-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c index 8fb4d17b1c..fee31f55a0 100644 - --- a/lib/libswan/pubkey_rsa.c +++ b/lib/libswan/pubkey_rsa.c @@ -494,7 +494,7 @@ static struct hash_signature RSA_pkcs1_1_5_sign_hash(const struct secret_pubkey_ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash, shunk_t signature, struct pubkey *pubkey, - - const struct hash_desc *unused_hash_algo UNUSED, + const struct hash_desc *hash_alg, diag_t *fatal_diag, struct logger *logger) { @@ -512,58 +512,25 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp LDBG_hunk(logger, *expected_hash); } - - /* - - * Use the same space used by the out going hash. - - */ - - - - SECItem decrypted_signature = { - - .type = siBuffer, - - }; - - - - if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) { - - llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature"); - - return false; - - } - - /* NSS doesn't do const */ - - const SECItem encrypted_signature = { - - .type = siBuffer, - - .data = DISCARD_CONST(unsigned char *, signature.ptr), - - .len = signature.len, - - }; - - - - if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature, - - lsw_nss_get_password_context(logger)) != SECSuccess) { - - SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); - - ldbg(logger, "NSS RSA verify: decrypting signature is failed"); - - *fatal_diag = NULL; - - return false; - - } + SECItem hash_item = + same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer); - - if (LDBGP(DBG_CRYPT, logger)) { - - LLOG_JAMBUF(DEBUG_STREAM, logger, buf) { - - jam_string(buf, "NSS RSA verify: decrypted sig: "); - - jam_nss_secitem(buf, &decrypted_signature); - - } - - } + /* NSS doesn't do const */ + SECItem signature_item = + same_shunk_as_secitem(signature, siBuffer); - - /* - - * Expect the matching hash to appear at the end. See above - - * for length check. It may, or may not, be prefixed by a - - * PKCS#1 1.5 RSA ASN.1 blob. - - */ - - passert(decrypted_signature.len >= expected_hash->len); - - uint8_t *start = (decrypted_signature.data - - + decrypted_signature.len - - - expected_hash->len); - - if (!memeq(start, expected_hash->ptr, expected_hash->len)) { - - ldbg(logger, "RSA Signature NOT verified"); - - SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); + if (VFY_VerifyDigestDirect(&hash_item, + seckey_public, + &signature_item, + /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION, + /*hash algorithm*/hash_alg->nss.oid_tag, + lsw_nss_get_password_context(logger)) != SECSuccess) { + ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed"); *fatal_diag = NULL; return false; } - - SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/); *fatal_diag = NULL; return true; } -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmo8EoITHHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+Uk/D/9YU6mrDAcfUV+pGzcCXsVUg2kJqvUh v4XwecZ/syIzCRtqUq8t2kjqA6/5AF4mI7NzYZvxpsQ2xxJGO6LIcRAkskcVRvmz EMGfdwUhBOPxcIw6sJThzPCCR/VjrhU8SYfRUUU3XcZqOlzNfj7GoWqr7+W90CQ4 CtT9645Wl1mEiEF9LpQU9eNEfTRgEW2UW7IrUhAiQ6FRyCcBaAN3UGlt8yrcRIwx Tjw3CDBmnldHvJMnz0jj7+yDbjrNQ2pjNqvlLf4xPX1ialL0aANFhgWCriiIu5EF bk02rU1YgG8rEoIKMcI1Dmc+XgS+eOOsJSVJFG3HENx+NC4Zf/nwzPTFmvKl9rRT fSIMmNeTmlouDMHVgImfx5K1IILhJjqNGryRgAo/uKcf+0re2OXm406afocAs453 y1AMwsak4yJGO8LsqOuc2q8bUvXIuSzdVpIiGeaWRPHH33LYmJK4YELEgNmWw4T0 +buVQ9ZvBS8/grt76R/aKcUlfpLhSByJjNkc83pA4jINikv/W8jvD36uCBjKNow3 82gQELxQTp4VkXP7RaHIZ2qu93J0RLBeZj+Z6Rz/meIbSnCP3lQ3OPpLmKrLIPmB PLuCx2HyzWGGaXsaymg4Kr9nPEIDuquq4GFU/7+gkoH9Yi2W8Zy+YkX0qyjCCB/d Xne0FfuqerFFvA== =D3KL -----END PGP SIGNATURE-----