projects
/
u
/
mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
oaep.c, pkcs1.c: Use official constant-time operations.
[u/mdw/catacomb]
/
pkcs1.c
diff --git
a/pkcs1.c
b/pkcs1.c
index
9241c45
..
47c135f
100644
(file)
--- a/
pkcs1.c
+++ b/
pkcs1.c
@@
-34,6
+34,7
@@
#include <mLib/bits.h>
#include <mLib/dstr.h>
#include <mLib/bits.h>
#include <mLib/dstr.h>
+#include "ct.h"
#include "grand.h"
#include "rsa.h"
#include "grand.h"
#include "rsa.h"
@@
-109,24
+110,13
@@
mp *pkcs1_cryptencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
* in PKCS#1 v. 2.0 (RFC2437).
*/
* in PKCS#1 v. 2.0 (RFC2437).
*/
-static int memeq(const void *xx, const void *yy, size_t sz)
-{
- int eq = 1;
- const octet *x = xx, *y = yy;
- while (sz) { /* Always check every byte */
- if (*x++ != *y++) eq = 0;
- sz--;
- }
- return (eq);
-}
-
int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
unsigned long nbits, void *p)
{
pkcs1 *pp = p;
const octet *q, *qq;
size_t n, i;
int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
unsigned long nbits, void *p)
{
pkcs1 *pp = p;
const octet *q, *qq;
size_t n, i;
-
int bad = 0
;
+
uint32 goodp = 1
;
/* --- Check the size of the block looks sane --- */
/* --- Check the size of the block looks sane --- */
@@
-138,26
+128,29
@@
int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
/* --- Ensure that the block looks OK --- */
/* --- Ensure that the block looks OK --- */
- bad |= (*q++ != 0x00 || *q++ != 0x02);
+ goodp &= ct_inteq(*q++, 0);
+ goodp &= ct_inteq(*q++, 2);
/* --- Check the nonzero padding --- */
i = 0;
while (*q != 0 && q < qq)
i++, q++;
/* --- Check the nonzero padding --- */
i = 0;
while (*q != 0 && q < qq)
i++, q++;
- bad |= (i < 8 || qq - q < pp->epsz + 1);
+ goodp &= ct_intle(8, i);
+ goodp &= ~ct_intle(qq - q, pp->epsz + 1);
q++;
/* --- Check the encoding parameters --- */
q++;
/* --- Check the encoding parameters --- */
- bad |= (pp->ep && !memeq(bad ? b : q, pp->ep, pp->epsz));
+ if (pp->ep)
+ goodp &= ct_memeq(b + ct_pick(goodp, 0, q - b), pp->ep, pp->epsz);
q += pp->epsz;
/* --- Done --- */
n = qq - q;
q += pp->epsz;
/* --- Done --- */
n = qq - q;
- memmove(b, b
ad ? b + 1 : q
, n);
- return (
bad ? -1 : n
);
+ memmove(b, b
+ ct_pick(goodp, 1, q - b)
, n);
+ return (
goodp ? n : -1
);
}
/* --- @pkcs1_sigencode@ --- *
}
/* --- @pkcs1_sigencode@ --- *