diff --git a/crypto/rsa/internal.h b/crypto/rsa/internal.h index 06fd387f..c0044c3d 100644 --- a/crypto/rsa/internal.h +++ b/crypto/rsa/internal.h @@ -107,8 +107,6 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned to_len, const EVP_MD *md, const EVP_MD *mgf1md); int RSA_padding_add_none(uint8_t *to, unsigned to_len, const uint8_t *from, unsigned from_len); -int RSA_padding_check_none(uint8_t *to, unsigned to_len, const uint8_t *from, - unsigned from_len); /* RSA_private_transform calls either the method-specific |private_transform| * function (if given) or the generic one. See the comment for diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c index 6ac41bab..5a42e248 100644 --- a/crypto/rsa/padding.c +++ b/crypto/rsa/padding.c @@ -300,17 +300,6 @@ int RSA_padding_add_none(uint8_t *to, unsigned tlen, const uint8_t *from, unsign return 1; } -int RSA_padding_check_none(uint8_t *to, unsigned tlen, const uint8_t *from, - unsigned flen) { - if (flen > tlen) { - OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); - return -1; - } - - memcpy(to, from, flen); - return flen; -} - int PKCS1_MGF1(uint8_t *mask, unsigned len, const uint8_t *seed, unsigned seedlen, const EVP_MD *dgst) { unsigned outlen = 0; diff --git a/crypto/rsa/rsa_impl.c b/crypto/rsa/rsa_impl.c index e1dcaf35..aa1b70f0 100644 --- a/crypto/rsa/rsa_impl.c +++ b/crypto/rsa/rsa_impl.c @@ -372,10 +372,15 @@ static int decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, return 0; } - buf = OPENSSL_malloc(rsa_size); - if (buf == NULL) { - OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); - goto err; + if (padding == RSA_NO_PADDING) { + buf = out; + } else { + /* Allocate a temporary buffer to hold the padded plaintext. */ + buf = OPENSSL_malloc(rsa_size); + if (buf == NULL) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); + goto err; + } } if (in_len != rsa_size) { @@ -397,7 +402,7 @@ static int decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, NULL, 0, NULL, NULL); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(out, rsa_size, buf, rsa_size); + r = rsa_size; break; default: OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE); @@ -412,7 +417,7 @@ static int decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } err: - if (buf != NULL) { + if (padding != RSA_NO_PADDING && buf != NULL) { OPENSSL_cleanse(buf, rsa_size); OPENSSL_free(buf); } @@ -459,8 +464,17 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, BN_CTX_start(ctx); f = BN_CTX_get(ctx); result = BN_CTX_get(ctx); - buf = OPENSSL_malloc(rsa_size); - if (!f || !result || !buf) { + if (padding == RSA_NO_PADDING) { + buf = out; + } else { + /* Allocate a temporary buffer to hold the padded plaintext. */ + buf = OPENSSL_malloc(rsa_size); + if (buf == NULL) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); + goto err; + } + } + if (!f || !result) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } @@ -501,7 +515,7 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, r = RSA_padding_check_PKCS1_type_1(out, rsa_size, buf, rsa_size); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(out, rsa_size, buf, rsa_size); + r = rsa_size; break; default: OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE); @@ -520,7 +534,7 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { + if (padding != RSA_NO_PADDING && buf != NULL) { OPENSSL_cleanse(buf, rsa_size); OPENSSL_free(buf); }