Moved underflow test to better reflect time constant behaviour.

This commit is contained in:
Janos Follath 2016-02-11 11:08:18 +00:00
parent eae41bf340
commit c17cda1ab9

View file

@ -705,6 +705,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
// checking for integer underflow
if( 2 * hlen + 2 > ilen )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
/*
* RSA operation
*/
@ -718,12 +724,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
/*
* Unmask data and generate lHash
*/
hlen = mbedtls_md_get_size( md_info );
// checking for integer underflow
if( 2 * hlen + 2 > ilen )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
mbedtls_md_init( &md_ctx );
mbedtls_md_setup( &md_ctx, md_info, 0 );