diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-31 10:12:31 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-31 10:33:47 +0200 |
commit | af511c871e54181417990a19f6e8ba054a9557ab (patch) | |
tree | 85254a629e3356b68c3b33c6e01ba28075f98a72 | |
parent | 7c2cb962853f572b2188e6f2053422b5dbb110e6 (diff) | |
download | gnutls-af511c871e54181417990a19f6e8ba054a9557ab.tar.gz |
gnutls_pubkey_verify_hash2: do not allow GNUTLS_VERIFY_USE_TLS1_RSA with non-RSA keys
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/pubkey.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index 67263e831c..feb99a14b7 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1709,6 +1709,8 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, memcpy(¶ms, &key->params.sign, sizeof(gnutls_x509_spki_st)); if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) { + if (!GNUTLS_PK_IS_RSA(key->pk_algorithm)) + return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); params.pk = GNUTLS_PK_RSA; /* we do not check for insecure algorithms with this flag */ return _gnutls_pk_verify(params.pk, hash, signature, |