feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

RSA PSS OpenSSL compatibility verification: support AUTO

Browse Source 
When wolfSSL_RSA_verify_PKCS1_PSS() called with RSA_PSS_SALTLEN_AUTO
(RSA_PSS_SALTLEN_MAX_SIGN) it wasn't using RSA_PSS_SALT_LEN_DISCOVER
when available.
This commit is contained in:
Sean Parkinson
2023-11-02 07:43:54 +10:00
parent 7435d235a6
commit 4870435604
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/pk.c
View File

@ -3556,13 +3556,16 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
if (ret == 1) { if (ret == 1) {
/* Calculate the salt length to use for special cases. */ /* Calculate the salt length to use for special cases. */
/* TODO: use special case wolfCrypt values. */
switch (saltLen) { switch (saltLen) {
/* Negative saltLen values are treated differently */ /* Negative saltLen values are treated differently */
case RSA_PSS_SALTLEN_DIGEST: case RSA_PSS_SALTLEN_DIGEST:
saltLen = hashLen; saltLen = hashLen;
break; break;
case RSA_PSS_SALTLEN_MAX_SIGN: case RSA_PSS_SALTLEN_AUTO:
#ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER
saltLen = RSA_PSS_SALT_LEN_DISCOVER;
break;
#endif
case RSA_PSS_SALTLEN_MAX: case RSA_PSS_SALTLEN_MAX:
#ifdef WOLFSSL_PSS_LONG_SALT #ifdef WOLFSSL_PSS_LONG_SALT
saltLen = emLen - hashLen - 2; saltLen = emLen - hashLen - 2;

2
wolfssl/openssl/rsa.h
View File

@ -54,6 +54,8 @@
#define RSA_PSS_SALTLEN_DIGEST (-1) #define RSA_PSS_SALTLEN_DIGEST (-1)
/* Old max salt length */ /* Old max salt length */
#define RSA_PSS_SALTLEN_MAX_SIGN (-2) #define RSA_PSS_SALTLEN_MAX_SIGN (-2)
/* Verification only value to indicate to discover salt length. */
#define RSA_PSS_SALTLEN_AUTO (-2)
/* Max salt length */ /* Max salt length */
#define RSA_PSS_SALTLEN_MAX (-3) #define RSA_PSS_SALTLEN_MAX (-3)
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */