[pkg-opensc-commit] [libp11] 215/239: Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt.

Eric Dorland eric at moszumanska.debian.org
Sat Oct 17 06:21:35 UTC 2015 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit d60358034f29a8124ea120504dc066ce6e764cd3
Author: Stephane Adenot <stephane.adenot at c-s.fr>
Date:   Mon Aug 31 11:17:57 2015 +0200

    Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt.
    
    Permitting raw RSA operations is usefull when the software
    (e.g. openssl) wants to do the padding itself.
---
 src/p11_ops.c | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/src/p11_ops.c b/src/p11_ops.c
index e13eedd..a7b81fd 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -148,9 +148,27 @@ PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	if (key == NULL)
 		return -1;
 
-	if (padding != RSA_PKCS1_PADDING) {
-		printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
-		return -1;
+	sigsize=PKCS11_get_key_size(key);
+	ck_sigsize=sigsize;
+
+	memset(&mechanism, 0, sizeof(mechanism));
+
+	switch (padding) {
+
+		case RSA_NO_PADDING:
+			mechanism.mechanism = CKM_RSA_X_509;
+			break;
+
+		case RSA_PKCS1_PADDING:
+			if ((flen + RSA_PKCS1_PADDING_SIZE) > sigsize) {
+				return -1; /* the size is wrong */
+			}
+			mechanism.mechanism = CKM_RSA_PKCS;
+			break;
+
+		default:
+			printf("pkcs11 engine: only RSA_NO_PADDING or RSA_PKCS1_PADDING allowed so far\n");
+			return -1;
 	}
 
 	ctx = KEY2CTX(key);
@@ -161,16 +179,6 @@ PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 
 	session = PRIVSLOT(slot)->session;
 
-	sigsize=PKCS11_get_key_size(key);
-	ck_sigsize=sigsize;
-
-	if ((flen + RSA_PKCS1_PADDING_SIZE) > sigsize) {
-		return -1; /* the size is wrong */
-	}
-
-	memset(&mechanism, 0, sizeof(mechanism));
-	mechanism.mechanism = CKM_RSA_PKCS;
-
 	/* API is somewhat fishy here. *siglen is 0 on entry (cleared
 	 * by OpenSSL). The library assumes that the memory passed
 	 * by the caller is always big enough */

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

More information about the pkg-opensc-commit mailing list