switch to sign_pss, hopefully compatible with 3.0

fog · Dec 10, 2024 · c16f39c · c16f39c
1 parent 49b9af6
commit c16f39c
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/lib/fog/aws/requests/kms/sign.rb b/lib/fog/aws/requests/kms/sign.rb
@@ -35,10 +35,11 @@ def sign(identifier, message, algorithm, _options = {})
           # FIXME: SM2 support?
           sha = "SHA#{algorithm.split('_SHA_').last}"
 
-          signopts = {}
-          signopts[:rsa_padding_mode] = 'pss' if algorithm.start_with?('RSASSA_PSS')
-
-          signature = pkey.sign(sha, message, signopts)
+          signature = if algorithm.start_with?('RSASSA_PSS')
+                        pkey.sign_pss(sha, message, salt_length: :max, mgf1_hash: sha)
+                      else
+                        pkey.sign(sha, message)
+                      end
 
           response.body = {
             'KeyId' => identifier,