openbsd/src/lib/libcrypto/dsa, branch libressl-v2.6.5

openbsd/src/lib/libcrypto/dsa, branch libressl-v2.6.5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.6.5 2018-06-13T15:07:19+00:00 MFC: Avoid a timing side-channel leak when generating DSA and ECDSA 2018-06-13T15:07:19+00:00 jsing 2018-06-13T15:07:19+00:00 urn:sha1:b7f92fb83a3deedd2af121feaaaa3e70fae56eca signatures. This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@ use freezero() instead of memset/explicit_bzero + free. Substantially 2017-05-02T03:59:45+00:00 deraadt 2017-05-02T03:59:45+00:00 urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291 reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Add ct and nonct versions of BN_mod_inverse for internal use 2017-01-21T11:00:47+00:00 beck 2017-01-21T11:00:47+00:00 urn:sha1:48df727a3547375dae8622c34fb55bdf5ef2c44c ok jsing@ Split out BN_div and BN_mod into ct and nonct versions for Internal use. 2017-01-21T10:38:29+00:00 beck 2017-01-21T10:38:29+00:00 urn:sha1:55a172a1ed5b0cd8f7de3628fcc2e56df6716d59 ok jsing@ Make explicit _ct and _nonct versions of bn_mod_exp funcitons that 2017-01-21T09:38:59+00:00 beck 2017-01-21T09:38:59+00:00 urn:sha1:a0a595cda97de2b217b0582cfa601ee4c746bfce matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@ Expand ASN1_ITEM_rptr macro - no change in generated assembly. 2016-12-30T15:28:42+00:00 jsing 2016-12-30T15:28:42+00:00 urn:sha1:9abb4e3e6af169bb9250abceb9ac5f988efd027d Explicitly export a list of symbols from libcrypto. 2016-12-21T15:49:29+00:00 jsing 2016-12-21T15:49:29+00:00 urn:sha1:18adabd97858ed28289c9dc31e8042c515840be4 Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@ Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* with 2016-11-04T18:35:30+00:00 jsing 2016-11-04T18:35:30+00:00 urn:sha1:1f8672c818cfdd9f4dd34f5ab1bdc1bbf575321d ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@ unifdef OPENSSL_NO_CMS 2016-10-19T16:49:11+00:00 jsing 2016-10-19T16:49:11+00:00 urn:sha1:2a3b8c956b102b5686a0e8569612a0edb275f365