Mark J. Cox
b79aa05e3b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:58:03 +00:00
Ben Laurie
777c47acbe
Make things static that should be. Declare stuff in headers that should be.
...
Fix warnings.
2006-08-28 17:01:04 +00:00
Dr. Stephen Henson
786aa98da1
Use correct pointer types for various functions.
2006-07-20 16:56:47 +00:00
Dr. Stephen Henson
5c95c2ac23
Fix various error codes to match functions.
2006-07-17 16:33:31 +00:00
Dr. Stephen Henson
b7683e3a5d
Allow digests to supply S/MIME micalg values from a ctrl.
...
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Bodo Möller
48fc582f66
New functions CRYPTO_set_idptr_callback(),
...
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
675f605d44
Thread-safety fixes
2006-06-14 08:55:23 +00:00
Richard Levitte
0cfc80c4c3
rslen is unsigned, so it can never go below 0.
2006-05-28 19:36:29 +00:00
Dr. Stephen Henson
8bdcef40e4
New function to dup EVP_PKEY_CTX. This will be needed to make new signing
...
functions and EVP_MD_CTX_copy work properly.
2006-05-24 23:49:30 +00:00
Dr. Stephen Henson
eaff5a1412
Use size_t for new crypto size parameters.
2006-05-24 12:33:46 +00:00
Dr. Stephen Henson
7f57b076a6
New functions to get key types without dereferncing EVP_PKEY.
...
More error checking for RSA pmeth.
2006-05-11 21:33:00 +00:00
Dr. Stephen Henson
399a6f0bd1
Update PKCS#7 enveloped data to new API.
2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9
Add support for default public key digest type ctrl.
2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
a78568b7e9
Replace RSA specific PKCS7_RECIP_INFO set up with an public key algorithm
...
ctrl.
2006-04-27 18:20:34 +00:00
Dr. Stephen Henson
ee1d9ec019
Remove link between digests and signature algorithms.
...
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
492a9e2415
Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
c20276e4ae
Fix (most) WIN32 warnings and errors.
2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
b010b7c434
Use more flexible method of determining output length, by setting &outlen
...
value of the passed output buffer is NULL.
The old method of using EVP_PKEY_size(pkey) isn't flexible enough to cover all
cases where the output length may depend on the operation or the parameters
associated with it.
2006-04-15 18:50:56 +00:00
Dr. Stephen Henson
09b88a4a55
Update copyright notices on a few files where all original SSLeay code has
...
been deleted.
2006-04-14 17:36:18 +00:00
Dr. Stephen Henson
d87e615209
Add key derivation support.
2006-04-13 12:56:41 +00:00
Dr. Stephen Henson
c927df3fa1
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
2006-04-12 10:20:47 +00:00
Dr. Stephen Henson
54d853ebc3
Add support for setting keybits and public exponent value for pkey RSA keygen.
2006-04-11 17:28:37 +00:00
Dr. Stephen Henson
f5cda4cbb1
Initial keygen support.
2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
f9a6348a53
ctrls to set PSS salt length.
2006-04-10 12:55:04 +00:00
Dr. Stephen Henson
a7ffd9d19c
Preliminary PSS support.
2006-04-10 12:41:21 +00:00
Dr. Stephen Henson
29db322e8f
Beginnings of PSS support.
2006-04-10 11:48:35 +00:00
Dr. Stephen Henson
716630c0eb
Change operation values so they can be used as a mask.
...
Fix rsa_pkey_method.
2006-04-10 11:16:11 +00:00
Dr. Stephen Henson
4f59b6587f
Implementation of pkey_rsa_verify. Some constification.
2006-04-10 01:06:17 +00:00
Dr. Stephen Henson
75d44c0452
Store digests as EVP_MD instead of a NID.
...
Add digest size sanity checks.
2006-04-09 21:24:48 +00:00
Dr. Stephen Henson
a58a636838
Constification.
2006-04-09 20:53:19 +00:00
Dr. Stephen Henson
9fdab72dd7
Bugfix X9.31 padding.
2006-04-09 20:44:00 +00:00
Dr. Stephen Henson
b2a97be7f4
Support for digest signing and X931 in rsa_pkey_meth.
2006-04-09 19:17:25 +00:00
Dr. Stephen Henson
6471c9f478
Add checking to padding ctrl.
2006-04-09 12:53:55 +00:00
Dr. Stephen Henson
4a3dc3c0e3
Add RSA ctrl for padding mode, add ctrl support in pkeyutl.
2006-04-09 12:42:09 +00:00
Dr. Stephen Henson
8cd44e3630
Implement encrypt/decrypt using RSA.
2006-04-08 13:02:04 +00:00
Dr. Stephen Henson
07e970c7e6
Initial functions for RSA EVP_PKEY_METHOD.
...
Update dependencies.
2006-04-08 00:15:07 +00:00
Dr. Stephen Henson
0b6f3c66cd
Initial definitions and a few functions for EVP_PKEY_METHOD: an extension
...
of the EVP routines to public key algorithms.
2006-04-06 13:02:06 +00:00
Dr. Stephen Henson
e42633140e
Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.
2006-03-23 18:02:23 +00:00
Dr. Stephen Henson
d82e2718e2
Add information and pem strings. Update dependencies.
2006-03-23 11:54:51 +00:00
Dr. Stephen Henson
18e377b4ff
Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to
...
initialize it. Initial support for application added public key ASN1.
2006-03-22 17:59:49 +00:00
Dr. Stephen Henson
1b593194be
Move algorithm specific print code from crypto/asn1/t_pkey.c to separate
...
*_prn.c files in each algorithm directory.
2006-03-22 13:34:19 +00:00
Dr. Stephen Henson
35208f368c
Gather printing routines into EVP_PKEY_ASN1_METHOD.
2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
6f81892e6b
Transfer parameter handling and key comparison to algorithm methods.
2006-03-20 17:56:05 +00:00
Dr. Stephen Henson
448be74335
Initial support for pluggable public key ASN1 support. Process most public
...
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Nils Larsch
47d5566646
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
2006-03-13 23:14:57 +00:00
Dr. Stephen Henson
15ac971681
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Bodo Möller
739a543ea8
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
2006-01-08 19:42:30 +00:00
Nils Larsch
ce75ca04b1
protect BN_BLINDING_invert with a write lock and BN_BLINDING_convert
...
with a read lock
Submitted by: Leandro Santi <lesanti@fiuba7504.com.ar>
2005-09-22 23:37:37 +00:00
Dr. Stephen Henson
244847591f
Extend callback function to support print customization.
2005-09-01 20:42:52 +00:00
Nils Larsch
8215e7a938
fix warnings when building openssl with the following compiler options:
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Andy Polyakov
0491e05833
Final(?) WinCE update.
2005-08-07 22:21:49 +00:00
Dr. Stephen Henson
a78c0632ed
Fix for padding X9.31 padding check and zero padding bytes.
2005-06-06 22:39:43 +00:00
Andy Polyakov
c7aaf3918d
Fix inconsistensy between 8 and HEAD.
2005-06-02 18:28:27 +00:00
Andy Polyakov
d51204f1b1
PSS update [from 0.9.7].
2005-06-02 18:25:36 +00:00
Nils Larsch
b3f6325988
check return value
2005-06-01 22:35:01 +00:00
Dr. Stephen Henson
3129acbd83
Update from 0.9.7-stable.
2005-06-01 22:14:04 +00:00
Nils Larsch
63d740752f
changes from 0.9.8
2005-05-31 18:22:53 +00:00
Dr. Stephen Henson
ffd1df0579
Update from stable branch.
2005-05-30 00:29:16 +00:00
Dr. Stephen Henson
429168e7ee
Add pss/x931 files.
2005-05-28 20:44:37 +00:00
Dr. Stephen Henson
499fca2db3
Update from 0.9.7-stable. Also repatch and rebuild error codes.
2005-05-28 20:44:02 +00:00
Bodo Möller
a28a5d9c62
Use BN_with_flags() in a cleaner way.
2005-05-27 15:38:53 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Bodo Möller
8afca8d9c6
Fix more error codes.
...
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
2005-05-11 03:45:39 +00:00
Dr. Stephen Henson
6ec8e63af6
Port BN_MONT_CTX_set_locked() from stable branch.
...
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
2005-04-26 23:58:54 +00:00
Nils Larsch
800e400de5
some updates for the blinding code; summary:
...
- possibility of re-creation of the blinding parameters after a
fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
are present (see bug report #785 )
- improve the performance when if one rsa structure is shared by
more than a thread (see bug report #555 )
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
2005-04-26 22:31:48 +00:00
Dr. Stephen Henson
667aef4c6a
Port from stable branch.
2005-04-26 22:07:17 +00:00
Nils Larsch
ff22e913a3
- use BN_set_negative and BN_is_negative instead of BN_set_sign
...
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Dr. Stephen Henson
a0e7c8eede
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:03:15 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Geoff Thorpe
280eb33b59
Remove distracting comments and code. Thanks to Nils for picking up on the
...
outstanding ticket.
PR: 926
2004-09-19 04:55:15 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
0f814687b9
Deprecate the recursive includes of bn.h from various API headers (asn1.h,
...
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
2004-05-17 19:14:22 +00:00
Geoff Thorpe
081991ac01
With the new dynamic BN_CTX implementation, there should be no need for
...
additional contexts.
2004-04-27 13:24:51 +00:00
Geoff Thorpe
8a85c341fe
The problem of rsa key-generation getting stuck in a loop for (pointlessly)
...
small key sizes seems to result from the code continually regenerating the
same prime value once the range is small enough. From my tests, this change
fixes the problem by setting an escape velocity of 3 repeats for the second
of the two primes.
PR: 874
2004-04-26 15:38:44 +00:00
Geoff Thorpe
bcfea9fb25
Allow RSA key-generation to specify an arbitrary public exponent. Jelte
...
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.
PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
2004-04-26 15:31:35 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Geoff Thorpe
3a87a9b9db
Reduce header interdependencies, initially in engine.h (the rest of the
...
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
2004-04-19 17:46:04 +00:00
Geoff Thorpe
46ef873f0b
By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key
...
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.
This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
2004-03-25 02:52:04 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
fd836aeee0
Make sure that the last argument to RAND_add() is a float, or some
...
compilers may complain.
2004-03-15 22:37:08 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Richard Levitte
4d8743f490
Netware-specific changes,
...
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Geoff Thorpe
9d473aa2e4
When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should
...
be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.
2003-10-29 04:06:50 +00:00
Richard Levitte
816d785721
DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function
...
called downstream that need it to be non-const. The fact that the RSA_METHOD
functions take the RSA* as a const doesn't matter, it just expresses that
*they* won't touch it.
PR: 602
2003-05-07 11:38:10 +00:00
Richard Levitte
3b30121bd9
Constify RSA_sign() and RSA_verify().
...
PR: 602
2003-05-05 13:55:18 +00:00
Richard Levitte
d1465bac90
make update
2003-05-01 04:10:32 +00:00
Richard Levitte
040c687ce4
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
...
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
2003-04-16 06:25:21 +00:00
Richard Levitte
cd1226bc6a
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
2003-04-15 13:01:37 +00:00
Richard Levitte
1a0c1f9052
make update
2003-04-10 20:11:09 +00:00
Richard Levitte
721688c2f8
Include rand.h, so RAND_status() and friends get properly declared.
2003-04-08 11:07:05 +00:00
Richard Levitte
0b55368306
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in
...
form of unneeded direct calls through the engine pointer..
2003-04-08 06:01:55 +00:00