From ce51dac5e944069a5e26205659d8426dbcfe7087 Mon Sep 17 00:00:00 2001 From: sth Date: Tue, 5 Aug 2003 19:26:07 +0000 Subject: [PATCH] Fixed the verification, so that it corresponds completely with the signature functions (more specifically: the special cases are provided for SHA-1 and MD5 signatures with the RSA_PKCS1_PADDING mechanism) git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1333 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/pkcs11/openssl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/pkcs11/openssl.c b/src/pkcs11/openssl.c index 7dc9e4ab..1fc0fb7f 100644 --- a/src/pkcs11/openssl.c +++ b/src/pkcs11/openssl.c @@ -306,6 +306,15 @@ CK_RV sc_pkcs11_verify_data(unsigned char *pubkey, int pubkey_len, if (rsa_outlen == data_len && memcmp(rsa_out, data, data_len) == 0) rv = CKR_OK; + /* Because the pkcs11 sign functions take input lengths 16 and 20 + * in combination with RSA_PKCS1_PADDING as a MD5 resp. SHA-1 hash + * function to which a digestInfo must be added (should be necessary + * for Netscape/Mozilla?), we add this test here as well. + */ + else if (data_len == 16 && rsa_outlen == 34 && memcmp(rsa_out + 18, data, 16) == 0) + rv = CKR_OK; + else if (data_len = 20 && rsa_outlen == 35 && memcmp(rsa_out + 15, data, 20) == 0) + rv = CKR_OK; else rv = CKR_SIGNATURE_INVALID;