AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove signature verification from rsa_rsassa_pkcs1_v15_sign

Browse Source 
This verification path is redundant now that verification is uniformly done in
rsa_private.
This commit is contained in:
Hanno Becker 2017-08-25 11:51:03 +01:00
parent 43f94721ab
commit cc209ca56d
1 changed files with 1 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
library/rsa.c
View File

@ -1311,42 +1311,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
if( mode == MBEDTLS_RSA_PUBLIC ) if( mode == MBEDTLS_RSA_PUBLIC )
return( mbedtls_rsa_public( ctx, sig, sig ) ); return( mbedtls_rsa_public( ctx, sig, sig ) );
/* return( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
* In order to prevent Lenstra's attack, make the signature in a
* temporary buffer and check it before returning it.
*/
sig_try = mbedtls_calloc( 1, ctx->len );
if( sig_try == NULL )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
verif = mbedtls_calloc( 1, ctx->len );
if( verif == NULL )
{
mbedtls_free( sig_try );
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
}
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
/* Compare in constant time just in case */
for( diff = 0, i = 0; i < ctx->len; i++ )
diff |= verif[i] ^ sig[i];
diff_no_optimize = diff;
if( diff_no_optimize != 0 )
{
ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
goto cleanup;
}
memcpy( sig, sig_try, ctx->len );
cleanup:
mbedtls_free( sig_try );
mbedtls_free( verif );
return( ret );
} }
#endif /* MBEDTLS_PKCS1_V15 */ #endif /* MBEDTLS_PKCS1_V15 */