openbsd/src/lib/libcrypto/bn, branch libressl-v3.4.1 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.4.1 2021-09-10T14:33:44+00:00 Expose BN_bn2{,le}binpad() and BN_lebin2bn() in <openssl/bn.h> 2021-09-10T14:33:44+00:00 tb 2021-09-10T14:33:44+00:00 urn:sha1:9c7f18263be772997a3fc69b29db311365ee986a ok beck inoguchi Expose BN_RAND_* in <openssl/bn.h> 2021-09-10T14:32:05+00:00 tb 2021-09-10T14:32:05+00:00 urn:sha1:a7a8157da1afa7599cecd9217d06cce21e3ad67f ok beck jsing Prepare to provide BN_RAND_* flags for BN_rand_range() 2021-09-10T09:08:03+00:00 tb 2021-09-10T09:08:03+00:00 urn:sha1:94aeb3e2fd2aa6f535f045b0ee734b5d1742522f ok beck jsing Prepare to provide BN_bn2{,le}binpad() and BN_lebin2bn() 2021-09-08T12:19:17+00:00 tb 2021-09-08T12:19:17+00:00 urn:sha1:229cf417ae65dfb488927f3e25593d1dc2aad539 As found by jsg and patrick, this is needed for newer uboot and will also be used in upcoming elliptic curve work. This is from OpenSSL 1.1.1l with minor style tweaks. ok beck inoguchi whitespace 2021-08-31T11:19:19+00:00 tb 2021-08-31T11:19:19+00:00 urn:sha1:a5a732ed4c036cb60cfcda0d1737f1d383c2b3d0 Unindent a bit of code that performs a few too many checks to 2020-09-12T17:16:36+00:00 tb 2020-09-12T17:16:36+00:00 urn:sha1:ad25ca1fcd0c9ca48a2fcd6e68367cd74d82b01f figure out whether top > 0 or top == 0. Avoid an out-of-bounds access in BN_rand() 2020-09-12T15:24:39+00:00 tb 2020-09-12T15:24:39+00:00 urn:sha1:1e0b199599db7da1624618b2509c1d58106f35f7 If BN_rand() is called with top > 0 and bits == 1, it would allocate a buf[] of size 1 and set the top bit of buf[1]. Found in OpenSSL commit efee575ad464bfb60bf72dcb73f9b51768f4b1a1 while looking for something else. ok beck djm inoguchi Change generating and checking of primes so that the error rate of 2019-08-25T19:24:00+00:00 schwarze 2019-08-25T19:24:00+00:00 urn:sha1:0fd355ae5ac95f1b4265d2c28d096b63de52a902 not being prime depends on the intended use based on the size of the input. For larger primes this will result in more rounds of Miller-Rabin. The maximal error rate for primes with more than 1080 bits is lowered to 2^-128. Patch from Kurt Roeckx <kurt@roeckx.be> and Annie Yousar via OpenSSL commit feac7a1c Jul 25 18:55:16 2018 +0200, still under a free license. OK tb@. make BN_CTX_end(NULL) a NOOP for compatibility with documented behaviour 2019-08-20T10:59:09+00:00 schwarze 2019-08-20T10:59:09+00:00 urn:sha1:4569778023d8d4ec0159e09baa48f5f397ff8847 in OpenSSL 1.1.1 even though in general, letting random functions accept NULL is not advisable because it can hide programming errors; "yes please" tb@ "unfortunately I suspect you're right" jsing@ "oh well" deraadt@ Make BN_num_bits_word() constant time. 2019-06-17T17:11:48+00:00 tb 2019-06-17T17:11:48+00:00 urn:sha1:aad713565aa006bc353dc31ecaa5e9f0aa3de235 Previously, this function would leak the most significant word of its argument due to branching and memory access pattern. This patch is enough to fix the use of BN_num_bits() on RSA prime factors in the library. The diff is a simplified and more readable (but perhaps less efficient) version of https://github.com/openssl/openssl/commit/972c87df by Andy Polyakov and David Benjamin (pre license change). Consult that commit message for details. Subsequent fixes to follow in the near future. Issue pointed out by David Schrammel and Samuel Weiser as part of a larger report. tests & ok inoguchi, ok jsing