switch to sign_pss, hopefully compatible with 3.0

geemus · geemus · commit c16f39c0de86 · 2024-12-10T22:38:07.000Z
diff --git a/lib/fog/aws/requests/kms/sign.rb b/lib/fog/aws/requests/kms/sign.rb
@@ -35,10 +35,11 @@ def sign(identifier, message, algorithm, _options = {})
           # FIXME: SM2 support?
           sha = "SHA#{algorithm.split('_SHA_').last}"
 
-          signopts = {}
-          signopts[:rsa_padding_mode] = 'pss' if algorithm.start_with?('RSASSA_PSS')
-
-          signature = pkey.sign(sha, message, signopts)
+          signature = if algorithm.start_with?('RSASSA_PSS')
+                        pkey.sign_pss(sha, message, salt_length: :max, mgf1_hash: sha)
+                      else
+                        pkey.sign(sha, message)
+                      end
 
           response.body = {
             'KeyId' => identifier,
