Emilia Kasper 294d1e36c2 RT3066: rewrite RSA padding checks to be slightly more constant time.
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-09-24 12:45:42 +02:00
..
2014-09-05 17:18:06 +02:00
2014-08-28 17:17:36 -04:00
2014-09-20 10:20:38 +02:00
2014-07-08 22:24:44 +02:00
2011-02-03 12:03:51 +00:00
2014-03-28 14:49:04 +00:00
2014-09-09 17:10:15 -04:00
2014-02-19 20:09:08 +00:00
2014-06-28 00:06:13 +01:00
2014-09-08 10:37:28 -04:00
2014-08-30 19:17:09 +02:00
2011-02-21 17:51:59 +00:00
2014-08-06 20:36:41 +01:00
2014-05-29 14:33:32 +01:00
2014-07-08 22:24:44 +02:00
2014-09-20 10:20:38 +02:00
2014-08-06 20:36:41 +01:00
2014-08-18 11:49:16 -04:00
2014-06-01 17:21:06 +02:00
2014-06-01 17:21:06 +02:00
2014-06-01 17:21:06 +02:00
2014-02-19 18:02:04 +00:00
2014-09-20 10:20:38 +02:00
2014-07-08 22:24:44 +02:00
2007-06-23 18:47:51 +00:00
2009-04-20 11:33:12 +00:00
2012-06-03 22:00:21 +00:00
2011-05-19 18:09:02 +00:00
2013-01-19 21:23:13 +01:00
2014-02-19 18:02:04 +00:00
2014-07-20 14:16:31 +02:00
2014-07-20 14:16:31 +02:00
2014-06-04 08:34:18 +02:00
2014-07-04 13:26:35 +01:00
2012-09-17 17:21:58 +00:00
2003-11-28 13:10:58 +00:00