kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
eb7c3008cc
boringssl/crypto/fipsmodule
History
Adam Langley eb7c3008cc Only do 16 iterations to blind the primality test. 
With this, in 0.02% of 1024-bit primes (which is what's used with an RSA
2048 generation), we'll leak that we struggled to generate values less
than the prime. I.e. that there's a greater likelihood of zero bits
after the leading 1 bit in the prime.

But this recovers all the speed loss from making key generation
constant-time, and then some.

Did 273 RSA 2048 key-gen operations in 30023223us (9.1 ops/sec)
  min: 23867us, median: 93688us, max: 421466us
Did 66 RSA 3072 key-gen operations in 30041763us (2.2 ops/sec)
  min: 117044us, median: 402095us, max: 1096538us
Did 31 RSA 4096 key-gen operations in 31673405us (1.0 ops/sec)
  min: 245109us, median: 769480us, max: 2659386us

Change-Id: Id82dedde35f5fbb36b278189c0685a13c7824590
Reviewed-on: https://boringssl-review.googlesource.com/26924
Reviewed-by: Adam Langley <alangley@gmail.com>
2018-03-30 22:31:36 +00:00
..
aes Always use adr with __thumb2__. 2018-02-22 22:28:15 +00:00
bn Only do 16 iterations to blind the primality test. 2018-03-30 22:31:36 +00:00
cipher Require only that the nonce be strictly monotonic in TLS's AES-GCM 2018-01-26 20:09:44 +00:00
des Move OPENSSL_FALLTHROUGH to internal headers. 2018-01-29 18:17:57 +00:00
digest Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
ec Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
ecdsa Store EC_KEY's private key as an EC_SCALAR. 2018-03-07 21:17:31 +00:00
hmac Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
md4 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
md5 Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
modes Actually use the u64 cast. 2018-02-16 20:02:56 +00:00
policydocs Update FIPS documentation with pointer to the cert and security policy. 2017-07-20 03:32:08 +00:00
rand Fix up CTR_DRBG_update comment. 2018-01-23 22:19:03 +00:00
rsa Limit the public exponent in RSA_generate_key_ex. 2018-03-30 19:54:18 +00:00
self_check Split BORINGSSL_self_test into its own file. 2018-01-22 23:06:41 +00:00
sha Sync up some perlasm license headers and easy fixes. 2018-02-11 01:00:35 +00:00
tls add missing #includes 2018-01-22 21:54:08 +00:00
bcm.c Add AES_128_CCM AEAD. 2018-02-16 15:57:27 +00:00
CMakeLists.txt Convert example_mul to GTest. 2017-07-10 19:28:29 +00:00
delocate.h Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
FIPS.md Update link to CMVP certificate. 2018-02-26 22:14:35 +00:00
intcheck1.png
intcheck2.png Inject FIPS hash without running module. 2017-04-12 23:09:38 +00:00
intcheck3.png
is_fips.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00