Clean up PK decryption encoding.

Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.

4 files changed, 3 insertions, 10 deletions

diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp
index 10dc195a8..37dfe89cf 100644
--- a/src/lib/pubkey/elgamal/elgamal.cpp
+++ b/src/lib/pubkey/elgamal/elgamal.cpp
@@ -174,7 +174,7 @@ ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len)
 
    BigInt r = m_mod_p.multiply(b, inverse_mod(m_powermod_x_p(a), p));
 
-   return BigInt::encode_locked(m_blinder.unblind(r));
+   return BigInt::encode_1363(m_blinder.unblind(r), p_bytes);
    }
 
 BOTAN_REGISTER_PK_ENCRYPTION_OP("ElGamal", ElGamal_Encryption_Operation);
diff --git a/src/lib/pubkey/pk_ops.cpp b/src/lib/pubkey/pk_ops.cpp
index 37c31777d..654b68255 100644
--- a/src/lib/pubkey/pk_ops.cpp
+++ b/src/lib/pubkey/pk_ops.cpp
@@ -31,12 +31,7 @@ secure_vector<byte> PK_Ops::Encryption_with_EME::encrypt(const byte msg[], size_
                                                          RandomNumberGenerator& rng)
    {
    const size_t max_raw = max_raw_input_bits();
-
    const std::vector<byte> encoded = unlock(m_eme->encode(msg, msg_len, max_raw, rng));
-
-   if(8*(encoded.size() - 1) + high_bit(encoded[0]) > max_raw)
-      throw Exception("Input is too large to encrypt with this key");
-
    return raw_encrypt(encoded.data(), encoded.size(), rng);
    }
 
@@ -60,7 +55,7 @@ PK_Ops::Decryption_with_EME::decrypt(byte& valid_mask,
                                      size_t ciphertext_len)
    {
    const secure_vector<byte> raw = raw_decrypt(ciphertext, ciphertext_len);
-   return m_eme->unpad(valid_mask, raw.data(), raw.size(), max_raw_input_bits());
+   return m_eme->unpad(valid_mask, raw.data(), raw.size());
    }
 
 PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(const std::string& kdf)
diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp
index 86665ed93..c0485fec8 100644
--- a/src/lib/pubkey/pubkey.cpp
+++ b/src/lib/pubkey/pubkey.cpp
@@ -53,7 +53,6 @@ PK_Decryptor::decrypt_or_random(const byte in[],
                                 size_t required_contents_length) const
    {
    const secure_vector<byte> fake_pms = rng.random_vec(expected_pt_len);
-   //secure_vector<byte> decoded(expected_pt_len);
 
    CT::poison(in, length);
 
@@ -62,7 +61,6 @@ PK_Decryptor::decrypt_or_random(const byte in[],
 
    valid_mask &= CT::is_equal(decoded.size(), expected_pt_len);
 
-   // fixme
    decoded.resize(expected_pt_len);
 
    for(size_t i = 0; i != required_contents_length; ++i)
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index eb9fc2892..e12586014 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -157,7 +157,7 @@ class RSA_Decryption_Operation : public PK_Ops::Decryption_with_EME,
          const BigInt x = blinded_private_op(m);
          const BigInt c = m_powermod_e_n(x);
          BOTAN_ASSERT(m == c, "RSA decrypt consistency check");
-         return BigInt::encode_locked(x);
+         return BigInt::encode_1363(x, m_n.bytes());
          }
    };