- 04 Dec, 2018 1 commit
-
-
Niels Möller authored
-
- 28 Nov, 2018 5 commits
-
-
Niels Möller authored
Mention dependency on GMP-6, and RSA performance regression.
-
Niels Möller authored
-
Niels Möller authored
* testsuite/rsa-encrypt-test.c (test_main): Fix allocation of decrypted storage. Update test of rsa_decrypt, to allow clobbering of all of the passed in message area.
-
Niels Möller authored
Patch from Simo Sorce.
-
Niels Möller authored
-
- 27 Nov, 2018 2 commits
-
-
Niels Möller authored
-
Niels Möller authored
Use new local helper functions, with their own itch functions.
-
- 26 Nov, 2018 1 commit
-
-
Niels Möller authored
-
- 25 Nov, 2018 27 commits
-
-
Niels Möller authored
-
Niels Möller authored
-
Niels Möller authored
-
Niels Möller authored
Also renamed with leading underscore, and updated all callers.
-
Simo Sorce authored
-
Niels Möller authored
-
Simo Sorce authored
Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
-
Niels Möller authored
-
Simo Sorce authored
-
Niels Möller authored
-
Niels Möller authored
-
Simo Sorce authored
Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
-
Simo Sorce authored
add a side-channel silent pkcs1 decoding function for use in older APIs. Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
* testsuite/rsa-sec-decrypt-test.c (rsa_decrypt_for_test): Tweak valgrind marking, and document potential leakage of lowest and highest bits of p and q.
-
Niels Möller authored
* rsa-sec-compute-root.c (_rsa_sec_compute_root): Avoid calls to mpz_sizeinbase, since that potentially leaks most significant bits of private key parameters a and b.
-
Niels Möller authored
-
Simo Sorce authored
Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
-
Simo Sorce authored
Use side-channel silent RSA root function as well as PKCS1 padding functions. This variant accepts only a fixed length message, and returns error if the pkcs1 padding returns a different length message. The buffer is always left unchanged on error so that a TLS implementation can pre-initialize it with a random key to use on decoding error. Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
-
Niels Möller authored
-
Simo Sorce authored
Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
-
Simo Sorce authored
Converts limbs to uint8_t buffer without conditional jumps. Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
-
- 24 Nov, 2018 4 commits
-
-
Simo Sorce authored
Signed-off-by:
Simo Sorce <simo@redhat.com>
-
Niels Möller authored
-
Simo Sorce authored
Originally from Niels, with minor changes to avoid compiler warnings.
-
Niels Möller authored
-