int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx, int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash, const unsigned char *sigbuf, unsigned int siglen) { unsigned int md_len, rv; unsigned char md[EVP_MAX_MD_SIZE]; FIPS_digestfinal(ctx, md, &md_len); rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx), rsa_pad_mode, saltlen, mgf1Hash, sigbuf, siglen); OPENSSL_cleanse(md, md_len); return rv; }
int FIPS_rsa_verify(RSA *rsa, const unsigned char *msg, int msglen, const EVP_MD *mhash, int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash, const unsigned char *sigbuf, unsigned int siglen) { unsigned int md_len, rv; unsigned char md[EVP_MAX_MD_SIZE]; FIPS_digest(msg, msglen, md, &md_len, mhash); rv = FIPS_rsa_verify_digest(rsa, md, md_len, mhash, rsa_pad_mode, saltlen, mgf1Hash, sigbuf, siglen); OPENSSL_cleanse(md, md_len); return rv; }
static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; size_t rslen; #ifdef OPENSSL_FIPS int rv; rv = pkey_fips_check_ctx(ctx); if (rv < 0) { RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return -1; } #endif if (rctx->md) { #ifdef OPENSSL_FIPS if (rv > 0) { return FIPS_rsa_verify_digest(rsa, tbs, tbslen, rctx->md, rctx->pad_mode, rctx->saltlen, rctx->mgf1md, sig, siglen); } #endif if (rctx->pad_mode == RSA_PKCS1_PADDING) return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); if (rctx->pad_mode == RSA_X931_PADDING) { if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) return 0; } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { int ret; if (!setup_tbuf(rctx, ctx)) return -1; ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, RSA_NO_PADDING); if (ret <= 0) return 0; ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md, rctx->mgf1md, rctx->tbuf, rctx->saltlen); if (ret <= 0) return 0; return 1; } else return -1; } else { if (!setup_tbuf(rctx, ctx)) return -1; rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, rctx->pad_mode); if (rslen == 0) return 0; } if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) return 0; return 1; }