Loading crypto/rsa/rsa_oaep.c +11 −10 Original line number Original line Diff line number Diff line Loading @@ -94,20 +94,14 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, int i, dblen, mlen = -1; int i, dblen, mlen = -1; const unsigned char *maskeddb; const unsigned char *maskeddb; int lzero; int lzero; unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; if (--num < 2 * SHA_DIGEST_LENGTH + 1) if (--num < 2 * SHA_DIGEST_LENGTH + 1) { goto decoding_err; RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); return (-1); } lzero = num - flen; lzero = num - flen; if (lzero < 0) if (lzero < 0) { goto decoding_err; RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); return (-1); } maskeddb = from - lzero + SHA_DIGEST_LENGTH; maskeddb = from - lzero + SHA_DIGEST_LENGTH; dblen = num - SHA_DIGEST_LENGTH; dblen = num - SHA_DIGEST_LENGTH; Loading @@ -129,7 +123,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, SHA1(param, plen, phash); SHA1(param, plen, phash); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); goto decoding_err; else else { { for (i = SHA_DIGEST_LENGTH; i < dblen; i++) for (i = SHA_DIGEST_LENGTH; i < dblen; i++) Loading @@ -152,6 +146,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, } } OPENSSL_free(db); OPENSSL_free(db); return (mlen); return (mlen); decoding_err: /* to avoid chosen ciphertext attacks, the error message should not reveal * which kind of decoding error happened */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); if (db != NULL) OPENSSL_free(db); return -1; } } int MGF1(unsigned char *mask, long len, int MGF1(unsigned char *mask, long len, Loading Loading
crypto/rsa/rsa_oaep.c +11 −10 Original line number Original line Diff line number Diff line Loading @@ -94,20 +94,14 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, int i, dblen, mlen = -1; int i, dblen, mlen = -1; const unsigned char *maskeddb; const unsigned char *maskeddb; int lzero; int lzero; unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; if (--num < 2 * SHA_DIGEST_LENGTH + 1) if (--num < 2 * SHA_DIGEST_LENGTH + 1) { goto decoding_err; RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); return (-1); } lzero = num - flen; lzero = num - flen; if (lzero < 0) if (lzero < 0) { goto decoding_err; RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); return (-1); } maskeddb = from - lzero + SHA_DIGEST_LENGTH; maskeddb = from - lzero + SHA_DIGEST_LENGTH; dblen = num - SHA_DIGEST_LENGTH; dblen = num - SHA_DIGEST_LENGTH; Loading @@ -129,7 +123,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, SHA1(param, plen, phash); SHA1(param, plen, phash); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); goto decoding_err; else else { { for (i = SHA_DIGEST_LENGTH; i < dblen; i++) for (i = SHA_DIGEST_LENGTH; i < dblen; i++) Loading @@ -152,6 +146,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, } } OPENSSL_free(db); OPENSSL_free(db); return (mlen); return (mlen); decoding_err: /* to avoid chosen ciphertext attacks, the error message should not reveal * which kind of decoding error happened */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); if (db != NULL) OPENSSL_free(db); return -1; } } int MGF1(unsigned char *mask, long len, int MGF1(unsigned char *mask, long len, Loading
