summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* *** empty log message ***beck2017-04-283-33/+21
|
* Send the function codes from the error functions to the bit bucket,beck2017-01-2917-275/+148
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Construct a BN_gcd_nonct, based on BN_mod_inverse_no_branch, as suggestedbeck2017-01-252-5/+5
| | | | | | | | | | | by Alejandro Cabrera <aldaya@gmail.com> to avoid the possibility of a sidechannel timing attack during RSA private key generation. Modify BN_gcd to become not visible under LIBRESSL_INTERNAL and force the use of the _ct or _nonct versions of the function only within the library. ok jsing@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-213-7/+9
| | | | ok jsing@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-213-12/+16
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-211-2/+4
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* Expand ASN1_ITEM_rptr macros - no change in generated assembly.jsing2016-12-302-6/+6
|
* Explicitly export a list of symbols from libcrypto.jsing2016-12-211-1/+6
| | | | | | | | | | | | | | | | Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting the bn_* symbols. These are documented as only being intended for internal use, so why they were placed in a public header is beyond me... This hides 363 previously exported symbols, most of which exist in headers that are not installed and were never intended to be public. This also removes a few crusty old things that should have died long ago (like _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols exported from the library. With input and testing from inoguchi@. ok beck@ inoguchi@
* unifdef OPENSSL_NO_CMSjsing2016-10-192-39/+2
|
* missing space after commatb2016-09-091-2/+2
| | | | | | (this was apparently lost during the repo surgery) ok bcook
* Expand DECLARE_ASN1_.*FUNCTIONS macros.jsing2016-09-041-4/+12
| | | | No change in preprocessed output, ignoring whitespace and line numbers.
* call BN_init on temporaries to avoid use-before-set warningsbcook2016-07-072-2/+12
| | | | ok beck@
* Remove flags for disabling constant-time operations.bcook2016-06-304-129/+70
| | | | | | | | This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
* Fix for OpenSSL CVE-2015-3194beck2015-12-031-2/+2
| | | | ok krw@
* Replace M_ASN1_OCTET_STRING_(free|new) with ASN1_OCTET_STRING_(free|new).jsing2015-09-301-2/+2
|
* Correct spelling of OPENSSL_cleanse.jsing2015-09-103-11/+12
| | | | ok miod@
* Drop stupid (int) casts for the arguments of malloc() and friends. This ismiod2015-07-192-6/+6
| | | | | not 16-bit MS-DOS anymore. ok bcook@ tedu@
* Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp().jsing2015-06-201-2/+2
| | | | ok doug@ deraadt@
* Remove obsolete MDC-2DES from libcrypto.doug2015-06-202-29/+3
| | | | ok deraadt@ jsing@ miod@
* Fix bad indenting in LibreSSL.doug2015-06-131-2/+2
| | | | | | | | | jsg@ noticed that some of the lines in libssl and libcrypto are not indented properly. At a quick glance, it looks like it has a different control flow than it really does. I checked the history in our tree and in OpenSSL to make sure these were simple mistakes. ok miod@ jsing@
* Regenmiod2015-02-151-52/+59
|
* Check for allocation error in RSA_eay_mod_exp(). Coverity CID 25217.miod2015-02-142-2/+7
| | | | ok jsing@
* Expand ASN1_CHOICE*, ASN1_SEQUENCE* and associated macros, making thejsing2015-02-141-25/+161
| | | | | | | | | data structures visible and easier to review, without having to wade through layers and layers of asn1t.h macros. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-112-2/+39
|
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-112-39/+2
| | | | ok miod@
* Enable building with -DOPENSSL_NO_DEPRECATED.doug2015-02-112-2/+4
| | | | | | | | | | | | | | | If you didn't enable deprecated code, there were missing err.h and bn.h includes. This commit allows building with or without deprecated code. This was not derived from an OpenSSL commit. However, they recently enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems in a different way. Verified with clang that this only changes line numbers in the generated asm. ok miod@
* Expand the -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_(const_)?fname macros so thatjsing2015-02-101-3/+27
| | | | | | | | the code is visible and functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* Expand the IMPLEMENT_ASN1_FUNCTIONS macro so that the code is visible andjsing2015-02-091-2/+26
| | | | | | | | functions can be readily located. Change has been scripted and there is no change to the generated assembly. Discussed with beck@ miod@ tedu@
* BN_CTX_get() can fail - consistently check its return value.jsing2015-02-093-14/+17
| | | | | | | | | | | | | | | There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
* Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().jsing2014-10-224-24/+16
| | | | | | | | arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
* None of these need to include <openssl/rand.h>jsing2014-10-185-10/+5
|
* Make sure all error conditions in RSA_padding_add_PKCS1_PSS_mgf1() causemiod2014-07-131-3/+4
| | | | EVP_MD_CTX_cleanup() to be called.
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-122-5/+4
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* In RSA_eay_private_encrypt(), correctly return the smaller BN; OpenSSLmiod2014-07-111-2/+2
| | | | PR #3418 via OpenSSL trunk
* Remove duplicate 0x for salt len in output; Martin Kaiser via OpenSSL trunk.miod2014-07-111-2/+2
|
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-1117-53/+60
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-109-9/+33
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-109-11/+28
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* RSA_setup_blinding() gets a BN with BN_CTX_get(), returns `out of memory'miod2014-07-101-6/+1
| | | | | | | | if it fails, then never uses it anymore, and may invoke a function which needs more than one BN from the BN_CTX anyway, so this is pointless - remove the BN_CTX_get() call and the test. ok jsing
* Tweak some comments. We do not really need to know that "New!" flags werejsing2014-07-101-9/+8
| | | | added 10+ years ago (they're kinda somewhat stale by now...)
* Stop playing with the RSA_FLAG_BLINDING flag. It does nothing.jsing2014-07-101-3/+1
| | | | ok miod@
* delete some casts. ok miodtedu2014-07-105-15/+15
|
* Remove RSA_FLAG_NO_EXP_CONSTTIME, which was deprecated 12+ years ago.jsing2014-07-101-13/+1
| | | | | | sthen@ confirmed that no ports are referencing it. ok miod@.
* BN_free, BN_clear_free, BN_CTX_free, BN_BLINDING_free and BN_MONT_CTX_freejsing2014-07-106-55/+32
| | | | | | all have implicit NULL checks, so we do not need them here. ok miod@
* Use a while loop instead of an ifdowhile loop.jsing2014-07-102-12/+10
| | | | ok miod@ tedu@
* ASN1_STRING_free can handle NULL, so callers don't need to check. ok miodtedu2014-07-091-3/+2
|
* Make comments readable.jsing2014-07-091-27/+33
|
* More KNF.jsing2014-07-0919-322/+331
|
* KNF.jsing2014-07-092-123/+108
|
* Unifdef -UPKCS_TESTVECT - we don't want the random data used in OAEP paddingmiod2014-07-091-6/+1
| | | | to get overwritten by a known value, ever.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 16:26:18 +0000