kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0758b6837e
boringssl/crypto/fipsmodule
History
David Benjamin 0758b6837e Reject negative numbers in BN_{mod_mul,to,from}_montgomery. 
These functions already require their inputs to be reduced mod N (or, in
some cases, bounded by R or N*R), so negative numbers are nonsense.  The
code still attempted to account for them by working on the absolute
value and fiddling with the sign bit. (The output would be in range (-N,
N) instead of [0, N).)

This complicates relaxing bn_correct_top because bn_correct_top is also
used to prevent storing a negative zero. Instead, just reject negative
inputs.

Upgrade-Note: These functions are public API, so some callers may
    notice. Code search suggests there is only one caller outside
    BoringSSL, and it looks fine.

Bug: 232
Change-Id: Ieba3acbb36b0ff6b72b8ed2b14882ec9b88e4665
Reviewed-on: https://boringssl-review.googlesource.com/25249
Reviewed-by: Adam Langley <agl@google.com>
2018-02-02 18:44:54 +00:00
..
aes Silence ARMv8 deprecated IT instruction warnings. 2017-12-14 01:56:22 +00:00
bn Reject negative numbers in BN_{mod_mul,to,from}_montgomery. 2018-02-02 18:44:54 +00:00
cipher Require only that the nonce be strictly monotonic in TLS's AES-GCM 2018-01-26 20:09:44 +00:00
des Move OPENSSL_FALLTHROUGH to internal headers. 2018-01-29 18:17:57 +00:00
digest Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
ec Add bn_copy_words. 2018-02-02 18:24:39 +00:00
ecdsa ec/p256.c: fiat-crypto field arithmetic (64, 32) 2017-12-11 17:55:46 +00:00
hmac Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
md4 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
md5 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
modes Add ASN1_INTEGET_set_uint64. 2018-01-02 16:01:31 +00:00
policydocs Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
rand Fix up CTR_DRBG_update comment. 2018-01-23 22:19:03 +00:00
rsa Do RSA sqrt(2) business in BIGNUM. 2018-02-02 18:32:32 +00:00
self_check Split BORINGSSL_self_test into its own file. 2018-01-22 23:06:41 +00:00
sha Silence ARMv8 deprecated IT instruction warnings. 2017-12-14 01:56:22 +00:00
tls add missing #includes 2018-01-22 21:54:08 +00:00
bcm.c Split BORINGSSL_self_test into its own file. 2018-01-22 23:06:41 +00:00
CMakeLists.txt Convert example_mul to GTest. 2017-07-10 19:28:29 +00:00
delocate.h Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
FIPS.md Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
intcheck1.png
intcheck2.png Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck3.png
is_fips.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00