Commit graph

573 commits

Author SHA1 Message Date
Andy Polyakov
5a84b7fc2d bn_mul_recursive doesn't handle all cases correctly, which results in
BN_mul failures at certain key-length mixes [from HEAD].
PR: 1427
2007-07-08 18:54:30 +00:00
Dr. Stephen Henson
14346b3456 Fix warnings: C++ comments and computed value not used. 2007-07-04 12:56:33 +00:00
Andy Polyakov
a166e96d16 bn_mont.c fix [from HEAD]. 2007-06-29 13:12:34 +00:00
Andy Polyakov
283aedf498 Privatize BN_*_no_branch [from HEAD]. 2007-06-11 16:33:50 +00:00
Andy Polyakov
1a56614af2 Eliminate conditional final subtraction in Montgomery multiplication
[from HEAD].
2007-06-11 16:15:10 +00:00
Bodo Möller
22892f9803 fix error codes 2007-04-19 15:14:39 +00:00
Bodo Möller
27eb115fb6 don't violate the bn_check_top assertion in BN_mod_inverse_no_branch() 2007-04-19 14:45:27 +00:00
Bodo Möller
2ac061e487 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:44:01 +00:00
Bodo Möller
7cdb81582c Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:14:25 +00:00
Dr. Stephen Henson
e31c620686 Update from fips2 branch. 2007-02-03 17:32:14 +00:00
Dr. Stephen Henson
4a0d3530e0 Update from HEAD. 2007-01-21 13:16:49 +00:00
Dr. Stephen Henson
115fc340cb Rebuild error file C source files. 2006-11-21 20:14:46 +00:00
Bodo Möller
7d5af5e0fa Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
2006-09-18 14:01:39 +00:00
Andy Polyakov
669c5c9380 Engage assembler in solaris64-x86_64-cc [backport from HEAD]. 2006-08-01 16:13:47 +00:00
Bodo Möller
4a9cfd763e Another thread-safety fix 2006-06-16 01:01:14 +00:00
Bodo Möller
6d2cd23f40 Thread-safety fixes 2006-06-14 08:51:41 +00:00
Dr. Stephen Henson
eb2ec6bee9 make update 2006-05-04 12:15:59 +00:00
Nils Larsch
22d1087e16 backport recent changes from the cvs head 2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc Update filenames in makefiles 2006-02-04 01:49:36 +00:00
Nils Larsch
611ed5f312 fix comment
PR: 1270
2006-01-13 23:52:17 +00:00
Nils Larsch
27fbb5dbf4 2 is a prime number ...
PR: 1266
2006-01-13 23:29:31 +00:00
Andy Polyakov
98c045cf3a crypto/bn/asm/sparcv8plus.S update from HEAD. 2005-11-15 08:05:19 +00:00
Dr. Stephen Henson
8860f3a82a Fix possible race condition. 2005-11-11 12:59:39 +00:00
Dr. Stephen Henson
1bef284ab1 Update from HEAD. 2005-10-05 17:53:40 +00:00
Nils Larsch
7f622f6c04 fix warnings when building openssl with (gcc 3.3.1):
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 23:20:52 +00:00
Bodo Möller
9eaf7e14c7 avoid potential spurious BN_free()
Submitted by: David Heine <dlheine@suif.Stanford.EDU>
2005-08-23 04:14:55 +00:00
Ben Laurie
9ddb11f11c Avoid weak subgroups in Diffie Hellman. 2005-08-20 18:35:53 +00:00
Andy Polyakov
984aefe0e8 3-4 times better RSA/DSA performance on WIN64A target [from HEAD]. 2005-08-04 17:42:58 +00:00
Nils Larsch
87b857b6bf fix BN_mod_word and give a more reasonable return value if an error occurred 2005-07-25 22:55:48 +00:00
Nils Larsch
7dec24688f set correct bn->top value 2005-07-21 22:38:16 +00:00
Nils Larsch
3c6ab9aad9 bugfix: 0 - w (w != 0) is actually negative 2005-07-17 16:08:21 +00:00
Andy Polyakov
fbfb947b21 Bugfix for bn_div_words PPC assembler implementation [from HEAD]. 2005-07-03 09:23:57 +00:00
Ben Laurie
c0e29e5b01 Fix warnings. 2005-06-28 12:32:48 +00:00
Andy Polyakov
2f03129d46 bn.h update from HEAD. 2005-06-28 11:52:52 +00:00
Andy Polyakov
2a5b22d6f9 Missed -c in IRIX rule. 2005-06-23 20:38:19 +00:00
Andy Polyakov
f247dc7522 IRIX upadte from HEAD. 2005-06-23 16:47:21 +00:00
Nils Larsch
431712293d fix assertion
PR: 1072
2005-05-31 20:38:31 +00:00
Andy Polyakov
39663d2c40 Missing sparcv8.o rule.
PR: 1082
2005-05-31 12:18:15 +00:00
Richard Levitte
c9028b0ab5 Typo 2005-05-29 11:26:56 +00:00
Bodo Möller
cad811fc41 Use BN_with_flags() in a cleaner way. 2005-05-27 15:39:24 +00:00
Bodo Möller
a506b8c7dd check BN_copy() return value 2005-05-26 04:30:48 +00:00
Richard Levitte
2f596aeef5 DEC C complains about bad subscript, but we know better, so let's shut it up. 2005-05-24 03:22:56 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Ben Laurie
4b26fe30de There must be an explicit way to build the .o! 2005-05-11 16:39:05 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Richard Levitte
82e8cb403a Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS,
there's no need to undefine it here.  Then, let's get a bit paranoid
and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG
isn't defined.
2005-05-06 13:34:35 +00:00
Nils Larsch
f15c448a72 remove BN_ncopy, it was only used in bn_nist.c and wasn't particular
useful anyway
2005-05-03 20:27:00 +00:00
Nils Larsch
fcb41c0ee8 rewrite of bn_nist.c, disable support for some curves on 64 bit platforms
for now (it was broken anyway)
2005-05-03 20:23:33 +00:00