Fix two OAEP bug - we didn't prohibit tiny keys properly due to an

integer underflow, and would crash instead of failing if the input was
too large to have been produced by the associated key.

3 files changed, 10 insertions, 3 deletions

diff --git a/botan_version.py b/botan_version.py
index 05f192737..c84150a36 100644
--- a/botan_version.py
+++ b/botan_version.py
@@ -1,7 +1,7 @@
 
 release_major = 1
 release_minor = 10
-release_patch = 6
+release_patch = 7
 
 release_so_abi_rev = 0
 
diff --git a/doc/log.txt b/doc/log.txt
index f9dde77d2..bf58b5fd8 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -7,6 +7,13 @@ Release Notes
 Series 1.10
 ----------------------------------------
 
+Version 1.10.7, Not Yet Released
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* OAEP had two bugs, one of which allowed it to be used even if the
+  key was too small, and the other of which would cause a crash due to
+  reading past the end of an array
+
 Version 1.10.6, 2013-11-10
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp
index 1cc0c332d..b0306e13b 100644
--- a/src/pk_pad/eme1/eme1.cpp
+++ b/src/pk_pad/eme1/eme1.cpp
@@ -21,7 +21,7 @@ SecureVector<byte> EME1::pad(const byte in[], size_t in_length,
    {
    key_length /= 8;
 
-   if(in_length > key_length - 2*Phash.size() - 1)
+   if(key_length < in_length + 2*Phash.size() + 1)
       throw Invalid_Argument("EME1: Input is too large");
 
    SecureVector<byte> out(key_length);
@@ -82,7 +82,7 @@ SecureVector<byte> EME1::unpad(const byte in[], size_t in_length,
    * to timing analysis. Other compilers, or GCC on other platforms,
    * may or may not.
    */
-   for(size_t i = delim_idx; i != input.size(); ++i)
+   for(size_t i = delim_idx; i < input.size(); ++i)
       {
       const bool zero_p = !input[i];
       const bool one_p = input[i] == 0x01;