diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-09-26 16:44:44 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:48:10 +0100 |
commit | 37efb9787b6e0c08fee9aad5a1d152105d5a4049 (patch) | |
tree | d0d38b287d770a40d0b7bc890ef9b423bf31979f | |
parent | f241a981aa77bf0e7b66d773b166b2486f305bbd (diff) | |
download | strongswan-37efb9787b6e0c08fee9aad5a1d152105d5a4049.tar.bz2 strongswan-37efb9787b6e0c08fee9aad5a1d152105d5a4049.tar.xz |
gcrypt: Add support for static salts when signing with RSA-PSS
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 5dc0bfd30..c06f43348 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -177,14 +177,25 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, if (pss) { - u_int slen = hasher_hash_size(hash_algorithm); - if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + if (pss->salt.len) { - slen = pss->salt_len; + err = gcry_sexp_build(&in, NULL, + "(data(flags pss)(salt-length %u)" + "(random-override %b)(hash %s %b))", + pss->salt.len, pss->salt.len, pss->salt.ptr, + hash_name, hash.len, hash.ptr); + } + else + { + u_int slen = hasher_hash_size(hash_algorithm); + if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + slen = pss->salt_len; + } + err = gcry_sexp_build(&in, NULL, + "(data(flags pss)(salt-length %u)(hash %s %b))", + slen, hash_name, hash.len, hash.ptr); } - err = gcry_sexp_build(&in, NULL, - "(data(flags pss)(salt-length %u)(hash %s %b))", - slen, hash_name, hash.len, hash.ptr); } else { |