Fixed the verification, so that it corresponds completely with the signature functions (more specifically: the special cases are provided for SHA-1 and MD5 signatures with the RSA_PKCS1_PADDING mechanism)

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1333 c6295689-39f2-0310-b995-f0e70906c6a9
2003-08-05 19:26:07 +00:00 · 2003-08-05 19:26:07 +00:00 · ce51dac5e9
parent 3e1dd82f4f
commit ce51dac5e9
1 changed files with 9 additions and 0 deletions
--- a/src/pkcs11/openssl.c
+++ b/src/pkcs11/openssl.c
@ -306,6 +306,15 @@ CK_RV sc_pkcs11_verify_data(unsigned char *pubkey, int pubkey_len,

 		if (rsa_outlen == data_len && memcmp(rsa_out, data, data_len) == 0)
 			rv = CKR_OK;
+		/* Because the pkcs11 sign functions take input lengths 16 and 20
+		 * in combination with RSA_PKCS1_PADDING as a MD5 resp. SHA-1 hash
+		 * function to which a digestInfo must be added (should be necessary
+		 * for Netscape/Mozilla?), we add this test here as well.
+		 */
+		else if (data_len == 16 && rsa_outlen == 34 && memcmp(rsa_out + 18, data, 16) == 0)
+			rv = CKR_OK;
+		else if (data_len = 20 && rsa_outlen == 35 && memcmp(rsa_out + 15, data, 20) == 0)
+			rv = CKR_OK;
 		else
 			rv = CKR_SIGNATURE_INVALID;