Mercurial > dropbear

diff libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c @ 1511:5916af64acd4 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge from main
author Matt Johnston <matt@ucc.asn.au>
date Sat, 17 Feb 2018 19:29:51 +0800
parents 6dba84798cd5
children
line wrap: on
line diff
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c	Tue Jan 23 23:27:40 2018 +0800
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c	Sat Feb 17 19:29:51 2018 +0800
@@ -5,20 +5,18 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 
-/** 
+/**
   @file pkcs_1_pss_decode.c
-  LTC_PKCS #1 PSS Signature Padding, Tom St Denis 
+  PKCS #1 PSS Signature Padding, Tom St Denis
 */
 
 #ifdef LTC_PKCS_1
 
 /**
-   LTC_PKCS #1 v2.00 PSS decode
+   PKCS #1 v2.00 PSS decode
    @param  msghash         The hash to verify
    @param  msghashlen      The length of the hash (octets)
    @param  sig             The signature data (encoded data)
@@ -51,11 +49,12 @@
    }
 
    hLen        = hash_descriptor[hash_idx].hashsize;
+   modulus_bitlen--;
    modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0);
 
    /* check sizes */
-   if ((saltlen > modulus_len) || 
-       (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) {
+   if ((saltlen > modulus_len) ||
+       (modulus_len < hLen + saltlen + 2)) {
       return CRYPT_PK_INVALID_SIZE;
    }
 
@@ -93,10 +92,10 @@
 
    /* copy out the hash */
    XMEMCPY(hash, sig + x, hLen);
-   x += hLen;
+   /* x += hLen; */
 
    /* check the MSB */
-   if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) {
+   if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen)))) != 0) {
       err = CRYPT_INVALID_PACKET;
       goto LBL_ERR;
    }
@@ -110,9 +109,9 @@
    for (y = 0; y < (modulus_len - hLen - 1); y++) {
       DB[y] ^= mask[y];
    }
-   
+
    /* now clear the first byte [make sure smaller than modulus] */
-   DB[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1));
+   DB[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen));
 
    /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */
 
@@ -149,17 +148,17 @@
    }
 
    /* mask == hash means valid signature */
-   if (XMEMCMP(mask, hash, hLen) == 0) {
+   if (XMEM_NEQ(mask, hash, hLen) == 0) {
       *res = 1;
    }
 
    err = CRYPT_OK;
 LBL_ERR:
 #ifdef LTC_CLEAN_STACK
-   zeromem(DB,   modulus_len);   
-   zeromem(mask, modulus_len);   
-   zeromem(salt, modulus_len);   
-   zeromem(hash, modulus_len);   
+   zeromem(DB,   modulus_len);
+   zeromem(mask, modulus_len);
+   zeromem(salt, modulus_len);
+   zeromem(hash, modulus_len);
 #endif
 
    XFREE(hash);
@@ -172,6 +171,6 @@
 
 #endif /* LTC_PKCS_1 */
 
-/* $Source$ */
-/* $Revision$ */
-/* $Date$ */
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */