niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Correct handling of identity certificates with EC key

Browse source 
Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>
This commit is contained in:
Marcel Jordense 2020-03-13 17:49:59 +01:00 committed by eboasson
parent f11dd50810
commit 6507859f36
1 changed files with 13 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/security/builtin_plugins/authentication/src/auth_utils.c
View file

@ -1288,11 +1288,13 @@ create_asymmetrical_signature(
goto err_sign; goto err_sign;
} }
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) { if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) {
result = DDS_SECURITY_VALIDATION_FAILED; result = DDS_SECURITY_VALIDATION_FAILED;
DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: "); DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: ");
goto err_sign; goto err_sign;
} }
}
if (EVP_DigestSignUpdate(mdctx, data, dataLen) != 1) { if (EVP_DigestSignUpdate(mdctx, data, dataLen) != 1) {
result = DDS_SECURITY_VALIDATION_FAILED; result = DDS_SECURITY_VALIDATION_FAILED;
@ -1345,11 +1347,13 @@ validate_asymmetrical_signature(
goto err_verify; goto err_verify;
} }
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) { if (EVP_PKEY_CTX_set_rsa_padding(kctx, RSA_PKCS1_PSS_PADDING) < 1) {
result = DDS_SECURITY_VALIDATION_FAILED; result = DDS_SECURITY_VALIDATION_FAILED;
DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: "); DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, (int)result, "Failed to initialize signing context: ");
goto err_verify; goto err_verify;
} }
}
if (EVP_DigestVerifyUpdate(mdctx, data, dataLen) != 1) { if (EVP_DigestVerifyUpdate(mdctx, data, dataLen) != 1) {
result = DDS_SECURITY_VALIDATION_FAILED; result = DDS_SECURITY_VALIDATION_FAILED;