diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-17 09:06:52 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-17 17:08:02 +0200 |
commit | 30fd9938025bb8b9d52f3628cda2d1203b179533 (patch) | |
tree | 1c9bd5aa66000170ce584246a7dc28462adb9aeb /lib/pubkey.c | |
parent | 0fbf17287c10f4990f4140368149ebb2de258691 (diff) | |
download | gnutls-30fd9938025bb8b9d52f3628cda2d1203b179533.tar.gz |
privkey_sign_and_hash_data: in pre-hashed schemes, allow empty hash algorithm
In these schemes the hash algorithm is fixed in the signature algorithm
and thus the empty (unknown) value will act as a wildcard.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/pubkey.c')
-rw-r--r-- | lib/pubkey.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index 7a77c30741..0b16f28fba 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1528,7 +1528,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, params.pk = gnutls_sign_get_pk_algorithm(algo); params.dig = gnutls_sign_get_hash_algorithm(algo); me = hash_to_entry(params.dig); - if (me == NULL) + if (me == NULL && !_gnutls_pk_is_not_prehashed(params.pk)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (params.pk != pubkey->pk_algorithm) { @@ -1780,6 +1780,9 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk, unsigned int digest_size; gnutls_datum_t d, di; + if (unlikely(me == NULL)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + digest_size = _gnutls_hash_get_algo_len(me); if (prehash) { if (prehash->data == NULL || prehash->size != digest_size) |