summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh/dh_key.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make the DH_METHOD static consttb2024-05-091-2/+2
|
* Move public API and DH_METHOD to the bottom of the filetb2024-05-091-38/+31
| | | | no functional change
* Make the bn_rand_interval() API a bit more ergonomictb2023-08-031-8/+4
| | | | | | | | | | | | | | | | | | Provide bn_rand_in_range() which is a slightly tweaked version of what was previously called bn_rand_range(). The way bn_rand_range() is called in libcrypto, the lower bound is always expressible as a word. In fact, most of the time it is 1, the DH code uses a 2, the MR tests in BPSW use 3 and an exceptinally high number appears in the Tonelli-Shanks implementation where we use 32. Converting these lower bounds to BIGNUMs on the call site is annoying so let bn_rand_interval() do that internally and route that through bn_rand_in_range(). This way we can avoid using BN_sub_word(). Adjust the bn_isqrt() test to use bn_rand_in_range() since that's the only caller that uses actual BIGNUMs as lower bounds. ok jsing
* Hide symbols in dhbeck2023-07-081-1/+4
| | | | ok tb@
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Add an essentially empty dh_local.h and include it in the files wheretb2022-01-071-1/+2
| | | | | | it will be needed in the upcoming bump. discussed with jsing
* Missing initialization for pub_key. CID 184303.tb2018-11-121-2/+2
| | | | ok bcook
* Initialize priv_key and pub_key on first use instead of at the top.tb2018-11-091-6/+4
| | | | | | While there, eliminate a flag that was only used once. ok beck jsing mestre
* unrevert the use of bn_rand_interval().tb2018-11-061-6/+9
| | | | ok beck jsing
* revert use of bn_rand_interval due to failures with ECDHE and TLStb2018-11-061-9/+6
|
* Make use of bn_rand_interval() where appropriate.tb2018-11-051-6/+9
| | | | ok beck jsing
* Eliminate a few "} else" branches, a few unneeded NULL checks beforetb2018-11-051-16/+12
| | | | | | freeing and indent nearby labels. ok beck jsing
* Remove two unnecessary BN_FLG_CONSTTIME dances: BN_mod_exp_ct() alreadytb2018-11-051-12/+4
| | | | | | takes care of this internally. ok beck jsing
* zap stray tabsthen2018-06-121-2/+2
|
* Reject excessively large primes in DH key generation. Problem reportedsthen2018-06-121-1/+6
| | | | | | | | | | | by Guido Vranken to OpenSSL (https://github.com/openssl/openssl/pull/6457) and based on his diff. suggestions from tb@, ok tb@ jsing@ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack."
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-6/+6
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-211-2/+4
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* call BN_init on temporaries to avoid use-before-set warningsbcook2016-07-071-1/+2
| | | | ok beck@
* Remove flags for disabling constant-time operations.bcook2016-06-301-26/+11
| | | | | | | | This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-091-2/+3
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* None of these need to include <openssl/rand.h>jsing2014-10-181-2/+1
|
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-3/+2
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-3/+4
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* KNFmiod2014-07-091-122/+114
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Use C99 initializers for the various FOO_METHOD structs. More readable, andmiod2014-04-271-9/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
* remove FIPS mode support. people who require FIPS can buy something thattedu2014-04-151-16/+0
| | | | | meets their needs, but dumping it in here only penalizes the rest of us. ok beck deraadt
* resolve conflictsdjm2012-10-131-2/+31
|
* resolve conflicts, fix local changesdjm2010-10-011-4/+0
|
* resolve conflictsdjm2009-01-091-0/+4
|
* resolve conflictsdjm2008-09-061-20/+17
|
* openssl security fixes, diff from markus@, ok & "commit it" djm@pvalchev2006-10-041-0/+6
| | | | http://www.openssl.org/news/secadv_20060928.txt for more
* resolve conflictsdjm2006-06-271-19/+46
|
* backport checks for degenerate Diffie-Hellman public exponents fromdjm2006-05-041-0/+7
| | | | | OpenSSL-0.9.8a, where they were added without a corresponding patch to 0.9.7 or an advisory! ok theo@ markus@
* resolve conflictsdjm2005-04-291-0/+4
|
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-1/+0
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-26/+33
|
* openssl-engine-0.9.6a mergebeck2001-06-221-8/+3
|
* openssl-engine-0.9.6 mergebeck2000-12-151-12/+22
|
* OpenSSL 0.9.5 mergebeck2000-03-191-4/+61
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-20/+32
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+142
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 17:32:54 +0000