#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
835b90a1 |
| 13-Feb-2023 |
ndossche |
Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime() BN_priv_rand_range_ex() and BN_add() both return a 0 on failure and a 1 on success. In case of failure, the algorithm s
Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime() BN_priv_rand_range_ex() and BN_add() both return a 0 on failure and a 1 on success. In case of failure, the algorithm should fail. However, the branch that it goes through on failure is "goto end", not "goto err". Therefore, the algorithm will return 1 which indicates success instead of 0 for failure, leading to potential problems for the callers. Fix it by changing the goto to "goto err" instead of "goto end". CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20279)
show more ...
|
#
d2f6e66d |
| 02-Nov-2022 |
slontis |
Improve FIPS RSA keygen performance. Reduce the Miller Rabin counts to the values specified by FIPS 186-5. The old code was using a fixed value of 64. Reviewed-by: Paul Dale <pa
Improve FIPS RSA keygen performance. Reduce the Miller Rabin counts to the values specified by FIPS 186-5. The old code was using a fixed value of 64. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19579)
show more ...
|
#
dd1d7bcb |
| 02-Nov-2022 |
slontis |
Improve FIPS RSA keygen performance. FIPS 186-4 has 5 different algorithms for key generation, and all of them rely on testing GCD(a,n) == 1 many times. Cachegrind was showing t
Improve FIPS RSA keygen performance. FIPS 186-4 has 5 different algorithms for key generation, and all of them rely on testing GCD(a,n) == 1 many times. Cachegrind was showing that during a RSA keygen operation, the function BN_gcd() was taking a considerable percentage of the total cycles. The default provider uses multiprime keygen, which seemed to be much faster. This is because it uses BN_mod_inverse() instead. For a 4096 bit key, the entropy of a key that was taking a long time to generate was recorded and fed back into subsequent runs. Roughly 40% of the cycle time was BN_gcd() with most of the remainder in the prime testing. Changing to use the inverse resulted in the cycle count being 96% in the prime testing. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19578)
show more ...
|
#
d2399d8c |
| 30-May-2022 |
slontis |
RSA keygen update: Raise an error if no prime candidate q is found. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: To
RSA keygen update: Raise an error if no prime candidate q is found. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18429)
show more ...
|
#
ad7e0fd5 |
| 30-May-2022 |
slontis |
RSA keygen fixes Fixes #18321 Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20. This matches the algorithm upda
RSA keygen fixes Fixes #18321 Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20. This matches the algorithm update made in FIPS 186-5. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18429)
show more ...
|
#
680827a1 |
| 05-Nov-2021 |
PW Hu |
Fix return value checking of BN_check_prime invocations Negative return value indicates an error so we bail out. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Kurt Roe
Fix return value checking of BN_check_prime invocations Negative return value indicates an error so we bail out. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16975)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
5ae86f28 |
| 21-Jun-2021 |
Shane Lontis |
Add table entries for fips 186-5 related to RSA auxiliary probable primes. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15845)
|
#
5cbd2ea3 |
| 28-May-2021 |
Pauli |
add zero strenght arguments to BN and RAND RNG calls Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
#
94553e85 |
| 19-Feb-2021 |
Shane Lontis |
Fix external symbols for bn Partial fix for #12964 This adds ossl_ names for symbols related to bn_* Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from htt
Fix external symbols for bn Partial fix for #12964 This adds ossl_ names for symbols related to bn_* Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14296)
show more ...
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
7c9a7cf1 |
| 16-Jun-2020 |
Shane Lontis |
Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 Fixes #11863 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072 Fixes #11863 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12162)
show more ...
|
#
d4bf0d57 |
| 16-Jun-2020 |
Nicola Tuveri |
Flag RSA secret BNs as consttime on keygen and checks <https://github.com/openssl/openssl/pull/11765> switched the default code path for keygen. External testing through Trigger
Flag RSA secret BNs as consttime on keygen and checks <https://github.com/openssl/openssl/pull/11765> switched the default code path for keygen. External testing through TriggerFlow highlighted that in several places we failed (once more!) to set the `BN_FLG_CONSTTIME` flag on critical secret values (either long term or temporary values). This commit tries to make sure that the secret BN values inside the `rsa struct` are always flagged on creation, and that temporary values derived from these secrets are flagged when allocated from a BN_CTX. Acknowledgments --------------- Thanks to @Voker57, @bbbrumley, @sohhas, @cpereida for the [OpenSSL Triggerflow CI] ([paper]) through which this defect was detected and tested, and for providing early feedback to fix the issue! [OpenSSL Triggerflow CI]: https://gitlab.com/nisec/openssl-triggerflow-ci [paper]: https://eprint.iacr.org/2019/366 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12167)
show more ...
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
454afd98 |
| 15-May-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11839)
|
#
a6ed19dc |
| 27-Apr-2020 |
Shourya Shukla |
Amend references to "OpenSSL license" A small number of files contain references to the "OpenSSL license" which has been deprecated and replaced by the "Apache License 2.0". Amend th
Amend references to "OpenSSL license" A small number of files contain references to the "OpenSSL license" which has been deprecated and replaced by the "Apache License 2.0". Amend the occurences. Fixes #11649 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11663)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
fd4a6e7d |
| 23-Oct-2019 |
Kurt Roeckx |
RSA generation: Use more bits of 1/sqrt(2) The old version always sets the top 2 bits, so the most significate byte of the primes was always >= 0xC0. We now use 256 bits to represent
RSA generation: Use more bits of 1/sqrt(2) The old version always sets the top 2 bits, so the most significate byte of the primes was always >= 0xC0. We now use 256 bits to represent 1/sqrt(2) = 0x0.B504F333F9DE64845... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #10246
show more ...
|
#
42619397 |
| 06-Oct-2019 |
Kurt Roeckx |
Add BN_check_prime() Add a new API to test for primes that can't be misused, deprecated the old APIs. Suggested by Jake Massimo and Kenneth Paterson Reviewed-by: Paul D
Add BN_check_prime() Add a new API to test for primes that can't be misused, deprecated the old APIs. Suggested by Jake Massimo and Kenneth Paterson Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #9272
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
#
25f2138b |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: W
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
2934be91 |
| 04-Jul-2019 |
Matt Caswell |
Make sure all BIGNUM operations work within the FIPS provider The FIPS provider does not have a default OPENSSL_CTX so, where necessary, we need to ensure we can always access an explici
Make sure all BIGNUM operations work within the FIPS provider The FIPS provider does not have a default OPENSSL_CTX so, where necessary, we need to ensure we can always access an explicit OPENSSL_CTX. We remove functions from the FIPS provider that use the default OPENSSL_CTX, and fixup some places which were using those removed functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9310)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
8240d5fa |
| 04-Jul-2018 |
Shane Lontis |
FIPS 186-4 RSA Generation & Validation Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull
FIPS 186-4 RSA Generation & Validation Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6652)
show more ...
|