X-Git-Url: http://git.silc.fi/gitweb/?a=blobdiff_plain;f=lib%2Fsilccrypt%2Fsilcpkcs1.c;h=653a4d891fbd8d42aa014ff3763b83e14ccd6553;hb=2b4204c0a1a276bc9e25d21d18a8e5ad358428b4;hp=283f1ab38747f060aade42d1126c187430cfa860;hpb=cf7c57c5507866dab44cc92c9ee772cfc80eddbd;p=crypto.git diff --git a/lib/silccrypt/silcpkcs1.c b/lib/silccrypt/silcpkcs1.c index 283f1ab3..653a4d89 100644 --- a/lib/silccrypt/silcpkcs1.c +++ b/lib/silccrypt/silcpkcs1.c @@ -4,7 +4,7 @@ Author: Pekka Riikonen - Copyright (C) 2003 - 2007 Pekka Riikonen + Copyright (C) 2003 - 2008 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,9 +16,8 @@ GNU General Public License for more details. */ -/* $Id$ */ -#include "silc.h" +#include "silccrypto.h" #include "rsa.h" #include "silcpkcs1_i.h" @@ -108,7 +107,7 @@ SilcBool silc_pkcs1_decode(SilcPkcs1BlockType bt, SilcUInt32 dest_data_size, SilcUInt32 *dest_len) { - int i = 0; + SilcUInt32 i = 0; SILC_LOG_DEBUG(("PKCS#1 decoding, bt %d", bt)); @@ -141,12 +140,20 @@ SilcBool silc_pkcs1_decode(SilcPkcs1BlockType bt, } /* Sanity checks */ + if (i >= data_len) { + SILC_LOG_DEBUG(("Malformed block, too short message")); + return FALSE; + } + if (i < SILC_PKCS1_MIN_PADDING) { + SILC_LOG_DEBUG(("Malformed block, too short padding")); + return FALSE; + } if (data[i++] != 0x00) { SILC_LOG_DEBUG(("Malformed block")); return FALSE; } - if (i - 1 < SILC_PKCS1_MIN_PADDING) { - SILC_LOG_DEBUG(("Malformed block")); + if (i >= data_len) { + SILC_LOG_DEBUG(("Malformed block, too short message")); return FALSE; } if (dest_data_size < data_len - i) { @@ -169,10 +176,7 @@ SilcBool silc_pkcs1_decode(SilcPkcs1BlockType bt, /* Generates RSA key pair. */ -SilcBool silc_pkcs1_generate_key(SilcUInt32 keylen, - SilcRng rng, - void **ret_public_key, - void **ret_private_key) +SILC_PKCS_ALG_GENERATE_KEY(silc_pkcs1_generate_key) { SilcUInt32 prime_bits = keylen / 2; SilcMPInt p, q; @@ -216,9 +220,7 @@ SilcBool silc_pkcs1_generate_key(SilcUInt32 keylen, /* Import PKCS #1 compliant public key */ -int silc_pkcs1_import_public_key(unsigned char *key, - SilcUInt32 key_len, - void **ret_public_key) +SILC_PKCS_ALG_IMPORT_PUBLIC_KEY(silc_pkcs1_import_public_key) { SilcAsn1 asn1 = NULL; SilcBufferStruct alg_key; @@ -227,7 +229,7 @@ int silc_pkcs1_import_public_key(unsigned char *key, if (!ret_public_key) return 0; - asn1 = silc_asn1_alloc(); + asn1 = silc_asn1_alloc(NULL); if (!asn1) return 0; @@ -261,15 +263,14 @@ int silc_pkcs1_import_public_key(unsigned char *key, /* Export PKCS #1 compliant public key */ -unsigned char *silc_pkcs1_export_public_key(void *public_key, - SilcUInt32 *ret_len) +SILC_PKCS_ALG_EXPORT_PUBLIC_KEY(silc_pkcs1_export_public_key) { RsaPublicKey *key = public_key; SilcAsn1 asn1 = NULL; SilcBufferStruct alg_key; unsigned char *ret; - asn1 = silc_asn1_alloc(); + asn1 = silc_asn1_alloc(stack); if (!asn1) goto err; @@ -296,7 +297,7 @@ unsigned char *silc_pkcs1_export_public_key(void *public_key, /* Returns key length */ -SilcUInt32 silc_pkcs1_public_key_bitlen(void *public_key) +SILC_PKCS_ALG_PUBLIC_KEY_BITLEN(silc_pkcs1_public_key_bitlen) { RsaPublicKey *key = public_key; return key->bits; @@ -304,7 +305,7 @@ SilcUInt32 silc_pkcs1_public_key_bitlen(void *public_key) /* Copy public key */ -void *silc_pkcs1_public_key_copy(void *public_key) +SILC_PKCS_ALG_PUBLIC_KEY_COPY(silc_pkcs1_public_key_copy) { RsaPublicKey *key = public_key, *new_key; @@ -323,7 +324,7 @@ void *silc_pkcs1_public_key_copy(void *public_key) /* Compare public keys */ -SilcBool silc_pkcs1_public_key_compare(void *key1, void *key2) +SILC_PKCS_ALG_PUBLIC_KEY_COMPARE(silc_pkcs1_public_key_compare) { RsaPublicKey *k1 = key1, *k2 = key2; @@ -339,20 +340,19 @@ SilcBool silc_pkcs1_public_key_compare(void *key1, void *key2) /* Frees public key */ -void silc_pkcs1_public_key_free(void *public_key) +SILC_PKCS_ALG_PUBLIC_KEY_FREE(silc_pkcs1_public_key_free) { RsaPublicKey *key = public_key; silc_mp_uninit(&key->n); silc_mp_uninit(&key->e); + silc_hash_free(key->hash); silc_free(key); } /* Import PKCS #1 compliant private key */ -int silc_pkcs1_import_private_key(unsigned char *key, - SilcUInt32 key_len, - void **ret_private_key) +SILC_PKCS_ALG_IMPORT_PRIVATE_KEY(silc_pkcs1_import_private_key) { SilcAsn1 asn1; SilcBufferStruct alg_key; @@ -362,7 +362,7 @@ int silc_pkcs1_import_private_key(unsigned char *key, if (!ret_private_key) return 0; - asn1 = silc_asn1_alloc(); + asn1 = silc_asn1_alloc(NULL); if (!asn1) return 0; @@ -406,15 +406,14 @@ int silc_pkcs1_import_private_key(unsigned char *key, /* Export PKCS #1 compliant private key */ -unsigned char *silc_pkcs1_export_private_key(void *private_key, - SilcUInt32 *ret_len) +SILC_PKCS_ALG_EXPORT_PRIVATE_KEY(silc_pkcs1_export_private_key) { RsaPrivateKey *key = private_key; SilcAsn1 asn1; SilcBufferStruct alg_key; unsigned char *ret; - asn1 = silc_asn1_alloc(); + asn1 = silc_asn1_alloc(stack); if (!asn1) return FALSE; @@ -447,7 +446,7 @@ unsigned char *silc_pkcs1_export_private_key(void *private_key, /* Returns key length */ -SilcUInt32 silc_pkcs1_private_key_bitlen(void *private_key) +SILC_PKCS_ALG_PRIVATE_KEY_BITLEN(silc_pkcs1_private_key_bitlen) { RsaPrivateKey *key = private_key; return key->bits; @@ -455,7 +454,7 @@ SilcUInt32 silc_pkcs1_private_key_bitlen(void *private_key) /* Frees private key */ -void silc_pkcs1_private_key_free(void *private_key) +SILC_PKCS_ALG_PRIVATE_KEY_FREE(silc_pkcs1_private_key_free) { RsaPrivateKey *key = private_key; @@ -467,37 +466,37 @@ void silc_pkcs1_private_key_free(void *private_key) silc_mp_uninit(&key->qP); silc_mp_uninit(&key->p); silc_mp_uninit(&key->q); + silc_hash_free(key->hash); silc_free(key); } /* PKCS #1 RSA routines */ -SilcBool silc_pkcs1_encrypt(void *public_key, - unsigned char *src, - SilcUInt32 src_len, - unsigned char *dst, - SilcUInt32 dst_size, - SilcUInt32 *ret_dst_len, - SilcRng rng) +SILC_PKCS_ALG_ENCRYPT(silc_pkcs1_encrypt) { RsaPublicKey *key = public_key; SilcMPInt mp_tmp; SilcMPInt mp_dst; unsigned char padded[2048 + 1]; SilcUInt32 len = (key->bits + 7) / 8; + SilcStack stack; - if (sizeof(padded) < len) - return FALSE; - if (dst_size < len) - return FALSE; + if (sizeof(padded) < len) { + encrypt_cb(FALSE, NULL, 0, context); + return NULL; + } /* Pad data */ if (!silc_pkcs1_encode(SILC_PKCS1_BT_PUB, src, src_len, - padded, len, rng)) - return FALSE; + padded, len, rng)) { + encrypt_cb(FALSE, NULL, 0, context); + return NULL; + } - silc_mp_init(&mp_tmp); - silc_mp_init(&mp_dst); + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + silc_mp_sinit(stack, &mp_tmp); + silc_mp_sinit(stack, &mp_dst); /* Data to MP */ silc_mp_bin2mp(padded, len, &mp_tmp); @@ -506,34 +505,37 @@ SilcBool silc_pkcs1_encrypt(void *public_key, silc_rsa_public_operation(key, &mp_tmp, &mp_dst); /* MP to data */ - silc_mp_mp2bin_noalloc(&mp_dst, dst, len); - *ret_dst_len = len; + silc_mp_mp2bin_noalloc(&mp_dst, padded, len); + + /* Deliver result */ + encrypt_cb(TRUE, padded, len, context); memset(padded, 0, sizeof(padded)); silc_mp_uninit(&mp_tmp); silc_mp_uninit(&mp_dst); + silc_stack_free(stack); - return TRUE; + return NULL; } -SilcBool silc_pkcs1_decrypt(void *private_key, - unsigned char *src, - SilcUInt32 src_len, - unsigned char *dst, - SilcUInt32 dst_size, - SilcUInt32 *ret_dst_len) +SILC_PKCS_ALG_DECRYPT(silc_pkcs1_decrypt) { RsaPrivateKey *key = private_key; SilcMPInt mp_tmp; SilcMPInt mp_dst; unsigned char *padded, unpadded[2048 + 1]; - SilcUInt32 padded_len; + SilcUInt32 padded_len, dst_len; + SilcStack stack; - if (dst_size < (key->bits + 7) / 8) - return FALSE; + if (sizeof(unpadded) < (key->bits + 7) / 8) { + decrypt_cb(FALSE, NULL, 0, context); + return NULL; + } + + stack = silc_stack_alloc(2048, silc_crypto_stack()); - silc_mp_init(&mp_tmp); - silc_mp_init(&mp_dst); + silc_mp_sinit(stack, &mp_tmp); + silc_mp_sinit(stack, &mp_dst); /* Data to MP */ silc_mp_bin2mp(src, src_len, &mp_tmp); @@ -546,36 +548,31 @@ SilcBool silc_pkcs1_decrypt(void *private_key, /* Unpad data */ if (!silc_pkcs1_decode(SILC_PKCS1_BT_PUB, padded, padded_len, - unpadded, sizeof(unpadded), ret_dst_len)) { + unpadded, sizeof(unpadded), &dst_len)) { memset(padded, 0, padded_len); silc_free(padded); silc_mp_uninit(&mp_tmp); silc_mp_uninit(&mp_dst); - return FALSE; + decrypt_cb(FALSE, NULL, 0, context); + return NULL; } - /* Copy to destination */ - memcpy(dst, unpadded, *ret_dst_len); + /* Deliver result */ + decrypt_cb(TRUE, unpadded, dst_len, context); memset(padded, 0, padded_len); memset(unpadded, 0, sizeof(unpadded)); silc_free(padded); silc_mp_uninit(&mp_tmp); silc_mp_uninit(&mp_dst); + silc_stack_free(stack); - return TRUE; + return NULL; } /* PKCS #1 sign with appendix, hash OID included in the signature */ -SilcBool silc_pkcs1_sign(void *private_key, - unsigned char *src, - SilcUInt32 src_len, - unsigned char *signature, - SilcUInt32 signature_size, - SilcUInt32 *ret_signature_len, - SilcBool compute_hash, - SilcHash hash) +SILC_PKCS_ALG_SIGN(silc_pkcs1_sign) { RsaPrivateKey *key = private_key; unsigned char padded[2048 + 1], hashr[SILC_HASH_MAXLEN]; @@ -584,25 +581,35 @@ SilcBool silc_pkcs1_sign(void *private_key, SilcBufferStruct di; SilcUInt32 len = (key->bits + 7) / 8; const char *oid; + SilcStack stack; SilcAsn1 asn1; SILC_LOG_DEBUG(("Sign")); - if (sizeof(padded) < len) - return FALSE; - if (signature_size < len) - return FALSE; + if (sizeof(padded) < len) { + sign_cb(FALSE, NULL, 0, context); + return NULL; + } oid = silc_hash_get_oid(hash); - if (!oid) - return FALSE; + if (!oid) { + sign_cb(FALSE, NULL, 0, context); + return NULL; + } - asn1 = silc_asn1_alloc(); - if (!asn1) - return FALSE; + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + asn1 = silc_asn1_alloc(stack); + if (!asn1) { + silc_stack_free(stack); + sign_cb(FALSE, NULL, 0, context); + return NULL; + } /* Compute hash */ if (compute_hash) { + if (!hash) + hash = key->hash; silc_hash_make(hash, src, src_len, hashr); src = hashr; src_len = silc_hash_len(hash); @@ -614,12 +621,14 @@ SilcBool silc_pkcs1_sign(void *private_key, SILC_ASN1_SEQUENCE, SILC_ASN1_SEQUENCE, SILC_ASN1_OID(oid), - SILC_ASN1_NULL, + SILC_ASN1_NULL(TRUE), SILC_ASN1_END, SILC_ASN1_OCTET_STRING(src, src_len), SILC_ASN1_END, SILC_ASN1_END)) { silc_asn1_free(asn1); - return FALSE; + silc_stack_free(stack); + sign_cb(FALSE, NULL, 0, context); + return NULL; } SILC_LOG_HEXDUMP(("DigestInfo"), silc_buffer_data(&di), silc_buffer_len(&di)); @@ -628,11 +637,13 @@ SilcBool silc_pkcs1_sign(void *private_key, if (!silc_pkcs1_encode(SILC_PKCS1_BT_PRV1, silc_buffer_data(&di), silc_buffer_len(&di), padded, len, NULL)) { silc_asn1_free(asn1); - return FALSE; + silc_stack_free(stack); + sign_cb(FALSE, NULL, 0, context); + return NULL; } - silc_mp_init(&mp_tmp); - silc_mp_init(&mp_dst); + silc_mp_sinit(stack, &mp_tmp); + silc_mp_sinit(stack, &mp_dst); /* Data to MP */ silc_mp_bin2mp(padded, len, &mp_tmp); @@ -641,27 +652,25 @@ SilcBool silc_pkcs1_sign(void *private_key, silc_rsa_private_operation(key, &mp_tmp, &mp_dst); /* MP to data */ - silc_mp_mp2bin_noalloc(&mp_dst, signature, len); - *ret_signature_len = len; + silc_mp_mp2bin_noalloc(&mp_dst, padded, len); + + /* Deliver result */ + sign_cb(TRUE, padded, len, context); memset(padded, 0, sizeof(padded)); - silc_mp_uninit(&mp_tmp); - silc_mp_uninit(&mp_dst); if (compute_hash) memset(hashr, 0, sizeof(hashr)); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); silc_asn1_free(asn1); + silc_stack_free(stack); - return TRUE; + return NULL; } /* PKCS #1 verification with appendix. */ -SilcBool silc_pkcs1_verify(void *public_key, - unsigned char *signature, - SilcUInt32 signature_len, - unsigned char *data, - SilcUInt32 data_len, - SilcHash hash) +SILC_PKCS_ALG_VERIFY(silc_pkcs1_verify) { RsaPublicKey *key = public_key; SilcBool ret = FALSE; @@ -670,18 +679,24 @@ SilcBool silc_pkcs1_verify(void *public_key, unsigned char *verify, unpadded[2048 + 1], hashr[SILC_HASH_MAXLEN]; SilcUInt32 verify_len, len = (key->bits + 7) / 8; SilcBufferStruct di, ldi; + SilcBool has_null = TRUE; SilcHash ihash = NULL; - SilcAsn1 asn1 = NULL; + SilcStack stack; + SilcAsn1 asn1; char *oid; SILC_LOG_DEBUG(("Verify signature")); - asn1 = silc_asn1_alloc(); - if (!asn1) - return FALSE; + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + asn1 = silc_asn1_alloc(stack); + if (!asn1) { + verify_cb(FALSE, context); + return NULL; + } - silc_mp_init(&mp_tmp2); - silc_mp_init(&mp_dst); + silc_mp_sinit(stack, &mp_tmp2); + silc_mp_sinit(stack, &mp_dst); /* Format the signature into MP int */ silc_mp_bin2mp(signature, signature_len, &mp_tmp2); @@ -699,29 +714,35 @@ SilcBool silc_pkcs1_verify(void *public_key, silc_buffer_set(&di, unpadded, len); /* If hash isn't given, allocate the one given in digest info */ - if (!hash) { - /* Decode digest info */ - if (!silc_asn1_decode(asn1, &di, - SILC_ASN1_OPTS(SILC_ASN1_ACCUMUL), - SILC_ASN1_SEQUENCE, + if (compute_hash) { + if (!hash) { + has_null = FALSE; + + /* Decode digest info */ + if (!silc_asn1_decode(asn1, &di, + SILC_ASN1_OPTS(SILC_ASN1_ACCUMUL), SILC_ASN1_SEQUENCE, - SILC_ASN1_OID(&oid), - SILC_ASN1_END, - SILC_ASN1_END, SILC_ASN1_END)) - goto err; - - if (!silc_hash_alloc_by_oid(oid, &ihash)) { - SILC_LOG_DEBUG(("Unknown OID %s", oid)); - goto err; + SILC_ASN1_SEQUENCE, + SILC_ASN1_OID(&oid), + SILC_ASN1_NULL_T(SILC_ASN1_OPTIONAL, + SILC_ASN1_TAG_NULL, &has_null), + SILC_ASN1_END, + SILC_ASN1_END, SILC_ASN1_END)) + goto err; + + if (!silc_hash_alloc_by_oid(oid, &ihash)) { + SILC_LOG_DEBUG(("Unknown OID %s", oid)); + goto err; + } + hash = ihash; } - hash = ihash; - } - /* Hash the data */ - silc_hash_make(hash, data, data_len, hashr); - data = hashr; - data_len = silc_hash_len(hash); - oid = (char *)silc_hash_get_oid(hash); + /* Hash the data */ + silc_hash_make(hash, data, data_len, hashr); + data = hashr; + data_len = silc_hash_len(hash); + oid = (char *)silc_hash_get_oid(hash); + } /* Encode digest info for comparison */ memset(&ldi, 0, sizeof(ldi)); @@ -730,7 +751,7 @@ SilcBool silc_pkcs1_verify(void *public_key, SILC_ASN1_SEQUENCE, SILC_ASN1_SEQUENCE, SILC_ASN1_OID(oid), - SILC_ASN1_NULL, + SILC_ASN1_NULL(has_null), SILC_ASN1_END, SILC_ASN1_OCTET_STRING(data, data_len), SILC_ASN1_END, SILC_ASN1_END)) @@ -747,18 +768,22 @@ SilcBool silc_pkcs1_verify(void *public_key, silc_buffer_len(&ldi))) ret = TRUE; + /* Deliver result */ + verify_cb(ret, context); + memset(verify, 0, verify_len); memset(unpadded, 0, sizeof(unpadded)); silc_free(verify); silc_mp_uninit(&mp_tmp2); silc_mp_uninit(&mp_dst); - if (hash) + if (compute_hash) memset(hashr, 0, sizeof(hashr)); if (ihash) silc_hash_free(ihash); silc_asn1_free(asn1); + silc_stack_free(stack); - return ret; + return NULL; err: memset(verify, 0, verify_len); @@ -768,35 +793,34 @@ SilcBool silc_pkcs1_verify(void *public_key, if (ihash) silc_hash_free(ihash); silc_asn1_free(asn1); - return FALSE; + silc_stack_free(stack); + + verify_cb(FALSE, context); + return NULL; } /* PKCS #1 sign without hash oid */ -SilcBool silc_pkcs1_sign_no_oid(void *private_key, - unsigned char *src, - SilcUInt32 src_len, - unsigned char *signature, - SilcUInt32 signature_size, - SilcUInt32 *ret_signature_len, - SilcBool compute_hash, - SilcHash hash) +SILC_PKCS_ALG_SIGN(silc_pkcs1_sign_no_oid) { RsaPrivateKey *key = private_key; SilcMPInt mp_tmp; SilcMPInt mp_dst; unsigned char padded[2048 + 1], hashr[SILC_HASH_MAXLEN]; SilcUInt32 len = (key->bits + 7) / 8; + SilcStack stack; SILC_LOG_DEBUG(("Sign")); - if (sizeof(padded) < len) - return FALSE; - if (signature_size < len) - return FALSE; + if (sizeof(padded) < len) { + sign_cb(FALSE, NULL, 0, context); + return NULL; + } /* Compute hash if requested */ if (compute_hash) { + if (!hash) + hash = key->hash; silc_hash_make(hash, src, src_len, hashr); src = hashr; src_len = silc_hash_len(hash); @@ -804,11 +828,15 @@ SilcBool silc_pkcs1_sign_no_oid(void *private_key, /* Pad data */ if (!silc_pkcs1_encode(SILC_PKCS1_BT_PRV1, src, src_len, - padded, len, NULL)) - return FALSE; + padded, len, NULL)) { + sign_cb(FALSE, NULL, 0, context); + return NULL; + } + + stack = silc_stack_alloc(2048, silc_crypto_stack()); - silc_mp_init(&mp_tmp); - silc_mp_init(&mp_dst); + silc_mp_sinit(stack, &mp_tmp); + silc_mp_sinit(stack, &mp_dst); /* Data to MP */ silc_mp_bin2mp(padded, len, &mp_tmp); @@ -817,26 +845,24 @@ SilcBool silc_pkcs1_sign_no_oid(void *private_key, silc_rsa_private_operation(key, &mp_tmp, &mp_dst); /* MP to data */ - silc_mp_mp2bin_noalloc(&mp_dst, signature, len); - *ret_signature_len = len; + silc_mp_mp2bin_noalloc(&mp_dst, padded, len); + + /* Deliver result */ + sign_cb(TRUE, padded, len, context); memset(padded, 0, sizeof(padded)); - silc_mp_uninit(&mp_tmp); - silc_mp_uninit(&mp_dst); if (compute_hash) memset(hashr, 0, sizeof(hashr)); + silc_mp_uninit(&mp_tmp); + silc_mp_uninit(&mp_dst); + silc_stack_free(stack); - return TRUE; + return NULL; } /* PKCS #1 verify without hash oid */ -SilcBool silc_pkcs1_verify_no_oid(void *public_key, - unsigned char *signature, - SilcUInt32 signature_len, - unsigned char *data, - SilcUInt32 data_len, - SilcHash hash) +SILC_PKCS_ALG_VERIFY(silc_pkcs1_verify_no_oid) { RsaPublicKey *key = public_key; SilcBool ret = FALSE; @@ -844,11 +870,14 @@ SilcBool silc_pkcs1_verify_no_oid(void *public_key, SilcMPInt mp_dst; unsigned char *verify, unpadded[2048 + 1], hashr[SILC_HASH_MAXLEN]; SilcUInt32 verify_len, len = (key->bits + 7) / 8; + SilcStack stack; SILC_LOG_DEBUG(("Verify signature")); - silc_mp_init(&mp_tmp2); - silc_mp_init(&mp_dst); + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + silc_mp_sinit(stack, &mp_tmp2); + silc_mp_sinit(stack, &mp_dst); /* Format the signature into MP int */ silc_mp_bin2mp(signature, signature_len, &mp_tmp2); @@ -866,11 +895,15 @@ SilcBool silc_pkcs1_verify_no_oid(void *public_key, silc_free(verify); silc_mp_uninit(&mp_tmp2); silc_mp_uninit(&mp_dst); - return FALSE; + silc_stack_free(stack); + verify_cb(FALSE, context); + return NULL; } /* Hash data if requested */ - if (hash) { + if (compute_hash) { + if (!hash) + hash = key->hash; silc_hash_make(hash, data, data_len, hashr); data = hashr; data_len = silc_hash_len(hash); @@ -880,13 +913,17 @@ SilcBool silc_pkcs1_verify_no_oid(void *public_key, if (len == data_len && !memcmp(data, unpadded, len)) ret = TRUE; + /* Deliver result */ + verify_cb(ret, context); + memset(verify, 0, verify_len); memset(unpadded, 0, sizeof(unpadded)); + if (compute_hash) + memset(hashr, 0, sizeof(hashr)); silc_free(verify); silc_mp_uninit(&mp_tmp2); silc_mp_uninit(&mp_dst); - if (hash) - memset(hashr, 0, sizeof(hashr)); + silc_stack_free(stack); - return ret; + return NULL; }