kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
08805fe279
boringssl/crypto
History
David Benjamin 08805fe279 Normalize RSA private component widths. 
d, dmp1, dmq1, and iqmp have private magnitudes. This is awkward because
the RSAPrivateKey serialization leaks the magnitudes. Do the best we can
and fix them up before any RSA operations.

This moves the piecemeal BN_MONT_CTX_set_locked into a common function
where we can do more complex canonicalization on the keys.  Ideally this
would be done on key import, but the exposed struct (and OpenSSL 1.1.0's
bad API design) mean there is no single point in time when key import is
finished.

Also document the constraints on RSA_set0_* functions. (These
constraints aren't new. They just were never documented before.)

Update-Note: If someone tried to use an invalid RSA key where d >= n,
   dmp1 >= p, dmq1 >= q, or iqmp >= p, this may break. Such keys would not
   have passed RSA_check_key, but it's possible to manually assemble
   keys that bypass it.
Bug: 232
Change-Id: I421f883128952f892ac0cde0d224873a625f37c5
Reviewed-on: https://boringssl-review.googlesource.com/25259
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2018-02-05 23:58:53 +00:00
..
asn1 Fix |ASN1_INTEGER_set| when setting zero. 2018-01-02 16:11:31 +00:00
base64 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
bio Move OPENSSL_FALLTHROUGH to internal headers. 2018-01-29 18:17:57 +00:00
bn_extra Rename bn->top to bn->width. 2018-02-05 23:44:24 +00:00
buf Always process handshake records in full. 2017-10-17 14:53:11 +00:00
bytestring Add some more utility functions to bytestring. 2018-01-25 23:51:36 +00:00
chacha Silence ARMv8 deprecated IT instruction warnings. 2017-12-14 01:56:22 +00:00
cipher_extra Move OPENSSL_FALLTHROUGH to internal headers. 2018-01-29 18:17:57 +00:00
cmac Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
conf Add more compatibility symbols for Node. 2017-11-03 01:31:50 +00:00
curve25519 Require that Ed25519 |s| values be < order. 2018-02-02 20:45:08 +00:00
dh Fx DH_set0_pqg. 2017-10-05 18:50:48 +00:00
digest_extra Export EVP_parse_digest_algorithm and add EVP_marshal_digest_algorithm. 2017-09-25 20:44:13 +00:00
dsa Add a function which folds BN_MONT_CTX_{new,set} together. 2018-02-02 20:23:25 +00:00
ec_extra Support high tag numbers in CBS/CBB. 2017-11-22 22:34:05 +00:00
ecdh Check EC_POINT/EC_GROUP compatibility more accurately. 2017-10-28 08:02:50 +00:00
ecdsa_extra Remove ECDSA_sign_setup and friends. 2017-11-22 20:23:40 +00:00
engine Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
err Push an error if custom private keys fail. 2018-02-01 21:43:42 +00:00
evp Perform the RSA CRT reductions with Montgomery reduction. 2017-12-18 18:59:18 +00:00
fipsmodule Normalize RSA private component widths. 2018-02-05 23:58:53 +00:00
hkdf Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
hmac_extra Convert a number of tests to GTest. 2017-06-01 17:02:13 +00:00
lhash Unexport more of lhash. 2017-10-25 04:17:18 +00:00
obj Also add a decoupled OBJ_obj2txt. 2017-11-30 18:21:48 +00:00
pem Clear some _CRT_SECURE_NO_WARNINGS warnings. 2017-10-25 04:14:28 +00:00
perlasm Revert assembly changes in "Hide CPU capability symbols in C." 2017-10-30 20:39:57 +00:00
pkcs7 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
pkcs8 Export EVP_parse_digest_algorithm and add EVP_marshal_digest_algorithm. 2017-09-25 20:44:13 +00:00
poly1305 Remove custom memcpy and memset from poly1305_vec. 2017-11-10 20:53:30 +00:00
pool Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
rand_extra Remove CHROMIUM_ROLLING_MAGENTA_TO_ZIRCON scaffolding. 2017-09-18 21:34:32 +00:00
rc4 Simplify RC4 code and remove assembly. 2016-08-30 15:32:31 +00:00
rsa_extra Make BN_generate_dsa_nonce internally constant-time. 2017-11-20 16:18:30 +00:00
stack Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
test Support KAS tests for NIAP. 2018-01-16 22:57:01 +00:00
x509 Support high tag numbers in CBS/CBB. 2018-01-03 22:28:32 +00:00
x509v3 Pretty-print large INTEGERs and ENUMERATEDs in hex. 2017-11-27 18:38:50 +00:00
CMakeLists.txt Extract FIPS KAT tests into a function. 2018-01-22 20:16:38 +00:00
compiler_test.cc Test that nullptr has the obvious memory representation. 2017-07-28 17:39:28 +00:00
constant_time_test.cc Switch constant-time functions to using |crypto_word_t|. 2017-04-21 22:06:05 +00:00
cpu-aarch64-linux.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
cpu-arm-linux.c Add CRYPTO_needs_hwcap2_workaround. 2017-09-18 14:05:46 +00:00
cpu-arm.c
cpu-intel.c Use unsigned integers for masks. 2017-10-30 18:39:58 +00:00
cpu-ppc64le.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
crypto.c Hide CPU capability symbols in C. 2017-10-23 18:36:49 +00:00
ex_data.c Unexport more of lhash. 2017-10-25 04:17:18 +00:00
internal.h Move OPENSSL_FALLTHROUGH to internal headers. 2018-01-29 18:17:57 +00:00
mem.c Remove now unnecessary _POSIX_C_SOURCE bits to work around macOS bug. 2017-10-02 20:02:22 +00:00
refcount_c11.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
refcount_lock.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
refcount_test.cc Convert various tests to GTest. 2017-05-23 22:34:09 +00:00
self_test.cc Extract FIPS KAT tests into a function. 2018-01-22 20:16:38 +00:00
thread_none.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
thread_pthread.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
thread_test.cc Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
thread_win.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
thread.c Remove a bunch of unnecessary includes. 2016-06-28 20:31:14 +00:00