summaryrefslogtreecommitdiff
path: root/crypto/rsa/rsa_sp800_56b_check.c
Commit message (Collapse)AuthorAgeFilesLines
* Allow small RSA exponents in the default providerShane Lontis2021-08-131-18/+9
| | | | | | | | Fixes #16255 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16285)
* Update copyright yearMatt Caswell2021-03-111-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
* ossl_rsa_sp800_56b_check_public: Be more lenient with small keysTomas Mraz2021-03-031-3/+7
| | | | | | | | | | | Fixes #13995 For small keys the MR test on the modulus can return BN_PRIMETEST_COMPOSITE_WITH_FACTOR status although the modulus is correct. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14389)
* Fix external symbols for bnShane Lontis2021-02-261-5/+6
| | | | | | | | | Partial fix for #12964 This adds ossl_ names for symbols related to bn_* Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14296)
* Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() callRichard Levitte2020-11-131-11/+11
| | | | | | | | | | This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
* rsa: add ossl_ prefix to internal rsa_ calls.Pauli2020-10-071-37/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The functions being: rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff, rsa_check_prime_factor, rsa_check_prime_factor_range, rsa_check_private_exponent, rsa_check_public_exponent, rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata, rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30, rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names, rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid, rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx, rsa_padding_add_PKCS1_type_2_with_libctx, rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS, rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata, rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted, rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg, rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults, rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg, rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen, rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata, rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params, rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private, rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq, rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test, rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise, rsa_validate_private and rsa_validate_public. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13040)
* Flag RSA secret BNs as consttime on keygen and checksNicola Tuveri2020-06-211-4/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | <https://github.com/openssl/openssl/pull/11765> switched the default code path for keygen. External testing through TriggerFlow highlighted that in several places we failed (once more!) to set the `BN_FLG_CONSTTIME` flag on critical secret values (either long term or temporary values). This commit tries to make sure that the secret BN values inside the `rsa struct` are always flagged on creation, and that temporary values derived from these secrets are flagged when allocated from a BN_CTX. Acknowledgments --------------- Thanks to @Voker57, @bbbrumley, @sohhas, @cpereida for the [OpenSSL Triggerflow CI] ([paper]) through which this defect was detected and tested, and for providing early feedback to fix the issue! [OpenSSL Triggerflow CI]: https://gitlab.com/nisec/openssl-triggerflow-ci [paper]: https://eprint.iacr.org/2019/366 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12167)
* Update RSA keygen to use sp800-56b by defaultShane Lontis2020-06-101-2/+20
| | | | | | | | | | | | | Fixes #11742 Fixes #11764 The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048. Insecure key lengths and mutltiprime RSA will use the old method. Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11765)
* Amend references to "OpenSSL license"Shourya Shukla2020-04-291-1/+1
| | | | | | | | | | | | A small number of files contain references to the "OpenSSL license" which has been deprecated and replaced by the "Apache License 2.0". Amend the occurences. Fixes #11649 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11663)
* Rename FIPS_MODE to FIPS_MODULERichard Levitte2020-04-281-2/+2
| | | | | | | | | | This macro is used to determine if certain pieces of code should become part of the FIPS module or not. The old name was confusing. Fixes #11538 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11539)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Make the RSA ASYM_CIPHER implementation available inside the FIPS moduleMatt Caswell2020-02-131-2/+2
| | | | | | | | | RSA ASYM_CIPHER was already available within the default provider. We now make it also available from inside the FIPS module. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10881)
* Add RSA key validation to default providerShane Lontis2020-01-291-2/+6
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10780)
* Fix some typosVeres Lajos2019-12-111-1/+1
| | | | | | | | | | Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer> CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10544)
* RSA generation: Use more bits of 1/sqrt(2)Kurt Roeckx2019-11-091-12/+15
| | | | | | | | | | The old version always sets the top 2 bits, so the most significate byte of the primes was always >= 0xC0. We now use 256 bits to represent 1/sqrt(2) = 0x0.B504F333F9DE64845... Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #10246
* Add BN_check_prime()Kurt Roeckx2019-10-141-6/+4
| | | | | | | | | | Add a new API to test for primes that can't be misused, deprecated the old APIs. Suggested by Jake Massimo and Kenneth Paterson Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #9272
* Reorganize local header filesDr. Matthias St. Pierre2019-09-281-1/+1
| | | | | | | | | | | | | Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
* Reorganize private crypto header filesDr. Matthias St. Pierre2019-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
* FIPS 186-4 RSA Generation & ValidationShane Lontis2019-03-121-0/+386
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6652)
View Lorry Controller Status