diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-28 10:22:29 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 16:46:38 +0200 |
commit | 395ab75c52c4c337667caa1bd53c8649ed66ee08 (patch) | |
tree | 7642961142ad7423af7336c59242ef9d37104f03 | |
parent | 84ea5d6cb34e4cb5323bf6d1f25325b0d7dbf23e (diff) | |
download | gnutls-395ab75c52c4c337667caa1bd53c8649ed66ee08.tar.gz |
privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or GNUTLS_PK_EDDSA_ED25519
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/privkey.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/privkey.c b/lib/privkey.c index a865aa4518..b67f8e18ce 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -1315,6 +1315,9 @@ privkey_sign_raw_data(gnutls_privkey_t key, return _gnutls_pk_sign(pk, signature, data, &key->key.x509->params, params); case GNUTLS_PRIVKEY_EXT: + if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_EDDSA_ED25519) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (key->key.ext.sign_func == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); return key->key.ext.sign_func(key, key->key.ext.userdata, |