gnutls_x509_*_set_spki: removed arbitrary restrictions to setting parameters

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 1 insertions, 21 deletions

diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index adb745edf5..d4ec81cd4a 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -3278,13 +3278,8 @@ gnutls_x509_crq_set_spki(gnutls_x509_crq_t crq,
 			return result;
 		}
 
-		if (params.rsa_pss_dig != spki->rsa_pss_dig ||
-		    params.salt_size > spki->salt_size) {
-			gnutls_assert();
-			return GNUTLS_E_INVALID_REQUEST;
-		}
-
 		params.salt_size = spki->salt_size;
+		params.rsa_pss_dig = spki->rsa_pss_dig;
 	}
 
 	result = _gnutls_x509_write_spki_params(crq->crq,
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 567e5fd11a..641940f26c 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -2069,21 +2069,6 @@ gnutls_x509_crt_set_spki(gnutls_x509_crt_t crt,
 			return result;
 		}
 
-		if (params.rsa_pss_dig != GNUTLS_DIG_UNKNOWN) {
-			if (params.rsa_pss_dig != spki->rsa_pss_dig) {
-				_gnutls_debug_log("Asked to set RSA-PSS SPKI with %s, while we have %s\n",
-					gnutls_digest_get_name(spki->rsa_pss_dig),
-					gnutls_digest_get_name(params.rsa_pss_dig));
-				return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
-			}
-
-			if (params.salt_size > spki->salt_size) {
-				_gnutls_debug_log("Asked to set RSA-PSS SPKI with salt size %d, while we have %d\n",
-					(int)spki->salt_size, (int)params.salt_size);
-				return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
-			}
-		}
-
 		params.salt_size = spki->salt_size;
 		params.rsa_pss_dig = spki->rsa_pss_dig;
 	}