From 0bd8137e68c201b6c2290710e348aaf57efa2b2e Mon Sep 17 00:00:00 2001 From: Vitezslav Cizek Date: Fri, 30 Oct 2015 17:34:04 +0100 Subject: cipher: Add option to specify salt length for PSS verification. * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for salt-length token. -- Add possibility to use a different salt length for RSASSA-PSS verification instead of the default 20. Signed-off-by: Vitezslav Cizek Additional changes by wk: - Detect overlong salt-length - Release LIST on error. Signed-off-by: Werner Koch --- cipher/pubkey-util.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 76d39232..c40ef977 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -665,7 +665,7 @@ _gcry_pk_util_free_encoding_ctx (struct pk_encoding_ctx *ctx) LABEL is specific to OAEP. - SALT-LENGTH is for PSS. + SALT-LENGTH is for PSS it is limited to 16384 bytes. RANDOM-OVERRIDE is used to replace random nonces for regression testing. */ @@ -1068,6 +1068,31 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, rc = GPG_ERR_DIGEST_ALGO; else { + gcry_sexp_t list; + /* Get SALT-LENGTH. */ + list = sexp_find_token (ldata, "salt-length", 0); + if (list) + { + unsigned long ul; + + s = sexp_nth_data (list, 1, &n); + if (!s) + { + rc = GPG_ERR_NO_OBJ; + sexp_release (list); + goto leave; + } + ul = strtoul (s, NULL, 10); + if (ul > 16384) + { + rc = GPG_ERR_TOO_LARGE; + sexp_release (list); + goto leave; + } + ctx->saltlen = ul; + sexp_release (list); + } + *ret_mpi = sexp_nth_mpi (lhash, 2, GCRYMPI_FMT_USG); if (!*ret_mpi) rc = GPG_ERR_INV_OBJ; -- cgit v1.2.1