[pkg-opensc-commit] [libp11] 215/239: Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt.
Eric Dorland
eric at moszumanska.debian.org
Sat Oct 17 06:21:35 UTC 2015
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit d60358034f29a8124ea120504dc066ce6e764cd3
Author: Stephane Adenot <stephane.adenot at c-s.fr>
Date: Mon Aug 31 11:17:57 2015 +0200
Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt.
Permitting raw RSA operations is usefull when the software
(e.g. openssl) wants to do the padding itself.
---
src/p11_ops.c | 34 +++++++++++++++++++++-------------
1 file changed, 21 insertions(+), 13 deletions(-)
diff --git a/src/p11_ops.c b/src/p11_ops.c
index e13eedd..a7b81fd 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -148,9 +148,27 @@ PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
if (key == NULL)
return -1;
- if (padding != RSA_PKCS1_PADDING) {
- printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
- return -1;
+ sigsize=PKCS11_get_key_size(key);
+ ck_sigsize=sigsize;
+
+ memset(&mechanism, 0, sizeof(mechanism));
+
+ switch (padding) {
+
+ case RSA_NO_PADDING:
+ mechanism.mechanism = CKM_RSA_X_509;
+ break;
+
+ case RSA_PKCS1_PADDING:
+ if ((flen + RSA_PKCS1_PADDING_SIZE) > sigsize) {
+ return -1; /* the size is wrong */
+ }
+ mechanism.mechanism = CKM_RSA_PKCS;
+ break;
+
+ default:
+ printf("pkcs11 engine: only RSA_NO_PADDING or RSA_PKCS1_PADDING allowed so far\n");
+ return -1;
}
ctx = KEY2CTX(key);
@@ -161,16 +179,6 @@ PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
session = PRIVSLOT(slot)->session;
- sigsize=PKCS11_get_key_size(key);
- ck_sigsize=sigsize;
-
- if ((flen + RSA_PKCS1_PADDING_SIZE) > sigsize) {
- return -1; /* the size is wrong */
- }
-
- memset(&mechanism, 0, sizeof(mechanism));
- mechanism.mechanism = CKM_RSA_PKCS;
-
/* API is somewhat fishy here. *siglen is 0 on entry (cleared
* by OpenSSL). The library assumes that the memory passed
* by the caller is always big enough */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list