Treat RSASSA-PSS keys like rsaEncryption RSA keys

[thirdparty/strongswan.git] / src / libstrongswan / plugins / pkcs8 / pkcs8_builder.c

diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
index beb8866f885836cec887ed90a38e1504ff81e78b..9c1c03dfeb2fc886e6d027e12d9b50395049b947 100644 (file)
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@@ -63,6 +63,16 @@ static private_key_t *parse_private_key(chunk_t blob)
 
                                switch (oid)
                                {
+                                       case OID_RSASSA_PSS:
+                                               /* TODO: parameters associated with such keys should be
+                                                * treated as restrictions later when signing (the type
+                                                * itself is already a restriction). However, the
+                                                * builders currently don't expect any parameters for
+                                                * RSA keys (we also only pass along the params, not the
+                                                * exact type, so we'd have to guess that params
+                                                * indicate RSA/PSS, but they are optional so that won't
+                                                * work for keys without specific restrictions) */
+                                               params = chunk_empty;
                                        case OID_RSA_ENCRYPTION:
                                                type = KEY_RSA;
                                                break;