Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
d51204f1
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d51204f1
编写于
6月 02, 2005
作者:
A
Andy Polyakov
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
PSS update [from 0.9.7].
上级
b3f63259
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
61 addition
and
32 deletion
+61
-32
crypto/rsa/rsa.h
crypto/rsa/rsa.h
+2
-2
crypto/rsa/rsa_err.c
crypto/rsa/rsa_err.c
+2
-2
crypto/rsa/rsa_pss.c
crypto/rsa/rsa_pss.c
+57
-28
未找到文件。
crypto/rsa/rsa.h
浏览文件 @
d51204f1
...
@@ -405,7 +405,7 @@ void ERR_load_RSA_strings(void);
...
@@ -405,7 +405,7 @@ void ERR_load_RSA_strings(void);
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_
ONE_CHECK_FAILED
135
#define RSA_R_
SLEN_RECOVERY_FAILED
135
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_Q_NOT_PRIME 129
...
@@ -415,7 +415,7 @@ void ERR_load_RSA_strings(void);
...
@@ -415,7 +415,7 @@ void ERR_load_RSA_strings(void);
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
#define RSA_R_UNKNOWN_PADDING_TYPE 118
#define RSA_R_UNKNOWN_PADDING_TYPE 118
#define RSA_R_WRONG_SIGNATURE_LENGTH 119
#define RSA_R_WRONG_SIGNATURE_LENGTH 119
#define RSA_R_
ZERO
_CHECK_FAILED 136
#define RSA_R_
SLEN
_CHECK_FAILED 136
#ifdef __cplusplus
#ifdef __cplusplus
}
}
...
...
crypto/rsa/rsa_err.c
浏览文件 @
d51204f1
...
@@ -141,7 +141,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
...
@@ -141,7 +141,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{
ERR_REASON
(
RSA_R_NULL_BEFORE_BLOCK_MISSING
),
"null before block missing"
},
{
ERR_REASON
(
RSA_R_NULL_BEFORE_BLOCK_MISSING
),
"null before block missing"
},
{
ERR_REASON
(
RSA_R_N_DOES_NOT_EQUAL_P_Q
)
,
"n does not equal p q"
},
{
ERR_REASON
(
RSA_R_N_DOES_NOT_EQUAL_P_Q
)
,
"n does not equal p q"
},
{
ERR_REASON
(
RSA_R_OAEP_DECODING_ERROR
)
,
"oaep decoding error"
},
{
ERR_REASON
(
RSA_R_OAEP_DECODING_ERROR
)
,
"oaep decoding error"
},
{
ERR_REASON
(
RSA_R_
ONE_CHECK_FAILED
)
,
"one check
failed"
},
{
ERR_REASON
(
RSA_R_
SLEN_RECOVERY_FAILED
)
,
"salt length recovery
failed"
},
{
ERR_REASON
(
RSA_R_PADDING_CHECK_FAILED
)
,
"padding check failed"
},
{
ERR_REASON
(
RSA_R_PADDING_CHECK_FAILED
)
,
"padding check failed"
},
{
ERR_REASON
(
RSA_R_P_NOT_PRIME
)
,
"p not prime"
},
{
ERR_REASON
(
RSA_R_P_NOT_PRIME
)
,
"p not prime"
},
{
ERR_REASON
(
RSA_R_Q_NOT_PRIME
)
,
"q not prime"
},
{
ERR_REASON
(
RSA_R_Q_NOT_PRIME
)
,
"q not prime"
},
...
@@ -151,7 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
...
@@ -151,7 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{
ERR_REASON
(
RSA_R_UNKNOWN_ALGORITHM_TYPE
),
"unknown algorithm type"
},
{
ERR_REASON
(
RSA_R_UNKNOWN_ALGORITHM_TYPE
),
"unknown algorithm type"
},
{
ERR_REASON
(
RSA_R_UNKNOWN_PADDING_TYPE
)
,
"unknown padding type"
},
{
ERR_REASON
(
RSA_R_UNKNOWN_PADDING_TYPE
)
,
"unknown padding type"
},
{
ERR_REASON
(
RSA_R_WRONG_SIGNATURE_LENGTH
),
"wrong signature length"
},
{
ERR_REASON
(
RSA_R_WRONG_SIGNATURE_LENGTH
),
"wrong signature length"
},
{
ERR_REASON
(
RSA_R_
ZERO_CHECK_FAILED
)
,
"zero
check failed"
},
{
ERR_REASON
(
RSA_R_
SLEN_CHECK_FAILED
)
,
"salt length
check failed"
},
{
0
,
NULL
}
{
0
,
NULL
}
};
};
...
...
crypto/rsa/rsa_pss.c
浏览文件 @
d51204f1
...
@@ -76,29 +76,44 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
...
@@ -76,29 +76,44 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
unsigned
char
*
DB
=
NULL
;
unsigned
char
*
DB
=
NULL
;
EVP_MD_CTX
ctx
;
EVP_MD_CTX
ctx
;
unsigned
char
H_
[
EVP_MAX_MD_SIZE
];
unsigned
char
H_
[
EVP_MAX_MD_SIZE
];
MSBits
=
(
BN_num_bits
(
rsa
->
n
)
-
1
)
&
0x7
;
emLen
=
RSA_size
(
rsa
);
hLen
=
EVP_MD_size
(
Hash
);
hLen
=
EVP_MD_size
(
Hash
);
if
(
emLen
<
(
hLen
+
sLen
+
2
))
/*
{
* Negative sLen has special meanings:
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_DATA_TOO_LARGE
);
* -1 sLen == hLen
goto
err
;
* -2 salt length is autorecovered from signature
}
* -N reserved
if
(
EM
[
emLen
-
1
]
!=
0xbc
)
*/
if
(
sLen
==
-
1
)
sLen
=
hLen
;
else
if
(
sLen
==
-
2
)
sLen
=
-
2
;
else
if
(
sLen
<
-
2
)
{
{
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_
LAST_OCTET_INVALI
D
);
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_
SLEN_CHECK_FAILE
D
);
goto
err
;
goto
err
;
}
}
MSBits
=
(
BN_num_bits
(
rsa
->
n
)
-
1
)
&
0x7
;
emLen
=
RSA_size
(
rsa
);
if
(
EM
[
0
]
&
(
0xFF
<<
MSBits
))
if
(
EM
[
0
]
&
(
0xFF
<<
MSBits
))
{
{
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_FIRST_OCTET_INVALID
);
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_FIRST_OCTET_INVALID
);
goto
err
;
goto
err
;
}
}
if
(
!
MSBits
)
if
(
MSBits
==
0
)
{
{
EM
++
;
EM
++
;
emLen
--
;
emLen
--
;
}
}
if
(
emLen
<
(
hLen
+
sLen
+
2
))
/* sLen can be small negative */
{
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_DATA_TOO_LARGE
);
goto
err
;
}
if
(
EM
[
emLen
-
1
]
!=
0xbc
)
{
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_LAST_OCTET_INVALID
);
goto
err
;
}
maskedDBLen
=
emLen
-
hLen
-
1
;
maskedDBLen
=
emLen
-
hLen
-
1
;
H
=
EM
+
maskedDBLen
;
H
=
EM
+
maskedDBLen
;
DB
=
OPENSSL_malloc
(
maskedDBLen
);
DB
=
OPENSSL_malloc
(
maskedDBLen
);
...
@@ -112,26 +127,23 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
...
@@ -112,26 +127,23 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
DB
[
i
]
^=
EM
[
i
];
DB
[
i
]
^=
EM
[
i
];
if
(
MSBits
)
if
(
MSBits
)
DB
[
0
]
&=
0xFF
>>
(
8
-
MSBits
);
DB
[
0
]
&=
0xFF
>>
(
8
-
MSBits
);
for
(
i
=
0
;
i
<
(
emLen
-
hLen
-
sLen
-
2
);
i
++
)
for
(
i
=
0
;
DB
[
i
]
==
0
&&
i
<
(
maskedDBLen
-
1
);
i
++
)
;
if
(
DB
[
i
++
]
!=
0x1
)
{
{
if
(
DB
[
i
]
!=
0
)
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_SLEN_RECOVERY_FAILED
);
{
goto
err
;
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_ZERO_CHECK_FAILED
);
goto
err
;
}
}
}
if
(
DB
[
i
]
!=
0x1
)
if
(
sLen
>=
0
&&
(
maskedDBLen
-
i
)
!=
sLen
)
{
{
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_
ONE
_CHECK_FAILED
);
RSAerr
(
RSA_F_RSA_VERIFY_PKCS1_PSS
,
RSA_R_
SLEN
_CHECK_FAILED
);
goto
err
;
goto
err
;
}
}
EVP_MD_CTX_init
(
&
ctx
);
EVP_MD_CTX_init
(
&
ctx
);
EVP_DigestInit_ex
(
&
ctx
,
Hash
,
NULL
);
EVP_DigestInit_ex
(
&
ctx
,
Hash
,
NULL
);
EVP_DigestUpdate
(
&
ctx
,
zeroes
,
sizeof
zeroes
);
EVP_DigestUpdate
(
&
ctx
,
zeroes
,
sizeof
zeroes
);
EVP_DigestUpdate
(
&
ctx
,
mHash
,
hLen
);
EVP_DigestUpdate
(
&
ctx
,
mHash
,
hLen
);
if
(
sLen
)
if
(
maskedDBLen
-
i
)
EVP_DigestUpdate
(
&
ctx
,
DB
+
maskedDBLen
-
sLen
,
sLen
);
EVP_DigestUpdate
(
&
ctx
,
DB
+
i
,
maskedDBLen
-
i
);
EVP_DigestFinal
(
&
ctx
,
H_
,
NULL
);
EVP_DigestFinal
(
&
ctx
,
H_
,
NULL
);
EVP_MD_CTX_cleanup
(
&
ctx
);
EVP_MD_CTX_cleanup
(
&
ctx
);
if
(
memcmp
(
H_
,
H
,
hLen
))
if
(
memcmp
(
H_
,
H
,
hLen
))
...
@@ -159,22 +171,39 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
...
@@ -159,22 +171,39 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
int
hLen
,
maskedDBLen
,
MSBits
,
emLen
;
int
hLen
,
maskedDBLen
,
MSBits
,
emLen
;
unsigned
char
*
H
,
*
salt
=
NULL
,
*
p
;
unsigned
char
*
H
,
*
salt
=
NULL
,
*
p
;
EVP_MD_CTX
ctx
;
EVP_MD_CTX
ctx
;
MSBits
=
(
BN_num_bits
(
rsa
->
n
)
-
1
)
&
0x7
;
emLen
=
RSA_size
(
rsa
);
hLen
=
EVP_MD_size
(
Hash
);
hLen
=
EVP_MD_size
(
Hash
);
if
(
sLen
<
0
)
/*
sLen
=
0
;
* Negative sLen has special meanings:
if
(
emLen
<
(
hLen
+
sLen
+
2
))
* -1 sLen == hLen
* -2 salt length is maximized
* -N reserved
*/
if
(
sLen
==
-
1
)
sLen
=
hLen
;
else
if
(
sLen
==
-
2
)
sLen
=
-
2
;
else
if
(
sLen
<
-
2
)
{
{
RSAerr
(
RSA_F_RSA_PADDING_ADD_PKCS1_PSS
,
RSAerr
(
RSA_F_RSA_PADDING_ADD_PKCS1_PSS
,
RSA_R_SLEN_CHECK_FAILED
);
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE
);
goto
err
;
goto
err
;
}
}
MSBits
=
(
BN_num_bits
(
rsa
->
n
)
-
1
)
&
0x7
;
emLen
=
RSA_size
(
rsa
);
if
(
MSBits
==
0
)
if
(
MSBits
==
0
)
{
{
*
EM
++
=
0
;
*
EM
++
=
0
;
emLen
--
;
emLen
--
;
}
}
if
(
sLen
==
-
2
)
{
sLen
=
emLen
-
hLen
-
2
;
}
else
if
(
emLen
<
(
hLen
+
sLen
+
2
))
{
RSAerr
(
RSA_F_RSA_PADDING_ADD_PKCS1_PSS
,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE
);
goto
err
;
}
if
(
sLen
>
0
)
if
(
sLen
>
0
)
{
{
salt
=
OPENSSL_malloc
(
sLen
);
salt
=
OPENSSL_malloc
(
sLen
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录