From d3916b7ce453e315254c4dd96a6843e436ea73ae Mon Sep 17 00:00:00 2001 From: mdw Date: Sun, 13 Jan 2002 20:20:39 +0000 Subject: [PATCH] Hack the @oaep_decode@ code some more, to make it work again. --- oaep.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/oaep.c b/oaep.c index d439f7c..f69c864 100644 --- a/oaep.c +++ b/oaep.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: oaep.c,v 1.4 2002/01/13 13:50:21 mdw Exp $ + * $Id: oaep.c,v 1.5 2002/01/13 20:20:39 mdw Exp $ * * Optimal asymmetric encryption packing * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: oaep.c,v $ + * Revision 1.5 2002/01/13 20:20:39 mdw + * Hack the @oaep_decode@ code some more, to make it work again. + * * Revision 1.4 2002/01/13 13:50:21 mdw * Allow only one error return, to frustrate Manger's attack against OAEP. * @@ -146,6 +149,7 @@ int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) ghash *h; octet *q, *mq, *qq; octet *pp; + unsigned bad = 0; size_t n; size_t hsz = o->ch->hashsz; int rc = -1; @@ -160,6 +164,7 @@ int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) /* --- Decrypt the message --- */ + bad = *q; q++; sz--; mq = q + hsz; qq = q + sz; @@ -179,21 +184,19 @@ int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) h->ops->hash(h, o->ep, o->epsz); h->ops->done(h, q); h->ops->destroy(h); - if ((memcmp(q, mq, hsz) != 0) || (*q != 0)) - goto fail; + bad |= memcmp(q, mq, hsz); /* --- Now find the start of the actual message --- */ pp = mq + hsz; while (*pp == 0 && pp < qq) pp++; - if (pp >= qq || *pp++ != 1) - return (-1); + bad |= (pp >= qq) | (*pp++ != 1); n = qq - pp; dstr_putm(d, pp, n); - rc = n; + if (!bad) + rc = n; -fail: x_free(d->a, q); return (rc); } -- 2.11.0