diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-26 16:55:02 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 09:38:27 +0200 |
| commit | b59fddec09a097f9fd33b16a756158652e59aa88 (patch) | |
| tree | 744d98808e8abd16e0a3e55ac1d41dad3a113e08 | |
| parent | ec6ea4e696bf3222b76645433c3de8a67ce645bf (diff) | |
| download | gnutls-b59fddec09a097f9fd33b16a756158652e59aa88.tar.gz | |
gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI
In addition it will offer a SHA hash depending on the key size for
RSA public keys.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/pubkey.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index f54f9e54eb..8c522a76a9 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -303,10 +303,22 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, ret = 0; break; - case GNUTLS_PK_RSA: case GNUTLS_PK_RSA_PSS: + if (mand && key->params.spki.rsa_pss_dig) + *mand = 1; + + if (hash) { + if (key->params.spki.rsa_pss_dig) { + *hash = key->params.spki.rsa_pss_dig; + } else { + *hash = _gnutls_pk_bits_to_sha_hash(pubkey_to_bits(&key->params)); + } + } + ret = 0; + break; + case GNUTLS_PK_RSA: if (hash) - *hash = GNUTLS_DIG_SHA256; + *hash = _gnutls_pk_bits_to_sha_hash(pubkey_to_bits(&key->params)); ret = 0; break; |