Bug #45533 for Crypt-RSA: Crypt::RSA bug in mgf1 function

I am using Perl v5.10.0 built for MSWin32-x86-multi-thread and Crypt::RSA v 1.98. While trying to decrypt a message using Crypt::RSA that was encrypted with C# .NET library it was found that the mgf1 function is not implemented to match the RSA-OAEP encryption specification (ftp://ftp.rsasecurity.com/pub/rsalabs/rsa_algorithm/rsa-oaep_spec.pdf). The mfg1 function in Crypt::RSA::DataFormat iterates in intervals of twenty (0,20,40,60 ...) and passes the iterator value to the i2osp function. The RSA specification states that mgf1 should iterate by one (0,1,2,3,...) which will cause the iterator value given to i2osp to be different than what was previously implemented. When I change the function to what is below, the Crypt::RSA module then properly decrypts a message from C# .NET library. sub mgf1 { my ($seed, $l) = @_; my $hlen = 20; my ($T, $i) = ("",0); # Modified by Ben Williams to iterate 0,1,2,... instead of 0,20,40,... for (0 .. ($l/$hlen)) { my $C = i2osp (int($i), 4); $T .= sha1("$seed$C"); $i++; } my ($output) = unpack "a$l", $T; return $output; } Ben Williams Technical Services Electronics Engineer MT DOJ Gambling Control Division 406-444-9152 http://www.doj.mt.gov/gaming/