Dr. Stephen Henson
485bcc9cab
Preliminary support for X9.31 RSA key generation for FIPS.
...
Included prime derivation, random prime generation, test program and
new option to genrsa.
2005-05-31 12:38:03 +00:00
Bodo Möller
80790d89ec
Use BN_with_flags() in a cleaner way.
...
Complete previous change:
Constant time DSA [sync with mainstream].
2005-05-27 15:39:15 +00:00
Bodo Möller
ecb1445ce2
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:26:08 +00:00
Dr. Stephen Henson
4ed56cba63
New function BN_MONT_CTX_set_locked, to set montgomery parameters in a
...
threadsafe manner.
Modify or add calls to use it in rsa, dsa and dh algorithms.
2005-04-22 13:17:49 +00:00
Bodo Möller
46b695d850
make RSA blinding thread-safe
2003-04-02 09:50:55 +00:00
Richard Levitte
bce625987d
Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5.
...
PR: 216, point 3
2002-08-12 21:20:30 +00:00
Dr. Stephen Henson
f9bd76e4f7
Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned.
2002-05-10 22:08:22 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00
Richard Levitte
b476df64a1
make update
...
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Bodo Möller
c5d4ab7e35
adjust to OpenSSL_0_9_6-stable version
2001-11-09 13:09:11 +00:00
Bodo Möller
983495c4b2
Use uniformly chosen witnesses for Miller-Rabin test
...
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Bodo Möller
c62b26fdc6
Hide BN_CTX structure details.
...
Incease the number of BIGNUMs in a BN_CTX.
2001-03-08 15:56:15 +00:00
Bodo Möller
98499135d7
Constify BN_value_one.
2001-03-08 13:58:09 +00:00
Bodo Möller
226cc7ded4
More method functions for EC_GFp_simple_method.
2001-03-08 01:23:28 +00:00
Richard Levitte
a5bc1e8568
Use e_os2.h rather than opensslconf.h, since some needed macros are
...
defined there.
2001-02-22 14:37:50 +00:00
Richard Levitte
8120813066
Use new-style system-id macros.
2001-02-20 07:43:22 +00:00
Richard Levitte
cf1b7d9664
Make all configuration macros available for application by making
...
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Bodo Möller
e306892994
Simplify BN_rand_range
2001-02-10 00:34:02 +00:00
Bodo Möller
35ed8cb8b6
Integrate my implementation of a countermeasure against
...
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Ulf Möller
57e7d3ce15
Bleichenbacher's DSA attack
2001-02-07 22:24:35 +00:00
Bodo Möller
e5164b7041
Change error message to "bignum too long"
2000-12-04 09:24:54 +00:00
Bodo Möller
152a689cf9
Don't allow BIGNUMs to become so large that computations with dmax
...
might overflow.
2000-12-03 09:39:04 +00:00
Ulf Möller
111482cf2e
New function BN_bntest_rand() to detect more BN library bugs.
...
The bn_cmp_part_words bug was only caught in the BN_mod_mul() test,
not in the BN_mul() test, so apparently the choice of parameters in
some cases is bad.
2000-12-02 07:32:57 +00:00
Bodo Möller
cd2eebfd64
BN_sqrt
2000-11-30 00:18:19 +00:00
Bodo Möller
a08bcccc67
Expand expspeed.c to make BN_kronecker timings.
...
This caused a segmentation fault in calls to malloc, so I cleaned up
bn_lib.c a little so that it is easier to see what is going on.
The bug turned out to be an off-by-one error in BN_bin2bn.
2000-11-29 12:32:10 +00:00
Bodo Möller
dcbd0d74d5
Fix BN_is_... macros.
...
Fix BN_gcd.
Analyze BN_mod_inverse.
Add BN_kronecker.
"make update".
2000-11-27 21:17:20 +00:00
Bodo Möller
5acaa49504
More BN_mod_... functions.
2000-11-26 18:31:32 +00:00
Bodo Möller
78a0c1f18d
modular arithmetics
...
"make update"
2000-11-26 16:42:38 +00:00
Richard Levitte
227385b719
Make sure BN_DIV2W is not defining when defining it, and remove the
...
declarations of bn_add_part_words() and bn_sub_part_words() since they
do not exist.
2000-11-17 12:01:55 +00:00
Richard Levitte
cbd48ba626
More constification of the BN library.
2000-11-16 22:43:32 +00:00
Bodo Möller
7f7b8d6871
BN_CTX-related fixes.
2000-11-08 10:05:34 +00:00
Richard Levitte
020fc820dc
Constify the BIGNUM routines a bit more. The only trouble were the
...
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()). The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().
2000-11-06 21:15:54 +00:00
Dr. Stephen Henson
2d978cbd30
Changes needed for Tandem NSK, supplied by Scott Uroff (scott@xypro.com).
...
Fix warnings with BIO_dump_indent().
2000-08-04 00:01:39 +00:00
Bodo Möller
dc434bbcb0
Slightly faster DSA verification (BN_mod_exp2_mont),
...
marginally faster BN_mod_exp for 1024 bit exponents.
2000-06-08 20:26:03 +00:00
Bodo Möller
6dad7bd69c
Speed up DH with small generator.
2000-06-07 21:29:25 +00:00
Ulf Möller
de42b6a7a8
Use NO_FP_API.
2000-06-01 20:25:44 +00:00
Ulf Möller
f1a617edc9
check for WIN32 (needed by Mingw32)
2000-03-01 01:46:34 +00:00
Ulf Möller
775c63fc02
Reorganize bn_mul.c (no bugfix yet), remove obsolete files in BN library.
2000-02-26 22:16:47 +00:00
Bodo Möller
eb5a6a55c5
Commit patch to bn.h that CVS decided to throw away during 'cvs update',
...
and initialize too_many because memset(..., 0, ...) is not used here.
2000-02-05 20:39:26 +00:00
Ulf Möller
6535eb1728
Use MONT_WORD macro to control if the word-based or the bignum
...
algorithm is used.
2000-02-05 18:23:05 +00:00
Ulf Möller
9b141126d4
New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access
...
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.
2000-02-05 14:17:32 +00:00
Ulf Möller
657e60fa00
ispell (and minor modifications)
2000-02-03 23:23:24 +00:00
Bodo Möller
7999c65c9b
Some 'const's for BNs.
2000-02-03 01:26:07 +00:00
Bodo Möller
aff0825c61
Tolerate negative numbers in BN_is_prime.
2000-02-02 22:18:01 +00:00
Bodo Möller
e74231ed9e
rndsort{Miller, Rabin} primality test.
2000-02-02 21:20:44 +00:00
Bodo Möller
a87030a1ed
Make DSA_generate_parameters, and fix a couple of bug
...
(including another problem in the s3_srvr.c state machine).
2000-01-30 02:23:03 +00:00
Richard Levitte
f95a9f678a
Declare BN_pseudo_rand().
2000-01-27 22:07:42 +00:00
Ulf Möller
38e33cef15
Document DSA and SHA.
...
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
2000-01-27 19:31:26 +00:00
Bodo Möller
ec1258dd44
Update comments to provide a better approximation of reality.
2000-01-27 13:00:10 +00:00
Ulf Möller
e93f9a3284
Run ispell.
...
Clean up bn_mont.c.
2000-01-27 01:50:42 +00:00