Corrected PSS signature generation and verification.

2 files changed, 6 insertions, 2 deletions

diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
index 4249743..b9ade4b 100644
--- a/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
+++ b/libtomcrypt/pk/pkcs1/pkcs_1_pss_decode.c
@@ -130,8 +130,10 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
       goto LBL_ERR;
    }
 
+   zeromem(mask, 8);
+
    /* M = (eight) 0x00 || msghash || salt, mask = H(M) */
-   err = hash_memory_multi(hash_algo, mask, &hLen, mask, 8, msghash, (unsigned long)msghashlen, DB+x, (unsigned long)saltlen, NULL, 0);
+   err = hash_memory_multi(hash_algo, mask, &hLen, mask, (unsigned long)8, msghash, (unsigned long)msghashlen, DB+x, (unsigned long)saltlen, NULL, 0);
    if (err != CRYPT_OK) {
       goto LBL_ERR;
    }
diff --git a/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c b/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c
index 956c79e..f8f763b 100644
--- a/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c
+++ b/libtomcrypt/pk/pkcs1/pkcs_1_pss_encode.c
@@ -81,9 +81,11 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
    if (saltlen > 0) {
       get_random_bytes(salt, saltlen);
    }
+   
+   zeromem(DB, 8);
 
    /* M = (eight) 0x00 || msghash || salt, hash = H(M) */
-   err = hash_memory_multi(hash_algo, hash, &hLen, DB, 8, msghash, (unsigned long)msghashlen, salt, (unsigned long)saltlen, NULL, 0);
+   err = hash_memory_multi(hash_algo, hash, &hLen, DB, (unsigned long)8, msghash, (unsigned long)msghashlen, salt, (unsigned long)saltlen, NULL, 0);
    if (err != CRYPT_OK) {
       goto LBL_ERR;
    }