Skip to content

Commit 6c1e1d0

Browse files
author
Golikov Pavel Evgenevich
committed
Add PSS salt length setting in VerifyFinal
1 parent 69d3118 commit 6c1e1d0

File tree

1 file changed

+27
-26
lines changed

1 file changed

+27
-26
lines changed

src/lib/crypto/OSSLRSA.cpp

Lines changed: 27 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -105,15 +105,15 @@ bool OSSLRSA::sign(PrivateKey *privateKey, const ByteString &dataToSign,
105105
ERROR_MSG("An error occurred while creating sign context");
106106
return false;
107107
}
108-
108+
109109
if ((EVP_PKEY_sign_init(ctx) <= 0) ||
110110
(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0))
111111
{
112112
EVP_PKEY_CTX_free(ctx);
113113
ERROR_MSG("An error occurred while set PKCS #1 signature parameters");
114114
return false;
115115
}
116-
116+
117117
signature.resize(sigLen);
118118
if (EVP_PKEY_sign(ctx, signature.byte_str(), &sigLen, (unsigned char *)dataToSign.const_byte_str(), dataToSign.size()) <= 0)
119119
{
@@ -236,7 +236,7 @@ bool OSSLRSA::sign(PrivateKey *privateKey, const ByteString &dataToSign,
236236
ERROR_MSG("An error occurred while performing the RSA-PSS signature");
237237
return false;
238238
}
239-
239+
240240
signature.resize(sigLen);
241241
if (EVP_PKEY_sign(ctx, &signature[0], &sigLen, dataToSign.const_byte_str(), dataToSign.size()) <= 0)
242242
{
@@ -654,7 +654,7 @@ bool OSSLRSA::signFinal(ByteString &signature)
654654
}
655655
if (rsaPadding == RSA_PKCS1_PSS_PADDING)
656656
{
657-
if ((EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, hash) <= 0) ||
657+
if ((EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, hash) <= 0) ||
658658
(EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sLen) <= 0))
659659
{
660660
EVP_PKEY_CTX_free(ctx);
@@ -721,7 +721,7 @@ bool OSSLRSA::verify(PublicKey *publicKey, const ByteString &originalData,
721721
return false;
722722
}
723723
EVP_PKEY_CTX_free(ctx);
724-
return (status == 1);
724+
return (status == 1);
725725
}
726726
else if (mechanism == AsymMech::RSA_PKCS_PSS)
727727
{
@@ -1227,12 +1227,13 @@ bool OSSLRSA::verifyFinal(const ByteString &signature)
12271227
}
12281228
if (rsaPadding == RSA_PKCS1_PSS_PADDING)
12291229
{
1230-
if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, hash) <= 0)
1231-
{
1232-
EVP_PKEY_CTX_free(ctx);
1233-
ERROR_MSG("RSA verify set mgf1 failed (0x%08X)", ERR_get_error());
1234-
return false;
1235-
}
1230+
if ((EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, hash) <= 0) ||
1231+
(EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sLen) <= 0))
1232+
{
1233+
EVP_PKEY_CTX_free(ctx);
1234+
ERROR_MSG("RSA verify set mgf1 failed (0x%08X)", ERR_get_error());
1235+
return false;
1236+
}
12361237
}
12371238
int status = EVP_PKEY_verify(ctx, signature.const_byte_str(), signature.size(), digest.const_byte_str(), digest.size());
12381239
if (status < 0)
@@ -1281,7 +1282,7 @@ bool OSSLRSA::encrypt(PublicKey *publicKey, const ByteString &data,
12811282
}
12821283
else if (padding == AsymMech::RSA_PKCS_OAEP)
12831284
{
1284-
if ((param == NULL)||(paramLen != sizeof(RSA_PKCS_OAEP_PARAMS)))
1285+
if ((param == NULL) || (paramLen != sizeof(RSA_PKCS_OAEP_PARAMS)))
12851286
{
12861287
ERROR_MSG("Invalid RSA encryption OAEP parameter supplied");
12871288
return false;
@@ -1335,7 +1336,7 @@ bool OSSLRSA::encrypt(PublicKey *publicKey, const ByteString &data,
13351336
}
13361337
// The size of the input data cannot be more than the modulus
13371338
// length of the key - (2 * hashLen + 1)
1338-
if (data.size() > (size_t)(EVP_PKEY_size(rsa) - (2 * hashLen + 1)))
1339+
if (data.size() > (size_t)(EVP_PKEY_size(rsa) - (2 * hashLen + 1)))
13391340
{
13401341
ERROR_MSG("Too much data supplied for RSA OAEP encryption");
13411342

@@ -1380,9 +1381,9 @@ bool OSSLRSA::encrypt(PublicKey *publicKey, const ByteString &data,
13801381
}
13811382
if (osslPadding == RSA_PKCS1_OAEP_PADDING)
13821383
{
1383-
void *labelData=NULL;
1384+
void *labelData = NULL;
13841385
if (oaepParam->sourceDataLen != 0)
1385-
labelData = OPENSSL_memdup(oaepParam->sourceData,oaepParam->sourceDataLen);
1386+
labelData = OPENSSL_memdup(oaepParam->sourceData, oaepParam->sourceDataLen);
13861387

13871388
if ((EVP_PKEY_CTX_set_rsa_oaep_md(ctx, hash) <= 0) ||
13881389
(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf) <= 0))
@@ -1448,7 +1449,7 @@ bool OSSLRSA::decrypt(PrivateKey *privateKey, const ByteString &encryptedData,
14481449
else if (padding == AsymMech::RSA_PKCS_OAEP)
14491450
{
14501451
osslPadding = RSA_PKCS1_OAEP_PADDING;
1451-
if ((param == NULL)||(paramLen != sizeof(RSA_PKCS_OAEP_PARAMS)))
1452+
if ((param == NULL) || (paramLen != sizeof(RSA_PKCS_OAEP_PARAMS)))
14521453
{
14531454
ERROR_MSG("Invalid RSA decryption OAEP parameter supplied");
14541455
return false;
@@ -1523,20 +1524,20 @@ bool OSSLRSA::decrypt(PrivateKey *privateKey, const ByteString &encryptedData,
15231524
}
15241525
if (osslPadding == RSA_PKCS1_OAEP_PADDING)
15251526
{
1526-
void *labelData=NULL;
1527+
void *labelData = NULL;
15271528
if (oaepParam->sourceDataLen != 0)
1528-
labelData = OPENSSL_memdup(oaepParam->sourceData,oaepParam->sourceDataLen);
1529+
labelData = OPENSSL_memdup(oaepParam->sourceData, oaepParam->sourceDataLen);
15291530
if ((EVP_PKEY_CTX_set_rsa_oaep_md(ctx, hash) <= 0) ||
15301531
(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf) <= 0))
15311532
{
1532-
OPENSSL_free(labelData);
1533+
OPENSSL_free(labelData);
15331534
EVP_PKEY_CTX_free(ctx);
15341535
ERROR_MSG("Set OAEP parameters for RSA decryption failed (0x%08X)", ERR_get_error());
15351536
return false;
15361537
}
15371538
if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, labelData, oaepParam->sourceDataLen) <= 0)
15381539
{
1539-
OPENSSL_free(labelData);
1540+
OPENSSL_free(labelData);
15401541
EVP_PKEY_CTX_free(ctx);
15411542
ERROR_MSG("Set OAEP label for RSA decryption failed (0x%08X)", ERR_get_error());
15421543
return false;
@@ -1599,7 +1600,7 @@ bool OSSLRSA::generateKeyPair(AsymmetricKeyPair **ppKeyPair, AsymmetricParameter
15991600
}
16001601

16011602
// Generate the key-pair
1602-
EVP_PKEY *rsa = NULL;
1603+
EVP_PKEY *rsa = NULL;
16031604
BIGNUM *bn_e = OSSL::byteString2bn(params->getE());
16041605
// Check if the key was successfully generated
16051606
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
@@ -1615,27 +1616,27 @@ bool OSSLRSA::generateKeyPair(AsymmetricKeyPair **ppKeyPair, AsymmetricParameter
16151616
(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, bn_e) <= 0))
16161617
#else
16171618
(EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, bn_e) <= 0))
1618-
#endif
1619+
#endif
16191620
{
16201621
ERROR_MSG("Failed to set RSA key generation parameters (0x%08X)", ERR_get_error());
16211622
EVP_PKEY_CTX_free(ctx);
16221623
BN_free(bn_e);
16231624
return false;
16241625
}
1625-
if (EVP_PKEY_keygen(ctx, &rsa) <= 0)
1626+
if (EVP_PKEY_keygen(ctx, &rsa) <= 0)
16261627
{
16271628
ERROR_MSG("RSA key generation failed (0x%08X)", ERR_get_error());
16281629
EVP_PKEY_CTX_free(ctx);
1629-
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1630+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
16301631
BN_free(bn_e);
16311632
#endif
16321633
return false;
16331634
}
16341635

16351636
EVP_PKEY_CTX_free(ctx);
1636-
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
1637+
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
16371638
BN_free(bn_e);
1638-
#endif
1639+
#endif
16391640
// Create an asymmetric key-pair object to return
16401641
OSSLRSAKeyPair *kp = new OSSLRSAKeyPair();
16411642

0 commit comments

Comments
 (0)