Reverse the changes made to openssl plugin for signature verification
authorSansar Choinyambuu <schoinya@hsr.ch>
Wed, 2 Nov 2011 15:37:09 +0000 (16:37 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 20:18:05 +0000 (21:18 +0100)
src/libstrongswan/credentials/keys/public_key.c
src/libstrongswan/credentials/keys/public_key.h
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c

index 9c59ba7..37bba77 100644 (file)
@@ -26,7 +26,6 @@ ENUM(key_type_names, KEY_ANY, KEY_DSA,
 
 ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
        "UNKNOWN",
-       "RSA_SHA1"
        "RSA_EMSA_PKCS1_NULL",
        "RSA_EMSA_PKCS1_MD5",
        "RSA_EMSA_PKCS1_SHA1",
index 303d0b5..fdbe17f 100644 (file)
@@ -60,8 +60,6 @@ extern enum_name_t *key_type_names;
 enum signature_scheme_t {
        /** Unknown signature scheme                                       */
        SIGN_UNKNOWN,
-       /** Generic PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1  */
-       SIGN_RSA_SHA1,
        /** EMSA-PKCS1_v1.5 signature over digest without digestInfo       */
        SIGN_RSA_EMSA_PKCS1_NULL,
        /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5       */
index 00f1314..a24bae5 100644 (file)
@@ -116,64 +116,6 @@ error:
        return valid;
 }
 
-/**
- * Verification of an EMPSA PKCS1 signature described in PKCS#1
- */
-static bool verify_signature(private_openssl_rsa_public_key_t *this,
-                                                                               int type, chunk_t data, chunk_t signature)
-{
-       bool valid = FALSE;
-       int rsa_size = RSA_size(this->rsa);
-
-       /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
-       if (signature.len > rsa_size)
-       {
-               signature = chunk_skip(signature, signature.len - rsa_size);
-       }
-
-       if (type == NID_undef)
-       {
-               chunk_t hash = chunk_alloc(rsa_size);
-
-               hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
-                                                                         this->rsa, RSA_PKCS1_PADDING);
-               valid = chunk_equals(data, hash);
-               free(hash.ptr);
-       }
-       else
-       {
-               EVP_PKEY *key;
-               RSA *rsa = NULL;
-
-               key = EVP_PKEY_new();
-               if (!EVP_PKEY_set1_RSA(key, this->rsa))
-               {
-                       goto error;
-               }
-               rsa = EVP_PKEY_get1_RSA(key);
-               if (!rsa)
-               {
-                       goto error;
-               }
-
-               valid = (RSA_verify(type, data.ptr, data.len,
-                                                       signature.ptr, signature.len, rsa) == 1);
-
-error:
-               if (key)
-               {
-                       EVP_PKEY_free(key);
-               }
-               if (rsa)
-               {
-                       RSA_free(rsa);
-               }
-       }
-
-       return valid;
-}
-
-
 METHOD(public_key_t, get_type, key_type_t,
        private_openssl_rsa_public_key_t *this)
 {
@@ -186,8 +128,6 @@ METHOD(public_key_t, verify, bool,
 {
        switch (scheme)
        {
-               case SIGN_RSA_SHA1:
-                       return verify_signature(this, NID_sha1, data, signature);
                case SIGN_RSA_EMSA_PKCS1_NULL:
                        return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
                case SIGN_RSA_EMSA_PKCS1_SHA1: