rpms/opensc
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Unbreak signautures and verifications with RSA-PSS

Browse Source
This commit is contained in:
Jakub Jelen 2018-11-20 15:14:43 +01:00
parent b8155addcb
commit deb6ed7050
1 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
opensc-0.19.0-rsa-pss.patch
View File

@ -2179,3 +2179,80 @@ index 75c92b651..f0e2263b8 100644
} }
/* this is no longer part of the MGF1, but actually /* this is no longer part of the MGF1, but actually
From e5d8395a7b8e5d6d1493d893c31fac321f45433a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 20 Nov 2018 09:29:53 +0100
Subject: [PATCH] pkcs11-tool: Unbreak signature and verification in
pkcs11-tool
---
src/tools/pkcs11-tool.c | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index df4a0ef3..ff1c00ac 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1758,6 +1758,9 @@ parse_pss_params(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
pss_params->hashAlg = CKM_SHA512;
pss_params->mgf = CKG_MGF1_SHA512;
break;
+
+ default: /* The non-RSA-PSS algorithms do not need any parameters */
+ return 0;
}
/* One of RSA-PSS mechanisms above: They need parameters */
@@ -1820,8 +1823,6 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
memset(&mech, 0, sizeof(mech));
mech.mechanism = opt_mechanism;
hashlen = parse_pss_params(session, key, &mech, &pss_params);
- if (hashlen == 0)
- util_fatal("Invalid RSA-PSS parameters");
if (opt_input == NULL)
fd = 0;
@@ -1832,11 +1833,10 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
if (r < 0)
util_fatal("Cannot read from %s: %m", opt_input);
- if (opt_mechanism == CKM_RSA_PKCS_PSS) {
- if ((unsigned long)r != hashlen)
- util_fatal("For %s mechanism, message size (got %d bytes) "
- "must be equal to specified digest length (%lu)\n",
- p11_mechanism_to_name(opt_mechanism), r, hashlen);
+ if (opt_mechanism == CKM_RSA_PKCS_PSS && (unsigned long)r != hashlen) {
+ util_fatal("For %s mechanism, message size (got %d bytes) "
+ "must be equal to specified digest length (%lu)\n",
+ p11_mechanism_to_name(opt_mechanism), r, hashlen);
}
rv = CKR_CANCEL;
@@ -1927,8 +1927,6 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
memset(&mech, 0, sizeof(mech));
mech.mechanism = opt_mechanism;
hashlen = parse_pss_params(session, key, &mech, &pss_params);
- if (hashlen == 0)
- util_fatal("Invalid RSA-PSS parameters");
/* Open a signature file */
if (opt_signature_file == NULL)
@@ -1952,11 +1950,10 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
if (r < 0)
util_fatal("Cannot read from %s: %m", opt_input);
- if (opt_mechanism == CKM_RSA_PKCS_PSS) {
- if ((unsigned long)r != hashlen)
- util_fatal("For %s mechanism, message size (got %d bytes)"
- " must be equal to specified digest length (%lu)\n",
- p11_mechanism_to_name(opt_mechanism), r, hashlen);
+ if (opt_mechanism == CKM_RSA_PKCS_PSS && (unsigned long)r != hashlen) {
+ util_fatal("For %s mechanism, message size (got %d bytes)"
+ " must be equal to specified digest length (%lu)\n",
+ p11_mechanism_to_name(opt_mechanism), r, hashlen);
}
rv = CKR_CANCEL;
--
2.19.1