projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8ca2ae7
)
when checking OAEP, signal just a single kind of 'decoding error'
author
Bodo Möller
<bodo@openssl.org>
Wed, 6 Jun 2001 18:48:49 +0000
(18:48 +0000)
committer
Bodo Möller
<bodo@openssl.org>
Wed, 6 Jun 2001 18:48:49 +0000
(18:48 +0000)
crypto/rsa/rsa_oaep.c
patch
|
blob
|
history
diff --git
a/crypto/rsa/rsa_oaep.c
b/crypto/rsa/rsa_oaep.c
index 64b59ee1211ee20ebca9624ac6bbb5003f2a131e..a893142fdb316eef9b39e71871043ac83ab3a33f 100644
(file)
--- a/
crypto/rsa/rsa_oaep.c
+++ b/
crypto/rsa/rsa_oaep.c
@@
-94,20
+94,14
@@
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
int i, dblen, mlen = -1;
const unsigned char *maskeddb;
int lzero;
int i, dblen, mlen = -1;
const unsigned char *maskeddb;
int lzero;
- unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+ unsigned char *db
= NULL
, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
if (--num < 2 * SHA_DIGEST_LENGTH + 1)
if (--num < 2 * SHA_DIGEST_LENGTH + 1)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
- return (-1);
- }
+ goto decoding_err;
lzero = num - flen;
if (lzero < 0)
lzero = num - flen;
if (lzero < 0)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
- return (-1);
- }
+ goto decoding_err;
maskeddb = from - lzero + SHA_DIGEST_LENGTH;
dblen = num - SHA_DIGEST_LENGTH;
maskeddb = from - lzero + SHA_DIGEST_LENGTH;
dblen = num - SHA_DIGEST_LENGTH;
@@
-129,7
+123,7
@@
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
SHA1(param, plen, phash);
if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
SHA1(param, plen, phash);
if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
-
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR)
;
+
goto decoding_err
;
else
{
for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
else
{
for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
@@
-152,6
+146,13
@@
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
}
OPENSSL_free(db);
return (mlen);
}
OPENSSL_free(db);
return (mlen);
+
+decoding_err:
+ /* to avoid chosen ciphertext attacks, the error message should not reveal
+ * which kind of decoding error happened */
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+ if (db != NULL) OPENSSL_free(db);
+ return -1;
}
int MGF1(unsigned char *mask, long len,
}
int MGF1(unsigned char *mask, long len,