mbedtls_ct_rsaes_pkcs1_v15_unpadding() function

This function performs the unpadding part of a PKCS#1 v1.5 decryption operation (EME-PKCS1-v1_5 decoding).

Syntax

Show:

Summary

Declaration

Definition

from constant_time_internal.h:318

int mbedtls_ct_rsaes_pkcs1_v15_unpadding(int mode, unsigned char *input, size_t ilen, unsigned char *output, size_t output_max_len, size_t *olen);

Implemented in constant_time.c:645

Arguments

Argument

Description

mode

The mode of operation. This must be either #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).

input

The input buffer which is the payload inside PKCS#1v1.5 encryption padding, called the "encoded message EM" by the terminology.

ilen

The length of the payload in the \p input buffer.

output

The buffer for the payload, called "message M" by the PKCS#1 terminology. This must be a writable buffer of length \p output_max_len bytes.

output_max_len

The length in bytes of the output buffer \p output.

olen

The address at which to store the length of the payload. This must not be \c NULL.

Return value

\c 0 on success. #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE The output buffer is too small for the unpadded payload. #MBEDTLS_ERR_RSA_INVALID_PADDING The input doesn't contain properly formatted padding.

Notes

The return value from this function is a sensitive value (this is unusual). #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE shouldn't happen in a well-written application, but 0 vs #MBEDTLS_ERR_RSA_INVALID_PADDING is often a situation that an attacker can provoke and leaking which one is the result is precisely the information the attacker wants.

Examples

References

from examples

mbedtls_ct_rsaes_pkcs1_v15_unpadding() function

Syntax

Arguments

Return value

Notes

Examples

References

Call Tree

Data Use

Class Tree

Override Tree

Implementations

Instances

Lifecycle