aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/dsa
Commit message (Collapse)AuthorAgeFilesLines
* Further BUILDENV refinement, further fool-proofing of Makefiles andAndy Polyakov2005-05-161-2/+1
| | | | | [most importantly] put back dependencies accidentaly eliminated in check-in #13342.
* Implement fixed-window exponentiation to mitigate hyper-threadingBodo Möller2005-05-164-1/+34
| | | | | | | | | | | | timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
* Fool-proofing MakefilesAndy Polyakov2005-05-151-4/+1
|
* improve comment readabilityBodo Möller2005-05-091-1/+1
|
* Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove severalDr. Stephen Henson2005-04-272-6/+5
| | | | casts.
* Port BN_MONT_CTX_set_locked() from stable branch.Dr. Stephen Henson2005-04-261-9/+12
| | | | | The function rsa_eay_mont_helper() has been removed because it is no longer needed after this change.
* Add debug target, remove cast, note possible bug.Ben Laurie2005-04-231-0/+2
|
* - use BN_set_negative and BN_is_negative instead of BN_set_signNils Larsch2005-04-221-2/+2
| | | | | | and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)"
* Rebuild error codes.Dr. Stephen Henson2005-04-121-20/+23
|
* Add emacs cache files to .cvsignore.Richard Levitte2005-04-111-0/+2
|
* Give everything prototypes (well, everything that's actually used).Ben Laurie2005-03-311-6/+3
|
* Blow away Makefile.ssl.Ben Laurie2005-03-301-4/+3
|
* when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macroNils Larsch2005-03-281-1/+1
| | | | which cannot be evaluated in an if statement
* Remaing bits of PR:620 relevant to 0.9.8.Dr. Stephen Henson2004-12-051-17/+23
|
* Don't use $(EXHEADER) directly in for loops, as most shells will breakRichard Levitte2004-11-021-1/+1
| | | | | | if $(EXHEADER) is empty. Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
* After the latest round of header-hacking, regenerate the dependencies inGeoff Thorpe2004-05-171-11/+11
| | | | | the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read.
* Deprecate the recursive includes of bn.h from various API headers (asn1.h,Geoff Thorpe2004-05-171-1/+1
| | | | | | dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are already declared in ossl_typ.h. Add explicit includes for bn.h in those C files that need access to structure internals or API functions+macros.
* The new BN_CTX code makes this sort of abuse unnecessary.Geoff Thorpe2004-04-281-19/+15
|
* make updateGeoff Thorpe2004-04-191-56/+44
|
* (oops) Apologies all, that last header-cleanup commit was from the wrongGeoff Thorpe2004-04-192-0/+4
| | | | | tree. This further reduces header interdependencies, and makes some associated cleanups.
* Reduce header interdependencies, initially in engine.h (the rest of theGeoff Thorpe2004-04-191-3/+6
| | | | | | | | | changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.
* Use sh explicitely to run point.shRichard Levitte2003-12-271-1/+1
| | | | This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
* Netware-specific changes,Richard Levitte2003-11-281-0/+3
| | | | | | PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte
* Update any code that was using deprecated functions so that everything buildsGeoff Thorpe2003-10-291-12/+11
| | | | and links with OPENSSL_NO_DEPRECATED defined.
* When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or shouldGeoff Thorpe2003-10-291-0/+4
| | | | | | be) precompiled out in the API headers. This change is to ensure that if it is defined when compiling openssl, the deprecated functions aren't implemented either.
* make updateRichard Levitte2003-05-011-3/+7
|
* make updateRichard Levitte2003-04-101-17/+8
|
* We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in formRichard Levitte2003-04-084-13/+0
| | | | of unneeded includes of openssl/engine.h.
* Correct a lot of printing calls. Remove extra arguments...Richard Levitte2003-04-031-1/+1
|
* Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA.Richard Levitte2003-03-204-1/+6
|
* Make sure we get the definition of OPENSSL_NO_ERR.Richard Levitte2003-03-201-0/+1
|
* The default implementation of DSA_METHOD has an interdependence on theGeoff Thorpe2003-03-111-45/+42
| | | | | | | | | | | | | | | | | dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and dsa_sign_setup(). When another DSA_METHOD implementation does not define these lower-level handlers, it becomes impossible to do a fallback to software on errors using a simple DSA_OpenSSL()->fn(key). This change allows the default DSA_METHOD to function in such circumstances by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist, otherwise using BIGNUM implementations directly (which is what those handlers did before this change). There should be no noticable difference for the software case, or indeed any custom case that didn't already segfault, except perhaps that there is now one less level of indirection in all cases. PR: 507
* more mingw related cleanups.Ulf Möller2003-02-221-3/+0
|
* The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That'sRichard Levitte2003-01-301-2/+0
| | | | | | bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all the header files where the problem existed include ossl_typ.h, which makes a 'forward declaration' of the ENGINE type.
* Add the possibility to build without the ENGINE framework.Richard Levitte2003-01-306-0/+20
| | | | PR: 287
* Fix initialization sequence to prevent freeing of unitialized objects.Lutz Jänicke2003-01-151-4/+9
| | | | | | Submitted by: Nils Larsch <nla@trustcenter.de> PR: 459
* As with RSA, which was modified recently, this change makes it possible toGeoff Thorpe2003-01-154-0/+33
| | | | | | override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method.
* Adjust the parameter lists in some not commonly used files.Richard Levitte2003-01-011-1/+1
| | | | PR: 428
* make updateRichard Levitte2002-12-291-35/+18
|
* make updateRichard Levitte2002-12-091-0/+21
|
* Nils Larsch submitted;Geoff Thorpe2002-12-081-3/+1
| | | | | | | | - a patch to fix a memory leak in rsa_gen.c - a note about compiler warnings with unions - a note about improving structure element names This applies his patch and implements a solution to the notes.
* This is a first-cut at improving the callback mechanisms used inGeoff Thorpe2002-12-085-23/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | key-generation and prime-checking functions. Rather than explicitly passing callback functions and caller-defined context data for the callbacks, a new structure BN_GENCB is defined that encapsulates this; a pointer to the structure is passed to all such functions instead. This wrapper structure allows the encapsulation of "old" and "new" style callbacks - "new" callbacks return a boolean result on the understanding that returning FALSE should terminate keygen/primality processing. The BN_GENCB abstraction will allow future callback modifications without needing to break binary compatibility nor change the API function prototypes. The new API functions have been given names ending in "_ex" and the old functions are implemented as wrappers to the new ones. The OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined, declaration of the older functions will be skipped. NB: Some openssl-internal code will stick with the older callbacks for now, so appropriate "#undef" logic will be put in place - this is in case the user is *building* openssl (rather than *including* its headers) with this symbol defined. There is another change in the new _ex functions; the key-generation functions do not return key structures but operate on structures passed by the caller, the return value is a boolean. This will allow for a smoother transition to having key-generation as "virtual function" in the various ***_METHOD tables.
* Some compilers are quite picky about non-void functions that don't returnRichard Levitte2002-12-061-0/+1
| | | | anything.
* EXIT() needs to be in a function that returns int.Richard Levitte2002-12-011-1/+6
|
* Remove incorrect assert.Richard Levitte2002-11-291-2/+4
| | | | PR: 360
* Have all tests use EXIT() to exit rather than exit(), since the latter doesn'tRichard Levitte2002-11-281-2/+5
| | | | always give the expected result on some platforms.
* Security fixes brought forward from 0.9.7.Ben Laurie2002-11-131-0/+1
|
* implement and use new macros BN_get_sign(), BN_set_sign()Bodo Möller2002-11-041-2/+4
| | | | Submitted by: Nils Larsch
* Use double dashes so makedepend doesn't misunderstand the flags weRichard Levitte2002-10-091-1/+1
| | | | | | | give it. For 0.9.7 and up, that means util/domd needs to remove those double dashes from the argument list when gcc is used to find the dependencies.
* make updateBodo Möller2002-08-091-21/+22
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 14:52:32 +0000