unsigned char *tmpbuf;
CAPI_KEY *capi_key;
CAPI_CTX *ctx;
+ DWORD flags = 0;
+
ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
return -1;
}
- if (padding != RSA_PKCS1_PADDING) {
- char errstr[10];
- BIO_snprintf(errstr, 10, "%d", padding);
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
- ERR_add_error_data(2, "padding=", errstr);
- return -1;
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ /* Nothing to do */
+ break;
+#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK
+ case RSA_NO_PADDING:
+ flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK;
+ break;
+#endif
+ default:
+ {
+ char errstr[10];
+ BIO_snprintf(errstr, 10, "%d", padding);
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+ ERR_add_error_data(2, "padding=", errstr);
+ return -1;
+ }
}
/* Create temp reverse order version of input */
tmpbuf[flen - i - 1] = from[i];
/* Finally decrypt it */
- if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) {
+ if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, &flen)) {
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
capi_addlasterror();
+ OPENSSL_cleanse(tmpbuf, flen);
OPENSSL_free(tmpbuf);
return -1;
- } else
+ } else {
memcpy(to, tmpbuf, flen);
+ }
+ OPENSSL_cleanse(tmpbuf, flen);
OPENSSL_free(tmpbuf);
return flen;
projects / oweals / openssl.git / commitdiff