diff options
author | Emilia Kasper <emilia@openssl.org> | 2014-08-28 19:43:49 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2014-09-24 12:45:42 +0200 |
commit | 294d1e36c2495ff00e697c9ff622856d3114f14f (patch) | |
tree | 63ca3866af30d5cb93cead2221187810e430ffb8 /crypto/rsa/rsa_err.c | |
parent | 51b7be8d5fb7e20ccb4d38494ddd39bf4fea0924 (diff) |
RT3066: rewrite RSA padding checks to be slightly more constant time.
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1
This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Diffstat (limited to 'crypto/rsa/rsa_err.c')
-rw-r--r-- | crypto/rsa/rsa_err.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 6a5685ba52..60cf77cdb8 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -181,6 +181,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, +{ERR_REASON(RSA_R_PKCS_DECODING_ERROR) ,"pkcs decoding error"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, |