From: Tobias Brunner Date: Thu, 30 Mar 2023 12:23:38 +0000 (+0200) Subject: pki: Unify parsing of RSA padding scheme and fix disabling PSS X-Git-Tag: 5.9.11dr2~3^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e2a267447615e7e05b684a3facf4213d59b418df;p=thirdparty%2Fstrongswan.git pki: Unify parsing of RSA padding scheme and fix disabling PSS If PSS padding is enabled by default, not all commands allowed disabling it explicitly. --- diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c index 7f91bf9b1e..9084ef6012 100644 --- a/src/pki/commands/acert.c +++ b/src/pki/commands/acert.c @@ -64,11 +64,7 @@ static int acert() } continue; case 'R': - if (streq(arg, "pss")) - { - pss = TRUE; - } - else if (!streq(arg, "pkcs1")) + if (!parse_rsa_padding(arg, &pss)) { error = "invalid RSA padding"; goto usage; diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index d8e908f011..c106237c88 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -185,11 +185,7 @@ static int issue() } continue; case 'R': - if (streq(arg, "pss")) - { - pss = TRUE; - } - else if (!streq(arg, "pkcs1")) + if (!parse_rsa_padding(arg, &pss)) { error = "invalid RSA padding"; goto usage; diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index d9effb1d62..2578805f58 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -105,12 +105,7 @@ static int req() } continue; case 'R': /* --rsa-padding */ - if (streq(arg, "pss")) - { - - pss = TRUE; - } - else if (!streq(arg, "pkcs1")) + if (!parse_rsa_padding(arg, &pss)) { error = "invalid RSA padding"; goto usage; diff --git a/src/pki/commands/scep.c b/src/pki/commands/scep.c index de36d0abd2..3f58336f40 100644 --- a/src/pki/commands/scep.c +++ b/src/pki/commands/scep.c @@ -162,15 +162,7 @@ static int scep() } continue; case 'R': /* --rsa-padding */ - if (streq(arg, "pss")) - { - pss = TRUE; - } - else if (streq(arg, "pkcs1")) - { - pss = FALSE; - } - else + if (!parse_rsa_padding(arg, &pss)) { error = "invalid RSA padding"; goto usage; diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index c9c63465c9..da75dc68c8 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -129,11 +129,7 @@ static int self() } continue; case 'R': - if (streq(arg, "pss")) - { - pss = TRUE; - } - else if (!streq(arg, "pkcs1")) + if (!parse_rsa_padding(arg, &pss)) { error = "invalid RSA padding"; goto usage; diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 8df42220c1..f854bdc873 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -146,11 +146,7 @@ static int sign_crl() } continue; case 'R': - if (streq(arg, "pss")) - { - pss = TRUE; - } - else if (!streq(arg, "pkcs1")) + if (!parse_rsa_padding(arg, &pss)) { error = "invalid RSA padding"; goto usage; diff --git a/src/pki/pki.c b/src/pki/pki.c index b7ced926ed..0b03bf7aa6 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2018 Tobias Brunner + * Copyright (C) 2012-2023 Tobias Brunner * Copyright (C) 2009 Martin Willi * * Copyright (C) secunet Security Networks AG @@ -238,6 +238,26 @@ void set_file_mode(FILE *stream, cred_encoding_type_t enc) #endif } +/* + * Described in header + */ +bool parse_rsa_padding(char *padding, bool *pss) +{ + if (streq(padding, "pss")) + { + *pss = TRUE; + } + else if (streq(padding, "pkcs1")) + { + *pss = FALSE; + } + else + { + return FALSE; + } + return TRUE; +} + /** * Determine a default hash algorithm for the given key */ diff --git a/src/pki/pki.h b/src/pki/pki.h index eee42c6a0a..df98bd0700 100644 --- a/src/pki/pki.h +++ b/src/pki/pki.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015-2017 Tobias Brunner + * Copyright (C) 2015-2023 Tobias Brunner * Copyright (C) 2009 Martin Willi * * Copyright (C) secunet Security Networks AG @@ -58,6 +58,15 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, */ void set_file_mode(FILE *stream, cred_encoding_type_t enc); +/** + * Parse RSA padding configuration. + * + * @param padding input string to parse + * @param pss set to TRUE if PSS padding should be used, FALSE otherwise + * @return TRUE if successfully parsed + */ +bool parse_rsa_padding(char *padding, bool *pss); + /** * Determine the signature scheme and parameters for the given private key and * hash algorithm and whether to use PSS padding for RSA.