提交 4f59b658 编写于 作者: D Dr. Stephen Henson

Implementation of pkey_rsa_verify. Some constification.

上级 9befdf1d
...@@ -117,7 +117,8 @@ struct rsa_meth_st ...@@ -117,7 +117,8 @@ struct rsa_meth_st
unsigned char *sigret, unsigned int *siglen, const RSA *rsa); unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
int (*rsa_verify)(int dtype, int (*rsa_verify)(int dtype,
const unsigned char *m, unsigned int m_length, const unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); const unsigned char *sigbuf, unsigned int siglen,
const RSA *rsa);
/* If this callback is NULL, the builtin software RSA key-gen will be used. This /* If this callback is NULL, the builtin software RSA key-gen will be used. This
* is for behavioural compatibility whilst the code gets rewired, but one day * is for behavioural compatibility whilst the code gets rewired, but one day
* it would be nice to assume there are no such things as "builtin software" * it would be nice to assume there are no such things as "builtin software"
...@@ -281,7 +282,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, ...@@ -281,7 +282,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
int RSA_sign(int type, const unsigned char *m, unsigned int m_length, int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, RSA *rsa); unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, const unsigned char *m, unsigned int m_length, int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa); const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
/* The following 2 function sign and verify a ASN1_OCTET_STRING /* The following 2 function sign and verify a ASN1_OCTET_STRING
* object inside PKCS#1 padded RSA encryption */ * object inside PKCS#1 padded RSA encryption */
......
...@@ -77,7 +77,7 @@ typedef struct ...@@ -77,7 +77,7 @@ typedef struct
BIGNUM *pub_exp; BIGNUM *pub_exp;
/* RSA padding mode */ /* RSA padding mode */
int pad_mode; int pad_mode;
/* nid for message digest */ /* message digest */
const EVP_MD *md; const EVP_MD *md;
/* Temp buffer */ /* Temp buffer */
unsigned char *tbuf; unsigned char *tbuf;
...@@ -154,6 +154,9 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen, ...@@ -154,6 +154,9 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
ret = RSA_sign(EVP_MD_type(rctx->md), ret = RSA_sign(EVP_MD_type(rctx->md),
tbs, tbslen, sig, &sltmp, tbs, tbslen, sig, &sltmp,
ctx->pkey->pkey.rsa); ctx->pkey->pkey.rsa);
if (ret <= 0)
return ret;
ret = sltmp;
} }
else else
return -1; return -1;
...@@ -169,8 +172,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen, ...@@ -169,8 +172,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
unsigned char *sig, int *siglen, unsigned char *rout, int *routlen,
const unsigned char *tbs, int tbslen) const unsigned char *sig, int siglen)
{ {
int ret; int ret;
RSA_PKEY_CTX *rctx = ctx->data; RSA_PKEY_CTX *rctx = ctx->data;
...@@ -181,7 +184,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, ...@@ -181,7 +184,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
{ {
if (!setup_tbuf(rctx, ctx)) if (!setup_tbuf(rctx, ctx))
return -1; return -1;
ret = RSA_public_decrypt(tbslen, tbs, ret = RSA_public_decrypt(siglen, sig,
rctx->tbuf, ctx->pkey->pkey.rsa, rctx->tbuf, ctx->pkey->pkey.rsa,
RSA_X931_PADDING); RSA_X931_PADDING);
if (ret < 1) if (ret < 1)
...@@ -200,27 +203,66 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, ...@@ -200,27 +203,66 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
RSA_R_INVALID_DIGEST_LENGTH); RSA_R_INVALID_DIGEST_LENGTH);
return 0; return 0;
} }
memcpy(sig, rctx->tbuf, ret); if (rout)
memcpy(rout, rctx->tbuf, ret);
} }
else if (rctx->pad_mode == RSA_PKCS1_PADDING) else if (rctx->pad_mode == RSA_PKCS1_PADDING)
{ {
unsigned int sltmp; unsigned int sltmp;
ret = int_rsa_verify(EVP_MD_type(rctx->md), ret = int_rsa_verify(EVP_MD_type(rctx->md),
NULL, 0, sig, &sltmp, NULL, 0, rout, &sltmp,
tbs, tbslen, ctx->pkey->pkey.rsa); sig, siglen, ctx->pkey->pkey.rsa);
} }
else else
return -1; return -1;
} }
else else
ret = RSA_public_decrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
rctx->pad_mode); rctx->pad_mode);
if (ret < 0) if (ret < 0)
return ret; return ret;
*siglen = ret; *routlen = ret;
return 1; return 1;
} }
static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, int siglen,
const unsigned char *tbs, int tbslen)
{
RSA_PKEY_CTX *rctx = ctx->data;
int rslen;
if (rctx->md)
{
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, ctx->pkey->pkey.rsa);
if (rctx->pad_mode == RSA_X931_PADDING)
{
if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
sig, siglen) <= 0)
return 0;
}
else
return -1;
}
else
{
if (!setup_tbuf(rctx, ctx))
return -1;
rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
ctx->pkey->pkey.rsa, rctx->pad_mode);
if (rslen <= 0)
return 0;
}
if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
return 0;
return 1;
}
static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen, static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
const unsigned char *in, int inlen) const unsigned char *in, int inlen)
{ {
...@@ -341,7 +383,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth = ...@@ -341,7 +383,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
0, 0,
pkey_rsa_sign, pkey_rsa_sign,
0,0, 0,
pkey_rsa_verify,
0, 0,
pkey_rsa_verifyrecover, pkey_rsa_verifyrecover,
......
...@@ -144,7 +144,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, ...@@ -144,7 +144,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *rm, unsigned int *prm_len, unsigned char *rm, unsigned int *prm_len,
unsigned char *sigbuf, unsigned int siglen, const unsigned char *sigbuf, unsigned int siglen,
RSA *rsa) RSA *rsa)
{ {
int i,ret=0,sigtype; int i,ret=0,sigtype;
...@@ -252,7 +252,7 @@ err: ...@@ -252,7 +252,7 @@ err:
} }
int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, const unsigned char *sigbuf, unsigned int siglen,
RSA *rsa) RSA *rsa)
{ {
......
...@@ -92,7 +92,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from, ...@@ -92,7 +92,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa); unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
/* utility functions */ /* utility functions */
/*-----------------------*/ /*-----------------------*/
...@@ -618,7 +618,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from, ...@@ -618,7 +618,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
#define SSL_SIG_LEN 36 #define SSL_SIG_LEN 36
static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
{ {
long returnCode; long returnCode;
long reasonCode; long reasonCode;
...@@ -727,7 +727,8 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, ...@@ -727,7 +727,8 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength, digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray, &keyTokenLength, exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
keyToken, &length, hashBuffer, &lsiglen, sigbuf); keyToken, &length, hashBuffer, &lsiglen,
(unsigned char *)sigbuf);
if (type == NID_sha1 || type == NID_md5) if (type == NID_sha1 || type == NID_md5)
{ {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册