feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

pkcsBlockLen in RsaUnPad may be > 256

Browse Source
This commit is contained in:
Takashi Kojo
2019-06-24 07:53:23 +09:00
parent f4548945f7
commit 6d04d784c4
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wolfcrypt/src/misc.c
View File

@@ -350,6 +350,11 @@ WC_STATIC WC_INLINE byte ctMaskEq(int a, int b)
return 0 - (a == b); return 0 - (a == b);
} }
WC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b)
{
return 0 - (a == b);
}
/* Constant time - mask set when a != b. */ /* Constant time - mask set when a != b. */
WC_STATIC WC_INLINE byte ctMaskNotEq(int a, int b) WC_STATIC WC_INLINE byte ctMaskNotEq(int a, int b)
{ {

6
wolfcrypt/src/rsa.c
View File

@@ -1398,13 +1398,13 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
#ifndef WOLFSSL_RSA_VERIFY_ONLY #ifndef WOLFSSL_RSA_VERIFY_ONLY
else { else {
word32 j; word32 j;
byte pastSep = 0; word16 pastSep = 0;
/* Decrypted with private key - unpad must be constant time. */ /* Decrypted with private key - unpad must be constant time. */
for (i = 0, j = 2; j < pkcsBlockLen; j++) { for (i = 0, j = 2; j < pkcsBlockLen; j++) {
/* Update i if not passed the separator and at separator. */ /* Update i if not passed the separator and at separator. */
i |= (~pastSep) & ctMaskEq(pkcsBlock[j], 0x00) & (j + 1); i |= (~pastSep) & ctMask16Eq(pkcsBlock[j], 0x00) & (j + 1);
pastSep |= ctMaskEq(pkcsBlock[j], 0x00); pastSep |= ctMask16Eq(pkcsBlock[j], 0x00);
} }
/* Minimum of 11 bytes of pre-message data - including leading 0x00. */ /* Minimum of 11 bytes of pre-message data - including leading 0x00. */

1
wolfssl/wolfcrypt/misc.h
View File

@@ -97,6 +97,7 @@ WOLFSSL_LOCAL byte ctMaskGTE(int a, int b);
WOLFSSL_LOCAL byte ctMaskLT(int a, int b); WOLFSSL_LOCAL byte ctMaskLT(int a, int b);
WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); WOLFSSL_LOCAL byte ctMaskLTE(int a, int b);
WOLFSSL_LOCAL byte ctMaskEq(int a, int b); WOLFSSL_LOCAL byte ctMaskEq(int a, int b);
WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b);
WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b); WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b);
WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b);
WOLFSSL_LOCAL int ctMaskSelInt(byte m, int a, int b); WOLFSSL_LOCAL int ctMaskSelInt(byte m, int a, int b);