Commit graph

4101 commits

Author SHA1 Message Date
Nils Larsch
5c567ffd4c fix assertion 2005-05-31 20:39:54 +00:00
Richard Levitte
3bc1781994 Synchronise with the Unix build... 2005-05-31 20:29:23 +00:00
Dr. Stephen Henson
485bcc9cab Preliminary support for X9.31 RSA key generation for FIPS.
Included prime derivation, random prime generation, test program and
new option to genrsa.
2005-05-31 12:38:03 +00:00
Dr. Stephen Henson
4bd7bc97e8 make update 2005-05-29 12:30:21 +00:00
Richard Levitte
c3d03b70af We have some source with \r\n as line ends. DEC C informs about that,
and I really can't be bothered...
2005-05-29 12:13:05 +00:00
Dr. Stephen Henson
e4c2c550b9 Add X9.31 signature support, mainly for FIPS140. Add new option to rsautl and
include options to use X9.31 in tests.
2005-05-28 20:15:48 +00:00
Dr. Stephen Henson
7044d328a2 Add PSS support. Minimal at this stage for FIPS140. 2005-05-27 21:59:52 +00:00
Bodo Möller
80790d89ec Use BN_with_flags() in a cleaner way.
Complete previous change:
Constant time DSA [sync with mainstream].
2005-05-27 15:39:15 +00:00
Bodo Möller
44a287747f make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:42 +00:00
Richard Levitte
48a3f2818e When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.

Notified by David Wolfe <dwolfe5272@yahoo.com>
2005-05-21 17:39:48 +00:00
Dr. Stephen Henson
8baaeba881 Place #ifdef OPENSSL_FIPS round the SHA-XXX functions in evp.h so mkdef.pl
knows about it.
2005-05-17 19:48:42 +00:00
Bodo Möller
bedcd5c0bb fix memory leak (BIO_free_all needs pointer to first BIO)
PR: 1070
2005-05-17 05:52:18 +00:00
Bodo Möller
ecb1445ce2 Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:26:08 +00:00
Dr. Stephen Henson
775e82c58d Fix from HEAD. 2005-05-14 12:59:05 +00:00
Dr. Stephen Henson
db5cbd8954 Fixes from HEAD. 2005-05-13 00:23:02 +00:00
Dr. Stephen Henson
c6012b252d Fix from HEAD. 2005-05-12 23:13:40 +00:00
Dr. Stephen Henson
e1ff593dcb Typo. 2005-05-12 17:27:48 +00:00
Dr. Stephen Henson
9fc1d3f4c4 Allow AES CFB1 ciphers in FIPS mode. 2005-05-11 16:28:33 +00:00
Andy Polyakov
b1ca6f2f3d Eliminate "statement with no effect" warning when OPENSSL_assert macro
is used with constant assertion.
2005-05-08 19:52:13 +00:00
Andy Polyakov
4b27a9feb3 Backport SHA-[224|256|384|512] from HEAD to FIPS. 2005-05-07 17:21:34 +00:00
Andy Polyakov
3380c4561e Backport of rc4-x86_64 from HEAD. 2005-05-04 16:12:07 +00:00
cvs2svn
3f2f0c8892 This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_7-stable'.
2005-05-04 14:51:39 +00:00
Andy Polyakov
0ee883650d Commentary update motivating code update in 0.9.7. 2005-05-04 14:51:38 +00:00
Andy Polyakov
70cf309517 x86_64 assembler translator update. 2005-05-04 08:42:47 +00:00
Andy Polyakov
8b5bf52ac2 Cvs missed adapted module itself, here it goes... 2005-05-03 23:03:31 +00:00
Andy Polyakov
73a9485081 Engage md5-x86_64 assembler module. 2005-05-03 22:59:17 +00:00
Andy Polyakov
d37a65bc81 Throw in md5-x86_64 assembler. 2005-05-03 22:56:15 +00:00
Andy Polyakov
34c7ff6dc9 Cygwin doesn't expose Win32 [not "officially"]. 2005-05-03 21:20:17 +00:00
Andy Polyakov
647907918d Commentary update. 2005-05-03 21:16:42 +00:00
Andy Polyakov
cee73df3bd Cpuid modules updates. 2005-05-03 21:05:06 +00:00
Nils Larsch
f15c448a72 remove BN_ncopy, it was only used in bn_nist.c and wasn't particular
useful anyway
2005-05-03 20:27:00 +00:00
Nils Larsch
fcb41c0ee8 rewrite of bn_nist.c, disable support for some curves on 64 bit platforms
for now (it was broken anyway)
2005-05-03 20:23:33 +00:00
Andy Polyakov
5f1841cdca Rename amd64 modules to x86_64 and update RC4 implementation. 2005-05-03 15:42:05 +00:00
Andy Polyakov
4b45051902 x86_64 assembler translator update. 2005-05-03 15:35:14 +00:00
Dr. Stephen Henson
f07320eae0 Remove unnecessary code. 2005-05-03 11:56:09 +00:00
Dr. Stephen Henson
fb64e17555 Update dependencies. 2005-05-02 23:02:19 +00:00
Dr. Stephen Henson
e8f245d243 Add hmac to fips. 2005-05-02 22:59:41 +00:00
Dr. Stephen Henson
73f3c281ff Update from HEAD. 2005-05-01 12:47:33 +00:00
Dr. Stephen Henson
05338b58ce Support for smime-type MIME parameter. 2005-05-01 12:46:57 +00:00
Andy Polyakov
405d9761a5 Allow for ./config no-sha0 [from stable]. 2005-04-30 21:51:41 +00:00
Dr. Stephen Henson
6a62b2e54b Update from HEAD. 2005-04-30 18:16:40 +00:00
Dr. Stephen Henson
98a2fd32a0 Typo. 2005-04-30 18:07:30 +00:00
Dr. Stephen Henson
7bdeeb64ac Don't attempt to parse nested ASN1 strings by default. 2005-04-30 18:02:54 +00:00
Dr. Stephen Henson
c1668fe59d Update from HEAD. 2005-04-30 13:08:56 +00:00
Dr. Stephen Henson
e1cc0671ac Use more efficient way to locate end of an ASN1 structure. 2005-04-30 13:06:45 +00:00
Nils Larsch
c1a8a5de13 don't let BN_CTX_free(NULL) segfault 2005-04-29 21:20:31 +00:00
Nils Larsch
6a50d0a422 hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis
for ecdh)
2005-04-29 15:56:06 +00:00
Nils Larsch
1897c89302 avoid warnings when building on systems where sizeof(void *) > sizeof(int) 2005-04-29 14:26:59 +00:00
Andy Polyakov
c7e7d382d5 Pointer to BN_MONT_CTX could be used uninitialized. 2005-04-28 08:52:29 +00:00
Andy Polyakov
3cc54008eb Pointer to BN_MONT_CTX could be used uninitialized. 2005-04-28 08:49:01 +00:00
Richard Levitte
ff8bcccdd4 Synchronise with Unix build system. 2005-04-28 04:55:28 +00:00
Dr. Stephen Henson
81170986ed Fix from HEAD. 2005-04-28 00:22:00 +00:00
Dr. Stephen Henson
a93b01be57 Increase offset for BIO_f_enc() to avoid problems with overlapping buffers
when decrypting data.
2005-04-28 00:21:29 +00:00
Dr. Stephen Henson
6c61726b2a Lots of Win32 fixes for DTLS.
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
2005-04-27 16:27:14 +00:00
Nils Larsch
4b21c202ff add missing parentheses 2005-04-27 07:59:17 +00:00
Nils Larsch
df9e0bf507 add missing parentheses 2005-04-27 07:57:50 +00:00
Dr. Stephen Henson
879b19801a Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several
casts.
2005-04-27 00:04:59 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch.
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Dr. Stephen Henson
465b9f6b26 Stop unused variable warning. 2005-04-26 23:45:49 +00:00
Dr. Stephen Henson
2deadf1672 Port from stable branch. 2005-04-26 23:21:49 +00:00
Nils Larsch
800e400de5 some updates for the blinding code; summary:
- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Dr. Stephen Henson
667aef4c6a Port from stable branch. 2005-04-26 22:07:17 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes.
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Bodo Möller
0d5ea7613e make update 2005-04-26 18:09:21 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Bodo Möller
2e7245f5a3 Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
PR: 959
2005-04-25 23:09:00 +00:00
Andy Polyakov
3d5fd31280 Avoid L1 cache aliasing even between key and S-boxes. 2005-04-24 21:09:20 +00:00
Nils Larsch
9edf4e8157 make asn.1 field names const 2005-04-23 13:45:49 +00:00
Nils Larsch
b07a7b5daa fix typo 2005-04-23 12:46:24 +00:00
Nils Larsch
965a1cb92e change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible 2005-04-23 10:11:16 +00:00
Ben Laurie
e9ad6665a5 Add debug target, remove cast, note possible bug. 2005-04-23 06:05:24 +00:00
Ben Laurie
b5855b2f32 Add prototypes. 2005-04-22 23:57:46 +00:00
Nils Larsch
a0bee97e55 more const 2005-04-22 21:57:36 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
4ed56cba63 New function BN_MONT_CTX_set_locked, to set montgomery parameters in a
threadsafe manner.

Modify or add calls to use it in rsa, dsa and dh algorithms.
2005-04-22 13:17:49 +00:00
Andy Polyakov
04d0d0accf Avoid aliasing between stack frames and S-boxes. Compress prefetch code. 2005-04-22 11:49:32 +00:00
Richard Levitte
630e4a6e59 Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where
util/libeay.num is important when building shared libraries, like
VMS.
2005-04-21 09:10:19 +00:00
Dr. Stephen Henson
2c45bf2bc9 Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
Remove more bogus shadow warnings.
2005-04-20 21:48:06 +00:00
Dr. Stephen Henson
836ec0c764 Stop compiler warnings about deprecated lvalue casts. 2005-04-20 21:39:13 +00:00
Dr. Stephen Henson
5e72fb063a Stop bogus shadowing warning. 2005-04-20 21:34:29 +00:00
Richard Levitte
a74286d636 Make sure id2_func is properly cast as well... 2005-04-20 13:17:42 +00:00
Richard Levitte
254cfe878e signed vs. unsigned. 2005-04-20 13:12:33 +00:00
Richard Levitte
ed824195a1 Avoid compiler complaint about mismatched function signatures
(void * != char *)
2005-04-20 13:09:46 +00:00
Richard Levitte
22c3600e4c Resolve signed vs. unsigned. 2005-04-20 12:55:15 +00:00
Richard Levitte
49f386578e Type mismatch detected by DEC C compiler. void* != void** 2005-04-20 12:53:50 +00:00
Richard Levitte
7c671508bd Avoid compiler complaint about mismatched function signatures
(void * != RSA *)
2005-04-20 10:02:16 +00:00
Dr. Stephen Henson
987bebaf8c New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script
to use it.
2005-04-19 13:24:44 +00:00
Dr. Stephen Henson
f68854b4c3 Various Win32 and other fixes for warnings and compilation errors.
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
2005-04-19 00:12:36 +00:00
Dr. Stephen Henson
89234b1eed Pick up definition of FIPS_mode() in fips.h to avoid warnings. 2005-04-18 13:02:19 +00:00
Andy Polyakov
863a155451 Resolve minor binary compatibility issues in fips. 2005-04-17 23:26:40 +00:00
Andy Polyakov
1ddce0bebf Throw in fips/aes/asm/fips-ax86-elf.s. 2005-04-17 22:54:16 +00:00
Andy Polyakov
1cfd258ed6 Throw in x86_64 AT&T to MASM assembler converter to facilitate development
of dual-ABI Unix/Win64 modules.
2005-04-17 21:05:57 +00:00
Richard Levitte
2906dc8601 Synchronise with ec/Makefile. 2005-04-17 09:07:37 +00:00
Andy Polyakov
c8d5c71af5 Mitigate cache-timing attack in CBC mode. This is done by implementing
compressed tables (2x compression factor) and by pre-fetching them into
processor cache prior every CBC en-/decryption pass. One can argue why
just CBC? Well, it's commonly used mode in real-life applications and
API allows us to amortize the prefetch costs for larger data chunks...
2005-04-16 15:23:21 +00:00
Dr. Stephen Henson
8fc6cb77c5 Fix from HEAD. 2005-04-14 22:59:17 +00:00
Dr. Stephen Henson
fbe6ba81e9 Check return values of <Digest>_Init functions in low level digest calls. 2005-04-14 22:58:44 +00:00
Andy Polyakov
2b85e23d2e Prototype mnemonics in padlock_verify_context for better portability
[read support for Solaris assembler].
2005-04-14 07:47:10 +00:00
Andy Polyakov
026bb0b96a Fix for bug emerged in openvpn conext. 2005-04-14 07:41:29 +00:00
Andy Polyakov
5dc4923359 Zap OPENSSL_EXTERN on symbols, which are meant to remain local to DLL.
Comment in HEAD commit was wrong!
2005-04-13 20:54:07 +00:00
Andy Polyakov
e62991a07c Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL. 2005-04-13 20:51:42 +00:00