privkey_sign_and_hash_data: in pre-hashed schemes, allow empty hash algorithm

In these schemes the hash algorithm is fixed in the signature algorithm and thus the empty (unknown) value will act as a wildcard. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-17 09:06:52 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-17 17:08:02 +0200
commit: 30fd9938025bb8b9d52f3628cda2d1203b179533 (patch)
tree: 1c9bd5aa66000170ce584246a7dc28462adb9aeb /lib/pubkey.c
parent: 0fbf17287c10f4990f4140368149ebb2de258691 (diff)
download: gnutls-30fd9938025bb8b9d52f3628cda2d1203b179533.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c
index 7a77c30741..0b16f28fba 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -1528,7 +1528,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
 	params.pk = gnutls_sign_get_pk_algorithm(algo);
 	params.dig = gnutls_sign_get_hash_algorithm(algo);
 	me = hash_to_entry(params.dig);
-	if (me == NULL)
+	if (me == NULL && !_gnutls_pk_is_not_prehashed(params.pk))
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
 	if (params.pk != pubkey->pk_algorithm) {
@@ -1780,6 +1780,9 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
 	unsigned int digest_size;
 	gnutls_datum_t d, di;
 
+	if (unlikely(me == NULL))
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
 	digest_size = _gnutls_hash_get_algo_len(me);
 	if (prehash) {
 		if (prehash->data == NULL || prehash->size != digest_size)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-17 09:06:52 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-17 17:08:02 +0200
commit	30fd9938025bb8b9d52f3628cda2d1203b179533 (patch)
tree	1c9bd5aa66000170ce584246a7dc28462adb9aeb /lib/pubkey.c
parent	0fbf17287c10f4990f4140368149ebb2de258691 (diff)
download	gnutls-30fd9938025bb8b9d52f3628cda2d1203b179533.tar.gz