Branch: Tag:

2014-07-26

2014-07-26 00:07:48 by Martin Nilsson <nilsson@opera.com>

Optimized rsa_unpad a bit.

187:    stack_pop_n_elems_keep_top(args); /* Remove bits, e and rnd. */   }    + /*! Unpads a message that has been padded according to +  *! RSAES-PKCS1-V1_5-ENCODE(message) in PKCS#1 v2.2. The padding +  *! method used on the original message must be provided in the +  *! @[type] parameter. All content dependent processing is done in +  *! constant time for the same padding type and @[data] length. +  */   PIKEFUN int rsa_unpad(string(0..255) data, int type)   {    int i, pad=0, nonpad=0, pos=0; -  +  unsigned char *str;       NO_WIDE_STRING(data);   
197:    without timing issue. 1 type + 8 padding + 1 delimiter + 1 value    = 11 bytes. */    if(data->len < 11 ) RETURN 0; +  str = data->str + data->len - 1;    -  for(i=data->len-1; i>0; i--) +  for(i=data->len-1; i>0; i--,str--)    { -  switch((unsigned char)data->str[i]) +  switch(*str)    {    case 0: pos=i; break;    case 0xff: pad=i; break;
208:    }    }    -  if( data->str[0]==2 ) +  if( *str==2 )    {    nonpad=pos+1;    pad=1;    }    -  if( (pad==1) + (nonpad>pos) + (data->str[0]==type) + (pos>8) == 4 ) +  if( (pad==1) + (nonpad>pos) + (*str==type) + (pos>8) == 4 )    RETURN pos+1;    RETURN 0;   }