gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI

In addition it will offer a SHA hash depending on the key size for
RSA public keys.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/pubkey.c b/lib/pubkey.c
index f54f9e54eb6f48d7e5863c2281d01db0ae0069cf..8c522a76a9f13c3cb28155b9f8fa7a894b0be1bd 100644 (file)
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -303,10 +303,22 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
 
                ret = 0;
                break;
-       case GNUTLS_PK_RSA:
        case GNUTLS_PK_RSA_PSS:
+               if (mand && key->params.spki.rsa_pss_dig)
+                       *mand = 1;
+
+               if (hash) {
+                       if (key->params.spki.rsa_pss_dig) {
+                               *hash = key->params.spki.rsa_pss_dig;
+                       } else {
+                               *hash = _gnutls_pk_bits_to_sha_hash(pubkey_to_bits(&key->params));
+                       }
+               }
+               ret = 0;
+               break;
+       case GNUTLS_PK_RSA:
                if (hash)
-                       *hash = GNUTLS_DIG_SHA256;
+                       *hash = _gnutls_pk_bits_to_sha_hash(pubkey_to_bits(&key->params));
                ret = 0;
                break;