@@ -144,12 +144,12 @@ int X509Crypto::compareIssuerToString(string_view name) const
144144 static const string_view escape = " #+,;<=>\\ "
145145 string value (nameitem.substr (pos+1 , pos-old));
146146 static const errc ok{};
147- int8_t result{};
147+ uint8_t result{};
148148 for (string::size_type pos = value.find (' \\ ' size (); pos = value.find (' \\ '
149149 {
150- if (auto data = value.data () + pos + 1 ; from_chars (data, data + 2 , result, 16 ).ec == ok)
150+ if (auto data = next ( value.data (), pos + 1 ) ; from_chars (data, next ( data, 2 ) , result, 16 ).ec == ok)
151151 {
152- value[pos] = result;
152+ value[pos] = char ( result) ;
153153 value.erase (pos + 1 , 2 );
154154 }
155155 else if (escape.find (value[pos+1 ]) == string::npos)
@@ -211,7 +211,6 @@ bool X509Crypto::verify(const string &method, const vector<unsigned char> &diges
211211 {
212212 case EVP_PKEY_RSA:
213213 break ;
214- #ifndef OPENSSL_NO_ECDSA
215214 case EVP_PKEY_EC:
216215 {
217216 SCOPE (ECDSA_SIG, sig, ECDSA_SIG_new ());
@@ -223,9 +222,9 @@ bool X509Crypto::verify(const string &method, const vector<unsigned char> &diges
223222 EVP_PKEY_verify_init (ctx.get ()) == 1 &&
224223 EVP_PKEY_verify (ctx.get (), asn1.data (), asn1.size (), digest.data (), digest.size ()) == 1 ;
225224 }
226- #endif
227225 default : THROW (" Unsupported public key"
228226 }
227+
229228 int nid = Digest::toMethod (method);
230229 if (Digest::isRsaPssUri (method))
231230 {
@@ -236,30 +235,28 @@ bool X509Crypto::verify(const string &method, const vector<unsigned char> &diges
236235 EVP_PKEY_CTX_set_signature_md (ctx.get (), EVP_get_digestbynid (nid)) == 1 &&
237236 EVP_PKEY_verify (ctx.get (), signature.data (), signature.size (), digest.data (), digest.size ()) == 1 ;
238237 }
239- else
240- {
241- size_t size = 0 ;
242- if (!ctx ||
243- EVP_PKEY_verify_recover_init (ctx.get ()) <= 0 ||
244- EVP_PKEY_CTX_set_rsa_padding (ctx.get (), RSA_PKCS1_PADDING) <= 0 ||
245- EVP_PKEY_verify_recover (ctx.get (), nullptr , &size, signature.data (), signature.size ()) <= 0 )
246- return false ;
247- vector<unsigned char > decrypted (size);
248- if (EVP_PKEY_verify_recover (ctx.get (), decrypted.data (), &size, signature.data (), signature.size ()) <= 0 )
249- return false ;
250- decrypted.resize (size);
251- const unsigned char *p = decrypted.data ();
252- SCOPE (X509_SIG, sig, d2i_X509_SIG (nullptr , &p, long (decrypted.size ())));
253- if (!sig)
254- return false ;
255- const X509_ALGOR *algor = nullptr ;
256- const ASN1_OCTET_STRING *value = nullptr ;
257- X509_SIG_get0 (sig.get (), &algor, &value);
258238
259- if (algor->parameter && ASN1_TYPE_get (algor->parameter ) != V_ASN1_NULL)
260- return false ;
261- return nid == OBJ_obj2nid (algor->algorithm ) &&
262- size_t (value->length ) == digest.size () &&
263- memcmp (value->data , digest.data (), digest.size ()) == 0 ;
264- }
239+ size_t size = 0 ;
240+ if (!ctx ||
241+ EVP_PKEY_verify_recover_init (ctx.get ()) <= 0 ||
242+ EVP_PKEY_CTX_set_rsa_padding (ctx.get (), RSA_PKCS1_PADDING) <= 0 ||
243+ EVP_PKEY_verify_recover (ctx.get (), nullptr , &size, signature.data (), signature.size ()) <= 0 )
244+ return false ;
245+ vector<unsigned char > decrypted (size);
246+ if (EVP_PKEY_verify_recover (ctx.get (), decrypted.data (), &size, signature.data (), signature.size ()) <= 0 )
247+ return false ;
248+ decrypted.resize (size);
249+ const unsigned char *p = decrypted.data ();
250+ SCOPE (X509_SIG, sig, d2i_X509_SIG (nullptr , &p, long (decrypted.size ())));
251+ if (!sig)
252+ return false ;
253+ const X509_ALGOR *algor = nullptr ;
254+ const ASN1_OCTET_STRING *value = nullptr ;
255+ X509_SIG_get0 (sig.get (), &algor, &value);
256+
257+ if (algor->parameter && ASN1_TYPE_get (algor->parameter ) != V_ASN1_NULL)
258+ return false ;
259+ return nid == OBJ_obj2nid (algor->algorithm ) &&
260+ size_t (value->length ) == digest.size () &&
261+ memcmp (value->data , digest.data (), digest.size ()) == 0 ;
265262}
0 commit comments