0aa0767 - platform/external/chromium_org/third_party/boringssl/src

commit	0aa0767340baf925bda4804882aab0cb974b2d26	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Thu Jul 24 15:34:14 2014 -0400
committer	Adam Langley <agl@google.com>	Fri Jul 25 20:25:15 2014 +0000
tree	8ed8b414e23bb9e5d3c0e0026e0f1d263e8446e2
parent	86271ee9f866cd83d9e37ab1ba1218ebefb336aa [diff]

Improve constant-time padding check in RSA key exchange.

Although the PKCS#1 padding check is internally constant-time, it is not
constant time at the crypto/ ssl/ API boundary. Expose a constant-time
RSA_message_index_PKCS1_type_2 function and integrate it into the
timing-sensitive portion of the RSA key exchange logic.

Change-Id: I6fa64ddc9d65564d05529d9b2985da7650d058c3
Reviewed-on: https://boringssl-review.googlesource.com/1301
Reviewed-by: Adam Langley <agl@google.com>

crypto/rsa/padding.c[diff]
include/openssl/rsa.h[diff]
ssl/s3_srvr.c[diff]

3 files changed

tree: 8ed8b414e23bb9e5d3c0e0026e0f1d263e8446e2

crypto/
doc/
include/
ssl/
tool/
util/
.clang-format
.gitignore
BUILDING
CMakeLists.txt