New upstream version 5.6.1

2 files changed, 13 insertions, 0 deletions

diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 3ff09f5f2..9c408c443 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -245,9 +245,11 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
 GEM = @GEM@
 GENHTML = @GENHTML@
 GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
 GPRBUILD = @GPRBUILD@
 GREP = @GREP@
 INSTALL = @INSTALL@
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
index beb8866f8..6cd5da4fd 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@@ -63,6 +63,17 @@ static private_key_t *parse_private_key(chunk_t blob)
 
 				switch (oid)
 				{
+					case OID_RSASSA_PSS:
+						/* TODO: parameters associated with such keys should be
+						 * treated as restrictions later when signing (the type
+						 * itself is already a restriction). However, the
+						 * builders currently don't expect any parameters for
+						 * RSA keys (we also only pass along the params, not the
+						 * exact type, so we'd have to guess that params
+						 * indicate RSA/PSS, but they are optional so that won't
+						 * work for keys without specific restrictions) */
+						params = chunk_empty;
+						/* fall-through */
 					case OID_RSA_ENCRYPTION:
 						type = KEY_RSA;
 						break;