openssl: Add default fallback when calculating fingerprints of RSA keys

We still try to calculate these directly as it can avoid a dependency on
the pkcs1 or other plugins.  But for e.g. PGPv3 keys we need to delegate the
actual fingerprint calculation to the pgp plugin.

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index f0c1726299eb5ff81d0b7d5259d6ce28f22007cb..9748e28f2363867405d525a3b89475c687c4c1cd 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -222,7 +222,21 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
                        i2d_RSA_PUBKEY(rsa, &p);
                        break;
                default:
-                       return FALSE;
+               {
+                       chunk_t n = chunk_empty, e = chunk_empty;
+                       bool success = FALSE;
+
+                       if (openssl_bn2chunk(rsa->n, &n) &&
+                               openssl_bn2chunk(rsa->e, &e))
+                       {
+                               success = lib->encoding->encode(lib->encoding, type, rsa, fp,
+                                                                       CRED_PART_RSA_MODULUS, n,
+                                                                       CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
+                       }
+                       chunk_free(&n);
+                       chunk_free(&e);
+                       return success;
+               }
        }
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
        if (!hasher || !hasher->allocate_hash(hasher, key, fp))