if (rsa->pss != NULL) {
const EVP_MD *md = NULL, *mgf1md = NULL;
- int md_nid, mgf1md_nid, saltlen;
+ int md_nid, mgf1md_nid, saltlen, trailerfield;
RSA_PSS_PARAMS_30 pss_params;
- if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &saltlen))
+ if (!rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md,
+ &saltlen, &trailerfield))
goto err;
md_nid = EVP_MD_type(md);
mgf1md_nid = EVP_MD_type(mgf1md);
return 1;
}
-static int rsa_check_parameters(EVP_MD *md, PROV_RSA_CTX *prsactx)
+static int rsa_check_parameters(PROV_RSA_CTX *prsactx)
{
if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
int max_saltlen;
/* See if minimum salt length exceeds maximum possible */
- max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(md);
+ max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(prsactx->md);
if ((RSA_bits(prsactx->rsa) & 0x7) == 1)
max_saltlen--;
- if (prsactx->min_saltlen > max_saltlen) {
+ if (prsactx->min_saltlen < 0 || prsactx->min_saltlen > max_saltlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH);
return 0;
}
if (md == NULL
|| md_nid == NID_undef
|| !rsa_check_padding(md_nid, ctx->pad_mode)
- || !rsa_check_parameters(md, ctx)
|| mdname_len >= sizeof(ctx->mdname)) {
if (md == NULL)
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
prsactx->saltlen = min_saltlen;
return rsa_setup_md(prsactx, mdname, prsactx->propq)
- && rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq);
+ && rsa_setup_mgf1_md(prsactx, mgf1mdname, prsactx->propq)
+ && rsa_check_parameters(prsactx);
}
}
}
if (rsa_pss_restricted(prsactx)) {
- switch (prsactx->saltlen) {
+ switch (saltlen) {
case RSA_PSS_SALTLEN_AUTO:
if (prsactx->operation == EVP_PKEY_OP_VERIFY) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PSS_SALTLEN);
EVP_MD_size(prsactx->md));
return 0;
}
- /* FALLTHRU */
+ break;
default:
if (saltlen >= 0 && saltlen < prsactx->min_saltlen) {
ERR_raise_data(ERR_LIB_PROV,