generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,249 Commits 16 Branches 258 Tags
Commit Graph

197 Commits

Author SHA1 Message Date
Dr. Stephen Henson
4bd7bc97e8 make update 2005-05-29 12:30:21 +00:00
Dr. Stephen Henson
e4c2c550b9 Add X9.31 signature support, mainly for FIPS140. Add new option to rsautl and 
include options to use X9.31 in tests.
 2005-05-28 20:15:48 +00:00
Dr. Stephen Henson
7044d328a2 Add PSS support. Minimal at this stage for FIPS140. 2005-05-27 21:59:52 +00:00
Bodo Möller
80790d89ec Use BN_with_flags() in a cleaner way. 
Complete previous change:
Constant time DSA [sync with mainstream].
 2005-05-27 15:39:15 +00:00
Bodo Möller
ecb1445ce2 Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:26:08 +00:00
Nils Larsch
b07a7b5daa fix typo 2005-04-23 12:46:24 +00:00
Dr. Stephen Henson
4ed56cba63 New function BN_MONT_CTX_set_locked, to set montgomery parameters in a 
threadsafe manner.

Modify or add calls to use it in rsa, dsa and dh algorithms.
 2005-04-22 13:17:49 +00:00
Dr. Stephen Henson
342b7e0458 Rebuild error codes. 2005-04-12 13:47:58 +00:00
Richard Levitte
9addd9b6fb Add emacs cache files to .cvsignore. 2005-04-11 14:18:14 +00:00
Dr. Stephen Henson
da8534693c Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:04:44 +00:00
Richard Levitte
a2617f727d Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:53:31 +00:00
Richard Levitte
5affe206e1 Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation for 
size_t-ification of those algorithms in future version of OpenSSL...
 2004-05-19 14:16:33 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Richard Levitte
cc056d6395 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 15:00:24 +00:00
Richard Levitte
54a7ea6f36 DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function 
called downstream that need it to be non-const.  The fact that the RSA_METHOD
functions take the RSA* as a const doesn't matter, it just expresses that
*they* won't touch it.
PR: 602
 2003-05-07 11:38:13 +00:00
Richard Levitte
0e2f5ec2d2 Constify RSA_sign() and RSA_verify(). 
PR: 602
 2003-05-05 13:55:23 +00:00
Richard Levitte
7f0f9f1934 Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. 
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
                 rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
 2003-04-16 06:25:29 +00:00
Richard Levitte
8f09a154e3 Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt() 2003-04-15 13:01:50 +00:00
Richard Levitte
f78ae9c0f2 make update. 2003-04-10 20:10:22 +00:00
Dr. Stephen Henson
88ec5a637f Only call redirected rsa_sign or rsa_verify if the pointer is set. 
This allows, for example, a smart card to redirect rsa_sign and keep
the default rsa_verify.
 2003-04-10 01:13:37 +00:00
Richard Levitte
0ae4ad9e9f Include rand.h, so RAND_status() and friends get properly declared. 2003-04-08 11:07:13 +00:00
Richard Levitte
1ed3815650 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in 
form of unneeded direct calls through the engine pointer..
 2003-04-08 06:02:00 +00:00
Richard Levitte
27310553b1 We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form 
of unneeded includes of openssl/engine.h.
 2003-04-08 06:00:17 +00:00
Richard Levitte
78490b9cc2 RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function 
pointers should be used.  It doesn't necessarely mean it should go through
the ENGINE framework.
 2003-04-07 19:15:29 +00:00
Bodo Möller
46b695d850 make RSA blinding thread-safe 2003-04-02 09:50:55 +00:00
Bodo Möller
84b1e84af1 make sure RSA blinding works when the PRNG is not properly seeded; 
enable it automatically only for the built-in engine
 2003-03-19 18:58:55 +00:00
Ben Laurie
96c15b8aad Turn on RSA blinding by default. 2003-03-18 12:12:10 +00:00
Richard Levitte
bd573ee31a The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's 
bad, so let's not check OPENSSL_NO_ENGINE in those places.  Fortunately, all
the header files where the problem existed include ossl_typ.h, which makes
a 'forward declaration' of the ENGINE type.
 2003-01-30 18:52:52 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:37:49 +00:00
Richard Levitte
75e3026a14 Cleanse memory using the new OPENSSL_cleanse() function. 
I've covered all the memset()s I felt safe modifying, but may have missed some.
 2002-11-28 08:09:03 +00:00
Richard Levitte
8aa09a245c The logic in the main signing and verifying functions to check lengths was 
incorrect.  Fortunately, there is a second check that's correct, when adding
the pads.
PR: 355
 2002-11-26 11:14:45 +00:00
Richard Levitte
ff90d659e6 Use double dashes so makedepend doesn't misunderstand the flags we 
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
 2002-10-09 13:21:33 +00:00
Lutz Jänicke
3720ea24f0 "make update" 
Submitted by:
Reviewed by:
PR:
 2002-07-30 07:18:03 +00:00
Richard Levitte
ca55c617e5 Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:44:52 +00:00
Lutz Jänicke
7d210e5194 Add missing prototypes. 
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by:
PR: 89
 2002-06-13 17:38:58 +00:00
Richard Levitte
c4ac954c59 Check the return values where memory allocation failures may happen. 
PR: 49
 2002-05-30 16:50:38 +00:00
Dr. Stephen Henson
1619add90c Make {RSA,DSA,DH}_new_method obtain and release an ENGINE 
functional reference.
 2002-03-09 18:24:14 +00:00
Richard Levitte
fb67f40f04 Add the configuration target VxWorks. 2002-02-14 16:23:55 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() 
with existing code.

Modify library to use digest *_ex() functions.
 2001-10-16 01:24:29 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our 
types.h to ossl_typ.h.
 2001-10-04 07:32:46 +00:00
Geoff Thorpe
d7e0299792 Fiddling. 2001-09-25 21:44:12 +00:00
Geoff Thorpe
cb78486d97 This commits changes to various parts of libcrypto required by the recent 
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
 2001-09-25 20:23:40 +00:00
Bodo Möller
be6d77005f comments 2001-09-20 15:41:34 +00:00
Bodo Möller
a9ed4da8eb improve OAEP check 2001-09-06 10:42:56 +00:00
Bodo Möller
e1a4814cd4 fix formatting so that the file can be view with any tab-width 2001-09-06 09:30:16 +00:00
Bodo Möller
6ac4e8bd6e Rename recently introduced functions for improved code clarity: 
[DR]SA_up  =>  [DR]SA_up_ref
 2001-09-03 13:40:07 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul. 
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
 2001-09-01 20:02:13 +00:00
Geoff Thorpe
5cbc2e8bc1 Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise, 
dependant code has to directly increment the "references" value of each
such structure using the corresponding lock. Apart from code duplication,
this provided no "REF_CHECK/REF_PRINT" checking and violated
encapsulation.
 2001-08-25 17:24:21 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when 
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
 2001-08-12 16:52:00 +00:00