diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-30 10:42:27 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-31 10:33:47 +0200 |
| commit | 7c2cb962853f572b2188e6f2053422b5dbb110e6 (patch) | |
| tree | c7298bbcea4f4d5a32fb98dc76c1202adebea70e | |
| parent | 7586209b70da3ad3eb8d64cdfba361d19024d5cf (diff) | |
| download | gnutls-7c2cb962853f572b2188e6f2053422b5dbb110e6.tar.gz | |
gnutls_pubkey_verify_hash2: check for broken signature algorithms
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/pubkey.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index f3d72a807a..67263e831c 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1684,7 +1684,9 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, * You can use gnutls_pk_to_sign() to get the appropriate value. * * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED - * is returned, and zero or positive code on success. + * is returned, and zero or positive code on success. For known to be insecure + * signatures this function will return %GNUTLS_E_INSUFFICIENT_SECURITY unless + * the flag %GNUTLS_VERIFY_ALLOW_BROKEN is specified. * * Since: 3.0 **/ @@ -1697,6 +1699,7 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, { const mac_entry_st *me; gnutls_x509_spki_st params; + int ret; if (key == NULL) { gnutls_assert(); @@ -1707,6 +1710,7 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) { params.pk = GNUTLS_PK_RSA; + /* we do not check for insecure algorithms with this flag */ return _gnutls_pk_verify(params.pk, hash, signature, &key->params, ¶ms); } else { @@ -1740,11 +1744,21 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, } } - return pubkey_verify_hashed_data(params.pk, me, + ret = pubkey_verify_hashed_data(params.pk, me, hash, signature, &key->params, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } } + + if (gnutls_sign_is_secure(algo) == 0 && _gnutls_is_broken_sig_allowed(algo, flags) == 0) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY); + } + + return 0; } /** |