diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-06 15:09:50 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-09 17:01:10 +0100 |
| commit | 51d21634c9329463a8d7def24550ef268bc9b88c (patch) | |
| tree | 49a8e2370b632040c8fbdbd03b9f8b51cef34677 /lib/pubkey.c | |
| parent | 02354f173e66df3dad4ac9447e4965aecfad65e8 (diff) | |
| download | gnutls-51d21634c9329463a8d7def24550ef268bc9b88c.tar.gz | |
signatures: distinguish RSA-PSS signatures with RSA PKCS#1 1.5 certificates from "pure"
This change enhances signature algorithms to have a private key algorithm
parameter. That is, to allow signature algorithms operating with a private
key of type X while the public key is of type Y. That is useful for the
RSA-PSS signatures which are of two types; one which is seen from servers
having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while
both utilize RSA-PSS private keys.
This is a draft-ietf-tls-tls13-23 change.
Resolves #400
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/pubkey.c')
| -rw-r--r-- | lib/pubkey.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index 466e2dee63..d6d374b786 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1518,7 +1518,7 @@ int fixup_spki_params(const gnutls_pk_params_st *key_params, const gnutls_sign_e unsigned bits; if (se->pk != key_params->algo) { - if (!gnutls_sign_supports_pk_algorithm(se->id, key_params->algo)) { + if (!sign_supports_priv_pk_algorithm(se, key_params->algo)) { _gnutls_debug_log("have key: %s/%d, with sign %s/%d\n", gnutls_pk_get_name(key_params->algo), key_params->algo, se->name, se->id); @@ -1729,7 +1729,7 @@ int pubkey_supports_sig(gnutls_pubkey_t pubkey, gnutls_ecc_curve_t curve = pubkey->params.curve; if (curve != se->curve) { - _gnutls_debug_log("have key: ECDSA with %s/%d, with sign %s/%d\n", + _gnutls_handshake_log("have key: ECDSA with %s/%d, with sign %s/%d\n", gnutls_ecc_curve_get_name(curve), (int)curve, se->name, se->id); return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); @@ -1737,8 +1737,8 @@ int pubkey_supports_sig(gnutls_pubkey_t pubkey, } if (se->pk != pubkey->params.algo) { /* if the PK algorithm of the signature differs to the one on the pubkey */ - if (!gnutls_sign_supports_pk_algorithm(se->id, pubkey->params.algo)) { - _gnutls_debug_log("have key: %s/%d, with sign %s/%d\n", + if (!sign_supports_priv_pk_algorithm(se, pubkey->params.algo)) { + _gnutls_handshake_log("have key: %s/%d, with sign %s/%d\n", gnutls_pk_get_name(pubkey->params.algo), pubkey->params.algo, se->name, se->id); return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); |