Emilia Kasper 9bed73adaa RT3066: rewrite RSA padding checks to be slightly more constant time.
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Conflicts:
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c
	ssl/s3_cbc.c
2014-09-24 12:47:19 +02:00
..
2014-09-23 18:20:26 +02:00
2014-09-20 10:22:13 +02:00
2014-07-09 22:45:38 +02:00
2011-02-03 12:03:57 +00:00
2014-09-09 17:10:57 -04:00
2013-12-01 23:09:44 +00:00
2013-01-20 01:10:03 +00:00
2014-06-28 00:06:32 +01:00
2014-09-08 10:38:08 -04:00
2009-12-09 15:00:20 +00:00
2013-01-13 21:06:36 +00:00
2014-08-30 19:18:12 +02:00
2014-08-06 20:41:24 +01:00
2014-05-29 13:49:50 +01:00
2013-01-15 16:24:07 +00:00
2014-07-09 22:45:38 +02:00
2013-01-13 21:06:36 +00:00
2014-09-20 10:22:13 +02:00
2014-08-06 20:41:24 +01:00
2009-02-19 09:42:51 +00:00
2014-04-22 17:00:52 +01:00
2014-09-23 18:20:26 +02:00
2011-08-12 12:31:08 +00:00
2014-06-10 23:20:55 +02:00
2014-06-10 23:20:55 +02:00
2014-06-10 23:20:55 +02:00
2013-02-06 13:56:12 +00:00
2011-10-21 13:04:27 +00:00
2011-06-21 16:58:10 +00:00
2014-09-20 10:22:13 +02:00
2014-07-09 22:45:38 +02:00
2007-06-23 18:47:51 +00:00
2009-04-16 17:22:51 +00:00
2012-06-03 22:03:37 +00:00
2014-02-01 22:48:56 +01:00
2013-08-19 21:55:07 +01:00
2013-08-19 21:55:07 +01:00
2013-05-20 00:16:18 +02:00
2013-05-20 00:16:18 +02:00
2003-11-28 13:10:58 +00:00