aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-08-29 17:09:23 -0400
committerJack Lloyd <[email protected]>2017-08-29 17:09:23 -0400
commit3cd661c8dc45f4c05c49cbfa09301d118d2cbb77 (patch)
treead99ced9a3387555e329b96803d803c2284cfa63
parent27ba74d4873a03267cf135d2d2bcd0f955ddfbb6 (diff)
Fix a valgrind const-time error in ISO 9796 padding
It didn't unpoison the output values.
-rw-r--r--src/lib/pk_pad/iso9796/iso9796.cpp9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/lib/pk_pad/iso9796/iso9796.cpp b/src/lib/pk_pad/iso9796/iso9796.cpp
index f56689389..6dcae799a 100644
--- a/src/lib/pk_pad/iso9796/iso9796.cpp
+++ b/src/lib/pk_pad/iso9796/iso9796.cpp
@@ -157,8 +157,13 @@ bool iso9796_verification(const secure_vector<uint8_t>& const_coded,
//invalid, if delimiter 0x01 was not found or msg1_offset is too big
bad_input |= waiting_for_delim;
bad_input |= CT::is_less(coded.size(), tLength + HASH_SIZE + msg1_offset + SALT_SIZE);
+
//in case that msg1_offset is too big, just continue with offset = 0.
msg1_offset = CT::select<size_t>(bad_input, 0, msg1_offset);
+
+ CT::unpoison(coded.data(), coded.size());
+ CT::unpoison(msg1_offset);
+
secure_vector<uint8_t> msg1(coded.begin() + msg1_offset,
coded.end() - tLength - HASH_SIZE - SALT_SIZE);
secure_vector<uint8_t> salt(coded.begin() + msg1_offset + msg1.size(),
@@ -198,8 +203,8 @@ bool iso9796_verification(const secure_vector<uint8_t>& const_coded,
//check if H3 == H2
bad_input |= CT::is_equal<uint8_t>(same_mem(H3.data(), H2.data(), HASH_SIZE), false);
- CT::unpoison(coded.data(), coded.size());
+ CT::unpoison(bad_input);
return (bad_input == 0);
}
@@ -279,4 +284,4 @@ bool ISO_9796_DS3::verify(const secure_vector<uint8_t>& const_coded,
{
return iso9796_verification(const_coded, raw, key_bits, m_hash, 0);
}
-} \ No newline at end of file
+}