_gnutls_privkey_find_sign_params: renamed and simplified

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-30 16:19:25 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-31 14:50:22 +0200
commit: 1a115a830c68348f3ece73a3eb6fe3c57982de29 (patch)
tree: 77034ceee669f3e594ef104937836c0a41829567
parent: ec21815ce42e6a722000e379a736eb5c69802edb (diff)
download: gnutls-1a115a830c68348f3ece73a3eb6fe3c57982de29.tar.gz
7 files changed, 53 insertions, 72 deletions
diff --git a/lib/abstract_int.h b/lib/abstract_int.h
index 250e94453d..baa7a3c62a 100644
--- a/lib/abstract_int.h
+++ b/lib/abstract_int.h
@@ -84,7 +84,7 @@ int _gnutls_privkey_get_public_mpis(gnutls_privkey_t key,
 
 int _gnutls_privkey_get_sign_params(gnutls_privkey_t key,
 				    gnutls_x509_spki_st * params);
-int _gnutls_privkey_find_sign_params(gnutls_privkey_t key,
+int _gnutls_privkey_update_sign_params(gnutls_privkey_t key,
 				     gnutls_pk_algorithm_t pk,
 				     gnutls_digest_algorithm_t dig,
 				     unsigned flags,
diff --git a/lib/privkey.c b/lib/privkey.c
index 9def4109a9..e92ce49763 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -335,7 +335,7 @@ _gnutls_privkey_get_sign_params(gnutls_privkey_t key,
  * with PK and DIG. PARAMS must be initialized with
  * _gnutls_privkey_get_sign_params in advance. */
 int
-_gnutls_privkey_find_sign_params(gnutls_privkey_t key,
+_gnutls_privkey_update_sign_params(gnutls_privkey_t key,
 				 gnutls_pk_algorithm_t pk,
 				 gnutls_digest_algorithm_t dig,
 				 unsigned flags,
@@ -350,12 +350,51 @@ _gnutls_privkey_find_sign_params(gnutls_privkey_t key,
 	case GNUTLS_PRIVKEY_PKCS11:
 		break;
 #endif
-	case GNUTLS_PRIVKEY_X509:
-		return _gnutls_x509_privkey_find_sign_params(key->key.x509,
-							     pk,
-							     dig,
-							     flags,
-							     params);
+	case GNUTLS_PRIVKEY_X509: {
+		unsigned salt_size = 0;
+		gnutls_pk_algorithm_t key_pk;
+		unsigned bits;
+
+		if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) {
+			if (!GNUTLS_PK_IS_RSA(pk))
+				return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+			pk = GNUTLS_PK_RSA_PSS;
+		}
+
+		key_pk = gnutls_x509_privkey_get_pk_algorithm2(key->key.x509, &bits);
+		if (!(key_pk == pk ||
+		      (key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS))) {
+			gnutls_assert();
+			return GNUTLS_E_INVALID_REQUEST;
+		}
+
+		if (pk == GNUTLS_PK_RSA_PSS) {
+			const mac_entry_st *me;
+
+			me = hash_to_entry(dig);
+			if (unlikely(me == NULL))
+				return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+			if (params->pk == GNUTLS_PK_RSA)
+				salt_size = 0;
+			else if (params->pk == GNUTLS_PK_RSA_PSS) {
+				if (dig != params->dig) {
+					gnutls_assert();
+					return GNUTLS_E_INVALID_REQUEST;
+				}
+
+				salt_size = params->salt_size;
+			}
+
+			if (!(flags & GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE))
+				salt_size = _gnutls_find_rsa_pss_salt_size(bits, me,
+									   salt_size);
+		}
+
+		params->salt_size = salt_size;
+
+		break;
+	}
 	default:
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
@@ -1166,7 +1205,7 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer,
 		return ret;
 	}
 
-	ret = _gnutls_privkey_find_sign_params(signer, signer->pk_algorithm,
+	ret = _gnutls_privkey_update_sign_params(signer, signer->pk_algorithm,
 					       hash, flags, &params);
 	if (ret < 0) {
 		gnutls_assert();
@@ -1256,7 +1295,7 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
 		return ret;
 	}
 
-	ret = _gnutls_privkey_find_sign_params(signer, signer->pk_algorithm,
+	ret = _gnutls_privkey_update_sign_params(signer, signer->pk_algorithm,
 					       hash_algo, flags, &params);
 	if (ret < 0) {
 		gnutls_assert();
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index e6f774d1f7..2e53bfadb3 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2845,7 +2845,7 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key,
 	}
 
 	pk = gnutls_privkey_get_pk_algorithm(key, NULL);
-	result = _gnutls_privkey_find_sign_params(key, pk, dig, 0, &params);
+	result = _gnutls_privkey_update_sign_params(key, pk, dig, 0, &params);
 	if (result < 0) {
 		gnutls_assert();
 		return result;
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 9222af652e..2812b7f89d 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -2498,7 +2498,7 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
 		goto cleanup;
 	}
 
-	result = _gnutls_privkey_find_sign_params(signer_key, pk, dig, 0,
+	result = _gnutls_privkey_update_sign_params(signer_key, pk, dig, 0,
 						  &params);
 	if (result < 0) {
 		gnutls_assert();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index b8e6092c34..6015b7610b 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -2184,60 +2184,7 @@ _gnutls_x509_privkey_get_sign_params(gnutls_x509_privkey_t key,
 				     gnutls_x509_spki_st *params)
 {
 	memcpy(params, &key->params.sign, sizeof(gnutls_x509_spki_st));
-	params->pk = gnutls_x509_privkey_get_pk_algorithm2(key, NULL);
+	params->pk = key->pk_algorithm;
 	return 0;
 }
 
-int
-_gnutls_x509_privkey_find_sign_params(gnutls_x509_privkey_t key,
-				      gnutls_pk_algorithm_t pk,
-				      gnutls_digest_algorithm_t dig,
-				      unsigned flags,
-				      gnutls_x509_spki_st *params)
-{
-	unsigned salt_size = 0;
-	gnutls_pk_algorithm_t key_pk;
-	unsigned bits;
-
-	if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) {
-		if (!GNUTLS_PK_IS_RSA(pk))
-			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-		pk = GNUTLS_PK_RSA_PSS;
-	}
-
-	key_pk = gnutls_x509_privkey_get_pk_algorithm2(key, &bits);
-	if (!(key_pk == pk ||
-	      (key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS))) {
-		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
-	if (pk == GNUTLS_PK_RSA_PSS) {
-		const mac_entry_st *me;
-
-		me = hash_to_entry(dig);
-		if (unlikely(me == NULL))
-			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
-		if (params->pk == GNUTLS_PK_RSA)
-			salt_size = 0;
-		else if (params->pk == GNUTLS_PK_RSA_PSS) {
-			if (dig != params->dig) {
-				gnutls_assert();
-				return GNUTLS_E_INVALID_REQUEST;
-			}
-
-			salt_size = params->salt_size;
-		}
-
-		if ((flags & GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE) == 0)
-			salt_size = _gnutls_find_rsa_pss_salt_size(bits, me,
-								   salt_size);
-	}
-
-	params->pk = pk;
-	params->dig = dig;
-	params->salt_size = salt_size;
-
-	return 0;
-}
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 0abe92a3b4..20387d8826 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -128,7 +128,7 @@ _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
 		return result;
 	}
 
-	result = _gnutls_privkey_find_sign_params(issuer_key, pk, dig, flags,
+	result = _gnutls_privkey_update_sign_params(issuer_key, pk, dig, flags,
 						  &params);
 	if (result < 0) {
 		gnutls_assert();
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 7b2d38457d..13cbc96e4b 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -253,11 +253,6 @@ int _gnutls_asn1_encode_privkey(gnutls_pk_algorithm_t pk, ASN1_TYPE * c2,
 
 int _gnutls_x509_privkey_get_sign_params(gnutls_x509_privkey_t key,
 					 gnutls_x509_spki_st * params);
-int _gnutls_x509_privkey_find_sign_params(gnutls_x509_privkey_t key,
-					  gnutls_pk_algorithm_t pk,
-					  gnutls_digest_algorithm_t dig,
-					  unsigned flags,
-					  gnutls_x509_spki_st *params);
 
 int _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize,
 				     gnutls_x509_spki_st * params);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-30 16:19:25 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-31 14:50:22 +0200
commit	1a115a830c68348f3ece73a3eb6fe3c57982de29 (patch)
tree	77034ceee669f3e594ef104937836c0a41829567
parent	ec21815ce42e6a722000e379a736eb5c69802edb (diff)
download	gnutls-1a115a830c68348f3ece73a3eb6fe3c57982de29.tar.gz