From 68d8da485990e39de38300e9729e4d3e6dbee80c Mon Sep 17 00:00:00 2001
From: Martin Nilsson <nilsson@opera.com>
Date: Sat, 26 Jul 2014 02:07:48 +0200
Subject: [PATCH] Optimized rsa_unpad a bit.

---
 src/post_modules/Nettle/hogweed.cmod | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/post_modules/Nettle/hogweed.cmod b/src/post_modules/Nettle/hogweed.cmod
index e37eec7831..5af48a54c6 100644
--- a/src/post_modules/Nettle/hogweed.cmod
+++ b/src/post_modules/Nettle/hogweed.cmod
@@ -187,9 +187,16 @@ PIKEFUN array(object(Gmp.mpz))
   stack_pop_n_elems_keep_top(args); /* Remove bits, e and rnd. */
 }
 
+/*! Unpads a message that has been padded according to
+ *! RSAES-PKCS1-V1_5-ENCODE(message) in PKCS#1 v2.2. The padding
+ *! method used on the original message must be provided in the
+ *! @[type] parameter. All content dependent processing is done in
+ *! constant time for the same padding type and @[data] length.
+ */
 PIKEFUN int rsa_unpad(string(0..255) data, int type)
 {
   int i, pad=0, nonpad=0, pos=0;
+  unsigned char *str;
 
   NO_WIDE_STRING(data);
 
@@ -197,10 +204,11 @@ PIKEFUN int rsa_unpad(string(0..255) data, int type)
      without timing issue. 1 type + 8 padding + 1 delimiter + 1 value
      = 11 bytes. */
   if(data->len < 11 ) RETURN 0;
+  str = data->str + data->len - 1;
 
-  for(i=data->len-1; i>0; i--)
+  for(i=data->len-1; i>0; i--,str--)
   {
-    switch((unsigned char)data->str[i])
+    switch(*str)
     {
     case 0:     pos=i; break;
     case 0xff:  pad=i; break;
@@ -208,13 +216,13 @@ PIKEFUN int rsa_unpad(string(0..255) data, int type)
     }
   }
 
-  if( data->str[0]==2 )
+  if( *str==2 )
   {
     nonpad=pos+1;
     pad=1;
   }
 
-  if( (pad==1) + (nonpad>pos) + (data->str[0]==type) + (pos>8) == 4 )
+  if( (pad==1) + (nonpad>pos) + (*str==type) + (pos>8) == 4 )
     RETURN pos+1;
   RETURN 0;
 }
-- 
GitLab