diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2021-07-23 10:41:59 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-07-23 10:41:59 +0900 |
commit | 652e115e10f2bd53d1e1fbe161c2528f4ca89012 (patch) | |
tree | d4b32fa8c2452627d25027683efe21b7b1eed9c3 /cipher | |
parent | 7f401b9748c450e5e4676ea2cc611aeff41c3fb3 (diff) | |
download | libgcrypt-652e115e10f2bd53d1e1fbe161c2528f4ca89012.tar.gz |
cipher: Check by caller instead, not by callee for RSA-PSS.
* cipher/pubkey-internal.h (_gcry_rsa_pss_encode): Change the API.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Before the call to
_gcry_rsa_pss_encode, check the condition here, raise GPG_ERR_INV_ARG
if it's not good.
* cipher/rsa-common.c (_gcry_rsa_pss_encode): No check inside.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'cipher')
-rw-r--r-- | cipher/pubkey-internal.h | 2 | ||||
-rw-r--r-- | cipher/pubkey-util.c | 17 | ||||
-rw-r--r-- | cipher/rsa-common.c | 17 |
3 files changed, 13 insertions, 23 deletions
diff --git a/cipher/pubkey-internal.h b/cipher/pubkey-internal.h index d31e26f3..2b8c92b8 100644 --- a/cipher/pubkey-internal.h +++ b/cipher/pubkey-internal.h @@ -76,7 +76,7 @@ _gcry_rsa_oaep_decode (unsigned char **r_result, size_t *r_resultlen, gpg_err_code_t _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, const unsigned char *value, size_t valuelen, int saltlen, - const void *random_override, size_t random_override_len); + const void *random_override); gpg_err_code_t _gcry_rsa_pss_verify (gcry_mpi_t value, gcry_mpi_t encoded, unsigned int nbits, int algo, size_t saltlen); diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 7ddef7dc..7ed8a55c 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -678,7 +678,7 @@ _gcry_pk_util_free_encoding_ctx (struct pk_encoding_ctx *ctx) LABEL is specific to OAEP. - SALT-LENGTH is for PSS it is limited to 16384 bytes. + SALT-LENGTH is for PSS, it is limited to 16384 bytes. RANDOM-OVERRIDE is used to replace random nonces for regression testing. */ @@ -1032,7 +1032,6 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, const void * value; size_t valuelen; void *random_override = NULL; - size_t random_override_len = 0; ctx->hash_algo = get_hash_algo (s, n); @@ -1066,17 +1065,16 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, s = sexp_nth_data (list, 1, &n); if (!s) rc = GPG_ERR_NO_OBJ; - else if (n > 0) + else if (n == ctx->saltlen) { random_override = xtrymalloc (n); if (!random_override) rc = gpg_err_code_from_syserror (); else - { - memcpy (random_override, s, n); - random_override_len = n; - } + memcpy (random_override, s, n); } + else + rc = GPG_ERR_INV_ARG; sexp_release (list); if (rc) goto leave; @@ -1085,9 +1083,8 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, /* Encode the data. (NBITS-1 is due to 8.1.1, step 1.) */ rc = _gcry_rsa_pss_encode (ret_mpi, ctx->nbits - 1, ctx->hash_algo, - value, valuelen, ctx->saltlen, - random_override, random_override_len); - + value, valuelen, + ctx->saltlen, random_override); xfree (random_override); } } diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c index 29b7bc81..6ff53c71 100644 --- a/cipher/rsa-common.c +++ b/cipher/rsa-common.c @@ -742,9 +742,9 @@ _gcry_rsa_oaep_decode (unsigned char **r_result, size_t *r_resultlen, length of salt to be used. On success the result is stored as a new MPI at R_RESULT. On error the value at R_RESULT is undefined. - If {RANDOM_OVERRIDE, RANDOM_OVERRIDE_LEN} is given it is used as - the salt instead of using a random string for the salt. This - feature is only useful for regression tests. + If RANDOM_OVERRIDE is given it is used as the salt instead of using + a random string for the salt. This feature is only useful for + regression tests. Here is figure 2 from the RFC (errata 595 applied) depicting the process: @@ -778,7 +778,7 @@ _gcry_rsa_oaep_decode (unsigned char **r_result, size_t *r_resultlen, gpg_err_code_t _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, const unsigned char *value, size_t valuelen, int saltlen, - const void *random_override, size_t random_override_len) + const void *random_override) { gcry_err_code_t rc = 0; size_t hlen; /* Length of the hash digest. */ @@ -840,14 +840,7 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, if (saltlen) { if (random_override) - { - if (random_override_len != saltlen) - { - rc = GPG_ERR_INV_ARG; - goto leave; - } - memcpy (salt, random_override, saltlen); - } + memcpy (salt, random_override, saltlen); else _gcry_randomize (salt, saltlen, GCRY_STRONG_RANDOM); } |