Skip to content

Commit 39d9551

Browse files
nhatnghihonhatnghiho
committed
Fix RSA OAEP functions to use hash algorithms correctly
1 parent 26a3144 commit 39d9551

1 file changed

Lines changed: 41 additions & 12 deletions

File tree

util/fipstools/acvp/modulewrapper/modulewrapper.cc

Lines changed: 41 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2810,22 +2810,37 @@ static bool RSAOAEPEncrypt(const Span<const uint8_t> args[],
28102810

28112811
BIGNUM *n = BN_new();
28122812
BIGNUM *e = BN_new();
2813-
bssl::UniquePtr<RSA> key(RSA_new());
2813+
bssl::UniquePtr<RSA> rsa(RSA_new());
28142814

28152815
if (!BN_bin2bn(n_bytes.data(), n_bytes.size(), n) ||
28162816
!BN_bin2bn(e_bytes.data(), e_bytes.size(), e) ||
2817-
!RSA_set0_key(key.get(), n, e, nullptr)) {
2817+
!RSA_set0_key(rsa.get(), n, e, nullptr)) {
2818+
return false;
2819+
}
2820+
2821+
bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
2822+
if (!EVP_PKEY_set1_RSA(pkey.get(), rsa.get())) {
2823+
return false;
2824+
}
2825+
2826+
bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
2827+
if (!ctx || !EVP_PKEY_encrypt_init(ctx.get()) ||
2828+
!EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_OAEP_PADDING) ||
2829+
!EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), MDFunc())) {
28182830
return false;
28192831
}
28202832

28212833
// Randomly generate the keying material to encrypt
28222834
std::vector<uint8_t> out(out_len);
28232835
RAND_bytes(out.data(), out.size());
28242836

2825-
std::vector<uint8_t> ct(RSA_size(key.get()));
28262837
size_t ct_len = 0;
2827-
if (!RSA_encrypt(key.get(), &ct_len, ct.data(), ct.size(), out.data(),
2828-
out.size(), RSA_PKCS1_OAEP_PADDING)) {
2838+
if (!EVP_PKEY_encrypt(ctx.get(), nullptr, &ct_len, out.data(), out.size())) {
2839+
return false;
2840+
}
2841+
std::vector<uint8_t> ct(ct_len);
2842+
if (!EVP_PKEY_encrypt(ctx.get(), ct.data(), &ct_len, out.data(),
2843+
out.size())) {
28292844
return false;
28302845
}
28312846
return write_reply({Span<const uint8_t>(ct), Span<const uint8_t>(out)});
@@ -2846,25 +2861,39 @@ static bool RSAOAEPDecrypt(const Span<const uint8_t> args[],
28462861
BIGNUM *p = BN_new();
28472862
BIGNUM *q = BN_new();
28482863
BIGNUM *d = BN_new();
2849-
bssl::UniquePtr<RSA> key(RSA_new());
2864+
bssl::UniquePtr<RSA> rsa(RSA_new());
28502865

28512866
if (!BN_bin2bn(n_bytes.data(), n_bytes.size(), n) ||
28522867
!BN_bin2bn(e_bytes.data(), e_bytes.size(), e) ||
28532868
!BN_bin2bn(d_bytes.data(), d_bytes.size(), d) ||
28542869
!BN_bin2bn(p_bytes.data(), p_bytes.size(), p) ||
28552870
!BN_bin2bn(q_bytes.data(), q_bytes.size(), q) ||
2856-
!RSA_set0_key(key.get(), n, e, d) ||
2857-
!RSA_set0_factors(key.get(), p, q)) {
2871+
!RSA_set0_key(rsa.get(), n, e, d) || !RSA_set0_factors(rsa.get(), p, q)) {
28582872
return false;
28592873
}
28602874

2861-
std::vector<uint8_t> out(RSA_size(key.get()));
2862-
size_t out_len = 0;
2863-
if (!RSA_decrypt(key.get(), &out_len, out.data(), out.size(), input.data(),
2864-
input.size(), RSA_PKCS1_OAEP_PADDING)) {
2875+
bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
2876+
if (!EVP_PKEY_set1_RSA(pkey.get(), rsa.get())) {
2877+
return false;
2878+
}
2879+
2880+
bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr));
2881+
if (!ctx || !EVP_PKEY_decrypt_init(ctx.get()) ||
2882+
!EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_OAEP_PADDING) ||
2883+
!EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), MDFunc())) {
28652884
return false;
28662885
}
28672886

2887+
size_t out_len = 0;
2888+
if (!EVP_PKEY_decrypt(ctx.get(), nullptr, &out_len, input.data(),
2889+
input.size())) {
2890+
return false;
2891+
}
2892+
std::vector<uint8_t> out(out_len);
2893+
if (!EVP_PKEY_decrypt(ctx.get(), out.data(), &out_len, input.data(),
2894+
input.size())) {
2895+
return false;
2896+
}
28682897
out.resize(out_len);
28692898
return write_reply({Span<const uint8_t>(out)});
28702899
}

0 commit comments

Comments
 (0)