Dr. Stephen Henson
e852835da6
Make update: delete duplicate error code.
2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
05794d983f
Add RSA update from FIPS branch that got omitted....
2008-09-17 15:53:59 +00:00
Dr. Stephen Henson
9b809d6278
Add missing files.
2008-09-16 22:54:30 +00:00
Dr. Stephen Henson
d83dde6180
Merge changes to build system from fips branch.
2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
e3f2860e73
Merge public key FIPS code, RSA, DSA, DH.
2008-09-16 14:55:26 +00:00
Dr. Stephen Henson
16349eeceb
Port X931 key generation routines from FIPS branch. Don't include deprecated
...
versions as they weren't in 0.9.8 before now anyway.
2008-09-15 21:42:28 +00:00
Dr. Stephen Henson
1af12ff1d1
Fix error code discrepancy.
...
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
669b912dea
Really get rid of unsafe double-checked locking.
...
Also, "CHANGES" clean-ups.
2008-09-14 13:51:49 +00:00
Bodo Möller
df1f7b4b02
We should check the eight bytes starting at p[-9] for rollback attack
...
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
2008-07-17 22:11:24 +00:00
Dr. Stephen Henson
e0f6c15418
Make WIN32 build work with no-rc4
2008-06-21 23:28:02 +00:00
Dr. Stephen Henson
10d3886c51
Fix two invalid memory reads in RSA OAEP mode.
...
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
19398a175a
fix BIGNUM flag handling
2008-02-27 06:02:00 +00:00
Ben Laurie
84dd04e761
Make sure we detect corruption.
2007-04-04 12:50:13 +00:00
Bodo Möller
7cdb81582c
Change to mitigate branch prediction attacks
...
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:14:25 +00:00
Dr. Stephen Henson
4a0d3530e0
Update from HEAD.
2007-01-21 13:16:49 +00:00
Dr. Stephen Henson
115fc340cb
Rebuild error file C source files.
2006-11-21 20:14:46 +00:00
Mark J. Cox
951dfbb13a
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Bodo Möller
40ddcb717a
Remove non-functional part of recent patch, after discussion with
...
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
2006-09-06 06:43:26 +00:00
Mark J. Cox
df20b6e79b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:25:42 +00:00
Bodo Möller
6d2cd23f40
Thread-safety fixes
2006-06-14 08:51:41 +00:00
Nils Larsch
b7a80146f4
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
2006-03-13 23:12:08 +00:00
Nils Larsch
22d1087e16
backport recent changes from the cvs head
2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc
Update filenames in makefiles
2006-02-04 01:49:36 +00:00
Richard Levitte
5f4dcaf781
/usr/bin/perl util/mkerr.pl -recurse -write -rebuild
2006-01-09 16:05:22 +00:00
Ben Laurie
ec7033745e
Fix memory leak.
2005-11-25 14:26:12 +00:00
Nils Larsch
ff86d3d894
protect BN_BLINDING_invert with a write lock and BN_BLINDING_convert
...
with a read lock
Submitted by: Leandro Santi <lesanti@fiuba7504.com.ar>
2005-09-22 23:32:49 +00:00
Nils Larsch
7f622f6c04
fix warnings when building openssl with (gcc 3.3.1):
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 23:20:52 +00:00
Andy Polyakov
98e986141b
Windows CE update from HEAD.
2005-08-07 22:29:58 +00:00
Dr. Stephen Henson
39d29195a7
Update from head.
2005-06-06 22:41:50 +00:00
Andy Polyakov
3d5afc8b83
PSS update [from 0.9.7].
2005-06-02 18:29:21 +00:00
Nils Larsch
b0fb889c29
check return value
2005-06-01 22:35:07 +00:00
Dr. Stephen Henson
460e80bd1d
Update from 0.9.7-stable
2005-06-01 22:14:41 +00:00
Nils Larsch
198bcece58
fix warning
2005-05-31 09:55:13 +00:00
Dr. Stephen Henson
c2d78c9623
Copy ordinals from 0.9.7 and update.
2005-05-30 00:28:38 +00:00
Dr. Stephen Henson
b4d2858f95
Add PSS prototype to rsa.h
2005-05-28 20:50:11 +00:00
Dr. Stephen Henson
dea446d995
Update from 0.9.7-stable branch.
2005-05-28 20:49:09 +00:00
cvs2svn
5cd94f9e9d
This commit was manufactured by cvs2svn to create branch
...
'OpenSSL_0_9_8-stable'.
2005-05-28 20:44:38 +00:00
Dr. Stephen Henson
429168e7ee
Add pss/x931 files.
2005-05-28 20:44:37 +00:00
Dr. Stephen Henson
499fca2db3
Update from 0.9.7-stable. Also repatch and rebuild error codes.
2005-05-28 20:44:02 +00:00
Bodo Möller
cad811fc41
Use BN_with_flags() in a cleaner way.
2005-05-27 15:39:24 +00:00
Bodo Möller
a28a5d9c62
Use BN_with_flags() in a cleaner way.
2005-05-27 15:38:53 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
6ec8e63af6
Port BN_MONT_CTX_set_locked() from stable branch.
...
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Nils Larsch
800e400de5
some updates for the blinding code; summary:
...
- possibility of re-creation of the blinding parameters after a
fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
are present (see bug report #785 )
- improve the performance when if one rsa structure is shared by
more than a thread (see bug report #555 )
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Dr. Stephen Henson
667aef4c6a
Port from stable branch.
2005-04-26 22:07:17 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00