Fix two OAEP bug - we didn't prohibit tiny keys properly due to an

integer underflow, and would crash instead of failing if the input was too large to have been produced by the associated key.
author: lloyd <[email protected]> 2013-12-06 21:11:15 +0000
committer: lloyd <[email protected]> 2013-12-06 21:11:15 +0000
commit: f5b1cbf03a7c37105a4e4abe782f41f728cabc40 (patch)
tree: 41f353f24c2c3f8fb7b1c4ede75af430038aab7f /src/pk_pad
parent: 32d327e486f0a3ddd9cdcfbf29bcfce46f5431a3 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp
index 1cc0c332d..b0306e13b 100644
--- a/src/pk_pad/eme1/eme1.cpp
+++ b/src/pk_pad/eme1/eme1.cpp
@@ -21,7 +21,7 @@ SecureVector<byte> EME1::pad(const byte in[], size_t in_length,
    {
    key_length /= 8;
 
-   if(in_length > key_length - 2*Phash.size() - 1)
+   if(key_length < in_length + 2*Phash.size() + 1)
       throw Invalid_Argument("EME1: Input is too large");
 
    SecureVector<byte> out(key_length);
@@ -82,7 +82,7 @@ SecureVector<byte> EME1::unpad(const byte in[], size_t in_length,
    * to timing analysis. Other compilers, or GCC on other platforms,
    * may or may not.
    */
-   for(size_t i = delim_idx; i != input.size(); ++i)
+   for(size_t i = delim_idx; i < input.size(); ++i)
       {
       const bool zero_p = !input[i];
       const bool one_p = input[i] == 0x01;
author	lloyd <[email protected]>	2013-12-06 21:11:15 +0000
committer	lloyd <[email protected]>	2013-12-06 21:11:15 +0000
commit	f5b1cbf03a7c37105a4e4abe782f41f728cabc40 (patch)
tree	41f353f24c2c3f8fb7b1c4ede75af430038aab7f /src/pk_pad
parent	32d327e486f0a3ddd9cdcfbf29bcfce46f5431a3 (diff)