From f517f39e93fdc924e04d411c9356f51729fb2bbe Mon Sep 17 00:00:00 2001
From: fulder <misad90@gmail.com>
Date: Fri, 28 Aug 2020 14:13:48 +0200
Subject: [PATCH] Default to hash lenght for salt in PSS

---
 httpsig/sign_algorithms.py | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/httpsig/sign_algorithms.py b/httpsig/sign_algorithms.py
index e4d2656..0179f94 100644
--- a/httpsig/sign_algorithms.py
+++ b/httpsig/sign_algorithms.py
@@ -35,27 +35,37 @@ def __init__(self, hash_algorithm=DEFAULT_HASH_ALGORITHM, salt_length=None, mgfu
         self.salt_length = salt_length
         self.mgfunc = mgfunc
 
-    def _create_pss(self, key):
+    def _create_pss(self, key, salt_length):
         try:
             rsa_key = RSA.importKey(key)
-            pss = PKCS1_PSS.new(rsa_key, saltLen=self.salt_length, mgfunc=self.mgfunc)
+            pss = PKCS1_PSS.new(rsa_key, saltLen=salt_length, mgfunc=self.mgfunc)
         except ValueError:
             raise HttpSigException("Invalid key.")
         return pss
 
     def sign(self, private_key, data):
-        pss = self._create_pss(private_key)
-
         if isinstance(data, six.string_types):
             data = data.encode("ascii")
 
         h = self.hash_algorithm.new()
         h.update(data)
+
+        salt_length = self.salt_length
+        if salt_length is None:
+            salt_length = h.digest_size
+
+        pss = self._create_pss(private_key, salt_length)
+
         return pss.sign(h)
 
     def verify(self, public_key, data, signature):
-        pss = self._create_pss(public_key)
-
         h = self.hash_algorithm.new()
         h.update(data)
+
+        salt_length = self.salt_length
+        if salt_length is None:
+            salt_length = h.digest_size
+
+        pss = self._create_pss(public_key, salt_length)
+
         return pss.verify(h, base64.b64decode(signature))