summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add DSA_meth_{dup,free,new,set_{finish,sign}}()tb2018-03-172-1/+86
| | | | | | | As in RSA_meth_*, note that these functions return NULL in out-of-memory situations, but they do not set an error explicitly. ok jsing
* Provide DSA_get0_engine()tb2018-02-202-2/+9
| | | | ok jsing
* Provide DSA_SIG_{g,s}et0()tb2018-02-202-2/+27
| | | | ok jsing
* Provide DSA_{clear,set,test}_flags()tb2018-02-202-2/+23
| | | | ok jsing
* Provide {DH,DSA}_set0_key(). Requested by sthen.tb2018-02-182-2/+21
| | | | ok jsing
* Provide DSA_set0_pqg.tb2018-02-182-2/+26
| | | | ok jsing
* s/DH/DSA/jsing2018-02-171-2/+2
|
* Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),tb2018-02-172-2/+26
| | | | | | EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key(). ok jsing
* use freezero() instead of memset/explicit_bzero + free. Substantiallyderaadt2017-05-021-5/+2
| | | | | | | | | | reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
* Send the function codes from the error functions to the bit bucket,beck2017-01-297-76/+50
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-211-3/+3
| | | | ok jsing@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-213-9/+9
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-214-9/+13
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* Expand ASN1_ITEM_rptr macro - no change in generated assembly.jsing2016-12-301-2/+2
|
* Explicitly export a list of symbols from libcrypto.jsing2016-12-211-1/+5
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* withjsing2016-11-042-9/+30
| | | | | | ASN1_item_{d2i,i2d}_* equivalents. ok guenther@ miod@
* unifdef OPENSSL_NO_CMSjsing2016-10-191-24/+1
|
* Remove flags for disabling constant-time operations.bcook2016-06-302-14/+5
| | | | | | | | This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
* Disable DSA_FLAG_NO_EXP_CONSTTIME, always enable constant-time behavior.bcook2016-06-213-88/+46
| | | | | | | Improved patch from Cesar Pereida. See https://github.com/libressl-portable/openbsd/pull/61 for more details. ok beck@
* Set BN_FLG_CONSTTIME on the correct variable. beck committed wrong fix.libressl-v2.4.1tedu2016-06-061-2/+2
| | | | Mistake noted by Billy Brumley. Many thanks.
* Correct a problem that prevents the DSA signing algorithm from runningbeck2016-06-061-4/+6
| | | | | | | in constant time even if the flag BN_FLG_CONSTTIME is set. This issue was reported by Cesar Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by Cesar Pereida.
* Remove support for ancient, broken DSA implementations.doug2016-03-011-60/+20
| | | | | | | | | | | | | | | Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
* Group d2i/i2d function prototypes by type and add missing externs for thejsing2015-10-131-7/+12
| | | | DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs.
* We don't need no stinking "EXAMPLE OF THE DSA" or README (the credits arejsing2015-09-262-126/+0
| | | | | | already in the code). ok beck@ miod@
* When loading a DSA key from an raw (without DH parameters) ASN.1 serialization,miod2015-09-101-2/+48
| | | | | | | | | | | | | perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. ok bcook@ beck@
* Fix an incorrect error check in DSA verify.bcook2015-09-101-4/+2
| | | | | | From Matt Caswell's OpenSSL commit "RT3192: spurious error in DSA verify". https://github.com/openssl/openssl/commit/eb63bce040d1cc6147d256f516b59552c018e29b
* Fix inverted test in previous. Commit message told what we intended, butmiod2015-07-151-2/+2
| | | | we did not notice my fingers slipping. Noticed by bcook@
* Previous fix for Coverity CID 21785 did not cope correctly with seed_len != 0,miod2015-07-151-1/+3
| | | | | | seed_in == NULL case. Since this situation is an error anyway, bail out early. with and ok beck@
* Avoid calling BN_CTX_end() on a context that wasn't started.doug2015-02-151-4/+4
| | | | | | | | | | | In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new() call above it will have allocated a ctx without calling BN_CTX_start() on it. The error handling calls BN_CTX_end() when ctx is allocated. Move the BN_MONT_CTX_new() call up so it will fail first without splitting up the BN_CTX_new() and BN_CTX_start(). tweak + ok miod@, ok bcook@
* If we decide to discard the provided seed buffer because its size is notmiod2015-02-151-8/+6
| | | | | | | | large enough, do it correctly so that the local seed buffer on the stack gets properly initialized in the first iteration of the loop. While there, remove an outdated and bogus comment. Coverity CID 21785 ok doug@ jsing@
* Coverity CID 21733 (unchecked allocation), 78823 (leak on error).miod2015-02-141-1/+6
| | | | ok doug@ jsing@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-141-29/+213
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-111-1/+24
|
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-111-24/+1
| | | | ok miod@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-111-1/+2
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so thatjsing2015-02-101-5/+53
| | | | | | | | the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-091-9/+17
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* Fix a number of issues relating to algorithms in signatures, Mostlybeck2015-01-281-2/+14
| | | | | | from OpenSSL with a hint of boring and some things done here. Addresses CVE-2014-8275 for OpenSSL fully ok miod@ doug@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-221-3/+3
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* None of these need to include <openssl/rand.h>jsing2014-10-185-10/+5
|
* dsa_priv_decode(): only destroy the object we've created, and with themiod2014-07-131-3/+5
| | | | | | appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-127-62/+36
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-1111-38/+41
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-105-7/+22
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-102-3/+7
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* ASN1_STRING_free can handle NULL, so callers don't need to check. ok miodtedu2014-07-091-7/+4
|
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* Make use of this wonderful modern C construct known as a `switch', instead ofmiod2014-07-091-11/+17
| | | | 8-line if() tests.
* KNFmiod2014-07-0911-906/+939
|
* hand-KNF macro the do { } while loopsderaadt2014-06-271-16/+20
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 16:39:35 +0000