|
|
c70942 |
diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c
|
|
|
c70942 |
--- a/lib/certhigh/certvfy.c
|
|
|
c70942 |
+++ b/lib/certhigh/certvfy.c
|
|
|
c70942 |
@@ -42,23 +42,16 @@ checkKeyParams(const SECAlgorithmID *sig
|
|
|
c70942 |
{
|
|
|
c70942 |
SECStatus rv;
|
|
|
c70942 |
SECOidTag sigAlg;
|
|
|
c70942 |
SECOidTag curve;
|
|
|
c70942 |
PRUint32 policyFlags = 0;
|
|
|
c70942 |
PRInt32 minLen, len;
|
|
|
c70942 |
|
|
|
c70942 |
sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm);
|
|
|
c70942 |
- rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
|
|
|
c70942 |
- if (rv == SECSuccess &&
|
|
|
c70942 |
- !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
|
|
|
c70942 |
- PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
|
|
|
c70942 |
- return SECFailure;
|
|
|
c70942 |
- }
|
|
|
c70942 |
-
|
|
|
c70942 |
switch (sigAlg) {
|
|
|
c70942 |
case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
|
|
|
c70942 |
case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
|
|
|
c70942 |
case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
|
|
|
c70942 |
case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
|
|
|
c70942 |
case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
|
|
|
c70942 |
if (key->keyType != ecKey) {
|
|
|
c70942 |
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
|
|
c70942 |
@@ -126,16 +119,23 @@ checkKeyParams(const SECAlgorithmID *sig
|
|
|
c70942 |
}
|
|
|
c70942 |
|
|
|
c70942 |
if (len < minLen) {
|
|
|
c70942 |
return SECFailure;
|
|
|
c70942 |
}
|
|
|
c70942 |
|
|
|
c70942 |
return SECSuccess;
|
|
|
c70942 |
case SEC_OID_ANSIX9_DSA_SIGNATURE:
|
|
|
c70942 |
+ rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
|
|
|
c70942 |
+ if (rv == SECSuccess &&
|
|
|
c70942 |
+ !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
|
|
|
c70942 |
+ PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
|
|
|
c70942 |
+ return SECFailure;
|
|
|
c70942 |
+ }
|
|
|
c70942 |
+ /* fall through */
|
|
|
c70942 |
case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
|
|
|
c70942 |
case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
|
|
|
c70942 |
case SEC_OID_SDN702_DSA_SIGNATURE:
|
|
|
c70942 |
case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
|
|
|
c70942 |
case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
|
|
|
c70942 |
if (key->keyType != dsaKey) {
|
|
|
c70942 |
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
|
|
c70942 |
return SECFailure;
|