summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2021-02-08 12:48:09 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2021-02-08 12:48:09 +0700
commit419fa28b90aec2d8ea3d022a3e72e9e67acb1ace (patch)
tree5b3bf0e6171837320e92f3b72c8790aff60667b0 /crypto/src
parentMerge branch 'fedelippo-bug-sign-alg' into master (diff)
downloadBouncyCastle.NET-ed25519-419fa28b90aec2d8ea3d022a3e72e9e67acb1ace.tar.xz
Fix CMS RSASSA-PSS verification when no signed attrs
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/cms/SignerInformation.cs40


1 files changed, 22 insertions, 18 deletions
diff --git a/crypto/src/cms/SignerInformation.cs b/crypto/src/cms/SignerInformation.cs

index e8988902b..f6cfd8602 100644
--- a/crypto/src/cms/SignerInformation.cs
+++ b/crypto/src/cms/SignerInformation.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections;
-using System.Diagnostics;
 using System.IO;
 
 using Org.BouncyCastle.Asn1;
@@ -350,14 +349,22 @@ namespace Org.BouncyCastle.Cms
 
                     IDigest pssDigest = DigestUtilities.GetDigest(pss.HashAlgorithm.Algorithm);
                     int saltLength = pss.SaltLength.IntValueExact;
-                    byte trailerField = (byte)pss.TrailerField.IntValueExact;
 
-					// RFC 4055 3.1
-					// The value MUST be 1, which represents the trailer field with hexadecimal value 0xBC
-					if (trailerField != 1)
+                    // RFC 4055 3.1
+                    // The value MUST be 1, which represents the trailer field with hexadecimal value 0xBC
+                    if (!Asn1.Pkcs.RsassaPssParameters.DefaultTrailerField.Equals(pss.TrailerField))
 						throw new CmsException("RSASSA-PSS signature parameters must have trailerField of 1");
 
-					sig = new PssSigner(new RsaBlindedEngine(), pssDigest, saltLength);
+					IAsymmetricBlockCipher rsa = new RsaBlindedEngine();
+
+					if (signedAttributeSet == null && digestCalculator != null)
+					{
+                        sig = PssSigner.CreateRawSigner(rsa, pssDigest, pssDigest, saltLength, PssSigner.TrailerImplicit);
+                    }
+                    else
+					{
+						sig = new PssSigner(rsa, pssDigest, saltLength);
+					}
 				}
 				catch (Exception e)
 				{
@@ -481,8 +488,15 @@ namespace Org.BouncyCastle.Cms
 				{
 					if (digestCalculator != null)
 					{
-						// need to decrypt signature and check message bytes
-						return VerifyDigest(resultDigest, key, this.GetSignature());
+						if (sig is PssSigner)
+						{
+							sig.BlockUpdate(resultDigest, 0, resultDigest.Length);
+						}
+						else
+						{
+							// need to decrypt signature and check message bytes
+							return VerifyDigest(resultDigest, key, this.GetSignature());
+						}
 					}
 					else if (content != null)
 					{
@@ -578,16 +592,6 @@ namespace Org.BouncyCastle.Cms
 
 					return Arrays.ConstantTimeAreEqual(digest, sigHash);
 				}
-				else if (algorithm.Equals("RSAandMGF1"))
-				{
-					ISigner sig = SignerUtilities.GetSigner("NONEWITHRSAPSS");
-
-					sig.Init(false, key);
-
-					sig.BlockUpdate(digest, 0, digest.Length);
-
-					return sig.VerifySignature(signature);
-				}
 				else if (algorithm.Equals("DSA"))
 				{
 					ISigner sig = SignerUtilities.GetSigner("NONEwithDSA");

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-24 17:32:36 +0000