diff options
Diffstat (limited to 'src/lib/pk_pad/eme_oaep')
-rw-r--r-- | src/lib/pk_pad/eme_oaep/oaep.cpp | 13 | ||||
-rw-r--r-- | src/lib/pk_pad/eme_oaep/oaep.h | 12 |
2 files changed, 17 insertions, 8 deletions
diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp index 370a9fe45..894368e2d 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.cpp +++ b/src/lib/pk_pad/eme_oaep/oaep.cpp @@ -60,7 +60,8 @@ secure_vector<byte> OAEP::pad(const byte in[], size_t in_length, /* * OAEP Unpad Operation */ -secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length, +secure_vector<byte> OAEP::unpad(byte& valid_mask, + const byte in[], size_t in_length, size_t key_length) const { /* @@ -116,16 +117,18 @@ secure_vector<byte> OAEP::unpad(const byte in[], size_t in_length, // If we never saw any non-zero byte, then it's not valid input bad_input |= waiting_for_delim; - bad_input |= CT::expand_mask<byte>(!same_mem(&input[hlen], m_Phash.data(), hlen)); + bad_input |= CT::is_equal<byte>(same_mem(&input[hlen], m_Phash.data(), hlen), false); CT::unpoison(input.data(), input.size()); CT::unpoison(&bad_input, 1); CT::unpoison(&delim_idx, 1); - if(bad_input) - throw Decoding_Error("Invalid OAEP encoding"); + valid_mask = ~bad_input; - return secure_vector<byte>(input.begin() + delim_idx + 1, input.end()); + secure_vector<byte> output(input.begin() + delim_idx + 1, input.end()); + CT::cond_zero_mem(bad_input, output.data(), output.size()); + + return output; } /* diff --git a/src/lib/pk_pad/eme_oaep/oaep.h b/src/lib/pk_pad/eme_oaep/oaep.h index 22d009f5f..dce706613 100644 --- a/src/lib/pk_pad/eme_oaep/oaep.h +++ b/src/lib/pk_pad/eme_oaep/oaep.h @@ -29,9 +29,15 @@ class BOTAN_DLL OAEP final : public EME */ OAEP(HashFunction* hash, const std::string& P = ""); private: - secure_vector<byte> pad(const byte[], size_t, size_t, - RandomNumberGenerator&) const override; - secure_vector<byte> unpad(const byte[], size_t, size_t) const override; + secure_vector<byte> pad(const byte in[], + size_t in_length, + size_t key_length, + RandomNumberGenerator& rng) const override; + + secure_vector<byte> unpad(byte& valid_mask, + const byte in[], + size_t in_len, + size_t key_length) const override; secure_vector<byte> m_Phash; std::unique_ptr<HashFunction> m_hash; |