History log of /openssl/crypto/bn/bn_rsa_fips186_4.c (Results 1 – 22 of 22)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# da1c088f 07-Sep-2023 Matt Caswell

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes


# 835b90a1 13-Feb-2023 ndossche

Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime()

BN_priv_rand_range_ex() and BN_add() both return a 0 on failure and a 1
on success. In case of failure, the algorithm s

Fix incorrect error branch in ossl_bn_rsa_fips186_4_derive_prime()

BN_priv_rand_range_ex() and BN_add() both return a 0 on failure and a 1
on success. In case of failure, the algorithm should fail. However, the
branch that it goes through on failure is "goto end", not "goto err".
Therefore, the algorithm will return 1 which indicates success instead
of 0 for failure, leading to potential problems for the callers.
Fix it by changing the goto to "goto err" instead of "goto end".

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20279)

show more ...


# d2f6e66d 02-Nov-2022 slontis

Improve FIPS RSA keygen performance.

Reduce the Miller Rabin counts to the values specified by FIPS 186-5.
The old code was using a fixed value of 64.

Reviewed-by: Paul Dale <pa

Improve FIPS RSA keygen performance.

Reduce the Miller Rabin counts to the values specified by FIPS 186-5.
The old code was using a fixed value of 64.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19579)

show more ...


# dd1d7bcb 02-Nov-2022 slontis

Improve FIPS RSA keygen performance.

FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.

Cachegrind was showing t

Improve FIPS RSA keygen performance.

FIPS 186-4 has 5 different algorithms for key generation,
and all of them rely on testing GCD(a,n) == 1 many times.

Cachegrind was showing that during a RSA keygen operation,
the function BN_gcd() was taking a considerable percentage
of the total cycles.

The default provider uses multiprime keygen, which seemed to
be much faster. This is because it uses BN_mod_inverse()
instead.

For a 4096 bit key, the entropy of a key that was taking a
long time to generate was recorded and fed back into subsequent
runs. Roughly 40% of the cycle time was BN_gcd() with most of the
remainder in the prime testing. Changing to use the inverse
resulted in the cycle count being 96% in the prime testing.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19578)

show more ...


# d2399d8c 30-May-2022 slontis

RSA keygen update: Raise an error if no prime candidate q is found.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: To

RSA keygen update: Raise an error if no prime candidate q is found.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)

show more ...


# ad7e0fd5 30-May-2022 slontis

RSA keygen fixes

Fixes #18321

Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20.
This matches the algorithm upda

RSA keygen fixes

Fixes #18321

Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20.
This matches the algorithm update made in FIPS 186-5.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)

show more ...


# 680827a1 05-Nov-2021 PW Hu

Fix return value checking of BN_check_prime invocations

Negative return value indicates an error so we bail out.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roe

Fix return value checking of BN_check_prime invocations

Negative return value indicates an error so we bail out.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16975)

show more ...


# 1287dabd 26-Oct-2021 x2018

fix some code with obvious wrong coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org

fix some code with obvious wrong coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16918)

show more ...


# 5ae86f28 21-Jun-2021 Shane Lontis

Add table entries for fips 186-5 related to RSA auxiliary probable
primes.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15845)


# 5cbd2ea3 28-May-2021 Pauli

add zero strenght arguments to BN and RAND RNG calls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)


Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13
# 8020d79b 11-Mar-2021 Matt Caswell

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)


# 94553e85 19-Feb-2021 Shane Lontis

Fix external symbols for bn

Partial fix for #12964

This adds ossl_ names for symbols related to bn_*

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from htt

Fix external symbols for bn

Partial fix for #12964

This adds ossl_ names for symbols related to bn_*

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14296)

show more ...


Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4
# 7c9a7cf1 16-Jun-2020 Shane Lontis

Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072

Fixes #11863

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1

Add fix for RSA keygen in FIPS using keysizes 2048 < bits < 3072

Fixes #11863

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12162)

show more ...


# d4bf0d57 16-Jun-2020 Nicola Tuveri

Flag RSA secret BNs as consttime on keygen and checks

<https://github.com/openssl/openssl/pull/11765> switched the default
code path for keygen.

External testing through Trigger

Flag RSA secret BNs as consttime on keygen and checks

<https://github.com/openssl/openssl/pull/11765> switched the default
code path for keygen.

External testing through TriggerFlow highlighted that in several places
we failed (once more!) to set the `BN_FLG_CONSTTIME` flag on critical
secret values (either long term or temporary values).

This commit tries to make sure that the secret BN values inside the
`rsa struct` are always flagged on creation, and that temporary values
derived from these secrets are flagged when allocated from a BN_CTX.

Acknowledgments
---------------

Thanks to @Voker57, @bbbrumley, @sohhas, @cpereida for the
[OpenSSL Triggerflow CI] ([paper]) through which this defect was detected and
tested, and for providing early feedback to fix the issue!

[OpenSSL Triggerflow CI]: https://gitlab.com/nisec/openssl-triggerflow-ci
[paper]: https://eprint.iacr.org/2019/366

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12167)

show more ...


Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2
# 454afd98 15-May-2020 Matt Caswell

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)


# a6ed19dc 27-Apr-2020 Shourya Shukla

Amend references to "OpenSSL license"

A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend th

Amend references to "OpenSSL license"

A small number of files contain references to the "OpenSSL license"
which has been deprecated and replaced by the "Apache License 2.0".
Amend the occurences.

Fixes #11649

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11663)

show more ...


Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u
# fd4a6e7d 23-Oct-2019 Kurt Roeckx

RSA generation: Use more bits of 1/sqrt(2)

The old version always sets the top 2 bits, so the most significate byte
of the primes was always >= 0xC0. We now use 256 bits to represent

RSA generation: Use more bits of 1/sqrt(2)

The old version always sets the top 2 bits, so the most significate byte
of the primes was always >= 0xC0. We now use 256 bits to represent
1/sqrt(2) = 0x0.B504F333F9DE64845...

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #10246

show more ...


# 42619397 06-Oct-2019 Kurt Roeckx

Add BN_check_prime()

Add a new API to test for primes that can't be misused, deprecated the
old APIs.

Suggested by Jake Massimo and Kenneth Paterson

Reviewed-by: Paul D

Add BN_check_prime()

Add a new API to test for primes that can't be misused, deprecated the
old APIs.

Suggested by Jake Massimo and Kenneth Paterson

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272

show more ...


# 706457b7 27-Sep-2019 Dr. Matthias St. Pierre

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

'*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...


# 25f2138b 27-Sep-2019 Dr. Matthias St. Pierre

Reorganize private crypto header files

Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:

W

Reorganize private crypto header files

Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:

While header files in 'include/internal' are intended to be shared
between libcrypto and libssl, the files in 'crypto/include/internal'
are intended to be shared inside libcrypto only.

To make things complicated, the include search path is set up in such
a way that the directive #include "internal/file.h" could refer to
a file in either of these two directoroes. This makes it necessary
in some cases to add a '_int.h' suffix to some files to resolve this
ambiguity:

#include "internal/file.h" # located in 'include/internal'
#include "internal/file_int.h" # located in 'crypto/include/internal'

This commit moves the private crypto headers from

'crypto/include/internal' to 'include/crypto'

As a result, the include directives become unambiguous

#include "internal/file.h" # located in 'include/internal'
#include "crypto/file.h" # located in 'include/crypto'

hence the superfluous '_int.h' suffixes can be stripped.

The files 'store_int.h' and 'store.h' need to be treated specially;
they are joined into a single file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...


Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d
# 2934be91 04-Jul-2019 Matt Caswell

Make sure all BIGNUM operations work within the FIPS provider

The FIPS provider does not have a default OPENSSL_CTX so, where
necessary, we need to ensure we can always access an explici

Make sure all BIGNUM operations work within the FIPS provider

The FIPS provider does not have a default OPENSSL_CTX so, where
necessary, we need to ensure we can always access an explicit
OPENSSL_CTX. We remove functions from the FIPS provider that use
the default OPENSSL_CTX, and fixup some places which were using
those removed functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9310)

show more ...


Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i
# 8240d5fa 04-Jul-2018 Shane Lontis

FIPS 186-4 RSA Generation & Validation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

FIPS 186-4 RSA Generation & Validation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6652)

show more ...