diff options
author | Daiki Ueno <ueno@gnu.org> | 2020-07-27 10:37:11 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2020-07-27 10:37:11 +0000 |
commit | 38b0c6019cf6a50616651e3b757571896881f727 (patch) | |
tree | 64d37007ce22cec384aee54506a02784c676d0ba | |
parent | 81ed3b4a3e791dd0128f549edc03815c58907a5e (diff) | |
parent | 57d22ddc85a1fde180c0a5b0178eeb128792e636 (diff) | |
download | gnutls-38b0c6019cf6a50616651e3b757571896881f727.tar.gz |
Merge branch 'sign-spurious-message' into 'master'
pubkey: avoid spurious audit messages from _gnutls_pubkey_compatible_with_sig()
See merge request gnutls/gnutls!1301
-rw-r--r-- | lib/pubkey.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index de95a04c37..6f9d54f119 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -2092,10 +2092,16 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, unsigned int sig_hash_size; const mac_entry_st *me; const gnutls_sign_entry_st *se; + int ret; se = _gnutls_sign_to_entry(sign); - if (se == NULL && _gnutls_version_has_selectable_sighash(ver)) + if (se != NULL) { + ret = pubkey_supports_sig(pubkey, se); + if (ret < 0) + return gnutls_assert_val(ret); + } else if (_gnutls_version_has_selectable_sighash(ver)) { return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } if (pubkey->params.algo == GNUTLS_PK_DSA) { me = _gnutls_dsa_q_to_hash(&pubkey->params, &hash_size); @@ -2158,9 +2164,6 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, } } - if (se != NULL) - return pubkey_supports_sig(pubkey, se); - return 0; } |