projects
/
u
/
mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Allow only one error return, to frustrate Manger's attack against OAEP.
[u/mdw/catacomb]
/
oaep.c
diff --git
a/oaep.c
b/oaep.c
index
301e63b
..
d439f7c
100644
(file)
--- a/
oaep.c
+++ b/
oaep.c
@@
-1,6
+1,6
@@
/* -*-c-*-
*
/* -*-c-*-
*
- * $Id: oaep.c,v 1.
2 2000/07/15 10:01:48
mdw Exp $
+ * $Id: oaep.c,v 1.
4 2002/01/13 13:50:21
mdw Exp $
*
* Optimal asymmetric encryption packing
*
*
* Optimal asymmetric encryption packing
*
@@
-30,6
+30,12
@@
/*----- Revision history --------------------------------------------------*
*
* $Log: oaep.c,v $
/*----- Revision history --------------------------------------------------*
*
* $Log: oaep.c,v $
+ * Revision 1.4 2002/01/13 13:50:21 mdw
+ * Allow only one error return, to frustrate Manger's attack against OAEP.
+ *
+ * Revision 1.3 2001/02/22 09:04:39 mdw
+ * Fix memory leaks.
+ *
* Revision 1.2 2000/07/15 10:01:48 mdw
* Test rig added, based on RIPEMD160-MGF1 test vectors.
*
* Revision 1.2 2000/07/15 10:01:48 mdw
* Test rig added, based on RIPEMD160-MGF1 test vectors.
*
@@
-71,7
+77,7
@@
int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p)
{
oaep *o = p;
size_t hsz = o->ch->hashsz;
{
oaep *o = p;
size_t hsz = o->ch->hashsz;
- ghash *h
= o->ch->init()
;
+ ghash *h;
octet *q, *mq, *qq;
octet *pp;
gcipher *c;
octet *q, *mq, *qq;
octet *pp;
gcipher *c;
@@
-92,6
+98,7
@@
int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p)
/* --- Fill in the rest of the buffer --- */
/* --- Fill in the rest of the buffer --- */
+ h = o->ch->init();
h->ops->hash(h, o->ep, o->epsz);
h->ops->done(h, mq);
h->ops->destroy(h);
h->ops->hash(h, o->ep, o->epsz);
h->ops->done(h, mq);
h->ops->destroy(h);
@@
-153,8
+160,6
@@
int oaep_decode(const void *buf, size_t sz, dstr *d, void *p)
/* --- Decrypt the message --- */
/* --- Decrypt the message --- */
- if (*q != 0)
- goto fail;
q++; sz--;
mq = q + hsz;
qq = q + sz;
q++; sz--;
mq = q + hsz;
qq = q + sz;
@@
-173,7
+178,8
@@
int oaep_decode(const void *buf, size_t sz, dstr *d, void *p)
h = o->ch->init();
h->ops->hash(h, o->ep, o->epsz);
h->ops->done(h, q);
h = o->ch->init();
h->ops->hash(h, o->ep, o->epsz);
h->ops->done(h, q);
- if (memcmp(q, mq, hsz) != 0)
+ h->ops->destroy(h);
+ if ((memcmp(q, mq, hsz) != 0) || (*q != 0))
goto fail;
/* --- Now find the start of the actual message --- */
goto fail;
/* --- Now find the start of the actual message --- */
@@
-228,7
+234,7
@@
static int verify(dstr *v)
dstr_ensure(&d, v[3].len);
d.len = v[3].len;
gr.r.ops = &gops;
dstr_ensure(&d, v[3].len);
d.len = v[3].len;
gr.r.ops = &gops;
- gr.buf = v[2].buf;
+ gr.buf =
(octet *)
v[2].buf;
o.cc = &rmd160_mgf;
o.ch = &rmd160;
o.cc = &rmd160_mgf;
o.ch = &rmd160;