Bodo Möller
7cdb81582c
Change to mitigate branch prediction attacks
...
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:14:25 +00:00
Dr. Stephen Henson
e31c620686
Update from fips2 branch.
2007-02-03 17:32:14 +00:00
Dr. Stephen Henson
4a0d3530e0
Update from HEAD.
2007-01-21 13:16:49 +00:00
Dr. Stephen Henson
115fc340cb
Rebuild error file C source files.
2006-11-21 20:14:46 +00:00
Bodo Möller
7d5af5e0fa
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
...
[Problem pointed out by Adam Young <adamy (at) acm.org>]
2006-09-18 14:01:39 +00:00
Andy Polyakov
669c5c9380
Engage assembler in solaris64-x86_64-cc [backport from HEAD].
2006-08-01 16:13:47 +00:00
Bodo Möller
4a9cfd763e
Another thread-safety fix
2006-06-16 01:01:14 +00:00
Bodo Möller
6d2cd23f40
Thread-safety fixes
2006-06-14 08:51:41 +00:00
Dr. Stephen Henson
eb2ec6bee9
make update
2006-05-04 12:15:59 +00:00
Nils Larsch
22d1087e16
backport recent changes from the cvs head
2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc
Update filenames in makefiles
2006-02-04 01:49:36 +00:00
Nils Larsch
611ed5f312
fix comment
...
PR: 1270
2006-01-13 23:52:17 +00:00
Nils Larsch
27fbb5dbf4
2 is a prime number ...
...
PR: 1266
2006-01-13 23:29:31 +00:00
Andy Polyakov
98c045cf3a
crypto/bn/asm/sparcv8plus.S update from HEAD.
2005-11-15 08:05:19 +00:00
Dr. Stephen Henson
8860f3a82a
Fix possible race condition.
2005-11-11 12:59:39 +00:00
Dr. Stephen Henson
1bef284ab1
Update from HEAD.
2005-10-05 17:53:40 +00:00
Nils Larsch
7f622f6c04
fix warnings when building openssl with (gcc 3.3.1):
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 23:20:52 +00:00
Bodo Möller
9eaf7e14c7
avoid potential spurious BN_free()
...
Submitted by: David Heine <dlheine@suif.Stanford.EDU>
2005-08-23 04:14:55 +00:00
Ben Laurie
9ddb11f11c
Avoid weak subgroups in Diffie Hellman.
2005-08-20 18:35:53 +00:00
Andy Polyakov
984aefe0e8
3-4 times better RSA/DSA performance on WIN64A target [from HEAD].
2005-08-04 17:42:58 +00:00
Nils Larsch
87b857b6bf
fix BN_mod_word and give a more reasonable return value if an error occurred
2005-07-25 22:55:48 +00:00
Nils Larsch
7dec24688f
set correct bn->top value
2005-07-21 22:38:16 +00:00
Nils Larsch
3c6ab9aad9
bugfix: 0 - w (w != 0) is actually negative
2005-07-17 16:08:21 +00:00
Andy Polyakov
fbfb947b21
Bugfix for bn_div_words PPC assembler implementation [from HEAD].
2005-07-03 09:23:57 +00:00
Ben Laurie
c0e29e5b01
Fix warnings.
2005-06-28 12:32:48 +00:00
Andy Polyakov
2f03129d46
bn.h update from HEAD.
2005-06-28 11:52:52 +00:00
Andy Polyakov
2a5b22d6f9
Missed -c in IRIX rule.
2005-06-23 20:38:19 +00:00
Andy Polyakov
f247dc7522
IRIX upadte from HEAD.
2005-06-23 16:47:21 +00:00
Nils Larsch
431712293d
fix assertion
...
PR: 1072
2005-05-31 20:38:31 +00:00
Andy Polyakov
39663d2c40
Missing sparcv8.o rule.
...
PR: 1082
2005-05-31 12:18:15 +00:00
Richard Levitte
c9028b0ab5
Typo
2005-05-29 11:26:56 +00:00
Bodo Möller
cad811fc41
Use BN_with_flags() in a cleaner way.
2005-05-27 15:39:24 +00:00
Bodo Möller
a506b8c7dd
check BN_copy() return value
2005-05-26 04:30:48 +00:00
Richard Levitte
2f596aeef5
DEC C complains about bad subscript, but we know better, so let's shut it up.
2005-05-24 03:22:56 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Ben Laurie
4b26fe30de
There must be an explicit way to build the .o!
2005-05-11 16:39:05 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Richard Levitte
82e8cb403a
Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS,
...
there's no need to undefine it here. Then, let's get a bit paranoid
and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG
isn't defined.
2005-05-06 13:34:35 +00:00
Nils Larsch
f15c448a72
remove BN_ncopy, it was only used in bn_nist.c and wasn't particular
...
useful anyway
2005-05-03 20:27:00 +00:00
Nils Larsch
fcb41c0ee8
rewrite of bn_nist.c, disable support for some curves on 64 bit platforms
...
for now (it was broken anyway)
2005-05-03 20:23:33 +00:00
Nils Larsch
c1a8a5de13
don't let BN_CTX_free(NULL) segfault
2005-04-29 21:20:31 +00:00
Dr. Stephen Henson
6ec8e63af6
Port BN_MONT_CTX_set_locked() from stable branch.
...
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Dr. Stephen Henson
465b9f6b26
Stop unused variable warning.
2005-04-26 23:45:49 +00:00
Nils Larsch
800e400de5
some updates for the blinding code; summary:
...
- possibility of re-creation of the blinding parameters after a
fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
are present (see bug report #785 )
- improve the performance when if one rsa structure is shared by
more than a thread (see bug report #555 )
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00