diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-06-10 15:29:52 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-06-10 15:29:57 +0200 |
| commit | dfa5fb0358f6060c82c099d0cb68a4109ffb6f16 (patch) | |
| tree | 5c186e0df2ff7450ed1cc4b953877a4fc399196e | |
| parent | 3e3de01b28bf90dc2cafda9916aac4d0abdece76 (diff) | |
| download | strongswan-dfa5fb0358f6060c82c099d0cb68a4109ffb6f16.tar.bz2 strongswan-dfa5fb0358f6060c82c099d0cb68a4109ffb6f16.tar.xz | |
implemented IKEv1 RSA signing in openssl_rsa_private_key.c
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c | 97 |
1 files changed, 54 insertions, 43 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 12040f229..6ed999f68 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -78,59 +78,68 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGN * Build an EMPSA PKCS1 signature described in PKCS#1 */ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, - int type, chunk_t data, chunk_t *out) + int type, chunk_t data, chunk_t *sig) { bool success = FALSE; - u_char *sig = NULL; - u_int len; - const EVP_MD *hasher = EVP_get_digestbynid(type); - if (!hasher) - { - return FALSE; - } - - EVP_MD_CTX *ctx = EVP_MD_CTX_create(); - EVP_PKEY *key = EVP_PKEY_new(); - if (!ctx || !key) - { - goto error; - } - - if (!EVP_PKEY_set1_RSA(key, this->rsa)) - { - goto error; - } - - if (!EVP_SignInit_ex(ctx, hasher, NULL)) - { - goto error; - } - - if (!EVP_SignUpdate(ctx, data.ptr, data.len)) - { - goto error; - } - - sig = malloc(EVP_PKEY_size(key)); - if (EVP_SignFinal(ctx, sig, &len, key)) + + *sig = chunk_alloc(RSA_size(this->rsa)); + + if (type == NID_undef) { - out->ptr = sig; - out->len = len; - success = TRUE; + if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa, + RSA_PKCS1_PADDING) == sig->len) + { + success = TRUE; + } } else { - free(sig); - } + EVP_MD_CTX *ctx; + EVP_PKEY *key; + const EVP_MD *hasher; + + hasher = EVP_get_digestbynid(type); + if (!hasher) + { + return FALSE; + } + + ctx = EVP_MD_CTX_create(); + key = EVP_PKEY_new(); + if (!ctx || !key) + { + goto error; + } + if (!EVP_PKEY_set1_RSA(key, this->rsa)) + { + goto error; + } + if (!EVP_SignInit_ex(ctx, hasher, NULL)) + { + goto error; + } + if (!EVP_SignUpdate(ctx, data.ptr, data.len)) + { + goto error; + } + if (EVP_SignFinal(ctx, sig->ptr, &sig->len, key)) + { + success = TRUE; + } error: - if (key) - { - EVP_PKEY_free(key); + if (key) + { + EVP_PKEY_free(key); + } + if (ctx) + { + EVP_MD_CTX_destroy(ctx); + } } - if (ctx) + if (!success) { - EVP_MD_CTX_destroy(ctx); + free(sig->ptr); } return success; } @@ -151,6 +160,8 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch { switch (scheme) { + case SIGN_RSA_EMSA_PKCS1_NULL: + return build_emsa_pkcs1_signature(this, NID_undef, data, signature); case SIGN_DEFAULT: case SIGN_RSA_EMSA_PKCS1_SHA1: return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); |