diff options
| -rw-r--r-- | doc/relnotes/1_11_6.rst | 5 | ||||
| -rw-r--r-- | src/pk_pad/eme1/eme1.cpp | 4 |
2 files changed, 7 insertions, 2 deletions
diff --git a/doc/relnotes/1_11_6.rst b/doc/relnotes/1_11_6.rst index b51339791..79b2dca2e 100644 --- a/doc/relnotes/1_11_6.rst +++ b/doc/relnotes/1_11_6.rst @@ -1,6 +1,11 @@ Version 1.11.6, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* OAEP had two bugs, one of which allowed it to be used even if the + key was too small, and the other of which would cause a crash during + decoding if the input was too large to have been created for the + associated key. + * Botan now requires Boost, specifically the filesystem and asio libraries. * The default TLS policy no longer includes RC4 in the cipher list. diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index 57275d4f9..dadb44d0a 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -21,7 +21,7 @@ secure_vector<byte> EME1::pad(const byte in[], size_t in_length, { key_length /= 8; - if(in_length > key_length - 2*Phash.size() - 1) + if(key_length < in_length + 2*Phash.size() + 1) throw Invalid_Argument("EME1: Input is too large"); secure_vector<byte> out(key_length); @@ -82,7 +82,7 @@ secure_vector<byte> EME1::unpad(const byte in[], size_t in_length, * to timing analysis. Other compilers, or GCC on other platforms, * may or may not. */ - for(size_t i = delim_idx; i != input.size(); ++i) + for(size_t i = delim_idx; i < input.size(); ++i) { const bool zero_p = !input[i]; const bool one_p = input[i] == 0x01; |