[Opencryptoki-tech] [PATCH] Disable RSA SignRecover and VerifyRecover for CCA token

Fri, 26 Nov 2010 12:00:53 -0800 

    The CCA token can't support RSA VerifyRecover() correctly,
    given the size constraints for the CCA RSA Encrypt operation
    and also since it does the padding by itself.

    The CCA Token never advertised the CKF_SIGN_RECOVER and
    CKF_VERIFY_RECOVER flags in it's CKM_RSA_PKCS mechanism to
    start with, but the functions were there trying to perform
    it anyway.

    I'm using #if 0 to "comment out" the relevant functions
    if they are ever needed again.

Signed-off-by: Klaus Heinrich Kiwi <[email protected]>
---
 usr/lib/pkcs11/cca_stdll/mech_rsa.c   |    3 ++-
 usr/lib/pkcs11/cca_stdll/sign_mgr.c   |    2 +-
 usr/lib/pkcs11/cca_stdll/verify_mgr.c |    2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/usr/lib/pkcs11/cca_stdll/mech_rsa.c 
b/usr/lib/pkcs11/cca_stdll/mech_rsa.c
index 4a3399a..027fb23 100644
--- a/usr/lib/pkcs11/cca_stdll/mech_rsa.c
+++ b/usr/lib/pkcs11/cca_stdll/mech_rsa.c
@@ -245,6 +245,7 @@ rsa_pkcs_verify( SESSION             * sess,
 
 //
 //
+#if 0
 CK_RV
 rsa_pkcs_verify_recover( SESSION             * sess,
                          CK_BBOOL              length_only,
@@ -297,7 +298,7 @@ rsa_pkcs_verify_recover( SESSION             * sess,
 
    return rc;
 }
-
+#endif
 
 //
 //
diff --git a/usr/lib/pkcs11/cca_stdll/sign_mgr.c 
b/usr/lib/pkcs11/cca_stdll/sign_mgr.c
index c5778f8..6e5c4ba 100644
--- a/usr/lib/pkcs11/cca_stdll/sign_mgr.c
+++ b/usr/lib/pkcs11/cca_stdll/sign_mgr.c
@@ -636,13 +636,13 @@ sign_mgr_sign_recover( SESSION             * sess,
       return CKR_OPERATION_ACTIVE;
    }
    switch (ctx->mech.mechanism) {
+#if 0
       case CKM_RSA_PKCS:
          // we can use the same sign mechanism to do sign-recover
          //
          return rsa_pkcs_sign( sess,     length_only,  ctx,
                                in_data,  in_data_len,
                                out_data, out_data_len );
-#if 0
       case CKM_RSA_X_509:
          return rsa_x509_sign( sess,     length_only,  ctx,
                                in_data,  in_data_len,
diff --git a/usr/lib/pkcs11/cca_stdll/verify_mgr.c 
b/usr/lib/pkcs11/cca_stdll/verify_mgr.c
index 6e495f1..8debfaa 100644
--- a/usr/lib/pkcs11/cca_stdll/verify_mgr.c
+++ b/usr/lib/pkcs11/cca_stdll/verify_mgr.c
@@ -612,12 +612,12 @@ verify_mgr_verify_recover( SESSION             * sess,
    }
 
    switch (ctx->mech.mechanism) {
+#if 0
       case CKM_RSA_PKCS:
          return rsa_pkcs_verify_recover( sess,      length_only,
                                          ctx,
                                          signature, sig_len,
                                          out_data,  out_len );
-#if 0
       case CKM_RSA_X_509:
          return rsa_x509_verify_recover( sess,      length_only,
                                          ctx,
-- 
1.7.2.3


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech

Reply via email to