diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/src/crypto/signers/PssSigner.cs | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs index e29ed3c45..b31384783 100644 --- a/crypto/src/crypto/signers/PssSigner.cs +++ b/crypto/src/crypto/signers/PssSigner.cs @@ -3,6 +3,7 @@ using System; using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Crypto.Signers { @@ -250,11 +251,12 @@ namespace Org.BouncyCastle.Crypto.Signers block[i] ^= dbMask[i]; } - block[0] &= (byte) ((0xff >> ((block.Length * 8) - emBits))); + h.CopyTo(block, block.Length - hLen - 1); - h.CopyTo(block, block.Length - hLen - 1); + uint firstByteMask = 0xFFU >> ((block.Length * 8) - emBits); - block[block.Length - 1] = trailer; + block[0] &= (byte)firstByteMask; + block[block.Length - 1] = trailer; byte[] b = cipher.ProcessBlock(block, 0, block.Length); @@ -269,12 +271,16 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature( byte[] signature) { - contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen); + contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen); - byte[] b = cipher.ProcessBlock(signature, 0, signature.Length); + byte[] b = cipher.ProcessBlock(signature, 0, signature.Length); + Arrays.Fill(block, 0, block.Length - b.Length, 0); b.CopyTo(block, block.Length - b.Length); - if (block[block.Length - 1] != trailer) + uint firstByteMask = 0xFFU >> ((block.Length * 8) - emBits); + + if (block[0] != (byte)(block[0] & firstByteMask) + || block[block.Length - 1] != trailer) { ClearBlock(block); return false; @@ -287,7 +293,7 @@ namespace Org.BouncyCastle.Crypto.Signers block[i] ^= dbMask[i]; } - block[0] &= (byte) ((0xff >> ((block.Length * 8) - emBits))); + block[0] &= (byte)firstByteMask; for (int i = 0; i != block.Length - hLen - sLen - 2; i++) { |