Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl

You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Tag: Branch: Tree: a43c76dbe3

2214

2272

2311

2357

2490

2564

2623

2661

2704

2785

2883

2924

2987

3029

3071

3112

3202

3239

3282

3359

3538

3945

chromium-2214

chromium-2272

chromium-2311

chromium-2357

chromium-2490

chromium-2564

chromium-2623

chromium-2661

chromium-2704

chromium-2883

chromium-2924

chromium-2987

chromium-3029

chromium-3071

chromium-3112

chromium-3202

chromium-3239

chromium-3282

chromium-3359

chromium-3538

chromium-3945

chromium-5359

chromium-5414

chromium-stable

chromium-stable-with-bazel

dependabot/go_modules/golang.org/x/net-0.23.0

esni

fips-20180730

fips-20220613

fips-20230428

fips-20240407

fips-android-20191008

grpc-202302

infra/config

main-with-bazel

master

master-with-bazel

fips-20170615

fips-20180730

fips-20190808

fips-20210429

fips-20220613

fips-android-20191020

version_for_cocoapods_1.0

version_for_cocoapods_10.0

version_for_cocoapods_2.0

version_for_cocoapods_3.0

version_for_cocoapods_4.0

version_for_cocoapods_5.0

version_for_cocoapods_6.0

version_for_cocoapods_7.0

version_for_cocoapods_8.0

version_for_cocoapods_9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'a43c76dbe3'

${ noResults }

boringssl/crypto/rsa_extra

History

David Benjamin 29507b8184 Validate RSA public keys more consistently. ... https://boringssl-review.googlesource.com/c/boringssl/+/42504 aligned RSA private key checks, but I missed the public key ones. We have two different sets of RSA public key checks right now. One in the parser just checks for e = 1 and even e. The other, when using the key, checks for overly large e and n. Align the two. Now parsing RSA public keys calls RSA_check_key and the extra checks on e are added to RSA_check_key. Note RSA private key parsing already called RSA_check_key. The consequences are: First, RSA public keys with large n, large e, or n < e will be rejected at parse time. Previously, they would be parsed but all operations on them would fail. This aligns with our existing behavior for parsing private keys. Second, operations on RSA public keys with even e will fail. They already failed to parse, but it was possible to manually construct such a key. Previously, operations wouldn't explicitly fail, but they wouldn't do anything useful because even exponents are not invertible. (Encrypting would produce something undecryptable and the private key would have a hard time reliably producing signatures we'd accept.) There is no change to RSA private keys with even e. Those would already fail the (e, d) consistency check and the fault check. Third, operations on RSA public keys with e = 1 will fail. They already failed to parse, but it was possible to manually construct such a key and "verify" signatures or "encrypt" messages. However, with e = 1, those operations are no-ops. Finally, RSA private keys with e = d = 1 will be rejected at parse and use. This is the only case that affects private keys because e = d = 1 are inverses, just pointless. Uses paired with RSA public key parsing (e.g. our TLS library checks consistency with a certificate public key) are not affected. Those already rejected such keys because we rejected them in the public key parser. This CL aligns the private half. This doesn't close https://crbug.com/boringssl/316, but we won't be able to resolve that without a consistent story for what keys are valid. Update-Note: See above. Bug: 316 Change-Id: Ic27df18c4f48e5e3e57a17d6fe39399e2f8d5c68 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47524 Reviewed-by: Adam Langley <agl@google.com>		4 years ago
..
rsa_asn1.c	Validate RSA public keys more consistently.	4 years ago
rsa_print.c	acvp: add CMAC-AES support.	4 years ago
rsa_test.cc	Support 4096-bit keys in FIPS mode.	4 years ago