diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index a0ebb41c5..739bd4a3f 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -350,6 +350,11 @@ WC_STATIC WC_INLINE byte ctMaskEq(int a, int b) return 0 - (a == b); } +WC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b) +{ + return 0 - (a == b); +} + /* Constant time - mask set when a != b. */ WC_STATIC WC_INLINE byte ctMaskNotEq(int a, int b) { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 47ff04a17..ecb8a7294 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1369,7 +1369,7 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte **output, byte padValue) { int ret = BAD_FUNC_ARG; - word32 i; + word16 i; #ifndef WOLFSSL_RSA_VERIFY_ONLY byte invalid = 0; #endif @@ -1399,14 +1399,14 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, } #ifndef WOLFSSL_RSA_VERIFY_ONLY else { - word32 j; - byte pastSep = 0; + word16 j; + word16 pastSep = 0; /* Decrypted with private key - unpad must be constant time. */ for (i = 0, j = 2; j < pkcsBlockLen; j++) { /* Update i if not passed the separator and at separator. */ - i |= (~pastSep) & ctMaskEq(pkcsBlock[j], 0x00) & (j + 1); - pastSep |= ctMaskEq(pkcsBlock[j], 0x00); + i |= (~pastSep) & ctMask16Eq(pkcsBlock[j], 0x00) & (j + 1); + pastSep |= ctMask16Eq(pkcsBlock[j], 0x00); } /* Minimum of 11 bytes of pre-message data - including leading 0x00. */ diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index e8d0200aa..ccf931137 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -97,6 +97,7 @@ WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); WOLFSSL_LOCAL byte ctMaskLT(int a, int b); WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); WOLFSSL_LOCAL byte ctMaskEq(int a, int b); +WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b); WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b); WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); WOLFSSL_LOCAL int ctMaskSelInt(byte m, int a, int b);