oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Handle rsa private keys better.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17118 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-04-21 11:23:16 +00:00
parent 1b73708904
commit 6bb4cc8a23
1 changed files with 17 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
lib/hx509/crypto.c
View File

@@ -799,7 +799,6 @@ static struct signature_alg *sig_algs[] = {
&sha1_alg, &sha1_alg,
&md5_alg, &md5_alg,
&md2_alg, &md2_alg,
0,
NULL NULL
}; };
@@ -817,9 +816,12 @@ static const struct signature_alg *
find_key_alg(const heim_oid *oid) find_key_alg(const heim_oid *oid)
{ {
int i; int i;
for (i = 0; sig_algs[i]; i++) for (i = 0; sig_algs[i]; i++) {
if (sig_algs[i]->key_oid == NULL)
continue;
if (heim_oid_cmp(sig_algs[i]->key_oid, oid) == 0) if (heim_oid_cmp(sig_algs[i]->key_oid, oid) == 0)
return sig_algs[i]; return sig_algs[i];
}
return NULL; return NULL;
} }
@@ -1095,6 +1097,11 @@ const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
{ 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
}; };
static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
const AlgorithmIdentifier _hx509_signature_rsa_data = {
{ 7, rk_UNCONST(rsa_oid) }, NULL
};
const AlgorithmIdentifier * const AlgorithmIdentifier *
hx509_signature_sha512(void) hx509_signature_sha512(void)
@@ -1136,6 +1143,10 @@ const AlgorithmIdentifier *
hx509_signature_rsa_with_sha1(void) hx509_signature_rsa_with_sha1(void)
{ return &_hx509_signature_rsa_with_sha1_data; } { return &_hx509_signature_rsa_with_sha1_data; }
const AlgorithmIdentifier *
hx509_signature_rsa(void)
{ return &_hx509_signature_rsa_data; }
int int
_hx509_new_private_key(hx509_private_key *key) _hx509_new_private_key(hx509_private_key *key)
{ {
@@ -1156,59 +1167,6 @@ _hx509_free_private_key(hx509_private_key *key)
return 0; return 0;
} }
int
_hx509_private_key_assign_key_file(hx509_private_key key,
hx509_lock lock,
const char *fn)
{
const struct _hx509_password *pw;
int i;
#ifdef HAVE_OPENSSL
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
#endif
if (key->private_key.rsa) {
RSA_free(key->private_key.rsa);
key->private_key.rsa = NULL;
}
pw = _hx509_lock_get_passwords(lock);
for (i = 0; i < pw->len + 1; i++) {
#if HAVE_OPENSSL
EVP_PKEY *private_key;
const char *password = NULL;
FILE *f;
if (i < pw->len)
password = pw->val[i];
f = fopen(fn, "r");
if (f == NULL)
return ENOMEM;
private_key = PEM_read_PrivateKey(f, NULL, NULL, rk_UNCONST(password));
fclose(f);
if (private_key == NULL)
continue;
key->private_key.rsa = EVP_PKEY_get1_RSA(private_key);
EVP_PKEY_free(private_key);
if (key->private_key.rsa == NULL)
return EINVAL;
key->md = &pkcs1_rsa_sha1_alg;
return 0;
#endif
}
return EINVAL;
}
void void
_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
{ {
@@ -1948,9 +1906,12 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
rsa->d = BN_dup(private_key->private_key.rsa->d); rsa->d = BN_dup(private_key->private_key.rsa->d);
rsa->p = BN_dup(private_key->private_key.rsa->p); rsa->p = BN_dup(private_key->private_key.rsa->p);
rsa->q = BN_dup(private_key->private_key.rsa->q); rsa->q = BN_dup(private_key->private_key.rsa->q);
rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
if (rsa->n == NULL || rsa->e == NULL || if (rsa->n == NULL || rsa->e == NULL ||
rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL) { rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
RSA_free(rsa); RSA_free(rsa);
return 0; return 0;
} }