gnutls_x509_privkey_generate*: allow specifying the SPKI parameters for key generation

This in turn removes the need for reading the flag GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE on the key generation process. The flag is now only used during key signing which is also its documented purpose. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-03 16:46:32 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-08-04 11:08:51 +0200
commit: f10289f6d8c04111d3a7777f4ed9710a8114ef2f (patch)
tree: fb5bb71fb5ede40be849a2f4b330613d4bd7b3f5 /lib/privkey.c
parent: 78b693365707dfc5556040739dff7bcdcd70170c (diff)
download: gnutls-f10289f6d8c04111d3a7777f4ed9710a8114ef2f.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/privkey.c b/lib/privkey.c
index 543886eef0..2011ca8a45 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -345,10 +345,10 @@ _gnutls_privkey_update_spki_params(gnutls_privkey_t key,
 			salt_size = params->salt_size;
 		}
 
-		if (!(flags & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE))
-			salt_size = _gnutls_find_rsa_pss_salt_size(bits, me, salt_size);
-
-		params->salt_size = salt_size;
+		if (flags & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE)
+			params->salt_size = 0;
+		else
+			params->salt_size = _gnutls_find_rsa_pss_salt_size(bits, me, salt_size);
 		params->rsa_pss_dig = dig;
 	}
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-03 16:46:32 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-08-04 11:08:51 +0200
commit	f10289f6d8c04111d3a7777f4ed9710a8114ef2f (patch)
tree	fb5bb71fb5ede40be849a2f4b330613d4bd7b3f5 /lib/privkey.c
parent	78b693365707dfc5556040739dff7bcdcd70170c (diff)
download	gnutls-f10289f6d8c04111d3a7777f4ed9710a8114ef2f.tar.gz