RSA-OAEP decrypt: reorganise code
diff --git a/library/rsa.c b/library/rsa.c
index 210ea46..577a14f 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -654,6 +654,9 @@
const md_info_t *md_info;
md_context_t md_ctx;
+ /*
+ * Parameters sanity checks
+ */
if( ctx->padding != RSA_PKCS_V21 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
@@ -662,6 +665,13 @@
if( ilen < 16 || ilen > sizeof( buf ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ md_info = md_info_from_type( ctx->hash_id );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ /*
+ * RSA operation
+ */
ret = ( mode == RSA_PUBLIC )
? rsa_public( ctx, input, buf )
: rsa_private( ctx, f_rng, p_rng, input, buf );
@@ -669,38 +679,37 @@
if( ret != 0 )
return( ret );
+ /*
+ * Unmask data
+ */
+ hlen = md_get_size( md_info );
+
+ md_init_ctx( &md_ctx, md_info );
+
+ /* Generate lHash */
+ md( md_info, label, label_len, lhash );
+
+ /* seed: Apply seedMask to maskedSeed */
+ mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
+ &md_ctx );
+
+ /* DB: Apply dbMask to maskedDB */
+ mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
+ &md_ctx );
+
+ md_free_ctx( &md_ctx );
+
+ /*
+ * Check contents
+ */
p = buf;
if( *p++ != 0 )
return( POLARSSL_ERR_RSA_INVALID_PADDING );
- md_info = md_info_from_type( ctx->hash_id );
- if( md_info == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ p += hlen; /* Skip seed */
- hlen = md_get_size( md_info );
-
- md_init_ctx( &md_ctx, md_info );
-
- // Generate lHash
- //
- md( md_info, label, label_len, lhash );
-
- // seed: Apply seedMask to maskedSeed
- //
- mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
- &md_ctx );
-
- // DB: Apply dbMask to maskedDB
- //
- mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
- &md_ctx );
-
- p += hlen;
- md_free_ctx( &md_ctx );
-
- // Check validity
- //
+ /* Check lHash */
if( memcmp( lhash, p, hlen ) != 0 )
return( POLARSSL_ERR_RSA_INVALID_PADDING );