File tree 3 files changed +17
-4
lines changed 3 files changed +17
-4
lines changed Original file line number Diff line number Diff line change @@ -38,11 +38,17 @@ Forge ChangeLog
3838 DER parsing may need to adapt to this new behavior and optional flag.
3939- [ rsa] Add and use a validator to check for proper structure of parsed ASN.1
4040 ` RSASSA-PKCS-v1_5 ` ` DigestInfo ` data. Additionally check that the hash
41- algorithm identifier is a known value. An invalid ` DigestInfo ` or algorithm
42- identifier will now cause an error to be thrown.
41+ algorithm identifier is a known value from RFC 8017
42+ ` PKCS1-v1-5DigestAlgorithms ` . An invalid ` DigestInfo ` or algorithm identifier
43+ will now cause an error to be thrown.
4344
4445### Added
45- - [ oid] Added ` 1.2.840.113549.2.2 ` / ` md2 ` for hash algorithm checking.
46+ - [ oid] Added missing RFC 8017 PKCS1-v1-5DigestAlgorithms algorithm
47+ identifiers:
48+ - ` 1.2.840.113549.2.2 ` / ` md2 `
49+ - ` 2.16.840.1.101.3.4.2.4 ` / ` sha224 `
50+ - ` 2.16.840.1.101.3.4.2.5 ` / ` sha512-224 `
51+ - ` 2.16.840.1.101.3.4.2.6 ` / ` sha512-256 `
4652
4753## 1.2.1 - 2022-01-11
4854
Original file line number Diff line number Diff line change @@ -47,6 +47,9 @@ _IN('1.3.14.3.2.29', 'sha1WithRSASignature');
4747_IN ( '2.16.840.1.101.3.4.2.1' , 'sha256' ) ;
4848_IN ( '2.16.840.1.101.3.4.2.2' , 'sha384' ) ;
4949_IN ( '2.16.840.1.101.3.4.2.3' , 'sha512' ) ;
50+ _IN ( '2.16.840.1.101.3.4.2.4' , 'sha224' ) ;
51+ _IN ( '2.16.840.1.101.3.4.2.5' , 'sha512-224' ) ;
52+ _IN ( '2.16.840.1.101.3.4.2.6' , 'sha512-256' ) ;
5053_IN ( '1.2.840.113549.2.2' , 'md2' ) ;
5154_IN ( '1.2.840.113549.2.5' , 'md5' ) ;
5255
Original file line number Diff line number Diff line change @@ -1169,14 +1169,18 @@ pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
11691169 throw error ;
11701170 }
11711171 // check hash algorithm identifier
1172+ // see PKCS1-v1-5DigestAlgorithms in RFC 8017
11721173 // FIXME: add support to vaidator for strict value choices
11731174 var oid = asn1 . derToOid ( capture . algorithmIdentifier ) ;
11741175 if ( ! ( oid === forge . oids . md2 ||
11751176 oid === forge . oids . md5 ||
11761177 oid === forge . oids . sha1 ||
1178+ oid === forge . oids . sha224 ||
11771179 oid === forge . oids . sha256 ||
11781180 oid === forge . oids . sha384 ||
1179- oid === forge . oids . sha512 ) ) {
1181+ oid === forge . oids . sha512 ||
1182+ oid === forge . oids [ 'sha512-224' ] ||
1183+ oid === forge . oids [ 'sha512-256' ] ) ) {
11801184 var error = new Error (
11811185 'Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier.' ) ;
11821186 error . oid = oid ;
You can’t perform that action at this time.
0 commit comments