kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3f5b43df07
boringssl/ssl
History
David Benjamin 3f5b43df07 Simplify RSA key exchange padding check. 
This check was fixed a while ago, but it could have been much simpler.

In the RSA key exchange, the expected size of the output is known, making the
padding check much simpler. There isn't any use in exporting the more general
RSA_message_index_PKCS1_type_2. (Without knowing the expected size, any
integrity check or swap to randomness or other mitigation is basically doomed
to fail.)

Verified with the valgrind uninitialized memory trick that we're still
constant-time.

Also update rsa.h to recommend against using the PKCS#1 v1.5 schemes.

Thanks to Ryan Sleevi for the suggestion.

Change-Id: I4328076b1d2e5e06617dd8907cdaa702635c2651
Reviewed-on: https://boringssl-review.googlesource.com/6613
Reviewed-by: Adam Langley <agl@google.com>
2015-12-22 00:10:14 +00:00
..
pqueue Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
test Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
CMakeLists.txt Fix shared library build on OS X. 2015-10-26 23:39:47 +00:00
custom_extensions.c Align the SSL stack on #include style. 2015-09-15 23:32:07 +00:00
d1_both.c Rewrite DTLS handshake message sending logic. 2015-11-06 21:43:32 +00:00
d1_clnt.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
d1_lib.c Separate CCS and handshake writing in DTLS. 2015-11-04 00:11:14 +00:00
d1_meth.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
d1_pkt.c Slightly simplify SSL3_RECORD. 2015-12-16 18:41:59 +00:00
d1_srtp.c Add defines for SRTP profiles using GCM ciphers from RFC 7714. 2015-12-10 23:18:16 +00:00
d1_srvr.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
dtls_record.c Reject empty records of unexpected type. 2015-08-28 22:03:00 +00:00
internal.h Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
s3_both.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
s3_clnt.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
s3_enc.c Change some "int" variables to "size_t" in ssl3_handshake_mac(). 2015-09-24 00:04:59 +00:00
s3_lib.c Make SSL_(CTX_)?set_tmp_ecdh call SSL_(CTX_)?set1_curves. 2015-12-15 20:28:47 +00:00
s3_meth.c Pull ChangeCipherSpec into the handshake state machine. 2015-12-16 18:36:57 +00:00
s3_pkt.c Slightly simplify SSL3_RECORD. 2015-12-16 18:41:59 +00:00
s3_srvr.c Simplify RSA key exchange padding check. 2015-12-22 00:10:14 +00:00
ssl_aead_ctx.c Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
ssl_asn1.c Check for overflow when parsing a CBS with d2i_*. 2015-11-16 23:17:42 +00:00
ssl_buffer.c Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. 2015-12-15 19:14:00 +00:00
ssl_cert.c Remove unreachable code to duplicate DH keys. 2015-12-16 21:20:12 +00:00
ssl_cipher.c Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
ssl_file.c More SSL_SESSION serialization functions. 2015-10-26 17:57:50 +00:00
ssl_lib.c Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
ssl_rsa.c Add get0 getters for EVP_PKEY. 2015-11-20 23:34:12 +00:00
ssl_session.c Remove the CRYPTO_EX_new callback. 2015-12-15 21:29:46 +00:00
ssl_stat.c Document alert handling. 2015-10-20 19:03:24 +00:00
ssl_test.cc Implement draft-ietf-tls-chacha20-poly1305-04. 2015-12-16 23:34:56 +00:00
t1_enc.c *_Update of length zero is legal. 2015-12-16 19:46:57 +00:00
t1_lib.c Make CBB_len relative to its argument. 2015-12-16 21:16:12 +00:00
tls_record.c Remove |need_record_splitting| from |SSL3_STATE|. 2015-12-16 18:45:48 +00:00