From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 26 Jul 2017 14:55:02 +0000 (+0200)
Subject: gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI
X-Git-Tag: gnutls_3_6_0~180
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b59fddec09a097f9fd33b16a756158652e59aa88;p=thirdparty%2Fgnutls.git

gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI

In addition it will offer a SHA hash depending on the key size for
RSA public keys.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/pubkey.c b/lib/pubkey.c
index f54f9e54eb..8c522a76a9 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -303,10 +303,22 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
 
 		ret = 0;
 		break;
-	case GNUTLS_PK_RSA:
 	case GNUTLS_PK_RSA_PSS:
+		if (mand && key->params.spki.rsa_pss_dig)
+			*mand = 1;
+
+		if (hash) {
+			if (key->params.spki.rsa_pss_dig) {
+				*hash = key->params.spki.rsa_pss_dig;
+			} else {
+				*hash = _gnutls_pk_bits_to_sha_hash(pubkey_to_bits(&key->params));
+			}
+		}
+		ret = 0;
+		break;
+	case GNUTLS_PK_RSA:
 		if (hash)
-			*hash = GNUTLS_DIG_SHA256;
+			*hash = _gnutls_pk_bits_to_sha_hash(pubkey_to_bits(&key->params));
 		ret = 0;
 		break;