Improvements in constant-time OAEP decoding.

This change adds a new function, BN_bn2bin_padded, that attempts, as much as possible, to serialise a BIGNUM in constant time. This is used to avoid some timing leaks in RSA decryption.
author: Adam Langley <agl@chromium.org> 2014-06-20 23:00:00 +0400
committer: Adam Langley <agl@chromium.org> 2014-06-21 00:17:37 +0400
commit: 6887edb917ba9ecbed85f9d63ec36638b1d1dbb6 (patch)
tree: f7b5e79542b15d85b999a2351c3964c8e34a145f /crypto/rsa/internal.h
parent: aacec17a630eacfb8023a4a3075f0ea51629eb98 (diff)
1 files changed, 6 insertions, 15 deletions
diff --git a/crypto/rsa/internal.h b/crypto/rsa/internal.h
index f697940a..190596b9 100644
--- a/crypto/rsa/internal.h
+++ b/crypto/rsa/internal.h
@@ -95,36 +95,27 @@ BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx);
 int RSA_padding_add_PKCS1_type_1(uint8_t *to, unsigned to_len,
                                  const uint8_t *from, unsigned from_len);
 int RSA_padding_check_PKCS1_type_1(uint8_t *to, unsigned to_len,
-                                   const uint8_t *from, unsigned from_len,
-                                   unsigned rsa_len);
+                                   const uint8_t *from, unsigned from_len);
 int RSA_padding_add_PKCS1_type_2(uint8_t *to, unsigned to_len,
                                  const uint8_t *from, unsigned from_len);
 int RSA_padding_check_PKCS1_type_2(uint8_t *to, unsigned to_len,
-                                   const uint8_t *from, unsigned from_len,
-                                   unsigned rsa_len);
+                                   const uint8_t *from, unsigned from_len);
 int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, unsigned to_len,
                                     const uint8_t *from, unsigned from_len,
                                     const uint8_t *param, unsigned plen,
                                     const EVP_MD *md, const EVP_MD *mgf1md);
 int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned to_len,
                                       const uint8_t *from, unsigned from_len,
-                                      unsigned num, const uint8_t *param,
-                                      unsigned plen, const EVP_MD *md,
-                                      const EVP_MD *mgf1md);
-int RSA_padding_add_PKCS1_OAEP(uint8_t *to, unsigned to_len,
-                               const uint8_t *from, unsigned from_len,
-                               const uint8_t *p, unsigned pl);
-int RSA_padding_check_PKCS1_OAEP(uint8_t *to, unsigned to_len,
-                                 const uint8_t *from, unsigned from_len,
-                                 unsigned rsa_len, const uint8_t *p, unsigned pl);
+                                      const uint8_t *param, unsigned plen,
+                                      const EVP_MD *md, const EVP_MD *mgf1md);
 int RSA_padding_add_SSLv23(uint8_t *to, unsigned to_len, const uint8_t *from,
                            unsigned from_len);
 int RSA_padding_check_SSLv23(uint8_t *to, unsigned to_len, const uint8_t *from,
-                             unsigned from_len, unsigned rsa_len);
+                             unsigned from_len);
 int RSA_padding_add_none(uint8_t *to, unsigned to_len, const uint8_t *from,
                          unsigned from_len);
 int RSA_padding_check_none(uint8_t *to, unsigned to_len, const uint8_t *from,
-                           unsigned from_len, unsigned rsa_len);
+                           unsigned from_len);
 
 /* RSA_verify_PKCS1_PSS_mgf1 */
 int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash,
author	Adam Langley <agl@chromium.org>	2014-06-20 23:00:00 +0400
committer	Adam Langley <agl@chromium.org>	2014-06-21 00:17:37 +0400
commit	6887edb917ba9ecbed85f9d63ec36638b1d1dbb6 (patch)
tree	f7b5e79542b15d85b999a2351c3964c8e34a145f /crypto/rsa/internal.h
parent	aacec17a630eacfb8023a4a3075f0ea51629eb98 (diff)