- 28 9月, 2019 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9681)
-
- 28 5月, 2019 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9034)
-
- 19 3月, 2019 1 次提交
-
-
由 Shane Lontis 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8518) (cherry picked from commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c)
-
- 14 11月, 2018 1 次提交
-
-
由 Vitezslav Cizek 提交于
dsa_builtin_paramgen2 expects the L parameter to be greater than N, otherwise the generation will get stuck in an infinite loop. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (cherry picked from commit 3afd38b277a806b901e039c6ad281c5e5c97ef67) (Merged from https://github.com/openssl/openssl/pull/7493)
-
- 17 4月, 2018 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5990)
-
- 05 4月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
There are two undocumented DSA parameter generation options available in the genpkey command line app: dsa_paramgen_md and dsa_paramgen_q_bits. These can also be accessed via the EVP API but only by using EVP_PKEY_CTX_ctrl() or EVP_PKEY_CTX_ctrl_str() directly. There are no helper macros for these options. dsa_paramgen_q_bits sets the length of q in bits (default 160 bits). dsa_paramgen_md sets the digest that is used during the parameter generation (default SHA1). In particular the output length of the digest used must be equal to or greater than the number of bits in q because of this code: if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) goto err; if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) goto err; for (i = 0; i < qsize; i++) md[i] ^= buf2[i]; /* step 3 */ md[0] |= 0x80; md[qsize - 1] |= 0x01; if (!BN_bin2bn(md, qsize, q)) goto err; qsize here is the number of bits in q and evpmd is the digest set via dsa_paramgen_md. md and buf2 are buffers of length SHA256_DIGEST_LENGTH. buf2 has been filled with qsize bits of random seed data, and md is uninitialised. If the output size of evpmd is less than qsize then the line "md[i] ^= buf2[i]" will be xoring an uninitialised value and the random seed data together to form the least significant bits of q (and not using the output of the digest at all for those bits) - which is probably not what was intended. The same seed is then used as an input to generating p. If the uninitialised data is actually all zeros (as seems quite likely) then the least significant bits of q will exactly match the least significant bits of the seed. This problem only occurs if you use these undocumented and difficult to find options and you set the size of q to be greater than the message digest output size. This is for parameter generation only not key generation. This scenario is considered highly unlikely and therefore the security risk of this is considered negligible. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800)
-
- 14 6月, 2017 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3675)
-
- 14 11月, 2016 1 次提交
-
-
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was then ignored. Now DSA_generate_parameters_ex() returns an error in such a case but no error string. Signed-off-by: NSebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1657)
-
- 21 9月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
We should check the last BN_CTX_get() call to ensure that it isn't NULL before we try and use any of the allocated BIGNUMs. Issue reported by Shi Lei. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Calls to BN_CTX_get() can fail so we should check that they were successful. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 21 3月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 06 2月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 08 12月, 2015 2 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 24 10月, 2015 2 次提交
-
-
由 Alessandro Ghedini 提交于
RT#4081 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Alessandro Ghedini 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 10月, 2015 1 次提交
-
-
由 Pascal Cuoq 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> MR #1231
-
- 01 9月, 2015 1 次提交
-
-
由 Ben Kaduk 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 28 8月, 2015 1 次提交
-
-
由 Ismo Puustinen 提交于
If the seed value for dsa key generation is too short (< qsize), return an error. Also update the documentation. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 14 5月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 5月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling OPENSSL_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 25 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 08 12月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 26 11月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 25 11月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 16 10月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 15 9月, 2011 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 27 8月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 26 8月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Modify fips_dssvs to support appropriate file format.
-
- 11 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
the FIPS capable OpenSSL.
-
- 24 4月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-