From dc89e6581946a1eb2d675c92ecc0a4d626b11ab2 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Tue, 13 Jul 2010 20:52:05 +0200
Subject: Refuse non-digest algorithms for pubkey sign/verify operations

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 ncr-sessions.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ncr-sessions.c b/ncr-sessions.c
index b0ffe92..a8d888a 100644
--- a/ncr-sessions.c
+++ b/ncr-sessions.c
@@ -369,6 +369,11 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
 				}
 
 			} else if (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == NCR_KEY_TYPE_PUBLIC) {
+				if (algo_can_digest(session->params.params.pk.sign_hash) == 0) {
+					err();
+					ret = -EINVAL;
+					goto fail;
+				}
 				str = _ncr_algo_to_str(session->params.params.pk.sign_hash);
 				if (str == NULL) {
 					err();
-- 
cgit