Commit graph

263 commits

Author SHA1 Message Date
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
05794d983f Add RSA update from FIPS branch that got omitted.... 2008-09-17 15:53:59 +00:00
Dr. Stephen Henson
9b809d6278 Add missing files. 2008-09-16 22:54:30 +00:00
Dr. Stephen Henson
d83dde6180 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
e3f2860e73 Merge public key FIPS code, RSA, DSA, DH. 2008-09-16 14:55:26 +00:00
Dr. Stephen Henson
16349eeceb Port X931 key generation routines from FIPS branch. Don't include deprecated
versions as they weren't in 0.9.8 before now anyway.
2008-09-15 21:42:28 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy.
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
669b912dea Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
2008-09-14 13:51:49 +00:00
Bodo Möller
df1f7b4b02 We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695
2008-07-17 22:11:24 +00:00
Dr. Stephen Henson
e0f6c15418 Make WIN32 build work with no-rc4 2008-06-21 23:28:02 +00:00
Dr. Stephen Henson
10d3886c51 Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
19398a175a fix BIGNUM flag handling 2008-02-27 06:02:00 +00:00
Ben Laurie
84dd04e761 Make sure we detect corruption. 2007-04-04 12:50:13 +00:00
Bodo Möller
7cdb81582c Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:14:25 +00:00
Dr. Stephen Henson
4a0d3530e0 Update from HEAD. 2007-01-21 13:16:49 +00:00
Dr. Stephen Henson
115fc340cb Rebuild error file C source files. 2006-11-21 20:14:46 +00:00
Mark J. Cox
951dfbb13a Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Bodo Möller
40ddcb717a Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
2006-09-06 06:43:26 +00:00
Mark J. Cox
df20b6e79b Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)

Submitted by:  Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:25:42 +00:00
Bodo Möller
6d2cd23f40 Thread-safety fixes 2006-06-14 08:51:41 +00:00
Nils Larsch
b7a80146f4 fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() 2006-03-13 23:12:08 +00:00
Nils Larsch
22d1087e16 backport recent changes from the cvs head 2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc Update filenames in makefiles 2006-02-04 01:49:36 +00:00
Richard Levitte
5f4dcaf781 /usr/bin/perl util/mkerr.pl -recurse -write -rebuild 2006-01-09 16:05:22 +00:00
Ben Laurie
ec7033745e Fix memory leak. 2005-11-25 14:26:12 +00:00
Nils Larsch
ff86d3d894 protect BN_BLINDING_invert with a write lock and BN_BLINDING_convert
with a read lock

Submitted by: Leandro Santi <lesanti@fiuba7504.com.ar>
2005-09-22 23:32:49 +00:00
Nils Larsch
7f622f6c04 fix warnings when building openssl with (gcc 3.3.1):
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 23:20:52 +00:00
Andy Polyakov
98e986141b Windows CE update from HEAD. 2005-08-07 22:29:58 +00:00
Dr. Stephen Henson
39d29195a7 Update from head. 2005-06-06 22:41:50 +00:00
Andy Polyakov
3d5afc8b83 PSS update [from 0.9.7]. 2005-06-02 18:29:21 +00:00
Nils Larsch
b0fb889c29 check return value 2005-06-01 22:35:07 +00:00
Dr. Stephen Henson
460e80bd1d Update from 0.9.7-stable 2005-06-01 22:14:41 +00:00
Nils Larsch
198bcece58 fix warning 2005-05-31 09:55:13 +00:00
Dr. Stephen Henson
c2d78c9623 Copy ordinals from 0.9.7 and update. 2005-05-30 00:28:38 +00:00
Dr. Stephen Henson
b4d2858f95 Add PSS prototype to rsa.h 2005-05-28 20:50:11 +00:00
Dr. Stephen Henson
dea446d995 Update from 0.9.7-stable branch. 2005-05-28 20:49:09 +00:00
cvs2svn
5cd94f9e9d This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_8-stable'.
2005-05-28 20:44:38 +00:00
Dr. Stephen Henson
429168e7ee Add pss/x931 files. 2005-05-28 20:44:37 +00:00
Dr. Stephen Henson
499fca2db3 Update from 0.9.7-stable. Also repatch and rebuild error codes. 2005-05-28 20:44:02 +00:00
Bodo Möller
cad811fc41 Use BN_with_flags() in a cleaner way. 2005-05-27 15:39:24 +00:00
Bodo Möller
a28a5d9c62 Use BN_with_flags() in a cleaner way. 2005-05-27 15:38:53 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
2005-05-16 16:55:47 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6 Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch.
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Nils Larsch
800e400de5 some updates for the blinding code; summary:
- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Dr. Stephen Henson
667aef4c6a Port from stable branch. 2005-04-26 22:07:17 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00