diff options
Diffstat (limited to 'lib/x509/common.c')
-rw-r--r-- | lib/x509/common.c | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index 38425bde4c..a07b0ec5ed 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1240,19 +1240,48 @@ int _gnutls_x509_get_signature_algorithm(ASN1_TYPE src, const char *src_name) { int result; + char name[128]; gnutls_datum_t sa = {NULL, 0}; - /* Read the signature algorithm. Note that parameters are not - * read. They will be read from the issuer's certificate if needed. - */ - result = _gnutls_x509_read_value(src, src_name, &sa); + _gnutls_str_cpy(name, sizeof(name), src_name); + _gnutls_str_cat(name, sizeof(name), ".algorithm"); + + /* Read the signature algorithm */ + result = _gnutls_x509_read_value(src, name, &sa); if (result < 0) { gnutls_assert(); return result; } - result = gnutls_oid_to_sign((char *) sa.data); + /* Read the signature parameters. Unless the algorithm is + * RSA-PSS, parameters are not read. They will be read from + * the issuer's certificate if needed. + */ + if (sa.data && strcmp ((char *) sa.data, PK_PKIX1_RSA_PSS_OID) == 0) { + gnutls_datum_t der = {NULL, 0}; + gnutls_x509_spki_st params; + + _gnutls_str_cpy(name, sizeof(name), src_name); + _gnutls_str_cat(name, sizeof(name), ".parameters"); + + result = _gnutls_x509_read_value(src, name, &der); + if (result < 0) { + _gnutls_free_datum(&sa); + return gnutls_assert_val(result); + } + + result = _gnutls_x509_read_rsa_pss_params(der.data, der.size, + ¶ms); + _gnutls_free_datum(&der); + + if (result == 0) + result = gnutls_pk_to_sign(params.pk, params.dig); + else if (result == GNUTLS_E_UNKNOWN_ALGORITHM) + result = GNUTLS_SIGN_UNKNOWN; + } else { + result = gnutls_oid_to_sign((char *) sa.data); + } _gnutls_free_datum(&sa); |