TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 66d6ac92e633186e16910c6ee3d037cec1fe4b86^! / . / library / rsa.c
commit66d6ac92e633186e16910c6ee3d037cec1fe4b86[log] [tgz]
authorDave Rodgman <dave.rodgman@arm.com>Mon Sep 18 18:35:03 2023 +0100
committerDave Rodgman <dave.rodgman@arm.com>Tue Sep 19 09:10:59 2023 +0100
treec8f31c5972a890471ed76d3e284637115e1c8235
parentd337bd9bfe1396f88019baf826e8866ca7a4700f [diff] [blame]
Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

diff --git a/library/rsa.c b/library/rsa.c
index d0782f5..02626b3 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -1541,7 +1541,8 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t ilen, i, pad_len;
-    unsigned char *p, bad, pad_done;
+    unsigned char *p, pad_done;
+    int bad;
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
     unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
     unsigned int hlen;
@@ -1608,9 +1609,8 @@
     p += hlen; /* Skip seed */
 
     /* Check lHash */
-    for (i = 0; i < hlen; i++) {
-        bad |= lhash[i] ^ *p++;
-    }
+    bad |= mbedtls_ct_memcmp(lhash, p, hlen);
+    p += hlen;
 
     /* Get zero-padding len, but always read till end of buffer
      * (minus one, for the 01 byte) */