aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/rsa/rsa_eay.c
Commit message (Collapse)AuthorAgeFilesLines
* Rename RSA_eay_xxx to rsa_ossl_xxxRich Salz2015-11-171-922/+0
| | | | | | Final part of flushing out SSLEay API's. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Continue standardising malloc style for libcryptoMatt Caswell2015-11-091-10/+11
| | | | | | | Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Replace "SSLeay" in API with OpenSSLRich Salz2015-10-301-1/+1
| | | | | | | All instances of SSLeay (any combination of case) were replaced with the case-equivalent OpenSSL. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move BN_CTX_start() call so the error case can always call BN_CTX_end().Pascal Cuoq2015-10-071-1/+2
| | | | | | Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR #1231
* Identify and move common internal libcrypto header filesRichard Levitte2015-05-141-1/+1
| | | | | | | | | | | | | There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
* free NULL cleanup 7Rich Salz2015-04-301-50/+27
| | | | | | | | | | | This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: Richard Levitte <levitte@openssl.org>
* free cleanup almost the finaleRich Salz2015-04-301-16/+4
| | | | | | | | | | Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: Richard Levitte <levitte@openssl.org>
* OPENSSL_NO_xxx cleanup: SHARich Salz2015-01-271-4/+0
| | | | | | | | | | | | | | | Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Rerun util/openssl-format-source -v -c .master-post-auto-reformatMatt Caswell2015-01-221-3/+2
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* Run util/openssl-format-source -v -c .Matt Caswell2015-01-221-819/+813
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* indent has problems with comments that are on the right hand side of a line.Matt Caswell2015-01-221-5/+6
| | | | | | | Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Implement internally opaque bn access from rsaMatt Caswell2014-12-081-28/+77
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* remove OPENSSL_FIPSAPIDr. Stephen Henson2014-12-081-1/+1
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* remove FIPS module code from crypto/rsaDr. Stephen Henson2014-12-081-70/+0
| | | | Reviewed-by: Tim Hudson <tjh@openssl.org>
* RT2163: Remove some unneeded #include'sDoug Goldstein2014-08-181-1/+0
| | | | | | | Several files #include stdio.h and don't need it. Also, per tjh, remove BN_COUNT Reviewed-by: Emilia Kasper <emilia@openssl.org>
* Return smaller of ret and f.Alan Hryngle2014-07-051-1/+1
| | | | PR#3418.
* BN_BLINDING multi-threading fix.Bodo Möller2011-10-191-29/+51
| | | | Submitted by: Emilia Kasper (Google)
* Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined inDr. Stephen Henson2011-05-111-4/+4
| | | | the FIPS capable OpenSSL.
* Make sure overrides work for RSA/DSA.Dr. Stephen Henson2011-04-231-4/+8
|
* Return errors instead of aborting when selftest fails.Dr. Stephen Henson2011-04-221-1/+5
|
* Fix error codes.Bodo Möller2011-02-031-11/+11
|
* Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just referDr. Stephen Henson2011-01-271-1/+1
| | | | | | | | to EVP any more. Move locking #define into fips.h. Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
* use FIPSEVP in some bn and rsa filesDr. Stephen Henson2011-01-271-0/+2
|
* FIPS mode RSA changes:Dr. Stephen Henson2011-01-261-1/+63
| | | | | | | | | | Check for selftest failures. Pairwise consistency test for RSA key generation. Use some EVP macros instead of EVP functions. Use minimal FIPS EVP where needed.
* PR: 2295Dr. Stephen Henson2010-10-111-1/+1
| | | | | | | | Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.
* Really get rid of unsafe double-checked locking.Bodo Möller2008-09-141-17/+22
| | | | Also, "CHANGES" clean-ups.
* Remove the dual-callback scheme for numeric and pointer thread IDs,Geoff Thorpe2008-08-061-1/+3
| | | | | | | | | deprecate the original (numeric-only) scheme, and replace with the CRYPTO_THREADID object. This hides the platform-specifics and should reduce the possibility for programming errors (where failing to explicitly check both thread ID forms could create subtle, platform-specific bugs). Thanks to Bodo, for invaluable review and feedback.
* Revert my earlier CRYPTO_THREADID commit, I will commit a reworkedGeoff Thorpe2008-07-031-3/+1
| | | | version some time soon.
* There was a need to support thread ID types that couldn't be reliably castGeoff Thorpe2008-03-281-1/+3
| | | | | | | | | | | | | | to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed version was added but it required portable code to check *both* modes to determine equality. This commit maintains the availability of both thread ID types, but deprecates the type-specific accessor APIs that invoke the callbacks - instead a single type-independent API is used. This simplifies software that calls into this interface, and should also make it less error-prone - as forgetting to call and compare *both* thread ID accessors could have led to hard-to-debug/infrequent bugs (that might only affect certain platforms or thread implementations). As the CHANGES note says, there were corresponding deprecations and replacements in the thread-related functions for BN_BLINDING and ERR too.
* fix BIGNUM flag handlingBodo Möller2008-02-271-35/+37
|
* Change to mitigate branch prediction attacksBodo Möller2007-03-281-15/+72
| | | | | Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
* Introduce limits to prevent malicious keys being able toBodo Möller2006-09-281-0/+44
| | | | | cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller]
* Remove non-functional part of recent patch, after discussion withBodo Möller2006-09-061-9/+0
| | | | | Colin Percival (this would have caused more problems than solved, and isn't really necessary anyway)
* Avoid PKCS #1 v1.5 signature attack discovered by Daniel BleichenbacherMark J. Cox2006-09-051-0/+9
| | | | | | | (CVE-2006-4339) Submitted by: Ben Laurie, Google Security Team Reviewed by: bmoeller, mjc, shenson
* New functions CRYPTO_set_idptr_callback(),Bodo Möller2006-06-231-1/+1
| | | | | | CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type thread ID, since the 'unsigned long' type of the existing thread ID does not always work well.
* Thread-safety fixesBodo Möller2006-06-141-17/+40
|
* protect BN_BLINDING_invert with a write lock and BN_BLINDING_convertNils Larsch2005-09-221-4/+4
| | | | | | with a read lock Submitted by: Leandro Santi <lesanti@fiuba7504.com.ar>
* Update from 0.9.7-stable. Also repatch and rebuild error codes.Dr. Stephen Henson2005-05-281-3/+23
|
* Use BN_with_flags() in a cleaner way.Bodo Möller2005-05-271-0/+1
|
* Implement fixed-window exponentiation to mitigate hyper-threadingBodo Möller2005-05-161-9/+118
| | | | | | | | | | | | timing attacks. BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for RSA/DSA/DH private key computations unless RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/ DH_FLAG_NO_EXP_CONSTTIME is set. Submitted by: Matthew D Wood Reviewed by: Bodo Moeller
* Fix more error codes.Bodo Möller2005-05-111-1/+1
| | | | | (Also improve util/ck_errf.pl script, and occasionally fix source code formatting.)
* Port BN_MONT_CTX_set_locked() from stable branch.Dr. Stephen Henson2005-04-261-29/+2
| | | | | The function rsa_eay_mont_helper() has been removed because it is no longer needed after this change.
* some updates for the blinding code; summary:Nils Larsch2005-04-261-102/+76
| | | | | | | | | | | - possibility of re-creation of the blinding parameters after a fixed number of uses (suggested by Bodo) - calculatition of the rsa::e in case it's absent and p and q are present (see bug report #785) - improve the performance when if one rsa structure is shared by more than a thread (see bug report #555) - fix the problem described in bug report #827 - hide the definition ot the BN_BLINDING structure in bn_blind.c
* - use BN_set_negative and BN_is_negative instead of BN_set_signNils Larsch2005-04-221-3/+3
| | | | | | and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)"
* By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private keyGeoff Thorpe2004-03-251-88/+93
| | | | | | | | | | | operations no longer require two distinct BN_CTX structures. This may put more "strain" on the current BN_CTX implementation (which has a fixed limit to the number of variables it will hold), but so far this limit is not triggered by any of the tests pass and I will be changing BN_CTX in the near future to avoid this problem anyway. This also changes the default RSA implementation code to use the BN_CTX in favour of initialising some of its variables locally in each function.
* Make sure that the last argument to RAND_add() is a float, or someRichard Levitte2004-03-151-1/+1
| | | | compilers may complain.
* Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()Richard Levitte2003-04-151-0/+2
|
* We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in formRichard Levitte2003-04-081-3/+0
| | | | of unneeded includes of openssl/engine.h.
* make RSA blinding thread-safeBodo Möller2003-04-021-8/+106
|
* make sure RSA blinding works when the PRNG is not properly seeded;Bodo Möller2003-03-201-8/+27
| | | | enable it automatically for the built-in engine
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-30 12:24:16 +0000