diff options
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_sign.c')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_sign.c | 88 |
1 files changed, 52 insertions, 36 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 5488c06f6d..0be4ec7fb0 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c | |||
| @@ -62,6 +62,7 @@ | |||
| 62 | #include <openssl/rsa.h> | 62 | #include <openssl/rsa.h> |
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 65 | #include "rsa_locl.h" | ||
| 65 | 66 | ||
| 66 | /* Size of an SSL signature: MD5+SHA1 */ | 67 | /* Size of an SSL signature: MD5+SHA1 */ |
| 67 | #define SSL_SIG_LENGTH 36 | 68 | #define SSL_SIG_LENGTH 36 |
| @@ -90,14 +91,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, | |||
| 90 | i = SSL_SIG_LENGTH; | 91 | i = SSL_SIG_LENGTH; |
| 91 | s = m; | 92 | s = m; |
| 92 | } else { | 93 | } else { |
| 93 | /* NB: in FIPS mode block anything that isn't a TLS signature */ | ||
| 94 | #ifdef OPENSSL_FIPS | ||
| 95 | if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | ||
| 96 | { | ||
| 97 | RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | ||
| 98 | return 0; | ||
| 99 | } | ||
| 100 | #endif | ||
| 101 | sig.algor= &algor; | 94 | sig.algor= &algor; |
| 102 | sig.algor->algorithm=OBJ_nid2obj(type); | 95 | sig.algor->algorithm=OBJ_nid2obj(type); |
| 103 | if (sig.algor->algorithm == NULL) | 96 | if (sig.algor->algorithm == NULL) |
| @@ -150,8 +143,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, | |||
| 150 | return(ret); | 143 | return(ret); |
| 151 | } | 144 | } |
| 152 | 145 | ||
| 153 | int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | 146 | int int_rsa_verify(int dtype, const unsigned char *m, |
| 154 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa) | 147 | unsigned int m_len, |
| 148 | unsigned char *rm, size_t *prm_len, | ||
| 149 | const unsigned char *sigbuf, size_t siglen, | ||
| 150 | RSA *rsa) | ||
| 155 | { | 151 | { |
| 156 | int i,ret=0,sigtype; | 152 | int i,ret=0,sigtype; |
| 157 | unsigned char *s; | 153 | unsigned char *s; |
| @@ -159,38 +155,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 159 | 155 | ||
| 160 | if (siglen != (unsigned int)RSA_size(rsa)) | 156 | if (siglen != (unsigned int)RSA_size(rsa)) |
| 161 | { | 157 | { |
| 162 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); | 158 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); |
| 163 | return(0); | 159 | return(0); |
| 164 | } | 160 | } |
| 165 | 161 | ||
| 166 | if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) | 162 | if((dtype == NID_md5_sha1) && rm) |
| 167 | { | 163 | { |
| 168 | return rsa->meth->rsa_verify(dtype, m, m_len, | 164 | i = RSA_public_decrypt((int)siglen, |
| 169 | sigbuf, siglen, rsa); | 165 | sigbuf,rm,rsa,RSA_PKCS1_PADDING); |
| 166 | if (i <= 0) | ||
| 167 | return 0; | ||
| 168 | *prm_len = i; | ||
| 169 | return 1; | ||
| 170 | } | 170 | } |
| 171 | 171 | ||
| 172 | s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); | 172 | s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); |
| 173 | if (s == NULL) | 173 | if (s == NULL) |
| 174 | { | 174 | { |
| 175 | RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); | 175 | RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE); |
| 176 | goto err; | 176 | goto err; |
| 177 | } | 177 | } |
| 178 | if(dtype == NID_md5_sha1) | 178 | if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { |
| 179 | { | 179 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); |
| 180 | if (m_len != SSL_SIG_LENGTH) | ||
| 181 | { | ||
| 182 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); | ||
| 183 | goto err; | 180 | goto err; |
| 184 | } | 181 | } |
| 185 | } | ||
| 186 | /* NB: in FIPS mode block anything that isn't a TLS signature */ | ||
| 187 | #ifdef OPENSSL_FIPS | ||
| 188 | else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) | ||
| 189 | { | ||
| 190 | RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | ||
| 191 | return 0; | ||
| 192 | } | ||
| 193 | #endif | ||
| 194 | i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); | 182 | i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); |
| 195 | 183 | ||
| 196 | if (i <= 0) goto err; | 184 | if (i <= 0) goto err; |
| @@ -198,7 +186,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 198 | /* Special case: SSL signature */ | 186 | /* Special case: SSL signature */ |
| 199 | if(dtype == NID_md5_sha1) { | 187 | if(dtype == NID_md5_sha1) { |
| 200 | if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) | 188 | if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) |
| 201 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | 189 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); |
| 202 | else ret = 1; | 190 | else ret = 1; |
| 203 | } else { | 191 | } else { |
| 204 | const unsigned char *p=s; | 192 | const unsigned char *p=s; |
| @@ -209,7 +197,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 209 | /* Excess data can be used to create forgeries */ | 197 | /* Excess data can be used to create forgeries */ |
| 210 | if(p != s+i) | 198 | if(p != s+i) |
| 211 | { | 199 | { |
| 212 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | 200 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); |
| 213 | goto err; | 201 | goto err; |
| 214 | } | 202 | } |
| 215 | 203 | ||
| @@ -218,7 +206,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 218 | if(sig->algor->parameter | 206 | if(sig->algor->parameter |
| 219 | && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) | 207 | && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) |
| 220 | { | 208 | { |
| 221 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | 209 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); |
| 222 | goto err; | 210 | goto err; |
| 223 | } | 211 | } |
| 224 | 212 | ||
| @@ -244,15 +232,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 244 | } | 232 | } |
| 245 | else | 233 | else |
| 246 | { | 234 | { |
| 247 | RSAerr(RSA_F_RSA_VERIFY, | 235 | RSAerr(RSA_F_INT_RSA_VERIFY, |
| 248 | RSA_R_ALGORITHM_MISMATCH); | 236 | RSA_R_ALGORITHM_MISMATCH); |
| 249 | goto err; | 237 | goto err; |
| 250 | } | 238 | } |
| 251 | } | 239 | } |
| 252 | if ( ((unsigned int)sig->digest->length != m_len) || | 240 | if (rm) |
| 241 | { | ||
| 242 | const EVP_MD *md; | ||
| 243 | md = EVP_get_digestbynid(dtype); | ||
| 244 | if (md && (EVP_MD_size(md) != sig->digest->length)) | ||
| 245 | RSAerr(RSA_F_INT_RSA_VERIFY, | ||
| 246 | RSA_R_INVALID_DIGEST_LENGTH); | ||
| 247 | else | ||
| 248 | { | ||
| 249 | memcpy(rm, sig->digest->data, | ||
| 250 | sig->digest->length); | ||
| 251 | *prm_len = sig->digest->length; | ||
| 252 | ret = 1; | ||
| 253 | } | ||
| 254 | } | ||
| 255 | else if (((unsigned int)sig->digest->length != m_len) || | ||
| 253 | (memcmp(m,sig->digest->data,m_len) != 0)) | 256 | (memcmp(m,sig->digest->data,m_len) != 0)) |
| 254 | { | 257 | { |
| 255 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | 258 | RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); |
| 256 | } | 259 | } |
| 257 | else | 260 | else |
| 258 | ret=1; | 261 | ret=1; |
| @@ -267,3 +270,16 @@ err: | |||
| 267 | return(ret); | 270 | return(ret); |
| 268 | } | 271 | } |
| 269 | 272 | ||
| 273 | int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | ||
| 274 | const unsigned char *sigbuf, unsigned int siglen, | ||
| 275 | RSA *rsa) | ||
| 276 | { | ||
| 277 | |||
| 278 | if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) | ||
| 279 | { | ||
| 280 | return rsa->meth->rsa_verify(dtype, m, m_len, | ||
| 281 | sigbuf, siglen, rsa); | ||
| 282 | } | ||
| 283 | |||
| 284 | return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa); | ||
| 285 | } | ||