kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
86080c336f
boringssl/include/openssl
History
Brian Smith 86080c336f Verify RSA private key operation regardless of whether CRT is used. 
Previously, the verification was only done when using the CRT method,
as the CRT method has been shown to be extremely sensitive to fault
attacks. However, there's no reason to avoid doing the verification
when the non-CRT method is used (performance-sensitive applications
should always be using the CRT-capable keys).

Previously, when we detected a fault (attack) through this verification,
libcrypto would fall back to the non-CRT method and assume that the
non-CRT method would give a correct result, despite having just
detecting corruption that is likely from an attack. Instead, just give
up, like NSS does.

Previously, the code tried to handle the case where the input was not
reduced mod rsa->n. This is (was) not possible, so avoid trying to
handle that. This simplifies the equality check and lets us use
|CRYPTO_memcmp|.

Change-Id: I78d1e55520a1c8c280cae2b7256e12ff6290507d
Reviewed-on: https://boringssl-review.googlesource.com/7582
Reviewed-by: David Benjamin <davidben@google.com>
2016-05-04 22:58:17 +00:00
..
aead.h Move TLS-specific "AEAD" functions to the bottom of aead.h. 2016-04-21 20:34:41 +00:00
aes.h
arm_arch.h Remove CRYPTO_set_NEON_functional. 2016-02-23 23:19:46 +00:00
asn1_mac.h Ditch remaining filename comments from public headers and ssl/ 2015-10-20 18:40:05 +00:00
asn1.h Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
asn1t.h Ditch remaining filename comments from public headers and ssl/ 2015-10-20 18:40:05 +00:00
base64.h
base.h Import `newhope' (post-quantum key exchange). 2016-04-26 22:53:59 +00:00
bio.h Only use recv/send for socket BIOs on Windows. 2016-04-15 20:31:05 +00:00
blowfish.h
bn.h Verify RSA private key operation regardless of whether CRT is used. 2016-05-04 22:58:17 +00:00
buf.h Have doc.go parse struct comments. 2016-01-26 23:23:23 +00:00
buffer.h
bytestring.h Add CBS_ASN1_UTF8STRING define. 2016-03-23 19:29:49 +00:00
cast.h
chacha.h Change |CRYPTO_chacha_20| to use 96-bit nonces, 32-bit counters. 2015-10-26 23:58:46 +00:00
cipher.h Switch all 'num' parameters in crypto/modes to unsigned. 2016-04-19 17:56:25 +00:00
cmac.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
conf.h Fix the shared library build. 2016-03-09 20:13:41 +00:00
cpu.h Make CRYPTO_is_NEON_capable aware of the buggy CPU. 2016-04-28 16:42:21 +00:00
crypto.h Add |CRYPTO_is_confidential_build|. 2016-05-03 16:24:50 +00:00
curve25519.h Tweak X25519 documentation. 2016-04-14 14:20:56 +00:00
des.h Fix shared library build on OS X. 2015-10-26 23:39:47 +00:00
dh.h Add missing prototypes. 2016-03-20 16:43:50 +00:00
digest.h Reimplement PKCS#12 key derivation. 2016-04-19 18:16:38 +00:00
dsa.h Add DSA_generate_parameters to decrepit. 2016-03-08 01:44:27 +00:00
dtls1.h
ec_key.h Drop support for engines-provided signature verification. 2016-04-18 20:40:17 +00:00
ec.h Restore EC_GROUP_new_by_curve_name and EC_GROUP_set_generator. 2016-03-15 18:53:12 +00:00
ecdh.h Clean up |ECDH_compute_key|. 2015-10-27 17:00:25 +00:00
ecdsa.h Update comments to better document in-place semantics. 2016-01-19 17:01:37 +00:00
engine.h Unwind DH_METHOD and DSA_METHOD. 2015-11-03 22:54:36 +00:00
err.h Have doc.go parse struct comments. 2016-01-26 23:23:23 +00:00
evp.h Remove some easy obj.h dependencies. 2016-03-31 20:50:33 +00:00
ex_data.h Skip free callbacks on empty CRYPTO_EX_DATAs. 2015-12-15 21:32:14 +00:00
hkdf.h Add hkdf.h to doc.config. 2016-04-21 20:25:15 +00:00
hmac.h Reimplement PKCS#12 key derivation. 2016-04-19 18:16:38 +00:00
lhash_macros.h
lhash.h Style: fix some header guards 2015-10-26 18:47:51 +00:00
md4.h Add one-shot |MD4| function. 2016-03-09 01:13:55 +00:00
md5.h Store the partial block as uint8_t, not uint32_t. 2015-12-16 19:59:29 +00:00
mem.h Add CRYPTO_[malloc|free|realloc] as aliases for the OPENSSL_𝑥 names. 2016-03-10 17:44:23 +00:00
newhope.h Import `newhope' (post-quantum key exchange). 2016-04-26 22:53:59 +00:00
nid.h Rename obj_mac.h to nid.h and make it a multiply-includable header. 2016-03-31 20:45:35 +00:00
obj_mac.h Rename obj_mac.h to nid.h and make it a multiply-includable header. 2016-03-31 20:45:35 +00:00
obj.h Rename obj_mac.h to nid.h and make it a multiply-includable header. 2016-03-31 20:45:35 +00:00
objects.h
opensslconf.h Rename opensslfeatures.h to opensslconf.h. 2016-02-26 01:32:50 +00:00
opensslv.h
ossl_typ.h
pem.h Decouple the EVP and PEM code. 2016-02-26 22:50:21 +00:00
pkcs7.h
pkcs8.h Changes to support node.js's use of PKCS#12. 2016-02-02 19:21:59 +00:00
pkcs12.h
poly1305.h Revert "Enable upstream's Poly1305 code." 2016-03-29 22:47:11 +00:00
pqueue.h
rand.h Add a deterministic PRNG for fuzzing. 2016-03-03 01:36:19 +00:00
rc4.h Add |RC4_options| to decrepit. 2016-03-09 01:14:30 +00:00
ripemd.h Add RIPEMD160 support in decrepit. 2016-03-09 19:37:14 +00:00
rsa.h Require the public exponent to be available in RSA blinding. 2016-04-18 23:34:46 +00:00
safestack.h
sha.h Revert md_len removal from SHA256_CTX and SHA512_CTX. 2016-04-27 19:01:23 +00:00
srtp.h
ssl3.h Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER. 2015-12-15 19:14:00 +00:00
ssl.h Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. 2016-04-27 18:40:25 +00:00
stack_macros.h Remove stack macros for nonexistent types. 2015-12-22 00:12:38 +00:00
stack.h Remove stack macros for nonexistent types. 2015-12-22 00:12:38 +00:00
thread.h Resolve -Wextern-c-compat warnings with OPENSSL_NO_THREADS. 2016-04-26 22:19:51 +00:00
time_support.h Include time.h in time_support.h. 2016-03-17 17:27:27 +00:00
tls1.h Update references to the extended master secret draft. 2016-02-02 16:37:55 +00:00
type_check.h
x509_vfy.h Bring back |verify_store|. 2016-03-02 15:57:27 +00:00
x509.h Add checks to X509_NAME_oneline() 2016-05-03 16:34:59 +00:00
x509v3.h Add missing prototypes. 2016-03-20 16:43:50 +00:00