Do not throw, optionally, when facing an unknown OID. Fix mozroot fac…

…ing an sha384ECDSA signed certificate)
mono · Jun 26, 2013 · 85cb079 · 85cb079
1 parent 8b78777
commit 85cb079
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/mcs/class/Mono.Security/Mono.Security.Cryptography/PKCS1.cs b/mcs/class/Mono.Security/Mono.Security.Cryptography/PKCS1.cs
@@ -426,7 +426,7 @@ public static byte[] MGF1 (HashAlgorithm hash, byte[] mgfSeed, int maskLen)
 			return mask;
 		}
 
-		static internal string HashNameFromOid (string oid)
+		static internal string HashNameFromOid (string oid, bool throwOnError = true)
 		{
 			switch (oid) {
 			case "1.2.840.113549.1.1.2":	// MD2 with RSA encryption 
@@ -448,7 +448,9 @@ static internal string HashNameFromOid (string oid)
 			case "1.3.36.3.3.1.2":
 				return "RIPEMD160";
 			default:
-				throw new CryptographicException ("Unsupported hash algorithm: " + oid);
+				if (throwOnError)
+					throw new CryptographicException ("Unsupported hash algorithm: " + oid);
+				return null;
 			}
 		}
 

diff --git a/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs b/mcs/class/Mono.Security/Mono.Security.X509/X509Certificate.cs
@@ -289,8 +289,11 @@ private byte[] GetUnsignedBigInteger (byte[] integer)
 				if (certhash == null) {
 					if ((decoder == null) || (decoder.Count < 1))
 						return null;
+					string algo = PKCS1.HashNameFromOid (m_signaturealgo, false);
+					if (algo == null)
+						return null;
 					byte[] toBeSigned = decoder [0].GetBytes ();
-					using (var hash = PKCS1.CreateFromOid (m_signaturealgo))
+					using (var hash = PKCS1.CreateFromName (algo))
 						certhash = hash.ComputeHash (toBeSigned, 0, toBeSigned.Length);
 				}
 				return (byte[]) certhash.Clone ();