kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
778e5cedf0
boringssl/crypto/bn
History
Adam Langley 696b6b50b0 Fix several issues with prime numbers. 
Firstly, FIPS 186-4 C.3.2 is broken for w=3. In step 4.1 it generates a
random, 2-bit number but in step 4.2 it rejects all four possible values
and loops forever.

Secondly, BN_is_prime_fasttext_ex is broken when trial division is
requested and the prime is small. It finds that the prime is a multiple
of a known prime and rejects it. We inherited this from OpenSSL.

Thirdly, we were missing a BN_CTX_start/end in
BN_enhanced_miller_rabin_primality_test, which didn't matter but could
have mattered in the future.

Change-Id: Ie988e37b14bb22acb005fc0652860be6bbd2a55f
Reviewed-on: https://boringssl-review.googlesource.com/15264
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-20 15:40:53 +00:00
..
asm Enable RSA AVX2 code. 2017-03-08 17:28:12 +00:00
add.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
bn_asn1.c Rename the BIGNUM ASN.1 functions. 2016-01-27 22:37:44 +00:00
bn_test.cc Fix several issues with prime numbers. 2017-04-20 15:40:53 +00:00
bn_tests.txt bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal. 2017-01-26 18:29:44 +00:00
bn.c Remove BN_FLG_CONSTTIME. 2017-01-12 02:00:44 +00:00
check_bn_tests.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
CMakeLists.txt Remove rsaz-x86_64.pl from CMake inputs. 2016-12-19 08:39:37 -08:00
cmp.c Add BN_is_pow2, BN_mod_pow2, and BN_nnmod_pow2. 2017-02-09 22:40:12 +00:00
convert.c Add Little-endian BIGNUM conversions 2017-01-06 18:20:09 +00:00
ctx.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
div.c Add BN_is_pow2, BN_mod_pow2, and BN_nnmod_pow2. 2017-02-09 22:40:12 +00:00
exponentiation.c Remove BN_FLG_CONSTTIME. 2017-01-12 02:00:44 +00:00
gcd.c Remove BN_FLG_CONSTTIME. 2017-01-12 02:00:44 +00:00
generic.c Fix up macros. 2016-10-18 18:28:23 +00:00
internal.h Don't use BN_mod_inverse for inverses mod p in RSA keygen. 2017-01-04 13:56:11 +00:00
kronecker.c Fix BN_kronecker on unreachable BN_rshift error. 2016-12-12 21:40:20 +00:00
montgomery_inv.c Calculate Montgomery RR without division. 2016-12-16 17:41:01 +00:00
montgomery.c Avoid the error case in |bn_mul_mont|. 2017-03-07 23:30:13 +00:00
mul.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
prime.c Fix several issues with prime numbers. 2017-04-20 15:40:53 +00:00
random.c Recast ECDSA nonce hardening as DRBG additional data. 2017-04-14 20:44:37 +00:00
rsaz_exp.c Remove RSAZ-512. 2016-12-14 22:12:50 +00:00
rsaz_exp.h Remove RSAZ-512. 2016-12-14 22:12:50 +00:00
shift.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
sqrt.c Remove direct calls to BN_mod_exp. 2017-02-28 18:00:02 +00:00