openbsd/src/lib/libcrypto/bn, branch libressl-v3.2.3A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v3.2.32020-09-12T17:16:36+00:00Unindent a bit of code that performs a few too many checks to2020-09-12T17:16:36+00:00tb2020-09-12T17:16:36+00:00urn:sha1:ad25ca1fcd0c9ca48a2fcd6e68367cd74d82b01f
figure out whether top > 0 or top == 0.
Avoid an out-of-bounds access in BN_rand()2020-09-12T15:24:39+00:00tb2020-09-12T15:24:39+00:00urn:sha1:1e0b199599db7da1624618b2509c1d58106f35f7
If BN_rand() is called with top > 0 and bits == 1, it would allocate
a buf[] of size 1 and set the top bit of buf[1].
Found in OpenSSL commit efee575ad464bfb60bf72dcb73f9b51768f4b1a1 while
looking for something else.
ok beck djm inoguchi
Change generating and checking of primes so that the error rate of2019-08-25T19:24:00+00:00schwarze2019-08-25T19:24:00+00:00urn:sha1:0fd355ae5ac95f1b4265d2c28d096b63de52a902
not being prime depends on the intended use based on the size of
the input. For larger primes this will result in more rounds of
Miller-Rabin. The maximal error rate for primes with more than
1080 bits is lowered to 2^-128.
Patch from Kurt Roeckx <kurt@roeckx.be> and Annie Yousar
via OpenSSL commit feac7a1c Jul 25 18:55:16 2018 +0200,
still under a free license.
OK tb@.
make BN_CTX_end(NULL) a NOOP for compatibility with documented behaviour2019-08-20T10:59:09+00:00schwarze2019-08-20T10:59:09+00:00urn:sha1:4569778023d8d4ec0159e09baa48f5f397ff8847
in OpenSSL 1.1.1 even though in general, letting random functions
accept NULL is not advisable because it can hide programming errors;
"yes please" tb@
"unfortunately I suspect you're right" jsing@
"oh well" deraadt@
Make BN_num_bits_word() constant time.2019-06-17T17:11:48+00:00tb2019-06-17T17:11:48+00:00urn:sha1:aad713565aa006bc353dc31ecaa5e9f0aa3de235
Previously, this function would leak the most significant word of its
argument due to branching and memory access pattern. This patch is
enough to fix the use of BN_num_bits() on RSA prime factors in the
library.
The diff is a simplified and more readable (but perhaps less efficient)
version of https://github.com/openssl/openssl/commit/972c87df
by Andy Polyakov and David Benjamin (pre license change). Consult that
commit message for details. Subsequent fixes to follow in the near future.
Issue pointed out by David Schrammel and Samuel Weiser as part of
a larger report.
tests & ok inoguchi, ok jsing
Add range checks to varios ASN1_INTEGER functions to ensure the2019-03-23T18:48:15+00:00beck2019-03-23T18:48:15+00:00urn:sha1:c7b9ffc836ad7a05586d7c83c368d784af9cacda
sizes used remain a positive integer. Should address issue
13799 from oss-fuzz
ok tb@ jsing@
Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.2019-01-20T01:56:59+00:00tb2019-01-20T01:56:59+00:00urn:sha1:4d359baaefb1597abf730cf3a09574e1e03d620b
From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, jsing
Flip reversed test in bn_rand_interval().2018-11-06T06:49:45+00:00tb2018-11-06T06:49:45+00:00urn:sha1:a8249222cfc2738a9d25e498cd781c3b188cb9e0
ok jsing
Introduce bn_rand_interval() that allows specifying an interval [a, b)2018-11-05T23:52:47+00:00tb2018-11-05T23:52:47+00:00urn:sha1:180c3e4250e4e8ea8cdade42002a7fd6564d66c2
from which a a BIGNUM is chosen uniformly at random.
ok beck jsing
Use a size_t instead of an int for the byte count in BN_swap_ct().2018-07-23T18:14:32+00:00tb2018-07-23T18:14:32+00:00urn:sha1:1b961cfb65c1f00f26f20454324577edec589a1b
Since bignums use ints for the same purpose, this still uses an int
internally after an overflow check.
Suggested by and discussed with jsing.
ok inoguchi, jsing