pki: Enable PSS padding if enabled in strongswan.conf
authorTobias Brunner <tobias@strongswan.org>
Mon, 30 Oct 2017 16:54:44 +0000 (17:54 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Nov 2017 15:48:10 +0000 (16:48 +0100)
src/pki/commands/acert.c
src/pki/commands/issue.c
src/pki/commands/req.c
src/pki/commands/self.c
src/pki/commands/signcrl.c

index 992237e..d1ea5c6 100644 (file)
@@ -45,7 +45,8 @@ static int acert()
        char *datenb = NULL, *datena = NULL, *dateform = NULL;
        rng_t *rng;
        char *arg;
-       bool pss = FALSE;
+       bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+                                                                          lib->ns);
 
        groups = linked_list_create();
 
index ab6e97b..1ccbca8 100644 (file)
@@ -67,7 +67,7 @@ static int issue()
        public_key_t *public = NULL;
        credential_type_t type = CRED_PUBLIC_KEY;
        key_type_t subtype = KEY_ANY;
-       bool pkcs10 = FALSE, pss = FALSE;
+       bool pkcs10 = FALSE;
        char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL;
        char *error = NULL, *keyid = NULL;
        identification_t *id = NULL;
@@ -85,6 +85,8 @@ static int issue()
        x509_cert_policy_t *policy = NULL;
        traffic_selector_t *ts;
        char *arg;
+       bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+                                                                          lib->ns);
 
        san = linked_list_create();
        cdps = linked_list_create();
index 4a63091..cfddbc4 100644 (file)
@@ -39,7 +39,8 @@ static int req()
        chunk_t encoding = chunk_empty;
        chunk_t challenge_password = chunk_empty;
        char *arg;
-       bool pss = FALSE;
+       bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+                                                                          lib->ns);
 
        san = linked_list_create();
 
index 763f047..6f7adef 100644 (file)
@@ -71,7 +71,8 @@ static int self()
        x509_cert_policy_t *policy = NULL;
        traffic_selector_t *ts;
        char *arg;
-       bool pss = FALSE;
+       bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+                                                                          lib->ns);
 
        san = linked_list_create();
        ocsp = linked_list_create();
index e0a9a1d..50f9396 100644 (file)
@@ -134,7 +134,8 @@ static int sign_crl()
        x509_cdp_t *cdp;
        chunk_t crl_serial = chunk_empty, baseCrlNumber = chunk_empty;
        chunk_t encoding = chunk_empty;
-       bool pss = FALSE;
+       bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+                                                                          lib->ns);
 
        list = linked_list_create();
        cdps = linked_list_create();