#
af0025fc |
| 18-Oct-2023 |
Tomas Mraz |
bn: Properly error out if aliasing return value with modulus Test case amended from code initially written by Bernd Edlinger. Fixes #21110 Reviewed-by: Dmitry Belyavskiy <b
bn: Properly error out if aliasing return value with modulus Test case amended from code initially written by Bernd Edlinger. Fixes #21110 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22421)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
ade969e2 |
| 07-Jun-2023 |
Tomas Mraz |
Coverity 1528485: Remove unused assignment of wvalue wvalue is always initialized at the beginning of each cycle and used only within the cycle Reviewed-by: Matt Caswell <matt@o
Coverity 1528485: Remove unused assignment of wvalue wvalue is always initialized at the beginning of each cycle and used only within the cycle Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21145)
show more ...
|
#
f9a4e2b6 |
| 07-Jun-2023 |
Tomas Mraz |
Coverity 1528494 and 1528493: Remove unused assignment of wvalue wvalue is always initialized at the beginning of each cycle and used only within the cycle
|
#
30667f5c |
| 08-Nov-2022 |
Bernd Edlinger |
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz <tomas
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20005)
show more ...
|
#
92d306b3 |
| 07-Jan-2023 |
Bernd Edlinger |
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()" This reverts commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()" This reverts commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20005)
show more ...
|
#
4378e3cd |
| 08-Nov-2022 |
Tomas Mraz |
Limit size of modulus for BN_mod_exp_mont_consttime() Otherwise the powerbufLen can overflow. Issue reported by Jiayi Lin. Reviewed-by: Matt Caswell <matt@openssl.org>
Limit size of modulus for BN_mod_exp_mont_consttime() Otherwise the powerbufLen can overflow. Issue reported by Jiayi Lin. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19632)
show more ...
|
#
0ae365e1 |
| 09-Jun-2022 |
Tomas Mraz |
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction. This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime would sometimes return m, the modulus, when
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction. This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime would sometimes return m, the modulus, when it should have returned zero. Thanks to Guido Vranken for reporting it. It is only a partial fix because the same bug also exists in the "rsaz" codepath. The bug only affects zero outputs (with non-zero inputs), so we believe it has no security impact on our cryptographic functions. The fx is to delete lowercase bn_from_montgomery altogether, and have the mont5 path use the same BN_from_montgomery ending as the non-mont5 path. This only impacts the final step of the whole exponentiation and has no measurable perf impact. See the original BoringSSL commit https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315 for further analysis. Original-author: David Benjamin <davidben@google.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18510)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
a0238b7e |
| 16-Mar-2022 |
Pauli |
Fix Coverity 1201763 uninitialised pointer read Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openss
Fix Coverity 1201763 uninitialised pointer read Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17890)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
f87b4c4e |
| 08-Dec-2020 |
Andrey Matyukov |
Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU It uses AVX512_IFMA + AVX512_VL (with 256-bit wide registers) ISA to keep lower power license. Reviewed-by:
Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU It uses AVX512_IFMA + AVX512_VL (with 256-bit wide registers) ISA to keep lower power license. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14908)
show more ...
|
#
52f7e44e |
| 07-Jul-2021 |
Tomas Mraz |
Split bignum code out of the sparcv9cap.c Fixes #15978 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16019)
|
#
a935791d |
| 19-May-2021 |
Rich Salz |
Rework and make DEBUG macros consistent. Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG. Rename REF_PRINT to REF_DEBUG for consistency, and add a new tracing category and use it
Rework and make DEBUG macros consistent. Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG. Rename REF_PRINT to REF_DEBUG for consistency, and add a new tracing category and use it for printing reference counts. Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to be set also. Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency. Fixes #15357 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15353)
show more ...
|
#
e475d9a4 |
| 25-May-2021 |
Pauli |
rsa: rename global rsaz_ sumbols so they are in namespace The symbols renamed are: RSAZ_amm52x20_x1_256 RSAZ_amm52x20_x2_256 rsaz_avx512ifma_eligible RSAZ_mod_exp_avx512
rsa: rename global rsaz_ sumbols so they are in namespace The symbols renamed are: RSAZ_amm52x20_x1_256 RSAZ_amm52x20_x2_256 rsaz_avx512ifma_eligible RSAZ_mod_exp_avx512_x2 Additionally, RSAZ_exp52x20_x2_256 was made static Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15445)
show more ...
|
#
3c2bdd7d |
| 08-Apr-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801)
|
#
c781eb1c |
| 08-Dec-2020 |
Andrey Matyukov |
Dual 1024-bit exponentiation optimization for Intel IceLake CPU with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU
Dual 1024-bit exponentiation optimization for Intel IceLake CPU with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU frequency scaling issues. The performance speedup for RSA2k signature on ICL is ~2x. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13750)
show more ...
|
Revision tags: OpenSSL_1_1_1i |
|
#
7b424087 |
| 01-Dec-2020 |
Pauli |
remove unused assignments Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13577)
|
Revision tags: openssl-3.0.0-alpha9 |
|
#
605856d7 |
| 26-Nov-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13533)
|
Revision tags: openssl-3.0.0-alpha8 |
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
#
3afd537a |
| 11-Sep-2018 |
David Benjamin |
Reduce inputs before the RSAZ code. The RSAZ code requires the input be fully-reduced. To be consistent with the other codepaths, move the BN_nnmod logic before the RSAZ check.
Reduce inputs before the RSAZ code. The RSAZ code requires the input be fully-reduced. To be consistent with the other codepaths, move the BN_nnmod logic before the RSAZ check. This fixes an oft-reported fuzzer bug. https://github.com/google/oss-fuzz/issues/1761 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7187)
show more ...
|
#
367ace68 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in crypto/bn/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7
Following the license change, modify the boilerplates in crypto/bn/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7777)
show more ...
|
#
cf4eea12 |
| 19-Oct-2018 |
Chocobo1 |
Fix MSVC warning C4819 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/open
Fix MSVC warning C4819 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7444)
show more ...
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
61ac9fc5 |
| 17-Jul-2018 |
David Benjamin |
Remove zero special-case in BN_mod_exp_mont. A number intended to treat the base as secret should not be branching on whether it is zero. Test-wise, this is covered by existing tests in
Remove zero special-case in BN_mod_exp_mont. A number intended to treat the base as secret should not be branching on whether it is zero. Test-wise, this is covered by existing tests in bnmod.txt. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6733)
show more ...
|
#
71883868 |
| 06-Jul-2018 |
Andy Polyakov |
bn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors. Note that exported functions maintain original behaviour, so that external callers won't observe difference. While interna
bn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors. Note that exported functions maintain original behaviour, so that external callers won't observe difference. While internally we can now perform Montogomery multiplication on fixed-length vectors, fixed at modulus size. The new functions, bn_to_mont_fixed_top and bn_mul_mont_fixed_top, are declared in bn_int.h, because one can use them even outside bn, e.g. in RSA, DSA, ECDSA... Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: David Benjamin <davidben@google.com> (Merged from https://github.com/openssl/openssl/pull/6662)
show more ...
|