X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/45c0fd363937c6e9b05da04a9167e9912c05ca0c..ba6e6b64033b1f9de49feccb5c9cd438354481f7:/pkcs1.c

diff --git a/pkcs1.c b/pkcs1.c
index 9241c45..47c135f 100644
--- a/pkcs1.c
+++ b/pkcs1.c
@@ -34,6 +34,7 @@
 #include <mLib/bits.h>
 #include <mLib/dstr.h>
 
+#include "ct.h"
 #include "grand.h"
 #include "rsa.h"
 
@@ -109,24 +110,13 @@ mp *pkcs1_cryptencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
  *		in PKCS#1 v. 2.0 (RFC2437).
  */
 
-static int memeq(const void *xx, const void *yy, size_t sz)
-{
-  int eq = 1;
-  const octet *x = xx, *y = yy;
-  while (sz) {				/* Always check every byte */
-    if (*x++ != *y++) eq = 0;
-    sz--;
-  }
-  return (eq);
-}
-
 int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
 		      unsigned long nbits, void *p)
 {
   pkcs1 *pp = p;
   const octet *q, *qq;
   size_t n, i;
-  int bad = 0;
+  uint32 goodp = 1;
 
   /* --- Check the size of the block looks sane --- */
 
@@ -138,26 +128,29 @@ int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
 
   /* --- Ensure that the block looks OK --- */
 
-  bad |= (*q++ != 0x00 || *q++ != 0x02);
+  goodp &= ct_inteq(*q++, 0);
+  goodp &= ct_inteq(*q++, 2);
 
   /* --- Check the nonzero padding --- */
 
   i = 0;
   while (*q != 0 && q < qq)
     i++, q++;
-  bad |= (i < 8 || qq - q < pp->epsz + 1);
+  goodp &= ct_intle(8, i);
+  goodp &= ~ct_intle(qq - q, pp->epsz + 1);
   q++;
 
   /* --- Check the encoding parameters --- */
 
-  bad |= (pp->ep && !memeq(bad ? b : q, pp->ep, pp->epsz));
+  if (pp->ep)
+    goodp &= ct_memeq(b + ct_pick(goodp, 0, q - b), pp->ep, pp->epsz);
   q += pp->epsz;
 
   /* --- Done --- */
 
   n = qq - q;
-  memmove(b, bad ? b + 1 : q, n);
-  return (bad ? -1 : n);
+  memmove(b, b + ct_pick(goodp, 1, q - b), n);
+  return (goodp ? n : -1);
 }
 
 /* --- @pkcs1_sigencode@ --- *