x509_t.build_encoding() now supports any hash algorithm

1 files changed, 32 insertions, 13 deletions

diff --git a/src/libstrongswan/crypto/x509.c b/src/libstrongswan/crypto/x509.c
index 60ab53df0..022f15c93 100755
--- a/src/libstrongswan/crypto/x509.c
+++ b/src/libstrongswan/crypto/x509.c
@@ -1381,23 +1381,42 @@ static chunk_t x509_build_tbs(private_x509_t *this)
 static void build_encoding(private_x509_t *this, hash_algorithm_t alg,
 						   rsa_private_key_t *private_key)
 {
-	chunk_t tbs_cert, rawSignature, signature;
-	u_char *pos;
-
-	this->signatureAlgorithm = OID_SHA1_WITH_RSA;
-	tbs_cert = x509_build_tbs(this);
-	private_key->build_emsa_pkcs1_signature(private_key, alg, tbs_cert,
-											&rawSignature);
+	switch (alg)
+	{
+		case HASH_MD5:
+			this->signatureAlgorithm = OID_MD5_WITH_RSA;
+			break;
+		case HASH_SHA1:
+		default:
+			this->signatureAlgorithm = OID_SHA1_WITH_RSA;
+			break;
+		case HASH_SHA256:
+			this->signatureAlgorithm = OID_SHA256_WITH_RSA;
+			break;
+		case HASH_SHA384:
+			this->signatureAlgorithm = OID_SHA384_WITH_RSA;
+			break;
+		case HASH_SHA512:
+ 			this->signatureAlgorithm = OID_SHA512_WITH_RSA;
+	}
+	this->tbsCertificate = x509_build_tbs(this);
+	{
+		chunk_t rawSignature;
+		u_char *pos;
 
-	pos = build_asn1_object(&signature, ASN1_BIT_STRING, 1 + rawSignature.len);
-	*pos++ = 0x00;
-	memcpy(pos, rawSignature.ptr, rawSignature.len);
-	free(rawSignature.ptr);
+		private_key->build_emsa_pkcs1_signature(private_key, alg,
+						this->tbsCertificate,	&rawSignature);
 
+		pos = build_asn1_object(&this->signature, ASN1_BIT_STRING,
+						 1 + rawSignature.len);
+		*pos++ = 0x00;
+		memcpy(pos, rawSignature.ptr, rawSignature.len);
+		free(rawSignature.ptr);
+	}
     this->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm",
-				tbs_cert,
+				this->tbsCertificate,
 				asn1_algorithmIdentifier(this->signatureAlgorithm),
-				signature);
+				this->signature);
 
 }