privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or GNUTLS_PK_EDDSA_ED25519

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-28 10:22:29 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-04 16:46:38 +0200
commit: 395ab75c52c4c337667caa1bd53c8649ed66ee08 (patch)
tree: 7642961142ad7423af7336c59242ef9d37104f03
parent: 84ea5d6cb34e4cb5323bf6d1f25325b0d7dbf23e (diff)
download: gnutls-395ab75c52c4c337667caa1bd53c8649ed66ee08.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/privkey.c b/lib/privkey.c
index a865aa4518..b67f8e18ce 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -1315,6 +1315,9 @@ privkey_sign_raw_data(gnutls_privkey_t key,
 		return _gnutls_pk_sign(pk, signature, data,
 				       &key->key.x509->params, params);
 	case GNUTLS_PRIVKEY_EXT:
+		if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_EDDSA_ED25519)
+			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
 		if (key->key.ext.sign_func == NULL)
 			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 		return key->key.ext.sign_func(key, key->key.ext.userdata,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-28 10:22:29 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-04 16:46:38 +0200
commit	395ab75c52c4c337667caa1bd53c8649ed66ee08 (patch)
tree	7642961142ad7423af7336c59242ef9d37104f03
parent	84ea5d6cb34e4cb5323bf6d1f25325b0d7dbf23e (diff)
download	gnutls-395ab75c52c4c337667caa1bd53c8649ed66ee08.tar.gz