projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e9128d9) | patch
RT3066: rewrite RSA padding checks to be slightly more constant time.
authorEmilia Kasper <emilia@openssl.org>
Thu, 28 Aug 2014 17:43:49 +0000 (19:43 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 24 Sep 2014 10:47:19 +0000 (12:47 +0200)
commit9bed73adaa6f834177f29e478d9a2247a6577c04
treed52c148f9a92161d3896ee9a1f5530236b348f6atree | snapshot
parente9128d9401ad617e17c5eb3772512c24b038b967commit | diff
RT3066: rewrite RSA padding checks to be slightly more constant time.

Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Conflicts:
crypto/rsa/rsa_oaep.c
crypto/rsa/rsa_pk1.c
ssl/s3_cbc.c
crypto/constant_time_locl.h diff | blob | history
crypto/constant_time_test.c diff | blob | history
crypto/rsa/Makefile diff | blob | history
crypto/rsa/rsa.h diff | blob | history
crypto/rsa/rsa_err.c diff | blob | history
crypto/rsa/rsa_oaep.c diff | blob | history
crypto/rsa/rsa_pk1.c diff | blob | history
ssl/s3_cbc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.