xref: /third_party/openssl/crypto/rsa/rsa_oaep.c

66     int mdlen, dbmask_len = 0;
79     mdlen = EVP_MD_get_size(md);
80     if (mdlen <= 0) {
86     if (flen > emlen - 2 * mdlen - 1) {
91     if (emlen < 2 * mdlen + 1) {
99     db = to + mdlen + 1;
105     memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
107     db[emlen - flen - mdlen - 1] = 0x01;
108     memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
110     if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
113     dbmask_len = emlen - mdlen;
121     if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
128     if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
131     for (i = 0; i < mdlen; i++)
173     int mdlen;
187     mdlen = EVP_MD_get_size(md);
195      * |num| >= 2 * |mdlen| + 2 must hold for the modulus irrespective of
199     if (num < flen || num < 2 * mdlen + 2) {
204     dblen = num - mdlen - 1;
238     maskeddb = em + 1 + mdlen;
240     if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
242     for (i = 0; i < mdlen; i++)
245     if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md))
253     good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, mdlen));
256     for (i = mdlen; i < dblen; i++) {
284      * Move the result in-place by |dblen|-|mdlen|-1-|mlen| bytes to the left.
285      * Then if |good| move |mlen| bytes from |db|+|mdlen|+1 to |to|.
293     tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen),
294                                     dblen - mdlen - 1, tlen);
295     for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) {
296         mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0);
297         for (i = mdlen + 1; i < dblen - msg_index; i++)
302         to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]);
339     int mdlen;
344     mdlen = EVP_MD_get_size(dgst);
345     if (mdlen < 0)
359         if (outlen + mdlen <= len) {
362             outlen += mdlen;

Indexes created Thu Nov 07 10:32:03 CST 2024