diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-02 08:32:52 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-02 17:53:37 +0000 |
| commit | e7b903309948c5bc98a4cd853b1feb7df08ff715 (patch) | |
| tree | ff9247e2dd555dd96690509da2b0ec44f754e654 /tests | |
| parent | 71e10e56ee1e1105460fddd0fc3ed0df0bf1733c (diff) | |
| download | gnutls-e7b903309948c5bc98a4cd853b1feb7df08ff715.tar.gz | |
sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS
If the signature algorithm sets the `cert_pk` field, ignore the
`pk` field completely. Not doing that would make the RSAE signature
algorithms with RSA-PSS certificates which is against the intended
use of `cert_pk`.
Resolves #500
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/tls13-cert-key-exchange.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/tls13-cert-key-exchange.c b/tests/tls13-cert-key-exchange.c index dc1e8ccb15..af97df8e4e 100644 --- a/tests/tls13-cert-key-exchange.c +++ b/tests/tls13-cert-key-exchange.c @@ -109,6 +109,11 @@ void doit(void) GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL); + try_with_key_fail("TLS 1.3 with x25519 with rsa-pss cert and RSAE signatures", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL); + server_priority = NULL; try_with_key_fail("TLS 1.3 with rsa cert and only RSA-PSS sig algos", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", |