Skip to content

Commit 40bcb96

Browse files
uenoueno
committed
Stop using RSA_* functions for signatures
For creating and verifying PKCS#1 v1.5 signatures in a pre-hashed manner, we used the legacy RSA_sign and RSA_verify functions, which bypass the system-wide disablement of SHA-1 and shorter RSA key length usage inconsistently with the OpenSSL 3.0 default on RHEL. This switches to using our _goboringcrypto_EVP_{sign,verify}_raw, which internally use EVP_PKEY_ functions. Signed-off-by: Daiki Ueno <[email protected]>
1 parent 5e3abca commit 40bcb96

File tree

4 files changed

+191
-57
lines changed

4 files changed

+191
-57
lines changed

openssl/goopenssl.h

Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -554,14 +554,14 @@ DEFINEFUNC(int, EVP_DigestVerifyFinal,
554554

555555
typedef RSA GO_RSA;
556556
int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey);
557-
int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
558-
size_t msgLen, uint8_t *sig, size_t *slen,
559-
GO_RSA *key);
557+
int _goboringcrypto_EVP_sign_raw(EVP_MD *md, const uint8_t *msg, size_t msgLen,
558+
uint8_t *sig, size_t *slen,
559+
GO_RSA *key);
560560

561561
int _goboringcrypto_EVP_verify(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, EVP_PKEY *key);
562-
int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
563-
const uint8_t *sig, unsigned int slen,
564-
GO_RSA *key);
562+
int _goboringcrypto_EVP_verify_raw(EVP_MD *md, const uint8_t *msg, size_t msgLen,
563+
const uint8_t *sig, unsigned int slen,
564+
GO_RSA *key);
565565

566566
#if OPENSSL_VERSION_NUMBER < 0x10100000L
567567
DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx))
@@ -585,18 +585,6 @@ int _goboringcrypto_EVP_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int
585585

586586
DEFINEFUNC(GO_RSA *, RSA_new, (void), ())
587587
DEFINEFUNC(void, RSA_free, (GO_RSA * arg0), (arg0))
588-
DEFINEFUNC(int, RSA_private_encrypt,
589-
(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding),
590-
(flen, from, to, rsa, padding))
591-
DEFINEFUNC(int, RSA_public_decrypt,
592-
(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding),
593-
(flen, from, to, rsa, padding))
594-
DEFINEFUNC(int, RSA_sign,
595-
(int arg0, const uint8_t *arg1, unsigned int arg2, uint8_t *arg3, unsigned int *arg4, GO_RSA *arg5),
596-
(arg0, arg1, arg2, arg3, arg4, arg5))
597-
DEFINEFUNC(int, RSA_verify,
598-
(int arg0, const uint8_t *arg1, unsigned int arg2, const uint8_t *arg3, unsigned int arg4, GO_RSA *arg5),
599-
(arg0, arg1, arg2, arg3, arg4, arg5))
600588
DEFINEFUNC(int, RSA_generate_key_ex,
601589
(GO_RSA * arg0, int arg1, GO_BIGNUM *arg2, GO_BN_GENCB *arg3),
602590
(arg0, arg1, arg2, arg3))

openssl/openssl_evp.c

Lines changed: 31 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -38,19 +38,29 @@ int _goboringcrypto_EVP_sign(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
3838
return ret;
3939
}
4040

41-
int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
42-
size_t msgLen, uint8_t *sig, size_t *slen,
43-
GO_RSA *rsa_key) {
41+
int _goboringcrypto_EVP_sign_raw(EVP_MD *md, const uint8_t *msg,
42+
size_t msgLen, uint8_t *sig, size_t *slen,
43+
GO_RSA *rsa_key) {
4444
int ret = 0;
45-
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
45+
GO_EVP_PKEY_CTX *ctx = NULL;
46+
GO_EVP_PKEY *pk = NULL;
47+
48+
pk = _goboringcrypto_EVP_PKEY_new();
49+
if (!pk)
50+
goto err;
51+
4652
_goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
4753

48-
if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
54+
ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL);
55+
if (!ctx)
4956
goto err;
5057

5158
if (1 != _goboringcrypto_EVP_PKEY_sign_init(ctx))
5259
goto err;
5360

61+
if (md && 1 != _goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md))
62+
goto err;
63+
5464
if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
5565
goto err;
5666

@@ -96,21 +106,31 @@ int _goboringcrypto_EVP_verify(EVP_MD *md, EVP_PKEY_CTX *ctx,
96106
return ret;
97107
}
98108

99-
int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
100-
const uint8_t *sig, unsigned int slen,
101-
GO_RSA *rsa_key) {
109+
int _goboringcrypto_EVP_verify_raw(EVP_MD *md,
110+
const uint8_t *msg, size_t msgLen,
111+
const uint8_t *sig, unsigned int slen,
112+
GO_RSA *rsa_key) {
102113

103114
int ret = 0;
104-
EVP_PKEY_CTX *ctx;
105-
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
115+
GO_EVP_PKEY_CTX *ctx = NULL;
116+
GO_EVP_PKEY *pk = NULL;
117+
118+
pk = _goboringcrypto_EVP_PKEY_new();
119+
if (!pk)
120+
goto err;
121+
106122
_goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
107123

108-
if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
124+
ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL);
125+
if (!ctx)
109126
goto err;
110127

111128
if (1 != _goboringcrypto_EVP_PKEY_verify_init(ctx))
112129
goto err;
113130

131+
if (md && 1 != _goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md))
132+
goto err;
133+
114134
if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
115135
goto err;
116136

openssl/rsa.go

Lines changed: 12 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -302,7 +302,7 @@ func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen
302302

303303
func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed bool) ([]byte, error) {
304304
if h == 0 && ExecutingTest() {
305-
return signRSAPKCS1v15Raw(priv, msg, C._goboringcrypto_EVP_md_null())
305+
return signRSAPKCS1v15Raw(priv, msg, nil)
306306
}
307307

308308
md := cryptoHashToMD(h)
@@ -311,24 +311,15 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
311311
}
312312

313313
if msgIsHashed {
314-
var out []byte
315-
var outLen C.uint
316-
PanicIfStrictFIPS("You must provide a raw unhashed message for PKCS1v15 signing and use HashSignPKCS1v15 instead of SignPKCS1v15")
317-
nid := C._goboringcrypto_EVP_MD_type(md)
318-
if priv.withKey(func(key *C.GO_RSA) C.int {
319-
out = make([]byte, C._goboringcrypto_RSA_size(key))
320-
return C._goboringcrypto_RSA_sign(nid, base(msg), C.uint(len(msg)), base(out), &outLen, key)
321-
}) == 0 {
322-
return nil, NewOpenSSLError("RSA_sign")
323-
}
324-
runtime.KeepAlive(priv)
325-
return out[:outLen], nil
314+
return signRSAPKCS1v15Raw(priv, msg, md)
326315
}
327316

328317
var out []byte
329318
var outLen C.size_t
330319

331320
if priv.withKey(func(key *C.GO_RSA) C.int {
321+
out = make([]byte, C._goboringcrypto_RSA_size(key))
322+
outLen = C.size_t(len(out))
332323
return C._goboringcrypto_EVP_RSA_sign(md, base(msg), C.uint(len(msg)), base(out), &outLen, key)
333324
}) == 0 {
334325
return nil, NewOpenSSLError("RSA_sign")
@@ -344,7 +335,7 @@ func signRSAPKCS1v15Raw(priv *PrivateKeyRSA, msg []byte, md *C.GO_EVP_MD) ([]byt
344335
if priv.withKey(func(key *C.GO_RSA) C.int {
345336
out = make([]byte, C._goboringcrypto_RSA_size(key))
346337
outLen = C.size_t(len(out))
347-
return C._goboringcrypto_EVP_sign_raw(md, nil, base(msg),
338+
return C._goboringcrypto_EVP_sign_raw(md, base(msg),
348339
C.size_t(len(msg)), base(out), &outLen, key)
349340
}) == 0 {
350341
return nil, NewOpenSSLError("RSA_sign")
@@ -355,14 +346,18 @@ func signRSAPKCS1v15Raw(priv *PrivateKeyRSA, msg []byte, md *C.GO_EVP_MD) ([]byt
355346

356347
func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte, msgIsHashed bool) error {
357348
if h == 0 && ExecutingTest() {
358-
return verifyRSAPKCS1v15Raw(pub, msg, sig)
349+
return verifyRSAPKCS1v15Raw(pub, msg, sig, nil)
359350
}
360351

361352
md := cryptoHashToMD(h)
362353
if md == nil {
363354
return errors.New("crypto/rsa: unsupported hash function")
364355
}
365356

357+
if msgIsHashed {
358+
return verifyRSAPKCS1v15Raw(pub, msg, sig, md)
359+
}
360+
366361
if pub.withKey(func(key *C.GO_RSA) C.int {
367362
size := int(C._goboringcrypto_RSA_size(key))
368363
if len(sig) < size {
@@ -373,17 +368,6 @@ func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte, msgIsH
373368
return errors.New("crypto/rsa: verification error")
374369
}
375370

376-
if msgIsHashed {
377-
PanicIfStrictFIPS("You must provide a raw unhashed message for PKCS1v15 verification and use HashVerifyPKCS1v15 instead of VerifyPKCS1v15")
378-
nid := C._goboringcrypto_EVP_MD_type(md)
379-
if pub.withKey(func(key *C.GO_RSA) C.int {
380-
return C._goboringcrypto_RSA_verify(nid, base(msg), C.uint(len(msg)), base(sig), C.uint(len(sig)), key)
381-
}) == 0 {
382-
return NewOpenSSLError("RSA_verify failed")
383-
}
384-
return nil
385-
}
386-
387371
if pub.withKey(func(key *C.GO_RSA) C.int {
388372
return C._goboringcrypto_EVP_RSA_verify(md, base(msg), C.uint(len(msg)), base(sig), C.uint(len(sig)), key)
389373
}) == 0 {
@@ -392,7 +376,7 @@ func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte, msgIsH
392376
return nil
393377
}
394378

395-
func verifyRSAPKCS1v15Raw(pub *PublicKeyRSA, msg, sig []byte) error {
379+
func verifyRSAPKCS1v15Raw(pub *PublicKeyRSA, msg, sig []byte, md *C.GO_EVP_MD) error {
396380
if pub.withKey(func(key *C.GO_RSA) C.int {
397381
size := int(C._goboringcrypto_RSA_size(key))
398382
if len(sig) < size {
@@ -403,7 +387,7 @@ func verifyRSAPKCS1v15Raw(pub *PublicKeyRSA, msg, sig []byte) error {
403387
return errors.New("crypto/rsa: verification error")
404388
}
405389
if pub.withKey(func(key *C.GO_RSA) C.int {
406-
return C._goboringcrypto_EVP_verify_raw(base(msg), C.size_t(len(msg)), base(sig), C.uint(len(sig)), key)
390+
return C._goboringcrypto_EVP_verify_raw(md, base(msg), C.size_t(len(msg)), base(sig), C.uint(len(sig)), key)
407391
}) == 0 {
408392
return NewOpenSSLError("RSA_verify failed")
409393
}

openssl/rsa_test.go

Lines changed: 142 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,142 @@
1+
//go:build linux && !android
2+
// +build linux,!android
3+
4+
package openssl_test
5+
6+
import (
7+
"bytes"
8+
"crypto"
9+
"encoding/hex"
10+
"github.com/golang-fips/openssl-fips/openssl"
11+
"github.com/golang-fips/openssl-fips/openssl/bbig"
12+
"math/big"
13+
"testing"
14+
)
15+
16+
func fromBase16(base16 string) openssl.BigInt {
17+
i, ok := new(big.Int).SetString(base16, 16)
18+
if !ok {
19+
panic("bad number: " + base16)
20+
}
21+
return bbig.Enc(i)
22+
}
23+
24+
type PrivateKey struct {
25+
N openssl.BigInt
26+
E openssl.BigInt
27+
D openssl.BigInt
28+
P openssl.BigInt
29+
Q openssl.BigInt
30+
Dp openssl.BigInt
31+
Dq openssl.BigInt
32+
Qinv openssl.BigInt
33+
}
34+
35+
// This is taken from the following key:
36+
//
37+
// -----BEGIN RSA TESTING KEY-----
38+
// MIIEogIBAAKCAQEAp5qgUIj096pw8U+AjcJucLWenR3oe+tEthXiAuqcYgslW5UU
39+
// lMim34U/h7NbLvbG2KJ2chUsmLtuCFaoIe/YKW5DKm3SPytK/KCBsVa+MQ7zuF/1
40+
// ks5p7yBqFBl6QTekMzwskt/zyDIG9f3A+38akruHNBvUgYqwbWPx4ycclQ52GSev
41+
// /Cfx0I68TGT5SwN/eCJ/ghq3iGAf0mX1bkVaW1seKbL49aAA94KnDCRdl813+S2R
42+
// EPDf2tZwlT0JpZm5QtAqthonZjkjHocZNxhkKF3XWUntE/+l6R4A+CWZlC2vmUc1
43+
// hJTEraksy2JUIjxAaq//FnDpIEVG/N2ofmNpaQIDAQABAoIBAAYH7h9fwkLcNvqz
44+
// 8+oF9k/ndSjtr9UvstYDhRG6S/zKLmK0g1xUOQ7/fjj9lvkiZ6bZd74krWlkizHR
45+
// HnU0KnjZLyEKeR+NSQI8q1YMi0T8JwB6MX3CIDU62x5UiV3p6OZwEqGJXf4U8MOu
46+
// ySAzo2rmxRd2reeobC9Pgp98I47oeqaSRwFVZRPfKk5RvfI7KRmL58BAB0XS56PA
47+
// PJ+3l0fB/oIV11iaBEKildxLDtrvlepQ2KPNf7Dpk0/CPRtS/jxyxIyML8tjR3F0
48+
// KuHplsRjTANyzW/aHddO1fnfnXsVo+0PzSPTHCbxKSu5XmChqsKoB1jM+/tJci4y
49+
// ST5hUXUCgYEAzfA5XEMkR/NNJMfR+FBbdfpQ1b0wqH3qtWZx/tBjKC2Y0XnDQ8ZR
50+
// SEWONLVZMRtTlJaHIPZ9i6anQRR5harrff0OpsKiJUGDout8ehE6eiN8ABWGNlCI
51+
// AiLCerVJZMDcSuDU7xsdHVIdSxYh88Z9g54vUQ4214BG/G0Qm1emV3UCgYEA0FjP
52+
// wq5cEGt9xDCg+oXk0bLm4Wn4FkabJH7M+oCosHHY9W1vgvv50bpNoAbaB5r1mlan
53+
// T6gEtkQPB2juMTnuIwRL+kvOmSKqZGlAsyrq8smTuBUv7brbybkYN3Rg51KV6u1J
54+
// vCdGpMYWHUNRkkQ88cr6iFPodYU+CzRR4ABif6UCgYBc0jDYb/7TW0tjD5mJJZcD
55+
// xw5WOE7NMuvuVT1+T6jRvDOL/yjOzH1oaMle4npQEvQKHgrMBa2ymyv5vmPDprU7
56+
// 9Sp8aW+yASR281MIpelIkePbGdiDdKrI46fqrPlmqzLfoRT4rKzjwVYouNIW0VlT
57+
// UKIdE54OZegY8IOysL/t3QKBgDZnSnECiIW9G80UCaUBO3vKZGFuA1sFutMvzSSI
58+
// XgQc5lNH7TtdwqESLdzgjSQ5QXK4t92j+P8DDI2Zx8DQ6K76G0DTdLImDCpGFZ/z
59+
// UABvxIPn/GjuRyAIlhs852Tf+seqiHt6Igc6tmGTx4QTD3rvzrW0e1ncnhPc6Jg+
60+
// YXoFAoGARD9OPrd4J2N+nkSWif9VOuPHvOXEczwBDJbsAGrOW1kTbDStF0OIVOt0
61+
// Ukj+mnnL8ZNyVLgTrZDRfXvlA94EbPK5/rMAYwjMlXHP8R22ts3eDMNUdw0/Zl1g
62+
// QOhL8wXZcdwHKsONy55kZHo8pmneqi9EnqqLGguLwx5WIMzWvZ8=
63+
// -----END RSA TESTING KEY-----
64+
//
65+
// After changing "TESTING" to "PRIVATE", do:
66+
//
67+
// openssl pkey -in key.pem -text
68+
//
69+
var privateKey = &PrivateKey{
70+
N: fromBase16("00a79aa05088f4f7aa70f14f808dc26e70b59e9d1de87beb44b615e202ea9c620b255b951494c8a6df853f87b35b2ef6c6d8a27672152c98bb6e0856a821efd8296e432a6dd23f2b4afca081b156be310ef3b85ff592ce69ef206a14197a4137a4333c2c92dff3c83206f5fdc0fb7f1a92bb87341bd4818ab06d63f1e3271c950e761927affc27f1d08ebc4c64f94b037f78227f821ab788601fd265f56e455a5b5b1e29b2f8f5a000f782a70c245d97cd77f92d9110f0dfdad670953d09a599b942d02ab61a276639231e8719371864285dd75949ed13ffa5e91e00f82599942daf9947358494c4ada92ccb6254223c406aafff1670e9204546fcdda87e636969"),
71+
E: fromBase16("10001"),
72+
D: fromBase16("0607ee1f5fc242dc36fab3f3ea05f64fe77528edafd52fb2d6038511ba4bfcca2e62b4835c54390eff7e38fd96f92267a6d977be24ad69648b31d11e75342a78d92f210a791f8d49023cab560c8b44fc27007a317dc220353adb1e54895de9e8e67012a1895dfe14f0c3aec92033a36ae6c51776ade7a86c2f4f829f7c238ee87aa6924701556513df2a4e51bdf23b29198be7c0400745d2e7a3c03c9fb79747c1fe8215d7589a0442a295dc4b0edaef95ea50d8a3cd7fb0e9934fc23d1b52fe3c72c48c8c2fcb634771742ae1e996c4634c0372cd6fda1dd74ed5f9df9d7b15a3ed0fcd23d31c26f1292bb95e60a1aac2a80758ccfbfb49722e32493e615175"),
73+
P: fromBase16("00cdf0395c432447f34d24c7d1f8505b75fa50d5bd30a87deab56671fed063282d98d179c343c65148458e34b559311b5394968720f67d8ba6a741147985aaeb7dfd0ea6c2a2254183a2eb7c7a113a7a237c0015863650880222c27ab54964c0dc4ae0d4ef1b1d1d521d4b1621f3c67d839e2f510e36d78046fc6d109b57a65775"),
74+
Q: fromBase16("00d058cfc2ae5c106b7dc430a0fa85e4d1b2e6e169f816469b247eccfa80a8b071d8f56d6f82fbf9d1ba4da006da079af59a56a74fa804b6440f0768ee3139ee23044bfa4bce9922aa646940b32aeaf2c993b8152fedbadbc9b918377460e75295eaed49bc2746a4c6161d435192443cf1cafa8853e875853e0b3451e000627fa5"),
75+
Dp: fromBase16("5cd230d86ffed35b4b630f9989259703c70e56384ecd32ebee553d7e4fa8d1bc338bff28cecc7d6868c95ee27a5012f40a1e0acc05adb29b2bf9be63c3a6b53bf52a7c696fb2012476f35308a5e94891e3db19d88374aac8e3a7eaacf966ab32dfa114f8acace3c15628b8d216d1595350a21d139e0e65e818f083b2b0bfeddd"),
76+
Dq: fromBase16("36674a71028885bd1bcd1409a5013b7bca64616e035b05bad32fcd24885e041ce65347ed3b5dc2a1122ddce08d24394172b8b7dda3f8ff030c8d99c7c0d0e8aefa1b40d374b2260c2a46159ff350006fc483e7fc68ee472008961b3ce764dffac7aa887b7a22073ab66193c784130f7aefceb5b47b59dc9e13dce8983e617a05"),
77+
Qinv: fromBase16("443f4e3eb77827637e9e449689ff553ae3c7bce5c4733c010c96ec006ace5b59136c34ad17438854eb745248fe9a79cbf1937254b813ad90d17d7be503de046cf2b9feb3006308cc9571cff11db6b6cdde0cc354770d3f665d6040e84bf305d971dc072ac38dcb9e64647a3ca669deaa2f449eaa8b1a0b8bc31e5620ccd6bd9f"),
78+
}
79+
80+
// These vectors have been tested with
81+
//
82+
// `openssl rsautl -verify -inkey pk -in signature | hexdump -C`
83+
var signPKCS1v15Tests = []struct {
84+
in string
85+
out string
86+
h crypto.Hash
87+
}{
88+
{"Test.\n", "0c7da2fe34372c9e433ca668b6edf4cd7f7eb29f11c11c44d99cb6dc6fe4344cc656075015de6d0249d25b6e01bf22276e9f97f6e64f5905ce96cfc69e3c30e3813eb80553b1e53993482b97c920d030e1daf6c5f11f532a166a4b4aea34c6f8ed5579ccf6bfd5e20250d1979e97c358363da8ae15a095f07e9c54bfb948a94a75a6c8a0cbe4b9970d780ddf49369b2f134915e9a8ccf20e7b07981d0b95978630ee754f20bad163cdcff8c56c9bc66fd1060961779f1554894597086477d15346955d1a1c67d9718c4d25d840cf83fe203fd4e5681fc388a0395b79b94b1ade281f3682fb08a02ed6fa209caf489e9ccf501a86e99a36737b241c1e8ab2c2a4", crypto.SHA256},
89+
}
90+
91+
func TestPKCS1v15(t *testing.T) {
92+
pub, err := openssl.NewPublicKeyRSA(
93+
privateKey.N,
94+
privateKey.E,
95+
)
96+
if err != nil {
97+
t.Errorf("error in openssl.NewPublicKeyRSA: %s", err)
98+
}
99+
100+
priv, err := openssl.NewPrivateKeyRSA(
101+
privateKey.N,
102+
privateKey.E,
103+
privateKey.D,
104+
privateKey.P,
105+
privateKey.Q,
106+
privateKey.Dp,
107+
privateKey.Dq,
108+
privateKey.Qinv,
109+
)
110+
if err != nil {
111+
t.Errorf("error in openssl.NewPrivateKeyRSA: %s", err)
112+
}
113+
114+
for i, test := range signPKCS1v15Tests {
115+
for _, msgIsHashed := range []bool{true, false} {
116+
var msg []byte
117+
if msgIsHashed {
118+
h := test.h.New()
119+
h.Write([]byte(test.in))
120+
msg = h.Sum(nil)
121+
} else {
122+
msg = make([]byte, len(test.in))
123+
copy(msg, []byte(test.in))
124+
}
125+
126+
s, err := openssl.SignRSAPKCS1v15(priv, test.h, msg, msgIsHashed)
127+
if err != nil {
128+
t.Errorf("#%d %s", i, err)
129+
}
130+
131+
expected, _ := hex.DecodeString(test.out)
132+
if !bytes.Equal(s, expected) {
133+
t.Errorf("#%d got: %x want: %x", i, s, expected)
134+
}
135+
136+
err = openssl.VerifyRSAPKCS1v15(pub, test.h, msg, s, msgIsHashed)
137+
if err != nil {
138+
t.Errorf("#%d %s", i, err)
139+
}
140+
}
141+
}
142+
}

0 commit comments

Comments
 (0)