diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2020-03-17 21:27:57 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2020-03-17 21:27:57 +0000 |
| commit | aa144ced5d61b5c7fb74acaebb37d85bd08f0416 (patch) | |
| tree | 2de6902cff4b007f4fae30a7d6c546b4dd3d1740 /crypto/rsa/rsa_ssl.c | |
| parent | fbc3ad1ae1976eb5f2bac351260f2c5ee255c27f (diff) | |
| download | src-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.tar.gz src-aa144ced5d61b5c7fb74acaebb37d85bd08f0416.zip | |
Import OpenSSL 1.1.1e.vendor/openssl/1.1.1e
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=359051
svn path=/vendor-crypto/openssl/1.1.1e/; revision=359052; tag=vendor/openssl/1.1.1e
Diffstat (limited to 'crypto/rsa/rsa_ssl.c')
| -rw-r--r-- | crypto/rsa/rsa_ssl.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 3859128a6d80..1f155be175da 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -12,7 +12,7 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen) @@ -20,7 +20,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - 11)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -70,7 +70,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, if (tlen <= 0 || flen <= 0) return -1; - if (flen > num || num < 11) { + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return -1; } @@ -141,8 +141,8 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); /* - * Move the result in-place by |num|-11-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+11 to |to|. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. * Otherwise leave |to| unchanged. * Copy the memory back in a way that does not reveal the size of * the data being copied via a timing side channel. This requires copying @@ -150,16 +150,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, * length. Clear bits do a non-copy with identical access pattern. * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num - 11, tlen), - num - 11, tlen); - for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0); - for (i = 11; i < num - msg_index; i++) + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); } for (i = 0; i < tlen; i++) { mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + 11], to[i]); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); |