X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Frsa%2Frsa_i32_pkcs1_sign.c;h=44b6e6d517640b5d871ef2715d484e9e4f30ee3b;hp=c901badaa899c8fc88f26c5c53ce08a4475b477f;hb=28e4e120b84dacdf53963639f1a8a6fec2793662;hpb=6dd8c51ba7e8ca106ede7ff58b5c507042bbf6eb diff --git a/src/rsa/rsa_i32_pkcs1_sign.c b/src/rsa/rsa_i32_pkcs1_sign.c index c901bad..44b6e6d 100644 --- a/src/rsa/rsa_i32_pkcs1_sign.c +++ b/src/rsa/rsa_i32_pkcs1_sign.c @@ -30,75 +30,8 @@ br_rsa_i32_pkcs1_sign(const unsigned char *hash_oid, const unsigned char *hash, size_t hash_len, const br_rsa_private_key *sk, unsigned char *x) { - size_t u, x3, xlen; - - /* - * Padded hash value has format: - * 00 01 FF .. FF 00 30 x1 30 x2 06 x3 OID 05 00 04 x4 HASH - * - * with the following rules: - * - * -- Total length is equal to the modulus length (unsigned - * encoding). - * - * -- There must be at least eight bytes of value 0xFF. - * - * -- x4 is equal to the hash length (hash_len). - * - * -- x3 is equal to the encoded OID value length (hash_oid[0]). - * - * -- x2 = x3 + 4. - * - * -- x1 = x2 + x4 + 4 = x3 + x4 + 8. - * - * Note: the "05 00" is optional (signatures with and without - * that sequence exist in practice), but notes in PKCS#1 seem to - * indicate that the presence of that sequence (specifically, - * an ASN.1 NULL value for the hash parameters) may be slightly - * more "standard" than the opposite. - */ - xlen = (sk->n_bitlen + 7) >> 3; - - if (hash_oid == NULL) { - if (xlen < hash_len + 11) { - return 0; - } - x[0] = 0x00; - x[1] = 0x01; - u = xlen - hash_len; - memset(x + 2, 0xFF, u - 3); - x[u - 1] = 0x00; - } else { - x3 = hash_oid[0]; - - /* - * Check that there is enough room for all the elements, - * including at least eight bytes of value 0xFF. - */ - if (xlen < (x3 + hash_len + 21)) { - return 0; - } - x[0] = 0x00; - x[1] = 0x01; - u = xlen - x3 - hash_len - 11; - memset(x + 2, 0xFF, u - 2); - x[u] = 0x00; - x[u + 1] = 0x30; - x[u + 2] = x3 + hash_len + 8; - x[u + 3] = 0x30; - x[u + 4] = x3 + 4; - x[u + 5] = 0x06; - memcpy(x + u + 6, hash_oid, x3 + 1); - u += x3 + 7; - x[u ++] = 0x05; - x[u ++] = 0x00; - x[u ++] = 0x04; - x[u ++] = hash_len; + if (!br_rsa_pkcs1_sig_pad(hash_oid, hash, hash_len, sk->n_bitlen, x)) { + return 0; } - memcpy(x + u, hash, hash_len); - - /* - * Do the actual computation. - */ return br_rsa_i32_private(x, sk); }