RT3066: rewrite RSA padding checks to be slightly more constant time.

Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2014-08-28 19:43:49 +0200
committer: Emilia Kasper <emilia@openssl.org> 2014-09-24 12:45:42 +0200
commit: 294d1e36c2495ff00e697c9ff622856d3114f14f (patch)
tree: 63ca3866af30d5cb93cead2221187810e430ffb8 /crypto/rsa/rsa_err.c
parent: 51b7be8d5fb7e20ccb4d38494ddd39bf4fea0924 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 6a5685ba52..60cf77cdb8 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -181,6 +181,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
 {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
+{ERR_REASON(RSA_R_PKCS_DECODING_ERROR)   ,"pkcs decoding error"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
 {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
author	Emilia Kasper <emilia@openssl.org>	2014-08-28 19:43:49 +0200
committer	Emilia Kasper <emilia@openssl.org>	2014-09-24 12:45:42 +0200
commit	294d1e36c2495ff00e697c9ff622856d3114f14f (patch)
tree	63ca3866af30d5cb93cead2221187810e430ffb8 /crypto/rsa/rsa_err.c
parent	51b7be8d5fb7e20ccb4d38494ddd39bf4fea0924 (diff)