aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/dh/dh_key.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove /* foo.c */ commentsRich Salz2016-01-261-1/+0
| | | | | | | | | | | | This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Tighten up BN_with_flags usage and avoid a reachable assertMatt Caswell2015-11-261-1/+3
| | | | | | | | | | | | | | | | | | The function rsa_ossl_mod_exp uses the function BN_with_flags to create a temporary copy (local_r1) of a BIGNUM (r1) with modified flags. This temporary copy shares some state with the original r1. If the state of r1 gets updated then local_r1's state will be stale. This was occurring in the function so that when local_r1 was freed a call to bn_check_top was made which failed an assert due to the stale state. To resolve this we must free local_r1 immediately after we have finished using it and not wait until the end of the function. This problem prompted a review of all BN_with_flag usage within the codebase. All other usage appears to be correct, although often not obviously so. This commit refactors things to make it much clearer for these other uses. Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Continue standardising malloc style for libcryptoMatt Caswell2015-11-091-0/+2
| | | | | | | Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* More secure storage of key material.Rich Salz2015-06-231-1/+1
| | | | | | | | | Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Identify and move common internal libcrypto header filesRichard Levitte2015-05-141-1/+1
| | | | | | | | | | | | | There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
* free NULL cleanup 7Rich Salz2015-04-301-8/+5
| | | | | | | | | | | This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-195/+177
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Implement internally opaque bn access from dhMatt Caswell2014-12-081-7/+11
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* remove OPENSSL_FIPSAPIDr. Stephen Henson2014-12-081-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove FIPS module code from crypto/dhDr. Stephen Henson2014-12-081-26/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Add flags for DH FIPS method.Dr. Stephen Henson2011-06-081-1/+1
| | | | Update/fix prototypes in fips.h
* Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined inDr. Stephen Henson2011-05-111-2/+2
| | | | the FIPS capable OpenSSL.
* Return errors instead of aborting when selftest fails.Dr. Stephen Henson2011-04-221-1/+5
|
* DH keys have an (until now) unused 'q' parameter. When creatingDr. Stephen Henson2011-04-071-2/+15
| | | | | from DSA copy q across and if q present generate DH key in the correct range.
* New SP 800-56A compliant version of DH_compute_key().Dr. Stephen Henson2011-03-081-0/+15
|
* Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source filesDr. Stephen Henson2011-02-031-0/+2
| | | | that use it.
* FIPS DH changes: selftest checks and key range checks.Dr. Stephen Henson2011-01-261-0/+22
|
* Change to mitigate branch prediction attacksBodo Möller2007-03-281-2/+2
| | | | | Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
* Initialise ctx to NULL to avoid uninitialized free, noticed byMark J. Cox2006-09-291-1/+1
| | | | Steve Kiernan
* Introduce limits to prevent malicious keys being able toBodo Möller2006-09-281-0/+6
| | | | | cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller]
* fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()Nils Larsch2006-03-131-2/+5
|
* Make D-H safer, include well-known primes.Ben Laurie2005-08-211-0/+7
|
* Use BN_with_flags() in a cleaner way.Bodo Möller2005-05-271-0/+1
|
* Implement fixed-window exponentiation to mitigate hyper-threadingBodo Möller2005-05-161-3/+24
| | | | | | | | | | | | timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
* Pointer to BN_MONT_CTX could be used uninitialized.Andy Polyakov2005-04-281-2/+2
|
* Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove severalDr. Stephen Henson2005-04-271-5/+3
| | | | casts.
* Port BN_MONT_CTX_set_locked() from stable branch.Dr. Stephen Henson2005-04-261-10/+14
| | | | | The function rsa_eay_mont_helper() has been removed because it is no longer needed after this change.
* Fix various incorrect error function codes.Bodo Möller2005-04-261-3/+3
| | | | ("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
* We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in formRichard Levitte2003-04-081-3/+0
| | | | of unneeded includes of openssl/engine.h.
* Add the possibility to build without the ENGINE framework.Richard Levitte2003-01-301-0/+2
| | | | PR: 287
* As with RSA, which was modified recently, this change makes it possible toGeoff Thorpe2003-01-151-0/+1
| | | | | | override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method.
* This commits changes to various parts of libcrypto required by the recentGeoff Thorpe2001-09-251-6/+5
| | | | | | | | | | | ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Also, remove the ENGINE iterations from evp_test - even when the cipher/digest code is committed in, this functionality would require a different set of API calls.
* length of secret exponent is needed only when we create oneBodo Möller2001-07-271-2/+1
|
* Undo DH_generate_key() change: s3_srvr.c was using it correctlyBodo Möller2001-07-271-1/+6
|
* DH key generation should not use a do ... while loop,Bodo Möller2001-07-251-7/+3
| | | | or bogus DH parameters can be used for launching DOS attacks
* Don't preserve existing keys in DH_generate_key.Bodo Möller2001-07-251-6/+10
|
* Hide BN_CTX structure details.Bodo Möller2001-03-081-13/+15
| | | | Incease the number of BIGNUMs in a BN_CTX.
* make it a loop as in dsaUlf Möller2001-02-201-1/+3
|
* Use BN_rand_range().Ulf Möller2001-02-201-8/+1
|
* Constify DH-related code.Richard Levitte2000-11-071-6/+8
|
* Merge the engine branch into the main trunk. All conflicts resolved.Richard Levitte2000-10-261-5/+8
| | | | At the same time, add VMS support for Rijndael.
* Speed up DH with small generator.Bodo Möller2000-06-071-7/+14
|
* New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to accessUlf Möller2000-02-051-1/+3
| | | | | temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but the BN_CTX implementation could now easily be changed.
* Initial support for DH_METHOD. Also added a DH lock. A few changes made toDr. Stephen Henson1999-08-231-3/+58
| | | | DSA_METHOD to make it more consistent with RSA_METHOD.
* Change #include filenames from <foo.h> to <openssl.h>.Bodo Möller1999-04-231-3/+3
| | | | | | Submitted by: Reviewed by: PR:
* Change functions to ANSI C.Ulf Möller1999-04-191-6/+2
|
* Import of old SSLeay release: SSLeay 0.9.1b (unreleased)Ralf S. Engelschall1998-12-211-11/+27
|
* Import of old SSLeay release: SSLeay 0.9.0bRalf S. Engelschall1998-12-211-1/+1
|
* Import of old SSLeay release: SSLeay 0.8.1bRalf S. Engelschall1998-12-211-0/+142
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 23:36:10 +0000