diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-24 10:12:54 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-03 11:57:52 +0200 |
| commit | 67fac0f4ccb43c983c110060639de95168ca04a1 (patch) | |
| tree | 9b1d8a5d10039a2ba9657d630652b9e10a551426 /lib/crypto-backend.h | |
| parent | 7ee95dc1c31133f6dde92f4b104359061bfeb700 (diff) | |
| download | gnutls-67fac0f4ccb43c983c110060639de95168ca04a1.tar.gz | |
Clarified the purpose of the spki params related functions
_gnutls_privkey_get_sign_params was renamed to _gnutls_privkey_get_spki_params,
_gnutls_privkey_update_sign_params to _gnutls_privkey_update_spki_params,
and the dig entry of gnutls_x509_spki_st was renamed to rsa_pss_dig.
The reason is that there could be a confusion on the purpose of
the 'dig' entry, as it could be assumed to be the signature's hash
algorithm in the general case. That could not be because the SPKI
parameters do not contain it for any other algorithm than RSA-PSS.
As such, make a logical separation from SPKI reading functions
with the signature reading functions and try to use the
gnutls_sign_entry_st when signature information is required.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/crypto-backend.h')
| -rw-r--r-- | lib/crypto-backend.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index 07b23cb0f1..9a7c527a0f 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -166,8 +166,13 @@ typedef struct gnutls_crypto_bigint { /* additional information about the public key */ typedef struct gnutls_x509_spki_st { + /* We can have a key which is of type RSA, but a certificate + * of type RSA-PSS; the value here will be the expected value + * for signatures (i.e., RSA-PSS) */ gnutls_pk_algorithm_t pk; - gnutls_digest_algorithm_t dig; + + /* the digest used by RSA-PSS */ + gnutls_digest_algorithm_t rsa_pss_dig; /* the size of salt used by RSA-PSS */ unsigned int salt_size; |