summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_oaep.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_oaep.c')
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c35
1 files changed, 14 insertions, 21 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index e238d10e5c..4d30c9d2d3 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -28,7 +28,7 @@
28#include <openssl/rand.h> 28#include <openssl/rand.h>
29#include <openssl/sha.h> 29#include <openssl/sha.h>
30 30
31static int MGF1(unsigned char *mask, long len, 31int MGF1(unsigned char *mask, long len,
32 const unsigned char *seed, long seedlen); 32 const unsigned char *seed, long seedlen);
33 33
34int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 34int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -52,6 +52,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
52 return 0; 52 return 0;
53 } 53 }
54 54
55 dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
56 if (dbmask == NULL)
57 {
58 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
59 return 0;
60 }
61
55 to[0] = 0; 62 to[0] = 0;
56 seed = to + 1; 63 seed = to + 1;
57 db = to + SHA_DIGEST_LENGTH + 1; 64 db = to + SHA_DIGEST_LENGTH + 1;
@@ -69,20 +76,11 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
69 20); 76 20);
70#endif 77#endif
71 78
72 dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); 79 MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
73 if (dbmask == NULL)
74 {
75 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
76 return 0;
77 }
78
79 if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
80 return 0;
81 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) 80 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
82 db[i] ^= dbmask[i]; 81 db[i] ^= dbmask[i];
83 82
84 if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0) 83 MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
85 return 0;
86 for (i = 0; i < SHA_DIGEST_LENGTH; i++) 84 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
87 seed[i] ^= seedmask[i]; 85 seed[i] ^= seedmask[i];
88 86
@@ -135,13 +133,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
135 133
136 maskeddb = padded_from + SHA_DIGEST_LENGTH; 134 maskeddb = padded_from + SHA_DIGEST_LENGTH;
137 135
138 if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen)) 136 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
139 return -1;
140 for (i = 0; i < SHA_DIGEST_LENGTH; i++) 137 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
141 seed[i] ^= padded_from[i]; 138 seed[i] ^= padded_from[i];
142 139
143 if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH)) 140 MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
144 return -1;
145 for (i = 0; i < dblen; i++) 141 for (i = 0; i < dblen; i++)
146 db[i] ^= maskeddb[i]; 142 db[i] ^= maskeddb[i];
147 143
@@ -191,9 +187,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
191 int mdlen; 187 int mdlen;
192 188
193 EVP_MD_CTX_init(&c); 189 EVP_MD_CTX_init(&c);
194 mdlen = EVP_MD_size(dgst); 190 mdlen = M_EVP_MD_size(dgst);
195 if (mdlen < 0)
196 return -1;
197 for (i = 0; outlen < len; i++) 191 for (i = 0; outlen < len; i++)
198 { 192 {
199 cnt[0] = (unsigned char)((i >> 24) & 255); 193 cnt[0] = (unsigned char)((i >> 24) & 255);
@@ -219,8 +213,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
219 return 0; 213 return 0;
220 } 214 }
221 215
222static int MGF1(unsigned char *mask, long len, const unsigned char *seed, 216int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
223 long seedlen)
224 { 217 {
225 return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); 218 return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
226 } 219 }