gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag

That is, the privkey_sign_hash() function was made static (no users other
than the same file), and gnutls_privkey_sign_hash will take into account
the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/abstract_int.h b/lib/abstract_int.h
index ac582180d738cff3839a4ecce1c7f37b895821ce..250e94453d313fea49f1385c4306063134017baf 100644 (file)
--- a/lib/abstract_int.h
+++ b/lib/abstract_int.h
@@ -96,10 +96,6 @@ int privkey_sign_data(gnutls_privkey_t signer,
                      const gnutls_datum_t * data,
                      gnutls_datum_t * signature,
                      gnutls_x509_spki_st *params);
-int privkey_sign_hash(gnutls_privkey_t signer,
-                     const gnutls_datum_t * hash_data,
-                     gnutls_datum_t * signature,
-                     gnutls_x509_spki_st * params);
 
 unsigned pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params);
 int _gnutls_pubkey_compatible_with_sig(gnutls_session_t,

diff --git a/lib/privkey.c b/lib/privkey.c
index 1bfca03a8d74dcb5c048c33c43a4e22a764158cc..dd57c041bc6c460e5f13231762f09b02ccf3ac7c 100644 (file)
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -38,6 +38,12 @@
 #include "urls.h"
 #include <abstract_int.h>
 
+static int
+privkey_sign_hash(gnutls_privkey_t signer,
+                 const gnutls_datum_t * hash_data,
+                 gnutls_datum_t * signature,
+                 gnutls_x509_spki_st * params);
+
 static int
 _gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
                             const gnutls_datum_t * data,
@@ -1261,11 +1267,25 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
                return _gnutls_privkey_sign_raw_data(signer,
                                                     hash_data, signature,
                                                     &params);
+       if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) {
+               const mac_entry_st *me = hash_to_entry(hash_algo);
+               unsigned pk;
+               unsigned bits;
+
+               pk = gnutls_privkey_get_pk_algorithm(signer, &bits);
+
+               if (me == NULL || !GNUTLS_PK_IS_RSA(pk))
+                       return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+               params.pk = GNUTLS_PK_RSA_PSS;
+               params.salt_size =
+                   _gnutls_find_rsa_pss_salt_size(bits, me, 0);
+       }
 
        return privkey_sign_hash(signer, hash_data, signature, &params);
 }
 
-int
+static int
 privkey_sign_hash(gnutls_privkey_t signer,
                  const gnutls_datum_t * hash_data,
                  gnutls_datum_t * signature,