Bug 1415187, certutil: Create non-restricted RSA-PSS certificate unless -Z is given, r=hkario, r=kaie
authorDaiki Ueno <dueno@redhat.com>
Tue, 07 Nov 2017 15:50:59 +0100
changeset 14107 0e80229a75b5c5ef92a2033e40617c1c489546b8
parent 14106 8f54441131ab172941c1f778fef4eb1b8e131e35
child 14113 15ffe14f15e0a1480d8dc97d33054470740eccc8
push id2873
push userdueno@redhat.com
push dateWed, 08 Nov 2017 13:40:14 +0000
reviewershkario, kaie
bugs1415187
Bug 1415187, certutil: Create non-restricted RSA-PSS certificate unless -Z is given, r=hkario, r=kaie
cmd/certutil/certutil.c
--- a/cmd/certutil/certutil.c
+++ b/cmd/certutil/certutil.c
@@ -223,17 +223,18 @@ CertReq(SECKEYPrivateKey *privk, SECKEYP
             PORT_FreeArena(arena, PR_FALSE);
             SECKEY_DestroySubjectPublicKeyInfo(spki);
             SECU_PrintError(progName, "unable to create RSA-PSS parameters");
             return SECFailure;
         }
 
         spki->algorithm.parameters.data = NULL;
         rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
-                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE, params);
+                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+                                   hashAlgTag == SEC_OID_UNKNOWN ? NULL : params);
         if (rv != SECSuccess) {
             PORT_FreeArena(arena, PR_FALSE);
             SECKEY_DestroySubjectPublicKeyInfo(spki);
             SECU_PrintError(progName, "unable to set algorithm ID");
             return SECFailure;
         }
     }