Browse Source

z/OS support: Lengths

Finally returning the correct lengths
master
David Lanzendörfer 12 months ago
parent
commit
7369b91c8e
1 changed files with 27 additions and 37 deletions
  1. +27
    -37
      src/signature.c

+ 27
- 37
src/signature.c View File

@ -167,7 +167,6 @@ rsa_sign(pgp_hash_t *hash,
#elif defined(HAVE_GSKSSL)
gsk_buffer bn;
#endif
if (strcmp(hash->name, "SHA1") == 0) {
hashsize = PGP_SHA1_HASH_SIZE + sizeof(prefix_sha1);
prefix = prefix_sha1;
@ -187,7 +186,7 @@ rsa_sign(pgp_hash_t *hash,
#if defined(HAVE_OPENSSL)
keysize = (BN_num_bits(pubrsa->n) + 7) / 8;
#elif defined(HAVE_GSKSSL)
keysize = ((pubrsa->n.length*8)+7)/8;
keysize = pubrsa->n->length;
#endif
if (keysize > sizeof(hashbuf)) {
@ -232,9 +231,11 @@ rsa_sign(pgp_hash_t *hash,
bn.length=t;
memcpy(bn.data,sigbuf,t);
#endif
pgp_write_mpi(out, bn);
#ifdef HAVE_OPENSSL
pgp_write_mpi(out, &bn);
#if defined(HAVE_OPENSSL)
BN_free(bn);
#elif defined(HAVE_GSKSSL)
gsk_free_buffer(&bn);
#endif
return 1;
}
@ -275,9 +276,12 @@ dsa_sign(pgp_hash_t *hash,
pgp_write_mpi(output, pgpdsasig->r);
pgp_write_mpi(output, pgpdsasig->s);
#ifdef HAVE_OPENSSL
#if defined(HAVE_OPENSSL)
BN_free(pgpdsasig->r);
BN_free(pgpdsasig->s);
#elif defined(HAVE_GSKSSL)
gsk_free_buffer(pgpdsasig->r);
gsk_free_buffer(pgpdsasig->s);
#endif
free(pgpdsasig);
return 1;
@ -302,7 +306,7 @@ rsa_verify(pgp_hash_alg_t type,
#if defined(HAVE_OPENSSL)
keysize = BN_num_bytes(pubrsa->n);
#elif defined(HAVE_GSKSSL)
keysize = pubrsa->n.length;
keysize = pubrsa->n->length;
#endif
/* RSA key can't be bigger than 65535 bits, so... */
if (keysize > sizeof(hashbuf_from_sig)) {
@ -315,23 +319,18 @@ rsa_verify(pgp_hash_alg_t type,
return 0;
}
BN_bn2bin(sig->sig, sigbuf);
n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf,
(unsigned)(BN_num_bits(sig->sig) + 7) / 8, pubrsa);
n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf, (unsigned)(BN_num_bits(sig->sig) + 7) / 8, pubrsa);
#elif defined(HAVE_GSKSSL)
if ((unsigned) sig->sig.length > sizeof(sigbuf)) {
if ((unsigned) sig->sig->length > sizeof(sigbuf)) {
(void) fprintf(stderr, "rsa_verify: numbits too big\n");
return 0;
}
memcpy(sigbuf, sig->sig.data, sig->sig.length);
memcpy(sigbuf, sig->sig->data, sig->sig->length);
memcpy(hashbuf_from_sig, hash, hash_length);
n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf, sig->sig.length, pubrsa);
n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf, sig->sig->length, pubrsa);
#endif
debug_len_decrypted = n;
#if 0
if (n != keysize) {
/* obviously, this includes error returns */
(void) fprintf(stderr, "hashbuf size (%d) != hashsize (%d) \n",n,keysize);
@ -343,7 +342,6 @@ rsa_verify(pgp_hash_alg_t type,
if (hashbuf_from_sig[0] != 0 || hashbuf_from_sig[1] != 1) {
return 0;
}
#endif
switch (type) {
case PGP_HASH_MD5:
@ -368,21 +366,18 @@ rsa_verify(pgp_hash_alg_t type,
}
if (keysize - plen - hash_length < 10) {
printf("%s, %s:%d\n",__FUNCTION__,__FILE__,__LINE__);
return 0;
}
/*for (n = 2; n < keysize - plen - hash_length - 1; ++n) {
for (n = 2; n < keysize - plen - hash_length - 1; ++n) {
if (hashbuf_from_sig[n] != 0xff) {
printf("%s, %s:%d\n",__FUNCTION__,__FILE__,__LINE__);
return 0;
}
}*/
}
/*if (hashbuf_from_sig[n++] != 0) {
printf("%s, %s:%d\n",__FUNCTION__,__FILE__,__LINE__);
if (hashbuf_from_sig[n++] != 0) {
return 0;
}*/
}
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sig hashbuf", hashbuf_from_sig, debug_len_decrypted);
@ -390,9 +385,8 @@ rsa_verify(pgp_hash_alg_t type,
hexdump(stderr, "sig hash", &hashbuf_from_sig[n + plen], hash_length);
hexdump(stderr, "input hash", hash, hash_length);
}
//return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 &&
// memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0);
return 1;
return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 &&
memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0);
}
static void
@ -527,8 +521,8 @@ pgp_check_useridcert_sig(const pgp_pubkey_t *key,
const pgp_sig_t *sig,
const pgp_pubkey_t *signer)
{
pgp_hash_t hash;
size_t userid_len;
pgp_hash_t hash;
size_t userid_len;
userid_len = strlen((const char *) id);
init_key_sig(&hash, sig, key);
@ -558,8 +552,7 @@ pgp_check_userattrcert_sig(const pgp_pubkey_t *key,
const pgp_sig_t *sig,
const pgp_pubkey_t *signer)
{
pgp_hash_t hash;
pgp_hash_t hash;
init_key_sig(&hash, sig, key);
if (sig->info.version == PGP_V4) {
pgp_hash_add_int(&hash, 0xd1, 1);
@ -809,7 +802,7 @@ pgp_write_sig(pgp_output_t *output,
#if defined(HAVE_OPENSSL)
if (seckey->key.rsa.d == NULL) {
#elif defined(HAVE_GSKSSL)
if (seckey->key.rsa.d.length == 0) {
if (seckey->key.rsa.d->length == 0) {
#endif
(void) fprintf(stderr, "pgp_write_sig: null rsa.d\n");
return 0;
@ -820,7 +813,7 @@ pgp_write_sig(pgp_output_t *output,
#if defined(HAVE_OPENSSL)
if (seckey->key.dsa.x == NULL) {
#elif defined(HAVE_GSKSSL)
if (seckey->key.dsa.x.length == 0) {
if (seckey->key.dsa.x->length == 0) {
#endif
(void) fprintf(stderr, "pgp_write_sig: null dsa.x\n");
return 0;
@ -1007,12 +1000,9 @@ pgp_add_key_features(pgp_create_sig_t *sig)
*/
unsigned
pgp_add_issuer_keyid(pgp_create_sig_t *sig,
const uint8_t keyid[PGP_KEY_ID_SIZE])
pgp_add_issuer_keyid(pgp_create_sig_t *sig, const uint8_t keyid[PGP_KEY_ID_SIZE])
{
return pgp_write_ss_header(sig->output, PGP_KEY_ID_SIZE + 1,
PGP_PTAG_SS_ISSUER_KEY_ID) &&
pgp_write(sig->output, keyid, PGP_KEY_ID_SIZE);
return pgp_write_ss_header(sig->output, PGP_KEY_ID_SIZE + 1, PGP_PTAG_SS_ISSUER_KEY_ID) && pgp_write(sig->output, keyid, PGP_KEY_ID_SIZE);
}
/**


Loading…
Cancel
Save