1 files changed, 43 insertions, 17 deletions

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 33fd881892..5a45e9fa10 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -36,9 +36,6 @@
 # define SHA1_SECURE_VAL _INSECURE_FOR_CERTS
 #endif
 
-/* Signature algorithms may be listed twice with a different PK algorithm,
- * e.g., RSA-PSS-SHA256 can be generated by GNUTLS_PK_RSA or GNUTLS_PK_RSA_PSS.
- */
 static const gnutls_sign_entry_st sign_algorithms[] = {
 	 /* RSA-PKCS#1 1.5: must be before PSS,
 	  * so that gnutls_pk_to_sign() will return
@@ -67,37 +64,52 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
 	 .oid = PK_PKIX1_RSA_PSS_OID,
 	 .id = GNUTLS_SIGN_RSA_PSS_SHA256,
 	 .pk = GNUTLS_PK_RSA_PSS,
+	 .priv_pk = GNUTLS_PK_RSA, /* PKCS#11 doesn't separate RSA from RSA-PSS privkeys */
 	 .hash = GNUTLS_DIG_SHA256,
-	 .aid = {{8, 4}, SIG_SEM_DEFAULT}},
-	{.name = "RSA-PSS-SHA256",
+	 .tls13_ok = 1,
+	 .aid = {{8, 9}, SIG_SEM_DEFAULT}},
+	{.name = "RSA-PSS-RSAE-SHA256",
 	 .oid = PK_PKIX1_RSA_PSS_OID,
-	 .id = GNUTLS_SIGN_RSA_PSS_SHA256,
-	 .pk = GNUTLS_PK_RSA,
+	 .id = GNUTLS_SIGN_RSA_PSS_RSAE_SHA256,
+	 .pk = GNUTLS_PK_RSA_PSS,
+	 .cert_pk = GNUTLS_PK_RSA,
+	 .priv_pk = GNUTLS_PK_RSA,
 	 .hash = GNUTLS_DIG_SHA256,
+	 .tls13_ok = 1,
 	 .aid = {{8, 4}, SIG_SEM_DEFAULT}},
 	{.name = "RSA-PSS-SHA384",
 	 .oid = PK_PKIX1_RSA_PSS_OID,
 	 .id = GNUTLS_SIGN_RSA_PSS_SHA384,
 	 .pk = GNUTLS_PK_RSA_PSS,
+	 .priv_pk = GNUTLS_PK_RSA,
 	 .hash = GNUTLS_DIG_SHA384,
-	 .aid = {{8, 5}, SIG_SEM_DEFAULT}},
-	{.name = "RSA-PSS-SHA384",
+	 .tls13_ok = 1,
+	 .aid = {{8, 0x0A}, SIG_SEM_DEFAULT}},
+	{.name = "RSA-PSS-RSAE-SHA384",
 	 .oid = PK_PKIX1_RSA_PSS_OID,
-	 .id = GNUTLS_SIGN_RSA_PSS_SHA384,
-	 .pk = GNUTLS_PK_RSA,
+	 .id = GNUTLS_SIGN_RSA_PSS_RSAE_SHA384,
+	 .pk = GNUTLS_PK_RSA_PSS,
+	 .cert_pk = GNUTLS_PK_RSA,
+	 .priv_pk = GNUTLS_PK_RSA,
 	 .hash = GNUTLS_DIG_SHA384,
+	 .tls13_ok = 1,
 	 .aid = {{8, 5}, SIG_SEM_DEFAULT}},
 	{.name = "RSA-PSS-SHA512",
 	 .oid = PK_PKIX1_RSA_PSS_OID,
 	 .id = GNUTLS_SIGN_RSA_PSS_SHA512,
 	 .pk = GNUTLS_PK_RSA_PSS,
+	 .priv_pk = GNUTLS_PK_RSA,
 	 .hash = GNUTLS_DIG_SHA512,
-	 .aid = {{8, 6}, SIG_SEM_DEFAULT}},
-	{.name = "RSA-PSS-SHA512",
+	 .tls13_ok = 1,
+	 .aid = {{8, 0x0B}, SIG_SEM_DEFAULT}},
+	{.name = "RSA-PSS-RSAE-SHA512",
 	 .oid = PK_PKIX1_RSA_PSS_OID,
-	 .id = GNUTLS_SIGN_RSA_PSS_SHA512,
-	 .pk = GNUTLS_PK_RSA,
+	 .id = GNUTLS_SIGN_RSA_PSS_RSAE_SHA512,
+	 .pk = GNUTLS_PK_RSA_PSS,
+	 .cert_pk = GNUTLS_PK_RSA,
+	 .priv_pk = GNUTLS_PK_RSA,
 	 .hash = GNUTLS_DIG_SHA512,
+	 .tls13_ok = 1,
 	 .aid = {{8, 6}, SIG_SEM_DEFAULT}},
 
 	 /* Ed25519: The hash algorithm here is set to be SHA512, although that is
@@ -108,6 +120,7 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
 	 .id = GNUTLS_SIGN_EDDSA_ED25519,
 	 .pk = GNUTLS_PK_EDDSA_ED25519,
 	 .hash = GNUTLS_DIG_SHA512,
+	 .tls13_ok = 1,
 	 .aid = {{8, 7}, SIG_SEM_DEFAULT}},
 
 	 /* ECDSA */
@@ -144,18 +157,21 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
 	 .pk = GNUTLS_PK_ECDSA,
 	 .curve = GNUTLS_ECC_CURVE_SECP256R1,
 	 .hash = GNUTLS_DIG_SHA256,
+	 .tls13_ok = 1,
 	 .aid = {{4, 3}, SIG_SEM_TLS13}},
 	{.name = "ECDSA-SECP384R1-SHA384",
 	 .id = GNUTLS_SIGN_ECDSA_SECP384R1_SHA384,
 	 .pk = GNUTLS_PK_ECDSA,
 	 .curve = GNUTLS_ECC_CURVE_SECP384R1,
 	 .hash = GNUTLS_DIG_SHA384,
+	 .tls13_ok = 1,
 	 .aid = {{5, 3}, SIG_SEM_TLS13}},
 	{.name = "ECDSA-SECP521R1-SHA512",
 	 .id = GNUTLS_SIGN_ECDSA_SECP521R1_SHA512,
 	 .pk = GNUTLS_PK_ECDSA,
 	 .curve = GNUTLS_ECC_CURVE_SECP521R1,
 	 .hash = GNUTLS_DIG_SHA512,
+	 .tls13_ok = 1,
 	 .aid = {{6, 3}, SIG_SEM_TLS13}},
 
 	 /* ECDSA-SHA3 */
@@ -616,7 +632,8 @@ gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign)
  * @pk: is a public key algorithm
  *
  * This function returns non-zero if the public key algorithm corresponds to
- * the given signature algorithm.
+ * the given signature algorithm. That is, if that signature can be generated
+ * from the given private key algorithm.
  *
  * Since: 3.6.0
  *
@@ -625,7 +642,16 @@ gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign)
 unsigned
 gnutls_sign_supports_pk_algorithm(gnutls_sign_algorithm_t sign, gnutls_pk_algorithm_t pk)
 {
-	GNUTLS_SIGN_LOOP( if(p->id && p->id == sign && pk == p->pk) { return 1; } );
+	const gnutls_sign_entry_st *p;
+	unsigned r;
+
+	for(p = sign_algorithms; p->name != NULL; p++) {
+		if (p->id && p->id == sign) {
+			r = sign_supports_priv_pk_algorithm(p, pk);
+			if (r != 0)
+				return r;
+		}
+	}
 
 	return 0;
 }