From 4f59b6587f1c660dfe61c368ede1c4e34e03164d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 10 Apr 2006 01:06:17 +0000
Subject: [PATCH] Implementation of pkey_rsa_verify. Some constification.

---
 crypto/rsa/rsa.h       |  5 ++--
 crypto/rsa/rsa_pmeth.c | 63 +++++++++++++++++++++++++++++++++++-------
 crypto/rsa/rsa_sign.c  |  4 +--
 engines/e_4758cca.c    |  7 +++--
 4 files changed, 62 insertions(+), 17 deletions(-)

diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index e9f87694de..02fdcd732e 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -117,7 +117,8 @@ struct rsa_meth_st
 		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
 	int (*rsa_verify)(int dtype,
 		const unsigned char *m, unsigned int m_length,
-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+		const unsigned char *sigbuf, unsigned int siglen,
+								const RSA *rsa);
 /* If this callback is NULL, the builtin software RSA key-gen will be used. This
  * is for behavioural compatibility whilst the code gets rewired, but one day
  * it would be nice to assume there are no such things as "builtin software"
@@ -281,7 +282,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
 int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+	const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
  * object inside PKCS#1 padded RSA encryption */
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 001dbd0bad..5501965298 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -77,7 +77,7 @@ typedef struct
 	BIGNUM *pub_exp;
 	/* RSA padding mode */
 	int pad_mode;
-	/* nid for message digest */
+	/* message digest */
 	const EVP_MD *md;
 	/* Temp buffer */
 	unsigned char *tbuf;
@@ -154,6 +154,9 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
 			ret = RSA_sign(EVP_MD_type(rctx->md),
 						tbs, tbslen, sig, &sltmp,
 							ctx->pkey->pkey.rsa);
+			if (ret <= 0)
+				return ret;
+			ret = sltmp;
 			}
 		else
 			return -1;
@@ -169,8 +172,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
 
 
 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
-					unsigned char *sig, int *siglen,
-                                        const unsigned char *tbs, int tbslen)
+					unsigned char *rout, int *routlen,
+                                        const unsigned char *sig, int siglen)
 	{
 	int ret;
 	RSA_PKEY_CTX *rctx = ctx->data;
@@ -181,7 +184,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
 			{
 			if (!setup_tbuf(rctx, ctx))
 				return -1;
-			ret = RSA_public_decrypt(tbslen, tbs,
+			ret = RSA_public_decrypt(siglen, sig,
 						rctx->tbuf, ctx->pkey->pkey.rsa,
 						RSA_X931_PADDING);
 			if (ret < 1)
@@ -200,27 +203,66 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
 					RSA_R_INVALID_DIGEST_LENGTH);
 				return 0;
 				}
-			memcpy(sig, rctx->tbuf, ret);
+			if (rout)
+				memcpy(rout, rctx->tbuf, ret);
 			}
 		else if (rctx->pad_mode == RSA_PKCS1_PADDING)
 			{
 			unsigned int sltmp;
 			ret = int_rsa_verify(EVP_MD_type(rctx->md),
-						NULL, 0, sig, &sltmp,
-					tbs, tbslen, ctx->pkey->pkey.rsa);
+						NULL, 0, rout, &sltmp,
+					sig, siglen, ctx->pkey->pkey.rsa);
 			}
 		else
 			return -1;
 		}
 	else
-		ret = RSA_public_decrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+		ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
 							rctx->pad_mode);
 	if (ret < 0)
 		return ret;
-	*siglen = ret;
+	*routlen = ret;
 	return 1;
 	}
 
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+					const unsigned char *sig, int siglen,
+                                        const unsigned char *tbs, int tbslen)
+	{
+	RSA_PKEY_CTX *rctx = ctx->data;
+	int rslen;
+	if (rctx->md)
+		{
+		if (rctx->pad_mode == RSA_PKCS1_PADDING)
+			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+					sig, siglen, ctx->pkey->pkey.rsa);
+		if (rctx->pad_mode == RSA_X931_PADDING)
+			{
+			if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
+					sig, siglen) <= 0)
+				return 0;
+			}
+		else
+			return -1;
+		}
+	else
+		{
+		if (!setup_tbuf(rctx, ctx))
+			return -1;
+		rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+					ctx->pkey->pkey.rsa, rctx->pad_mode);
+		if (rslen <= 0)
+			return 0;
+		}
+
+	if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+		return 0;
+
+	return 1;
+			
+	}
+	
+
 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
                                         const unsigned char *in, int inlen)
 	{
@@ -341,7 +383,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
 	0,
 	pkey_rsa_sign,
 
-	0,0,
+	0,
+	pkey_rsa_verify,
 
 	0,
 	pkey_rsa_verifyrecover,
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 4d48164b77..52c8c985d0 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -144,7 +144,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 
 int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		unsigned char *rm, unsigned int *prm_len,
-		unsigned char *sigbuf, unsigned int siglen,
+		const unsigned char *sigbuf, unsigned int siglen,
 		RSA *rsa)
 	{
 	int i,ret=0,sigtype;
@@ -252,7 +252,7 @@ err:
 	}
 
 int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-		unsigned char *sigbuf, unsigned int siglen,
+		const unsigned char *sigbuf, unsigned int siglen,
 		RSA *rsa)
 	{
 
diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c
index a9089498cc..9f6572e677 100644
--- a/engines/e_4758cca.c
+++ b/engines/e_4758cca.c
@@ -92,7 +92,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
 static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
 		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
 static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+	const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
 
 /* utility functions */
 /*-----------------------*/
@@ -618,7 +618,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
 #define SSL_SIG_LEN 36
 
 static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
+	const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
 	{
 	long returnCode;
 	long reasonCode;
@@ -727,7 +727,8 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
 
 	digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
 		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
-		keyToken, &length, hashBuffer, &lsiglen, sigbuf);
+		keyToken, &length, hashBuffer, &lsiglen,
+						(unsigned char *)sigbuf);
 
 	if (type == NID_sha1 || type == NID_md5)
 		{
-- 
2.34.1