Age | Commit message (Collapse) | Author |
|
|
|
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
|
|
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
|
|
|
|
|
|
|
|
|
|
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
|
|
|
|
|
|
|
|
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
|
|
|
|
casts.
|
|
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
|
|
|
|
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
|
|
of unneeded includes of openssl/engine.h.
|
|
dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).
This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.
PR: 507
|
|
PR: 287
|
|
Submitted by: Nils Larsch <nla@trustcenter.de>
PR: 459
|
|
override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.
|
|
Submitted by: Nils Larsch
|
|
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.
Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.
|
|
|
|
Various S/MIME DSA related fixes.
|
|
|
|
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
|
|
|
|
|
|
At the same time, add VMS support for Rijndael.
|
|
|
|
certificate: currently this includes trust settings
and a "friendly name".
|
|
DSA_METHOD to make it more consistent with RSA_METHOD.
|
|
|