diff options
| author | tpashkin <tpashkin@yandex-team.ru> | 2022-02-10 16:46:41 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:46:41 +0300 |
| commit | 5475379a04e37df30085bd1724f1c57e3f40996f (patch) | |
| tree | 95d77e29785a3bd5be6260b1c9d226a551376ecf /contrib/libs/openssl/crypto/rsa/rsa_ssl.c | |
| parent | c3d34b9b40eb534dfd2c549342274f3d61844688 (diff) | |
| download | ydb-5475379a04e37df30085bd1724f1c57e3f40996f.tar.gz | |
Restoring authorship annotation for <tpashkin@yandex-team.ru>. Commit 1 of 2.
Diffstat (limited to 'contrib/libs/openssl/crypto/rsa/rsa_ssl.c')
| -rw-r--r-- | contrib/libs/openssl/crypto/rsa/rsa_ssl.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_ssl.c b/contrib/libs/openssl/crypto/rsa/rsa_ssl.c index e1c755ae46..a390e5198a 100644 --- a/contrib/libs/openssl/crypto/rsa/rsa_ssl.c +++ b/contrib/libs/openssl/crypto/rsa/rsa_ssl.c @@ -12,7 +12,7 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> -#include "internal/constant_time.h" +#include "internal/constant_time.h" int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen) @@ -20,7 +20,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -70,7 +70,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, if (tlen <= 0 || flen <= 0) return -1; - if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return -1; } @@ -147,8 +147,8 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); /* - * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. * Otherwise leave |to| unchanged. * Copy the memory back in a way that does not reveal the size of * the data being copied via a timing side channel. This requires copying @@ -156,16 +156,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, * length. Clear bits do a non-copy with identical access pattern. * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), - num - RSA_PKCS1_PADDING_SIZE, tlen); - for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); - for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); } for (i = 0; i < tlen; i++) { mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); |