projects
/
u
/
mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Random field-element selection.
[u/mdw/catacomb]
/
oaep.c
diff --git
a/oaep.c
b/oaep.c
index
d439f7c
..
f69c864
100644
(file)
--- a/
oaep.c
+++ b/
oaep.c
@@
-1,6
+1,6
@@
/* -*-c-*-
*
/* -*-c-*-
*
- * $Id: oaep.c,v 1.
4 2002/01/13 13:50:21
mdw Exp $
+ * $Id: oaep.c,v 1.
5 2002/01/13 20:20:39
mdw Exp $
*
* Optimal asymmetric encryption packing
*
*
* Optimal asymmetric encryption packing
*
@@
-30,6
+30,9
@@
/*----- Revision history --------------------------------------------------*
*
* $Log: oaep.c,v $
/*----- Revision history --------------------------------------------------*
*
* $Log: oaep.c,v $
+ * Revision 1.5 2002/01/13 20:20:39 mdw
+ * Hack the @oaep_decode@ code some more, to make it work again.
+ *
* Revision 1.4 2002/01/13 13:50:21 mdw
* Allow only one error return, to frustrate Manger's attack against OAEP.
*
* Revision 1.4 2002/01/13 13:50:21 mdw
* Allow only one error return, to frustrate Manger's attack against OAEP.
*
@@
-146,6
+149,7
@@
int oaep_decode(const void *buf, size_t sz, dstr *d, void *p)
ghash *h;
octet *q, *mq, *qq;
octet *pp;
ghash *h;
octet *q, *mq, *qq;
octet *pp;
+ unsigned bad = 0;
size_t n;
size_t hsz = o->ch->hashsz;
int rc = -1;
size_t n;
size_t hsz = o->ch->hashsz;
int rc = -1;
@@
-160,6
+164,7
@@
int oaep_decode(const void *buf, size_t sz, dstr *d, void *p)
/* --- Decrypt the message --- */
/* --- Decrypt the message --- */
+ bad = *q;
q++; sz--;
mq = q + hsz;
qq = q + sz;
q++; sz--;
mq = q + hsz;
qq = q + sz;
@@
-179,21
+184,19
@@
int oaep_decode(const void *buf, size_t sz, dstr *d, void *p)
h->ops->hash(h, o->ep, o->epsz);
h->ops->done(h, q);
h->ops->destroy(h);
h->ops->hash(h, o->ep, o->epsz);
h->ops->done(h, q);
h->ops->destroy(h);
- if ((memcmp(q, mq, hsz) != 0) || (*q != 0))
- goto fail;
+ bad |= memcmp(q, mq, hsz);
/* --- Now find the start of the actual message --- */
pp = mq + hsz;
while (*pp == 0 && pp < qq)
pp++;
/* --- Now find the start of the actual message --- */
pp = mq + hsz;
while (*pp == 0 && pp < qq)
pp++;
- if (pp >= qq || *pp++ != 1)
- return (-1);
+ bad |= (pp >= qq) | (*pp++ != 1);
n = qq - pp;
dstr_putm(d, pp, n);
n = qq - pp;
dstr_putm(d, pp, n);
- rc = n;
+ if (!bad)
+ rc = n;
-fail:
x_free(d->a, q);
return (rc);
}
x_free(d->a, q);
return (rc);
}