openssl/crypto/rsa
Dr. Stephen Henson 5a7fc89394 Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-29 12:31:29 +01:00
..
.cvsignore
Makefile RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:39:44 +02:00
rsa.h RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:39:44 +02:00
rsa_asn1.c Change old obsolete email address... 2008-11-05 18:36:57 +00:00
rsa_chk.c
rsa_depr.c backport recent changes from the cvs head 2006-02-08 19:16:33 +00:00
rsa_eay.c Return smaller of ret and f. 2014-07-05 22:39:16 +01:00
rsa_eng.c PR: 2124 2009-12-09 13:41:50 +00:00
rsa_err.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:39:44 +02:00
rsa_gen.c Merge public key FIPS code, RSA, DSA, DH. 2008-09-16 14:55:26 +00:00
rsa_lib.c Merge public key FIPS code, RSA, DSA, DH. 2008-09-16 14:55:26 +00:00
rsa_none.c
rsa_null.c Change old obsolete email address... 2008-11-05 18:36:57 +00:00
rsa_oaep.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:39:44 +02:00
rsa_pk1.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:39:44 +02:00
rsa_pss.c Submitted by: Julia Lawall <julia@diku.dk> 2009-09-13 11:20:38 +00:00
rsa_saos.c
rsa_sign.c Add additional DigestInfo checks. 2014-09-29 12:31:29 +01:00
rsa_ssl.c We should check the eight bytes starting at p[-9] for rollback attack 2008-07-17 22:11:24 +00:00
rsa_test.c Make sure we detect corruption. 2007-04-04 12:50:13 +00:00
rsa_x931.c Change old obsolete email address... 2008-11-05 18:36:57 +00:00
rsa_x931g.c PR: 1840 2009-02-14 22:19:31 +00:00