From 25da9b35cfd10543eee20386d7ac3b21b6c9f480 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 11 Feb 2016 11:08:18 +0000 Subject: [PATCH] Moved underflow test to better reflect time constant behaviour. --- library/rsa.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 3bbf24843..119431d8f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -708,6 +708,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, if( md_info == NULL ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + hlen = mbedtls_md_get_size( md_info ); + + // checking for integer underflow + if( 2 * hlen + 2 > ilen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + /* * RSA operation */ @@ -721,12 +727,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, /* * Unmask data and generate lHash */ - hlen = mbedtls_md_get_size( md_info ); - - // checking for integer underflow - if( 2 * hlen + 2 > ilen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_md_init( &md_ctx ); mbedtls_md_setup( &md_ctx, md_info, 0 );