On 2019-06-02 23:39:22 [+0200], Kurt Roeckx wrote:
> > So, I added a small test for RSA_SSLV23_PADDING, as an extra commit,
> > since it will likely not cherry-pick in stable branches.
>
> It's about this change:
> - good &= constant_time_lt(threes_in_row, 8);
> + good &= constant_time_ge(threes_in_row, 8);
>
> (That should probably have been a separate commit.)
>
> Can you confirm that that is the reason for the change in
> behaviour?
yes, I confirm that this is the change that makes the testcase fail.
> I don't understand the m2crypto code, so I have no idea what it's
> testing.
So if I decoded it right, it does
| fbuf = sha1("The magic words are squeamish ossifrage."); /* 0xbf, 0xf0,
0x04 … */
| flen = RSA_public_encrypt(20, fbuf, tobuf, )
| /* flen -> 128 */
| r = RSA_private_decrypt(128, tobuf, tobuf2, )
before the change, RSA_private_decrypt() used to return an error
r -> -1, rsa routines|rsa_ossl_private_decrypt|padding check failed>
after that, it return `20' and probably passes. Would it be likely that
m2crypto tested that an openssl bug existed which got fixed?
> Kurt
Sebastian
