| rsa_pss.c (302408) | rsa_pss.c (325335) |
|---|---|
| 1/* rsa_pss.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 2005. 5 */ 6/* ==================================================================== 7 * Copyright (c) 2005 The OpenSSL Project. All rights reserved. 8 * --- 108 unchanged lines hidden (view full) --- 117 if (EM[0] & (0xFF << MSBits)) { 118 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID); 119 goto err; 120 } 121 if (MSBits == 0) { 122 EM++; 123 emLen--; 124 } | 1/* rsa_pss.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 2005. 5 */ 6/* ==================================================================== 7 * Copyright (c) 2005 The OpenSSL Project. All rights reserved. 8 * --- 108 unchanged lines hidden (view full) --- 117 if (EM[0] & (0xFF << MSBits)) { 118 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID); 119 goto err; 120 } 121 if (MSBits == 0) { 122 EM++; 123 emLen--; 124 } |
| 125 if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ | 125 if (emLen < hLen + 2) { |
| 126 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); 127 goto err; 128 } | 126 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); 127 goto err; 128 } |
| 129 if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ 130 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); 131 goto err; 132 } |
|
| 129 if (EM[emLen - 1] != 0xbc) { 130 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID); 131 goto err; 132 } 133 maskedDBLen = emLen - hLen - 1; 134 H = EM + maskedDBLen; 135 DB = OPENSSL_malloc(maskedDBLen); 136 if (!DB) { --- 80 unchanged lines hidden (view full) --- 217 } 218 219 MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; 220 emLen = RSA_size(rsa); 221 if (MSBits == 0) { 222 *EM++ = 0; 223 emLen--; 224 } | 133 if (EM[emLen - 1] != 0xbc) { 134 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID); 135 goto err; 136 } 137 maskedDBLen = emLen - hLen - 1; 138 H = EM + maskedDBLen; 139 DB = OPENSSL_malloc(maskedDBLen); 140 if (!DB) { --- 80 unchanged lines hidden (view full) --- 221 } 222 223 MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; 224 emLen = RSA_size(rsa); 225 if (MSBits == 0) { 226 *EM++ = 0; 227 emLen--; 228 } |
| 229 if (emLen < hLen + 2) { 230 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 231 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 232 goto err; 233 } |
|
| 225 if (sLen == -2) { 226 sLen = emLen - hLen - 2; | 234 if (sLen == -2) { 235 sLen = emLen - hLen - 2; |
| 227 } else if (emLen < (hLen + sLen + 2)) { | 236 } else if (sLen > emLen - hLen - 2) { |
| 228 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 229 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 230 goto err; 231 } 232 if (sLen > 0) { 233 salt = OPENSSL_malloc(sLen); 234 if (!salt) { 235 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, --- 55 unchanged lines hidden --- | 237 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 238 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 239 goto err; 240 } 241 if (sLen > 0) { 242 salt = OPENSSL_malloc(sLen); 243 if (!salt) { 244 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, --- 55 unchanged lines hidden --- |