aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad/eme_oaep/oaep.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pk_pad/eme_oaep/oaep.cpp')
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.cpp13
1 files changed, 8 insertions, 5 deletions
diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp
index 370a9fe45..894368e2d 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.cpp
+++ b/src/lib/pk_pad/eme_oaep/oaep.cpp
@@ -60,7 +60,8 @@ secure_vector<byte> OAEP::pad(const byte in[], size_t in_length,
/*
* OAEP Unpad Operation
*/
-secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length,
+secure_vector<byte> OAEP::unpad(byte& valid_mask,
+ const byte in[], size_t in_length,
size_t key_length) const
{
/*
@@ -116,16 +117,18 @@ secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length,
// If we never saw any non-zero byte, then it's not valid input
bad_input |= waiting_for_delim;
- bad_input |= CT::expand_mask<byte>(!same_mem(&input[hlen], m_Phash.data(), hlen));
+ bad_input |= CT::is_equal<byte>(same_mem(&input[hlen], m_Phash.data(), hlen), false);
CT::unpoison(input.data(), input.size());
CT::unpoison(&bad_input, 1);
CT::unpoison(&delim_idx, 1);
- if(bad_input)
- throw Decoding_Error("Invalid OAEP encoding");
+ valid_mask = ~bad_input;
- return secure_vector<byte>(input.begin() + delim_idx + 1, input.end());
+ secure_vector<byte> output(input.begin() + delim_idx + 1, input.end());
+ CT::cond_zero_mem(bad_input, output.data(), output.size());
+
+ return output;
}
/*
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 01:35:21 +0000