pub(crate) fn oaep_decrypt_digest<D: Digest, MGD: Digest + FixedOutputReset>(
em: &mut [u8],
label: Option<String>,
k: usize,
) -> Result<Vec<u8>>Expand description
Decrypts OAEP padding.
Note that whether this function returns an error or not discloses secret information. If an attacker can cause this function to run repeatedly and learn whether each instance returned an error then they can decrypt and forge signatures as if they had the private key.
See decrypt_session_key for a way of solving this problem.