summaryrefslogtreecommitdiffstats
path: root/nss/lib/certhigh/certvfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'nss/lib/certhigh/certvfy.c')
-rw-r--r--nss/lib/certhigh/certvfy.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
index 8e74227..be01efb 100644
--- a/nss/lib/certhigh/certvfy.c
+++ b/nss/lib/certhigh/certvfy.c
@@ -44,7 +44,7 @@ checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
SECOidTag sigAlg;
SECOidTag curve;
PRUint32 policyFlags = 0;
- PRInt32 minLen, len;
+ PRInt32 minLen, len, optFlags;
sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm);
@@ -109,6 +109,13 @@ checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
return SECFailure;
}
+ if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) == SECFailure) {
+ return SECSuccess;
+ }
+ if ((optFlags & NSS_KEY_SIZE_POLICY_VERIFY_FLAG) == 0) {
+ return SECSuccess;
+ }
+
len = 8 * key->u.rsa.modulus.len;
rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minLen);
@@ -131,6 +138,12 @@ checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return SECFailure;
}
+ if (NSS_OptionGet(NSS_KEY_SIZE_POLICY_FLAGS, &optFlags) == SECFailure) {
+ return SECSuccess;
+ }
+ if ((optFlags & NSS_KEY_SIZE_POLICY_VERIFY_FLAG) == 0) {
+ return SECSuccess;
+ }
len = 8 * key->u.dsa.params.prime.len;
@@ -162,6 +175,7 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
SECOidTag sigAlg;
SECOidTag encAlg;
SECOidTag hashAlg;
+ CK_MECHANISM_TYPE mech;
PRUint32 policyFlags;
if (!pubKey || !sd) {
@@ -173,7 +187,7 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
sigAlg = SECOID_GetAlgorithmTag(&sd->signatureAlgorithm);
rv = sec_DecodeSigAlg(pubKey, sigAlg,
&sd->signatureAlgorithm.parameters,
- &encAlg, &hashAlg);
+ &encAlg, &hashAlg, &mech, NULL);
if (rv != SECSuccess) {
return SECFailure; /* error is set */
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 15:39:19 +0000