Discussion:
[openssl.org #3067] [PATCH] premaster_constant_time
Adam Langley via RT
2013-06-04 12:49:39 UTC
Permalink
This change alters the processing of invalid, RSA pre-master secrets so
that bad encryptions are treated like random session keys in constant
time.
Emilia Käsper via RT
2014-09-24 14:52:38 UTC
Permalink
And thanks once again!

This has now been backported from master commit

adb46dbc6dd7347750df2468c93e8c34bcb93a4b

to all other branches. Note that I rewrote the constant-time ops in the
follow-up commit

455b65dfab0de51c9f67b3c909311770f2b3f801

If you'd like to verify that I didn't mess up the rewrite, that'd be great!

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Adam Langley via RT
2014-09-24 18:06:44 UTC
Permalink
Post by Emilia Käsper via RT
If you'd like to verify that I didn't mess up the rewrite, that'd be great!
LGTM. Thanks! I'll have to steal that for BoringSSL :)


Cheers

AGL


______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Adam Langley
2014-09-24 17:58:09 UTC
Permalink
Post by Emilia Käsper via RT
If you'd like to verify that I didn't mess up the rewrite, that'd be great!
LGTM. Thanks! I'll have to steal that for BoringSSL :)


Cheers

AGL
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Emilia Käsper via RT
2014-10-07 14:47:18 UTC
Permalink
FYI,

https://rt.openssl.org/Ticket/Display.html?id=3558 may also be of interest.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Loading...