openssl/crypto/rsa
Dr. Stephen Henson 5df07a7210 Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-29 12:24:04 +01:00
..
.cvsignore
Makefile RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 12:47:19 +02:00
rsa.h RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 12:47:19 +02:00
rsa_ameth.c RT2626: Change default_bits from 1K to 2K 2014-09-08 17:23:37 -04:00
rsa_asn1.c CMS RSA-OAEP and RSA-PSS support. 2013-10-01 14:01:18 +01:00
rsa_chk.c Check for missing components in RSA_check. 2013-11-09 15:09:22 +00:00
rsa_crpt.c Redirection of low level APIs to FIPS module. 2011-06-02 18:22:42 +00:00
rsa_depr.c
rsa_eay.c Return smaller of ret and f. 2014-07-05 22:38:17 +01:00
rsa_err.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 12:47:19 +02:00
rsa_gen.c Use method rsa keygen first if FIPS mode if it is a FIPS method. 2011-06-09 13:18:07 +00:00
rsa_lib.c Don't set default public key methods in FIPS mode so applications 2011-06-20 19:41:13 +00:00
rsa_locl.h
rsa_none.c
rsa_null.c Update obsolete email address... 2008-11-05 18:39:08 +00:00
rsa_oaep.c Include "constant_time_locl.h" rather than "../constant_time_locl.h". 2014-09-25 08:06:47 +02:00
rsa_pk1.c Include "constant_time_locl.h" rather than "../constant_time_locl.h". 2014-09-25 08:06:47 +02:00
rsa_pmeth.c CMS RSA-OAEP and RSA-PSS support. 2013-10-01 14:01:18 +01:00
rsa_prn.c Update obsolete email address... 2008-11-05 18:39:08 +00:00
rsa_pss.c Backport extended PSS support from HEAD: allow setting of mgf1Hash explicitly. 2011-06-02 18:13:33 +00:00
rsa_saos.c
rsa_sign.c Add additional DigestInfo checks. 2014-09-29 12:24:04 +01:00
rsa_ssl.c We should check the eight bytes starting at p[-9] for rollback attack 2008-07-17 22:11:53 +00:00
rsa_test.c Remove the dual-callback scheme for numeric and pointer thread IDs, 2008-08-06 15:54:15 +00:00
rsa_x931.c Update obsolete email address... 2008-11-05 18:39:08 +00:00