string(), Botan::OIDS::lookup("RSA/OAEP").to_string());
+#endif
+
+ return result;
+ }
+
Test::Result test_x509_decode_list()
{
Test::Result result("X509_Certificate list decode");
@@ -1598,6 +1615,7 @@ class X509_Cert_Unit_Tests final : public Test
results.push_back(test_x509_bmpstring());
results.push_back(test_crl_dn_name());
results.push_back(test_x509_decode_list());
+ results.push_back(test_rsa_oaep());
results.push_back(test_x509_authority_info_access_extension());
#endif