Further work to improve constant time in OAEP. release-1.8.3

2 files changed, 12 insertions, 5 deletions

diff --git a/crypto/src/AssemblyInfo.cs b/crypto/src/AssemblyInfo.cs
index e1a8f6717..5cc8fcd2f 100644
--- a/crypto/src/AssemblyInfo.cs
+++ b/crypto/src/AssemblyInfo.cs
@@ -34,7 +34,7 @@ using System.Runtime.InteropServices;
 // by using the '*' as shown below:
 
 [assembly: AssemblyVersion("1.8.3.0")]
-[assembly: AssemblyFileVersion("1.8.18219.1")]
+[assembly: AssemblyFileVersion("1.8.18223.1")]
 [assembly: AssemblyInformationalVersion("1.8.3")]
 
 //
diff --git a/crypto/src/crypto/encodings/OaepEncoding.cs b/crypto/src/crypto/encodings/OaepEncoding.cs
index 287876f12..92001589c 100644
--- a/crypto/src/crypto/encodings/OaepEncoding.cs
+++ b/crypto/src/crypto/encodings/OaepEncoding.cs
@@ -212,10 +212,17 @@ namespace Org.BouncyCastle.Crypto.Encodings
             // on encryption, we need to make sure our decrypted block comes back
             // the same size.
             //
+            bool wrongData = (block.Length < (2 * defHash.Length) + 1);
 
-            Array.Copy(data, 0, block, block.Length - data.Length, data.Length);
-
-            bool shortData = (block.Length < (2 * defHash.Length) + 1);
+            if (data.Length <= block.Length)
+            {
+                Array.Copy(data, 0, block, block.Length - data.Length, data.Length);
+            }
+            else
+            {
+                Array.Copy(data, 0, block, 0, block.Length);
+                wrongData = true;
+            }
 
             //
             // unmask the seed.
@@ -269,7 +276,7 @@ namespace Org.BouncyCastle.Crypto.Encodings
 
             start++;
 
-            if (defHashWrong | shortData | dataStartWrong)
+            if (defHashWrong | wrongData | dataStartWrong)
             {
                 Arrays.Fill(block, 0);
                 throw new InvalidCipherTextException("data wrong");