Add fuzzer for mode unpadding, and fix bugs found thereby

Both PKCS7 and X9.23 padding modes did not examine the first byte of the purported padding if the padding took an entire block. So for example for a 64-bit cipher, PKCS7 would accept XX08080808080808 as a valid padding for any byte value.
author: Jack Lloyd <[email protected]> 2018-09-22 00:29:20 -0400
committer: Jack Lloyd <[email protected]> 2018-09-22 10:59:12 -0400
commit: 5d5ca7b276e687d9e3480e70d4718c99ce34cc23 (patch)
tree: eeb6317457806d3dcbe13eb73b6a9c4608fb9816 /src/lib/utils/ct_utils.h
parent: c85d1d2ac1640dcaa7cfd9f4bf3ecc30e4b4a137 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h
index 4fd06ec3d..f4f881871 100644
--- a/src/lib/utils/ct_utils.h
+++ b/src/lib/utils/ct_utils.h
@@ -149,6 +149,14 @@ inline T is_lte(T a, T b)
    return CT::is_less(a, b) | CT::is_equal(a, b);
    }
 
+template<typename C, typename T>
+inline T conditional_return(C condvar, T left, T right)
+   {
+   const T val = CT::select(CT::expand_mask<T>(condvar), left, right);
+   CT::unpoison(val);
+   return val;
+   }
+
 template<typename T>
 inline T conditional_copy_mem(T value,
                               T* to,
author	Jack Lloyd <[email protected]>	2018-09-22 00:29:20 -0400
committer	Jack Lloyd <[email protected]>	2018-09-22 10:59:12 -0400
commit	5d5ca7b276e687d9e3480e70d4718c99ce34cc23 (patch)
tree	eeb6317457806d3dcbe13eb73b6a9c4608fb9816 /src/lib/utils/ct_utils.h
parent	c85d1d2ac1640dcaa7cfd9f4bf3ecc30e4b4a137 (diff)