wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto/rsa
History
Emilia Kasper 0f04b004ac RT3066: rewrite RSA padding checks to be slightly more constant time. 
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Conflicts:
	crypto/rsa/rsa_oaep.c
2014-09-24 14:17:41 +02:00
..
.cvsignore
Makefile RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:17:41 +02:00
rsa.h RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:17:41 +02:00
rsa_ameth.c remove duplicate 0x for default RSASSA-PSS salt len 2014-05-29 14:12:14 +01:00
rsa_asn1.c Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
rsa_chk.c Check for missing components in RSA_check. 2013-11-09 15:09:21 +00:00
rsa_crpt.c Redirection of low level APIs to FIPS module. 2011-06-02 18:22:42 +00:00
rsa_depr.c
rsa_eay.c Return smaller of ret and f. 2014-07-05 22:38:44 +01:00
rsa_err.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:17:41 +02:00
rsa_gen.c Use method rsa keygen first if FIPS mode if it is a FIPS method. 2011-06-09 13:18:07 +00:00
rsa_lib.c Don't set default public key methods in FIPS mode so applications 2011-06-20 19:41:13 +00:00
rsa_locl.h
rsa_none.c
rsa_null.c Update obsolete email address... 2008-11-05 18:39:08 +00:00
rsa_oaep.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:17:41 +02:00
rsa_pk1.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:17:41 +02:00
rsa_pmeth.c Typo. 2013-03-31 17:43:58 +01:00
rsa_prn.c Update obsolete email address... 2008-11-05 18:39:08 +00:00
rsa_pss.c Backport extended PSS support from HEAD: allow setting of mgf1Hash explicitly. 2011-06-02 18:13:33 +00:00
rsa_saos.c
rsa_sign.c An incompatibility has always existed between the format used for RSA 2012-02-15 14:00:09 +00:00
rsa_ssl.c We should check the eight bytes starting at p[-9] for rollback attack 2008-07-17 22:11:53 +00:00
rsa_test.c Remove the dual-callback scheme for numeric and pointer thread IDs, 2008-08-06 15:54:15 +00:00
rsa_x931.c Update obsolete email address... 2008-11-05 18:39:08 +00:00