mirror of
https://github.com/golang/go
synced 2024-11-25 09:07:58 -07:00
crypto/rsa: left-pad OAEP results when needed.
PKCS#1 v2.1 section 7.1.1 says that the result of an OAEP encryption is "an octet string of length $k$". Since we didn't left-pad the result it was previously possible for the result to be smaller when the most-significant byte was zero. Fixes #1519. R=rsc CC=golang-dev https://golang.org/cl/4175059
This commit is contained in:
parent
547918e363
commit
193709736f
@ -274,6 +274,14 @@ func EncryptOAEP(hash hash.Hash, rand io.Reader, pub *PublicKey, msg []byte, lab
|
|||||||
m.SetBytes(em)
|
m.SetBytes(em)
|
||||||
c := encrypt(new(big.Int), pub, m)
|
c := encrypt(new(big.Int), pub, m)
|
||||||
out = c.Bytes()
|
out = c.Bytes()
|
||||||
|
|
||||||
|
if len(out) < k {
|
||||||
|
// If the output is too small, we need to left-pad with zeros.
|
||||||
|
t := make([]byte, k)
|
||||||
|
copy(t[k-len(out):], out)
|
||||||
|
out = t
|
||||||
|
}
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -66,7 +66,7 @@ func TestEncryptOAEP(t *testing.T) {
|
|||||||
t.Errorf("#%d,%d error: %s", i, j, err)
|
t.Errorf("#%d,%d error: %s", i, j, err)
|
||||||
}
|
}
|
||||||
if bytes.Compare(out, message.out) != 0 {
|
if bytes.Compare(out, message.out) != 0 {
|
||||||
t.Errorf("#%d,%d bad result: %s (want %s)", i, j, out, message.out)
|
t.Errorf("#%d,%d bad result: %x (want %x)", i, j, out, message.out)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user