BUF_MEM * compute_authentication_token(int protocol, const KA_CTX *ka_ctx, EVP_PKEY *opp_key, BN_CTX *bn_ctx, enum eac_tr_version tr_version) { BUF_MEM *asn1 = NULL, *out = NULL, *pad =NULL; check(ka_ctx, "Invalid arguments"); asn1 = asn1_pubkey(protocol, opp_key, bn_ctx, tr_version); /* ISO 9797-1 algorithm 3 retail MAC now needs extra padding (padding method 2) */ if (EVP_CIPHER_nid(ka_ctx->cipher) == NID_des_ede_cbc) { pad = add_iso_pad(asn1, EVP_CIPHER_block_size(ka_ctx->cipher)); if (!pad) goto err; out = authenticate(ka_ctx, pad); } else { out = authenticate(ka_ctx, asn1); } err: if (asn1) BUF_MEM_free(asn1); if (pad) BUF_MEM_free(pad); return out; }
static int add_padding(const struct iso_sm_ctx *ctx, const u8 *data, size_t datalen, u8 **padded) { u8 *p; switch (ctx->padding_indicator) { case SM_NO_PADDING: if (*padded != data) { p = realloc(*padded, datalen); if (!p) return SC_ERROR_OUT_OF_MEMORY; *padded = p; /* Flawfinder: ignore */ memcpy(*padded, data, datalen); } return datalen; case SM_ISO_PADDING: return add_iso_pad(data, datalen, ctx->block_length, padded); default: return SC_ERROR_INVALID_ARGUMENTS; } }