Tolerate DigestInfo with absent parameters in FIPS mode.

diff --git a/CHANGES b/CHANGES
index fafdfde578002986db475a7d89ce5485fb43c7e2..91611826230c961709773e9e7820c513d29583e5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.8e and 0.9.8f-fips  [xx XXX xxxx]
 
+  *) Tolerate DigestInfo structure with absent parameters in FIPS mode
+     (as required by several standards).
+     [Steve Henson]
+
   *) Enhance mkfipsscr.pl to cope with different directory layouts. It now
      relies on the filename and makes no assumptions about the pathname.
      In the case of PSS it scans the file to determine the salt length.

diff --git a/fips-1.0/rsa/fips_rsa_sign.c b/fips-1.0/rsa/fips_rsa_sign.c
index a90da2ebcf69b26f192e61435fb9ba9a68ef2f17..6415b5b48ee9d5e2f14869a4b1664329a4d773b8 100644 (file)
--- a/fips-1.0/rsa/fips_rsa_sign.c
+++ b/fips-1.0/rsa/fips_rsa_sign.c
@@ -69,6 +69,8 @@
  * pregenerated encodings all ASN1 dependencies can be avoided
  */
 
+/* Standard encodings including NULL parameter */
+
 static const unsigned char sha1_bin[] = {
   0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
   0x00, 0x04, 0x14
@@ -94,6 +96,35 @@ static const unsigned char sha512_bin[] = {
   0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
 };
 
+/* Alternate encodings with absent parameters. We don't generate signature
+ * using this format but do tolerate received signatures of this form.
+ */
+
+static unsigned char sha1_nn_bin[] = {
+  0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04,
+  0x14
+};
+
+static unsigned char sha224_nn_bin[] = {
+  0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x04, 0x04, 0x1c
+};
+
+static unsigned char sha256_nn_bin[] = {
+  0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x01, 0x04, 0x20
+};
+
+static unsigned char sha384_nn_bin[] = {
+  0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x02, 0x04, 0x30
+};
+
+static unsigned char sha512_nn_bin[] = {
+  0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x03, 0x04, 0x40
+};
+
 
 static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
        {
@@ -126,6 +157,37 @@ static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
                }
        }
 
+static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *len)
+       {
+       switch (nid)
+               {
+
+               case NID_sha1:
+               *len = sizeof(sha1_nn_bin);
+               return sha1_nn_bin;
+
+               case NID_sha224:
+               *len = sizeof(sha224_nn_bin);
+               return sha224_nn_bin;
+
+               case NID_sha256:
+               *len = sizeof(sha256_nn_bin);
+               return sha256_nn_bin;
+
+               case NID_sha384:
+               *len = sizeof(sha384_nn_bin);
+               return sha384_nn_bin;
+
+               case NID_sha512:
+               *len = sizeof(sha512_nn_bin);
+               return sha512_nn_bin;
+
+               default:
+               return NULL;
+
+               }
+       }
+
 static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
             unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv)
        {
@@ -318,14 +380,18 @@ static int fips_rsa_verify(int dtype,
                /* Compare, DigestInfo length, DigestInfo header and finally
                 * digest value itself
                 */
+
+               /* If length mismatch try alternate encoding */
+               if (i != (int)(dlen + diglen))
+                       der = fips_digestinfo_nn_encoding(dtype, &dlen);
+
                if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen)
                        || memcmp(s + dlen, dig, diglen))
                        {
                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        goto err;
                        }
-               else
-                       ret = 1;
+               ret = 1;
 
                }
        else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)