From 38f0cd43f2cb2f294c7d195481f78e58b35dfb44 Mon Sep 17 00:00:00 2001 From: Jesse Luehrs Date: Sat, 17 Apr 2021 22:45:29 -0400 Subject: stop using openssl --- src/cipherstring.rs | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'src/cipherstring.rs') diff --git a/src/cipherstring.rs b/src/cipherstring.rs index 72681f8..fc63ac9 100644 --- a/src/cipherstring.rs +++ b/src/cipherstring.rs @@ -1,8 +1,10 @@ use crate::prelude::*; use block_modes::BlockMode as _; +use block_padding::Padding as _; use hmac::{Mac as _, NewMac as _}; use rand::RngCore as _; +use zeroize::Zeroize as _; pub enum CipherString { Symmetric { @@ -181,24 +183,24 @@ impl CipherString { ) -> Result { match self { Self::Asymmetric { ciphertext } => { - let pkey = openssl::pkey::PKey::private_key_from_pkcs8( - private_key.private_key(), - ) - .map_err(|source| Error::OpenSsl { source })?; - let rsa = - pkey.rsa().map_err(|source| Error::OpenSsl { source })?; - - let mut res = crate::locked::Vec::new(); - res.extend(std::iter::repeat(0).take(rsa.size() as usize)); - - let bytes = rsa - .private_decrypt( + let privkey_data = private_key.private_key(); + let privkey_data = block_padding::Pkcs7::unpad(privkey_data) + .map_err(|_| Error::Padding)?; + let pkey = rsa::RSAPrivateKey::from_pkcs8(privkey_data) + .map_err(|source| Error::Rsa { source })?; + let mut bytes = pkey + .decrypt( + rsa::padding::PaddingScheme::new_oaep::(), ciphertext, - res.data_mut(), - openssl::rsa::Padding::PKCS1_OAEP, ) - .map_err(|source| Error::OpenSsl { source })?; - res.truncate(bytes); + .map_err(|source| Error::Rsa { source })?; + + // XXX it'd be great if the rsa crate would let us decrypt + // into a preallocated buffer directly to avoid the + // intermediate vec that needs to be manually zeroized, etc + let mut res = crate::locked::Vec::new(); + res.extend(bytes.iter().copied()); + bytes.zeroize(); Ok(res) } -- cgit v1.2.3-54-g00ecf