gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag

That is, the privkey_sign_hash() function was made static (no users other
than the same file), and gnutls_privkey_sign_hash will take into account
the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 21 insertions, 1 deletions

diff --git a/lib/privkey.c b/lib/privkey.c
index 1bfca03a8d..dd57c041bc 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -39,6 +39,12 @@
 #include <abstract_int.h>
 
 static int
+privkey_sign_hash(gnutls_privkey_t signer,
+		  const gnutls_datum_t * hash_data,
+		  gnutls_datum_t * signature,
+		  gnutls_x509_spki_st * params);
+
+static int
 _gnutls_privkey_sign_raw_data(gnutls_privkey_t key,
 			     const gnutls_datum_t * data,
 			     gnutls_datum_t * signature,
@@ -1261,11 +1267,25 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
 		return _gnutls_privkey_sign_raw_data(signer,
 						     hash_data, signature,
 						     &params);
+	if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS) {
+		const mac_entry_st *me = hash_to_entry(hash_algo);
+		unsigned pk;
+		unsigned bits;
+
+		pk = gnutls_privkey_get_pk_algorithm(signer, &bits);
+
+		if (me == NULL || !GNUTLS_PK_IS_RSA(pk))
+			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+		params.pk = GNUTLS_PK_RSA_PSS;
+		params.salt_size =
+		    _gnutls_find_rsa_pss_salt_size(bits, me, 0);
+	}
 
 	return privkey_sign_hash(signer, hash_data, signature, &params);
 }
 
-int
+static int
 privkey_sign_hash(gnutls_privkey_t signer,
 		  const gnutls_datum_t * hash_data,
 		  gnutls_datum_t * signature,