libsec: revert asn1mpint(), rewrite rsa signature validation, cleanups

reverting asn1mpint() as all users really just expect
unsigned integers here. also openssl seems to interpret
rsa modulus as unsigned no matter what... so keeping
it as it was before.

handle nil cipher bytes in factotum_rsa_decrypt() due
to pkcs1padbuf() failing.

apply some lessions from intels berzerk paper:

instead of parsing the decrypted digest info blob, we
generate the *expected* blob's for all digest algorithms
that match the digest size and compare the results.

provide pkcs1 pad and unpad functions that consistently
enforce minimum padding size and handles block types 1
and 2.

0 files changed, 0 insertions, 0 deletions