generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update from 0.9.7-stable.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2005-06-01 22:14:04 +00:00
parent 12f89d32b5
commit 3129acbd83
1 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
crypto/rsa/rsa_pss.c
View File

@ -71,13 +71,13 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
{ {
int i; int i;
int ret = 0; int ret = 0;
int hLen, maskedDBLen, emBits, emLen; int hLen, maskedDBLen, MSBits, emLen;
const unsigned char *H; const unsigned char *H;
unsigned char *DB = NULL; unsigned char *DB = NULL;
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
unsigned char H_[EVP_MAX_MD_SIZE]; unsigned char H_[EVP_MAX_MD_SIZE];
emBits = BN_num_bits(rsa->n) - 1; MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
emLen = (emBits + 7) >> 3; emLen = RSA_size(rsa);
hLen = EVP_MD_size(Hash); hLen = EVP_MD_size(Hash);
if (emLen < (hLen + sLen + 2)) if (emLen < (hLen + sLen + 2))
{ {
@ -89,11 +89,16 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
goto err; goto err;
} }
if (EM[0] & (0xFF << (emBits & 0x7))) if (EM[0] & (0xFF << MSBits))
{ {
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
goto err; goto err;
} }
if (!MSBits)
{
EM++;
emLen--;
}
maskedDBLen = emLen - hLen - 1; maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen; H = EM + maskedDBLen;
DB = OPENSSL_malloc(maskedDBLen); DB = OPENSSL_malloc(maskedDBLen);
@ -105,7 +110,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
for (i = 0; i < maskedDBLen; i++) for (i = 0; i < maskedDBLen; i++)
DB[i] ^= EM[i]; DB[i] ^= EM[i];
DB[0] &= 0xFF >> (8 - (emBits & 0x7)); if (MSBits)
DB[0] &= 0xFF >> (8 - MSBits);
for (i = 0; i < (emLen - hLen - sLen - 2); i++) for (i = 0; i < (emLen - hLen - sLen - 2); i++)
{ {
if (DB[i] != 0) if (DB[i] != 0)
@ -150,11 +156,11 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
{ {
int i; int i;
int ret = 0; int ret = 0;
int hLen, maskedDBLen, emBits, emLen; int hLen, maskedDBLen, MSBits, emLen;
unsigned char *H, *salt = NULL, *p; unsigned char *H, *salt = NULL, *p;
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
emBits = BN_num_bits(rsa->n) - 1; MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
emLen = (emBits + 7) >> 3; emLen = RSA_size(rsa);
hLen = EVP_MD_size(Hash); hLen = EVP_MD_size(Hash);
if (sLen < 0) if (sLen < 0)
sLen = 0; sLen = 0;
@ -164,6 +170,11 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
goto err; goto err;
} }
if (MSBits == 0)
{
*EM++ = 0;
emLen--;
}
if (sLen > 0) if (sLen > 0)
{ {
salt = OPENSSL_malloc(sLen); salt = OPENSSL_malloc(sLen);
@ -203,7 +214,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
for (i = 0; i < sLen; i++) for (i = 0; i < sLen; i++)
*p++ ^= salt[i]; *p++ ^= salt[i];
} }
EM[0] &= 0xFF >> (8 - (emBits & 0x7)); if (MSBits)
EM[0] &= 0xFF >> (8 - MSBits);
/* H is already in place so just set final 0xbc */ /* H is already in place so just set final 0xbc */