summaryrefslogtreecommitdiffstats
path: root/crypto/dsa/dsa_ossl.c
AgeCommit message (Collapse)Author
2011-01-25recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)Dr. Stephen Henson
2010-10-11PR: 2295Dr. Stephen Henson
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.
2007-03-28Change to mitigate branch prediction attacksBodo Möller
Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
2007-02-11avoid shifting inputNils Larsch
2007-02-07remove unused variableNils Larsch
2007-02-03add support for DSA with SHA2Nils Larsch
2006-11-08Fix various warnings.Ben Laurie
2006-09-28Introduce limits to prevent malicious keys being able toBodo Möller
cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller]
2006-03-18remove unnecessary codeNils Larsch
2006-03-15fix problems found by coverity: remove useless codeNils Larsch
2005-05-26make sure DSA signing exponentiations really are constant-timeBodo Möller
2005-05-16Implement fixed-window exponentiation to mitigate hyper-threadingBodo Möller
timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
2005-05-09improve comment readabilityBodo Möller
2005-04-27Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove severalDr. Stephen Henson
casts.
2005-04-26Port BN_MONT_CTX_set_locked() from stable branch.Dr. Stephen Henson
The function rsa_eay_mont_helper() has been removed because it is no longer needed after this change.
2005-04-23Add debug target, remove cast, note possible bug.Ben Laurie
2005-04-22- use BN_set_negative and BN_is_negative instead of BN_set_signNils Larsch
and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)"
2003-04-08We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in formRichard Levitte
of unneeded includes of openssl/engine.h.
2003-03-11The default implementation of DSA_METHOD has an interdependence on theGeoff Thorpe
dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and dsa_sign_setup(). When another DSA_METHOD implementation does not define these lower-level handlers, it becomes impossible to do a fallback to software on errors using a simple DSA_OpenSSL()->fn(key). This change allows the default DSA_METHOD to function in such circumstances by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist, otherwise using BIGNUM implementations directly (which is what those handlers did before this change). There should be no noticable difference for the software case, or indeed any custom case that didn't already segfault, except perhaps that there is now one less level of indirection in all cases. PR: 507
2003-01-30Add the possibility to build without the ENGINE framework.Richard Levitte
PR: 287
2003-01-15Fix initialization sequence to prevent freeing of unitialized objects.Lutz Jänicke
Submitted by: Nils Larsch <nla@trustcenter.de> PR: 459
2003-01-15As with RSA, which was modified recently, this change makes it possible toGeoff Thorpe
override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method.
2002-11-04implement and use new macros BN_get_sign(), BN_set_sign()Bodo Möller
Submitted by: Nils Larsch
2001-09-25This commits changes to various parts of libcrypto required by the recentGeoff Thorpe
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls.
2001-06-26DSA verification should insist that r and s are in the allowed range.Bodo Möller
2001-04-21Fix ASN1 bug when decoding OTHER type.Dr. Stephen Henson
Various S/MIME DSA related fixes.
2001-02-10Simplify BN_rand_rangeBodo Möller
2001-02-08Integrate my implementation of a countermeasure againstBodo Möller
Bleichenbacher's DSA attack. With this implementation, the expected number of iterations never exceeds 2. New semantics for BN_rand_range(): BN_rand_range(r, min, range) now generates r such that min <= r < min+range. (Previously, BN_rand_range(r, min, max) generated r such that min <= r < max. It is more convenient to have the range; also the previous prototype was misleading because max was larger than the actual maximum.)
2001-02-07Bleichenbacher's DSA attackUlf Möller
2000-11-07Constify DSA-related code.Richard Levitte
2000-10-26Merge the engine branch into the main trunk. All conflicts resolved.Richard Levitte
At the same time, add VMS support for Rijndael.
2000-09-13Don't set the two top bits to one when generating a random number < q.:wqUlf Möller
1999-11-04Allow additional information to be attached to aDr. Stephen Henson
certificate: currently this includes trust settings and a "friendly name".
1999-08-23Initial support for DH_METHOD. Also added a DH lock. A few changes made toDr. Stephen Henson
DSA_METHOD to make it more consistent with RSA_METHOD.
1999-08-22Initial support for DSA_METHOD...Dr. Stephen Henson
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-22 16:09:21 +0000