Implementation of pkey_rsa_verify. Some constification.

author Dr. Stephen Henson <steve@openssl.org>

Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h

index e9f87694dee66c9a3ac99e96d5742fd076723e41..02fdcd732e42322988fbabb9581817b04aa466a0 100644 (file)
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -117,7 +117,8 @@ struct rsa_meth_st
                 unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
         int (*rsa_verify)(int dtype,
                 const unsigned char *m, unsigned int m_length,
-               unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+               const unsigned char *sigbuf, unsigned int siglen,
+                                                               const RSA *rsa);
  /* If this callback is NULL, the builtin software RSA key-gen will be used. This
   * is for behavioural compatibility whilst the code gets rewired, but one day
   * it would be nice to assume there are no such things as "builtin software"
@@ -281,7 +282,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
  int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
         unsigned char *sigret, unsigned int *siglen, RSA *rsa);
  int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-       unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+       const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
  
  /* The following 2 function sign and verify a ASN1_OCTET_STRING
   * object inside PKCS#1 padded RSA encryption */
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c

index 001dbd0badcfe644afeda88267b6eaf50284035e..55019652985f616d7c99c2886c3e95f956cf5a18 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -77,7 +77,7 @@ typedef struct
         BIGNUM *pub_exp;
         /* RSA padding mode */
         int pad_mode;
-       /* nid for message digest */
+       /* message digest */
         const EVP_MD *md;
         /* Temp buffer */
         unsigned char *tbuf;
@@ -154,6 +154,9 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
                         ret = RSA_sign(EVP_MD_type(rctx->md),
                                                 tbs, tbslen, sig, &sltmp,
                                                         ctx->pkey->pkey.rsa);
+                       if (ret <= 0)
+                               return ret;
+                       ret = sltmp;
                         }
                 else
                         return -1;
@@ -169,8 +172,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
  
  
  static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
-                                       unsigned char *sig, int *siglen,
-                                        const unsigned char *tbs, int tbslen)
+                                       unsigned char *rout, int *routlen,
+                                        const unsigned char *sig, int siglen)
         {
         int ret;
         RSA_PKEY_CTX *rctx = ctx->data;
@@ -181,7 +184,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                         {
                         if (!setup_tbuf(rctx, ctx))
                                 return -1;
-                       ret = RSA_public_decrypt(tbslen, tbs,
+                       ret = RSA_public_decrypt(siglen, sig,
                                                 rctx->tbuf, ctx->pkey->pkey.rsa,
                                                 RSA_X931_PADDING);
                         if (ret < 1)
@@ -200,27 +203,66 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                                         RSA_R_INVALID_DIGEST_LENGTH);
                                 return 0;
                                 }
-                       memcpy(sig, rctx->tbuf, ret);
+                       if (rout)
+                               memcpy(rout, rctx->tbuf, ret);
                         }
                 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
                         {
                         unsigned int sltmp;
                         ret = int_rsa_verify(EVP_MD_type(rctx->md),
-                                               NULL, 0, sig, &sltmp,
-                                       tbs, tbslen, ctx->pkey->pkey.rsa);
+                                               NULL, 0, rout, &sltmp,
+                                       sig, siglen, ctx->pkey->pkey.rsa);
                         }
                 else
                         return -1;
                 }
         else
-               ret = RSA_public_decrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+               ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
                                                         rctx->pad_mode);
         if (ret < 0)
                 return ret;
-       *siglen = ret;
+       *routlen = ret;
         return 1;
         }
  
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+                                       const unsigned char *sig, int siglen,
+                                        const unsigned char *tbs, int tbslen)
+       {
+       RSA_PKEY_CTX *rctx = ctx->data;
+       int rslen;
+       if (rctx->md)
+               {
+               if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                       return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+                                       sig, siglen, ctx->pkey->pkey.rsa);
+               if (rctx->pad_mode == RSA_X931_PADDING)
+                       {
+                       if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
+                                       sig, siglen) <= 0)
+                               return 0;
+                       }
+               else
+                       return -1;
+               }
+       else
+               {
+               if (!setup_tbuf(rctx, ctx))
+                       return -1;
+               rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                       ctx->pkey->pkey.rsa, rctx->pad_mode);
+               if (rslen <= 0)
+                       return 0;
+               }
+
+       if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+               return 0;
+
+       return 1;
+                       
+       }
+       
+
  static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
                                          const unsigned char *in, int inlen)
         {
@@ -341,7 +383,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
         0,
         pkey_rsa_sign,
  
-       0,0,
+       0,
+       pkey_rsa_verify,
  
         0,
         pkey_rsa_verifyrecover,
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c

index 4d48164b773809c4f3fa018a6251364eea869684..52c8c985d065c7a8582e9ef4ce9345250fa17d29 100644 (file)
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -144,7 +144,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
  
  int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                 unsigned char *rm, unsigned int *prm_len,
-               unsigned char *sigbuf, unsigned int siglen,
+               const unsigned char *sigbuf, unsigned int siglen,
                 RSA *rsa)
         {
         int i,ret=0,sigtype;
@@ -252,7 +252,7 @@ err:
         }
  
  int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-               unsigned char *sigbuf, unsigned int siglen,
+               const unsigned char *sigbuf, unsigned int siglen,
                 RSA *rsa)
         {
  
diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c

index a9089498cc02d61dc1fb2c604ad31b0e34b0f123..9f6572e677191aa56a657d3f1fb7a8e1a18aafb3 100644 (file)
--- a/engines/e_4758cca.c
+++ b/engines/e_4758cca.c
@@ -92,7 +92,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
  static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
                 unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
  static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
-               unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+       const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
  
  /* utility functions */
  /*-----------------------*/
@@ -618,7 +618,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
  #define SSL_SIG_LEN 36
  
  static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
-               unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
+       const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
         {
         long returnCode;
         long reasonCode;
@@ -727,7 +727,8 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
  
         digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
                 exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
-               keyToken, &length, hashBuffer, &lsiglen, sigbuf);
+               keyToken, &length, hashBuffer, &lsiglen,
+                                               (unsigned char *)sigbuf);
  
         if (type == NID_sha1 || type == NID_md5)
                 {
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)
crypto/rsa/rsa.h		patch \| blob \| history
crypto/rsa/rsa_pmeth.c		patch \| blob \| history
crypto/rsa/rsa_sign.c		patch \| blob \| history
engines/e_4758cca.c		patch \| blob \| history