prior to negotiating a signature check compatibility with private key

That is, check if the private key can support the public key operation needed for the signature. That in particular includes, excluding the Ed25519 and RSA-PSS from being used with the 'EXT' keys as the current API cannot handle them, and RSA-PSS from being used by PKCS#11 RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism. Relates #234 Resolves #209 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-28 09:27:03 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-04 16:46:18 +0200
commit: 31cb0cac7d4f1d34a8c42d65817357ee24e4e0e8 (patch)
tree: 8aefefc7ec6e3fe66fdd4953304e7c6c9a7ce9bd /lib/tls-sig.c
parent: b05d57f6463e1f08c3fe14d4d2c1a556a68c0b47 (diff)
download: gnutls-31cb0cac7d4f1d34a8c42d65817357ee24e4e0e8.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 95a7b3ea64..a452cdfb77 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -554,7 +554,7 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
 	if (sign_algo == GNUTLS_SIGN_UNKNOWN || 
 	    _gnutls_session_sign_algo_enabled(session, sign_algo) < 0) {
 
-		sign_algo = _gnutls_session_get_sign_algo(session, cert, 1);
+		sign_algo = _gnutls_session_get_sign_algo(session, cert, pkey, 1);
 		if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
 			gnutls_assert();
 			return GNUTLS_E_UNWANTED_ALGORITHM;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-28 09:27:03 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-04 16:46:18 +0200
commit	31cb0cac7d4f1d34a8c42d65817357ee24e4e0e8 (patch)
tree	8aefefc7ec6e3fe66fdd4953304e7c6c9a7ce9bd /lib/tls-sig.c
parent	b05d57f6463e1f08c3fe14d4d2c1a556a68c0b47 (diff)
download	gnutls-31cb0cac7d4f1d34a8c42d65817357ee24e4e0e8.tar.gz