Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
common: Add support for implicit rejection for RSA PKCS#1 v1.5 de-pad…
…ding Implicit rejection returns a pseudo random message in case the RSA PKCS#1 v1.5 padding is incorrect, but returns no error. The pseudo random message is based on static secret data (the private exponent) and the provided ciphertext, so that the attacker cannot determine that the returned value is randomly generated instead of the result of decryption and de-padding. The implicit rejection algorithm is the same as used by OpenSSL. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
- Loading branch information