OLD | NEW |
1 /* rsa_pss.c */ | 1 /* rsa_pss.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project 2005. | 3 * project 2005. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 2005 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 2005 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
74 const EVP_MD *Hash, const unsigned char *EM, int sLen) | 74 const EVP_MD *Hash, const unsigned char *EM, int sLen) |
75 { | 75 { |
76 int i; | 76 int i; |
77 int ret = 0; | 77 int ret = 0; |
78 int hLen, maskedDBLen, MSBits, emLen; | 78 int hLen, maskedDBLen, MSBits, emLen; |
79 const unsigned char *H; | 79 const unsigned char *H; |
80 unsigned char *DB = NULL; | 80 unsigned char *DB = NULL; |
81 EVP_MD_CTX ctx; | 81 EVP_MD_CTX ctx; |
82 unsigned char H_[EVP_MAX_MD_SIZE]; | 82 unsigned char H_[EVP_MAX_MD_SIZE]; |
83 | 83 |
84 » hLen = M_EVP_MD_size(Hash); | 84 » hLen = EVP_MD_size(Hash); |
| 85 » if (hLen < 0) |
| 86 » » goto err; |
85 /* | 87 /* |
86 * Negative sLen has special meanings: | 88 * Negative sLen has special meanings: |
87 * -1 sLen == hLen | 89 * -1 sLen == hLen |
88 * -2 salt length is autorecovered from signature | 90 * -2 salt length is autorecovered from signature |
89 * -N reserved | 91 * -N reserved |
90 */ | 92 */ |
91 if (sLen == -1) sLen = hLen; | 93 if (sLen == -1) sLen = hLen; |
92 else if (sLen == -2) sLen = -2; | 94 else if (sLen == -2) sLen = -2; |
93 else if (sLen < -2) | 95 else if (sLen < -2) |
94 { | 96 { |
(...skipping 24 matching lines...) Expand all Loading... |
119 goto err; | 121 goto err; |
120 } | 122 } |
121 maskedDBLen = emLen - hLen - 1; | 123 maskedDBLen = emLen - hLen - 1; |
122 H = EM + maskedDBLen; | 124 H = EM + maskedDBLen; |
123 DB = OPENSSL_malloc(maskedDBLen); | 125 DB = OPENSSL_malloc(maskedDBLen); |
124 if (!DB) | 126 if (!DB) |
125 { | 127 { |
126 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); | 128 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); |
127 goto err; | 129 goto err; |
128 } | 130 } |
129 » PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); | 131 » if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0) |
| 132 » » goto err; |
130 for (i = 0; i < maskedDBLen; i++) | 133 for (i = 0; i < maskedDBLen; i++) |
131 DB[i] ^= EM[i]; | 134 DB[i] ^= EM[i]; |
132 if (MSBits) | 135 if (MSBits) |
133 DB[0] &= 0xFF >> (8 - MSBits); | 136 DB[0] &= 0xFF >> (8 - MSBits); |
134 for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; | 137 for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; |
135 if (DB[i++] != 0x1) | 138 if (DB[i++] != 0x1) |
136 { | 139 { |
137 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); | 140 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); |
138 goto err; | 141 goto err; |
139 } | 142 } |
(...skipping 29 matching lines...) Expand all Loading... |
169 int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, | 172 int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, |
170 const unsigned char *mHash, | 173 const unsigned char *mHash, |
171 const EVP_MD *Hash, int sLen) | 174 const EVP_MD *Hash, int sLen) |
172 { | 175 { |
173 int i; | 176 int i; |
174 int ret = 0; | 177 int ret = 0; |
175 int hLen, maskedDBLen, MSBits, emLen; | 178 int hLen, maskedDBLen, MSBits, emLen; |
176 unsigned char *H, *salt = NULL, *p; | 179 unsigned char *H, *salt = NULL, *p; |
177 EVP_MD_CTX ctx; | 180 EVP_MD_CTX ctx; |
178 | 181 |
179 » hLen = M_EVP_MD_size(Hash); | 182 » hLen = EVP_MD_size(Hash); |
| 183 » if (hLen < 0) |
| 184 » » goto err; |
180 /* | 185 /* |
181 * Negative sLen has special meanings: | 186 * Negative sLen has special meanings: |
182 * -1 sLen == hLen | 187 * -1 sLen == hLen |
183 * -2 salt length is maximized | 188 * -2 salt length is maximized |
184 * -N reserved | 189 * -N reserved |
185 */ | 190 */ |
186 if (sLen == -1) sLen = hLen; | 191 if (sLen == -1) sLen = hLen; |
187 else if (sLen == -2) sLen = -2; | 192 else if (sLen == -2) sLen = -2; |
188 else if (sLen < -2) | 193 else if (sLen < -2) |
189 { | 194 { |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
225 EVP_MD_CTX_init(&ctx); | 230 EVP_MD_CTX_init(&ctx); |
226 EVP_DigestInit_ex(&ctx, Hash, NULL); | 231 EVP_DigestInit_ex(&ctx, Hash, NULL); |
227 EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); | 232 EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); |
228 EVP_DigestUpdate(&ctx, mHash, hLen); | 233 EVP_DigestUpdate(&ctx, mHash, hLen); |
229 if (sLen) | 234 if (sLen) |
230 EVP_DigestUpdate(&ctx, salt, sLen); | 235 EVP_DigestUpdate(&ctx, salt, sLen); |
231 EVP_DigestFinal(&ctx, H, NULL); | 236 EVP_DigestFinal(&ctx, H, NULL); |
232 EVP_MD_CTX_cleanup(&ctx); | 237 EVP_MD_CTX_cleanup(&ctx); |
233 | 238 |
234 /* Generate dbMask in place then perform XOR on it */ | 239 /* Generate dbMask in place then perform XOR on it */ |
235 » PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); | 240 » if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash)) |
| 241 » » goto err; |
236 | 242 |
237 p = EM; | 243 p = EM; |
238 | 244 |
239 /* Initial PS XORs with all zeroes which is a NOP so just update | 245 /* Initial PS XORs with all zeroes which is a NOP so just update |
240 * pointer. Note from a test above this value is guaranteed to | 246 * pointer. Note from a test above this value is guaranteed to |
241 * be non-negative. | 247 * be non-negative. |
242 */ | 248 */ |
243 p += emLen - sLen - hLen - 2; | 249 p += emLen - sLen - hLen - 2; |
244 *p++ ^= 0x1; | 250 *p++ ^= 0x1; |
245 if (sLen > 0) | 251 if (sLen > 0) |
(...skipping 14 matching lines...) Expand all Loading... |
260 if (salt) | 266 if (salt) |
261 OPENSSL_free(salt); | 267 OPENSSL_free(salt); |
262 | 268 |
263 return ret; | 269 return ret; |
264 | 270 |
265 } | 271 } |
266 | 272 |
267 #if defined(_MSC_VER) | 273 #if defined(_MSC_VER) |
268 #pragma optimize("",on) | 274 #pragma optimize("",on) |
269 #endif | 275 #endif |
OLD | NEW |