func (c *Certificate) insecureSign(privKey PrivateKey, digest EVP_MD) error {
var md *C.EVP_MD
switch digest {
// please don't use these digest functions
case EVP_NULL:
md = C.EVP_md_null()
case EVP_MD5:
md = C.EVP_md5()
case EVP_SHA:
md = C.EVP_sha()
case EVP_SHA1:
md = C.EVP_sha1()
case EVP_DSS:
md = C.EVP_dss()
case EVP_DSS1:
md = C.EVP_dss1()
case EVP_RIPEMD160:
md = C.EVP_ripemd160()
case EVP_SHA224:
md = C.EVP_sha224()
// you actually want one of these
case EVP_SHA256:
md = C.EVP_sha256()
case EVP_SHA384:
md = C.EVP_sha384()
case EVP_SHA512:
md = C.EVP_sha512()
}
if C.X509_sign(c.x, privKey.evpPKey(), md) <= 0 {
return errors.New("failed to sign certificate")
}
return nil
}
func getEVP(h hash.Hash) *C.EVP_MD {
hashName := getHashName(h)
var evp *C.EVP_MD
switch hashName {
case "md5":
evp = C.EVP_md5()
break
case "sha1":
evp = C.EVP_sha1()
break
case "sha224":
evp = C.EVP_sha224()
break
case "sha256":
evp = C.EVP_sha256()
break
case "sha384":
evp = C.EVP_sha384()
break
case "sha512":
evp = C.EVP_sha512()
break
}
return evp
}
// }
import "C"
import (
"errors"
"io/ioutil"
"runtime"
"unsafe"
)
type Method *C.EVP_MD
var (
SHA1_Method Method = C.EVP_sha1()
SHA256_Method Method = C.EVP_sha256()
SHA512_Method Method = C.EVP_sha512()
)
type PublicKey interface {
// Verifies the data signature using PKCS1.15
VerifyPKCS1v15(method Method, data, sig []byte) error
// MarshalPKIXPublicKeyPEM converts the public key to PEM-encoded PKIX
// format
MarshalPKIXPublicKeyPEM() (pem_block []byte, err error)
// MarshalPKIXPublicKeyDER converts the public key to DER-encoded PKIX
// format
MarshalPKIXPublicKeyDER() (der_block []byte, err error)
evpPKey() *C.EVP_PKEY