oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Make sure return values are checked, always unblind if we blinded, handle error better

Browse Source
This commit is contained in:
Love Hornquist Astrand
2009-08-20 14:04:34 -07:00
parent f0aec0e637
commit 1838afe680
1 changed files with 44 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
lib/hcrypto/rsa-imath.c
View File

@@ -205,6 +205,10 @@ imath_rsa_public_encrypt(int flen, const unsigned char* from,
mp_int_clear(&dec); mp_int_clear(&dec);
mp_int_clear(&e); mp_int_clear(&e);
mp_int_clear(&n); mp_int_clear(&n);
if (res != MP_OK)
return -4;
{ {
size_t ssize; size_t ssize;
ssize = mp_int_unsigned_len(&enc); ssize = mp_int_unsigned_len(&enc);
@@ -295,9 +299,10 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from,
{ {
unsigned char *p, *p0; unsigned char *p, *p0;
mp_result res; mp_result res;
size_t size; int size;
mpz_t in, out, n, e, b, bi; mpz_t in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
int do_unblind = 0;
if (padding != RSA_PKCS1_PADDING) if (padding != RSA_PKCS1_PADDING)
return -1; return -1;
@@ -327,13 +332,14 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from,
if(mp_int_compare_zero(&in) < 0 || if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0) { mp_int_compare(&in, &n) >= 0) {
size = 0; size = -3;
goto out; goto out;
} }
if (blinding) { if (blinding) {
setup_blind(&n, &b, &bi); setup_blind(&n, &b, &bi);
blind(&in, &b, &e, &n); blind(&in, &b, &e, &n);
do_unblind = 1;
} }
if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
@@ -352,6 +358,11 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from,
mp_int_clear(&dmp1); mp_int_clear(&dmp1);
mp_int_clear(&dmq1); mp_int_clear(&dmq1);
mp_int_clear(&iqmp); mp_int_clear(&iqmp);
if (res != MP_OK) {
size = -4;
goto out;
}
} else { } else {
mpz_t d; mpz_t d;
@@ -359,18 +370,15 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from,
res = mp_int_exptmod(&in, &d, &n, &out); res = mp_int_exptmod(&in, &d, &n, &out);
mp_int_clear(&d); mp_int_clear(&d);
if (res != MP_OK) { if (res != MP_OK) {
size = 0; size = -5;
goto out; goto out;
} }
} }
if (blinding) { if (do_unblind)
unblind(&out, &bi, &n); unblind(&out, &bi, &n);
mp_int_clear(&b);
mp_int_clear(&bi);
}
{ if (size > 0) {
size_t ssize; size_t ssize;
ssize = mp_int_unsigned_len(&out); ssize = mp_int_unsigned_len(&out);
assert(size >= ssize); assert(size >= ssize);
@@ -378,7 +386,12 @@ imath_rsa_private_encrypt(int flen, const unsigned char* from,
size = ssize; size = ssize;
} }
out: out:
if (do_unblind) {
mp_int_clear(&b);
mp_int_clear(&bi);
}
mp_int_clear(&e); mp_int_clear(&e);
mp_int_clear(&n); mp_int_clear(&n);
mp_int_clear(&in); mp_int_clear(&in);
@@ -396,6 +409,7 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from,
size_t size; size_t size;
mpz_t in, out, n, e, b, bi; mpz_t in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
int do_unblind = 0;
if (padding != RSA_PKCS1_PADDING) if (padding != RSA_PKCS1_PADDING)
return -1; return -1;
@@ -418,13 +432,14 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from,
if(mp_int_compare_zero(&in) < 0 || if(mp_int_compare_zero(&in) < 0 ||
mp_int_compare(&in, &n) >= 0) { mp_int_compare(&in, &n) >= 0) {
size = 0; size = -2;
goto out; goto out;
} }
if (blinding) { if (blinding) {
setup_blind(&n, &b, &bi); setup_blind(&n, &b, &bi);
blind(&in, &b, &e, &n); blind(&in, &b, &e, &n);
do_unblind = 1;
} }
if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
@@ -443,6 +458,12 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from,
mp_int_clear(&dmp1); mp_int_clear(&dmp1);
mp_int_clear(&dmq1); mp_int_clear(&dmq1);
mp_int_clear(&iqmp); mp_int_clear(&iqmp);
if (res != MP_OK) {
size = -3;
goto out;
}
} else { } else {
mpz_t d; mpz_t d;
@@ -454,16 +475,13 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from,
res = mp_int_exptmod(&in, &d, &n, &out); res = mp_int_exptmod(&in, &d, &n, &out);
mp_int_clear(&d); mp_int_clear(&d);
if (res != MP_OK) { if (res != MP_OK) {
size = 0; size = -4;
goto out; goto out;
} }
} }
if (blinding) { if (do_unblind)
unblind(&out, &bi, &n); unblind(&out, &bi, &n);
mp_int_clear(&b);
mp_int_clear(&bi);
}
ptr = to; ptr = to;
{ {
@@ -475,19 +493,26 @@ imath_rsa_private_decrypt(int flen, const unsigned char* from,
} }
/* head zero was skipped by mp_int_to_unsigned */ /* head zero was skipped by mp_int_to_unsigned */
if (*ptr != 2) if (*ptr != 2) {
return -3; size = -5;
goto out;
}
size--; ptr++; size--; ptr++;
while (size && *ptr != 0) { while (size && *ptr != 0) {
size--; ptr++; size--; ptr++;
} }
if (size == 0) if (size == 0)
return -4; return -6;
size--; ptr++; size--; ptr++;
memmove(to, ptr, size); memmove(to, ptr, size);
out: out:
if (do_unblind) {
mp_int_clear(&b);
mp_int_clear(&bi);
}
mp_int_clear(&e); mp_int_clear(&e);
mp_int_clear(&n); mp_int_clear(&n);
mp_int_clear(&in); mp_int_clear(&in);