From 86184696198adc996e50182038d30d1ffe87ba83 Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Thu, 20 Aug 2015 14:58:14 +0200 Subject: [PATCH] Fixed PSS (still untested). --- ykcs11/openssl_utils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c index b674698..617d6b0 100644 --- a/ykcs11/openssl_utils.c +++ b/ykcs11/openssl_utils.c @@ -425,17 +425,24 @@ CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len) { unsigned char em[512]; // Max for this is ceil((|key_len_bits| - 1) / 8) + OpenSSL_add_all_digests(); + // TODO: rand must be seeded first (should be automatic) if (*out_len < RSA_size(key)) CKR_BUFFER_TOO_SMALL; DBG(("Apply PSS padding to %lu bytes and get %d\n", in_len, RSA_size(key))); - if (RSA_padding_add_PKCS1_PSS(key, em, in, EVP_get_digestbynid(nid), -2) == 0) + // In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD + if (RSA_padding_add_PKCS1_PSS(key, em, in, EVP_get_digestbynid(nid), -2) == 0) { + EVP_cleanup(); return CKR_FUNCTION_FAILED; + } *out_len = RSA_size(key); + EVP_cleanup(); + return CKR_OK; }