From fd3554ab36b8ab20e34a187afdc82ceead470739 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Fri, 22 Jul 2022 13:18:18 +0200
Subject: Update OpenVPN/OpenVPN3, use xkey in OpenVPN3

---
 main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'main/src/ui')

diff --git a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
index 780fa217..0cbd7ce5 100644
--- a/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
+++ b/main/src/ui/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java
@@ -237,6 +237,9 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
         VpnStatus.logDebug("Got external PKI signing request from OpenVPN core for algorithm " + signreq.getAlgorithm());
         SignaturePadding padding;
         switch (signreq.getAlgorithm()) {
+            case "RSA_PKCS1_PSS_PADDING":
+                padding = SignaturePadding.RSA_PKCS1_PSS_PADDING;
+                break;
             case "RSA_PKCS1_PADDING":
                 padding = SignaturePadding.RSA_PKCS1_PADDING;
                 break;
@@ -249,7 +252,8 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable
             default:
                 throw new IllegalArgumentException("Illegal padding in sign request" + signreq.getAlgorithm());
         }
-        signreq.setSig(mVp.getSignedData(mService, signreq.getData(), padding, "", "", false));
+        boolean needDigest = !signreq.getHashalg().isEmpty();
+        signreq.setSig(mVp.getSignedData(mService, signreq.getData(), padding, signreq.getSaltlen(), signreq.getHashalg(), needDigest));
     }
 
     void setUserPW() {
-- 
cgit v1.2.3