diff options
Diffstat (limited to 'lib/privkey.c')
-rw-r--r-- | lib/privkey.c | 237 |
1 files changed, 135 insertions, 102 deletions
diff --git a/lib/privkey.c b/lib/privkey.c index b94db068a8..7a5a38a58d 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -41,7 +41,7 @@ static int privkey_sign_prehashed(gnutls_privkey_t signer, - const gnutls_sign_entry_st *se, + const gnutls_sign_entry_st * se, const gnutls_datum_t * hash_data, gnutls_datum_t * signature, gnutls_x509_spki_st * params); @@ -79,11 +79,14 @@ gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key) * * Since: 3.5.0 **/ -int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t *digest, void *seed, size_t *seed_size) +int gnutls_privkey_get_seed(gnutls_privkey_t key, + gnutls_digest_algorithm_t * digest, void *seed, + size_t *seed_size) { if (key->type != GNUTLS_PRIVKEY_X509) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - return gnutls_x509_privkey_get_seed(key->key.x509, digest, seed, seed_size); + return gnutls_x509_privkey_get_seed(key->key.x509, digest, seed, + seed_size); } /** @@ -101,11 +104,14 @@ int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t *dig * * Since: 3.5.0 **/ -int gnutls_privkey_verify_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t digest, const void *seed, size_t seed_size) +int gnutls_privkey_verify_seed(gnutls_privkey_t key, + gnutls_digest_algorithm_t digest, + const void *seed, size_t seed_size) { if (key->type != GNUTLS_PRIVKEY_X509) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - return gnutls_x509_privkey_verify_seed(key->key.x509, digest, seed, seed_size); + return gnutls_x509_privkey_verify_seed(key->key.x509, digest, seed, + seed_size); } /** @@ -209,7 +215,9 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk, case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_ECDH_X25519: case GNUTLS_PK_ECDH_X448: - ret = _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data, priv->raw_pub.size); + ret = + _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data, + priv->raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); @@ -242,8 +250,7 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk, /* Returns the public key of the private key (if possible) */ -int -_gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params) +int _gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params) { int ret; @@ -252,17 +259,19 @@ _gnutls_privkey_get_mpis(gnutls_privkey_t key, gnutls_pk_params_st * params) ret = _gnutls_pk_params_copy(params, &key->key.x509->params); break; #ifdef ENABLE_PKCS11 - case GNUTLS_PRIVKEY_PKCS11: { - gnutls_pubkey_t pubkey; + case GNUTLS_PRIVKEY_PKCS11:{ + gnutls_pubkey_t pubkey; - ret = _pkcs11_privkey_get_pubkey(key->key.pkcs11, &pubkey, 0); - if (ret < 0) - return gnutls_assert_val(ret); + ret = + _pkcs11_privkey_get_pubkey(key->key.pkcs11, &pubkey, + 0); + if (ret < 0) + return gnutls_assert_val(ret); - ret = _gnutls_pubkey_get_mpis(pubkey, params); - gnutls_pubkey_deinit(pubkey); + ret = _gnutls_pubkey_get_mpis(pubkey, params); + gnutls_pubkey_deinit(pubkey); - break; + break; } #endif default: @@ -338,10 +347,9 @@ _gnutls_privkey_get_spki_params(gnutls_privkey_t key, */ int _gnutls_privkey_update_spki_params(gnutls_privkey_t key, - gnutls_pk_algorithm_t pk, - gnutls_digest_algorithm_t dig, - unsigned flags, - gnutls_x509_spki_st *params) + gnutls_pk_algorithm_t pk, + gnutls_digest_algorithm_t dig, + unsigned flags, gnutls_x509_spki_st * params) { unsigned salt_size = 0; unsigned bits = 0; @@ -355,7 +363,7 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key, key_pk = gnutls_privkey_get_pk_algorithm(key, &bits); if ((key_pk != pk) && - !(key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS)) { + !(key_pk == GNUTLS_PK_RSA && pk == GNUTLS_PK_RSA_PSS)) { gnutls_assert(); return GNUTLS_E_CONSTRAINT_ERROR; } @@ -371,8 +379,11 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key, if (params->pk == GNUTLS_PK_RSA) salt_size = 0; else if (params->pk == GNUTLS_PK_RSA_PSS) { - if (params->rsa_pss_dig != GNUTLS_DIG_UNKNOWN && dig != params->rsa_pss_dig) { - return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); + if (params->rsa_pss_dig != GNUTLS_DIG_UNKNOWN + && dig != params->rsa_pss_dig) { + return + gnutls_assert_val + (GNUTLS_E_CONSTRAINT_ERROR); } salt_size = params->salt_size; @@ -381,12 +392,16 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key, if (flags & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) params->salt_size = 0; else { - ret = _gnutls_find_rsa_pss_salt_size(bits, me, salt_size); + ret = + _gnutls_find_rsa_pss_salt_size(bits, me, salt_size); if (ret < 0) return gnutls_assert_val(ret); - if (flags & GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH && - (size_t)ret != _gnutls_hash_get_algo_len(me)) { - return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR); + if (flags & + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH + && (size_t)ret != _gnutls_hash_get_algo_len(me)) { + return + gnutls_assert_val + (GNUTLS_E_CONSTRAINT_ERROR); } params->salt_size = ret; } @@ -535,7 +550,7 @@ gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, return 0; } -#if 0 +# if 0 /** * gnutls_privkey_import_pkcs11_url: * @key: A key of type #gnutls_pubkey_t @@ -554,10 +569,11 @@ int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url) { int x; } -#endif +# endif static -int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, unsigned flags) +int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, + unsigned flags) { gnutls_pkcs11_privkey_t pkey; int ret; @@ -611,7 +627,7 @@ int _gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url, uns */ int gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey, - gnutls_pkcs11_privkey_t *key) + gnutls_pkcs11_privkey_t * key) { int ret; @@ -777,8 +793,7 @@ gnutls_privkey_import_ext3(gnutls_privkey_t pkey, gnutls_privkey_sign_func sign_fn, gnutls_privkey_decrypt_func decrypt_fn, gnutls_privkey_deinit_func deinit_fn, - gnutls_privkey_info_func info_fn, - unsigned int flags) + gnutls_privkey_info_func info_fn, unsigned int flags) { int ret; @@ -802,7 +817,9 @@ gnutls_privkey_import_ext3(gnutls_privkey_t pkey, pkey->type = GNUTLS_PRIVKEY_EXT; pkey->flags = flags; - pkey->pk_algorithm = pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO, pkey->key.ext.userdata); + pkey->pk_algorithm = + pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO, + pkey->key.ext.userdata); if (!PK_IS_OK_FOR_EXT2(pkey->pk_algorithm)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -862,13 +879,12 @@ gnutls_privkey_import_ext3(gnutls_privkey_t pkey, **/ int gnutls_privkey_import_ext4(gnutls_privkey_t pkey, - void *userdata, - gnutls_privkey_sign_data_func sign_data_fn, - gnutls_privkey_sign_hash_func sign_hash_fn, - gnutls_privkey_decrypt_func decrypt_fn, - gnutls_privkey_deinit_func deinit_fn, - gnutls_privkey_info_func info_fn, - unsigned int flags) + void *userdata, + gnutls_privkey_sign_data_func sign_data_fn, + gnutls_privkey_sign_hash_func sign_hash_fn, + gnutls_privkey_decrypt_func decrypt_fn, + gnutls_privkey_deinit_func deinit_fn, + gnutls_privkey_info_func info_fn, unsigned int flags) { int ret; @@ -893,9 +909,13 @@ gnutls_privkey_import_ext4(gnutls_privkey_t pkey, pkey->type = GNUTLS_PRIVKEY_EXT; pkey->flags = flags; - pkey->pk_algorithm = pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO, pkey->key.ext.userdata); + pkey->pk_algorithm = + pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO, + pkey->key.ext.userdata); - ret = pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS, pkey->key.ext.userdata); + ret = + pkey->key.ext.info_func(pkey, GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS, + pkey->key.ext.userdata); if (ret >= 0) pkey->key.ext.bits = ret; @@ -974,8 +994,7 @@ gnutls_privkey_import_x509(gnutls_privkey_t pkey, * Since: 3.4.0 */ int -gnutls_privkey_export_x509(gnutls_privkey_t pkey, - gnutls_x509_privkey_t *key) +gnutls_privkey_export_x509(gnutls_privkey_t pkey, gnutls_x509_privkey_t * key) { int ret; @@ -1084,7 +1103,8 @@ gnutls_privkey_generate(gnutls_privkey_t pkey, int gnutls_privkey_generate2(gnutls_privkey_t pkey, gnutls_pk_algorithm_t algo, unsigned int bits, - unsigned int flags, const gnutls_keygen_data_st *data, unsigned data_size) + unsigned int flags, const gnutls_keygen_data_st * data, + unsigned data_size) { int ret; @@ -1092,7 +1112,9 @@ gnutls_privkey_generate2(gnutls_privkey_t pkey, if (ret < 0) return gnutls_assert_val(ret); - ret = gnutls_x509_privkey_generate2(pkey->key.x509, algo, bits, flags, data, data_size); + ret = + gnutls_x509_privkey_generate2(pkey->key.x509, algo, bits, flags, + data, data_size); if (ret < 0) { gnutls_x509_privkey_deinit(pkey->key.x509); pkey->key.x509 = NULL; @@ -1147,7 +1169,7 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer, } ret = _gnutls_privkey_update_spki_params(signer, signer->pk_algorithm, - hash, flags, ¶ms); + hash, flags, ¶ms); if (ret < 0) { gnutls_assert(); return ret; @@ -1155,7 +1177,10 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer, FIX_SIGN_PARAMS(params, flags, hash); - return privkey_sign_and_hash_data(signer, _gnutls_pk_to_sign_entry(params.pk, hash), data, signature, ¶ms); + return privkey_sign_and_hash_data(signer, + _gnutls_pk_to_sign_entry(params.pk, + hash), data, + signature, ¶ms); } /** @@ -1201,7 +1226,7 @@ gnutls_privkey_sign_data2(gnutls_privkey_t signer, } ret = _gnutls_privkey_update_spki_params(signer, se->pk, se->hash, - flags, ¶ms); + flags, ¶ms); if (ret < 0) { gnutls_assert(); return ret; @@ -1267,7 +1292,7 @@ gnutls_privkey_sign_hash2(gnutls_privkey_t signer, } ret = _gnutls_privkey_update_spki_params(signer, se->pk, se->hash, - flags, ¶ms); + flags, ¶ms); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1288,7 +1313,7 @@ gnutls_privkey_sign_hash2(gnutls_privkey_t signer, int privkey_sign_and_hash_data(gnutls_privkey_t signer, - const gnutls_sign_entry_st *se, + const gnutls_sign_entry_st * se, const gnutls_datum_t * data, gnutls_datum_t * signature, gnutls_x509_spki_st * params) @@ -1301,7 +1326,8 @@ privkey_sign_and_hash_data(gnutls_privkey_t signer, return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (_gnutls_pk_is_not_prehashed(se->pk)) { - return privkey_sign_raw_data(signer, se, data, signature, params); + return privkey_sign_raw_data(signer, se, data, signature, + params); } me = hash_to_entry(se->hash); @@ -1335,7 +1361,6 @@ privkey_sign_and_hash_data(gnutls_privkey_t signer, return ret; } - /** * gnutls_privkey_sign_hash: * @signer: Holds the signer's key @@ -1382,7 +1407,7 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, } ret = _gnutls_privkey_update_spki_params(signer, signer->pk_algorithm, - hash_algo, flags, ¶ms); + hash_algo, flags, ¶ms); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1391,11 +1416,13 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, /* legacy callers of this API could use a hash algorithm of 0 (unknown) * to indicate raw hashing. As we now always want to know the signing * algorithm involved, we try discovering the hash algorithm. */ - if (hash_algo == 0 && (params.pk == GNUTLS_PK_DSA || params.pk == GNUTLS_PK_ECDSA)) { + if (hash_algo == 0 + && (params.pk == GNUTLS_PK_DSA || params.pk == GNUTLS_PK_ECDSA)) { hash_algo = _gnutls_hash_size_to_sha_hash(hash_data->size); } - if (params.pk == GNUTLS_PK_RSA && (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)) { + if (params.pk == GNUTLS_PK_RSA + && (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)) { /* the corresponding signature algorithm is SIGN_RSA_RAW, * irrespective of hash algorithm. */ se = _gnutls_sign_to_entry(GNUTLS_SIGN_RSA_RAW); @@ -1410,8 +1437,7 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, FIX_SIGN_PARAMS(params, flags, hash_algo); - ret = privkey_sign_prehashed(signer, se, - hash_data, signature, ¶ms); + ret = privkey_sign_prehashed(signer, se, hash_data, signature, ¶ms); cleanup: if (ret < 0) { _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); @@ -1423,10 +1449,9 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer, static int privkey_sign_prehashed(gnutls_privkey_t signer, - const gnutls_sign_entry_st *se, + const gnutls_sign_entry_st * se, const gnutls_datum_t * hash_data, - gnutls_datum_t * signature, - gnutls_x509_spki_st * params) + gnutls_datum_t * signature, gnutls_x509_spki_st * params) { int ret; gnutls_datum_t digest; @@ -1436,9 +1461,7 @@ privkey_sign_prehashed(gnutls_privkey_t signer, if (se->id == GNUTLS_SIGN_RSA_RAW) { return privkey_sign_raw_data(signer, - se, - hash_data, signature, - params); + se, hash_data, signature, params); } if (_gnutls_pk_is_not_prehashed(signer->pk_algorithm)) { @@ -1459,10 +1482,7 @@ privkey_sign_prehashed(gnutls_privkey_t signer, goto cleanup; } - ret = privkey_sign_raw_data(signer, - se, - &digest, signature, - params); + ret = privkey_sign_raw_data(signer, se, &digest, signature, params); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1499,10 +1519,9 @@ privkey_sign_prehashed(gnutls_privkey_t signer, -*/ int privkey_sign_raw_data(gnutls_privkey_t key, - const gnutls_sign_entry_st *se, + const gnutls_sign_entry_st * se, const gnutls_datum_t * data, - gnutls_datum_t * signature, - gnutls_x509_spki_st * params) + gnutls_datum_t * signature, gnutls_x509_spki_st * params) { if (unlikely(se == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -1511,25 +1530,25 @@ privkey_sign_raw_data(gnutls_privkey_t key, #ifdef ENABLE_PKCS11 case GNUTLS_PRIVKEY_PKCS11: return _gnutls_pkcs11_privkey_sign(key->key.pkcs11, se, - data, signature, - params); + data, signature, params); #endif case GNUTLS_PRIVKEY_X509: return _gnutls_pk_sign(se->pk, signature, data, &key->key.x509->params, params); case GNUTLS_PRIVKEY_EXT: if (unlikely(key->key.ext.sign_data_func == NULL && - key->key.ext.sign_hash_func == NULL && - key->key.ext.sign_func == NULL)) + key->key.ext.sign_hash_func == NULL && + key->key.ext.sign_func == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (_gnutls_pk_is_not_prehashed(se->pk)) { if (!key->key.ext.sign_data_func) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return + gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); return key->key.ext.sign_data_func(key, se->id, - key->key.ext.userdata, - 0, + key->key. + ext.userdata, 0, data, signature); } else if (key->key.ext.sign_hash_func) { if (se->pk == GNUTLS_PK_RSA) { @@ -1539,14 +1558,16 @@ privkey_sign_raw_data(gnutls_privkey_t key, /* se may not be set here if we are doing legacy RSA */ return key->key.ext.sign_hash_func(key, se->id, - key->key.ext.userdata, - 0, + key->key. + ext.userdata, 0, data, signature); } else { if (!PK_IS_OK_FOR_EXT2(se->pk)) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return + gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - return key->key.ext.sign_func(key, key->key.ext.userdata, + return key->key.ext.sign_func(key, + key->key.ext.userdata, data, signature); } default: @@ -1622,8 +1643,7 @@ int gnutls_privkey_decrypt_data2(gnutls_privkey_t key, unsigned int flags, const gnutls_datum_t * ciphertext, - unsigned char * plaintext, - size_t plaintext_size) + unsigned char *plaintext, size_t plaintext_size) { /* Note: except for the backwards compatibility function, no * conditional code should be called after the decryption @@ -1638,8 +1658,7 @@ gnutls_privkey_decrypt_data2(gnutls_privkey_t key, int ret; ret = key->key.ext.decrypt_func(key, key->key.ext.userdata, - ciphertext, - &plain); + ciphertext, &plain); if (plain.size != plaintext_size) { ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } else { @@ -1767,10 +1786,14 @@ gnutls_privkey_import_url(gnutls_privkey_t key, const char *url, unsigned i; int ret; - for (i=0;i<_gnutls_custom_urls_size;i++) { - if (strncmp(url, _gnutls_custom_urls[i].name, _gnutls_custom_urls[i].name_size) == 0) { + for (i = 0; i < _gnutls_custom_urls_size; i++) { + if (strncmp + (url, _gnutls_custom_urls[i].name, + _gnutls_custom_urls[i].name_size) == 0) { if (_gnutls_custom_urls[i].import_key) { - ret = _gnutls_custom_urls[i].import_key(key, url, flags); + ret = + _gnutls_custom_urls[i].import_key(key, url, + flags); goto cleanup; } break; @@ -1840,8 +1863,7 @@ void gnutls_privkey_set_pin_function(gnutls_privkey_t key, * Since: 3.5.0 * **/ -void gnutls_privkey_set_flags(gnutls_privkey_t key, - unsigned int flags) +void gnutls_privkey_set_flags(gnutls_privkey_t key, unsigned int flags) { key->flags |= flags; if (key->type == GNUTLS_PRIVKEY_X509) @@ -1924,7 +1946,8 @@ int gnutls_privkey_verify_params(gnutls_privkey_t key) * Since: 3.6.0 **/ int -gnutls_privkey_get_spki(gnutls_privkey_t privkey, gnutls_x509_spki_t spki, unsigned int flags) +gnutls_privkey_get_spki(gnutls_privkey_t privkey, gnutls_x509_spki_t spki, + unsigned int flags) { gnutls_x509_spki_t p = &privkey->key.x509->params.spki; @@ -1956,7 +1979,8 @@ gnutls_privkey_get_spki(gnutls_privkey_t privkey, gnutls_x509_spki_t spki, unsig * Since: 3.6.0 **/ int -gnutls_privkey_set_spki(gnutls_privkey_t privkey, const gnutls_x509_spki_t spki, unsigned int flags) +gnutls_privkey_set_spki(gnutls_privkey_t privkey, const gnutls_x509_spki_t spki, + unsigned int flags) { if (privkey == NULL || privkey->type != GNUTLS_PRIVKEY_X509) { gnutls_assert(); @@ -1987,10 +2011,12 @@ unsigned _gnutls_privkey_compatible_with_sig(gnutls_privkey_t privkey, * negotiating RSA-PSS sig. */ - if (se->pk != privkey->pk_algorithm) { /* if the PK algorithm of the signature differs to the one on the pubkey */ + if (se->pk != privkey->pk_algorithm) { /* if the PK algorithm of the signature differs to the one on the pubkey */ if (!sign_supports_priv_pk_algorithm(se, privkey->pk_algorithm)) { - _gnutls_handshake_log("cannot use privkey of %s with %s\n", - gnutls_pk_get_name(privkey->pk_algorithm), se->name); + _gnutls_handshake_log + ("cannot use privkey of %s with %s\n", + gnutls_pk_get_name(privkey->pk_algorithm), + se->name); return 0; } } @@ -2000,14 +2026,20 @@ unsigned _gnutls_privkey_compatible_with_sig(gnutls_privkey_t privkey, int ret; ret = privkey->key.ext.info_func(privkey, - GNUTLS_SIGN_ALGO_TO_FLAGS(sign)|GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO, - privkey->key.ext.userdata); + GNUTLS_SIGN_ALGO_TO_FLAGS + (sign) | + GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO, + privkey->key. + ext.userdata); if (ret != -1) return ret; /* use the old flag */ - ret = privkey->key.ext.info_func(privkey, GNUTLS_PRIVKEY_INFO_SIGN_ALGO, - privkey->key.ext.userdata); + ret = + privkey->key.ext.info_func(privkey, + GNUTLS_PRIVKEY_INFO_SIGN_ALGO, + privkey->key. + ext.userdata); if (ret == (int)sign) return 1; } @@ -2018,7 +2050,8 @@ unsigned _gnutls_privkey_compatible_with_sig(gnutls_privkey_t privkey, } #ifdef ENABLE_PKCS11 else if (privkey->type == GNUTLS_PRIVKEY_PKCS11) { - if (privkey->pk_algorithm == GNUTLS_PK_RSA && se->pk == GNUTLS_PK_RSA_PSS) { + if (privkey->pk_algorithm == GNUTLS_PK_RSA + && se->pk == GNUTLS_PK_RSA_PSS) { if (!privkey->key.pkcs11->rsa_pss_ok) return 0; } |