xref: /openssl-master/crypto/rsa/rsa_oaep.c

66     int mdlen, dbmask_len = 0;  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()  local
79     mdlen = EVP_MD_get_size(md);  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
80     if (mdlen <= 0) {  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
86     if (flen > emlen - 2 * mdlen - 1) {  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
91     if (emlen < 2 * mdlen + 1) {  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
99     db = to + mdlen + 1;  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
105     memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
107     db[emlen - flen - mdlen - 1] = 0x01;  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
108     memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
110     if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
113     dbmask_len = emlen - mdlen;  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
121     if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
128     if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
131     for (i = 0; i < mdlen; i++)  in ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex()
173     int mdlen;  in RSA_padding_check_PKCS1_OAEP_mgf1()  local
187     mdlen = EVP_MD_get_size(md);  in RSA_padding_check_PKCS1_OAEP_mgf1()
199     if (num < flen || num < 2 * mdlen + 2) {  in RSA_padding_check_PKCS1_OAEP_mgf1()
204     dblen = num - mdlen - 1;  in RSA_padding_check_PKCS1_OAEP_mgf1()
238     maskeddb = em + 1 + mdlen;  in RSA_padding_check_PKCS1_OAEP_mgf1()
240     if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))  in RSA_padding_check_PKCS1_OAEP_mgf1()
242     for (i = 0; i < mdlen; i++)  in RSA_padding_check_PKCS1_OAEP_mgf1()
245     if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md))  in RSA_padding_check_PKCS1_OAEP_mgf1()
253     good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, mdlen));  in RSA_padding_check_PKCS1_OAEP_mgf1()
256     for (i = mdlen; i < dblen; i++) {  in RSA_padding_check_PKCS1_OAEP_mgf1()
293     tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen),  in RSA_padding_check_PKCS1_OAEP_mgf1()
294                                     dblen - mdlen - 1, tlen);  in RSA_padding_check_PKCS1_OAEP_mgf1()
295     for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) {  in RSA_padding_check_PKCS1_OAEP_mgf1()
296         mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0);  in RSA_padding_check_PKCS1_OAEP_mgf1()
297         for (i = mdlen + 1; i < dblen - msg_index; i++)  in RSA_padding_check_PKCS1_OAEP_mgf1()
302         to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]);  in RSA_padding_check_PKCS1_OAEP_mgf1()
339     int mdlen;  in PKCS1_MGF1()  local
344     mdlen = EVP_MD_get_size(dgst);  in PKCS1_MGF1()
345     if (mdlen < 0)  in PKCS1_MGF1()
359         if (outlen + mdlen <= len) {  in PKCS1_MGF1()
362             outlen += mdlen;  in PKCS1_MGF1()

Last Index update Sun Aug 20 00:18:20 CST 2023