commit | 0aa0767340baf925bda4804882aab0cb974b2d26 | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@chromium.org> | Thu Jul 24 15:34:14 2014 -0400 |
committer | Adam Langley <agl@google.com> | Fri Jul 25 20:25:15 2014 +0000 |
tree | 8ed8b414e23bb9e5d3c0e0026e0f1d263e8446e2 | |
parent | 86271ee9f866cd83d9e37ab1ba1218ebefb336aa [diff] |
Improve constant-time padding check in RSA key exchange. Although the PKCS#1 padding check is internally constant-time, it is not constant time at the crypto/ ssl/ API boundary. Expose a constant-time RSA_message_index_PKCS1_type_2 function and integrate it into the timing-sensitive portion of the RSA key exchange logic. Change-Id: I6fa64ddc9d65564d05529d9b2985da7650d058c3 Reviewed-on: https://boringssl-review.googlesource.com/1301 Reviewed-by: Adam Langley <agl@google.com>