From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 14 Mar 2014 16:33:22 +0000 (+0100)
Subject: openssl: Add default fallback when calculating fingerprints of RSA keys
X-Git-Tag: 5.1.3dr1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01632eccf3a3343c14496d845c3c821ff10d8e54;p=thirdparty%2Fstrongswan.git

openssl: Add default fallback when calculating fingerprints of RSA keys

We still try to calculate these directly as it can avoid a dependency on
the pkcs1 or other plugins.  But for e.g. PGPv3 keys we need to delegate the
actual fingerprint calculation to the pgp plugin.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index f0c1726299..9748e28f23 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -222,7 +222,21 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
 			i2d_RSA_PUBKEY(rsa, &p);
 			break;
 		default:
-			return FALSE;
+		{
+			chunk_t n = chunk_empty, e = chunk_empty;
+			bool success = FALSE;
+
+			if (openssl_bn2chunk(rsa->n, &n) &&
+				openssl_bn2chunk(rsa->e, &e))
+			{
+				success = lib->encoding->encode(lib->encoding, type, rsa, fp,
+									CRED_PART_RSA_MODULUS, n,
+									CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
+			}
+			chunk_free(&n);
+			chunk_free(&e);
+			return success;
+		}
 	}
 	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 	if (!hasher || !hasher->allocate_hash(hasher, key, fp))