diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-26 09:16:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-03 11:57:53 +0200 |
commit | 2f0e285ad8e2762b280c4ed8163ab8f5c915d4d4 (patch) | |
tree | dd9030c732852b032ab64e34daa4b5b8cc6babaf /lib/x509/crq.c | |
parent | 8e225209449db9c4fe6b28d8974f6ab5cd29caa5 (diff) | |
download | gnutls-2f0e285ad8e2762b280c4ed8163ab8f5c915d4d4.tar.gz |
pubkey_verify_data: accept signature entry instead of PK and hash
That aligns better with current callers which know the signature
algorithm in use.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/x509/crq.c')
-rw-r--r-- | lib/x509/crq.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 6088ef9ac6..0642d89f49 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -2916,8 +2916,8 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) gnutls_datum_t data = { NULL, 0 }; gnutls_datum_t signature = { NULL, 0 }; gnutls_pk_params_st params; - gnutls_digest_algorithm_t algo; gnutls_x509_spki_st sign_params; + const gnutls_sign_entry_st *se; int ret; gnutls_pk_params_init(¶ms); @@ -2939,7 +2939,12 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) goto cleanup; } - algo = gnutls_sign_get_hash_algorithm(ret); + se = _gnutls_sign_to_entry(ret); + if (se == NULL) { + gnutls_assert(); + ret = GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + goto cleanup; + } ret = _gnutls_x509_get_signature(crq->crq, "signature", &signature); @@ -2963,8 +2968,7 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) } ret = - pubkey_verify_data(sign_params.pk, - hash_to_entry(algo), &data, &signature, + pubkey_verify_data(se, &data, &signature, ¶ms, &sign_params); if (ret < 0) { gnutls_assert(); |