treat sig_alg and algorithm comparison in a consistent way over all certificate types

2008-03-26 13:10:36 +00:00 · 2008-03-26 13:10:36 +00:00 · 5298777ad8
parent e37f7715bf
commit 5298777ad8
2 changed files with 9 additions and 3 deletions
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@ -484,6 +484,11 @@ static bool parse_certificate(private_x509_ac_t *this)
 				break;
 			case AC_OBJ_ALGORITHM:
 				this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+				if (this->algorithm != sig_alg)
+				{
+					DBG1("  signature algorithms do not agree");
+					return FALSE;
+				}
 				break;
 			case AC_OBJ_SIGNATURE:
 				this->signature = object;
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@ -200,6 +200,7 @@ static bool parse(private_x509_crl_t *this)
 	revoked_t *revoked = NULL;
 	chunk_t object;
 	u_int level;
+	int sig_alg = OID_UNKNOWN;
 	int objectID = 0;

 	asn1_init(&ctx, this->encoding, 0, FALSE, FALSE);
@ -223,7 +224,7 @@ static bool parse(private_x509_crl_t *this)
 				DBG2("  v%d", this->version);
 				break;
 			case CRL_OBJ_SIG_ALG:
-				this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+				sig_alg = parse_algorithmIdentifier(object, level, NULL);
 				break;
 			case CRL_OBJ_ISSUER:
 				this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
@ -287,8 +288,8 @@ static bool parse(private_x509_crl_t *this)
 				break;
 			case CRL_OBJ_ALGORITHM:
 			{
-				int algo = parse_algorithmIdentifier(object, level, NULL);
-				if (this->algorithm != algo)
+				this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+				if (this->algorithm != sig_alg)
 				{
 					DBG1("  signature algorithms do not agree");
 					return FALSE;