func getEVP(h hash.Hash) *C.EVP_MD {
hashName := getHashName(h)
var evp *C.EVP_MD
switch hashName {
case "md5":
evp = C.EVP_md5()
break
case "sha1":
evp = C.EVP_sha1()
break
case "sha224":
evp = C.EVP_sha224()
break
case "sha256":
evp = C.EVP_sha256()
break
case "sha384":
evp = C.EVP_sha384()
break
case "sha512":
evp = C.EVP_sha512()
break
}
return evp
}
func (c *Certificate) insecureSign(privKey PrivateKey, digest EVP_MD) error {
var md *C.EVP_MD
switch digest {
// please don't use these digest functions
case EVP_NULL:
md = C.EVP_md_null()
case EVP_MD5:
md = C.EVP_md5()
case EVP_SHA:
md = C.EVP_sha()
case EVP_SHA1:
md = C.EVP_sha1()
case EVP_DSS:
md = C.EVP_dss()
case EVP_DSS1:
md = C.EVP_dss1()
case EVP_RIPEMD160:
md = C.EVP_ripemd160()
case EVP_SHA224:
md = C.EVP_sha224()
// you actually want one of these
case EVP_SHA256:
md = C.EVP_sha256()
case EVP_SHA384:
md = C.EVP_sha384()
case EVP_SHA512:
md = C.EVP_sha512()
}
if C.X509_sign(c.x, privKey.evpPKey(), md) <= 0 {
return errors.New("failed to sign certificate")
}
return nil
}
func (key *pKey) SignPKCS1v15(data []byte) ([]byte, error) {
//
// Initialize the context using sha1 as method, as we
// need to generate RSA-SHA1 signature
//
var ctx C.EVP_MD_CTX
C.EVP_MD_CTX_init(&ctx)
defer C.EVP_MD_CTX_cleanup(&ctx)
if 1 != C.EVP_SignInit_not_a_macro(&ctx, C.EVP_sha1()) {
return nil, errors.New("rsasha1signature: failed to init signature")
}
if len(data) > 0 {
if 1 != C.EVP_SignUpdate_not_a_macro(
&ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) {
return nil, errors.New("rsasha1signature: failed to update signature")
}
}
//
// Sign
//
sig := make([]byte, C.EVP_PKEY_size(key.key))
var sigblen C.uint
// prevent data race when multiple threads are spawned
// by the go runtime, mostly because you are performing the signing
// inside a concurrent http request.
sslMutex.Lock()
defer sslMutex.Unlock()
if 1 != C.EVP_SignFinal(&ctx,
((*C.uchar)(unsafe.Pointer(&sig[0]))), &sigblen, key.key) {
return nil, errors.New("rsasha1signature: failed to finalize signature")
}
return sig[:sigblen], nil
}
func (s *SHA1Hash) Reset() error {
if 1 != C.EVP_DigestInit_ex(&s.ctx, C.EVP_sha1(), engineRef(s.engine)) {
return errors.New("openssl: sha1: cannot init digest ctx")
}
return nil
}
// int EVP_PKEY_assign_charp(EVP_PKEY *pkey, int type, char *key) {
// return EVP_PKEY_assign(pkey, type, key);
// }
import "C"
import (
"errors"
"io/ioutil"
"runtime"
"unsafe"
)
type Method *C.EVP_MD
var (
SHA1_Method Method = C.EVP_sha1()
SHA256_Method Method = C.EVP_sha256()
SHA512_Method Method = C.EVP_sha512()
)
type PublicKey interface {
// Verifies the data signature using PKCS1.15
VerifyPKCS1v15(method Method, data, sig []byte) error
// MarshalPKIXPublicKeyPEM converts the public key to PEM-encoded PKIX
// format
MarshalPKIXPublicKeyPEM() (pem_block []byte, err error)
// MarshalPKIXPublicKeyDER converts the public key to DER-encoded PKIX
// format
MarshalPKIXPublicKeyDER() (der_block []byte, err error)