diff options
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_oaep.c')
-rw-r--r-- | src/lib/libcrypto/rsa/rsa_oaep.c | 35 |
1 files changed, 14 insertions, 21 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c index e238d10e5c..4d30c9d2d3 100644 --- a/src/lib/libcrypto/rsa/rsa_oaep.c +++ b/src/lib/libcrypto/rsa/rsa_oaep.c | |||
@@ -28,7 +28,7 @@ | |||
28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
29 | #include <openssl/sha.h> | 29 | #include <openssl/sha.h> |
30 | 30 | ||
31 | static int MGF1(unsigned char *mask, long len, | 31 | int MGF1(unsigned char *mask, long len, |
32 | const unsigned char *seed, long seedlen); | 32 | const unsigned char *seed, long seedlen); |
33 | 33 | ||
34 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, | 34 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, |
@@ -52,6 +52,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, | |||
52 | return 0; | 52 | return 0; |
53 | } | 53 | } |
54 | 54 | ||
55 | dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); | ||
56 | if (dbmask == NULL) | ||
57 | { | ||
58 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); | ||
59 | return 0; | ||
60 | } | ||
61 | |||
55 | to[0] = 0; | 62 | to[0] = 0; |
56 | seed = to + 1; | 63 | seed = to + 1; |
57 | db = to + SHA_DIGEST_LENGTH + 1; | 64 | db = to + SHA_DIGEST_LENGTH + 1; |
@@ -69,20 +76,11 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, | |||
69 | 20); | 76 | 20); |
70 | #endif | 77 | #endif |
71 | 78 | ||
72 | dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); | 79 | MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); |
73 | if (dbmask == NULL) | ||
74 | { | ||
75 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); | ||
76 | return 0; | ||
77 | } | ||
78 | |||
79 | if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0) | ||
80 | return 0; | ||
81 | for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) | 80 | for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) |
82 | db[i] ^= dbmask[i]; | 81 | db[i] ^= dbmask[i]; |
83 | 82 | ||
84 | if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0) | 83 | MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); |
85 | return 0; | ||
86 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) | 84 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) |
87 | seed[i] ^= seedmask[i]; | 85 | seed[i] ^= seedmask[i]; |
88 | 86 | ||
@@ -135,13 +133,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, | |||
135 | 133 | ||
136 | maskeddb = padded_from + SHA_DIGEST_LENGTH; | 134 | maskeddb = padded_from + SHA_DIGEST_LENGTH; |
137 | 135 | ||
138 | if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen)) | 136 | MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); |
139 | return -1; | ||
140 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) | 137 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) |
141 | seed[i] ^= padded_from[i]; | 138 | seed[i] ^= padded_from[i]; |
142 | 139 | ||
143 | if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH)) | 140 | MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); |
144 | return -1; | ||
145 | for (i = 0; i < dblen; i++) | 141 | for (i = 0; i < dblen; i++) |
146 | db[i] ^= maskeddb[i]; | 142 | db[i] ^= maskeddb[i]; |
147 | 143 | ||
@@ -191,9 +187,7 @@ int PKCS1_MGF1(unsigned char *mask, long len, | |||
191 | int mdlen; | 187 | int mdlen; |
192 | 188 | ||
193 | EVP_MD_CTX_init(&c); | 189 | EVP_MD_CTX_init(&c); |
194 | mdlen = EVP_MD_size(dgst); | 190 | mdlen = M_EVP_MD_size(dgst); |
195 | if (mdlen < 0) | ||
196 | return -1; | ||
197 | for (i = 0; outlen < len; i++) | 191 | for (i = 0; outlen < len; i++) |
198 | { | 192 | { |
199 | cnt[0] = (unsigned char)((i >> 24) & 255); | 193 | cnt[0] = (unsigned char)((i >> 24) & 255); |
@@ -219,8 +213,7 @@ int PKCS1_MGF1(unsigned char *mask, long len, | |||
219 | return 0; | 213 | return 0; |
220 | } | 214 | } |
221 | 215 | ||
222 | static int MGF1(unsigned char *mask, long len, const unsigned char *seed, | 216 | int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) |
223 | long seedlen) | ||
224 | { | 217 | { |
225 | return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); | 218 | return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); |
226 | } | 219 | } |