int FIPS_rsa_verify_ctx(RSA *rsa, EVP_MD_CTX *ctx,
int rsa_pad_mode, int saltlen, const EVP_MD *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen)
{
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
FIPS_digestfinal(ctx, md, &md_len);
rv = FIPS_rsa_verify_digest(rsa, md, md_len, M_EVP_MD_CTX_md(ctx),
rsa_pad_mode, saltlen, mgf1Hash,
sigbuf, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
int FIPS_rsa_verify(RSA *rsa, const unsigned char *msg, int msglen,
const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
const EVP_MD *mgf1Hash,
const unsigned char *sigbuf, unsigned int siglen)
{
unsigned int md_len, rv;
unsigned char md[EVP_MAX_MD_SIZE];
FIPS_digest(msg, msglen, md, &md_len, mhash);
rv = FIPS_rsa_verify_digest(rsa, md, md_len, mhash, rsa_pad_mode,
saltlen, mgf1Hash, sigbuf, siglen);
OPENSSL_cleanse(md, md_len);
return rv;
}
static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
size_t rslen;
#ifdef OPENSSL_FIPS
int rv;
rv = pkey_fips_check_ctx(ctx);
if (rv < 0)
{
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return -1;
}
#endif
if (rctx->md)
{
#ifdef OPENSSL_FIPS
if (rv > 0)
{
return FIPS_rsa_verify_digest(rsa,
tbs, tbslen,
rctx->md,
rctx->pad_mode,
rctx->saltlen,
rctx->mgf1md,
sig, siglen);
}
#endif
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, rsa);
if (rctx->pad_mode == RSA_X931_PADDING)
{
if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
sig, siglen) <= 0)
return 0;
}
else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
{
int ret;
if (!setup_tbuf(rctx, ctx))
return -1;
ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
rsa, RSA_NO_PADDING);
if (ret <= 0)
return 0;
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
rctx->md, rctx->mgf1md,
rctx->tbuf, rctx->saltlen);
if (ret <= 0)
return 0;
return 1;
}
else
return -1;
}
else
{
if (!setup_tbuf(rctx, ctx))
return -1;
rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
rsa, rctx->pad_mode);
if (rslen == 0)
return 0;
}
if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
return 0;
return 1;
}
