kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3f5b43df07
boringssl/include/openssl
History
David Benjamin 3f5b43df07 Simplify RSA key exchange padding check. 
This check was fixed a while ago, but it could have been much simpler.

In the RSA key exchange, the expected size of the output is known, making the
padding check much simpler. There isn't any use in exporting the more general
RSA_message_index_PKCS1_type_2. (Without knowing the expected size, any
integrity check or swap to randomness or other mitigation is basically doomed
to fail.)

Verified with the valgrind uninitialized memory trick that we're still
constant-time.

Also update rsa.h to recommend against using the PKCS#1 v1.5 schemes.

Thanks to Ryan Sleevi for the suggestion.

Change-Id: I4328076b1d2e5e06617dd8907cdaa702635c2651
Reviewed-on: https://boringssl-review.googlesource.com/6613
Reviewed-by: Adam Langley <agl@google.com>
2015-12-22 00:10:14 +00:00
..
aead.h Point EVP_aead_chacha20_poly1305 at the standardized version. 2015-12-16 21:22:11 +00:00
aes.h Fix documentation typo. 2015-07-01 21:33:29 +00:00
arm_arch.h Allow ARM capabilities to be set at compile time. 2015-10-20 22:40:15 +00:00
asn1_mac.h Ditch remaining filename comments from public headers and ssl/ 2015-10-20 18:40:05 +00:00
asn1.h Ditch remaining filename comments from public headers and ssl/ 2015-10-20 18:40:05 +00:00
asn1t.h Ditch remaining filename comments from public headers and ssl/ 2015-10-20 18:40:05 +00:00
base64.h Deprecate basically the entire base64 implementation. 2015-09-28 21:53:39 +00:00
base.h Define BORINGSSL_201510. 2015-11-06 21:44:17 +00:00
bio.h Use typedef names, not struct names. 2015-11-06 21:44:06 +00:00
blowfish.h
bn.h Remove the |ri| field of |BN_MONT_CTX|. 2015-11-19 01:40:13 +00:00
buf.h Get rid of err function codes. 2015-07-16 02:02:08 +00:00
buffer.h
bytestring.h Make CBB_len relative to its argument. 2015-12-16 21:16:12 +00:00
cast.h
chacha.h Change |CRYPTO_chacha_20| to use 96-bit nonces, 32-bit counters. 2015-10-26 23:58:46 +00:00
cipher.h Fix up several comments and detect problems in the future. 2015-11-05 20:12:45 +00:00
cmac.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
conf.h Get rid of err function codes. 2015-07-16 02:02:08 +00:00
cpu.h Allow |CRYPTO_is_NEON_capable| to be known at compile time, if possible. 2015-11-19 00:15:11 +00:00
crypto.h Add no-op functions |CRYPTO_malloc_init| and |ENGINE_load_builtin_engines|. 2015-10-27 16:41:40 +00:00
curve25519.h Add X25519 and Ed25519 support. 2015-11-17 21:56:12 +00:00
des.h Fix shared library build on OS X. 2015-10-26 23:39:47 +00:00
dh.h Remove the CRYPTO_EX_new callback. 2015-12-15 21:29:46 +00:00
digest.h Documentation typo. 2015-09-28 22:18:40 +00:00
dsa.h Remove the CRYPTO_EX_new callback. 2015-12-15 21:29:46 +00:00
dtls1.h
ec_key.h Remove the CRYPTO_EX_new callback. 2015-12-15 21:29:46 +00:00
ec.h Add |EC_GROUP_get0_order| to replace |EC_GROUP_get_order|. 2015-12-15 18:18:13 +00:00
ecdh.h Clean up |ECDH_compute_key|. 2015-10-27 17:00:25 +00:00
ecdsa.h Fix up several comments and detect problems in the future. 2015-11-05 20:12:45 +00:00
engine.h Unwind DH_METHOD and DSA_METHOD. 2015-11-03 22:54:36 +00:00
err.h Fix up several comments and detect problems in the future. 2015-11-05 20:12:45 +00:00
evp.h Remove DH EVP_PKEY hooks. 2015-12-16 17:38:06 +00:00
ex_data.h Skip free callbacks on empty CRYPTO_EX_DATAs. 2015-12-15 21:32:14 +00:00
hkdf.h Get rid of err function codes. 2015-07-16 02:02:08 +00:00
hmac.h Remove HMAC_CTX_set_flags. 2015-06-02 01:07:07 +00:00
lhash_macros.h
lhash.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
md4.h Store the partial block as uint8_t, not uint32_t. 2015-12-16 19:59:29 +00:00
md5.h Store the partial block as uint8_t, not uint32_t. 2015-12-16 19:59:29 +00:00
mem.h Fix some typos in license headers. 2015-07-29 19:23:51 +00:00
obj_mac.h Remove fake RLE compression OID. 2015-05-27 21:49:39 +00:00
obj.h Fix up several comments and detect problems in the future. 2015-11-05 20:12:45 +00:00
objects.h
opensslfeatures.h
opensslv.h Get version-related functions from crypto.h rather than ssl.h. 2015-05-20 22:58:14 +00:00
ossl_typ.h
pem.h Get rid of err function codes. 2015-07-16 02:02:08 +00:00
pkcs7.h
pkcs8.h Add |PKCS12_verify_mac|. 2015-09-29 20:30:35 +00:00
pkcs12.h
poly1305.h Fix several minor points noticed by Kenny. 2015-09-24 22:08:50 +00:00
pqueue.h
rand.h Make RAND_seed read a byte of random data. 2015-11-16 21:58:46 +00:00
rc4.h
rsa.h Simplify RSA key exchange padding check. 2015-12-22 00:10:14 +00:00
safestack.h
sha.h Store the partial block as uint8_t, not uint32_t. 2015-12-16 19:59:29 +00:00
srtp.h Fold srtp.h into ssl.h. 2015-09-14 23:59:37 +00:00
ssl3.h Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. 2015-12-15 19:14:00 +00:00
ssl.h Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
stack_macros.h Implement custom extensions. 2015-07-31 01:12:00 +00:00
stack.h Drop DEFINE_STACK_OF. 2015-08-05 21:30:08 +00:00
thread.h Readd CRYPTO_{LOCK|UNLOCK|READ|WRITE}. 2015-05-27 15:48:29 -07:00
time_support.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
tls1.h Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
type_check.h Try to fix MSVC and __STDC_VERSION__ again. 2015-05-20 13:42:12 -07:00
x509_vfy.h Remove the CRYPTO_EX_new callback. 2015-12-15 21:29:46 +00:00
x509.h Remove the CRYPTO_EX_new callback. 2015-12-15 21:29:46 +00:00
x509v3.h Get rid of err function codes. 2015-07-16 02:02:08 +00:00