1 files changed, 18 insertions, 26 deletions

diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
index 7525c5d..08f9efe 100644
--- a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
+++ b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
@@ -23,11 +23,13 @@
 from Cryptodome.Signature.pss import MGF1
 import Cryptodome.Hash.SHA1
 
-from Cryptodome.Util.py3compat import bord, _copy_bytes
+from Cryptodome.Util.py3compat import _copy_bytes
 import Cryptodome.Util.number
-from   Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes
-from   Cryptodome.Util.strxor import strxor
+from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes
+from Cryptodome.Util.strxor import strxor
 from Cryptodome import Random
+from ._pkcs1_oaep_decode import oaep_decode
+
 
 class PKCS1OAEP_Cipher:
     """Cipher object for PKCS#1 v1.5 OAEP.
@@ -68,7 +70,7 @@ class PKCS1OAEP_Cipher:
         if mgfunc:
             self._mgf = mgfunc
         else:
-            self._mgf = lambda x,y: MGF1(x,y,self._hashObj)
+            self._mgf = lambda x, y: MGF1(x, y, self._hashObj)
 
         self._label = _copy_bytes(None, None, label)
         self._randfunc = randfunc
@@ -105,7 +107,7 @@ class PKCS1OAEP_Cipher:
 
         # See 7.1.1 in RFC3447
         modBits = Cryptodome.Util.number.size(self._key.n)
-        k = ceil_div(modBits, 8) # Convert from bits to bytes
+        k = ceil_div(modBits, 8)            # Convert from bits to bytes
         hLen = self._hashObj.digest_size
         mLen = len(message)
 
@@ -159,22 +161,18 @@ class PKCS1OAEP_Cipher:
 
         # See 7.1.2 in RFC3447
         modBits = Cryptodome.Util.number.size(self._key.n)
-        k = ceil_div(modBits,8) # Convert from bits to bytes
+        k = ceil_div(modBits, 8)            # Convert from bits to bytes
         hLen = self._hashObj.digest_size
 
         # Step 1b and 1c
-        if len(ciphertext) != k or k<hLen+2:
+        if len(ciphertext) != k or k < hLen+2:
             raise ValueError("Ciphertext with incorrect length.")
         # Step 2a (O2SIP)
         ct_int = bytes_to_long(ciphertext)
-        # Step 2b (RSADP)
-        m_int = self._key._decrypt(ct_int)
-        # Complete step 2c (I2OSP)
-        em = long_to_bytes(m_int, k)
+        # Step 2b (RSADP) and step 2c (I2OSP)
+        em = self._key._decrypt_to_bytes(ct_int)
         # Step 3a
         lHash = self._hashObj.new(self._label).digest()
-        # Step 3b
-        y = em[0]
         # y must be 0, but we MUST NOT check it here in order not to
         # allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143)
         maskedSeed = em[1:hLen+1]
@@ -187,22 +185,17 @@ class PKCS1OAEP_Cipher:
         dbMask = self._mgf(seed, k-hLen-1)
         # Step 3f
         db = strxor(maskedDB, dbMask)
-        # Step 3g
-        one_pos = hLen + db[hLen:].find(b'\x01')
-        lHash1 = db[:hLen]
-        invalid = bord(y) | int(one_pos < hLen)
-        hash_compare = strxor(lHash1, lHash)
-        for x in hash_compare:
-            invalid |= bord(x)
-        for x in db[hLen:one_pos]:
-            invalid |= bord(x)
-        if invalid != 0:
+        # Step 3b + 3g
+        res = oaep_decode(em, lHash, db)
+        if res <= 0:
             raise ValueError("Incorrect decryption.")
         # Step 4
-        return db[one_pos + 1:]
+        return db[res:]
+
 
 def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
-    """Return a cipher object :class:`PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption.
+    """Return a cipher object :class:`PKCS1OAEP_Cipher`
+       that can be used to perform PKCS#1 OAEP encryption or decryption.
 
     :param key:
       The key object to use to encrypt or decrypt the message.
@@ -236,4 +229,3 @@ def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
     if randfunc is None:
         randfunc = Random.get_random_bytes
     return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label, randfunc)
-