1 files changed, 13 insertions, 8 deletions

diff --git a/lib/privkey.c b/lib/privkey.c
index 8e353c5e5f..4ef07c8b06 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -43,7 +43,7 @@ privkey_sign_prehashed(gnutls_privkey_t signer,
 		       const gnutls_sign_entry_st *se,
 		       const gnutls_datum_t * hash_data,
 		       gnutls_datum_t * signature,
-		       gnutls_x509_spki_st * params, unsigned flags);
+		       gnutls_x509_spki_st * params);
 
 /**
  * gnutls_privkey_get_type:
@@ -1134,6 +1134,8 @@ gnutls_privkey_sign_data(gnutls_privkey_t signer,
 		return ret;
 	}
 
+	FIX_SIGN_PARAMS(params, flags, hash);
+
 	return privkey_sign_and_hash_data(signer, _gnutls_pk_to_sign_entry(params.pk, hash), data, signature, &params);
 }
 
@@ -1186,6 +1188,8 @@ gnutls_privkey_sign_data2(gnutls_privkey_t signer,
 		return ret;
 	}
 
+	FIX_SIGN_PARAMS(params, flags, se->hash);
+
 	return privkey_sign_and_hash_data(signer, se, data, signature, &params);
 }
 
@@ -1253,7 +1257,9 @@ gnutls_privkey_sign_hash2(gnutls_privkey_t signer,
 		return ret;
 	}
 
-	return privkey_sign_prehashed(signer, se, hash_data, signature, &params, flags);
+	FIX_SIGN_PARAMS(params, flags, se->hash);
+
+	return privkey_sign_prehashed(signer, se, hash_data, signature, &params);
 }
 
 int
@@ -1376,8 +1382,10 @@ gnutls_privkey_sign_hash(gnutls_privkey_t signer,
 	if (unlikely(se == NULL))
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
+	FIX_SIGN_PARAMS(params, flags, hash_algo);
+
 	return privkey_sign_prehashed(signer, se,
-				      hash_data, signature, &params, flags);
+				      hash_data, signature, &params);
 }
 
 static int
@@ -1385,8 +1393,7 @@ privkey_sign_prehashed(gnutls_privkey_t signer,
 		       const gnutls_sign_entry_st *se,
 		       const gnutls_datum_t * hash_data,
 		       gnutls_datum_t * signature,
-		       gnutls_x509_spki_st * params,
-		       unsigned flags)
+		       gnutls_x509_spki_st * params)
 {
 	int ret;
 	gnutls_datum_t digest;
@@ -1492,8 +1499,6 @@ privkey_sign_raw_data(gnutls_privkey_t key,
 							   0,
 							   data, signature);
 		} else if (key->key.ext.sign_hash_func) {
-			unsigned int flags = 0;
-
 			if (se->pk == GNUTLS_PK_RSA) {
 				se = _gnutls_sign_to_entry(GNUTLS_SIGN_RSA_RAW);
 				assert(se != NULL);
@@ -1502,7 +1507,7 @@ privkey_sign_raw_data(gnutls_privkey_t key,
 			/* se may not be set here if we are doing legacy RSA */
 			return key->key.ext.sign_hash_func(key, se->id,
 							   key->key.ext.userdata,
-							   flags,
+							   0,
 							   data, signature);
 		} else {
 			if (!PK_IS_OK_FOR_EXT2(se->pk))