From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 25 May 2017 09:50:38 +0000 (+0200)
Subject: gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag
X-Git-Tag: gnutls_3_6_0~528
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=78514636e8fb2d084228f71d1bbbc6879a496b7d;p=thirdparty%2Fgnutls.git

gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag

That is, the privkey_sign_hash() function was made static (no users other
than the same file), and gnutls_privkey_sign_hash will take into account
the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/abstract_int.h b/lib/abstract_int.h
index ac582180d7..250e94453d 100644
--- a/lib/abstract_int.h
+++ b/lib/abstract_int.h
@@ -96,10 +96,6 @@ int privkey_sign_data(gnutls_privkey_t signer,
 		      const gnutls_datum_t * data,
 		      gnutls_datum_t * signature,
 		      gnutls_x509_spki_st *params);
-int privkey_sign_hash(gnutls_privkey_t signer,
-		      const gnutls_datum_t * hash_data,
-		      gnutls_datum_t * signature,
-		      gnutls_x509_spki_st * params);
 
 unsigned pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params);
 int _gnutls_pubkey_compatible_with_sig(gnutls_session_t,
diff --git a/lib/privkey.c b/lib/privkey.c
index 1bfca03a8d..dd57c041bc 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -38,6 +38,12 @@
 #include "urls.h"
 #include <abstract_int.h>
 
+static int
+privkey_sign_hash(gnutls_privkey_t signer,
+		  const gnutls_datum_t * hash_data,
+		  gnutls_datum_t * signature,
+		  gnutls_x509_spki_st * params);
+
 static int
 _gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
 			     const gnutls_datum_t * data,
@@ -1261,11 +1267,25 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
 		return _gnutls_privkey_sign_raw_data(signer,
 						     hash_data, signature,
 						     &params);
+	if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) {
+		const mac_entry_st *me = hash_to_entry(hash_algo);
+		unsigned pk;
+		unsigned bits;
+
+		pk = gnutls_privkey_get_pk_algorithm(signer, &bits);
+
+		if (me == NULL || !GNUTLS_PK_IS_RSA(pk))
+			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+		params.pk = GNUTLS_PK_RSA_PSS;
+		params.salt_size =
+		    _gnutls_find_rsa_pss_salt_size(bits, me, 0);
+	}
 
 	return privkey_sign_hash(signer, hash_data, signature, &params);
 }
 
-int
+static int
 privkey_sign_hash(gnutls_privkey_t signer,
 		  const gnutls_datum_t * hash_data,
 		  gnutls_datum_t * signature,