diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-02 08:32:52 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-02 17:53:37 +0000 |
commit | e7b903309948c5bc98a4cd853b1feb7df08ff715 (patch) | |
tree | ff9247e2dd555dd96690509da2b0ec44f754e654 /lib/algorithms.h | |
parent | 71e10e56ee1e1105460fddd0fc3ed0df0bf1733c (diff) | |
download | gnutls-e7b903309948c5bc98a4cd853b1feb7df08ff715.tar.gz |
sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS
If the signature algorithm sets the `cert_pk` field, ignore the
`pk` field completely. Not doing that would make the RSAE signature
algorithms with RSA-PSS certificates which is against the intended
use of `cert_pk`.
Resolves #500
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/algorithms.h')
-rw-r--r-- | lib/algorithms.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index d105b3cd68..cff79348cb 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -374,7 +374,7 @@ sign_supports_priv_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algori inline static unsigned sign_supports_cert_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algorithm_t pk) { - if (pk == se->pk || (se->cert_pk && se->cert_pk == pk)) + if ((!se->cert_pk && pk == se->pk) || (se->cert_pk && se->cert_pk == pk)) return 1; return 0; |