ECB mode added to the DES plugin
[strongswan.git] / src / libstrongswan / plugins / x509 / x509_ocsp_request.c
index ce77359..c97c306 100644 (file)
@@ -23,7 +23,6 @@
 #include <asn1/oid.h>
 #include <asn1/asn1.h>
 #include <utils/identification.h>
-#include <utils/randomizer.h>
 #include <utils/linked_list.h>
 #include <debug.h>
 #include <credentials/certificates/x509.h>
@@ -205,14 +204,18 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
  */
 static chunk_t build_nonce(private_x509_ocsp_request_t *this)
 {
-       randomizer_t *randomizer;
+       rng_t *rng;
        
-       randomizer = randomizer_create();
-       randomizer->allocate_pseudo_random_bytes(randomizer, NONCE_LEN, &this->nonce);
-       randomizer->destroy(randomizer);
-       
-    return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-                               asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+       if (rng)
+       {
+               rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
+               rng->destroy(rng);
+               return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
+                                       asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+       }
+       DBG1("creating OCSP request nonce failed, no RNG found");
+       return chunk_empty;
 }
 
 /**
@@ -264,6 +267,10 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
                        oid = OID_SHA1_WITH_RSA;
                        scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
                        break;
+               case KEY_ECDSA:
+                       oid = OID_ECDSA_WITH_SHA1;
+                       scheme = SIGN_ECDSA_WITH_SHA1;
+                       break;
                default:
                        DBG1("unable to sign OCSP request, %N signature not supported",
                                 key_type_names, this->key->get_type(this->key));
@@ -540,6 +547,8 @@ static void add(private_builder_t *this, builder_part_t part, ...)
 {
        va_list args;
        certificate_t *cert;
+       identification_t *subject;
+       private_key_t *private;
        
        va_start(args, part);
        switch (part)
@@ -548,35 +557,36 @@ static void add(private_builder_t *this, builder_part_t part, ...)
                        cert = va_arg(args, certificate_t*);
                        if (cert->get_type(cert) == CERT_X509)
                        {
-                               this->req->ca = (x509_t*)cert;
-                       }
-                       else
-                       {
-                               cert->destroy(cert);
+                               this->req->ca = (x509_t*)cert->get_ref(cert);
                        }
                        break;
                case BUILD_CERT:
                        cert = va_arg(args, certificate_t*);
                        if (cert->get_type(cert) == CERT_X509)
                        {
-                               this->req->candidates->insert_last(this->req->candidates, cert);
-                       }
-                       else
-                       {
-                               cert->destroy(cert);
+                               this->req->candidates->insert_last(this->req->candidates,
+                                                                                                  cert->get_ref(cert));
                        }
                        break;
                case BUILD_SIGNING_CERT:
-                       this->req->cert = va_arg(args, certificate_t*);
+                       cert = va_arg(args, certificate_t*);
+                       this->req->cert = cert->get_ref(cert);
                        break;
                case BUILD_SIGNING_KEY:
-                       this->req->key = va_arg(args, private_key_t*);
+                       private = va_arg(args, private_key_t*);
+                       this->req->key = private->get_ref(private);
                        break;
                case BUILD_SUBJECT:
-                       this->req->requestor = va_arg(args, identification_t*);
+                       subject = va_arg(args, identification_t*);
+                       this->req->requestor = subject->clone(subject);
                        break;
                default:
-                       DBG1("ignoring unsupported build part %N", builder_part_names, part);
+                       /* cancel if option not supported */
+                       if (this->req)
+                       {
+                               destroy(this->req);
+                       }
+                       builder_cancel(&this->public);
                        break;
        }
        va_end(args);