Mercurial > dropbear
diff libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c @ 1471:6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 09 Feb 2018 21:44:05 +0800 |
| parents | f849a5ca2efc |
| children |
line wrap: on
line diff
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c Thu Feb 08 23:11:40 2018 +0800 +++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c Fri Feb 09 21:44:05 2018 +0800 @@ -5,20 +5,18 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, [email protected], http://libtom.org */ #include "tomcrypt.h" -/** +/** @file pkcs_1_oaep_decode.c - OAEP Padding for LTC_PKCS #1, Tom St Denis + OAEP Padding for PKCS #1, Tom St Denis */ #ifdef LTC_PKCS_1 /** - LTC_PKCS #1 v2.00 OAEP decode + PKCS #1 v2.00 OAEP decode @param msg The encoded data to decode @param msglen The length of the encoded data (octets) @param lparam The session or system data (can be NULL) @@ -28,7 +26,7 @@ @param out [out] Destination of decoding @param outlen [in/out] The max size and resulting size of the decoding @param res [out] Result of decoding, 1==valid, 0==invalid - @return CRYPT_OK if successful (even if invalid) + @return CRYPT_OK if successful */ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, const unsigned char *lparam, unsigned long lparamlen, @@ -38,7 +36,7 @@ { unsigned char *DB, *seed, *mask; unsigned long hLen, x, y, modulus_len; - int err; + int err, ret; LTC_ARGCHK(msg != NULL); LTC_ARGCHK(out != NULL); @@ -47,9 +45,9 @@ /* default to invalid packet */ *res = 0; - + /* test valid hash */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } hLen = hash_descriptor[hash_idx].hashsize; @@ -78,17 +76,18 @@ } /* ok so it's now in the form - - 0x00 || maskedseed || maskedDB - + + 0x00 || maskedseed || maskedDB + 1 || hLen || modulus_len - hLen - 1 - + */ + ret = CRYPT_OK; + /* must have leading 0x00 byte */ if (msg[0] != 0x00) { - err = CRYPT_OK; - goto LBL_ERR; + ret = CRYPT_INVALID_PACKET; } /* now read the masked seed */ @@ -100,7 +99,7 @@ XMEMCPY(DB, msg + x, modulus_len - hLen - 1); x += modulus_len - hLen - 1; - /* compute MGF1 of maskedDB (hLen) */ + /* compute MGF1 of maskedDB (hLen) */ if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { goto LBL_ERR; } @@ -117,7 +116,7 @@ /* xor against DB */ for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; + DB[y] ^= mask[y]; } /* now DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ @@ -136,9 +135,8 @@ } /* compare the lhash'es */ - if (XMEMCMP(seed, DB, hLen) != 0) { - err = CRYPT_OK; - goto LBL_ERR; + if (XMEM_NEQ(seed, DB, hLen) != 0) { + ret = CRYPT_INVALID_PACKET; } /* now zeroes before a 0x01 */ @@ -146,28 +144,26 @@ /* step... */ } - /* error out if wasn't 0x01 */ + /* error if wasn't 0x01 */ if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; + ret = CRYPT_INVALID_PACKET; } /* rest is the message (and skip 0x01) */ if ((modulus_len - hLen - 1 - ++x) > *outlen) { - *outlen = modulus_len - hLen - 1 - x; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; + ret = CRYPT_INVALID_PACKET; } - /* copy message */ - *outlen = modulus_len - hLen - 1 - x; - XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); - x += modulus_len - hLen - 1; + if (ret == CRYPT_OK) { + /* copy message */ + *outlen = modulus_len - hLen - 1 - x; + XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); - /* valid packet */ - *res = 1; + /* valid packet */ + *res = 1; + } + err = ret; - err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(DB, modulus_len); @@ -184,6 +180,6 @@ #endif /* LTC_PKCS_1 */ -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */