boringssl

kris/boringssl

Fork 0

Commit Graph

Author	SHA1	Message	Date
David Benjamin	e14dcc45e8	Remove RSA_SSLV23_PADDING. It's unused with SSLv2 gone. Also, being a decryption padding check, it really should be constant-time and isn't. Change-Id: I96be02cb50f9bf0229b9174eccd80fa338bf8e3e Reviewed-on: https://boringssl-review.googlesource.com/1254 Reviewed-by: Adam Langley <agl@google.com>	2014-07-18 19:23:51 +00:00
Adam Langley	6887edb917	Improvements in constant-time OAEP decoding. This change adds a new function, BN_bn2bin_padded, that attempts, as much as possible, to serialise a BIGNUM in constant time. This is used to avoid some timing leaks in RSA decryption.	2014-06-20 13:17:37 -07:00
Adam Langley	95c29f3cd1	Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)	2014-06-20 13:17:32 -07:00

Author

SHA1

Message

Date

David Benjamin

e14dcc45e8

Remove RSA_SSLV23_PADDING.

It's unused with SSLv2 gone. Also, being a decryption padding check, it really
should be constant-time and isn't.

Change-Id: I96be02cb50f9bf0229b9174eccd80fa338bf8e3e
Reviewed-on: https://boringssl-review.googlesource.com/1254
Reviewed-by: Adam Langley <agl@google.com>

2014-07-18 19:23:51 +00:00

Adam Langley

6887edb917

Improvements in constant-time OAEP decoding.

This change adds a new function, BN_bn2bin_padded, that attempts, as
much as possible, to serialise a BIGNUM in constant time.

This is used to avoid some timing leaks in RSA decryption.

2014-06-20 13:17:37 -07:00

Adam Langley

95c29f3cd1

Inital import.

Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).

(This change contains substantial changes from the original and
effectively starts a new history.)

2014-06-20 13:17:32 -07:00

3 Commits