boringssl

History

David Benjamin 0aa0767340 Improve constant-time padding check in RSA key exchange. Although the PKCS#1 padding check is internally constant-time, it is not constant time at the crypto/ ssl/ API boundary. Expose a constant-time RSA_message_index_PKCS1_type_2 function and integrate it into the timing-sensitive portion of the RSA key exchange logic. Change-Id: I6fa64ddc9d65564d05529d9b2985da7650d058c3 Reviewed-on: https://boringssl-review.googlesource.com/1301 Reviewed-by: Adam Langley <agl@google.com>	2014-07-25 20:25:15 +00:00
..
openssl	Improve constant-time padding check in RSA key exchange.	2014-07-25 20:25:15 +00:00

David Benjamin 0aa0767340 Improve constant-time padding check in RSA key exchange.

Although the PKCS#1 padding check is internally constant-time, it is not
constant time at the crypto/ ssl/ API boundary. Expose a constant-time
RSA_message_index_PKCS1_type_2 function and integrate it into the
timing-sensitive portion of the RSA key exchange logic.

Change-Id: I6fa64ddc9d65564d05529d9b2985da7650d058c3
Reviewed-on: https://boringssl-review.googlesource.com/1301
Reviewed-by: Adam Langley <agl@google.com>

2014-07-25 20:25:15 +00:00

openssl

Improve constant-time padding check in RSA key exchange.

2014-07-25 20:25:15 +00:00