From e7b903309948c5bc98a4cd853b1feb7df08ff715 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 2 Jul 2018 08:32:52 +0200 Subject: sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS If the signature algorithm sets the `cert_pk` field, ignore the `pk` field completely. Not doing that would make the RSAE signature algorithms with RSA-PSS certificates which is against the intended use of `cert_pk`. Resolves #500 Signed-off-by: Nikos Mavrogiannopoulos --- lib/algorithms.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/algorithms.h') diff --git a/lib/algorithms.h b/lib/algorithms.h index d105b3cd68..cff79348cb 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -374,7 +374,7 @@ sign_supports_priv_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algori inline static unsigned sign_supports_cert_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algorithm_t pk) { - if (pk == se->pk || (se->cert_pk && se->cert_pk == pk)) + if ((!se->cert_pk && pk == se->pk) || (se->cert_pk && se->cert_pk == pk)) return 1; return 0; -- cgit v1.2.1