wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8412 commits 20 branches 302 tags 153 MiB
Commit graph

125 commits

Author SHA1 Message Date
Nils Larsch
e0fe7abeec apply fixes from the cvs head 2006-03-14 09:07:06 +00:00
Dr. Stephen Henson
3c1ee6c147 Fix from HEAD. 2006-02-04 01:50:41 +00:00
Bodo Möller
80790d89ec Use BN_with_flags() in a cleaner way. 
Complete previous change:
Constant time DSA [sync with mainstream].
 2005-05-27 15:39:15 +00:00
Bodo Möller
ecb1445ce2 Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:26:08 +00:00
Andy Polyakov
c7e7d382d5 Pointer to BN_MONT_CTX could be used uninitialized. 2005-04-28 08:52:29 +00:00
Dr. Stephen Henson
4ed56cba63 New function BN_MONT_CTX_set_locked, to set montgomery parameters in a 
threadsafe manner.

Modify or add calls to use it in rsa, dsa and dh algorithms.
 2005-04-22 13:17:49 +00:00
Dr. Stephen Henson
342b7e0458 Rebuild error codes. 2005-04-12 13:47:58 +00:00
Richard Levitte
9addd9b6fb Add emacs cache files to .cvsignore. 2005-04-11 14:18:14 +00:00
Dr. Stephen Henson
ec46cd8bb8 Remaining parts of PR:620 2004-12-05 01:46:03 +00:00
Richard Levitte
a2617f727d Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:53:31 +00:00
Ben Laurie
b5e4469150 The version that was actually submitted for FIPS testing. 2004-06-19 13:15:35 +00:00
Ben Laurie
9ac9a29407 Fix self-tests, ban some things in FIPS mode, fix copyrights. 2004-05-15 17:51:26 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Richard Levitte
cc056d6395 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 15:00:24 +00:00
Richard Levitte
f78ae9c0f2 make update. 2003-04-10 20:10:22 +00:00
Richard Levitte
27310553b1 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form 
of unneeded includes of openssl/engine.h.
 2003-04-08 06:00:17 +00:00
Ulf Möller
37d9503a67 mingw related cleanups, as in head 2003-02-22 18:02:46 +00:00
Richard Levitte
bd573ee31a The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's 
bad, so let's not check OPENSSL_NO_ENGINE in those places.  Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
 2003-01-30 18:52:52 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:37:49 +00:00
Richard Levitte
9fa15b6ff8 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't 
always give the expected result on some platforms.
 2002-11-28 18:57:30 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we 
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
 2002-10-09 13:21:33 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:44:52 +00:00
Bodo Möller
afcf54a5c9 fix DH_generate_parameters for general 'generator' 2002-03-20 16:02:46 +00:00
Dr. Stephen Henson
59a941e4a4 Ensure EVP_CipherInit() uses the correct encode/decode parameter if 
enc == -1

[Reported by Markus Friedl <markus@openbsd.org>]

Fix typo in dh_lib.c (use of DSAerr instead of DHerr).
 2002-03-16 23:19:25 +00:00
Dr. Stephen Henson
1619add90c Make {RSA,DSA,DH}_new_method obtain and release an ENGINE 
functional reference.
 2002-03-09 18:24:14 +00:00
Dr. Stephen Henson
dd6b494eb3 Make sure the type accessed by the LONG and ZLONG ASN1 type 
is really a long, to avoid problems on platforms where
sizeof(int) != sizeof(long).
 2002-03-05 13:49:27 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1 make update 
perl util/mkerr.pl -recurse -write -rebuild
 2001-11-15 12:25:14 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our 
types.h to ossl_typ.h.
 2001-10-04 07:32:46 +00:00
Geoff Thorpe
50a381b789 indentation. 2001-09-25 21:22:32 +00:00
Geoff Thorpe
534aaf3731 "make update". 2001-09-25 20:39:59 +00:00
Geoff Thorpe
cb78486d97 This commits changes to various parts of libcrypto required by the recent 
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
 2001-09-25 20:23:40 +00:00
Geoff Thorpe
dc2a33d680 "DH_up" had been changed to "DH_up_ref" in libeay.num but the function 
declaration and implementation had not. So a recent update recreated the
original definition in libeay.num ... this corrects it and changes the "dh"
code to the "up_ref" variant.
 2001-09-05 16:54:32 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul. 
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
 2001-09-01 20:02:13 +00:00
Geoff Thorpe
5cbc2e8bc1 Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise, 
dependant code has to directly increment the "references" value of each
such structure using the corresponding lock. Apart from code duplication,
this provided no "REF_CHECK/REF_PRINT" checking and violated
encapsulation.
 2001-08-25 17:24:21 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when 
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
 2001-08-12 16:52:00 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Bodo Möller
de3333bae4 length of secret exponent is needed only when we create one 2001-07-27 22:45:35 +00:00
Bodo Möller
924875e53b Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:25 +00:00
Lutz Jänicke
3a64458217 Another uninitialized static that may lead to problems on Solaris under some 
circumstances.
 2001-07-27 12:35:27 +00:00
Bodo Möller
e5cb260365 DH key generation should not use a do ... while loop, 
or bogus DH parameters can be used for launching DOS attacks
 2001-07-25 17:48:51 +00:00
Bodo Möller
6aecef815c Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:34 +00:00
Dr. Stephen Henson
0c9de428ae In {RSA,DSA,DH}_new_method(x) need to increase the reference 
count of the ENGINE is x is not NULL since it will be freed
in {RSA,DSA,DH}_free().
 2001-06-23 23:07:34 +00:00
Richard Levitte
55dcfa421c make update 2001-06-23 16:43:03 +00:00
Richard Levitte
2b49dd1e8f 'make update' 2001-06-05 20:32:36 +00:00
Geoff Thorpe
7ae551fd03 In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the 
ENGINE code does not return a default, set an error.
 2001-04-30 15:24:41 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib 
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
 2001-03-09 14:01:42 +00:00