Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify the RSA_private_decrypt functions to check the padding in #8543

Closed
wants to merge 5 commits into from
Closed

Modify the RSA_private_decrypt functions to check the padding in #8543

wants to merge 5 commits into from

Conversation

bernd-edlinger
Copy link
Member

constant time with a memory access pattern that does not depend
on secret information.

@bernd-edlinger
Modify the RSA_private_decrypt functions to check the padding in
7edfba8 
constant time with a memory access pattern that does not depend
on secret information.

[extended tests]
@bernd-edlinger bernd-edlinger added branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch 1.1.0 branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch labels Mar 20, 2019
paulidale
paulidale approved these changes Mar 21, 2019
View reviewed changes
Copy link
Contributor

@paulidale paulidale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An explanatory comment is approved too.

@paulidale paulidale added the approval: done This pull request has the required number of approvals label Mar 21, 2019
@paulidale paulidale mentioned this pull request Mar 21, 2019
Open
@bernd-edlinger
Copy link
Member Author

bernd-edlinger commented Mar 21, 2019
edited

How about adding that to the comment above:

The loop below combines conditional moves by 2^X bytes. Each move
is enabled or disabled dependent on the bit set in the required
displacement. It has a complexity of O(N*log(N))).

@bernd-edlinger
fixup! Modify the RSA_private_decrypt functions to check the padding …
b5a10eb 
…in constant time with a memory access pattern that does not depend on secret information.
paulidale
paulidale reviewed Mar 21, 2019
View reviewed changes
crypto/rsa/rsa_oaep.c Outdated Show resolved Hide resolved
@bernd-edlinger
fixup! Modify the RSA_private_decrypt functions to check the padding …
d7ae99f 
…in constant time with a memory access pattern that does not depend on secret information.
@bernd-edlinger
Copy link
Member Author

Sorry, messages crossed.
I think I should say "it has an overall complexity" instead of "a" right?

paulidale
paulidale reviewed Mar 21, 2019
View reviewed changes
crypto/rsa/rsa_oaep.c Outdated Show resolved Hide resolved
@paulidale
Copy link
Contributor

yes, drop the "a".

@bernd-edlinger
fixup! Modify the RSA_private_decrypt functions to check the padding …
e95a72a 
…in constant time with a memory access pattern that does not depend on secret information.
@bernd-edlinger
fixup! Modify the RSA_private_decrypt functions to check the padding …
c773e0d 
…in constant time with a memory access pattern that does not depend on secret information.
@bernd-edlinger
Copy link
Member Author

yes, drop the "a".

good point. Thanks.

paulidale
paulidale approved these changes Mar 21, 2019
View reviewed changes
Copy link
Contributor

@paulidale paulidale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good now.

levitte pushed a commit that referenced this pull request Mar 22, 2019
@bernd-edlinger
Modify the RSA_private_decrypt functions to check the padding in
683403b 
constant time with a memory access pattern that does not depend
on secret information.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #8543)

(cherry picked from commit 9c0cf21)
levitte pushed a commit that referenced this pull request Mar 22, 2019
@bernd-edlinger
Modify the RSA_private_decrypt functions to check the padding in
9c0cf21 
constant time with a memory access pattern that does not depend
on secret information.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #8543)
levitte pushed a commit that referenced this pull request Mar 22, 2019
@bernd-edlinger
Modify the RSA_private_decrypt functions to check the padding in
8f58aa0 
constant time with a memory access pattern that does not depend
on secret information.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #8543)

(cherry picked from commit 9c0cf21)
levitte pushed a commit that referenced this pull request Mar 22, 2019
@bernd-edlinger
Modify the RSA_private_decrypt functions to check the padding in
c3e7bea 
constant time with a memory access pattern that does not depend
on secret information.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #8543)

(cherry picked from commit 9c0cf21)
@bernd-edlinger
Copy link
Member Author

Merged to all active branches. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulidale paulidale paulidale approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bernd-edlinger @paulidale