Skip to content
Commit 1e3f62a3 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

RSA_padding_check_PKCS1_type_2 is not constant time. 



This is an inherent weakness of the padding mode. We can't make the
implementation constant time (see the comments in rsa_pk1.c), so add a
warning to the docs.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent ff0426cc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment