pki: Unify parsing of RSA padding scheme and fix disabling PSS

If PSS padding is enabled by default, not all commands allowed disabling
it explicitly.

diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c
index 7f91bf9b1e4d79419cb06e54dd7afa5723e7cc65..9084ef60128341f623a8f6513145999ebe80ffdc 100644 (file)
--- a/src/pki/commands/acert.c
+++ b/src/pki/commands/acert.c
@@ -64,11 +64,7 @@ static int acert()
                                }
                                continue;
                        case 'R':
-                               if (streq(arg, "pss"))
-                               {
-                                       pss = TRUE;
-                               }
-                               else if (!streq(arg, "pkcs1"))
+                               if (!parse_rsa_padding(arg, &pss))
                                {
                                        error = "invalid RSA padding";
                                        goto usage;

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index d8e908f0112b8eec9952b39bfde291abc3496630..c106237c88a34978ec6366d14d327596d743416e 100644 (file)
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -185,11 +185,7 @@ static int issue()
                                }
                                continue;
                        case 'R':
-                               if (streq(arg, "pss"))
-                               {
-                                       pss = TRUE;
-                               }
-                               else if (!streq(arg, "pkcs1"))
+                               if (!parse_rsa_padding(arg, &pss))
                                {
                                        error = "invalid RSA padding";
                                        goto usage;

diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index d9effb1d62f84c5ff41b71cd489be8217b0f68da..2578805f58b0d23bce8594a3cf1d9b7d8b7d7741 100644 (file)
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -105,12 +105,7 @@ static int req()
                                }
                                continue;
                        case 'R':       /* --rsa-padding */
-                               if (streq(arg, "pss"))
-                               {
-
-                                       pss = TRUE;
-                               }
-                               else if (!streq(arg, "pkcs1"))
+                               if (!parse_rsa_padding(arg, &pss))
                                {
                                        error = "invalid RSA padding";
                                        goto usage;

diff --git a/src/pki/commands/scep.c b/src/pki/commands/scep.c
index de36d0abd288bd31c4247a25e731d17fc7a17f98..3f58336f40c45ec6a861ed9adcb025317e36336e 100644 (file)
--- a/src/pki/commands/scep.c
+++ b/src/pki/commands/scep.c
@@ -162,15 +162,7 @@ static int scep()
                                }
                                continue;
                        case 'R':       /* --rsa-padding */
-                               if (streq(arg, "pss"))
-                               {
-                                       pss = TRUE;
-                               }
-                               else if (streq(arg, "pkcs1"))
-                               {
-                                       pss = FALSE;
-                               }
-                               else
+                               if (!parse_rsa_padding(arg, &pss))
                                {
                                        error = "invalid RSA padding";
                                        goto usage;

diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index c9c63465c9b0f1a79304978dfc0ad9e3bd03b080..da75dc68c8a673497e89071947057dc89efb6ee4 100644 (file)
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -129,11 +129,7 @@ static int self()
                                }
                                continue;
                        case 'R':
-                               if (streq(arg, "pss"))
-                               {
-                                       pss = TRUE;
-                               }
-                               else if (!streq(arg, "pkcs1"))
+                               if (!parse_rsa_padding(arg, &pss))
                                {
                                        error = "invalid RSA padding";
                                        goto usage;

diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 8df42220c1a125b1fd75fc155da39c2b3f159149..f854bdc87335597e9695e23b193b00bfe77a9c45 100644 (file)
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -146,11 +146,7 @@ static int sign_crl()
                                }
                                continue;
                        case 'R':
-                               if (streq(arg, "pss"))
-                               {
-                                       pss = TRUE;
-                               }
-                               else if (!streq(arg, "pkcs1"))
+                               if (!parse_rsa_padding(arg, &pss))
                                {
                                        error = "invalid RSA padding";
                                        goto usage;

diff --git a/src/pki/pki.c b/src/pki/pki.c
index b7ced926ed1e1c567452bc682d4f08ad6af0f211..0b03bf7aa6e14ff2297b05c9972a12665d73dce8 100644 (file)
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2018 Tobias Brunner
+ * Copyright (C) 2012-2023 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  *
  * Copyright (C) secunet Security Networks AG
@@ -238,6 +238,26 @@ void set_file_mode(FILE *stream, cred_encoding_type_t enc)
 #endif
 }
 
+/*
+ * Described in header
+ */
+bool parse_rsa_padding(char *padding, bool *pss)
+{
+       if (streq(padding, "pss"))
+       {
+               *pss = TRUE;
+       }
+       else if (streq(padding, "pkcs1"))
+       {
+               *pss = FALSE;
+       }
+       else
+       {
+               return FALSE;
+       }
+       return TRUE;
+}
+
 /**
  * Determine a default hash algorithm for the given key
  */

diff --git a/src/pki/pki.h b/src/pki/pki.h
index eee42c6a0a368e60ac6646a37854a44ca2d2e243..df98bd0700bd87f82fddda72183ce15ab4b6e760 100644 (file)
--- a/src/pki/pki.h
+++ b/src/pki/pki.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015-2017 Tobias Brunner
+ * Copyright (C) 2015-2023 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  *
  * Copyright (C) secunet Security Networks AG
@@ -58,6 +58,15 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span,
  */
 void set_file_mode(FILE *stream, cred_encoding_type_t enc);
 
+/**
+ * Parse RSA padding configuration.
+ *
+ * @param padding      input string to parse
+ * @param pss          set to TRUE if PSS padding should be used, FALSE otherwise
+ * @return                     TRUE if successfully parsed
+ */
+bool parse_rsa_padding(char *padding, bool *pss);
+
 /**
  * Determine the signature scheme and parameters for the given private key and
  * hash algorithm and whether to use PSS padding for RSA.