/* -*-c-*-
*
- * $Id: oaep.c,v 1.3 2001/02/22 09:04:39 mdw Exp $
+ * $Id: oaep.c,v 1.4 2002/01/13 13:50:21 mdw Exp $
*
* Optimal asymmetric encryption packing
*
/*----- Revision history --------------------------------------------------*
*
* $Log: oaep.c,v $
+ * Revision 1.4 2002/01/13 13:50:21 mdw
+ * Allow only one error return, to frustrate Manger's attack against OAEP.
+ *
* Revision 1.3 2001/02/22 09:04:39 mdw
* Fix memory leaks.
*
/* --- Decrypt the message --- */
- if (*q != 0)
- goto fail;
q++; sz--;
mq = q + hsz;
qq = q + sz;
h->ops->hash(h, o->ep, o->epsz);
h->ops->done(h, q);
h->ops->destroy(h);
- if (memcmp(q, mq, hsz) != 0)
+ if ((memcmp(q, mq, hsz) != 0) || (*q != 0))
goto fail;
/* --- Now find the start of the actual message --- */