diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-26 17:28:00 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 09:38:27 +0200 |
commit | 3485325912d1353d1fa4efcd810f3c16a99a7a37 (patch) | |
tree | 9f9f7604a9667ee87a586dd556ec243539a1b980 /lib/x509 | |
parent | b59fddec09a097f9fd33b16a756158652e59aa88 (diff) | |
download | gnutls-3485325912d1353d1fa4efcd810f3c16a99a7a37.tar.gz |
_gnutls_x509_read_rsa_pss_params: fail early on unknown hash algorithms
Also utilize GNUTLS_E_CONSTRAINT_ERROR for signaling differences
between the hash functions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/key_decode.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 6f5f9eadb5..63256cb8c8 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Free Software Foundation, Inc. - * Copyright (C) 2013 Red Hat + * Copyright (C) 2013-2017 Red Hat * * Author: Nikos Mavrogiannopoulos * @@ -251,7 +251,7 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, ASN1_TYPE spk = ASN1_TYPE_EMPTY; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; gnutls_digest_algorithm_t digest; - char oid[MAX_OID_SIZE]; + char oid[MAX_OID_SIZE] = ""; int size; unsigned int trailer; gnutls_datum_t value = { NULL, 0 }; @@ -285,6 +285,13 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, goto cleanup; } + if (digest == GNUTLS_DIG_UNKNOWN) { + gnutls_assert(); + _gnutls_debug_log("Unknown RSA-PSS hash: %s\n", oid); + result = GNUTLS_E_UNKNOWN_HASH_ALGORITHM; + goto cleanup; + } + size = sizeof(oid); result = asn1_read_value(spk, "maskGenAlgorithm.algorithm", oid, &size); if (result == ASN1_SUCCESS) { @@ -293,7 +300,8 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, /* Error out if algorithm other than mgf1 is specified */ if (strcmp(oid, PKIX1_RSA_PSS_MGF1_OID) != 0) { gnutls_assert(); - result = GNUTLS_E_INVALID_REQUEST; + _gnutls_debug_log("Unknown mask algorithm: %s\n", oid); + result = GNUTLS_E_UNKNOWN_ALGORITHM; goto cleanup; } @@ -335,7 +343,7 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, if (digest != digest2) { gnutls_assert(); - result = GNUTLS_E_INVALID_REQUEST; + result = GNUTLS_E_CONSTRAINT_ERROR; goto cleanup; } } else if (result != ASN1_ELEMENT_NOT_FOUND) { |