openbsd/src/lib/libcrypto/bn, branch OPENBSD_6_3_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_6_3_BASE 2018-02-20T17:13:14+00:00 Provide BN_GENCB_new(), BN_GENCB_free() and BN_GENCB_get_arg() 2018-02-20T17:13:14+00:00 jsing 2018-02-20T17:13:14+00:00 urn:sha1:293a70c9811459080f491f606e3ce48530401462 Provide BN_get_rfc2409_prime_*() and BN_get_rfc3526_prime_*(). 2018-02-20T17:02:30+00:00 jsing 2018-02-20T17:02:30+00:00 urn:sha1:b647d28a68beee37f49a7301d01f2895030f0682 use freezero() instead of memset/explicit_bzero + free. Substantially 2017-05-02T03:59:45+00:00 deraadt 2017-05-02T03:59:45+00:00 urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291 reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggested 2017-01-25T06:15:44+00:00 beck 2017-01-25T06:15:44+00:00 urn:sha1:f741256ec38e0e3f1664f26f154e27323aa56472 by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@ use BN_div_nonct where it is safe to do so. 2017-01-21T23:02:53+00:00 beck 2017-01-21T23:02:53+00:00 urn:sha1:9936e217a29ea9f6450025fa200ac9b8088071b0 ok guenther@ Add ct and nonct versions of BN_mod_inverse for internal use 2017-01-21T11:00:47+00:00 beck 2017-01-21T11:00:47+00:00 urn:sha1:48df727a3547375dae8622c34fb55bdf5ef2c44c ok jsing@ Split out BN_div and BN_mod into ct and nonct versions for Internal use. 2017-01-21T10:38:29+00:00 beck 2017-01-21T10:38:29+00:00 urn:sha1:55a172a1ed5b0cd8f7de3628fcc2e56df6716d59 ok jsing@ Make explicit _ct and _nonct versions of bn_mod_exp funcitons that 2017-01-21T09:38:59+00:00 beck 2017-01-21T09:38:59+00:00 urn:sha1:a0a595cda97de2b217b0582cfa601ee4c746bfce matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@ /usr/bin/unifdef -D MONT_MUL_MOD -D MONT_EXP_WORD -D RECP_MUL_MOD -m bn_exp.c 2017-01-21T04:34:16+00:00 beck 2017-01-21T04:34:16+00:00 urn:sha1:31dfbaab5a16857bb52fb54f901acd28b7fd7906 with some style cleanup after. no binary change ok jsing@