diff options
Diffstat (limited to 'src/certtool.c')
-rw-r--r-- | src/certtool.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/src/certtool.c b/src/certtool.c index c92095a497..e4421c2dd1 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -135,6 +135,8 @@ generate_private_key_int(common_info_st * cinfo) int ret, key_type, bits; unsigned provable = cinfo->provable; unsigned flags = 0; + gnutls_keygen_data_st kdata[8]; + unsigned kdata_size = 0; key_type = req_key_type; @@ -188,12 +190,15 @@ generate_private_key_int(common_info_st * cinfo) } } - if (cinfo->seed_size > 0) { - gnutls_keygen_data_st data; + if (HAVE_OPT(SALT_SIZE)) { + kdata[kdata_size].type = GNUTLS_KEYGEN_RSA_PSS_SALT_SIZE; + kdata[kdata_size++].size = OPT_VALUE_SALT_SIZE; + } - data.type = GNUTLS_KEYGEN_SEED; - data.data = (void*)cinfo->seed; - data.size = cinfo->seed_size; + if (cinfo->seed_size > 0) { + kdata[kdata_size].type = GNUTLS_KEYGEN_SEED; + kdata[kdata_size].data = (void*)cinfo->seed; + kdata[kdata_size++].size = cinfo->seed_size; if (GNUTLS_PK_IS_RSA(key_type)) { if ((bits == 3072 && cinfo->seed_size != 32) || (bits == 2048 && cinfo->seed_size != 28)) { @@ -205,17 +210,19 @@ generate_private_key_int(common_info_st * cinfo) } } - ret = gnutls_x509_privkey_generate2(key, key_type, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE, &data, 1); - } else { - gnutls_keygen_data_st data; + flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE; + } - data.type = GNUTLS_KEYGEN_DIGEST; - data.size = default_dig; + if (default_dig) { + kdata[kdata_size].type = GNUTLS_KEYGEN_RSA_PSS_DIGEST; + kdata[kdata_size++].size = default_dig; - if (provable) - flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE; - ret = gnutls_x509_privkey_generate2(key, key_type, bits, flags, &data, 1); } + + if (provable) + flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE; + + ret = gnutls_x509_privkey_generate2(key, key_type, bits, flags, kdata, kdata_size); if (ret < 0) { fprintf(stderr, "privkey_generate: %s\n", gnutls_strerror(ret)); |