openbsd/src/lib/libcrypto/rsa, branch libressl-v2.6.4 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.6.4 2017-08-30T16:07:35+00:00 Bring back the RSA_SSLV23_PADDING define. 2017-08-30T16:07:35+00:00 jsing 2017-08-30T16:07:35+00:00 urn:sha1:e93767c2b5f30f3ec6c7482212044b9300295b55 Several pieces of software expect this to be available unconditionally. Remove RSA_padding_add_SSLv23()/RSA_padding_check_SSLv23() and related 2017-08-28T17:41:59+00:00 jsing 2017-08-28T17:41:59+00:00 urn:sha1:0382c9253ad062352e3b0e86758368e59d99d3ba code. We removed SSLv2/SSLv3 a long time ago... Discussed with doug@ use freezero() instead of memset/explicit_bzero + free. Substantially 2017-05-02T03:59:45+00:00 deraadt 2017-05-02T03:59:45+00:00 urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291 reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck revert previous accidental commit 2017-04-28T22:46:40+00:00 beck 2017-04-28T22:46:40+00:00 urn:sha1:1a022d2b7f958fffe8e920e5510d226f01a2b3d0 *** empty log message *** 2017-04-28T22:38:51+00:00 beck 2017-04-28T22:38:51+00:00 urn:sha1:f3ff740b7de3b8362cbe53c139cf85019ce7378c Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggested 2017-01-25T06:15:44+00:00 beck 2017-01-25T06:15:44+00:00 urn:sha1:f741256ec38e0e3f1664f26f154e27323aa56472 by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@ Add ct and nonct versions of BN_mod_inverse for internal use 2017-01-21T11:00:47+00:00 beck 2017-01-21T11:00:47+00:00 urn:sha1:48df727a3547375dae8622c34fb55bdf5ef2c44c ok jsing@ Split out BN_div and BN_mod into ct and nonct versions for Internal use. 2017-01-21T10:38:29+00:00 beck 2017-01-21T10:38:29+00:00 urn:sha1:55a172a1ed5b0cd8f7de3628fcc2e56df6716d59 ok jsing@ Make explicit _ct and _nonct versions of bn_mod_exp funcitons that 2017-01-21T09:38:59+00:00 beck 2017-01-21T09:38:59+00:00 urn:sha1:a0a595cda97de2b217b0582cfa601ee4c746bfce matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@