diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-06 09:23:53 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-17 17:08:01 +0200 |
commit | c7882d14411b5f24d859283c3c930fdf295eadd5 (patch) | |
tree | e0830400147a6fdd762d86b9eb3d6230a8820e53 | |
parent | 53313e4d670a11e972cab2d1feea37605d47b048 (diff) | |
download | gnutls-c7882d14411b5f24d859283c3c930fdf295eadd5.tar.gz |
privkey_sign_and_hash_data: handle prehashed signatures
This allows this function to handle ed25519, i.e., allows it
to operate for PKCS#7 signatures.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms/sign.c | 3 | ||||
-rw-r--r-- | lib/privkey.c | 12 |
2 files changed, 9 insertions, 6 deletions
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index be4b19ec18..55be3d9bdc 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -127,6 +127,9 @@ static const gnutls_sign_entry_st sign_algorithms[] = { {"RSA-PSS-SHA512", PK_PKIX1_RSA_PSS_OID, GNUTLS_SIGN_RSA_PSS_SHA512, GNUTLS_PK_RSA, GNUTLS_DIG_SHA512, {{8, 6}}}, + /* The hash algorithm here is set to be SHA512, although that is + * an internal detail of Ed25519; we set it, because CMS/PKCS#7 requires + * that mapping. */ {"EdDSA-Ed25519", SIG_EDDSA_SHA512_OID, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_PK_EDDSA_ED25519, GNUTLS_DIG_SHA512, {{8, 7}}}, diff --git a/lib/privkey.c b/lib/privkey.c index 6dc33e9e22..05fd8b362d 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -1007,11 +1007,7 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer, return ret; } - if (_gnutls_pk_is_not_prehashed(signer->pk_algorithm)) { - return privkey_sign_raw_data(signer, data, signature, ¶ms); - } else { - return privkey_sign_and_hash_data(signer, data, signature, ¶ms); - } + return privkey_sign_and_hash_data(signer, data, signature, ¶ms); } /** @@ -1133,8 +1129,12 @@ privkey_sign_and_hash_data(gnutls_privkey_t signer, { int ret; gnutls_datum_t digest; - const mac_entry_st *me = hash_to_entry(params->dig); + const mac_entry_st *me; + + if (_gnutls_pk_is_not_prehashed(signer->pk_algorithm)) + return privkey_sign_raw_data(signer, data, signature, params); + me = hash_to_entry(params->dig); if (me == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |