diff options
author | Sansar Choinyambuu <schoinya@hsr.ch> | 2011-11-02 16:37:09 +0100 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-11-28 14:39:53 +0100 |
commit | 19fa287f6e01021f8957481fcc1081ef3cde48f0 (patch) | |
tree | 5c9e3f96471301353ac24ebf6e69fa0d2eae36b1 | |
parent | 90cc99db5aeeb25036fa1ae7f8a335c0a7574341 (diff) | |
download | strongswan-19fa287f6e01021f8957481fcc1081ef3cde48f0.tar.bz2 strongswan-19fa287f6e01021f8957481fcc1081ef3cde48f0.tar.xz |
Reverse the changes made to openssl plugin for signature verification
-rw-r--r-- | src/libstrongswan/credentials/keys/public_key.c | 1 | ||||
-rw-r--r-- | src/libstrongswan/credentials/keys/public_key.h | 2 | ||||
-rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c | 60 |
3 files changed, 0 insertions, 63 deletions
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 9c59ba798..37bba77d1 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -26,7 +26,6 @@ ENUM(key_type_names, KEY_ANY, KEY_DSA, ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521, "UNKNOWN", - "RSA_SHA1" "RSA_EMSA_PKCS1_NULL", "RSA_EMSA_PKCS1_MD5", "RSA_EMSA_PKCS1_SHA1", diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 303d0b592..fdbe17f2c 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -60,8 +60,6 @@ extern enum_name_t *key_type_names; enum signature_scheme_t { /** Unknown signature scheme */ SIGN_UNKNOWN, - /** Generic PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */ - SIGN_RSA_SHA1, /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */ SIGN_RSA_EMSA_PKCS1_NULL, /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 00f131423..a24bae5d6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -116,64 +116,6 @@ error: return valid; } -/** - * Verification of an EMPSA PKCS1 signature described in PKCS#1 - */ -static bool verify_signature(private_openssl_rsa_public_key_t *this, - int type, chunk_t data, chunk_t signature) -{ - bool valid = FALSE; - int rsa_size = RSA_size(this->rsa); - - /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */ - if (signature.len > rsa_size) - { - signature = chunk_skip(signature, signature.len - rsa_size); - } - - if (type == NID_undef) - { - chunk_t hash = chunk_alloc(rsa_size); - - hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr, - this->rsa, RSA_PKCS1_PADDING); - valid = chunk_equals(data, hash); - free(hash.ptr); - } - else - { - EVP_PKEY *key; - RSA *rsa = NULL; - - key = EVP_PKEY_new(); - if (!EVP_PKEY_set1_RSA(key, this->rsa)) - { - goto error; - } - rsa = EVP_PKEY_get1_RSA(key); - if (!rsa) - { - goto error; - } - - valid = (RSA_verify(type, data.ptr, data.len, - signature.ptr, signature.len, rsa) == 1); - -error: - if (key) - { - EVP_PKEY_free(key); - } - if (rsa) - { - RSA_free(rsa); - } - } - - return valid; -} - - METHOD(public_key_t, get_type, key_type_t, private_openssl_rsa_public_key_t *this) { @@ -186,8 +128,6 @@ METHOD(public_key_t, verify, bool, { switch (scheme) { - case SIGN_RSA_SHA1: - return verify_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, NID_undef, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA1: |