kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0aa0767340
boringssl/crypto/rsa
History
David Benjamin 0aa0767340 Improve constant-time padding check in RSA key exchange. 
Although the PKCS#1 padding check is internally constant-time, it is not
constant time at the crypto/ ssl/ API boundary. Expose a constant-time
RSA_message_index_PKCS1_type_2 function and integrate it into the
timing-sensitive portion of the RSA key exchange logic.

Change-Id: I6fa64ddc9d65564d05529d9b2985da7650d058c3
Reviewed-on: https://boringssl-review.googlesource.com/1301
Reviewed-by: Adam Langley <agl@google.com>
2014-07-25 20:25:15 +00:00
..
blinding.c Inital import. 2014-06-20 13:17:32 -07:00
CMakeLists.txt Inital import. 2014-06-20 13:17:32 -07:00
internal.h Remove RSA_SSLV23_PADDING. 2014-07-18 19:23:51 +00:00
padding.c Improve constant-time padding check in RSA key exchange. 2014-07-25 20:25:15 +00:00
rsa_asn1.c Inital import. 2014-06-20 13:17:32 -07:00
rsa_error.c Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
rsa_impl.c Remove RSA_SSLV23_PADDING. 2014-07-18 19:23:51 +00:00
rsa_test.c Add function to recover RSA CRT params. 2014-06-20 13:17:35 -07:00
rsa.c Introduce EVP_PKEY_is_opaque to replace RSA_METHOD_FLAG_NO_CHECK. 2014-07-18 23:35:04 +00:00