Coverage Report

Created: 2022-04-27 14:33

/libfido2/src/rs1.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2021 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <openssl/rsa.h>
8
#include <openssl/obj_mac.h>
9
10
#include "fido.h"
11
12
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050200fL
13
static EVP_MD *
14
rs1_get_EVP_MD(void)
15
{
16
        const EVP_MD *from;
17
        EVP_MD *to = NULL;
18
19
        if ((from = EVP_sha1()) != NULL && (to = malloc(sizeof(*to))) != NULL)
20
                memcpy(to, from, sizeof(*to));
21
22
        return (to);
23
}
24
25
static void
26
rs1_free_EVP_MD(EVP_MD *md)
27
{
28
        freezero(md, sizeof(*md));
29
}
30
#elif OPENSSL_VERSION_NUMBER >= 0x30000000
31
static EVP_MD *
32
rs1_get_EVP_MD(void)
33
{
34
        return (EVP_MD_fetch(NULL, "SHA-1", NULL));
35
}
36
37
static void
38
rs1_free_EVP_MD(EVP_MD *md)
39
{
40
        EVP_MD_free(md);
41
}
42
#else
43
static EVP_MD *
44
rs1_get_EVP_MD(void)
45
9
{
46
9
        const EVP_MD *md;
47
48
9
        if ((md = EVP_sha1()) == NULL)
49
0
                return (NULL);
50
51
9
        return (EVP_MD_meth_dup(md));
52
9
}
53
54
static void
55
rs1_free_EVP_MD(EVP_MD *md)
56
10
{
57
10
        EVP_MD_meth_free(md);
58
10
}
59
#endif /* LIBRESSL_VERSION_NUMBER */
60
61
int
62
rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
63
    const fido_blob_t *sig)
64
10
{
65
10
        EVP_PKEY_CTX    *pctx = NULL;
66
10
        EVP_MD          *md = NULL;
67
10
        int              ok = -1;
68
69
10
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
70
1
                fido_log_debug("%s: EVP_PKEY_base_id", __func__);
71
1
                goto fail;
72
1
        }
73
74
9
        if ((md = rs1_get_EVP_MD()) == NULL) {
75
0
                fido_log_debug("%s: rs1_get_EVP_MD", __func__);
76
0
                goto fail;
77
0
        }
78
79
9
        if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL ||
80
9
            EVP_PKEY_verify_init(pctx) != 1 ||
81
9
            EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) != 1 ||
82
9
            EVP_PKEY_CTX_set_signature_md(pctx, md) != 1) {
83
2
                fido_log_debug("%s: EVP_PKEY_CTX", __func__);
84
2
                goto fail;
85
2
        }
86
87
7
        if (EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr,
88
7
            dgst->len) != 1) {
89
6
                fido_log_debug("%s: EVP_PKEY_verify", __func__);
90
6
                goto fail;
91
6
        }
92
93
1
        ok = 0;
94
10
fail:
95
10
        EVP_PKEY_CTX_free(pctx);
96
10
        rs1_free_EVP_MD(md);
97
98
10
        return (ok);
99
1
}