diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-25 11:50:38 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 08:41:01 +0200 |
| commit | 78514636e8fb2d084228f71d1bbbc6879a496b7d (patch) | |
| tree | a77be87eace81a1f8fed8769e34ced508befd01e | |
| parent | 9984a83adfa6cb551f013a9a14a640fbc463f517 (diff) | |
| download | gnutls-78514636e8fb2d084228f71d1bbbc6879a496b7d.tar.gz | |
gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag
That is, the privkey_sign_hash() function was made static (no users other
than the same file), and gnutls_privkey_sign_hash will take into account
the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/abstract_int.h | 4 | ||||
| -rw-r--r-- | lib/privkey.c | 22 |
2 files changed, 21 insertions, 5 deletions
diff --git a/lib/abstract_int.h b/lib/abstract_int.h index ac582180d7..250e94453d 100644 --- a/lib/abstract_int.h +++ b/lib/abstract_int.h @@ -96,10 +96,6 @@ int privkey_sign_data(gnutls_privkey_t signer, const gnutls_datum_t * data, gnutls_datum_t * signature, gnutls_x509_spki_st *params); -int privkey_sign_hash(gnutls_privkey_t signer, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature, - gnutls_x509_spki_st * params); unsigned pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params); int _gnutls_pubkey_compatible_with_sig(gnutls_session_t, diff --git a/lib/privkey.c b/lib/privkey.c index 1bfca03a8d..dd57c041bc 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -39,6 +39,12 @@ #include <abstract_int.h> static int +privkey_sign_hash(gnutls_privkey_t signer, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature, + gnutls_x509_spki_st * params); + +static int _gnutls_privkey_sign_raw_data(gnutls_privkey_t key, const gnutls_datum_t * data, gnutls_datum_t * signature, @@ -1261,11 +1267,25 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, return _gnutls_privkey_sign_raw_data(signer, hash_data, signature, ¶ms); + if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) { + const mac_entry_st *me = hash_to_entry(hash_algo); + unsigned pk; + unsigned bits; + + pk = gnutls_privkey_get_pk_algorithm(signer, &bits); + + if (me == NULL || !GNUTLS_PK_IS_RSA(pk)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + params.pk = GNUTLS_PK_RSA_PSS; + params.salt_size = + _gnutls_find_rsa_pss_salt_size(bits, me, 0); + } return privkey_sign_hash(signer, hash_data, signature, ¶ms); } -int +static int privkey_sign_hash(gnutls_privkey_t signer, const gnutls_datum_t * hash_data, gnutls_datum_t * signature, |