From 31cb0cac7d4f1d34a8c42d65817357ee24e4e0e8 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 28 Jul 2017 09:27:03 +0200 Subject: prior to negotiating a signature check compatibility with private key That is, check if the private key can support the public key operation needed for the signature. That in particular includes, excluding the Ed25519 and RSA-PSS from being used with the 'EXT' keys as the current API cannot handle them, and RSA-PSS from being used by PKCS#11 RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism. Relates #234 Resolves #209 Signed-off-by: Nikos Mavrogiannopoulos --- lib/tls-sig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/tls-sig.c') diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 95a7b3ea64..a452cdfb77 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -554,7 +554,7 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session, if (sign_algo == GNUTLS_SIGN_UNKNOWN || _gnutls_session_sign_algo_enabled(session, sign_algo) < 0) { - sign_algo = _gnutls_session_get_sign_algo(session, cert, 1); + sign_algo = _gnutls_session_get_sign_algo(session, cert, pkey, 1); if (sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; -- cgit v1.2.1