Revision - 0f04b00 - RT3066: rewrite RSA padding checks to be slightly more constant time. – ENEA Mirror of the Software Heritage archive

Revision 0f04b004acb27a705578d5b2cede0a84ba9af0dd authored by Emilia Kasper on 28 August 2014, 17:43:49 UTC, committed by Emilia Kasper on 24 September 2014, 12:17:41 UTC

RT3066: rewrite RSA padding checks to be slightly more constant time.

Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Conflicts:
	crypto/rsa/rsa_oaep.c

1 parent 81e3a60

Files
Changes

Permalinks

asn1test.c

#include <openssl/x509.h>
#include <openssl/asn1_mac.h>

typedef struct X
    {
    STACK_OF(X509_EXTENSION) *ext;
    } X;

/* This isn't meant to run particularly, it's just to test type checking */
int main(int argc, char **argv)
    {
    X *x = NULL;
    unsigned char **pp = NULL;

    M_ASN1_I2D_vars(x);
    M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
				     i2d_X509_EXTENSION);
    M_ASN1_I2D_seq_total();
    M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
				     i2d_X509_EXTENSION);
    M_ASN1_I2D_finish();
    }

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...