- Added alternative for SHA1 signature structure to check for (without NULL)
This commit is contained in:
parent
7beceb2e2b
commit
56a7684023
@ -114,6 +114,13 @@
|
||||
ASN1_STR_NULL "\x00" \
|
||||
ASN1_STR_OCTET_STRING "\x14"
|
||||
|
||||
#define ASN1_HASH_SHA1_ALT \
|
||||
ASN1_STR_CONSTRUCTED_SEQUENCE "\x1F" \
|
||||
ASN1_STR_CONSTRUCTED_SEQUENCE "\x07" \
|
||||
ASN1_STR_OID "\x05" \
|
||||
OID_HASH_ALG_SHA1 \
|
||||
ASN1_STR_OCTET_STRING "\x14"
|
||||
|
||||
#define ASN1_HASH_SHA2X \
|
||||
ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \
|
||||
ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \
|
||||
|
@ -860,6 +860,14 @@ int rsa_pkcs1_verify( rsa_context *ctx,
|
||||
|
||||
len = siglen - ( p - buf );
|
||||
|
||||
if( len == 33 && hash_id == SIG_RSA_SHA1 )
|
||||
{
|
||||
if( memcmp( p, ASN1_HASH_SHA1_ALT, 13 ) == 0 &&
|
||||
memcmp( p + 13, hash, 20 ) == 0 )
|
||||
return( 0 );
|
||||
else
|
||||
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
|
||||
}
|
||||
if( len == 34 )
|
||||
{
|
||||
c = p[13];
|
||||
|
Loading…
Reference in New Issue
Block a user