gnutls_pubkey_verify_hash2: corrected operation with RSA-PSS keys

That is, do not check the flag GNUTLS_VERIFY_USE_RSA_PSS, as we already have enough information to determine whether an RSA-PSS signature is used (the sign algorithm). Also return the code GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY when a signature algorithm incompatible with the public key is encountered. In addition, fixed few misplacements of GNUTLS_PK_RSA_PSS in switch cases. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-25 11:12:33 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-29 08:23:49 +0200
commit: 2e9ef4138440832d5cb39c47d021f882bf15a25e (patch)
tree: 2ef382a3c354995bf320a5d01d2ebb0243c231ae /lib/errors.c
parent: 7822f10e9229af74998b3daeafcf9e7f22bc0f8d (diff)
download: gnutls-2e9ef4138440832d5cb39c47d021f882bf15a25e.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/errors.c b/lib/errors.c
index b77ba48b1d..bd39172803 100644
--- a/lib/errors.c
+++ b/lib/errors.c
@@ -412,6 +412,8 @@ static const gnutls_error_entry error_entries[] = {
 		    GNUTLS_E_PK_INVALID_PRIVKEY),
 	ERROR_ENTRY(N_("The DER time encoding is invalid."),
 		    GNUTLS_E_ASN1_TIME_ERROR),
+	ERROR_ENTRY(N_("The signature is incompatible with the public key."),
+		    GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY),
 	{NULL, NULL, 0}
 };
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-25 11:12:33 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-29 08:23:49 +0200
commit	2e9ef4138440832d5cb39c47d021f882bf15a25e (patch)
tree	2ef382a3c354995bf320a5d01d2ebb0243c231ae /lib/errors.c
parent	7822f10e9229af74998b3daeafcf9e7f22bc0f8d (diff)
download	gnutls-2e9ef4138440832d5cb39c47d021f882bf15a25e.tar.gz