diff options
author | Jack Lloyd <[email protected]> | 2017-08-29 17:09:23 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-08-29 17:09:23 -0400 |
commit | 3cd661c8dc45f4c05c49cbfa09301d118d2cbb77 (patch) | |
tree | ad99ced9a3387555e329b96803d803c2284cfa63 | |
parent | 27ba74d4873a03267cf135d2d2bcd0f955ddfbb6 (diff) |
Fix a valgrind const-time error in ISO 9796 padding
It didn't unpoison the output values.
-rw-r--r-- | src/lib/pk_pad/iso9796/iso9796.cpp | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/pk_pad/iso9796/iso9796.cpp b/src/lib/pk_pad/iso9796/iso9796.cpp index f56689389..6dcae799a 100644 --- a/src/lib/pk_pad/iso9796/iso9796.cpp +++ b/src/lib/pk_pad/iso9796/iso9796.cpp @@ -157,8 +157,13 @@ bool iso9796_verification(const secure_vector<uint8_t>& const_coded, //invalid, if delimiter 0x01 was not found or msg1_offset is too big bad_input |= waiting_for_delim; bad_input |= CT::is_less(coded.size(), tLength + HASH_SIZE + msg1_offset + SALT_SIZE); + //in case that msg1_offset is too big, just continue with offset = 0. msg1_offset = CT::select<size_t>(bad_input, 0, msg1_offset); + + CT::unpoison(coded.data(), coded.size()); + CT::unpoison(msg1_offset); + secure_vector<uint8_t> msg1(coded.begin() + msg1_offset, coded.end() - tLength - HASH_SIZE - SALT_SIZE); secure_vector<uint8_t> salt(coded.begin() + msg1_offset + msg1.size(), @@ -198,8 +203,8 @@ bool iso9796_verification(const secure_vector<uint8_t>& const_coded, //check if H3 == H2 bad_input |= CT::is_equal<uint8_t>(same_mem(H3.data(), H2.data(), HASH_SIZE), false); - CT::unpoison(coded.data(), coded.size()); + CT::unpoison(bad_input); return (bad_input == 0); } @@ -279,4 +284,4 @@ bool ISO_9796_DS3::verify(const secure_vector<uint8_t>& const_coded, { return iso9796_verification(const_coded, raw, key_bits, m_hash, 0); } -}
\ No newline at end of file +} |