Bodo Möller
80790d89ec
Use BN_with_flags() in a cleaner way.
...
Complete previous change:
Constant time DSA [sync with mainstream].
2005-05-27 15:39:15 +00:00
Bodo Möller
ecb1445ce2
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:26:08 +00:00
Andy Polyakov
c7e7d382d5
Pointer to BN_MONT_CTX could be used uninitialized.
2005-04-28 08:52:29 +00:00
Dr. Stephen Henson
4ed56cba63
New function BN_MONT_CTX_set_locked, to set montgomery parameters in a
...
threadsafe manner.
Modify or add calls to use it in rsa, dsa and dh algorithms.
2005-04-22 13:17:49 +00:00
Dr. Stephen Henson
342b7e0458
Rebuild error codes.
2005-04-12 13:47:58 +00:00
Richard Levitte
9addd9b6fb
Add emacs cache files to .cvsignore.
2005-04-11 14:18:14 +00:00
Dr. Stephen Henson
ec46cd8bb8
Remaining parts of PR:620
2004-12-05 01:46:03 +00:00
Richard Levitte
a2617f727d
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:53:31 +00:00
Ben Laurie
b5e4469150
The version that was actually submitted for FIPS testing.
2004-06-19 13:15:35 +00:00
Ben Laurie
9ac9a29407
Fix self-tests, ban some things in FIPS mode, fix copyrights.
2004-05-15 17:51:26 +00:00
Ben Laurie
3642f632d3
Pull FIPS back into stable.
2004-05-11 12:46:24 +00:00
Richard Levitte
cc056d6395
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 15:00:24 +00:00
Richard Levitte
f78ae9c0f2
make update.
2003-04-10 20:10:22 +00:00
Richard Levitte
27310553b1
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form
...
of unneeded includes of openssl/engine.h.
2003-04-08 06:00:17 +00:00
Ulf Möller
37d9503a67
mingw related cleanups, as in head
2003-02-22 18:02:46 +00:00
Richard Levitte
bd573ee31a
The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's
...
bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
2003-01-30 18:52:52 +00:00
Richard Levitte
6d85cd36e2
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:37:49 +00:00
Richard Levitte
9fa15b6ff8
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
...
always give the expected result on some platforms.
2002-11-28 18:57:30 +00:00
Richard Levitte
ff90d659e6
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:21:33 +00:00
Richard Levitte
ca55c617e5
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:44:52 +00:00
Bodo Möller
afcf54a5c9
fix DH_generate_parameters for general 'generator'
2002-03-20 16:02:46 +00:00
Dr. Stephen Henson
59a941e4a4
Ensure EVP_CipherInit() uses the correct encode/decode parameter if
...
enc == -1
[Reported by Markus Friedl <markus@openbsd.org>]
Fix typo in dh_lib.c (use of DSAerr instead of DHerr).
2002-03-16 23:19:25 +00:00
Dr. Stephen Henson
1619add90c
Make {RSA,DSA,DH}_new_method obtain and release an ENGINE
...
functional reference.
2002-03-09 18:24:14 +00:00
Dr. Stephen Henson
dd6b494eb3
Make sure the type accessed by the LONG and ZLONG ASN1 type
...
is really a long, to avoid problems on platforms where
sizeof(int) != sizeof(long).
2002-03-05 13:49:27 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1
make update
...
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Richard Levitte
f8000b9345
'make update'
2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3
Because there's chances we clash with the system's types.h, rename our
...
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Geoff Thorpe
50a381b789
indentation.
2001-09-25 21:22:32 +00:00
Geoff Thorpe
534aaf3731
"make update".
2001-09-25 20:39:59 +00:00
Geoff Thorpe
cb78486d97
This commits changes to various parts of libcrypto required by the recent
...
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.
Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
2001-09-25 20:23:40 +00:00
Geoff Thorpe
dc2a33d680
"DH_up" had been changed to "DH_up_ref" in libeay.num but the function
...
declaration and implementation had not. So a recent update recreated the
original definition in libeay.num ... this corrects it and changes the "dh"
code to the "up_ref" variant.
2001-09-05 16:54:32 +00:00
Geoff Thorpe
79aa04ef27
Make the necessary changes to work with the recent "ex_data" overhaul.
...
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
5cbc2e8bc1
Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise,
...
dependant code has to directly increment the "references" value of each
such structure using the corresponding lock. Apart from code duplication,
this provided no "REF_CHECK/REF_PRINT" checking and violated
encapsulation.
2001-08-25 17:24:21 +00:00
Geoff Thorpe
b7727ee616
The indexes returned by ***_get_ex_new_index() functions are used when
...
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Ben Laurie
d66ace9da5
Start to reduce some of the header bloat.
2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639
make update
2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Bodo Möller
de3333bae4
length of secret exponent is needed only when we create one
2001-07-27 22:45:35 +00:00
Bodo Möller
924875e53b
Undo DH_generate_key() change: s3_srvr.c was using it correctly
2001-07-27 22:34:25 +00:00
Lutz Jänicke
3a64458217
Another uninitialized static that may lead to problems on Solaris under some
...
circumstances.
2001-07-27 12:35:27 +00:00
Bodo Möller
e5cb260365
DH key generation should not use a do ... while loop,
...
or bogus DH parameters can be used for launching DOS attacks
2001-07-25 17:48:51 +00:00
Bodo Möller
6aecef815c
Don't preserve existing keys in DH_generate_key.
2001-07-25 17:20:34 +00:00
Dr. Stephen Henson
0c9de428ae
In {RSA,DSA,DH}_new_method(x) need to increase the reference
...
count of the ENGINE is x is not NULL since it will be freed
in {RSA,DSA,DH}_free().
2001-06-23 23:07:34 +00:00
Richard Levitte
55dcfa421c
make update
2001-06-23 16:43:03 +00:00
Richard Levitte
2b49dd1e8f
'make update'
2001-06-05 20:32:36 +00:00
Geoff Thorpe
7ae551fd03
In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the
...
ENGINE code does not return a default, set an error.
2001-04-30 15:24:41 +00:00
Bodo Möller
4e20b1a656
Instead of telling both 'make' and the user that ranlib
...
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Bodo Möller
c62b26fdc6
Hide BN_CTX structure details.
...
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Dr. Stephen Henson
d339187b1a
Get rid of ASN1_ITEM_FUNCTIONS dummy function
...
prototype hack. This unfortunately means that
every ASN1_*_END construct cannot have a
trailing ;
2001-02-23 12:47:06 +00:00