Implementation of pkey_rsa_verify. Some constification.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 10 Apr 2006 01:06:17 +0000 (01:06 +0000)
crypto/rsa/rsa.h
crypto/rsa/rsa_pmeth.c
crypto/rsa/rsa_sign.c
engines/e_4758cca.c

index e9f8769..02fdcd7 100644 (file)
@@ -117,7 +117,8 @@ struct rsa_meth_st
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
        int (*rsa_verify)(int dtype,
                const unsigned char *m, unsigned int m_length,
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
        int (*rsa_verify)(int dtype,
                const unsigned char *m, unsigned int m_length,
-               unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+               const unsigned char *sigbuf, unsigned int siglen,
+                                                               const RSA *rsa);
 /* If this callback is NULL, the builtin software RSA key-gen will be used. This
  * is for behavioural compatibility whilst the code gets rewired, but one day
  * it would be nice to assume there are no such things as "builtin software"
 /* If this callback is NULL, the builtin software RSA key-gen will be used. This
  * is for behavioural compatibility whilst the code gets rewired, but one day
  * it would be nice to assume there are no such things as "builtin software"
@@ -281,7 +282,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
 int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
 int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-       unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+       const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
  * object inside PKCS#1 padded RSA encryption */
 
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
  * object inside PKCS#1 padded RSA encryption */
index 001dbd0..5501965 100644 (file)
@@ -77,7 +77,7 @@ typedef struct
        BIGNUM *pub_exp;
        /* RSA padding mode */
        int pad_mode;
        BIGNUM *pub_exp;
        /* RSA padding mode */
        int pad_mode;
-       /* nid for message digest */
+       /* message digest */
        const EVP_MD *md;
        /* Temp buffer */
        unsigned char *tbuf;
        const EVP_MD *md;
        /* Temp buffer */
        unsigned char *tbuf;
@@ -154,6 +154,9 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
                        ret = RSA_sign(EVP_MD_type(rctx->md),
                                                tbs, tbslen, sig, &sltmp,
                                                        ctx->pkey->pkey.rsa);
                        ret = RSA_sign(EVP_MD_type(rctx->md),
                                                tbs, tbslen, sig, &sltmp,
                                                        ctx->pkey->pkey.rsa);
+                       if (ret <= 0)
+                               return ret;
+                       ret = sltmp;
                        }
                else
                        return -1;
                        }
                else
                        return -1;
@@ -169,8 +172,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
 
 
 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
 
 
 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
-                                       unsigned char *sig, int *siglen,
-                                        const unsigned char *tbs, int tbslen)
+                                       unsigned char *rout, int *routlen,
+                                        const unsigned char *sig, int siglen)
        {
        int ret;
        RSA_PKEY_CTX *rctx = ctx->data;
        {
        int ret;
        RSA_PKEY_CTX *rctx = ctx->data;
@@ -181,7 +184,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                        {
                        if (!setup_tbuf(rctx, ctx))
                                return -1;
                        {
                        if (!setup_tbuf(rctx, ctx))
                                return -1;
-                       ret = RSA_public_decrypt(tbslen, tbs,
+                       ret = RSA_public_decrypt(siglen, sig,
                                                rctx->tbuf, ctx->pkey->pkey.rsa,
                                                RSA_X931_PADDING);
                        if (ret < 1)
                                                rctx->tbuf, ctx->pkey->pkey.rsa,
                                                RSA_X931_PADDING);
                        if (ret < 1)
@@ -200,27 +203,66 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                                        RSA_R_INVALID_DIGEST_LENGTH);
                                return 0;
                                }
                                        RSA_R_INVALID_DIGEST_LENGTH);
                                return 0;
                                }
-                       memcpy(sig, rctx->tbuf, ret);
+                       if (rout)
+                               memcpy(rout, rctx->tbuf, ret);
                        }
                else if (rctx->pad_mode == RSA_PKCS1_PADDING)
                        {
                        unsigned int sltmp;
                        ret = int_rsa_verify(EVP_MD_type(rctx->md),
                        }
                else if (rctx->pad_mode == RSA_PKCS1_PADDING)
                        {
                        unsigned int sltmp;
                        ret = int_rsa_verify(EVP_MD_type(rctx->md),
-                                               NULL, 0, sig, &sltmp,
-                                       tbs, tbslen, ctx->pkey->pkey.rsa);
+                                               NULL, 0, rout, &sltmp,
+                                       sig, siglen, ctx->pkey->pkey.rsa);
                        }
                else
                        return -1;
                }
        else
                        }
                else
                        return -1;
                }
        else
-               ret = RSA_public_decrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+               ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
                                                        rctx->pad_mode);
        if (ret < 0)
                return ret;
                                                        rctx->pad_mode);
        if (ret < 0)
                return ret;
-       *siglen = ret;
+       *routlen = ret;
        return 1;
        }
 
        return 1;
        }
 
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+                                       const unsigned char *sig, int siglen,
+                                        const unsigned char *tbs, int tbslen)
+       {
+       RSA_PKEY_CTX *rctx = ctx->data;
+       int rslen;
+       if (rctx->md)
+               {
+               if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                       return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+                                       sig, siglen, ctx->pkey->pkey.rsa);
+               if (rctx->pad_mode == RSA_X931_PADDING)
+                       {
+                       if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
+                                       sig, siglen) <= 0)
+                               return 0;
+                       }
+               else
+                       return -1;
+               }
+       else
+               {
+               if (!setup_tbuf(rctx, ctx))
+                       return -1;
+               rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                       ctx->pkey->pkey.rsa, rctx->pad_mode);
+               if (rslen <= 0)
+                       return 0;
+               }
+
+       if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+               return 0;
+
+       return 1;
+                       
+       }
+       
+
 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
                                         const unsigned char *in, int inlen)
        {
 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
                                         const unsigned char *in, int inlen)
        {
@@ -341,7 +383,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
        0,
        pkey_rsa_sign,
 
        0,
        pkey_rsa_sign,
 
-       0,0,
+       0,
+       pkey_rsa_verify,
 
        0,
        pkey_rsa_verifyrecover,
 
        0,
        pkey_rsa_verifyrecover,
index 4d48164..52c8c98 100644 (file)
@@ -144,7 +144,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 
 int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                unsigned char *rm, unsigned int *prm_len,
 
 int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                unsigned char *rm, unsigned int *prm_len,
-               unsigned char *sigbuf, unsigned int siglen,
+               const unsigned char *sigbuf, unsigned int siglen,
                RSA *rsa)
        {
        int i,ret=0,sigtype;
                RSA *rsa)
        {
        int i,ret=0,sigtype;
@@ -252,7 +252,7 @@ err:
        }
 
 int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
        }
 
 int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-               unsigned char *sigbuf, unsigned int siglen,
+               const unsigned char *sigbuf, unsigned int siglen,
                RSA *rsa)
        {
 
                RSA *rsa)
        {
 
index a908949..9f6572e 100644 (file)
@@ -92,7 +92,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
 static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
 static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
 static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
-               unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+       const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
 
 /* utility functions */
 /*-----------------------*/
 
 /* utility functions */
 /*-----------------------*/
@@ -618,7 +618,7 @@ static int cca_rsa_priv_dec(int flen, const unsigned char *from,
 #define SSL_SIG_LEN 36
 
 static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
 #define SSL_SIG_LEN 36
 
 static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
-               unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
+       const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
        {
        long returnCode;
        long reasonCode;
        {
        long returnCode;
        long reasonCode;
@@ -727,7 +727,8 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
 
        digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
 
        digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
-               keyToken, &length, hashBuffer, &lsiglen, sigbuf);
+               keyToken, &length, hashBuffer, &lsiglen,
+                                               (unsigned char *)sigbuf);
 
        if (type == NID_sha1 || type == NID_md5)
                {
 
        if (type == NID_sha1 || type == NID_md5)
                {