X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/49db8dbed085499aa5a8a4ae7623fd2b463cb8c5..2730bf3313ce14f0a1c95d82a07e18d0fa0fb33c:/oaep.c diff --git a/oaep.c b/oaep.c index 301e63b..d439f7c 100644 --- a/oaep.c +++ b/oaep.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: oaep.c,v 1.2 2000/07/15 10:01:48 mdw Exp $ + * $Id: oaep.c,v 1.4 2002/01/13 13:50:21 mdw Exp $ * * Optimal asymmetric encryption packing * @@ -30,6 +30,12 @@ /*----- Revision history --------------------------------------------------* * * $Log: oaep.c,v $ + * Revision 1.4 2002/01/13 13:50:21 mdw + * Allow only one error return, to frustrate Manger's attack against OAEP. + * + * Revision 1.3 2001/02/22 09:04:39 mdw + * Fix memory leaks. + * * Revision 1.2 2000/07/15 10:01:48 mdw * Test rig added, based on RIPEMD160-MGF1 test vectors. * @@ -71,7 +77,7 @@ int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p) { oaep *o = p; size_t hsz = o->ch->hashsz; - ghash *h = o->ch->init(); + ghash *h; octet *q, *mq, *qq; octet *pp; gcipher *c; @@ -92,6 +98,7 @@ int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p) /* --- Fill in the rest of the buffer --- */ + h = o->ch->init(); h->ops->hash(h, o->ep, o->epsz); h->ops->done(h, mq); h->ops->destroy(h); @@ -153,8 +160,6 @@ int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) /* --- Decrypt the message --- */ - if (*q != 0) - goto fail; q++; sz--; mq = q + hsz; qq = q + sz; @@ -173,7 +178,8 @@ int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) h = o->ch->init(); h->ops->hash(h, o->ep, o->epsz); h->ops->done(h, q); - if (memcmp(q, mq, hsz) != 0) + h->ops->destroy(h); + if ((memcmp(q, mq, hsz) != 0) || (*q != 0)) goto fail; /* --- Now find the start of the actual message --- */ @@ -228,7 +234,7 @@ static int verify(dstr *v) dstr_ensure(&d, v[3].len); d.len = v[3].len; gr.r.ops = &gops; - gr.buf = v[2].buf; + gr.buf = (octet *)v[2].buf; o.cc = &rmd160_mgf; o.ch = &rmd160;