From 2f71bc636a1a7e294d1bd3bb4f33389fd2be6235 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 30 May 2017 10:36:59 +0200
Subject: tests: do not utilize GNUTLS_VERIFY_USE_RSA_PSS

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 tests/privkey-verify-broken.c | 44 +++++++++++++++++++++----------------------
 1 file changed, 21 insertions(+), 23 deletions(-)

diff --git a/tests/privkey-verify-broken.c b/tests/privkey-verify-broken.c
index 7d7c84c7a0..463a3f1496 100644
--- a/tests/privkey-verify-broken.c
+++ b/tests/privkey-verify-broken.c
@@ -45,22 +45,30 @@ const gnutls_datum_t raw_data = {
 	11
 };
 
-static int sign_verify_data2(gnutls_x509_privkey_t pkey, unsigned algo, unsigned sflags, unsigned vflags)
+static int sign_verify_data(gnutls_x509_privkey_t pkey, gnutls_sign_algorithm_t algo, unsigned vflags)
 {
 	int ret;
 	gnutls_privkey_t privkey;
 	gnutls_pubkey_t pubkey;
 	gnutls_datum_t signature;
 	gnutls_pk_algorithm_t pk;
+	gnutls_digest_algorithm_t dig;
+	unsigned sflags = 0;
 
 	/* sign arbitrary data */
 	assert(gnutls_privkey_init(&privkey) >= 0);
 
+	pk = gnutls_sign_get_pk_algorithm(algo);
+	dig = gnutls_sign_get_hash_algorithm(algo);
+
+	if (pk == GNUTLS_PK_RSA_PSS)
+		sflags |= GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS;
+
 	ret = gnutls_privkey_import_x509(privkey, pkey, 0);
 	if (ret < 0)
 		fail("gnutls_pubkey_import_x509\n");
 
-	ret = gnutls_privkey_sign_data(privkey, algo, sflags,
+	ret = gnutls_privkey_sign_data(privkey, dig, sflags,
 					&raw_data, &signature);
 	if (ret < 0) {
 		ret = -1;
@@ -74,12 +82,7 @@ static int sign_verify_data2(gnutls_x509_privkey_t pkey, unsigned algo, unsigned
 	if (ret < 0)
 		fail("gnutls_pubkey_import_privkey\n");
 
-	if (sflags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS)
-		pk = GNUTLS_PK_RSA_PSS;
-	else
-		pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
-
-	ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, algo),
+	ret = gnutls_pubkey_verify_data2(pubkey, algo,
 				vflags, &raw_data, &signature);
 	if (ret < 0) {
 		ret = -1;
@@ -95,11 +98,6 @@ static int sign_verify_data2(gnutls_x509_privkey_t pkey, unsigned algo, unsigned
 	return ret;
 }
 
-static int sign_verify_data(gnutls_x509_privkey_t pkey, unsigned algo, unsigned vflags)
-{
-	return sign_verify_data2(pkey, algo, 0, vflags);
-}
-
 void doit(void)
 {
 	gnutls_x509_privkey_t pkey;
@@ -124,36 +122,36 @@ void doit(void)
 	}
 
 #ifndef ALLOW_SHA1
-	if (sign_verify_data(pkey, GNUTLS_DIG_SHA1, 0) >= 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA1, 0) >= 0)
 		fail("succeeded verification with SHA1!\n");
 #endif
-	if (sign_verify_data(pkey, GNUTLS_DIG_SHA1, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1) < 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA1, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1) < 0)
 		fail("failed verification with SHA1 and override flags!\n");
 
-	if (sign_verify_data(pkey, GNUTLS_DIG_SHA1, GNUTLS_VERIFY_ALLOW_BROKEN) < 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA1, GNUTLS_VERIFY_ALLOW_BROKEN) < 0)
 		fail("failed verification with SHA1 and override flags2!\n");
 
-	if (sign_verify_data(pkey, GNUTLS_DIG_MD5, 0) >= 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, 0) >= 0)
 		fail("succeeded verification with MD5!\n");
 
 	if (!gnutls_fips140_mode_enabled()) {
-		if (sign_verify_data(pkey, GNUTLS_DIG_MD5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5) < 0)
+		if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5) < 0)
 			fail("failed verification with MD5 and override flags!\n");
 
-		if (sign_verify_data(pkey, GNUTLS_DIG_MD5, GNUTLS_VERIFY_ALLOW_BROKEN) < 0)
+		if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, GNUTLS_VERIFY_ALLOW_BROKEN) < 0)
 			fail("failed verification with MD5 and override flags2!\n");
 	}
 
-	if (sign_verify_data(pkey, GNUTLS_DIG_SHA256, 0) < 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA256, 0) < 0)
 		fail("failed verification with SHA256!\n");
 
-	if (sign_verify_data(pkey, GNUTLS_DIG_SHA512, 0) < 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA512, 0) < 0)
 		fail("failed verification with SHA512!\n");
 
-	if (sign_verify_data(pkey, GNUTLS_DIG_SHA3_256, 0) < 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA3_256, 0) < 0)
 		fail("failed verification with SHA3-256!\n");
 
-	if (sign_verify_data2(pkey, GNUTLS_DIG_SHA256, GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, GNUTLS_VERIFY_USE_RSA_PSS) < 0)
+	if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_PSS_SHA256, 0) < 0)
 		fail("failed verification with SHA256 with PSS!\n");
 
 	gnutls_x509_privkey_deinit(pkey);
-- 
cgit v1.2.1