kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ac52908e59
boringssl/crypto
History
David Benjamin 61ae41f198 Use a minimal totient when generating RSA keys. 
FIPS 186-4 wants d = e^-1 (mod lcm(p-1, q-1)), not (p-1)*(q-1).

Note this means the size of d might reveal information about p-1 and
q-1. However, we do operations with Chinese Remainder Theorem, so we
only use d (mod p-1) and d (mod q-1) as exponents. Using a minimal
totient does not affect those two values.

This removes RSA_recover_crt_params. Using a minimal d breaks (or rather
reveals an existing bug in) the function.

While I'm here, rename those ridiculous variable names.

Change-Id: Iaf623271d49cd664ba0eca24aa25a393f5666fac
Reviewed-on: https://boringssl-review.googlesource.com/15944
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-04 19:16:48 +00:00
..
asn1 Fix time offset calculation. 2017-05-03 16:23:16 +00:00
base64 Convert base64_test to GTest. 2017-04-17 14:14:17 +00:00
bio Convert bio_test to GTest. 2017-03-21 17:39:57 +00:00
bn_extra Move bn/ into crypto/fipsmodule/ 2017-05-01 22:51:25 +00:00
buf
bytestring Convert bytestring_test to GTest. 2017-04-17 14:19:47 +00:00
chacha x86_64 assembly pack: Win64 SEH face-lift. 2017-02-16 21:55:04 +00:00
cipher Remove test vectors for old ChaCha20-Poly1305 AEAD. 2017-04-24 14:43:18 +00:00
cmac Convert cmac_test to GTest. 2017-04-24 20:25:22 +00:00
conf Fix out-of-memory condition in conf. 2017-03-21 16:19:22 +00:00
curve25519 Convert spake25519_test to GTest. 2017-04-24 20:26:02 +00:00
dh Move bn/ into crypto/fipsmodule/ 2017-05-01 22:51:25 +00:00
digest_extra First part of the FIPS module. 2017-04-07 00:05:34 +00:00
dsa Move bn/ into crypto/fipsmodule/ 2017-05-01 22:51:25 +00:00
ec Fix URL links in comment 2017-05-03 17:17:48 +00:00
ecdh
ecdsa Move bn/ into crypto/fipsmodule/ 2017-05-01 22:51:25 +00:00
engine
err Update BN_enhanced_miller_rabin_primality_test to enforce preconditions and accept BN_prime_checks. 2017-04-21 22:24:01 +00:00
evp Tidy up pkey_rsa_verify_recover. 2017-05-02 20:32:37 +00:00
fipsmodule Undefine some macros in bn/ 2017-05-02 22:11:50 +00:00
hkdf
hmac_extra First part of the FIPS module. 2017-04-07 00:05:34 +00:00
lhash Remove lh_new's default hash and comparator. 2017-01-04 01:44:10 +00:00
obj Teach crypto/x509 how to verify an Ed25519 signature. 2017-04-05 23:35:30 +00:00
pem
perlasm Gate assembly sources on !OPENSSL_NO_ASM. 2017-03-30 19:34:21 +00:00
pkcs7 Add PKCS7_get_raw_certificates. 2017-04-19 17:30:31 +00:00
pkcs8 First part of the FIPS module. 2017-04-07 00:05:34 +00:00
poly1305 Fix Android build. 2017-04-07 17:33:24 +00:00
pool
rand_extra Fix fuzzer build. 2017-04-25 16:42:28 +00:00
rc4
rsa Use a minimal totient when generating RSA keys. 2017-05-04 19:16:48 +00:00
stack
test fipsoracle: Add MCT mode for TDES. 2017-05-02 22:09:32 +00:00
x509 Move PKCS#7 functions into their own directory. 2017-04-19 17:24:51 +00:00
x509v3 Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAME 2017-05-03 17:18:27 +00:00
CMakeLists.txt Move des/ to crypto/fipsmodule/ 2017-05-02 19:21:02 +00:00
compiler_test.cc Fix build on android_aarch64. 2017-04-21 22:52:10 +00:00
constant_time_test.cc Switch constant-time functions to using |crypto_word_t|. 2017-04-21 22:06:05 +00:00
cpu-aarch64-linux.c
cpu-arm-linux.c
cpu-arm.c
cpu-intel.c
cpu-ppc64le.c Make the POWER hardware capability value a global in crypto.c. 2017-04-04 18:19:19 +00:00
crypto.c Revise OPENSSL_ia32cap_P strategy to avoid TEXTRELs. 2017-04-27 21:07:33 +00:00
ex_data.c Fix CRYPTO_dup_ex_data. 2017-04-04 18:21:49 +00:00
internal.h Switch constant-time functions to using |crypto_word_t|. 2017-04-21 22:06:05 +00:00
mem.c
refcount_c11.c
refcount_lock.c
refcount_test.cc
thread_none.c
thread_pthread.c
thread_test.c Move much of rand/ into the FIPS module. 2017-04-21 22:03:18 +00:00
thread_win.c
thread.c