aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad/eme_oaep
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pk_pad/eme_oaep')
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.cpp13
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.h12
2 files changed, 17 insertions, 8 deletions
diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp
index 370a9fe45..894368e2d 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.cpp
+++ b/src/lib/pk_pad/eme_oaep/oaep.cpp
@@ -60,7 +60,8 @@ secure_vector<byte> OAEP::pad(const byte in[], size_t in_length,
/*
* OAEP Unpad Operation
*/
-secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length,
+secure_vector<byte> OAEP::unpad(byte& valid_mask,
+ const byte in[], size_t in_length,
size_t key_length) const
{
/*
@@ -116,16 +117,18 @@ secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length,
// If we never saw any non-zero byte, then it's not valid input
bad_input |= waiting_for_delim;
- bad_input |= CT::expand_mask<byte>(!same_mem(&input[hlen], m_Phash.data(), hlen));
+ bad_input |= CT::is_equal<byte>(same_mem(&input[hlen], m_Phash.data(), hlen), false);
CT::unpoison(input.data(), input.size());
CT::unpoison(&bad_input, 1);
CT::unpoison(&delim_idx, 1);
- if(bad_input)
- throw Decoding_Error("Invalid OAEP encoding");
+ valid_mask = ~bad_input;
- return secure_vector<byte>(input.begin() + delim_idx + 1, input.end());
+ secure_vector<byte> output(input.begin() + delim_idx + 1, input.end());
+ CT::cond_zero_mem(bad_input, output.data(), output.size());
+
+ return output;
}
/*
diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h
index 22d009f5f..dce706613 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.h
+++ b/src/lib/pk_pad/eme_oaep/oaep.h
@@ -29,9 +29,15 @@ class BOTAN_DLL OAEP final : public EME
*/
OAEP(HashFunction* hash, const std::string& P = "");
private:
- secure_vector<byte> pad(const byte[], size_t, size_t,
- RandomNumberGenerator&) const override;
- secure_vector<byte> unpad(const byte[], size_t, size_t) const override;
+ secure_vector<byte> pad(const byte in[],
+ size_t in_length,
+ size_t key_length,
+ RandomNumberGenerator& rng) const override;
+
+ secure_vector<byte> unpad(byte& valid_mask,
+ const byte in[],
+ size_t in_len,
+ size_t key_length) const override;
secure_vector<byte> m_Phash;
std::unique_ptr<HashFunction> m_hash;