summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2024-01-19 10:35:58 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2024-01-19 10:35:58 +0700
commit8e43e0440c06bf8cacabc6879439c9a75475bcb5 (patch)
tree498e5763229d53a9c6eac0f9558ba03ca08ad250 /crypto
parentLazy creation of SigAlgName (diff)
downloadBouncyCastle.NET-ed25519-8e43e0440c06bf8cacabc6879439c9a75475bcb5.tar.xz
Align sig alg checks in X509Certificate, X509Crl
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/x509/X509Certificate.cs21
-rw-r--r--crypto/src/x509/X509Crl.cs3
-rw-r--r--crypto/src/x509/X509SignatureUtil.cs22
3 files changed, 23 insertions, 23 deletions
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index 316eaad99..572acb2c7 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -717,7 +717,7 @@ namespace Org.BouncyCastle.X509
         {
             var tbsCertificate = c.TbsCertificate;
 
-            if (!IsAlgIDEqual(c.SignatureAlgorithm, tbsCertificate.Signature))
+            if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertificate.Signature))
                 throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
 
             return X509Utilities.VerifySignature(verifier, tbsCertificate, c.Signature);
@@ -748,22 +748,5 @@ namespace Org.BouncyCastle.X509
         {
             return PublicKeyFactory.CreateKey(c.SubjectPublicKeyInfo);
         }
-
-        private static bool IsAlgIDEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
-        {
-            if (!id1.Algorithm.Equals(id2.Algorithm))
-                return false;
-
-            Asn1Encodable p1 = id1.Parameters;
-            Asn1Encodable p2 = id2.Parameters;
-
-            if ((p1 == null) == (p2 == null))
-                return Objects.Equals(p1, p2);
-
-            // Exactly one of p1, p2 is null at this point
-            return p1 == null
-                ? p2.ToAsn1Object() is Asn1Null
-                : p1.ToAsn1Object() is Asn1Null;
-        }
     }
-}
\ No newline at end of file
+}
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs
index 9c3e0fd03..fec33f09c 100644
--- a/crypto/src/x509/X509Crl.cs
+++ b/crypto/src/x509/X509Crl.cs
@@ -181,8 +181,7 @@ namespace Org.BouncyCastle.X509
         {
             var tbsCertList = c.TbsCertList;
 
-            // TODO Compare IsAlgIDEqual in X509Certificate.CheckSignature
-            if (!c.SignatureAlgorithm.Equals(tbsCertList.Signature))
+            if (!X509SignatureUtilities.AreEquivalentAlgorithms(c.SignatureAlgorithm, tbsCertList.Signature))
                 throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
 
 			return X509Utilities.VerifySignature(verifier, tbsCertList, c.Signature);
diff --git a/crypto/src/x509/X509SignatureUtil.cs b/crypto/src/x509/X509SignatureUtil.cs
index 307d5a527..635e7d70b 100644
--- a/crypto/src/x509/X509SignatureUtil.cs
+++ b/crypto/src/x509/X509SignatureUtil.cs
@@ -12,7 +12,25 @@ namespace Org.BouncyCastle.X509
 {
     internal class X509SignatureUtilities
 	{
-		internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)
+        internal static bool AreEquivalentAlgorithms(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
+        {
+            if (!id1.Algorithm.Equals(id2.Algorithm))
+                return false;
+
+            Asn1Encodable p1 = id1.Parameters;
+            Asn1Encodable p2 = id2.Parameters;
+
+            if (p1 == p2)
+                return true;
+            if (p1 == null)
+                return p2.ToAsn1Object() is Asn1Null;
+            if (p2 == null)
+                return p1.ToAsn1Object() is Asn1Null;
+
+            return p1.Equals(p2);
+        }
+
+        internal static string GetSignatureName(AlgorithmIdentifier sigAlgID)
 		{
 			DerObjectIdentifier sigAlgOid = sigAlgID.Algorithm;
 			Asn1Encodable parameters = sigAlgID.Parameters;
@@ -87,5 +105,5 @@ namespace Org.BouncyCastle.X509
 				return digestAlgOID.GetID();
 			}
 		}
-	}
+    }
 }