gnutls_x509_privkey_generate2: do not hardcode the RSA-PSS hash to SHA256

Instead use _gnutls_pk_bits_to_sha_hash() to set an appropriate hash for the number of bits of the key. This matches better the "intention" of RSA-PSS or tying the security parameter with the salt and hash. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-25 16:33:26 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-03 11:57:52 +0200
commit: e8b944e870a7247e0a8e541405b9e32b310ea8eb (patch)
tree: e5cfc5b9767b0d5f4644c48ca10b6ff9c407ec63 /lib/algorithms.h
parent: f24d8170bdfe14d1fdffb7e8239e2c6cd512ec6b (diff)
download: gnutls-e8b944e870a7247e0a8e541405b9e32b310ea8eb.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h
index ca137a83ac..46f411e685 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -334,6 +334,7 @@ const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
 						 sign);
 
 unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits);
+gnutls_digest_algorithm_t _gnutls_pk_bits_to_sha_hash(unsigned int pk_bits);
 
 bool _gnutls_pk_is_not_prehashed(gnutls_pk_algorithm_t algorithm);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-25 16:33:26 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-03 11:57:52 +0200
commit	e8b944e870a7247e0a8e541405b9e32b310ea8eb (patch)
tree	e5cfc5b9767b0d5f4644c48ca10b6ff9c407ec63 /lib/algorithms.h
parent	f24d8170bdfe14d1fdffb7e8239e2c6cd512ec6b (diff)
download	gnutls-e8b944e870a7247e0a8e541405b9e32b310ea8eb.tar.gz