diff options
author | marha <marha@users.sourceforge.net> | 2012-04-10 11:54:31 +0200 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2012-04-10 11:54:31 +0200 |
commit | 5564e91e3cf4ba5cb2fbebbc2d63d18f588016b8 (patch) | |
tree | c800a66664ea3af61eb13928db45a26275930b0b /openssl/crypto/rsa/rsa_sign.c | |
parent | d79e641dea89c0d5d651b11971c4c9e14df34629 (diff) | |
parent | 67326634496ef21b4acbf4cef2f05040d34aef9b (diff) | |
download | vcxsrv-5564e91e3cf4ba5cb2fbebbc2d63d18f588016b8.tar.gz vcxsrv-5564e91e3cf4ba5cb2fbebbc2d63d18f588016b8.tar.bz2 vcxsrv-5564e91e3cf4ba5cb2fbebbc2d63d18f588016b8.zip |
Merge remote-tracking branch 'origin/released'
Conflicts:
openssl/Configure
openssl/Makefile
openssl/crypto/opensslconf.h
openssl/util/mk1mf.pl
openssl/util/pl/VC-32.pl
Diffstat (limited to 'openssl/crypto/rsa/rsa_sign.c')
-rw-r--r-- | openssl/crypto/rsa/rsa_sign.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/openssl/crypto/rsa/rsa_sign.c b/openssl/crypto/rsa/rsa_sign.c index 0be4ec7fb..b6f6037ae 100644 --- a/openssl/crypto/rsa/rsa_sign.c +++ b/openssl/crypto/rsa/rsa_sign.c @@ -77,6 +77,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) + && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); + return 0; + } +#endif if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { return rsa->meth->rsa_sign(type, m, m_len, @@ -153,6 +161,15 @@ int int_rsa_verify(int dtype, const unsigned char *m, unsigned char *s; X509_SIG *sig=NULL; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) + && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD); + return 0; + } +#endif + if (siglen != (unsigned int)RSA_size(rsa)) { RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); @@ -182,6 +199,22 @@ int int_rsa_verify(int dtype, const unsigned char *m, i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); if (i <= 0) goto err; + /* Oddball MDC2 case: signature can be OCTET STRING. + * check for correct tag and length octets. + */ + if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) + { + if (rm) + { + memcpy(rm, s + 2, 16); + *prm_len = 16; + ret = 1; + } + else if(memcmp(m, s + 2, 16)) + RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + else + ret = 1; + } /* Special case: SSL signature */ if(dtype == NID_md5_sha1) { |