kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7410689a30
boringssl/crypto/bn
History
Adam Langley 7410689a30 Generate (EC)DSA nonces with truncate/test/reject. 
Previously we generated a number that was 8 bytes too large and used a
modular reduction, which has a (tiny, tiny) bias towards zero.

Out of an excess of caution, instead truncate the generated nonce and
try again if it's out of range.

Change-Id: Ia9a7a57dd6d3e5f13d0b881b3e9b2e986d46e4ca
2014-06-23 15:41:44 -07:00
..
asm Add needed volatile qualifications. 2014-06-20 13:17:33 -07:00
add.c Inital import. 2014-06-20 13:17:32 -07:00
bn_error.c Add function to recover RSA CRT params. 2014-06-20 13:17:35 -07:00
bn_test.c Improvements in constant-time OAEP decoding. 2014-06-20 13:17:37 -07:00
bn.c Inital import. 2014-06-20 13:17:32 -07:00
bn.h Improvements in constant-time OAEP decoding. 2014-06-20 13:17:37 -07:00
CMakeLists.txt Inital import. 2014-06-20 13:17:32 -07:00
cmp.c Inital import. 2014-06-20 13:17:32 -07:00
convert.c Improvements in constant-time OAEP decoding. 2014-06-20 13:17:37 -07:00
ctx.c Inital import. 2014-06-20 13:17:32 -07:00
div.c Check for invalid divisors in BN_div. 2014-06-20 13:17:33 -07:00
exponentiation.c bignum: fix boundary condition in montgomery logic 2014-06-20 13:17:40 -07:00
gcd.c Inital import. 2014-06-20 13:17:32 -07:00
generic.c Inital import. 2014-06-20 13:17:32 -07:00
internal.h Inital import. 2014-06-20 13:17:32 -07:00
kronecker.c Inital import. 2014-06-20 13:17:32 -07:00
montgomery.c bignum: allow concurrent BN_MONT_CTX_set_locked() 2014-06-20 13:17:40 -07:00
mul.c Inital import. 2014-06-20 13:17:32 -07:00
prime.c Small prime generation. 2014-06-20 13:17:34 -07:00
random.c Generate (EC)DSA nonces with truncate/test/reject. 2014-06-23 15:41:44 -07:00
rsaz_exp.c Inital import. 2014-06-20 13:17:32 -07:00
rsaz_exp.h Inital import. 2014-06-20 13:17:32 -07:00
shift.c Inital import. 2014-06-20 13:17:32 -07:00
sqrt.c Add function to recover RSA CRT params. 2014-06-20 13:17:35 -07:00