[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Thu Apr 27 00:57:47 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 7ae8106af87f1d9f94bbc9ac65b819f0473cf57e (commit)
from 56e5d5498d557fe1ab0a360ddcda2931d976ec62 (commit)
- Log -----------------------------------------------------------------
commit 7ae8106af87f1d9f94bbc9ac65b819f0473cf57e
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Wed Apr 26 09:59:18 2017 +0200
Remove unnecessary loop in pkey_rsa_decrypt.
It is not necessary to remove leading zeros here because
RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done
in constant time, this might have leaked timing information.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3313)
(cherry picked from commit 237bc6c997e42295eeb32c8c1c709e6e6042b839)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_pmeth.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index db4fb0f..2d1dffb 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -302,19 +302,14 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
- int i;
if (!setup_tbuf(rctx, ctx))
return -1;
ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
ctx->pkey->pkey.rsa, RSA_NO_PADDING);
if (ret <= 0)
return ret;
- for (i = 0; i < ret; i++) {
- if (rctx->tbuf[i])
- break;
- }
- ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf + i,
- ret - i, ret,
+ ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf,
+ ret, ret,
rctx->oaep_label,
rctx->oaep_labellen,
rctx->md, rctx->mgf1md);
More information about the openssl-commits
mailing list