diff options
author | Rob Austein <sra@hactrn.net> | 2017-04-06 21:16:38 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2017-04-06 21:16:38 -0400 |
commit | 1386e9b75feeff4ed5446b0169d286e54d7317ff (patch) | |
tree | 30124c5509a546057ed5c55ab1620904808b0682 /rpc_pkcs1.c | |
parent | 3828bd1d72c5fd3d3e0bac4548aee9594f63b3ca (diff) |
Defend against Bleichenbacher's Attack in hal_rpc_pkey_import().
Borrowing an idea from PyCrypto, we substitute CSPRNG output for the
value of a decrypted KEK if the PKCS #1.5 type 02 block format check
fails. Done properly, this should be very close to constant-time, and
should make it harder to use hal_rpc_pkey_import() as an oracle.
Diffstat (limited to 'rpc_pkcs1.c')
0 files changed, 0 insertions, 0 deletions