summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_sign.c
diff options
context:
space:
mode:
authorbeck <>2017-01-29 17:49:23 +0000
committerbeck <>2017-01-29 17:49:23 +0000
commitd1f47bd292f36094480caa49ada36b99a69c59b0 (patch)
tree1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/rsa/rsa_sign.c
parentf8c627888330b75c2eea8a3c27d0efe947a4f9da (diff)
downloadopenbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_sign.c')
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c32
1 files changed, 15 insertions, 17 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 7be08f544b..52cbc3dfe3 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_sign.c,v 1.25 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: rsa_sign.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -88,7 +88,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
88 /* Special case: SSL signature, just check the length */ 88 /* Special case: SSL signature, just check the length */
89 if (type == NID_md5_sha1) { 89 if (type == NID_md5_sha1) {
90 if (m_len != SSL_SIG_LENGTH) { 90 if (m_len != SSL_SIG_LENGTH) {
91 RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH); 91 RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
92 return 0; 92 return 0;
93 } 93 }
94 i = SSL_SIG_LENGTH; 94 i = SSL_SIG_LENGTH;
@@ -97,12 +97,11 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
97 sig.algor = &algor; 97 sig.algor = &algor;
98 sig.algor->algorithm = OBJ_nid2obj(type); 98 sig.algor->algorithm = OBJ_nid2obj(type);
99 if (sig.algor->algorithm == NULL) { 99 if (sig.algor->algorithm == NULL) {
100 RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE); 100 RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE);
101 return 0; 101 return 0;
102 } 102 }
103 if (sig.algor->algorithm->length == 0) { 103 if (sig.algor->algorithm->length == 0) {
104 RSAerr(RSA_F_RSA_SIGN, 104 RSAerror(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
105 RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
106 return 0; 105 return 0;
107 } 106 }
108 parameter.type = V_ASN1_NULL; 107 parameter.type = V_ASN1_NULL;
@@ -117,13 +116,13 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
117 } 116 }
118 j = RSA_size(rsa); 117 j = RSA_size(rsa);
119 if (i > j - RSA_PKCS1_PADDING_SIZE) { 118 if (i > j - RSA_PKCS1_PADDING_SIZE) {
120 RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); 119 RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
121 return 0; 120 return 0;
122 } 121 }
123 if (type != NID_md5_sha1) { 122 if (type != NID_md5_sha1) {
124 tmps = malloc(j + 1); 123 tmps = malloc(j + 1);
125 if (tmps == NULL) { 124 if (tmps == NULL) {
126 RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE); 125 RSAerror(ERR_R_MALLOC_FAILURE);
127 return 0; 126 return 0;
128 } 127 }
129 p = tmps; 128 p = tmps;
@@ -153,7 +152,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
153 X509_SIG *sig = NULL; 152 X509_SIG *sig = NULL;
154 153
155 if (siglen != (unsigned int)RSA_size(rsa)) { 154 if (siglen != (unsigned int)RSA_size(rsa)) {
156 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); 155 RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
157 return 0; 156 return 0;
158 } 157 }
159 158
@@ -168,11 +167,11 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
168 167
169 s = malloc(siglen); 168 s = malloc(siglen);
170 if (s == NULL) { 169 if (s == NULL) {
171 RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE); 170 RSAerror(ERR_R_MALLOC_FAILURE);
172 goto err; 171 goto err;
173 } 172 }
174 if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) { 173 if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
175 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); 174 RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
176 goto err; 175 goto err;
177 } 176 }
178 i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); 177 i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
@@ -183,7 +182,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
183 /* Special case: SSL signature */ 182 /* Special case: SSL signature */
184 if (dtype == NID_md5_sha1) { 183 if (dtype == NID_md5_sha1) {
185 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH)) 184 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
186 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 185 RSAerror(RSA_R_BAD_SIGNATURE);
187 else 186 else
188 ret = 1; 187 ret = 1;
189 } else { 188 } else {
@@ -196,7 +195,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
196 195
197 /* Excess data can be used to create forgeries */ 196 /* Excess data can be used to create forgeries */
198 if (p != s + i) { 197 if (p != s + i) {
199 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 198 RSAerror(RSA_R_BAD_SIGNATURE);
200 goto err; 199 goto err;
201 } 200 }
202 201
@@ -204,14 +203,14 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
204 create forgeries */ 203 create forgeries */
205 if (sig->algor->parameter && 204 if (sig->algor->parameter &&
206 ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { 205 ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
207 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 206 RSAerror(RSA_R_BAD_SIGNATURE);
208 goto err; 207 goto err;
209 } 208 }
210 209
211 sigtype = OBJ_obj2nid(sig->algor->algorithm); 210 sigtype = OBJ_obj2nid(sig->algor->algorithm);
212 211
213 if (sigtype != dtype) { 212 if (sigtype != dtype) {
214 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); 213 RSAerror(RSA_R_ALGORITHM_MISMATCH);
215 goto err; 214 goto err;
216 } 215 }
217 if (rm) { 216 if (rm) {
@@ -219,8 +218,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
219 218
220 md = EVP_get_digestbynid(dtype); 219 md = EVP_get_digestbynid(dtype);
221 if (md && (EVP_MD_size(md) != sig->digest->length)) 220 if (md && (EVP_MD_size(md) != sig->digest->length))
222 RSAerr(RSA_F_INT_RSA_VERIFY, 221 RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
223 RSA_R_INVALID_DIGEST_LENGTH);
224 else { 222 else {
225 memcpy(rm, sig->digest->data, 223 memcpy(rm, sig->digest->data,
226 sig->digest->length); 224 sig->digest->length);
@@ -229,7 +227,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
229 } 227 }
230 } else if ((unsigned int)sig->digest->length != m_len || 228 } else if ((unsigned int)sig->digest->length != m_len ||
231 memcmp(m, sig->digest->data, m_len) != 0) { 229 memcmp(m, sig->digest->data, m_len) != 0) {
232 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 230 RSAerror(RSA_R_BAD_SIGNATURE);
233 } else 231 } else
234 ret = 1; 232 ret = 1;
235 } 233 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 14:10:16 +0000